Merge pull request #69 from PruthviKumarBK/feature/PR-130-away-from-p…

…roton-vars Feature/pr 130 away from proton vars
1x-eng · Nov 21, 2019 · 110fc1e · 110fc1e
2 parents a14046e + c201f36
commit 110fc1e
Show file tree

Hide file tree

Showing 5 changed files with 62 additions and 40 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -32,9 +32,12 @@ RUN echo "********* ENV variables creation phase *********\n"
 ARG sendgrid_api_key
 ARG app_name
 ARG app_support_email
+ARG proton_host_uid
+ARG proton_host_gid
 ENV SENDGRID_API_KEY=${sendgrid_api_key}
 ENV APP_NAME=${app_name}
 ENV APP_SUPPORT_EMAIL=${app_support_email}
+
 RUN echo "\n"
 
 RUN echo "********* PROTON dependencies installation phase *********\n"
@@ -43,18 +46,13 @@ RUN apt-get install bash
 RUN apt-get install -y gcc g++ unixodbc-dev
 RUN echo "\n"
 
-RUN echo "********* PROTON folder structure creation phase *********\n"
-RUN mkdir -p /PROTON
-RUN mkdir -p /PROTON/proton-db
-RUN mkdir -p /PROTON/trace
-RUN echo "\n"
-
 RUN echo "********* PROTON user group & user creation phase *********\n"
-RUN groupadd proton_user_group
-RUN useradd -G proton_user_group default_proton_user
+RUN groupadd -f -g ${proton_host_gid} proton_user_group
+RUN useradd -G proton_user_group -u ${proton_host_uid} default_proton_user
 RUN echo "\n"
 
-RUN echo "********* PROTON source code injection phase *********\n"
+RUN echo "********* PROTON folder structure creation & source code injection phase *********\n"
+RUN mkdir -p /PROTON
 WORKDIR /PROTON
 COPY . /PROTON
 RUN echo "\n"
@@ -64,9 +62,10 @@ RUN python3 -m pip install -r requirements.txt --no-cache-dir
 RUN echo "\n"
 
 RUN echo "********* PROTON user ownership and restriction phase *********\n"
-RUN chown -R default_proton_user:proton_user_group /PROTON
-RUN chmod 777 -R /PROTON
-USER default_proton_user
+RUN chown -R ${proton_host_uid}:${proton_host_gid} /PROTON
+RUN mkdir -p /PROTON/proton-db
+RUN mkdir -p /PROTON/trace
+USER ${proton_host_uid}
 RUN echo "\n"
 
 RUN echo "********* PROTON port expose phase *********\n"

diff --git a/cproton.sh b/cproton.sh
@@ -41,6 +41,10 @@ done
 
 if [[ -x "$(command -v docker)" && -x "$(command -v docker-compose)" ]]; then
 
+    # Get Host userID and GroupId to help mirror the same inside the container
+    export PROTON_HOST_UID=$(id -u)
+    export PROTON_HOST_GID=$(id -g)
+
     # Validate existance of key environment variables.
     ./init-proton.sh
 
@@ -54,6 +58,8 @@ if [[ -x "$(command -v docker)" && -x "$(command -v docker-compose)" ]]; then
         --build-arg sendgrid_api_key=${SENDGRID_API_KEY} \
         --build-arg app_name=${APP_NAME} \
         --build-arg app_support_email=${APP_SUPPORT_EMAIL} \
+        --build-arg proton_host_uid=${PROTON_HOST_UID} \
+        --build-arg proton_host_gid=${PROTON_HOST_GID} \
         -t proton_stretch:latest .
 
     fi

diff --git a/deployer.sh b/deployer.sh
@@ -65,13 +65,13 @@ if [[ ! -z ${dns} ]]; then
     echo -e "[Step - 1] Installing Docker & Docker-Compose\n"
 
     sudo apt-get update
-    sudo apt-get install -y docker # needs to be tested
-    sudo apt-get install -y docker-compose # Needs to be tested
+    sudo apt-get install -y docker docker-compose
     echo -e "\n"
 
