Compare commits
19 Commits
1.2.0+2024
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
57b2b21353
|
|||
| 8b48069197 | |||
| 3e25010062 | |||
| 93b40b1e29 | |||
| f277fe7070 | |||
| 13077bb2a4 | |||
| 0dc4c7f70f | |||
| d67f375d47 | |||
| 2590fd1343 | |||
| 1347ac8984 | |||
| fffc1c1459 | |||
| 292619f299 | |||
| bf442edf8e | |||
| bed55cd28a | |||
| 9b0965c240 | |||
| 554f1687d6 | |||
| d6662fd38e | |||
| de8344f420 | |||
| e12fc52258 |
13
.drone.yml
13
.drone.yml
@ -6,7 +6,7 @@ steps:
|
||||
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
|
||||
settings:
|
||||
host: swarm-test.autonomic.zone
|
||||
stack: {{ .Name }}
|
||||
stack: pretix
|
||||
generate_secrets: true
|
||||
purge: true
|
||||
deploy_key:
|
||||
@ -14,12 +14,17 @@ steps:
|
||||
networks:
|
||||
- proxy
|
||||
environment:
|
||||
DOMAIN: {{ .Name }}.swarm-test.autonomic.zone
|
||||
STACK_NAME: {{ .Name }}
|
||||
DOMAIN: pretix.swarm-test.autonomic.zone
|
||||
STACK_NAME: pretix
|
||||
LETS_ENCRYPT_ENV: production
|
||||
CRON_ENTRYPOINT_VERSION: v1
|
||||
DB_ENTRYPOINT_VERSION: v1
|
||||
SECRET_DB_PASSWORD_VERSION: v1
|
||||
SECRET_DJANGO_SECRET_KEY_VERSION: v1
|
||||
SECRET_SMTP_PASSWORD_VERSION: v1
|
||||
PRETIX_CONFIG_VERSION: v1
|
||||
PG_BACKUP_VERSION: v1
|
||||
SECRET_ADMIN_PASS_VERSION: v1
|
||||
trigger:
|
||||
branch:
|
||||
- main
|
||||
@ -35,7 +40,7 @@ steps:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- coop-cloud/auto-recipes-catalogue-json
|
||||
- toolshed/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
|
||||
@ -7,9 +7,11 @@ DOMAIN=pretix.example.com
|
||||
|
||||
LETS_ENCRYPT_ENV=production
|
||||
ENABLE_BACKUPS=true
|
||||
POST_DEPLOY_CMDS="app change_admin_pass"
|
||||
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
SECRET_DJANGO_SECRET_KEY_VERSION=v1
|
||||
SECRET_ADMIN_PASS_VERSION=v1
|
||||
|
||||
SECRET_SMTP_PASSWORD_VERSION=v1
|
||||
SMTP_FROM=hello@localhost
|
||||
|
||||
15
abra.sh
15
abra.sh
@ -1,7 +1,16 @@
|
||||
export PRETIX_CONFIG_VERSION=v1
|
||||
export CRON_ENTRYPOINT_VERSION=v1
|
||||
export PRETIX_CONFIG_VERSION=v2
|
||||
export CRON_ENTRYPOINT_VERSION=v2
|
||||
export DB_ENTRYPOINT_VERSION=v2
|
||||
export PG_BACKUP_VERSION=v1
|
||||
|
||||
change_adminpass(){
|
||||
python -m django changepassword admin@localhost
|
||||
password=$(cat /run/secrets/admin_pass)
|
||||
~/src/manage.py shell -c """
|
||||
from django.contrib.auth import get_user_model
|
||||
UserModel = get_user_model()
|
||||
u = UserModel.objects.get(email='admin@localhost')
|
||||
u.set_password('$password')
|
||||
u.save()
|
||||
"""
|
||||
echo "Changed admin password"
|
||||
}
|
||||
|
||||
46
compose.yml
46
compose.yml
@ -3,7 +3,7 @@ version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: 'pretix/standalone:2024.10.0'
|
||||
image: "pretix/standalone:2025.10.0"
|
||||
networks:
|
||||
- proxy
|
||||
- internal
|
||||
@ -16,6 +16,7 @@ services:
|
||||
- db_password
|
||||
- smtp_password
|
||||
- django_secret_key
|
||||
- admin_pass
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
@ -25,16 +26,16 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.2.0+2024.10.0"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.3.0+2025.10.0"
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost/healthcheck"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
retries: 30
|
||||
