From afa74d470f9c249c6f2a6cbdf5c64119dd5a65e4 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sun, 6 Mar 2022 17:38:38 +0100 Subject: [PATCH] Keep envs in sudo commands --- sahana/Dockerfile | 12 ++++++++---- sahana/image.d/entrypoint.sh | 2 +- sahana/image.d/etc/sudoers.d/sahana | 11 +++++++++++ 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/sahana/Dockerfile b/sahana/Dockerfile index 20ecd43..101e483 100644 --- a/sahana/Dockerfile +++ b/sahana/Dockerfile @@ -18,21 +18,25 @@ RUN \ git clone --recursive git://github.com/web2py/web2py.git /srv/web2py && \ git -C /srv/web2py reset --hard 31905858b && \ git -C /srv/web2py submodule update --recursive && \ + # Symlink WSGI handler + ln -s handlers/wsgihandler.py /srv/web2py/wsgihandler.py && \ # Install Sahana git clone --recursive --depth 1 https://github.com/sahana/eden.git /srv/web2py/applications/eden && \ # Install python dependencies, exclude old or unnecessary ones - # - boto - Needed for setup on AWS + # - boto, boto3 - Needed for setup on AWS # - PyRTF - Ceased to exist # - openstacksdk - Needed for setup on OpenStack sed -i 's/^boto/#boto/' /srv/web2py/applications/eden/optional_requirements.txt && \ sed -i 's/^PyRTF/#PyRTF/' /srv/web2py/applications/eden/optional_requirements.txt && \ sed -i 's/^openstacksdk/#openstacksdk/' /srv/web2py/applications/eden/optional_requirements.txt && \ pip3 install -r /srv/web2py/applications/eden/optional_requirements.txt && \ - # Hackfix paths for ansible and other modules with hardcoded paths - ln -s /srv/web2py /home/prod && \ # Copy fonts with Czech glyphs cp /usr/share/fonts/ttf-dejavu/DejaVuSerif-Bold.ttf /srv/web2py/applications/eden/static/fonts/Helvetica-Bold.ttf && \ cp /usr/share/fonts/ttf-dejavu/DejaVuSerif.ttf /srv/web2py/applications/eden/static/fonts/Helvetica.ttf && \ + # Hackfix paths for ansible and other modules with hardcoded paths + ln -s /srv/web2py /home/prod && \ + # Create volume paths + mkdir /srv/web2py/applications/eden/databases /srv/web2py/applications/eden/errors /srv/web2py/applications/eden/sessions /srv/web2py/applications/eden/uploads && \ # Create OS user addgroup -S -g 8080 sahana && \ adduser -S -u 8080 -h /srv/web2py -s /bin/false -g sahana -G sahana sahana && \ @@ -46,7 +50,7 @@ COPY image.d / RUN \ # Change ownership of the newly copied files - chown -R sahana:sahana /srv/web2py + find /srv/web2py ! -user sahana -exec chown -R sahana:sahana {} + ENTRYPOINT ["/entrypoint.sh"] EXPOSE 8080 diff --git a/sahana/image.d/entrypoint.sh b/sahana/image.d/entrypoint.sh index 1a69c42..c364151 100755 --- a/sahana/image.d/entrypoint.sh +++ b/sahana/image.d/entrypoint.sh @@ -10,7 +10,7 @@ echo "Starting Sahana Eden..." # Create admin user CSV template cat </srv/web2py/applications/eden/modules/templates/default/users/masterUsers.csv First Name,Last Name,Email,Password,Role,Organisation -Admin,User,${SAHANA_ADMIN_USER},${SAHANA_ADMIN_PASSWORD},ADMIN, +Admin,User,${SAHANA_ADMIN_USER:-admin},${SAHANA_ADMIN_PASSWORD:-admin},ADMIN, EOF unset SAHANA_ADMIN_USER unset SAHANA_ADMIN_PASSWORD diff --git a/sahana/image.d/etc/sudoers.d/sahana b/sahana/image.d/etc/sudoers.d/sahana index 0617737..90c2d62 100644 --- a/sahana/image.d/etc/sudoers.d/sahana +++ b/sahana/image.d/etc/sudoers.d/sahana @@ -1 +1,12 @@ +Defaults env_keep += "POSTGRES_USER" +Defaults env_keep += "POSTGRES_PASSWORD" +Defaults env_keep += "POSTGRES_DB" +Defaults env_keep += "POSTGRES_HOST" +Defaults env_keep += "SAHANA_HMAC_KEY" +Defaults env_keep += "SAHANA_MAIL_HOST" +Defaults env_keep += "SAHANA_MAIL_SENDER" +Defaults env_keep += "SAHANA_MAIL_APPROVER" +Defaults env_keep += "SAHANA_API_KEY_GOOGLE" +Defaults env_keep += "SAHANA_API_KEY_OPENWEATHERMAP" + sahana ALL=(ALL) NOPASSWD:ALL