changed taiga path to /opt and improved first-run checks

This commit is contained in:
Andy 2016-04-12 02:11:51 +02:00
parent c1546e7616
commit d680399bcf
Signed by: arno
GPG Key ID: 368DDA2E9A471EAC
6 changed files with 65 additions and 15 deletions

View File

@ -21,7 +21,7 @@ ENV USER taiga
ENV UID 1000 ENV UID 1000
ENV GROUP www-data ENV GROUP www-data
ENV HOME /home/$USER ENV HOME /home/$USER
ENV DATA /usr/local/taiga ENV DATA /opt/taiga
RUN useradd -u $UID -m -d $HOME -s /usr/sbin/nologin -g $GROUP $USER RUN useradd -u $UID -m -d $HOME -s /usr/sbin/nologin -g $GROUP $USER
RUN mkdir -p $DATA $DATA/media $DATA/static $DATA/logs /var/log/taiga \ RUN mkdir -p $DATA $DATA/media $DATA/static $DATA/logs /var/log/taiga \
&& chown -Rh $USER:$GROUP $DATA /var/log/taiga && chown -Rh $USER:$GROUP $DATA /var/log/taiga

View File

@ -76,8 +76,8 @@ services:
ports: ports:
- 80:80 - 80:80
volumes: volumes:
- taiga_static:/usr/local/taiga/static - taiga_static:/opt/taiga/static
- taiga_media:/usr/local/taiga/media - taiga_media:/opt/taiga/media
env_file: env_file:
- ./taiga.env - ./taiga.env
- ./taiga-db.env - ./taiga-db.env

View File

@ -1,6 +1,10 @@
TODO TODO
==== ====
* Security: make sure /already_installed script does not depend on 'admin' user
in case when someone wants to use alternative name (see TODO in
seeds/already_installed.tmpl file)
* make sure Taiga sends emails, e.g. new user registered, password reset, * make sure Taiga sends emails, e.g. new user registered, password reset,
general Taiga notifications general Taiga notifications

View File

@ -30,8 +30,8 @@ services:
ports: ports:
- 80:80 - 80:80
volumes: volumes:
- taiga_static:/usr/local/taiga/static - taiga_static:/opt/taiga/static
- taiga_media:/usr/local/taiga/media - taiga_media:/opt/taiga/media
env_file: env_file:
- ./taiga.env - ./taiga.env
- ./taiga-db.env - ./taiga-db.env

30
launch
View File

@ -30,6 +30,8 @@ envsubst < /tmp/taiga.tmpl > /etc/nginx/sites-enabled/taiga
envsubst < /tmp/circus.ini.tmpl > $DATA/circus.ini envsubst < /tmp/circus.ini.tmpl > $DATA/circus.ini
envsubst < /tmp/conf.json.tmpl > $DATA/taiga-front-dist/dist/conf.json envsubst < /tmp/conf.json.tmpl > $DATA/taiga-front-dist/dist/conf.json
envsubst < /tmp/local.py.tmpl > $DATA/taiga-back/settings/local.py envsubst < /tmp/local.py.tmpl > $DATA/taiga-back/settings/local.py
envsubst < /tmp/already_initialized.tmpl > /already_initialized
chmod +x /already_initialized
# Keep sensitive information out of here # Keep sensitive information out of here
unset DJANGO_SECRET_KEY TAIGA_DB_PASSWORD unset DJANGO_SECRET_KEY TAIGA_DB_PASSWORD
@ -37,26 +39,34 @@ unset DJANGO_SECRET_KEY TAIGA_DB_PASSWORD
# Make sure the data is readable # Make sure the data is readable
chown -Rh $USER:$GROUP $DATA chown -Rh $USER:$GROUP $DATA
# Allow a little delay on the first run # Make sure the PostgreSQL database is up and ready
# to make sure Database is set and ready while ! ping -c 1 -W 1 $TAIGA_DB_HOST >/dev/null 2>&1; do
[ -e "/tmp/taiga.firstrun" ] || ( echo "Waiting for 10 seconds to let the DB initialize" \ echo "Waiting for $TAIGA_DB_HOST to be Up ..."
&& sleep 10 ) sleep 1
done
while ! timeout 1 bash -c 'cat < /dev/null > /dev/tcp/$TAIGA_DB_HOST/$TAIGA_DB_PORT' >/dev/null 2>&1; do
echo "Waiting for $TAIGA_DB_HOST:$TAIGA_DB_PORT to be Ready ..."
sleep 1
done
# This will make a tiny delay which will help to ensure the database is up and
# running before it will be seeded/updated
/already_initialized
# Upgrade DB schemas, etc... # Upgrade DB schemas, etc...
# This is important when Taiga's codebase gets updated # This is important when Taiga's codebase gets updated
su -s /bin/sh $USER -c '. $DATA/venvtaiga/bin/activate su -s /bin/sh $USER -c '. $DATA/venvtaiga/bin/activate
cd $DATA/taiga-back cd $DATA/taiga-back
python manage.py migrate --noinput python manage.py migrate --noinput
[ -e "/tmp/taiga.firstrun" ] || ( python manage.py loaddata initial_user \ /already_initialized || ( python manage.py loaddata initial_user \
&& python manage.py loaddata initial_project_templates \ && python manage.py loaddata initial_project_templates \
&& python manage.py loaddata initial_role \ && python manage.py loaddata initial_role \
&& echo "A new user admin with password 123123 has been created" ) && echo "First run: A new user admin with password 123123 has been created. Please change the password once you login." )
python manage.py compilemessages python manage.py compilemessages
python manage.py collectstatic --noinput python manage.py collectstatic --noinput
deactivate' deactivate'
touch /tmp/taiga.firstrun
# (Optional) Fill Taiga with the Sample data # (Optional) Fill Taiga with the Sample data
# su -s /bin/sh $USER -c '. $DATA/venvtaiga/bin/activate # su -s /bin/sh $USER -c '. $DATA/venvtaiga/bin/activate
# cd $DATA/taiga-back # cd $DATA/taiga-back

View File

@ -0,0 +1,36 @@
#!$DATA/venvtaiga/bin/python
# A simple script that checks whether the 'admin' user has been created.
# It returns 0 on success and 1 on failure.
# Based on this the /launch script will decide whether to create the default
# admin user or not.
# TODO: in some cases one may want to rename the 'admin' user, causing the
# script to create a backdoor admin:123123. We need to take this into account!
import os
import sys
sys.path.append('$DATA/taiga-back')
from django.contrib.auth import get_user_model
from django.core.wsgi import get_wsgi_application
from django.db import utils
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "settings")
application = get_wsgi_application()
User = get_user_model()
users_num = 0
try:
users_num = User.objects.filter(username='admin').count()
except utils.OperationalError as e:
print('(%s): Unable to connect to a database' % type(e))
pass
except utils.ProgrammingError as e:
print('(%s): First run detected' % type(e))
pass
if users_num > 0:
rc = 0
else:
rc = 1
sys.exit(rc)