Commit graph

9 commits

Author SHA1 Message Date
SergeantPanda
c956672587 Enhancement: Route long-running DVR recordings to a dedicated queue. 2026-04-26 09:34:20 -05:00
None
763f42cfff fix: pass TLS parameters to all external connection points in modular mode
- Add setup_pg_ssl_env() to export libpq PGSSL* env vars; all child psql/pg_dump/pg_isready commands inherit TLS automatically

- Move TLS client key permission fix before external PG connections (was running after, defeating the fix)

- Enhance key fix to trigger on ownership mismatch (root-owned 0600 key unreadable by app user)

- Extract key fix to shared script (docker/init/00-fix-pg-ssl-key.sh) sourced by both entrypoints

- Default POSTGRES_PASSWORD to empty in modular mode (cert-only auth sends no spurious password)

- Propagate TLS OPTIONS to backup pg_dump/pg_restore subprocess calls via _get_pg_env()

- Pass SSL kwargs to dropdb management command's psycopg2.connect()

- Add REDIS_SSL_PARAMS to VOD proxy Redis connections missed in original TLS PR

- Add 8-scenario TLS integration test suite (PG mTLS, Redis TLS, verify-full, key fix, Celery, regression)

- Add 6 unit tests for _get_pg_env() and dropdb TLS parameter passing
2026-03-30 20:19:27 -05:00
None
b30a24e2fb feat: add TLS connection support for Redis and PostgreSQL (#950)
- Add 10 env vars for Redis/PostgreSQL TLS (REDIS_SSL, REDIS_SSL_VERIFY, REDIS_SSL_CA_CERT, REDIS_SSL_CERT, REDIS_SSL_KEY, POSTGRES_SSL, POSTGRES_SSL_MODE, POSTGRES_SSL_CA_CERT, POSTGRES_SSL_CERT, POSTGRES_SSL_KEY)
- Propagate SSL params to all Redis connection points: RedisClient, stream view, PubSub, client manager, Celery broker/result backend, Django Channels, and pre-Django startup scripts
- Add Celery SSL config via URL query string params (required by Kombu's internal URL parsing)
- Add PostgreSQL sslmode and certificate options to DATABASES config
- Add startup validation: cert file existence, URL scheme conflict detection, TLS status logging
- Add TLS error hints to Redis connection failure messages
- Add Connection Security panel in System Settings (modular mode only) showing encryption, verification, and mTLS status
- Add PG client key permission fix in web and celery entrypoints for Docker Desktop compatibility (0777 to 0600)
- Add TLS env var passthrough in entrypoint for su - login shells
- Document TLS env vars in modular docker-compose.yml
- Change env_mode from dev/prod to actual DISPATCHARR_ENV value for modular mode detection
2026-03-21 17:24:09 -05:00
None
29525336ab replace migration port and correct variable quoting for guarding
- replaced $_pg_tmp_port with $POSTRGES_PORT in migration logic. Works because "pg_ctl stop -w" is run before entrypoint.sh restarts postgres. Verified that this does not cause a race condition.

- Correcting unquoted environment variables to prevent inappropriate variables from causing execution inconsistencies (still unquoted in comments and prints)
2026-03-12 20:25:54 -05:00
None
6ff81e6287 Fix modular mode deployment issues (#1045)
- Fix Postgres version check failing with restricted DB users (use $POSTGRES_DB instead of hardcoded 'postgres')
- Fix DVR recording broken in modular mode (respect DISPATCHARR_PORT instead of hardcoding 9191)
- Remove flushdb() from wait_for_redis.py to prevent Redis data loss on container restart
- Add DISPATCHARR_PORT to celery environment in docker-compose.yml
- Add depends_on health conditions for proper service startup ordering
- Add extra_hosts for host.docker.internal resolution on Linux
- Harden celery entrypoint with timeouts for JWT wait (120s) and migration wait (300s)
- Replace fragile showmigrations grep with migrate --check
- Add unit tests for DVR port resolution and flushdb removal regression
2026-03-03 17:18:16 -06:00
Patrick McDonagh
a52b3dfbe5
fix: add support for legacy numpy in celery entrypoint 2026-02-12 13:08:25 -06:00
Matt Grutza
8c2ffbe76a CELERY_NICE_LEVEL warning
Changed the celery entrypoint to include a warning if CELERY_NICE_LEVEL is negative AND SYS_NICE is not configured (SYS_NICE is required for negative levels)
2026-01-21 17:59:23 -06:00
Matt Grutza
236b2307e1 Add health check and fix dangerous checks
- docker-compose: added service health checks

- dockerfile: added if logic for sed command so missing files do not cause build fail

- entrypoint.celery: change migration detection to not continue until ALL migrations are applied

- entrypoint: trim django key and change external postgres check to python in case postgres binaries are missing
2026-01-21 17:40:36 -06:00
Matt Grutza
3706e63bed feat: Add DISPATCHARR_ENV=modular support for multi-container deployments
- docker/entrypoint.sh: Conditional PostgreSQL init/startup for modular mode
- docker/entrypoint.celery.sh: New dedicated entrypoint for celery container - prevents race condition in modular deployment
- docker/uwsgi.modular.ini: New uWSGI config without Redis/Celery daemons
- docker/Dockerfile: Add line ending fixes and chmod for entrypoints - adds cross-platform support for image builds
- docker/docker-compose.yml: Configure modular mode with DISPATCHARR_ENV - uses new celery entrypoint and adds depends_on to prevent race condition
2026-01-21 11:14:28 -06:00