forked from WeblateOrg/docker
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstart
executable file
·252 lines (214 loc) · 7.91 KB
/
start
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
#!/bin/sh
set -e
# Allow sensitive settings to be defined in a file
# in order to support Docker secrets
if [ -n "${POSTGRES_PASSWORD_FILE}" ]; then
POSTGRES_PASSWORD=$(cat "$POSTGRES_PASSWORD_FILE")
export POSTGRES_PASSWORD
fi
if [ -n "${WEBLATE_ADMIN_PASSWORD_FILE}" ]; then
WEBLATE_ADMIN_PASSWORD=$(cat "$WEBLATE_ADMIN_PASSWORD_FILE")
export WEBLATE_ADMIN_PASSWORD
fi
if [ -n "${WEBLATE_EMAIL_HOST_PASSWORD_FILE}" ]; then
WEBLATE_EMAIL_HOST_PASSWORD=$(cat "$WEBLATE_EMAIL_HOST_PASSWORD_FILE")
export WEBLATE_EMAIL_HOST_PASSWORD
fi
echo "Starting..."
# Fix permissions on SSH private key.
# Fails silently if the file doesn't exist yet.
chmod 600 /app/data/ssh/id_rsa 2>/dev/null || true
# Check whether data volume is writable
if [ ! -w /app/data ] ; then
echo "The /app/data volume is not writable, please adjust the permissions. Weblate is running as uid $(id -u)"
exit 1
fi
# Generate secret
if [ ! -f /app/data/secret ] ; then
echo "Generating Django secret..."
# https://github.com/django/django/blob/1.10.2/django/utils/crypto.py#L54-L56
python3 -c "from django.utils.crypto import get_random_string; print(get_random_string(50))" > /app/data/secret
fi
# Generate self-signed SAML key
# This has to be done early as it is used from the settings_docker.py
if [ -n "$WEBLATE_SAML_IDP_URL" ] ; then
if [ ! -f /app/data/ssl/saml.key ] || [ ! -f /app/data/ssl/saml.crt ] ; then
echo "Generating self-signed certificate for SAML..."
mkdir -p /app/data/ssl
openssl req \
-new \
-newkey rsa:4096 \
-x509 \
-days 3652 \
-nodes \
-subj "/OU=Weblate/CN=$WEBLATE_SITE_DOMAIN/emailAddress=$WEBLATE_ADMIN_EMAIL" \
-out /app/data/ssl/saml.crt \
-keyout /app/data/ssl/saml.key
fi
fi
# For openshift, create an account in /etc/passwd
# @see https://docs.okd.io/latest/creating_images/guidelines.html
if ! whoami > /dev/null 2>&1 ; then
if [ -w /etc/passwd ]; then
echo "${USER_NAME:-weblate}:x:$(id -u):0:${USER_NAME:-weblate} user:${HOME}:/sbin/nologin" >> /etc/passwd
fi
fi
if [ -z "$WEBLATE_SITE_DOMAIN" ] ; then
echo "Missing WEBLATE_SITE_DOMAIN, please configure it"
exit 1
fi
# Export Weblate variables
export WEBLATE_CMD="/usr/local/bin/weblate"
export WEBLATE_PY_PATH="/app/data/python/customize"
# Provide sane default value
if [ -z "$POSTGRES_SSL_MODE" ] ; then
export POSTGRES_SSL_MODE="prefer"
fi
# Export variables for psql use
export PGPASSWORD="$POSTGRES_PASSWORD"
export PGSSLMODE="$POSTGRES_SSL_MODE"
# Update the time zone
zonefile="/usr/share/zoneinfo/$WEBLATE_TIME_ZONE"
if [ -n "$WEBLATE_TIME_ZONE" ] && [ -f "$zonefile" ] ; then
cat "/usr/share/zoneinfo/$WEBLATE_TIME_ZONE" > /etc/localtime
fi
# Create fake Python app for customization
if [ ! -d "$WEBLATE_PY_PATH" ] ; then
echo "Creating $WEBLATE_PY_PATH"
mkdir -p "$WEBLATE_PY_PATH/static"
touch "$WEBLATE_PY_PATH/__init__.py"
touch "$WEBLATE_PY_PATH/models.py"
fi
run_weblate() {
"$WEBLATE_CMD" "$@"
}
fail_dep() {
>&2 echo "$1 not running!"
>&2 echo
>&2 echo "$1 is expected to run as separate Docker container."
