-
Notifications
You must be signed in to change notification settings - Fork 0
/
entrypoint.sh
43 lines (35 loc) · 1.32 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#!/bin/bash
run_unprivileged() {
exec runuser worker -c "$@"
}
verify_n_take_ownership() {
directory=$1
user=$2
echo "[INFO] Verifying ownership over $directory"
if [[ "$(find . ! -user $user | wc -l)" == "0" ]]; then
echo "[INFO] No ownership issues found"
else
echo "[INFO] Mismatching ownership, taking ownership for $user:$user"
chown -R $user:$user .
fi
}
if [ ! -d "/home/worker" ]; then
echo "[INFO] Creating non-root user..."
useradd -m worker
fi
if [ ! -f /opt/crackerjack/data/instance/crackerjack.sqlite3 ]; then
echo '[INFO] Initializing DB.'
python3 -m flask db init
echo "[INFO] Running DB migrations"
python3 -m flask db migrate
python3 -m flask db upgrade
fi
echo "[INFO] Adding flask crontab"
python3 -m flask crontab add
# fixes an issue where git would complain about dubious ownership
verify_n_take_ownership /opt/crackerjack/.git worker
# we're executing the application as a non-privileged user so we need to be able to write to the DB
verify_n_take_ownership /opt/crackerjack/data worker
echo "[INFO] Starting crackerjack as unprivileged user."
# by using exec the bash script will exit and continue running the python program.
run_unprivileged "/usr/bin/python3 -m gunicorn --workers 3 --bind $ADDRESS:$PORT --timeout $TIMEOUT -m 007 wsgi:app"