Migrate CKAN DataPusher to s6 and add selfsigned cert injection

This commit is contained in:
Disassembler 2018-09-03 15:58:41 +02:00
parent bc1994c31b
commit d47891b19c
Signed by: Disassembler
GPG Key ID: 524BD33A0EE29499
5 changed files with 17 additions and 2 deletions

View File

@ -25,8 +25,9 @@ RUN \
&& find /srv/ckan-datapusher/src -name '.git*' -exec rm -rf {} + \
&& rm -rf /root/.cache
COPY docker/ /
VOLUME ["/etc/ckan-datapusher", "/srv/ckan-datapusher/data"]
EXPOSE 8080
USER ckandp
CMD ["uwsgi", "--plugin", "python", "--http-socket", "0.0.0.0:8080", "--wsgi-file", "/etc/ckan-datapusher/datapusher.wsgi", "--enable-threads"]
CMD ["s6-svscan", "/etc/services.d"]

View File

@ -0,0 +1,4 @@
#!/bin/sh
/bin/cat /etc/ssl/services.pem >>/usr/lib/python2.7/site-packages/requests/cacert.pem
/bin/cat /etc/ssl/services.pem >>/usr/lib/python2.7/site-packages/certifi/cacert.pem

View File

@ -0,0 +1,3 @@
#!/bin/sh
/bin/true

View File

@ -0,0 +1,6 @@
#!/bin/execlineb -P
fdmove -c 2 1
foreground { /bin/add-ca-cert }
s6-setuidgid 8004:8004
/usr/sbin/uwsgi --plugin python --http-socket 0.0.0.0:8080 --wsgi-file /etc/ckan-datapusher/datapusher.wsgi --enable-threads

View File

@ -10,6 +10,7 @@ start() {
/usr/bin/docker run -d --rm \
--name ckan-datapusher \
-h ckan-datapusher \
-v /etc/ssl/services.pem:/etc/ssl/services.pem \
-v /srv/ckan-datapusher/conf:/etc/ckan-datapusher \
-v /srv/ckan-datapusher/data:/srv/ckan-datapusher/data \
ckan-datapusher