add redis password and increase version. does not work yet

.env.sample

@@ -41,6 +41,7 @@ USE_RACK_ATTACK=1
 SECRET_DEVISE_SECRET_VERSION=v1 #length=64
 SECRET_SECRET_COOKIE_TOKEN_VERSION=v1 #length=64
 SECRET_DB_PASSWORD_VERSION=v1
+SECRET_REDIS_PASSWORD_VERSION=v1
 
 # Send catch up email (missed yesterday) weekly
 # EMAIL_CATCH_UP_WEEKLY=1

abra.sh

@@ -1,4 +1,5 @@
-export LOOMIO_ENTRYPOINT_VERSION=v6
+export LOOMIO_ENTRYPOINT_VERSION=v5
+export REDIS_ENTRYPOINT_VERSION=v1
 
 # cannot be integrated into entrypoint.sh as it requires the operator to create a user first
 function make_last_user_admin()

compose.yml

@@ -7,7 +7,8 @@ x-db-env: &db-env
     POSTGRES_USER: postgres
 
 x-redis-env: &redis-env
-  REDIS_URL: redis://redis:6379
+  REDIS_PASSWORD_FILE: /run/secrets/redis_password
+  REDIS_URL: redis://:{REDIS_PASSWORD}@redis:6379
 
 x-environment: &default-env
   <<: *db-env
@@ -43,6 +44,7 @@ services:
       - devise_secret
       - secret_cookie_token
       - db_password
+      - redis_password
     volumes:
       - loomio_uploads:/loomio/public/system
       - loomio_storage:/loomio/storage
@@ -71,7 +73,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "coop-cloud.${STACK_NAME}.version=2.1.0+v2.25.3"
+        - "coop-cloud.${STACK_NAME}.version=2.0.0+v2.25.3"
         - "backupbot.backup:=${ENABLE_BACKUPS:-true}"
   worker:
     image: loomio/loomio:v2.25.3
@@ -84,6 +86,7 @@ services:
       - devise_secret
       - secret_cookie_token
       - db_password
+      - redis_password
     networks:
       - backend
     environment:
@@ -116,11 +119,19 @@ services:
         backupbot.restore: "true"
         backupbot.restore.post-hook: sh -c 'gzip -d /postgres.dump.gz && pg_restore --clean -U "$$POSTGRES_USER" --dbname="$$POSTGRES_DB" < /postgres.dump && rm -f /postgres.dump'
   redis:
-    image: redis:5.0
+    image: redis:7.4
     networks:
       - backend
+    command: /bin/sh -c "redis-server redis.conf --loglevel debug"
     healthcheck:
       test: ["CMD", "redis-cli", "ping"]
+    secrets:
+      - redis_password
+    configs:
+      - source: entrypoint_redis
+        target: /entrypoint.sh
+        mode: 0555
+    entrypoint: /entrypoint.sh
   #mailin:
   #  image: loomio/mailin-docker:latest
   #  networks:
@@ -135,6 +146,8 @@ services:
       - backend
     depends_on:
       - redis
+    secrets:
+      - redis_password
     environment:
       <<: *redis-env
   cron:
@@ -149,6 +162,7 @@ services:
       - devise_secret
       - secret_cookie_token
       - db_password
+      - redis_password
     volumes:
       - loomio_uploads:/loomio/public/system
       - loomio_storage:/loomio/storage
@@ -184,6 +198,9 @@ configs:
   entrypoint:
     name: ${STACK_NAME}_entrypoint_${LOOMIO_ENTRYPOINT_VERSION}
     file: entrypoint.sh
+  entrypoint_redis:
+    name: ${STACK_NAME}_entrypoint_redis_${REDIS_ENTRYPOINT_VERSION}
+    file: entrypoint.redis.sh
 
 secrets:
   devise_secret:
@@ -195,3 +212,6 @@ secrets:
   db_password:
     external: true
     name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
+  redis_password:
+    external: true
+    name: ${STACK_NAME}_redis_password_${SECRET_REDIS_PASSWORD_VERSION}

entrypoint.redis.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -e
+
+echo "creating redis.conf..."
+echo "requirepass $(cat /run/secrets/redis_password)" > redis.conf
+echo "redis.conf created"

entrypoint.sh

@@ -31,13 +31,16 @@ if [ -n "$1" ]; then
 	echo "Running '$1'"
 	$1
 else
+	if [ ! -f /loomio/storage/migrations_ran ] && [ "${TASK:-}" = "worker" ]; then
+		echo "first deploy, running DB setup..."
+		rake db:setup
+		touch /loomio/storage/migrations_ran
+	fi
+
+	echo "running DB migrations..."
+	rake db:migrate
+	echo "DB migrations finished"
 
 	echo "starting loomio!"
-	if [ "$TASK" = "worker" ]; then
+	/loomio/docker_start.sh
-  		bundle exec sidekiq
-	else
-		bundle install
-		bundle exec rake db:prepare
-		bundle exec puma -C config/puma.rb
-	fi
 fi

release/1.0.0+v2.25.2

@@ -1,14 +1,9 @@
 In this release the passwords for smtp and postgres DB were moved into docker secrets. Therefore a few manual steps need to be performed (also available in recipe documentation)
 
-* adapt your env file with the new vars, especially `SECRET_DB_PASSWORD_VERSION=v1` and `SECRET_SMTP_PASSWORD_VERSION=v1` (remember, you can use `abra app check <app-name>` to check for any missing variables)
+* adapt your env file with the new vars, especially SECRET_DB_PASSWORD_VERSION=v1 and SECRET_SMTP_PASSWORD_VERSION=v1
-* insert your existing smtp password with `abra app secret insert <app-name> smtp_password v1 "<your-password>"`
+* insert your smtp password with abra app secret insert <app-name> smtp_password v1 "<your-password>"
-
+* abra app secret generate <app-name> db_password v1
-Then, choose whether to keep the existing insecure database password (easy):
+* abra app deploy <app-name>
-* `abra app secret insert <app-name> db_password v1 password`
+* set the new password in DB: abra app cmd <app-name> db set_new_db_password
-
-Or, switch to a new secure password (harder, better):
-* `abra app secret generate <app-name> db_password v1`
-* `abra app deploy <app-name>`
-* set the new password in DB: `abra app cmd <app-name> db set_new_db_password` (NOTE: if you get "FATA loomio doesn't have a set_new_db_password function" here, run `cd ~/.abra/recipes/loomio && git checkout main`, then re-run the `abra app cmd` command with `-C` at the end)
 * redeploy
 

release/2.1.0+v2.25.3

@@ -1 +0,0 @@
-DB initialization issues with wrong migration should be fixed now. (But not really sure why)