     # Enable $USER to run docker
     echo -e "[Step -1a] Enabling ${USER_NAME} to run docker\n"
-    sudo usermod -a -G docker ${USER_NAME}
+    sudo groupadd docker
+    sudo usermod -aG docker ${USER_NAME}
     echo -e "\n"
 
     # Install nginx and http reverse proxy to PROTON
@@ -98,6 +98,7 @@ EOT
     sudo ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf
     sudo nginx -t
     sudo service nginx restart
+    cd ${ROOT_DIR}
     echo -e "\n"
 
     # Configure HTTPS and reverse proxy HTTPS as default to PROTON.
@@ -110,25 +111,25 @@ EOT
     sudo certbot --nginx --non-interactive --agree-tos -m [email protected] -d ${dns}
     echo -e "\n"
 
-    # Avoiding permission issues for PROTON stack.
-    echo -e "[Step - 4] Granting PROTON stack with required folder level permissions."
-    cd ${ROOT_DIR}
-    sudo chmod 777 -R ./
-    echo -e "\n"
-
     echo -e "Infrastructure prep completed for PROTON\n"
-    sudo newgrp docker
+    newgrp docker
 fi
 
 if [[ ${automated} == 'yes' ]]; then
     echo -e "DEPLOYER is proceeding in AUTOMATED mode\n"
     echo -e "Generating platform config here - ${ROOT_DIR}\n"
 
-    # Assumption - Before this section, ./deployer -a <dns> is presumed to have run. This would have changed user to root.
-    NON_ROOT_USER=`echo ${SUDO_USER:-${USER}}`
+    # Reject if running as root.
+    if [[ ${EUID} != 0 ]]; then
+        :
+    else
+        NON_ROOT_USER=`echo ${SUDO_USER:-${USER}}`
+        echo -e "Cannot proceed as root. Please re-issue this command as ${NON_ROOT_USER}\n"
+        exit 1
+    fi
 
     # Volume mounts to live in ORIGINAL user's home directory.
-    cd /home/${NON_ROOT_USER}
+    cd /home/${USER}
     mkdir -p proton_db
     cd proton_db
     echo -e "Generating mount paths for proton databases here - $(pwd)"
@@ -140,11 +141,12 @@ if [[ ${automated} == 'yes' ]]; then
     mkdir -p redis
 
     echo -e "Granting permissions for Proton databases."
-    cd ..
-    sudo chmod 777 -R ./
+    cd /home/${USER}
+    sudo chown -R $(id -u):$(id -g) /home/${USER}/proton_db
 
     echo -e "Generating PROTONs core .env"
     cd ${ROOT_DIR}
+
     cat << EOF > .env
 # PS: ANY CHANGES HERE WILL AFFECT BUILD PROCESS.
 # PS: DO NOT DELETE ANY VARIABLES OR RENAME THEM. PROTON'S CONTAINERS RELY ON THESE VARIABLES.
@@ -162,7 +164,7 @@ PROTON_POSTGRES_VOLUME_MOUNT=${AUTOMATED_PROTON_DB_PATH}/pg
 PROTON_REDIS_VOLUME_MOUNT=${AUTOMATED_PROTON_DB_PATH}/redis
 SENDGRID_API_KEY=NA
 EOF
-
+    sudo chown -R $(id -u):$(id -g) ./
     echo -e "Initializing PROTON Stack\n"
     ./cproton.sh -U yes
     echo -e "\n"
@@ -181,7 +183,18 @@ EOF
 fi
 if [[ ${restore} == 'yes' ]]; then
     echo -e "Deployer is instantiating PROTON Restore. Restoration is an interactive process. Please help with valid inputs."
-    echo -e "********* PS: Please only use this mount path for PROTON restoration: /tmp/proton_restore *********\n"
+    echo -e "***************************************************************************************************************"
+    echo -e "*********** PS: Please only use this mount path for PROTON restoration: /tmp/proton_restore  ******************"
+    echo -e "***************************************************************************************************************\n"
+
+    # Reject if running as root.
+    if [[ ${EUID} != 0 ]]; then
+        :
+    else
+        NON_ROOT_USER=`echo ${SUDO_USER:-${USER}}`
+        echo -e "Cannot proceed as root. Please re-issue this command as ${NON_ROOT_USER}\n"
+        exit 1
+    fi
 
     sudo apt-get install -y python-pip
     pip install dropbox
@@ -199,19 +212,16 @@ if [[ ${restore} == 'yes' ]]; then
     cd ${ROOT_DIR}
     mv -f ${PROTON_RESTORE_LOCATION}/.env ./
 
