ready for testing

0be2638c · Michał 'rysiek' Woźniak · 519103f0 · 0be2638c · 0be2638c · 0be2638c
Commit 0be2638c authored Apr 22, 2016 by Michał 'rysiek' Woźniak
Show whitespace changes
Inline Side-by-side

Showing with 128 additions and 17 deletions

Dockerfile Dockerfile +7 -9

README.md README.md +38 -0

entrypoint.sh entrypoint.sh +83 -8

No files found.
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,19 +10,17 @@ RUN apt-get update && apt-get install -y \
    git-core \
    --no-install-recommends && rm -rf /var/lib/apt/lists/*
    
-# get and install schleuder-conf
-RUN git clone https://git.codecoop.org/schleuder/schleuder-conf.git /opt/schleuder-conf && \
-    cd /opt/schleuder-conf && \
-    bundle install --without development
-    
 RUN git clone https://git.codecoop.org/schleuder/webschleuder3.git /opt/webschleuder3 && \
-    cd /opt/schleuder-conf && \
    cd /opt/webschleuder3 && \
    bin/setup
-#    && cp -R /webschleuder/config /webschleuder/config.tmpl
    
-COPY webschleuder.yml /opt/webschleuder3/config/webschleuder.yml
+# remove the default config files
+RUN rm /opt/webschleuder3/config/webschleuder.yml /opt/webschleuder3/config/secrets.yml /opt/webschleuder3/config/database.yml
+
+COPY entrypoint.sh /sbin/entrypoint.sh
+RUN chmod a+x /sbin/entrypoint.sh

 WORKDIR /opt/webschleuder3 
 EXPOSE 3000
-CMD export SECRET_KEY_BASE="$( echo $RANDOM | sha256sum | sed -r -e 's/\s+-//' )$( echo $RANDOM | sha256sum | sed -r -e 's/\s+-//' )" && bundle exec rake db:setup RAILS_ENV=production && bundle exec rails server -b 0.0.0.0 -e production
\ No newline at end of file
+ENTRYPOINT ["/sbin/entrypoint.sh"]
+CMD ["bundle", "exec", "rails", "server", "-b", "$$WEBSCHLOCKER_BIND_ADDRESS", "-p", "$$WEBSCHLOCKER_BIND_PORT", "-e", "production"]
\ No newline at end of file
--- a/README.md
+++ b/README.md
@@ -21,6 +21,11 @@ This image requires a `schleuderd` running somewhere and accessible via `TCP/IP`

 The hostname `webschleuder3` will run under, used among others in confirmation links sent to users.

+ - `WEBSCHLOCKER_BIND_ADDRESS` (default: `0.0.0.0`)
+ - `WEBSCHLOCKER_BIND_PORT` (default: `3000`)
+ 
+Hostname (or IP address) and port to bind to.
+
 - `WEBSCHLOCKER_CONFIG_SCHLEUDERD_URI` (default: `http://localhost:4567/`)

 URI the `schleuderd` daemon can be reached at.
@@ -46,6 +51,39 @@ SMTP server address and port to be used when `WEBSCHLOCKER_CONFIG_DELIVERY_METHO
 
 How should the server cert be verified, if at all, when `WEBSCHLOCKER_CONFIG_DELIVERY_METHOD` is set to `smtp`. Currently not used at all.

+ - `WEBSCHLOCKER_SECRET_KEY_BASE` (default: generated random string)
+ 
+Secret used to verify encrypted cookies; can be changed at any time (change causes cookies to become invalid; users are then required to re-login).
+
+### Database settings
+
+Separate databases are used by `schleuder3` and `webschleuder3`; these settings should thus be different from the ones used for [`schlocker3`](https://git.occrp.org/libre/schlocker3/).
+
+ - `WEBSCHLOCKER_DB_ADAPTER` (default: `sqlite3`)
+
+Database adapter.
+ 
+ - `WEBSCHLOCKER_DB_DATABASE` (default: `/var/webschleuder/db.sqlite`)
+ 
+Database name (or database file path when using `sqlite3` adapter).
+ 
+ - `WEBSCHLOCKER_DB_ENCODING`
+
+Database encoding (not used for `sqlite3`).
+
+ - `WEBSCHLOCKER_DB_USERNAME`
+
+Database user (not used for `sqlite3`).
+
+ - `WEBSCHLOCKER_DB_PASSWORD`
+
+Database user password (not used for `sqlite3`).
+
+ - `WEBSCHLOCKER_DB_HOST`
+ 
+Database host (not used for `sqlite3`).
+
+
 ## TODO

