Created
February 2, 2022 07:37
-
-
Save vanpelt/797549b40dae65fdfaaac3ff1f4625a4 to your computer and use it in GitHub Desktop.
Local init scripts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # move all services to runit, was tricky to make this happen in docker without | |
| # overwriting cron / sshd | |
| echo "*** Copying services to runit" | |
| mv /home/wandb/service/* /etc/service/ | |
| mv /home/wandb/wandb-logrotate /etc/logrotate.d/ | |
| HOST=${HOST:-http://localhost:8080} | |
| # Setup our default user if we dont exist as in OpenShift, this ensures it's a | |
| # member of the root group which will mean it can write to the filesystem where | |
| # it needs to. | |
| WB_UID=`id -u` | |
| WB_GID=`id -g` | |
| if [ $WB_GID -eq 0 -a $WB_UID -ge 100000 ]; then | |
| echo "*** Setting OpenShift default user" | |
| echo "wandb:x:$WB_UID:$WB_GID:wandb user:/home/wandb:/bin/bash" >> /etc/passwd | |
| id -G | grep -q -w $WB_UID; STATUS=$? | |
| if [ $STATUS -eq 0 ]; then | |
| echo "wandb:x:$WB_UID:" >> /etc/group | |
| fi | |
| fi | |
| # Existing installs did not have proper permissions since we used to run as root. | |
| # We made this change in March 2020, since this is a rather expensive operation, | |
| # we're not doing it anymore but I figured I would leave it around for posterity. | |
| #if [ $WB_UID -eq 999 ]; then | |
| # sudo fix_permissions.sh /vol | |
| #fi | |
| # Bypass owner check by copying .jobber template | |
| echo "*** Copying jobber template" | |
| cat /etc/service/jobber/.jobber-template > /etc/service/jobber/.jobber | |
| mkdir -p /var/jobber/${WB_UID} | |
| # TODO: add the ability to enforce SSL | |
| if [[ "${LOCAL_SECURE}" == "true" ]]; then | |
| echo "*** Enforcing SSL" | |
| fi | |
| # TODO: mark redis as down if we've confirmed we can talk to an external instance | |
| if [[ ! -z "${LOCAL_RESTORE}" ]]; then | |
| random_pass=$(openssl rand -base64 10 | sed -e 's/[\/&]/0/g') | |
| echo "$random_pass" > /etc/container_environment/LOCAL_RESTORE_PASSWORD | |
| echo "*** Enabling restore mode" | |
| echo "" | |
| echo "Login at $HOST/api/login" | |
| echo " username: restore@wandb.com" | |
| echo " password: $random_pass" | |
| echo "" | |
| fi | |
| [ "$(ls -A /usr/local/share/ca-certificates)" ] && echo "*** Found custom SSL certifcates, updating root trust..." && sudo update-ca-certificates | |
| if [[ ! -z "${LOCAL_NETDATA}" ]]; then | |
| echo "*** Installing netdata" | |
| sudo sh -c ". /home/wandb/.profile \ | |
| && pip install --no-cache-dir PyMySQL >/dev/null 2>&1 \ | |
| && wget --quiet -O /tmp/netdata.sh https://my-netdata.io/kickstart-static64.sh \ | |
| && bash /tmp/netdata.sh --no-updates --dont-wait --dont-start-it >/dev/null 2>&1 \ | |
| && chown -R wandb /opt/netdata \ | |
| && fix_permissions.sh /opt/netdata 2>/dev/null \ | |
| && rm /tmp/netdata.sh" | |
| echo "*** Enabling netdata" | |
| echo "8125" > /etc/container_environment/GORILLA_STATSD_PORT | |
| echo "127.0.0.1" > /etc/container_environment/GORILLA_STATSD_HOST | |
| rm /etc/service/netdata/down | |
| fi | |
| if [[ ! -z "${LOCAL_DEV}" ]]; then | |
| echo "*** Enabling development mode" | |
| touch /etc/service/gorilla/down | |
| ln -s /etc/nginx/sites-available/wandb-dev.conf /etc/nginx/sites-enabled/wandb.conf | |
| else | |
| echo "*** Enabling production mode" | |
| ln -s /etc/nginx/sites-available/wandb-prod.conf /etc/nginx/sites-enabled/wandb.conf | |
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Put up loading screen | |
| cp /var/app/frontend/index.html /var/app/frontend/original.html | |
| cp /var/app/local/animated-logo.gif /var/app/frontend/animated-logo.gif | |
| rm /var/app/frontend/index.html | |
| ln -s /var/app/local/loading.html /var/app/frontend/index.html | |
| mkdir -p /vol/env | |
| fix_permissions.sh /vol/env | |
| rm -f /var/app/frontend/startup-error-details | |
| echo "*** Loading settings..." | |
| /usr/local/bin/local load_env 2>&1 | tee /tmp/load_env_output | |
| load_env_status=$PIPESTATUS | |
| if [ $load_env_status -ne 0 ]; then | |
| echo "!!! Failed to load settings. If this issue persists, please contact support@wandb.com." | |
| # nginx will serve this at /startup-error-details | |
| cp /tmp/load_env_output /var/app/frontend/startup-error-details | |
| # mark services as "down" so we see the error page: | |
| touch /etc/service/gorilla/down | |
| touch /etc/service/gorilla-filemeta/down | |
| touch /etc/service/local/down | |
| touch /etc/service/minio/down | |
| touch /etc/service/mysql/down | |
| touch /etc/service/redis/down | |
| else | |
| if { | |
| [[ $(< /etc/container_environment/MINIO_ACCESS_KEY) == "wandb_local" ]] || | |
| [[ $(< /etc/container_environment/MINIO_SECRET_KEY) == "wandb_local" ]] | |
| }; then | |
| # if load_env didn't set a real access key/secret key, that means we aren't using minio, | |
| # and we can shut it off: | |
| touch /etc/service/minio/down | |
| fi | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment