mirror of https://github.com/zulip/zulip.git
410 lines
16 KiB
Bash
410 lines
16 KiB
Bash
#!/bin/bash
|
|
|
|
# Env vars
|
|
# DB aka Database
|
|
DB_HOST="${DB_HOST:-127.0.0.1}"
|
|
DB_HOST_PORT="${DB_HOST_PORT:-5432}"
|
|
DB_NAME="${DB_NAME:-zulip}"
|
|
DB_SCHEMA="${DB_SCHEMA:-zulip}"
|
|
DB_USER="${DB_USER:-zulip}"
|
|
DB_PASSWORD="${DB_PASSWORD:-zulip}"
|
|
REMOTE_POSTGRES_SSLMODE="${REMOTE_POSTGRES_SSLMODE:-prefer}"
|
|
# RabbitMQ
|
|
IGNORE_RABBITMQ_ERRORS="${IGNORE_RABBITMQ_ERRORS:-true}"
|
|
SETTING_RABBITMQ_HOST="${SETTING_RABBITMQ_HOST:-127.0.0.1}"
|
|
SETTING_RABBITMQ_USER="${SETTING_RABBITMQ_USER:-zulip}"
|
|
SECRETS_rabbitmq_password="${SECRETS_rabbitmq_password:-$(echo ${SETTING_RABBITMQ_PASSWORD:-zulip})}"
|
|
unset SETTING_RABBITMQ_PASSWORD
|
|
# Redis
|
|
SETTING_RATE_LIMITING="${SETTING_RATE_LIMITING:-True}"
|
|
SETTING_REDIS_HOST="${SETTING_REDIS_HOST:-127.0.0.1}"
|
|
SETTING_REDIS_PORT="${SETTING_REDIS_PORT:-6379}"
|
|
# Memcached
|
|
SETTING_MEMCACHED_LOCATION="${SETTING_MEMCACHED_LOCATION:-127.0.0.1:11211}"
|
|
# Nginx settings
|
|
NGINX_WORKERS="${NGINX_WORKERS:-2}"
|
|
NGINX_PROXY_BUFFERING="${NGINX_PROXY_BUFFERING:-off}"
|
|
NGINX_MAX_UPLOAD_SIZE="${NGINX_MAX_UPLOAD_SIZE:-24m}"
|
|
# Zulip related settings
|
|
ZULIP_AUTH_BACKENDS="${ZULIP_AUTH_BACKENDS:-EmailAuthBackend}"
|
|
ZULIP_RUN_POST_SETUP_SCRIPTS="${ZULIP_RUN_POST_SETUP_SCRIPTS:-True}"
|
|
# Zulip user setup
|
|
FORCE_FIRST_START_INIT="${FORCE_FIRST_START_INIT:-False}"
|
|
export ZULIP_USER_CREATION_ENABLED="${ZULIP_USER_CREATION_ENABLED:-True}"
|
|
export ZULIP_USER_FULLNAME="${ZULIP_USER_FULLNAME:-Zulip Docker}"
|
|
export ZULIP_USER_DOMAIN="${ZULIP_USER_DOMAIN:-$(echo $SETTING_EXTERNAL_HOST)}"
|
|
export ZULIP_USER_EMAIL="${ZULIP_USER_EMAIL:-}"
|
|
export ZULIP_USER_PASS="${ZULIP_USER_PASS:-zulip}"
|
|
# Auto backup settings
|
|
AUTO_BACKUP_ENABLED="${AUTO_BACKUP_ENABLED:-True}"
|
|
AUTO_BACKUP_INTERVAL="${AUTO_BACKUP_INTERVAL:-30 3 * * *}"
|
|
# Zulip configuration function specific variable(s)
|
|
SPECIAL_SETTING_DETECTION_MODE="${SPECIAL_SETTING_DETECTION_MODE:-True}"
|
|
MANUAL_CONFIGURATION="${MANUAL_CONFIGURATION:-false}"
|
|
# entrypoint.sh specific variable(s)
|
|
ZPROJECT_SETTINGS="/home/zulip/deployments/current/zproject/settings.py"
|
|
SETTINGS_PY="/etc/zulip/settings.py"
|
|
|
|
# BEGIN app_run functions
|
|
# === run_initial_configuration ===
|
|
prepare_directories() {
|
|
if [ ! -d "$DATA_DIR" ]; then
|
|
mkdir -p "$DATA_DIR"
|
|
fi
|
|
if [ ! -d "$DATA_DIR/backups" ]; then
|
|
echo "Creating backups folder ..."