-     # Assumption - Before this section, ./deployer -a <dns> is presumed to have run. This would have changed user to root.
-    NON_ROOT_USER=`echo ${SUDO_USER:-${USER}}`
-
-    cd /home/${NON_ROOT_USER}
+    cd /home/${USER}
     mkdir -p proton_db
-    cd proton_db
+    cd /home/${USER}/proton_db
     rm -rf ./*
 
     mv -f ${PROTON_RESTORE_LOCATION}/pg ./
     mv -f ${PROTON_RESTORE_LOCATION}/redis ./
     mv -f ${PROTON_RESTORE_LOCATION}/sqlite ./
-    cd ..
-    sudo chmod -R 777 ./*
+
+    sudo chown -R $(id -u):$(id -g) /home/${USER}/proton_db
 
     cd ${ROOT_DIR}
 
@@ -228,9 +238,9 @@ if [[ ${restore} == 'yes' ]]; then
 
     rm -rf ./.env
 
-    PROTON_SQLITE_VOLUME_MOUNT=/home/${NON_ROOT_USER}/proton_db/sqlite
-    PROTON_POSTGRES_VOLUME_MOUNT=/home/${NON_ROOT_USER}/proton_db/pg
-    PROTON_REDIS_VOLUME_MOUNT=/home/${NON_ROOT_USER}/proton_db/redis
+    PROTON_SQLITE_VOLUME_MOUNT=/home/${USER}/proton_db/sqlite
+    PROTON_POSTGRES_VOLUME_MOUNT=/home/${USER}/proton_db/pg
+    PROTON_REDIS_VOLUME_MOUNT=/home/${USER}/proton_db/redis
 
     cat << EOF > .env
 # PS: ANY CHANGES HERE WILL AFFECT BUILD PROCESS.

diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -4,6 +4,7 @@ services:
     container_name: proton_postgres
     restart: always
     image: postgres
+    user: ${PROTON_HOST_UID}:${PROTON_HOST_GID}
     environment:
       - POSTGRES_USER=${PG_USERNAME}
       - POSTGRES_PASSWORD=${PG_PASSWORD}
@@ -16,6 +17,7 @@ services:
     container_name: proton_redis
     restart: always
     image: redis
+    user: ${PROTON_HOST_UID}:${PROTON_HOST_GID}
     volumes:
       - ${PROTON_REDIS_VOLUME_MOUNT}:/data
     ports:
@@ -24,13 +26,18 @@ services:
     container_name: proton
     restart: always
     image: proton_stretch
+    user: ${PROTON_HOST_UID}:${PROTON_HOST_GID}
     ports:
       - ${PROTON_TARGET_PORT}:${PROTON_TARGET_PORT}
     expose:
       - ${PROTON_TARGET_PORT}
     volumes:
       - .:/PROTON
       - ${PROTON_SQLITE_VOLUME_MOUNT}:/PROTON/proton-db
+      - /etc/group:/etc/group:ro
+      - /etc/passwd:/etc/passwd:ro
+      - /etc/shadow:/etc/shadow:ro
+    tty: true
     depends_on:
       - pg
       - redis

diff --git a/proton.sh b/proton.sh
@@ -78,7 +78,7 @@ else
     if [[ -z "$environment" || "$environment" != 'test' ||  "$protonTest" != 'yes' ]]; then
         # Default environment = production
 
-        echo "Instantiating PROTON in production environment"
+        echo "USER with id - $(id -u) who belongs to group $(id -g) is instantiating PROTON in production environment"
 
         # Validate existance of key environment variables.
         ./init-proton.sh