From e1b6d427a5dda79663fe06342406dc328d0c3442 Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Mon, 12 Aug 2019 14:39:19 +1000 Subject: [PATCH] DCD-558: Add start of Python entrypoint; execution, permissions, and server.xml. --- Dockerfile | 4 +- Dockerfile-alpine | 4 +- entrypoint.py | 97 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 101 insertions(+), 4 deletions(-) create mode 100755 entrypoint.py diff --git a/Dockerfile b/Dockerfile index 64cd9d2..4040185 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,7 @@ WORKDIR $CONFLUENCE_HOME EXPOSE 8090 EXPOSE 8091 -CMD ["/entrypoint.sh", "-fg"] +CMD ["/entrypoint.py", "-fg"] ENTRYPOINT ["/sbin/tini", "--"] RUN apt-get update \ @@ -28,7 +28,7 @@ ARG TINI_VERSION=v0.18.0 ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini RUN chmod +x /sbin/tini -COPY entrypoint.sh /entrypoint.sh +COPY entrypoint.py /entrypoint.py COPY scripts/* /opt/atlassian/bin/ COPY config/* /opt/atlassian/etc/ diff --git a/Dockerfile-alpine b/Dockerfile-alpine index 0ed0a21..0bc350e 100644 --- a/Dockerfile-alpine +++ b/Dockerfile-alpine @@ -17,7 +17,7 @@ WORKDIR $CONFLUENCE_HOME EXPOSE 8090 EXPOSE 8091 -CMD ["/entrypoint.sh", "-fg"] +CMD ["/entrypoint.py", "-fg"] ENTRYPOINT ["/sbin/tini", "--"] RUN apk add --no-cache ca-certificates wget curl openssh bash procps openssl perl ttf-dejavu tini python3 py3-jinja2 @@ -28,7 +28,7 @@ RUN ln -s /usr/lib/libfontconfig.so.1 /usr/lib/libfontconfig.so \ && ln -s /lib/libc.musl-x86_64.so.1 /usr/lib/libc.musl-x86_64.so.1 ENV LD_LIBRARY_PATH /usr/lib -COPY entrypoint.sh /entrypoint.sh +COPY entrypoint.py /entrypoint.py COPY scripts/* /opt/atlassian/bin/ COPY config/* /opt/atlassian/etc/ diff --git a/entrypoint.py b/entrypoint.py new file mode 100755 index 0000000..b976078 --- /dev/null +++ b/entrypoint.py @@ -0,0 +1,97 @@ +#!/usr/bin/python3 + +import sys +import os +import shutil +import logging +import jinja2 as j2 + + +def set_perms(path, user, group, mode): + logging.info("SETTGING PERMS "+path) + shutil.chown(path, user=user, group=group) + os.chmod(path, mode) + +def chown_all(path, user, group, mode): + for root, dirs, files in os.walk(path): + for d in dirs: + set_perms(os.path.join(root, d), user, group, mode) + for f in files: + set_perms(os.path.join(root, d), user, group, mode) + set_perms(path, user, group, mode) + +# Import all ATL_* environment variables. We lower-case these for +# compatability with Ansible template convention. We handle default +# and legacy mappings below. +env = {k.lower(): v + for k, v in os.environ.items() + if k.startswith('ATL_')} + +# Extract some common parameters +confluence_home = os.environ["CONFLUENCE_HOME"] +confluence_install_dir = os.environ["CONFLUENCE_INSTALL_DIR"] +user = os.environ["RUN_USER"] +group = os.environ["RUN_GROUP"] + +# Setup Jinja2 for templating +jenv = j2.Environment( + loader=j2.FileSystemLoader('/opt/atlassian/etc/'), + autoescape=j2.select_autoescape(['xml'])) + +logging.basicConfig(level=logging.DEBUG) + + +###################################################################### +# Generate server.xml for Tomcat. + +defaults = { + # We support some variables from older versions of the Docker images + # for backwards compatability, if the new version is not set. + 'atl_proxy_name': os.environ.get('CATALINA_CONNECTOR_PROXYNAME'), + 'atl_proxy_port': os.environ.get('CATALINA_CONNECTOR_PROXYPORT'), + 'atl_tomcat_secure': os.environ.get('CATALINA_CONNECTOR_SECURE'), + 'atl_tomcat_scheme': os.environ.get('CATALINA_CONNECTOR_SCHEME'), + 'atl_tomcat_contextpath': os.environ.get('CATALINA_CONTEXT_PATH'), + + # Other default vals + 'atl_tomcat_port': "8090", + 'atl_tomcat_mgmt_port': "8000", + 'atl_tomcat_maxthreads': "200", + 'atl_tomcat_minsparethreads': "10", + 'atl_tomcat_connectiontimeout': "20000", + 'atl_tomcat_enablelookups': "false", + 'atl_tomcat_protocol': "HTTP", + 'atl_tomcat_redirectport': "8443", + 'atl_tomcat_acceptcount': "10", +} + +for key, defval in defaults.items(): + if (key not in env) and defval: + env[key] = defval + +logging.info("Generating ${CONFLUENCE_INSTALL_DIR}/conf/server.xml") +print(confluence_install_dir+'/conf/server.xml') +xml = jenv.get_template('server.xml.j2').render(env) +out = confluence_install_dir+'/conf/server.xml' +with open(out, 'w') as fd: + fd.write(xml) +chown_all(out, user, group, 0o640) + + +###################################################################### +# Start Confluence as the correct user + +start_cmd = "{}/bin/start-confluence.sh".format(confluence_install_dir) +if os.getuid() == 0: + logging.info("User is currently root. Will change directory ownership to {}:{}, then downgrade permission to {}".format(user, group, user)) + chown_all(confluence_home, user, group, 0o700) + + cmd = '/bin/su' + start_cmd = ' '.join([start_cmd] + sys.argv[1:]) + args = ['-s /bin/bash', user, '-c', start_cmd] +else: + cmd = start_cmd + args = sys.argv[1:] + +logging.info("Running Confluence with command '{}', arguments {}".format(cmd, args)) +os.execv(cmd, args)