diff --git a/dev/celery/docker-init.sh b/dev/celery/docker-init.sh index 9fb1d6324d..7e2b68425d 100755 --- a/dev/celery/docker-init.sh +++ b/dev/celery/docker-init.sh @@ -21,23 +21,20 @@ CELERY_ROLE="${CELERY_ROLE:-worker}" cd "$WORKSPACEDIR" || exit 255 if [[ -n "${UPDATE_REQUIREMENTS_FROM}" ]]; then + # Need to run as root in the container for this reqs_file="${WORKSPACEDIR}/${UPDATE_REQUIREMENTS_FROM}" echo "Updating requirements from ${reqs_file}..." pip install --upgrade -r "${reqs_file}" fi -if [[ "${CELERY_ROLE}" == "worker" ]]; then - echo "Running initial checks..." - /usr/local/bin/python $WORKSPACEDIR/ietf/manage.py check -fi - CELERY_OPTS=( "${CELERY_ROLE}" ) if [[ -n "${CELERY_UID}" ]]; then - # ensure that some group with the necessary GID exists in container + # ensure that a user with the necessary UID exists in container if ! id "${CELERY_UID}" ; then adduser --system --uid "${CELERY_UID}" --no-create-home --disabled-login "celery-user-${CELERY_UID}" fi CELERY_OPTS+=("--uid=${CELERY_UID}") + CELERY_USERNAME="$(id -nu ${CELERY_UID})" fi if [[ -n "${CELERY_GID}" ]]; then @@ -46,8 +43,17 @@ if [[ -n "${CELERY_GID}" ]]; then addgroup --gid "${CELERY_GID}" "celery-group-${CELERY_GID}" fi CELERY_OPTS+=("--gid=${CELERY_GID}") + CELERY_GROUP="$(getent group ${CELERY_GID} | awk -F: '{print $1}')" fi +run_as_celery_uid () { + SU_OPTS=() + if [[ -n "${CELERY_GROUP}" ]]; then + SU_OPTS+=("-g" "${CELERY_GROUP}") + fi + su "${SU_OPTS[@]}" "${CELERY_USERNAME:-root}" -s /bin/sh -c "$@" +} + log_term_timing_msgs () { # output periodic debug message while true; do @@ -68,6 +74,12 @@ cleanup () { fi } +if [[ "${CELERY_ROLE}" == "worker" ]]; then + echo "Running initial checks..." + # Run checks as celery worker if one was specified + run_as_celery_uid /usr/local/bin/python $WORKSPACEDIR/ietf/manage.py check +fi + trap 'trap "" TERM; cleanup' TERM # start celery in the background so we can trap the TERM signal celery --app="${CELERY_APP:-ietf}" "${CELERY_OPTS[@]}" "$@" & diff --git a/docker-compose.yml b/docker-compose.yml index fc09974fe1..7b7b45709f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -85,6 +85,7 @@ services: # # beat: # image: ghcr.io/ietf-tools/datatracker-celery:latest +# init: true # environment: # CELERY_APP: ietf # CELERY_ROLE: beat