start_period: 1m
|
||||
|
||||
db:
|
||||
image: postgres:12
|
||||
image: postgres:16
|
||||
volumes:
|
||||
- "postgres:/var/lib/postgresql/data"
|
||||
networks:
|
||||
@ -49,27 +50,37 @@ services:
|
||||
- source: pg_backup
|
||||
target: /pg_backup.sh
|
||||
mode: 0555
|
||||
- source: db_entrypoint
|
||||
target: /docker-entrypoint.sh
|
||||
mode: 0555
|
||||
entrypoint: /docker-entrypoint.sh
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
|
||||
interval: 10s
|
||||
test:
|
||||
[
|
||||
"CMD-SHELL",
|
||||
"[ -f $${HEALTHCHECK_MARKER} ] || pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}",
|
||||
]
|
||||
interval: 30s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
retries: 20
|
||||
start_period: 1m
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "${ENABLE_BACKUPS:-true}"
|
||||
backupbot.backup.pre-hook: "/pg_backup.sh backup"
|
||||
backupbot.backup.volumes.database.path: "backup.sql"
|
||||
backupbot.restore.post-hook: '/pg_backup.sh restore'
|
||||
backupbot.backup.pre-hook: "/pg_backup.sh backup"
|
||||
backupbot.backup.volumes.postgres.path: "backup.sql"
|
||||
backupbot.restore.post-hook: "/pg_backup.sh restore"
|
||||
|
||||
redis:
|
||||
image: redis:7.0.10-alpine
|
||||
image: redis:8.0.2-alpine
|
||||
volumes:
|
||||
- "redis:/data"
|
||||
healthcheck:
|
||||
test: ["CMD", "redis-cli", "ping"]
|
||||
interval: 3s
|
||||
interval: 20s
|
||||
timeout: 5s
|
||||
retries: 20
|
||||
start_period: 1m
|
||||
networks:
|
||||
- internal
|
||||
|
||||
@ -79,8 +90,7 @@ services:
|
||||
- STACK_NAME=${STACK_NAME}
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
entrypoint:
|
||||
/entrypoint.sh
|
||||
entrypoint: /entrypoint.sh
|
||||
configs:
|
||||
- source: cron_entrypoint
|
||||
target: /entrypoint.sh
|
||||
@ -99,6 +109,10 @@ configs:
|
||||
cron_entrypoint:
|
||||
name: ${STACK_NAME}_cron_entrypoint_${CRON_ENTRYPOINT_VERSION}
|
||||
file: entrypoint.cron.sh
|
||||
db_entrypoint:
|
||||
name: ${STACK_NAME}_db_entrypoint_${DB_ENTRYPOINT_VERSION}
|
||||
file: entrypoint.postgres.sh.tmpl
|
||||
template_driver: golang
|
||||
pg_backup:
|
||||
name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
|
||||
file: pg_backup.sh
|
||||
@ -108,7 +122,6 @@ networks:
|
||||
external: true
|
||||
internal:
|
||||
|
||||
|
||||
secrets:
|
||||
db_password:
|
||||
external: true
|
||||
@ -119,3 +132,6 @@ secrets:
|
||||
django_secret_key:
|
||||
external: true
|
||||
name: ${STACK_NAME}_django_secret_key_${SECRET_DJANGO_SECRET_KEY_VERSION}
|
||||
admin_pass:
|
||||
external: true
|
||||
name: ${STACK_NAME}_admin_pass_${SECRET_ADMIN_PASS_VERSION}
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
#!/bin/sh
|
||||
|
||||
echo '15,45 * * * * docker exec $(docker ps -qf 'name=${STACK_NAME}_app') pretix runperiodic' | crontab - && crond -f -d 8
|
||||
echo '15,45 * * * * docker exec $(docker ps -qf 'name=^${STACK_NAME}_app') pretix runperiodic' | crontab - && crond -f -d 8
|
||||
80
entrypoint.postgres.sh.tmpl
Normal file
80
entrypoint.postgres.sh.tmpl
Normal file
@ -0,0 +1,80 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
HEALTHCHECK_MARKER=/tmp/skip_healthcheck
|
||||
touch $HEALTHCHECK_MARKER
|
||||
MIGRATION_MARKER=$PGDATA/migration_in_progress
|
||||
OLDDATA=$PGDATA/old_data
|
||||
NEWDATA=$PGDATA/new_data
|
||||
|
||||
install_old_postgres_debian() {
