OpenSlides/server/docker/entrypoint-db-setup
Gernot Schulz 4f194a8794
Docker: Add a Docker secret for the Django key
We have decided against including an insecure default key with a mere
warning.  Therefore, unlike the admin and user secrets, the availability
of this secret is a hard requirement.  The instance will not be able to
start before a secret has been generated manually or by a management
tool.
2020-08-21 08:11:14 +02:00

87 lines
2.3 KiB
Bash
Executable File

#!/bin/bash
set -e
warn_insecure_admin() {
cat <<-EOF
==============================================
WARNING
==============================================
WARNING: INSECURE ADMIN ACCOUNT CONFIGURATION!
EOF
sleep 10
}
# Set DJANGO_SECRET_KEY variable
source /run/secrets/django
[[ -n "$DJANGO_SECRET_KEY" ]] || {
echo "ERROR: Django secret key undefined! Cannot continue."
sleep 5
exit 2
}
export SECRET_KEY="$DJANGO_SECRET_KEY"
# Configure database
# TODO: env variables??
echo "postgres:5432:instancecfg:openslides:openslides" > "${HOME}/.pgpass"
chmod 600 "${HOME}/.pgpass"
until pg_isready -h db; do
echo "Waiting for Postgres cluster to become available..."
sleep 3
done
# Wait for redis
wait-for-it redis:6379
wait-for-it redis-slave:6379
wait-for-it redis-channels:6379
echo 'running migrations'
python manage.py migrate
# Admin
if [[ -f /run/secrets/os_admin ]]; then
echo "Retrieving secure admin password"
source /run/secrets/os_admin
if [[ -n "${OPENSLIDES_ADMIN_PASSWORD}" ]]; then
echo "Changing admin password"
python manage.py changedefaultadminpassword "${OPENSLIDES_ADMIN_PASSWORD}"
else
warn_insecure_admin
fi
else
warn_insecure_admin
fi
# Main user
if [[ -f /run/secrets/os_user ]]; then
echo "Retrieving secure user credentials"
source /run/secrets/os_user
if [[ -n "${OPENSLIDES_USER_FIRSTNAME}" ]] &&
[[ -n "${OPENSLIDES_USER_LASTNAME}" ]] &&
[[ -n "${OPENSLIDES_USER_PASSWORD}" ]]; then
user_name="${OPENSLIDES_USER_FIRSTNAME} ${OPENSLIDES_USER_LASTNAME}"
echo "Adding user: ${user_name}"
# createopenslidesuser: error: the following arguments are required:
# first_name, last_name, username, password, groups_id
# email is optional
# userid forces to to only create a user with this id, if it not exists before.
python manage.py createopenslidesuser \
--userid 2 \
--email "${OPENSLIDES_USER_EMAIL:-}" \
"${OPENSLIDES_USER_FIRSTNAME}" \
"${OPENSLIDES_USER_LASTNAME}" \
"${user_name}" \
"${OPENSLIDES_USER_PASSWORD}" \
2
else
echo "Incomplete user account data. Skipping account creation."
fi
fi
echo "Done migrating and setting up user accounts..."
python -m http.server --directory /app/empty --bind 0.0.0.0 8000