vanpelt · February 2, 2022 07:37
diff --git a/01_enable-services.sh b/01_enable-services.sh
 #!/bin/bash

 # move all services to runit, was tricky to make this happen in docker without
 # overwriting cron / sshd
 echo "*** Copying services to runit"
 mv /home/wandb/service/* /etc/service/
 mv /home/wandb/wandb-logrotate /etc/logrotate.d/

 HOST=${HOST:-http://localhost:8080}

 # Setup our default user if we dont exist as in OpenShift, this ensures it's a
 # member of the root group which will mean it can write to the filesystem where
 # it needs to.
 WB_UID=`id -u`
 WB_GID=`id -g`
 if [ $WB_GID -eq 0 -a $WB_UID -ge 100000 ]; then
    echo "*** Setting OpenShift default user"
    echo "wandb:x:$WB_UID:$WB_GID:wandb user:/home/wandb:/bin/bash" >> /etc/passwd

    id -G | grep -q -w $WB_UID; STATUS=$?
    if [ $STATUS -eq 0 ]; then
        echo "wandb:x:$WB_UID:" >> /etc/group
    fi
 fi

 # Existing installs did not have proper permissions since we used to run as root.
 # We made this change in March 2020, since this is a rather expensive operation,
 # we're not doing it anymore but I figured I would leave it around for posterity.
 #if [ $WB_UID -eq 999 ]; then
 #    sudo fix_permissions.sh /vol
 #fi

 # Bypass owner check by copying .jobber template
 echo "*** Copying jobber template"
 cat /etc/service/jobber/.jobber-template > /etc/service/jobber/.jobber
 mkdir -p /var/jobber/${WB_UID}

 # TODO: add the ability to enforce SSL
 if [[ "${LOCAL_SECURE}" == "true" ]]; then
    echo "*** Enforcing SSL"
 fi

 # TODO: mark redis as down if we've confirmed we can talk to an external instance

 if [[ ! -z "${LOCAL_RESTORE}" ]]; then
    random_pass=$(openssl rand -base64 10 | sed -e 's/[\/&]/0/g')
    echo "$random_pass" > /etc/container_environment/LOCAL_RESTORE_PASSWORD
    echo "*** Enabling restore mode"
    echo ""
    echo "Login at $HOST/api/login"
    echo "  username: [email protected]" 
    echo "  password: $random_pass"
    echo ""
 fi

 [ "$(ls -A /usr/local/share/ca-certificates)" ] && echo "*** Found custom SSL certifcates, updating root trust..." && sudo update-ca-certificates

 if [[ ! -z "${LOCAL_NETDATA}" ]]; then
    echo "*** Installing netdata"
    sudo sh -c ". /home/wandb/.profile \
        && pip install --no-cache-dir PyMySQL >/dev/null 2>&1 \
        && wget --quiet -O /tmp/netdata.sh https://my-netdata.io/kickstart-static64.sh \
        && bash /tmp/netdata.sh --no-updates --dont-wait --dont-start-it >/dev/null 2>&1 \
        && chown -R wandb /opt/netdata \
        && fix_permissions.sh /opt/netdata 2>/dev/null \
        && rm /tmp/netdata.sh"
    echo "*** Enabling netdata"
    echo "8125" > /etc/container_environment/GORILLA_STATSD_PORT
    echo "127.0.0.1" > /etc/container_environment/GORILLA_STATSD_HOST
    rm /etc/service/netdata/down
 fi

 if [[ ! -z "${LOCAL_DEV}" ]]; then
    echo "*** Enabling development mode"
    touch /etc/service/gorilla/down
    ln -s /etc/nginx/sites-available/wandb-dev.conf /etc/nginx/sites-enabled/wandb.conf
 else
    echo "*** Enabling production mode"
    ln -s /etc/nginx/sites-available/wandb-prod.conf /etc/nginx/sites-enabled/wandb.conf
 fi
diff --git a/02_load-settings.sh b/02_load-settings.sh
 #!/bin/bash

 # Put up loading screen
 cp /var/app/frontend/index.html /var/app/frontend/original.html
 cp /var/app/local/animated-logo.gif /var/app/frontend/animated-logo.gif
 rm /var/app/frontend/index.html
 ln -s /var/app/local/loading.html /var/app/frontend/index.html

 mkdir -p /vol/env
 fix_permissions.sh /vol/env
 rm -f /var/app/frontend/startup-error-details

 echo "*** Loading settings..."
 /usr/local/bin/local load_env 2>&1 | tee /tmp/load_env_output
 load_env_status=$PIPESTATUS

 if [ $load_env_status -ne 0 ]; then
    echo "!!! Failed to load settings. If this issue persists, please contact [email protected]."