|
|
mkdir -p "$DATA_DIR/backups"
|
|
echo "Created backups folder."
|
|
fi
|
|
if [ ! -d "$DATA_DIR/certs" ]; then
|
|
echo "Creating certs folder ..."
|
|
mkdir -p "$DATA_DIR/certs"
|
|
echo "Created certs folder."
|
|
fi
|
|
if [ ! -d "$DATA_DIR/uploads" ]; then
|
|
echo "Creating uploads folder ..."
|
|
mkdir -p "$DATA_DIR/uploads"
|
|
echo "Created uploads folder."
|
|
fi
|
|
echo "Preparing and linking the uploads folder ..."
|
|
rm -rf /home/zulip/uploads
|
|
ln -sfT "$DATA_DIR/uploads" /home/zulip/uploads
|
|
chown zulip:zulip -R "$DATA_DIR/uploads"
|
|
echo "Prepared and linked the uploads directory."
|
|
}
|
|
set_configuration_value() {
|
|
if [ -z "$1" ]; then
|
|
echo "No KEY given for set_configuration_value."
|
|
return 1
|
|
fi
|
|
if [ -z "$3" ]; then
|
|
echo "No FILE given for set_configuration_value."
|
|
return 1
|
|
fi
|
|
local KEY="$1"
|
|
local VALUE
|
|
local FILE="$3"
|
|
local TYPE="$4"
|
|
if [ -z "$TYPE" ]; then
|
|
case "$2" in
|
|
[Tt][Rr][Uu][Ee]|[Ff][Aa][Ll][Ss][Ee]|[Nn]one)
|
|
TYPE="bool"
|
|
;;
|
|
[0-9]*)
|
|
TYPE="integer"
|
|
;;
|
|
[\[\(]*[\]\)])
|
|
TYPE="array"
|
|
;;
|
|
*)
|
|
TYPE="string"
|
|
;;
|
|
esac
|
|
fi
|
|
case "$TYPE" in
|
|
emptyreturn)
|
|
if [ -z "$2" ]; then
|
|
return 0
|
|
fi
|
|
;;
|
|
literal)
|
|
VALUE="$1"
|
|
;;
|
|
bool|boolean|int|integer|array)
|
|
VALUE="$KEY = $2"
|
|
;;
|
|
string|*)
|
|
VALUE="$KEY = '${2//\'/\'}'"
|
|
;;
|
|
esac
|
|
echo "$VALUE" >> "$FILE"
|
|
echo "Setting key \"$KEY\", type \"$TYPE\" in file \"$FILE\"."
|
|
}
|
|
configure_nginx() {
|
|
echo "Executing nginx configuration ..."
|
|
sed -i "s/worker_processes .*/worker_processes $NGINX_WORKERS;/g" /etc/nginx/nginx.conf
|
|
sed -i "s/client_max_body_size .*/client_max_body_size $NGINX_MAX_UPLOAD_SIZE;/g" /etc/nginx/nginx.conf
|
|
sed -i "s/proxy_buffering .*/proxy_buffering $NGINX_PROXY_BUFFERING;/g" /etc/nginx/zulip-include/proxy_longpolling
|
|
echo "Nginx configuration succeeded."
|
|
}
|
|
configure_certs() {
|
|
echo "Executing certificates configuration..."
|
|
if [ ! -f "$DATA_DIR/certs/zulip.key" ] && [ ! -f "$DATA_DIR/certs/zulip.combined-chain.crt" ]; then
|
|
/root/zulip/scripts/setup/generate-self-signed-certs "$ZULIP_USER_DOMAIN"
|
|
mv /etc/ssl/private/zulip.key "$DATA_DIR/certs/zulip.key"
|
|
mv /etc/ssl/certs/zulip.combined-chain.crt "$DATA_DIR/certs/zulip.combined-chain.crt"
|
|
fi
|
|
ln -sfT "$DATA_DIR/certs/zulip.key" /etc/ssl/private/zulip.key
|
|
ln -sfT "$DATA_DIR/certs/zulip.combined-chain.crt" /etc/ssl/certs/zulip.combined-chain.crt
|
|
echo "Certificates configuration succeeded."
|
|
}
|
|
configure_secrets() {
|
|
echo "Setting Zulip secrets ..."
|
|
if [ ! -e "$DATA_DIR/zulip-secrets.conf" ]; then
|
|
echo "Generating Zulip secrets ..."
|
|
/root/zulip/scripts/setup/generate_secrets.py --production
|
|
mv "/etc/zulip/zulip-secrets.conf" "$DATA_DIR/zulip-secrets.conf" || {
|
|
echo "Couldn't move the generate zulip secrets to the data dir."; exit 1;
|
|
}
|
|
echo "Secrets generation succeeded."
|
|
else
|
|
echo "Secrets already generated/existing."
|
|
fi
|
|
set +e
|
|
local SECRETS=($(env | sed -nr "s/SECRETS_([0-9A-Z_a-z-]*).*/\1/p"))
|
|
for SECRET_KEY in "${SECRETS[@]}"; do
|
|
local key="SECRETS_$SECRET_KEY"
|
|
local SECRET_VAR="${!key}"
|
|
if [ -z "$SECRET_VAR" ]; then
|
|
echo "Empty secret for key \"$SECRET_KEY\"."
|
|
fi
|
|
grep -q "$SECRET_KEY" "$DATA_DIR/zulip-secrets.conf"
|
|
if (($? > 0)); then
|
|
echo "$SECRET_KEY = $SECRET_VAR" >> "$DATA_DIR/zulip-secrets.conf"
|
|
echo "Secret added for \"$SECRET_KEY\"."
|
|
else
|
|
sed -i -r "s~#?$SECRET_KEY[ ]*=.*~$SECRET_KEY = $SECRET_VAR~g" "$DATA_DIR/zulip-secrets.conf"
|
|
echo "Secret found for \"$SECRET_KEY\"."
|
|
fi
|
|
done
|
|
set -e
|
|
unset SECRET_KEY SECRET_VAR key
|
|
if [ -e "/etc/zulip/zulip-secrets.conf" ]; then
|
|
rm "/etc/zulip/zulip-secrets.conf"
|
|
fi
|
|
echo "Linking secrets from data dir to etc zulip ..."
|
|
ln -s "$DATA_DIR/zulip-secrets.conf" "/etc/zulip/zulip-secrets.conf" || {
|
|
echo "Couldn't link existing zulip secrets to etc zulip.";
|
|
exit 1;
|
|
}
|
|
echo "Linked existing secrets from data dir to etc zulip."
|
|
echo "Zulip secrets configuration succeeded."
|
|
}
|
|
configure_database_settings() {
|
|
echo "Setting database configuration ..."
|
|
local VALUE="{
|
|
'default': {
|
|
'ENGINE': 'django.db.backends.postgresql_psycopg2',
|
|
'NAME': '$DB_NAME',
|
|
'USER': '$DB_USER',
|
|
'PASSWORD': '$DB_PASSWORD',
|
|
'HOST': '$DB_HOST',
|
|
'PORT': '$DB_HOST_PORT',
|
|
'SCHEMA': '$DB_SCHEMA',
|
|
'CONN_MAX_AGE': 600,
|
|
'OPTIONS': {
|
|
'connection_factory': TimeTrackingConnection,
|
|
'sslmode': 'prefer',
|
|
},
|
|
},
|
|
}"
|
|
set_configuration_value "DATABASES" "$VALUE" "$ZPROJECT_SETTINGS" "array"
|
|
set_configuration_value "REMOTE_POSTGRES_HOST" "$DB_HOST" "$SETTINGS_PY" "string"
|
|
set_configuration_value "REMOTE_POSTGRES_SSLMODE" "$REMOTE_POSTGRES_SSLMODE" "$SETTINGS_PY" "string"
|
|
echo "Database configuration succeeded."
