rooty/fab-manager
1
0
Fork 0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2025-02-26 20:54:21 +01:00
Code Issues Releases Activity

(bug) when installing fab-manager as non-root user, most of the resulting installation directories were owned by root

Browse Source
This commit is contained in:
Sylvain 2022-06-07 15:12:07 +02:00
parent 1bb1d13a50
commit 8a13eb1cd3
7 changed files with 64 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.dockerignore
View File

@ -42,6 +42,7 @@ Dockerfile
docker-compose* docker-compose*
test test
.env .env
.docker
# Docs # Docs
*.md *.md

2
CHANGELOG.md
View File

@ -4,8 +4,10 @@
- Updated sidekiq-unique-jobs to 7.1.23 to get rid of Sidekiq's default_worker_options deprecation warning - Updated sidekiq-unique-jobs to 7.1.23 to get rid of Sidekiq's default_worker_options deprecation warning
- Allow moving with arrows in the setup script's inputs - Allow moving with arrows in the setup script's inputs
- Fix a bug: when installing fab-manager as non-root user, most of the resulting installation directories were owned by root
- Fix a bug: unable to edit OIDC provider - Fix a bug: unable to edit OIDC provider
- Fix a bug: list of OIDC scopes are loading indefinitely - Fix a bug: list of OIDC scopes are loading indefinitely
- [TODO DEPLOY] `\curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/scripts/use-relative-paths.sh | bash`
## v5.4.3 2022 June 6 ## v5.4.3 2022 June 6

17
Dockerfile
View File

@ -63,6 +63,7 @@ COPY yarn.lock /usr/src/app/yarn.lock
RUN yarn install RUN yarn install
# Clean up build deps, cached packages and temp files # Clean up build deps, cached packages and temp files
USER root
RUN apk del .build-deps && \ RUN apk del .build-deps && \
yarn cache clean && \ yarn cache clean && \
rm -rf /tmp/* \ rm -rf /tmp/* \
@ -71,23 +72,15 @@ RUN apk del .build-deps && \
/usr/lib/ruby/gems/*/cache/* /usr/lib/ruby/gems/*/cache/*
# Web app # Web app
RUN mkdir -p /usr/src/app/config && \ USER fabmanager
mkdir -p /usr/src/app/invoices && \ RUN mkdir -p /usr/src/app/tmp/sockets && \
mkdir -p /usr/src/app/payment_schedules && \
mkdir -p /usr/src/app/exports && \
mkdir -p /usr/src/app/imports && \
mkdir -p /usr/src/app/log && \
mkdir -p /usr/src/app/public/uploads && \
mkdir -p /usr/src/app/public/packs && \
mkdir -p /usr/src/app/accounting && \
mkdir -p /usr/src/app/proof_of_identity_files && \
mkdir -p /usr/src/app/tmp/sockets && \
mkdir -p /usr/src/app/tmp/pids mkdir -p /usr/src/app/tmp/pids
# Copy source files
COPY docker/database.yml /usr/src/app/config/database.yml COPY docker/database.yml /usr/src/app/config/database.yml
COPY . /usr/src/app COPY . /usr/src/app
# Volumes # Volumes (the folders are created by setup.sh)
VOLUME /usr/src/app/invoices VOLUME /usr/src/app/invoices
VOLUME /usr/src/app/payment_schedules VOLUME /usr/src/app/payment_schedules
VOLUME /usr/src/app/exports VOLUME /usr/src/app/exports

30
scripts/use-relative-paths.sh Executable file
View File

@ -0,0 +1,30 @@
#!/usr/bin/env bash
# This script changes the paths in the docker-compose.yml file to use relative paths
# Previously, we were using ${PWD} to get the path to the current directory, but this
# caused issues when running a script from a different directory with "docker-compose -f".
config()
{
echo "Checking docker-compose file... "
FABMANAGER_PATH=$(pwd)
if [ ! -w "$FABMANAGER_PATH/docker-compose.yml" ]; then
echo "Fab-manager's docker-compose.yml file not found or not writable."
echo "Please run this script from the installation folder, and as a user having write access on docker-compose.yml"
exit 1
fi
}
rename()
{
echo "Renaming paths... "
sed -i.bak "s/\${PWD}/\./g" "$FABMANAGER_PATH/docker-compose.yml"
}
proceed()
{
config
rename
}
proceed "$@"