    # nginx will serve this at /startup-error-details
    cp /tmp/load_env_output /var/app/frontend/startup-error-details

    # mark services as "down" so we see the error page:
    touch /etc/service/gorilla/down
    touch /etc/service/gorilla-filemeta/down
    touch /etc/service/local/down
    touch /etc/service/minio/down
    touch /etc/service/mysql/down
    touch /etc/service/redis/down
 else
    if {
        [[ $(< /etc/container_environment/MINIO_ACCESS_KEY) == "wandb_local" ]] ||
        [[ $(< /etc/container_environment/MINIO_SECRET_KEY) == "wandb_local" ]]
    }; then
        # if load_env didn't set a real access key/secret key, that means we aren't using minio,
        # and we can shut it off:
        touch /etc/service/minio/down
    fi
 fi
	#!/bin/bash

	# move all services to runit, was tricky to make this happen in docker without
	# overwriting cron / sshd
	echo "*** Copying services to runit"
	mv /home/wandb/service/* /etc/service/
	mv /home/wandb/wandb-logrotate /etc/logrotate.d/

	HOST=${HOST:-http://localhost:8080}

	# Setup our default user if we dont exist as in OpenShift, this ensures it's a
	# member of the root group which will mean it can write to the filesystem where
	# it needs to.
	WB_UID=`id -u`
	WB_GID=`id -g`
	if [ $WB_GID -eq 0 -a $WB_UID -ge 100000 ]; then
	echo "*** Setting OpenShift default user"
	echo "wandb:x:$WB_UID:$WB_GID:wandb user:/home/wandb:/bin/bash" >> /etc/passwd

	id -G \| grep -q -w $WB_UID; STATUS=$?
	if [ $STATUS -eq 0 ]; then
	echo "wandb:x:$WB_UID:" >> /etc/group
	fi
	fi

	# Existing installs did not have proper permissions since we used to run as root.
	# We made this change in March 2020, since this is a rather expensive operation,
	# we're not doing it anymore but I figured I would leave it around for posterity.
	#if [ $WB_UID -eq 999 ]; then
	# sudo fix_permissions.sh /vol
	#fi

	# Bypass owner check by copying .jobber template
	echo "*** Copying jobber template"
	cat /etc/service/jobber/.jobber-template > /etc/service/jobber/.jobber
	mkdir -p /var/jobber/${WB_UID}

	# TODO: add the ability to enforce SSL
	if [[ "${LOCAL_SECURE}" == "true" ]]; then
	echo "*** Enforcing SSL"
	fi

	# TODO: mark redis as down if we've confirmed we can talk to an external instance

	if [[ ! -z "${LOCAL_RESTORE}" ]]; then
	random_pass=$(openssl rand -base64 10 \| sed -e 's/[\/&]/0/g')
	echo "$random_pass" > /etc/container_environment/LOCAL_RESTORE_PASSWORD
	echo "*** Enabling restore mode"
	echo ""
	echo "Login at $HOST/api/login"
	echo " username: [email protected]"
	echo " password: $random_pass"
	echo ""
	fi

	[ "$(ls -A /usr/local/share/ca-certificates)" ] && echo "*** Found custom SSL certifcates, updating root trust..." && sudo update-ca-certificates

	if [[ ! -z "${LOCAL_NETDATA}" ]]; then
	echo "*** Installing netdata"
	sudo sh -c ". /home/wandb/.profile \
	&& pip install --no-cache-dir PyMySQL >/dev/null 2>&1 \
	&& wget --quiet -O /tmp/netdata.sh https://my-netdata.io/kickstart-static64.sh \
	&& bash /tmp/netdata.sh --no-updates --dont-wait --dont-start-it >/dev/null 2>&1 \
	&& chown -R wandb /opt/netdata \
	&& fix_permissions.sh /opt/netdata 2>/dev/null \
	&& rm /tmp/netdata.sh"
	echo "*** Enabling netdata"
	echo "8125" > /etc/container_environment/GORILLA_STATSD_PORT
	echo "127.0.0.1" > /etc/container_environment/GORILLA_STATSD_HOST
	rm /etc/service/netdata/down
	fi

	if [[ ! -z "${LOCAL_DEV}" ]]; then
	echo "*** Enabling development mode"
	touch /etc/service/gorilla/down
	ln -s /etc/nginx/sites-available/wandb-dev.conf /etc/nginx/sites-enabled/wandb.conf
	else
	echo "*** Enabling production mode"
	ln -s /etc/nginx/sites-available/wandb-prod.conf /etc/nginx/sites-enabled/wandb.conf
	fi
	#!/bin/bash

	# Put up loading screen
	cp /var/app/frontend/index.html /var/app/frontend/original.html
	cp /var/app/local/animated-logo.gif /var/app/frontend/animated-logo.gif
	rm /var/app/frontend/index.html
	ln -s /var/app/local/loading.html /var/app/frontend/index.html

	mkdir -p /vol/env
	fix_permissions.sh /vol/env
	rm -f /var/app/frontend/startup-error-details

	echo "*** Loading settings..."
	/usr/local/bin/local load_env 2>&1 \| tee /tmp/load_env_output
	load_env_status=$PIPESTATUS

	if [ $load_env_status -ne 0 ]; then
	echo "!!! Failed to load settings. If this issue persists, please contact [email protected]."

	# nginx will serve this at /startup-error-details
	cp /tmp/load_env_output /var/app/frontend/startup-error-details

	# mark services as "down" so we see the error page:
	touch /etc/service/gorilla/down
	touch /etc/service/gorilla-filemeta/down
	touch /etc/service/local/down
	touch /etc/service/minio/down
	touch /etc/service/mysql/down
	touch /etc/service/redis/down
	else
	if {
	[[ $(< /etc/container_environment/MINIO_ACCESS_KEY) == "wandb_local" ]] \|\|
	[[ $(< /etc/container_environment/MINIO_SECRET_KEY) == "wandb_local" ]]
	}; then
	# if load_env didn't set a real access key/secret key, that means we aren't using minio,
	# and we can shut it off:
	touch /etc/service/minio/down
	fi
	fi