 - handle more [`ActionMailer` config options](http://api.rubyonrails.org/classes/ActionMailer/Base.html)
\ No newline at end of file
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -17,6 +17,10 @@ function abort {
 [ -z ${WEBSCHLOCKER_USER+x} ]  && WEBSCHLOCKER_USER="webschlocker"
 [ -z ${WEBSCHLOCKER_GROUP+x} ] && WEBSCHLOCKER_GROUP="webschlocker"

+# bind IP and port
+[ -z ${WEBSCHLOCKER_BIND_ADDRESS+x} ] && WEBSCHLOCKER_BIND_ADDRESS="0.0.0.0"
+[ -z ${WEBSCHLOCKER_BIND_PORT+x} ] && WEBSCHLOCKER_BIND_PORT="3000"
+
 # webschleuder config
 [ -z ${WEBSCHLOCKER_CONFIG_HOSTNAME+x} ] && WEBSCHLOCKER_CONFIG_HOSTNAME=$( hostname )
 [ -z ${WEBSCHLOCKER_CONFIG_SCHLEUDERD_URI+x} ] && WEBSCHLOCKER_CONFIG_SCHLEUDERD_URI="http://localhost:4567/"
@@ -27,14 +31,28 @@ function abort {
 [ -z ${WEBSCHLOCKER_CONFIG_SMTP_PORT+x} ] && WEBSCHLOCKER_CONFIG_SMTP_PORT="25"
 [ -z ${WEBSCHLOCKER_CONFIG_OPENSSL_VERIFY_MODE+x} ] && WEBSCHLOCKER_CONFIG_OPENSSL_VERIFY_MODE="none"

+# db settings
+[ -z ${WEBSCHLOCKER_DB_ADAPTER+x} ]  && WEBSCHLOCKER_DB_ADAPTER="sqlite3"
+[ -z ${WEBSCHLOCKER_DB_DATABASE+x} ] && WEBSCHLOCKER_DB_DATABASE="/var/webschleuder/db.sqlite3"
+# these are unused by default, only useful with mysql/postgresql/etc
+[ -z ${WEBSCHLOCKER_DB_ENCODING+x} ] && WEBSCHLOCKER_DB_ENCODING=""
+[ -z ${WEBSCHLOCKER_DB_USERNAME+x} ] && WEBSCHLOCKER_DB_USERNAME=""
+[ -z ${WEBSCHLOCKER_DB_PASSWORD+x} ] && WEBSCHLOCKER_DB_PASSWORD=""
+[ -z ${WEBSCHLOCKER_DB_HOST+x} ]     && WEBSCHLOCKER_DB_HOST=""
+
 # secret key base
 [ -z ${WEBSCHLOCKER_SECRET_KEY_BASE+x} ] && WEBSCHLOCKER_SECRET_KEY_BASE="$( echo $RANDOM | sha256sum | sed -r -e 's/\s+-//' )$( echo $RANDOM | sha256sum | sed -r -e 's/\s+-//' )"

+# only internal use for the time being
+WEBSCHLOCKER_CONFIG_DIR="/opt/webschlocker3/config/"
+
 #
 # inform
 echo "+-- working with:"
 echo "    +-- WEBSCHLOCKER_USER         : $WEBSCHLOCKER_USER"
 echo "    +-- WEBSCHLOCKER_GROUP        : $WEBSCHLOCKER_GROUP"
+echo "    +-- WEBSCHLOCKER_BIND_ADDRESS : $WEBSCHLOCKER_BIND_ADDRESS"
+echo "    +-- WEBSCHLOCKER_BIND_PORT    : $WEBSCHLOCKER_BIND_PORT"

