From e17edf1f391b0fae244e6d793947f95ee34b5967 Mon Sep 17 00:00:00 2001 From: dandds Date: Tue, 23 Oct 2018 13:43:32 -0400 Subject: [PATCH 1/4] cronjob config for syncing CRLs --- deploy/docker/prod/Dockerfile | 5 ++++- script/sync-crls | 14 ++++++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/deploy/docker/prod/Dockerfile b/deploy/docker/prod/Dockerfile index 37a36859..9055526b 100644 --- a/deploy/docker/prod/Dockerfile +++ b/deploy/docker/prod/Dockerfile @@ -21,7 +21,7 @@ EXPOSE "${APP_PORT}" ENTRYPOINT ["/usr/bin/dumb-init", "--"] # Default command is to launch the server -CMD ["bash", "-c", "${APP_DIR}/script/uwsgi_server"] +CMD ["bash", "-c", "crond -b && ${APP_DIR}/script/uwsgi_server"] ### Items that will change almost every build ############################################# @@ -41,6 +41,9 @@ WORKDIR ${APP_DIR} RUN set -x ; \ script/alpine_setup "${APP_USER}" "${APP_GROUP}" +# add sync-crl cronjob for atst user +RUN echo "1 */6 * * * /opt/atat/atst/script/sync-crls tests/crl-tmp" >> /etc/crontabs/atst + # Update file ownership RUN set -x ; \ for subdir in $(find . -type d -maxdepth 1 | grep -Ee '.[^/]' | grep -Fve 'node_modules'); do chown atst:atat -R ${subdir}; done diff --git a/script/sync-crls b/script/sync-crls index a8a3ff97..3b4eb027 100755 --- a/script/sync-crls +++ b/script/sync-crls @@ -4,11 +4,17 @@ set -e cd "$(dirname "$0")/.." -mkdir -p crl-tmp -pipenv run python ./atst/domain/authnid/crl/util.py crl-tmp crl +if [[ $# -eq 0 ]]; then + TMP_DIR=crl-tmp +else + TMP_DIR=$1 +fi + +mkdir -p $TMP_DIR +pipenv run python ./atst/domain/authnid/crl/util.py $TMP_DIR crl mkdir -p crl -rsync -rq --min-size 400 crl-tmp/. crl/. -rm -rf crl-tmp +rsync -rq --min-size 400 $TMP_DIR/. crl/. +rm -rf $TMP_DIR if [[ $FLASK_ENV != "prod" ]]; then # place our test CRL there From 60cc49275bb22cd9e2170e807210d65952aa1cda Mon Sep 17 00:00:00 2001 From: dandds Date: Wed, 24 Oct 2018 10:24:04 -0400 Subject: [PATCH 2/4] update circle ci build config --- .circleci/config.yml | 4 ++-- deploy/docker/tester/Dockerfile | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index c22dbf93..5ba48f3a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -86,7 +86,7 @@ jobs: name: "Load Cache: CRLs" keys: - disa-crls-v2 - - run: + - run: name: "Update CRLs" command: ./script/sync-crls - save_cache: @@ -163,7 +163,7 @@ jobs: --change="ENV APP_GROUP \"${APP_GROUP}\"" \ --change="ENV APP_DIR \"${APP_DIR}\"" \ --change='ENTRYPOINT ["/usr/bin/dumb-init", "--"]' \ - --change="CMD [\"bash\", \"-c\", \"${APP_DIR}/script/uwsgi_server\"]" \ + --change="CMD [\"bash\", \"-c\", \"crond -b && ${APP_DIR}/script/uwsgi_server\"]" \ --change="WORKDIR ${APP_DIR}" \ --change="USER \"${APP_USER}\"" \ ${CONTAINER_NAME} \ diff --git a/deploy/docker/tester/Dockerfile b/deploy/docker/tester/Dockerfile index 5486ffa1..8e350992 100644 --- a/deploy/docker/tester/Dockerfile +++ b/deploy/docker/tester/Dockerfile @@ -27,6 +27,9 @@ WORKDIR ${APP_DIR} # Copy over setup scripts COPY script/ ./script/ +# add sync-crl cronjob for atst user +RUN echo "1 */6 * * * /opt/atat/atst/script/sync-crls tests/crl-tmp" >> /etc/crontabs/atst + # Add required system packages and app user RUN set -x ; \ script/alpine_setup From d8ea3f71c66345f043d8826633858378c894b25c Mon Sep 17 00:00:00 2001 From: dandds Date: Wed, 24 Oct 2018 11:45:25 -0400 Subject: [PATCH 3/4] make sure cronjob is part of alpine setup --- script/alpine_setup | 3 +++ 1 file changed, 3 insertions(+) diff --git a/script/alpine_setup b/script/alpine_setup index 41096326..a06b5694 100755 --- a/script/alpine_setup +++ b/script/alpine_setup @@ -12,5 +12,8 @@ APP_UID="8010" # Add additional packages required by app dependencies ADDITIONAL_PACKAGES="postgresql-libs python3 rsync uwsgi uwsgi-python3" +# add sync-crl cronjob for atst user +echo "1 */6 * * * /opt/atat/atst/script/sync-crls tests/crl-tmp" >> /etc/crontabs/atst + # Run the shared alpine setup script source ./script/include/run_alpine_setup From 9ca469c28a4e1bfd8cab2f13006c2dc0a12526a2 Mon Sep 17 00:00:00 2001 From: dandds Date: Thu, 25 Oct 2018 10:17:58 -0400 Subject: [PATCH 4/4] restore original dockerfiles --- deploy/docker/prod/Dockerfile | 5 +---- deploy/docker/tester/Dockerfile | 3 --- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/deploy/docker/prod/Dockerfile b/deploy/docker/prod/Dockerfile index 9055526b..37a36859 100644 --- a/deploy/docker/prod/Dockerfile +++ b/deploy/docker/prod/Dockerfile @@ -21,7 +21,7 @@ EXPOSE "${APP_PORT}" ENTRYPOINT ["/usr/bin/dumb-init", "--"] # Default command is to launch the server -CMD ["bash", "-c", "crond -b && ${APP_DIR}/script/uwsgi_server"] +CMD ["bash", "-c", "${APP_DIR}/script/uwsgi_server"] ### Items that will change almost every build ############################################# @@ -41,9 +41,6 @@ WORKDIR ${APP_DIR} RUN set -x ; \ script/alpine_setup "${APP_USER}" "${APP_GROUP}" -# add sync-crl cronjob for atst user -RUN echo "1 */6 * * * /opt/atat/atst/script/sync-crls tests/crl-tmp" >> /etc/crontabs/atst - # Update file ownership RUN set -x ; \ for subdir in $(find . -type d -maxdepth 1 | grep -Ee '.[^/]' | grep -Fve 'node_modules'); do chown atst:atat -R ${subdir}; done diff --git a/deploy/docker/tester/Dockerfile b/deploy/docker/tester/Dockerfile index 8e350992..5486ffa1 100644 --- a/deploy/docker/tester/Dockerfile +++ b/deploy/docker/tester/Dockerfile @@ -27,9 +27,6 @@ WORKDIR ${APP_DIR} # Copy over setup scripts COPY script/ ./script/ -# add sync-crl cronjob for atst user -RUN echo "1 */6 * * * /opt/atat/atst/script/sync-crls tests/crl-tmp" >> /etc/crontabs/atst - # Add required system packages and app user RUN set -x ; \ script/alpine_setup