>&2 echo
>&2 echo "Please see our docs for more details:"
>&2 echo "https://docs.weblate.org/en/latest/admin/install/docker.html"
exit 1
}
if [ -n "$MEMCACHED_HOST" ] ; then
>&2 echo "memcached is no longer supported, please configure redis"
fi
# Wait for redis
TIMEOUT=0
until run_weblate shell -c 'from django.core.cache import cache; cache.has_key("ping")' > /dev/null ; do
>&2 echo "redis is unavailable - waiting $((30 - TIMEOUT))"
TIMEOUT=$((TIMEOUT + 1))
if [ $TIMEOUT -gt 30 ] ; then
run_weblate shell -c 'from django.core.cache import cache; cache.has_key("ping")'
fail_dep redis
fi
sleep 1
done
if [ -z "$POSTGRES_HOST" ] ; then
export POSTGRES_HOST=database
fi
if [ -z "$POSTGRES_PORT" ] ; then
export POSTGRES_PORT=
fi
# Wait for database to get available
TIMEOUT=0
until psql -h "$POSTGRES_HOST" -p "$POSTGRES_PORT" -d "$POSTGRES_DATABASE" -U "$POSTGRES_USER" -c 'SELECT 1' > /dev/null ; do
>&2 echo "Postgres is unavailable - waiting $((30 - TIMEOUT))"
TIMEOUT=$((TIMEOUT + 1))
if [ $TIMEOUT -gt 30 ] ; then
psql -h "$POSTGRES_HOST" -p "$POSTGRES_PORT" -d "$POSTGRES_DATABASE" -U "$POSTGRES_USER" -c 'SELECT 1'
fail_dep PosgreSQL
fi
sleep 1
done
unset PGPASSWORD
>&2 echo "Postgres is up"
# Migrate database to current version and collect static files
if [ "$1" = "runserver" ] ; then
# Fail on migration to 3.0
failure=0
run_weblate showmigrations --plan > /tmp/migrations.txt || failure=1
if [ $failure -gt 0 ] ; then
echo
echo "Database migration has failed. Please check the error message above."
echo "In case you are upgrading from an 3.x version, please upgrade to 4.1.1-3 first."
exit 1
fi
rm /tmp/migrations.txt
DO_MIGRATE=1
DO_CELERY=1
if [ -n "$WEBLATE_SERVICE" ] ; then
if [ "$WEBLATE_SERVICE" != "celery-beat" ] ; then
DO_CELERY=0
DO_MIGRATE=0
fi
find /etc/supervisor/conf.d/ -mindepth 1 -not -name "$WEBLATE_SERVICE.conf" -delete
fi
if [ $DO_MIGRATE -eq 1 ] ; then
echo "Starting database migration..."
run_weblate migrate
echo "Refreshing stats..."
run_weblate ensure_stats
fi
if [ $DO_CELERY -eq 1 ] ; then
run_weblate cleanup_celery
fi
# Run with --clear to ensure all files are up to date
run_weblate collectstatic --noinput --clear
# Compress js and css
run_weblate compress --force
# Create or update admin account
if [ $DO_MIGRATE -eq 1 ] ; then
if [ -n "$WEBLATE_ADMIN_PASSWORD" ] ; then
run_weblate createadmin --password="$WEBLATE_ADMIN_PASSWORD" --update --email="$WEBLATE_ADMIN_EMAIL" --name="$WEBLATE_ADMIN_NAME"
else
run_weblate createadmin --email="$WEBLATE_ADMIN_EMAIL" --name="$WEBLATE_ADMIN_NAME" || true
fi
fi
# uswgi dir
mkdir -p /run/uwsgi/app/weblate
# Celery pid, remove possible stale PID file
mkdir -p /run/celery
rm -f /run/celery/beat.pid
# Prepare nginx logs
rm -f /var/log/nginx/access.log /var/log/nginx/error.log
ln -sf "${NGINX_ACCESS_LOG:-/dev/stdout}" /var/log/nginx/access.log
ln -sf "${NGINX_ERROR_LOG:-/dev/stderr}" /var/log/nginx/error.log
# Generate nginx configuration
if [ -f /app/data/ssl/privkey.pem ] ; then
template=/etc/nginx/ssl.tpl
else
template=/etc/nginx/default.tpl
fi
envsubst "\$WEBLATE_URL_PREFIX" < $template > /etc/nginx/sites-available/default
# Calculate number of processes, at least 2, at most 4, depending on CPU cores
if [ -z "$WEBLATE_WORKERS" ] ; then
PROCESSORS=$(nproc)
WEBLATE_WORKERS=$((PROCESSORS < 2 ? 2 : PROCESSORS > 4 ? 4 : PROCESSORS))
echo "Auto-scaled to $WEBLATE_WORKERS processes, adjust by setting WEBLATE_WORKERS"
fi
# default values for celery options
: "${CELERY_MAIN_OPTIONS:="--concurrency $WEBLATE_WORKERS"}"
: "${CELERY_NOTIFY_OPTIONS:="--concurrency $((WEBLATE_WORKERS / 2))"}"
: "${CELERY_TRANSLATE_OPTIONS:="--concurrency $((WEBLATE_WORKERS / 2))"}"
: "${CELERY_MEMORY_OPTIONS:="--concurrency $((WEBLATE_WORKERS / 2))"}"
: "${CELERY_BACKUP_OPTIONS:="--concurrency 1"}"
: "${CELERY_BEAT_OPTIONS:=""}"
: "${UWSGI_WORKERS:="$((WEBLATE_WORKERS + 1))"}"
export CELERY_MAIN_OPTIONS
export CELERY_NOTIFY_OPTIONS
export CELERY_TRANSLATE_OPTIONS
export CELERY_MEMORY_OPTIONS
export CELERY_BACKUP_OPTIONS
export CELERY_BEAT_OPTIONS
export UWSGI_WORKERS
# Execute supervisor
exec supervisord --nodaemon \
--loglevel="${SUPERVISOR_LOGLEVEL:-info}" \
--logfile_maxbytes=0 \
--logfile="${SUPERVISOR_LOGFILE:-/dev/null}" \
--configuration=/etc/supervisor/supervisord.conf
fi
# Start the management command
run_weblate "$@"