|
|
}
|
|
# configure_authentication_backends Configure the authentication backends list/array to be used by Zulip
|
|
configure_authentication_backends() {
|
|
echo "Activating authentication backends ..."
|
|
local FIRST=true
|
|
echo "$ZULIP_AUTH_BACKENDS" | sed -n 1'p' | tr ',' '\n' | while read AUTH_BACKEND; do
|
|
if [ "$FIRST" = true ]; then
|
|
set_configuration_value "AUTHENTICATION_BACKENDS" "('zproject.backends.${AUTH_BACKEND//\'/\'}',)" "$SETTINGS_PY" "array"
|
|
FIRST=false
|
|
else
|
|
set_configuration_value "AUTHENTICATION_BACKENDS += ('zproject.backends.${AUTH_BACKEND//\'/\'}',)" "" "$SETTINGS_PY" "literal"
|
|
fi
|
|
echo "Adding authentication backend \"$AUTH_BACKEND\"."
|
|
done
|
|
echo "Authentication backend activation succeeded."
|
|
}
|
|
configure_zulip() {
|
|
echo "Executing Zulip configuration ..."
|
|
if [ ! -z "$ZULIP_CUSTOM_SETTINGS" ]; then
|
|
echo -e "\n$ZULIP_CUSTOM_SETTINGS" >> "$ZPROJECT_SETTINGS"
|
|
fi
|
|
local given_settings=($(env | sed -n -r "s/SETTING_([0-9A-Za-z_]*).*/\1/p"))
|
|
for setting_key in "${given_settings[@]}"; do
|
|
local key="SETTING_$setting_key"
|
|
local setting_var="${!key}"
|
|
local file="$ZPROJECT_SETTINGS"
|
|
local type="string"
|
|
if [ -z "$setting_var" ]; then
|
|
echo "Empty var for key \"$setting_key\"."
|
|
continue
|
|
fi
|
|
# Zulip settings.py / zproject specific overrides here
|
|
if [ "$setting_key" = "ADMIN_DOMAIN" ] || [ "$setting_key" = "MEMCACHED_LOCATION" ] || \
|
|
[[ "$setting_key" = RABBITMQ* ]] || [[ "$setting_key" = REDIS* ]] || \
|
|
[ "$setting_key" = "RATE_LIMITING" ] || [ "$setting_key" = "EXTERNAL_HOST" ] || \
|
|
[ "$setting_key" = "ZULIP_ADMINISTRATOR" ] || [ "$setting_key" = "ADMIN_DOMAIN" ] || \
|
|
[ "$setting_key" = "SECRET_KEY" ] || [ "$setting_key" = "NOREPLY_EMAIL_ADDRESS" ] || \
|
|
[ "$setting_key" = "DEFAULT_FROM_EMAIL" ] || [ "$setting_key" = "ALLOWED_HOSTS" ] || \
|
|
[[ "$setting_key" = AUTH_* ]] || [[ "$setting_key" = LDAP_* ]]; then
|
|
file="$SETTINGS_PY"
|
|
fi
|
|
if [ "$setting_key" = "AUTH_LDAP_USER_SEARCH" ] || [ "$setting_key" = "AUTH_LDAP_USER_ATTR_MAP" ] || \
|
|
([ "$setting_key" = "LDAP_APPEND_DOMAIN" ] && [ "$setting_var" = "None" ]) || [ "$setting_key" = "SECURE_PROXY_SSL_HEADER" ] || \
|
|
[[ "$setting_key" = "CSRF_"* ]] || [[ "$setting_key" = "ALLOWED_HOSTS" ]]; then
|
|
type="array"
|
|
fi
|
|
if ([ "$SPECIAL_SETTING_DETECTION_MODE" = "True" ] || [ "$SPECIAL_SETTING_DETECTION_MODE" = "true" ]) || [ "$type" = "string" ]; then
|
|
type=""
|
|
fi
|
|
set_configuration_value "$setting_key" "$setting_var" "$file" "$type"
|
|
done
|
|
unset setting_key setting_var
|
|
su zulip -c "/home/zulip/deployments/current/manage.py checkconfig"
|
|
if [[ $? != 0 ]]; then
|
|
echo "Error in the Zulip configuration. Exiting."
