Migrate CKAN DataPusher to s6 and add selfsigned cert injection

2018-09-03 15:58:41 +02:00 · 2018-09-03 15:58:41 +02:00 · d47891b19c
commit d47891b19c
parent bc1994c31b
5 changed files with 17 additions and 2 deletions
--- a/ckan-datapusher/Dockerfile
+++ b/ckan-datapusher/Dockerfile
@ -25,8 +25,9 @@ RUN \
 && find /srv/ckan-datapusher/src -name '.git*' -exec rm -rf {} + \
 && rm -rf /root/.cache
 COPY docker/ /
 VOLUME ["/etc/ckan-datapusher", "/srv/ckan-datapusher/data"]
 EXPOSE 8080
-USER ckandp
+CMD ["s6-svscan", "/etc/services.d"]
 CMD ["uwsgi", "--plugin", "python", "--http-socket", "0.0.0.0:8080", "--wsgi-file", "/etc/ckan-datapusher/datapusher.wsgi", "--enable-threads"]
--- a/ckan-datapusher/docker/bin/add-ca-cert
+++ b/ckan-datapusher/docker/bin/add-ca-cert
@ -0,0 +1,4 @@
 #!/bin/sh
 /bin/cat /etc/ssl/services.pem >>/usr/lib/python2.7/site-packages/requests/cacert.pem
 /bin/cat /etc/ssl/services.pem >>/usr/lib/python2.7/site-packages/certifi/cacert.pem
--- a/ckan-datapusher/docker/etc/services.d/.s6-svscan/finish
+++ b/ckan-datapusher/docker/etc/services.d/.s6-svscan/finish
@ -0,0 +1,3 @@
 #!/bin/sh
 /bin/true
--- a/ckan-datapusher/docker/etc/services.d/ckan-datapusher/run
+++ b/ckan-datapusher/docker/etc/services.d/ckan-datapusher/run
@ -0,0 +1,6 @@
 #!/bin/execlineb -P
 fdmove -c 2 1
 foreground { /bin/add-ca-cert }
 s6-setuidgid 8004:8004
 /usr/sbin/uwsgi --plugin python --http-socket 0.0.0.0:8080 --wsgi-file /etc/ckan-datapusher/datapusher.wsgi --enable-threads
--- a/ckan-datapusher/etc/init.d/ckan-datapusher
+++ b/ckan-datapusher/etc/init.d/ckan-datapusher
@ -10,6 +10,7 @@ start() {
 	/usr/bin/docker run -d --rm \
 	--name ckan-datapusher \
 	-h ckan-datapusher \
 	-v /etc/ssl/services.pem:/etc/ssl/services.pem \
 	-v /srv/ckan-datapusher/conf:/etc/ckan-datapusher \
 	-v /srv/ckan-datapusher/data:/srv/ckan-datapusher/data \
 	ckan-datapusher