36
setup/docker-compose.yml
View File

@ -6,18 +6,18 @@ services:
RAILS_ENV: production RAILS_ENV: production
RACK_ENV: production RACK_ENV: production
env_file: env_file:
- ${PWD}/config/env - ./config/env
volumes: volumes:
- ${PWD}/public/packs:/usr/src/app/public/packs - ./public/packs:/usr/src/app/public/packs
- ${PWD}/public/uploads:/usr/src/app/public/uploads - ./public/uploads:/usr/src/app/public/uploads
- ${PWD}/invoices:/usr/src/app/invoices - ./invoices:/usr/src/app/invoices
- ${PWD}/payment_schedules:/usr/src/app/payment_schedules - ./payment_schedules:/usr/src/app/payment_schedules
- ${PWD}/exports:/usr/src/app/exports - ./exports:/usr/src/app/exports
- ${PWD}/imports:/usr/src/app/imports - ./imports:/usr/src/app/imports
- ${PWD}/proof_of_identity_files:/usr/src/app/proof_of_identity_files - ./proof_of_identity_files:/usr/src/app/proof_of_identity_files
- ${PWD}/log:/var/log/supervisor - ./log:/var/log/supervisor
- ${PWD}/plugins:/usr/src/app/plugins - ./plugins:/usr/src/app/plugins
- ${PWD}/accounting:/usr/src/app/accounting - ./accounting:/usr/src/app/accounting
depends_on: depends_on:
- postgres - postgres
- redis - redis
@ -27,7 +27,7 @@ services:
postgres: postgres:
image: postgres:9.6 image: postgres:9.6
volumes: volumes:
- ${PWD}/postgresql:/var/lib/postgresql/data - ./postgresql:/var/lib/postgresql/data
restart: always restart: always
environment: environment:
POSTGRES_HOST_AUTH_METHOD: trust POSTGRES_HOST_AUTH_METHOD: trust
@ -41,14 +41,14 @@ services:
soft: -1 soft: -1
hard: -1 hard: -1
volumes: volumes:
- ${PWD}/elasticsearch/config:/usr/share/elasticsearch/config - ./elasticsearch/config:/usr/share/elasticsearch/config
- ${PWD}/elasticsearch:/usr/share/elasticsearch/data - ./elasticsearch:/usr/share/elasticsearch/data
restart: always restart: always
redis: redis:
image: redis:6-alpine image: redis:6-alpine
volumes: volumes:
- ${PWD}/redis:/data - ./redis:/data
restart: always restart: always
nginx: nginx:
@ -57,9 +57,9 @@ services:
- "80:80" - "80:80"
- "443:443" - "443:443"
volumes: volumes:
- ${PWD}/config/nginx:/etc/nginx/conf.d - ./config/nginx:/etc/nginx/conf.d
- ${PWD}/letsencrypt/etc:/etc/letsencrypt - ./letsencrypt/etc:/etc/letsencrypt
- ${PWD}/log:/var/log/nginx - ./log:/var/log/nginx
volumes_from: volumes_from:
- fabmanager:ro - fabmanager:ro
links: links:

9
setup/setup.sh
View File

@ -174,10 +174,15 @@ prepare_files()
read -rp "Continue? (Y/n) " confirm </dev/tty read -rp "Continue? (Y/n) " confirm </dev/tty
if [[ "$confirm" = "n" ]]; then exit 1; fi if [[ "$confirm" = "n" ]]; then exit 1; fi
elevate_cmd mkdir -p "$FABMANAGER_PATH/config" elevate_cmd mkdir -p "$FABMANAGER_PATH"
elevate_cmd chown -R "$(whoami):$(whoami)" "$FABMANAGER_PATH" elevate_cmd chown -R "$(whoami):$(whoami)" "$FABMANAGER_PATH"
mkdir -p "$FABMANAGER_PATH/elasticsearch/config" # create folders before starting the containers, otherwise root will own them
local folders=(accounting config elasticsearch/config exports imports invoices log payment_schedules plugins postgresql \
proof_of_identity_files public/packs public/uploads)
for folder in "${folders[@]}"; do
mkdir -p "$FABMANAGER_PATH/$folder"
done
# Fab-manager environment variables # Fab-manager environment variables
\curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/setup/env.example > "$FABMANAGER_PATH/config/env" \curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/setup/env.example > "$FABMANAGER_PATH/config/env"

1
setup/upgrade.sh
View File

@ -221,6 +221,7 @@ compile_assets()
fi fi
PG_NET_ID=$(docker inspect "$PG_ID" -f "{{json .NetworkSettings.Networks }}" | jq -r '.[] .NetworkID') PG_NET_ID=$(docker inspect "$PG_ID" -f "{{json .NetworkSettings.Networks }}" | jq -r '.[] .NetworkID')
clean_env_file clean_env_file
mkdir -p public/new_packs
# shellcheck disable=SC2068 # shellcheck disable=SC2068
if ! docker run --user "$(id -u):$(id -g)" --rm --env-file ./config/env ${ENV_ARGS[@]} --link "$PG_ID" --net "$PG_NET_ID" -v "${PWD}/public/new_packs:/usr/src/app/public/packs" "$IMAGE" bundle exec rake assets:precompile; then if ! docker run --user "$(id -u):$(id -g)" --rm --env-file ./config/env ${ENV_ARGS[@]} --link "$PG_ID" --net "$PG_NET_ID" -v "${PWD}/public/new_packs:/usr/src/app/public/packs" "$IMAGE" bundle exec rake assets:precompile; then
restore_tag restore_tag