|
|
exit 1
|
|
fi
|
|
echo "Zulip configuration succeeded."
|
|
}
|
|
configure_auto_backup() {
|
|
if ([ "$AUTO_BACKUP_ENABLED" != "True" ] && [ "$AUTO_BACKUP_ENABLED" != "true" ]); then
|
|
rm -f /etc/cron.d/autobackup
|
|
echo "Auto backup is disabled. Continuing."
|
|
return 0
|
|
fi
|
|
echo "MAILTO=""\n$AUTO_BACKUP_INTERVAL cd /;/entrypoint.sh app:backup" > /etc/cron.d/autobackup
|
|
echo "Auto backup enabled."
|
|
}
|
|
run_initial_configuration() {
|
|
echo "=== Begin Initial Configuration Phase ==="
|
|
prepare_directories
|
|
configure_nginx
|
|
configure_certs
|
|
configure_database_settings
|
|
if [ "$MANUAL_CONFIGURATION" = "False" ] || [ "$MANUAL_CONFIGURATION" = "false" ]; then
|
|
configure_secrets
|
|
configure_authentication_backends
|
|
configure_zulip
|
|
fi
|
|
configure_auto_backup
|
|
echo "=== End Initial Configuration Phase ==="
|
|
}
|
|
# === bootstrap_environment ===
|
|
wait_for_database() {
|
|
export PGPASSWORD="$DB_PASSWORD"
|
|
local TIMEOUT=60
|
|
echo "Waiting for database server to allow connections ..."
|
|
while ! /usr/bin/pg_isready -h "$DB_HOST" -p "$DB_HOST_PORT" -U "$DB_USER" -t 1 >/dev/null 2>&1
|
|
do
|
|
TIMEOUT=$(expr $TIMEOUT - 1)
|
|
if [[ $TIMEOUT -eq 0 ]]; then
|
|
echo "Could not connect to database server. Exiting."
|
|
unset PGPASSWORD
|
|
exit 1
|
|
fi
|
|
echo -n "."
|
|
sleep 1
|
|
done
|
|
unset PGPASSWORD
|
|
}
|
|
bootstrap_rabbitmq() {
|
|
echo "Bootstrapping RabbitMQ ..."
|
|
set +e
|
|
/root/zulip/scripts/setup/configure-rabbitmq | tail -n 16
|
|
RETURN_CODE=$?
|
|
if [[ $RETURN_CODE != 0 ]] && ([ "$IGNORE_RABBITMQ_ERRORS" = "False" ] || [ "$IGNORE_RABBITMQ_ERRORS" = "false" ]); then
|
|
echo "=> In most cases you can completely ignore the RabbmitMQ bootstrap errors."
|
|
echo "=> If you want to ignore RabbitMQ bootstrap errors, (re)add the env var 'IGNORE_RABBITMQ_ERRORS' with 'true'."
|
|
echo "Zulip RabbitMQ bootstrap failed in \"configure-rabbitmq\" exit code $RETURN_CODE. Exiting."
|
|
exit $RETURN_CODE
|
|
fi
|
|
set -e
|
|
echo "RabbitMQ bootstrap succeeded."
|
|
}
|
|
zulip_first_start_init() {
|
|
echo "Executing Zulip first start init ..."
|
|
if [ -e "$DATA_DIR/.initiated" ] && ([ "$FORCE_FIRST_START_INIT" != "True" ] && [ "$FORCE_FIRST_START_INIT" != "true" ]); then
|
|
echo "First Start Init not needed. Continuing."
|
|
return 0
|
|
fi
|
|
local RETURN_CODE=0
|
|
set +e
|
|
|
|
/home/zulip/deployments/current/scripts/setup/postgres-init-db
|
|
RETURN_CODE=$?
