beenull/runtipi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix(cli): ensure user is allowed to run docker commands before starting

Browse source
This commit is contained in:
Nicolas Meienberger 2023-11-16 08:33:15 +01:00 committed by Nicolas Meienberger
parent 2dcb358392
commit e0d52e79c1
5 changed files with 44 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/alpha-release.yml vendored
View file

@ -138,7 +138,7 @@ jobs:
publish-release: publish-release:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [create-tag, build-images, build-cli] needs: [create-tag, build-images, build-cli, build-worker]
steps: steps:
- name: Download CLI - name: Download CLI

38
packages/cli/assets/docker-compose.yml
View file

@ -6,8 +6,8 @@ services:
image: traefik:v2.8 image: traefik:v2.8
restart: on-failure restart: on-failure
ports: ports:
- ${NGINX_PORT-80}:80 - ${NGINX_PORT:-80}:80
- ${NGINX_PORT_SSL-443}:443 - ${NGINX_PORT_SSL:-443}:443
command: --providers.docker command: --providers.docker
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
@ -22,7 +22,7 @@ services:
restart: on-failure restart: on-failure
stop_grace_period: 1m stop_grace_period: 1m
ports: ports:
- ${POSTGRES_PORT-5432}:5432 - ${POSTGRES_PORT:-5432}:5432
volumes: volumes:
- ./data/postgres:/var/lib/postgresql/data - ./data/postgres:/var/lib/postgresql/data
environment: environment:
@ -74,17 +74,20 @@ services:
environment: environment:
NODE_ENV: production NODE_ENV: production
volumes: volumes:
# Core
- /:/host/root:ro - /:/host/root:ro
- /proc:/host/proc - /proc:/host/proc
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- ${PWD}/.env:/app/.env # App
- ${PWD}/state:/app/state - ./.env:/app/.env
- ${PWD}/repos:/app/repos - ./state:/app/state
- ${PWD}/apps:/app/apps - ./repos:/app/repos
- ${STORAGE_PATH:-$PWD}/app-data:/storage/app-data - ./apps:/app/apps
- ${PWD}/logs:/app/logs - ./logs:/app/logs
- ${PWD}/traefik:/app/traefik - ./traefik:/app/traefik
- ${PWD}/user-config:/app/user-config - ./user-config:/app/user-config
- ./media:/app/media
- ${STORAGE_PATH:-.}:/storage
networks: networks:
- tipi_main_network - tipi_main_network
@ -99,18 +102,19 @@ services:
condition: service_healthy condition: service_healthy
tipi-redis: tipi-redis:
condition: service_healthy condition: service_healthy
env_file: tipi-worker:
- .env condition: service_healthy
environment:
NODE_ENV: production
volumes: volumes:
- ./.env:/runtipi/.env - ./.env:/runtipi/.env
- ./state:/runtipi/state - ./state:/runtipi/state
- ./repos:/runtipi/repos:ro - ./repos:/runtipi/repos:ro
- ./apps:/runtipi/apps - ./apps:/runtipi/apps
- ./logs:/app/logs - ./logs:/app/logs
- ./traefik:/runtipi/traefik - ${STORAGE_PATH:-.}:/app/storage
- ${STORAGE_PATH}:/app/storage env_file:
- .env
environment:
NODE_ENV: production
labels: labels:
# Main # Main
traefik.enable: true traefik.enable: true

11
packages/cli/src/executors/system/system.executors.ts
View file

@ -97,6 +97,17 @@ export class SystemExecutors {
try { try {
await this.logger.flush(); await this.logger.flush();
// Check if user is in docker group
spinner.setMessage('Checking docker permissions...');
spinner.start();
const { stdout: dockerVersion } = await execAsync('docker --version');
if (!dockerVersion) {
spinner.fail('Your user is not allowed to run docker commands. Please add your user to the docker group or run Tipi as root.');
return { success: false, message: 'You need to be in the docker group to run Tipi' };
}
spinner.done('User allowed to run docker commands');
spinner.setMessage('Copying system files...'); spinner.setMessage('Copying system files...');
spinner.start(); spinner.start();

2
packages/worker/src/index.ts
View file

@ -67,7 +67,7 @@ const main = async () => {
// Start all apps // Start all apps
const appExecutor = new AppExecutors(); const appExecutor = new AppExecutors();
logger.info('Starting all apps...'); logger.info('Starting all apps...');
await appExecutor.startAllApps(); appExecutor.startAllApps();
const server = http.createServer((req, res) => { const server = http.createServer((req, res) => {
if (req.url === '/healthcheck') { if (req.url === '/healthcheck') {

17
scripts/install.sh
View file

@ -74,6 +74,7 @@ function install_generic() {
function install_docker() { function install_docker() {
local os="${1}" local os="${1}"
echo "Installing docker for os ${os}" echo "Installing docker for os ${os}"
echo "Your sudo password might be asked to install docker"
if [[ "${os}" == "debian" ]]; then if [[ "${os}" == "debian" ]]; then
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y ca-certificates curl gnupg lsb-release sudo DEBIAN_FRONTEND=noninteractive apt-get install -y ca-certificates curl gnupg lsb-release
@ -134,6 +135,14 @@ if ! command -v docker >/dev/null; then
exit 1 exit 1
fi fi
fi fi
# Make sure user is in docker group
if ! groups | grep -q '\bdocker\b'; then
sudo usermod -aG docker "$USER"
fi
# Reload user groups
newgrp docker
fi fi
function check_dependency_and_install() { function check_dependency_and_install() {
@ -185,10 +194,4 @@ fi
curl --location "$URL" -o ./runtipi-cli curl --location "$URL" -o ./runtipi-cli
chmod +x ./runtipi-cli chmod +x ./runtipi-cli
# Check if git is installed ./runtipi-cli start
if ! command -v git >/dev/null; then
echo "Git is not installed. Please install git and restart the script."
exit 1
fi
sudo ./runtipi-cli start