|
||||
## TODO: Replace with script from outline entrypoint
|
||||
apt-get update
|
||||
apt-get install -y git
|
||||
git clone https://github.com/theory/pgenv.git /tmp/pgenv
|
||||
cd /tmp/pgenv
|
||||
export PATH="/tmp/pgenv/bin:/tmp/pgenv/pgsql/bin:$PATH"
|
||||
|
||||
# Install missing packages
|
||||
apt-get install -y make curl patch gcc sudo libreadline-dev zlib1g-dev build-essential
|
||||
pgenv check
|
||||
LATEST_OLD_VERSION=$(pgenv available $DATA_VERSION | grep -oE "$DATA_VERSION\.[0-9]+" | tail -n 1)
|
||||
pgenv build $LATEST_OLD_VERSION
|
||||
}
|
||||
|
||||
install_old_postgres_alpine() {
|
||||
apk add git
|
||||
git clone https://github.com/theory/pgenv.git /tmp/pgenv
|
||||
cd /tmp/pgenv
|
||||
export PATH="/tmp/pgenv/bin:/tmp/pgenv/pgsql/bin:$PATH"
|
||||
|
||||
#Install Missing pagckages:
|
||||
apk add make curl make patch gcc alpine-sdk sudo readline-dev build-base zlib-dev linux-headers
|
||||
pgenv check
|
||||
LATEST_OLD_VERSION=$(pgenv available $DATA_VERSION | grep -oE "$DATA_VERSION\.[0-9]+" | tail -n 1)
|
||||
pgenv build $LATEST_OLD_VERSION
|
||||
}
|
||||
|
||||
if [ -e $MIGRATION_MARKER ]; then
|
||||
echo "FATAL: migration was started but did not complete in a previous run. manual recovery necessary"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -f $PGDATA/PG_VERSION ]; then
|
||||
DATA_VERSION=$(cat $PGDATA/PG_VERSION)
|
||||
|
||||
if [ -n "$DATA_VERSION" -a "$PG_MAJOR" != "$DATA_VERSION" ]; then
|
||||
echo "postgres data version $DATA_VERSION found, but need $PG_MAJOR. Starting migration"
|
||||
echo "Installing postgres $DATA_VERSION"
|
||||
if [ -f /etc/alpine-release ]; then
|
||||
install_old_postgres_alpine
|
||||
else
|
||||
install_old_postgres_debian
|
||||
fi
|
||||
echo "shuffling around"
|
||||
gosu postgres mkdir $OLDDATA
|
||||
chmod 700 $OLDDATA
|
||||
mv $PGDATA/* $OLDDATA/ || true
|
||||
gosu postgres mkdir $NEWDATA
|
||||
chmod 700 $NEWDATA
|
||||
touch $MIGRATION_MARKER
|
||||
echo "running initdb"
|
||||
# abuse entrypoint script for initdb by making server error out
|
||||
gosu postgres bash -c "export PGDATA=$NEWDATA ; /usr/local/bin/docker-entrypoint.sh --invalid-arg || true"
|
||||
echo "running pg_upgrade"
|
||||
cd /tmp
|
||||
sleep 5
|
||||
gosu postgres pg_upgrade --link -b /tmp/pgenv/pgsql-$LATEST_OLD_VERSION/bin -d $OLDDATA -D $NEWDATA -U $POSTGRES_USER
|
||||
cp $OLDDATA/pg_hba.conf $NEWDATA/
|
||||
mv $NEWDATA/* $PGDATA
|
||||
rm -rf $OLDDATA
|
||||
rmdir $NEWDATA
|
||||
rm $MIGRATION_MARKER
|
||||
echo "migration complete"
|
||||
fi
|
||||
fi
|
||||
|
||||
rm $HEALTHCHECK_MARKER
|
||||
|
||||
/usr/local/bin/docker-entrypoint.sh postgres
|
||||
@ -42,9 +42,6 @@ debug=off
|
||||
location=redis://redis:6379/1
|
||||
sessions=true
|
||||
|
||||
[languages]
|
||||
enabled=en,de
|
||||
|
||||
[celery]
|
||||
backend=redis://redis:6379/1
|
||||
broker=redis://redis:6379/2
|
||||
|
||||
1
release/1.5.0+2024.11.0
Normal file
1
release/1.5.0+2024.11.0
Normal file
@ -0,0 +1 @@
|
||||
New major postgres version with automated update script! Make sure to backup your database before.
|
||||
1
release/2.0.0+2025.1.0
Normal file
1
release/2.0.0+2025.1.0
Normal file
@ -0,0 +1 @@
|
||||
New secret ADMIN_PASS which will be used to automatically replace the insecure default password
|
||||
Reference in New Issue
Block a user