|
|
if [[ $RETURN_CODE != 0 ]]; then
|
|
echo "Zulip first start init failed at \"postgres-init-db\" with exit code $RETURN_CODE. Exiting."
|
|
exit $RETURN_CODE
|
|
fi
|
|
|
|
su zulip -c /home/zulip/deployments/current/scripts/setup/initialize-database
|
|
RETURN_CODE=$?
|
|
if [[ $RETURN_CODE != 0 ]]; then
|
|
echo "Zulip first start init failed at \"initialize-database\" with exit code $RETURN_CODE. Exiting."
|
|
exit $RETURN_CODE
|
|
fi
|
|
|
|
if ([ "$ZULIP_USER_CREATION_ENABLED" = "True" ] || [ "$ZULIP_USER_CREATION_ENABLED" = "true" ]); then
|
|
/home/zulip/deployments/current/scripts/create-zulip-admin
|
|
RETURN_CODE=$?
|
|
if [[ $RETURN_CODE != 0 ]]; then
|
|
echo "Zulip first start init failed at \"create-zulip-admin\" with exit code $RETURN_CODE. Exiting."
|
|
exit $RETURN_CODE
|
|
fi
|
|
fi
|
|
set -e
|
|
touch "$DATA_DIR/.initiated"
|
|
echo "Zulip first start init sucessful."
|
|
}
|
|
# migrate_zulip_database Runs the zulip database migrations
|
|
# This runs the migration everytime the container runs, to make sure Zulip has the
|
|
# uptodate database version.
|
|
migrate_zulip_database() {
|
|
echo "Migrating Zulip to new version ..."
|
|
set +e
|
|
su zulip -c "/home/zulip/deployments/current/manage.py migrate --noinput"
|
|
local RETURN_CODE=$?
|
|
if [[ $RETURN_CODE != 0 ]]; then
|
|
echo "Zulip migration failed with exit code $RETURN_CODE. Exiting."
|
|
exit $RETURN_CODE
|
|
fi
|
|
set -e
|
|
rm -rf "$DATA_DIR/.zulip-*"
|
|
touch "$DATA_DIR/.zulip-$ZULIP_VERSION"
|
|
echo "Zulip migration succeeded."
|
|
}
|
|
# run_post_setup_scripts Run user given custom post setup scripts
|
|
run_post_setup_scripts() {
|
|
echo "Post setup scripts execution ..."
|
|
if ([ "$ZULIP_RUN_POST_SETUP_SCRIPTS" != "True" ] && [ "$ZULIP_RUN_POST_SETUP_SCRIPTS" != "true" ]); then
|
|
echo "Not running post setup scripts. ZULIP_RUN_POST_SETUP_SCRIPTS isn't true."
|
|
return 0
|
|
fi
|
|
if [ ! -d "$DATA_DIR/post-setup.d/" ]; then
|
|
echo "No post-setup.d folder found. Continuing."
|
|
return 0
|
|
fi
|
|
if [ ! "$(ls "$DATA_DIR/post-setup.d/")" ]; then
|
|
echo "No post setup scripts found in \"$DATA_DIR/post-setup.d/\"."
|
|
return 0
|
|
fi
|
|
set +e
|
|
for file in $DATA_DIR/post-setup.d/*; do
|
|
if [ -x "$file" ]; then
|
|
echo "Executing \"$file\" ..."
|
|
bash -c "$file"
|
|
echo "Executed \"$file\". Return code $?."
|
|
else
|
|
echo "Permissions denied for \"$file\". Please check the permissions. Exiting."
|
|
exit 1
|
|
fi
|
|
done
|
|
set -e
|
|
echo "Post setup scripts execution succeeded."
|
|
}
|
|
bootstrap_environment() {
|
|
echo "=== Begin Bootstrap Phase ==="
|
|
wait_for_database
|
|
bootstrap_rabbitmq
|
|
zulip_first_start_init
|
|
migrate_zulip_database
|
|
run_post_setup_scripts
|
|
echo "=== End Bootstrap Phase ==="
|
|
}
|
|
# END app_run functions
|