From e9619c12429d90dd6ba96f72fd896ed6e2dc5654 Mon Sep 17 00:00:00 2001 From: Dave Shoreman Date: Wed, 22 Jun 2022 12:29:46 +0100 Subject: [PATCH] Fix repeated superuser creations after rename/removal (#263) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Avoid creating superuser if variables are removed Enables the removal of `TA_USERNAME` and/or `TA_PASSWORD` as a way of preventing an additional superuser being created when another exists. In the old code, `ELASTIC_USER` would never error due to the default, so this replaces the loop with one requirement on `ELASTIC_PASSWORD`. * Use .superuser_created to prevent re-creation Creates an empty `.superuser_created` file after successful creation, and uses this to skip the command on future runs. If the file doesn't exist, then `TA_USERNAME` and `TA_PASSWORD` will also be required. * The superuser password can't be empty ...well—it *can*—but the password input of the login form requires a value so even though the account is created, you can't actually login. * Parse createsuperuser output for 'exists' error If a user already exists with the same name as the superuser being created, the command fails with "Error: That name is already taken". It's probably safe to assume that user is the one we expect. This parses the output, treating it as successful so it can be skipped next time. If it hits the catch-all, something probably failed so we exit. * Use the cache for persistence Updates the .superuser_created file to be placed in /cache so that it gets persisted in a volume between config tweaks and container rebuilds. Also makes `TA_PASSWORD` required always, because it seems to be needed by tubearchivist/config/settings.py to generate a secret key. * Let it work outside Docker If /cache doesn't exist (i.e. when it's not running in Docker), this falls back to a `cache` dir in the current working directory instead. Also renames the file to 'initsu.lock' rather than having it hidden. * Use flexible fallback path for `celery` command --- docker_assets/run.sh | 36 ++++++++++++++++++++++++++---------- 1 file changed, 26 insertions(+), 10 deletions(-) diff --git a/docker_assets/run.sh b/docker_assets/run.sh index 31022c7..a3a11b1 100644 --- a/docker_assets/run.sh +++ b/docker_assets/run.sh @@ -5,13 +5,14 @@ if [[ -z "$ELASTIC_USER" ]]; then export ELASTIC_USER=elastic fi -ENV_VARS=("TA_USERNAME" "TA_PASSWORD" "ELASTIC_PASSWORD" "ELASTIC_USER") -for each in "${ENV_VARS[@]}"; do - if ! [[ -v $each ]]; then - echo "missing environment variable $each" - exit 1 - fi -done +cachedir=/cache +[[ -d $cachedir ]] || cachedir=. +lockfile=${cachedir}/initsu.lock + +required="Missing required environment variable" +[[ -f $lockfile ]] || : "${TA_USERNAME:?$required}" +: "${TA_PASSWORD:?$required}" +: "${ELASTIC_PASSWORD:?$required}" # ugly nginx and uwsgi port overwrite with env vars if [[ -n "$TA_PORT" ]]; then @@ -39,12 +40,27 @@ done # start python application python manage.py makemigrations python manage.py migrate -export DJANGO_SUPERUSER_PASSWORD=$TA_PASSWORD && \ - python manage.py createsuperuser --noinput --name "$TA_USERNAME" + +if [[ -f $lockfile ]]; then + echo -e "\e[33;1m[WARNING]\e[0m This is not the first run! Skipping" \ + "superuser creation.\nTo force it, remove $lockfile" +else + export DJANGO_SUPERUSER_PASSWORD=$TA_PASSWORD + output="$(python manage.py createsuperuser --noinput --name "$TA_USERNAME" 2>&1)" + + case "$output" in + *"Superuser created successfully"*) + echo "$output" && touch $lockfile ;; + *"That name is already taken."*) + echo "Superuser already exists. Creation will be skipped on next start." + touch $lockfile ;; + *) echo "$output" && exit 1 + esac +fi python manage.py collectstatic --noinput -c nginx & celery -A home.tasks worker --loglevel=INFO & celery -A home beat --loglevel=INFO \ - -s "${BEAT_SCHEDULE_PATH:-/cache/celerybeat-schedule}" & + -s "${BEAT_SCHEDULE_PATH:-${cachedir}/celerybeat-schedule}" & uwsgi --ini uwsgi.ini