 #
 # root is not what we want as the user to run as
@@ -118,10 +136,16 @@ fi
 # config
 #

-# hopefully the unneeded settings will be ignored ;)
-# For delivery_method, sendmail_settings and smtp_settings see
-# <http://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration>.
-WEBSCHLOCKER_CONFIG="
+#
+# create the webschlocker config file, if it doesn't exist
+# see: https://git.codecoop.org/schleuder/webschleuder3/blob/master/config/webschleuder.yml
+if [ ! -e "$WEBSCHLOCKER_CONFIG_DIR/webschleuder.yml" ]; then
+    echo "+-- no config file found in '$WEBSCHLOCKER_CONFIG_DIR/webschleuder.yml', creating one..."
+    
+    # hopefully the unneeded settings will be ignored ;)
+    # For delivery_method, sendmail_settings and smtp_settings see
+    # <http://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration>.
+    WEBSCHLOCKER_CONFIG="
 production:
    web_hostname: $WEBSCHLOCKER_CONFIG_HOSTNAME
    schleuderd_uri: $WEBSCHLOCKER_CONFIG_SCHLEUDERD_URI
@@ -134,7 +158,58 @@ production:
        port: $WEBSCHLOCKER_CONFIG_SMTP_PORT
        #openssl_verify_mode: $WEBSCHLOCKER_CONFIG_OPENSSL_VERIFY_MODE
 "
+    echo -e "$WEBSCHLOCKER_CONFIG" > "$WEBSCHLOCKER_CONFIG_DIR/webschleuder.yml"
+else
+    echo "+-- config file found in '$WEBSCHLOCKER_CONFIG_DIR/webschleuder.yml', ignoring \$WEBSCHLOCKER_CONFIG_* envvars"
+fi
+
+
+#
+# create the database config file, if it doesn't exist
+# see: https://git.codecoop.org/schleuder/webschleuder3/blob/master/config/database.yml
+
+if [ ! -e "$WEBSCHLOCKER_CONFIG_DIR/database.yml" ]; then
+    echo "+-- no database config file found in '$WEBSCHLOCKER_CONFIG_DIR/database.yml', creating one..."
+    
+    # let's hope the unneeded settings get ignored 
+    WEBSCHLOCKER_DATABASE="
+production:
+    pool: 5
+    timeout: 5000
+    adapter:  $WEBSCHLOCKER_DB_ADAPTER
+    database: $WEBSCHLOCKER_DB_DATABASE
+    encoding: $WEBSCHLOCKER_DB_ENCODING
+    username: $WEBSCHLOCKER_DB_USERNAME
+    password: $WEBSCHLOCKER_DB_PASSWORD
+    host:     $WEBSCHLOCKER_DB_HOST
+"
+    echo -e "$WEBSCHLOCKER_DATABASE" > "$WEBSCHLOCKER_CONFIG_DIR/database.yml"
+    
+    # when using sqlite, let's make sure the database directory is accessible/writable for the user
+    if [ $WEBSCHLOCKER_DB_ADAPTER == 'sqlite3' ]; then
+        chown -R "$WEBSCHLOCKER_USER:$WEBSCHLOCKER_GROUP" "$( basename "$WEBSCHLOCKER_DB_DATABASE" )"
+    fi
+else
+    echo "+-- database config file found in '$WEBSCHLOCKER_CONFIG_DIR/database.yml', ignoring \$WEBSCHLOCKER_DB_* envvars"
+fi
+
+#
+# secrets file
+# see: https://git.codecoop.org/schleuder/webschleuder3/blob/master/config/secrets.yml
+if [ ! -e "$WEBSCHLOCKER_CONFIG_DIR/secrets.yml" ]; then
+    echo "+-- no secrets file found in $WEBSCHLOCKER_CONFIG_DIR/secrets.yml, creating one..."
+    WESCHLOCKER_SECRETS="
+production:
+    secret_key_base: $WEBSCHLOCKER_SECRET_KEY_BASE
+"
+    echo -e "$WEBSCHLOCKER_SECRETS" > "$WEBSCHLOCKER_CONFIG_DIR/secrets.yml"
+else
+    echo "+-- secrets file found in '$WEBSCHLOCKER_CONFIG_DIR/secrets.yml', ignoring \$WEBSCHLOCKER_SECRET_KEY_BASE* envvar"
+fi

+# prep the database (as the correct user)
+exec su -p -c "env PATH=\"$PATH\" bundle exec rake db:setup RAILS_ENV=production" "$WEBSCHLOCKER_USER"

-bundle exec rake db:setup RAILS_ENV=production
-exec bundle exec rails server -b 0.0.0.0 -e production
\ No newline at end of file
+echo "+-- executing:"
+echo "    $*"
+exec su -p -c "env PATH=\"$PATH\" $*" "$WEBSCHLOCKER_USER"
\ No newline at end of file