Skip to content

Commit

Permalink
chore: run checks using celery UID/GID in container (#4364)
Browse files Browse the repository at this point in the history
* chore: run checks as celery uid/gid in celery container

* chore: add init flag to suggested beat container config
  • Loading branch information
jennifer-richards authored Aug 24, 2022
1 parent 727feab commit a3f2d4b
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 6 deletions.
24 changes: 18 additions & 6 deletions dev/celery/docker-init.sh
Original file line number Diff line number Diff line change
Expand Up @@ -21,23 +21,20 @@ CELERY_ROLE="${CELERY_ROLE:-worker}"
cd "$WORKSPACEDIR" || exit 255

if [[ -n "${UPDATE_REQUIREMENTS_FROM}" ]]; then
# Need to run as root in the container for this
reqs_file="${WORKSPACEDIR}/${UPDATE_REQUIREMENTS_FROM}"
echo "Updating requirements from ${reqs_file}..."
pip install --upgrade -r "${reqs_file}"
fi

if [[ "${CELERY_ROLE}" == "worker" ]]; then
echo "Running initial checks..."
/usr/local/bin/python $WORKSPACEDIR/ietf/manage.py check
fi

CELERY_OPTS=( "${CELERY_ROLE}" )
if [[ -n "${CELERY_UID}" ]]; then
# ensure that some group with the necessary GID exists in container
# ensure that a user with the necessary UID exists in container
if ! id "${CELERY_UID}" ; then
adduser --system --uid "${CELERY_UID}" --no-create-home --disabled-login "celery-user-${CELERY_UID}"
fi
CELERY_OPTS+=("--uid=${CELERY_UID}")
CELERY_USERNAME="$(id -nu ${CELERY_UID})"
fi

if [[ -n "${CELERY_GID}" ]]; then
Expand All @@ -46,8 +43,17 @@ if [[ -n "${CELERY_GID}" ]]; then
addgroup --gid "${CELERY_GID}" "celery-group-${CELERY_GID}"
fi
CELERY_OPTS+=("--gid=${CELERY_GID}")
CELERY_GROUP="$(getent group ${CELERY_GID} | awk -F: '{print $1}')"
fi

run_as_celery_uid () {
SU_OPTS=()
if [[ -n "${CELERY_GROUP}" ]]; then
SU_OPTS+=("-g" "${CELERY_GROUP}")
fi
su "${SU_OPTS[@]}" "${CELERY_USERNAME:-root}" -s /bin/sh -c "$@"
}

log_term_timing_msgs () {
# output periodic debug message
while true; do
Expand All @@ -68,6 +74,12 @@ cleanup () {
fi
}

if [[ "${CELERY_ROLE}" == "worker" ]]; then
echo "Running initial checks..."
# Run checks as celery worker if one was specified
run_as_celery_uid /usr/local/bin/python $WORKSPACEDIR/ietf/manage.py check
fi

trap 'trap "" TERM; cleanup' TERM
# start celery in the background so we can trap the TERM signal
celery --app="${CELERY_APP:-ietf}" "${CELERY_OPTS[@]}" "$@" &
Expand Down
1 change: 1 addition & 0 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ services:
#
# beat:
# image: ghcr.io/ietf-tools/datatracker-celery:latest
# init: true
# environment:
# CELERY_APP: ietf
# CELERY_ROLE: beat
Expand Down

0 comments on commit a3f2d4b

Please sign in to comment.