mirror of
https://github.com/Dispatcharr/Dispatcharr.git
synced 2026-07-17 16:50:53 +00:00
396 lines
16 KiB
Bash
Executable file
396 lines
16 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
set -e # Exit immediately if a command exits with a non-zero status
|
|
|
|
# Guard flag to prevent cleanup running twice (trap + explicit call)
|
|
_cleanup_done=false
|
|
|
|
# Function to clean up only running processes
|
|
cleanup() {
|
|
if $_cleanup_done; then return; fi
|
|
_cleanup_done=true
|
|
set +e # Disable exit-on-error so cleanup always runs fully
|
|
echo "🔥 Cleanup triggered! Stopping services..."
|
|
|
|
# Explicitly stop uwsgi workers - children of 'su' wrapper, not tracked in pids[]
|
|
echo "⛔ Stopping uwsgi workers..."
|
|
pkill -TERM -f uwsgi 2>/dev/null || true
|
|
|
|
# Stop celery, daphne, redis - also not tracked in pids[]
|
|
echo "⛔ Stopping celery, daphne, redis..."
|
|
pkill -TERM -f "celery" 2>/dev/null || true
|
|
pkill -TERM -f "daphne" 2>/dev/null || true
|
|
pkill -TERM -f "redis-server" 2>/dev/null || true
|
|
|
|
# Stop tracked processes (postgres, nginx, su/uwsgi wrapper)
|
|
for pid in "${pids[@]}"; do
|
|
if [ -n "$pid" ] && kill -0 "$pid" 2>/dev/null; then
|
|
echo "⛔ Stopping process (PID: $pid)..."
|
|
kill -TERM "$pid" 2>/dev/null
|
|
else
|
|
echo "✅ Process (PID: $pid) already stopped."
|
|
fi
|
|
done
|
|
|
|
# Wait up to 8 s for graceful shutdown, exit early once all are gone
|
|
# (leaves headroom within Docker's default 10 s stop_grace_period)
|
|
_shutdown_timeout=8
|
|
_shutdown_elapsed=0
|
|
while [ "$_shutdown_elapsed" -lt "$_shutdown_timeout" ]; do
|
|
pgrep -f "uwsgi|celery|daphne|redis-server|postgres" >/dev/null 2>&1 || break
|
|
sleep 1
|
|
_shutdown_elapsed=$((_shutdown_elapsed + 1))
|
|
done
|
|
|
|
# Force kill anything still lingering
|
|
pkill -KILL -f uwsgi 2>/dev/null || true
|
|
pkill -KILL -f "celery" 2>/dev/null || true
|
|
pkill -KILL -f "daphne" 2>/dev/null || true
|
|
pkill -KILL -f "redis-server" 2>/dev/null || true
|
|
# Use pg_ctl immediate stop rather than SIGKILL. Avoids data corruption
|
|
# while still forcing a fast exit (crash recovery runs on next startup)
|
|
if pgrep -f "postgres" >/dev/null 2>&1; then
|
|
su - "$POSTGRES_USER" -c "$PG_BINDIR/pg_ctl -D ${POSTGRES_DIR} stop -m immediate" 2>/dev/null || true
|
|
fi
|
|
|
|
wait
|
|
echo "✅ All processes stopped cleanly."
|
|
}
|
|
|
|
# Catch termination signals (CTRL+C, Docker Stop, etc.)
|
|
trap cleanup TERM INT
|
|
|
|
# Initialize an array to store PIDs and a map of PID->name
|
|
pids=()
|
|
declare -A pid_names
|
|
|
|
# Function to echo with timestamp
|
|
echo_with_timestamp() {
|
|
echo "$(date '+%Y-%m-%d %H:%M:%S') - $1"
|
|
}
|
|
|
|
# Set PostgreSQL environment variables
|
|
export POSTGRES_DB=${POSTGRES_DB:-dispatcharr}
|
|
export POSTGRES_USER=${POSTGRES_USER:-dispatch}
|
|
# AIO mode: default to 'secret' for internal DB.
|
|
# Modular mode + TLS: no default — cert-only auth (mTLS) uses no password.
|
|
# Modular mode + no TLS: preserve 'secret' default for backward compatibility.
|
|
if [[ "${DISPATCHARR_ENV:-}" == "modular" && "${POSTGRES_SSL:-}" == "true" ]]; then
|
|
export POSTGRES_PASSWORD="${POSTGRES_PASSWORD:-}"
|
|
else
|
|
export POSTGRES_PASSWORD="${POSTGRES_PASSWORD:-secret}"
|
|
fi
|
|
export DISPATCHARR_ENV=${DISPATCHARR_ENV:-aio}
|
|
if [[ "$DISPATCHARR_ENV" == "aio" ]]; then
|
|
# Use Unix socket for loopback values (unset, localhost, 127.0.0.1)
|
|
if [[ -z "$POSTGRES_HOST" || "$POSTGRES_HOST" == "localhost" || "$POSTGRES_HOST" == "127.0.0.1" ]]; then
|
|
export POSTGRES_HOST=/var/run/postgresql
|
|
fi
|
|
else
|
|
export POSTGRES_HOST=${POSTGRES_HOST:-localhost}
|
|
fi
|
|
export POSTGRES_PORT=${POSTGRES_PORT:-5432}
|
|
export PG_VERSION=$(ls /usr/lib/postgresql/ | sort -V | tail -n 1)
|
|
export PG_BINDIR="/usr/lib/postgresql/${PG_VERSION}/bin"
|
|
export REDIS_HOST=${REDIS_HOST:-localhost}
|
|
export REDIS_PORT=${REDIS_PORT:-6379}
|
|
export REDIS_DB=${REDIS_DB:-0}
|
|
export REDIS_PASSWORD=${REDIS_PASSWORD:-}
|
|
export REDIS_USER=${REDIS_USER:-}
|
|
export DISPATCHARR_PORT=${DISPATCHARR_PORT:-9191}
|
|
export LIBVA_DRIVERS_PATH='/usr/local/lib/x86_64-linux-gnu/dri'
|
|
export LD_LIBRARY_PATH='/usr/local/lib'
|
|
export SECRET_FILE="/data/jwt"
|
|
# Ensure Django secret key exists or generate a new one
|
|
if [ ! -f "$SECRET_FILE" ]; then
|
|
echo "Generating new Django secret key..."
|
|
old_umask=$(umask)
|
|
umask 077
|
|
tmpfile="$(mktemp "${SECRET_FILE}.XXXXXX")" || { echo "mktemp failed"; exit 1; }
|
|
python3 - <<'PY' >"$tmpfile" || { echo "secret generation failed"; rm -f "$tmpfile"; exit 1; }
|
|
import secrets
|
|
print(secrets.token_urlsafe(64))
|
|
PY
|
|
mv -f "$tmpfile" "$SECRET_FILE" || { echo "move failed"; rm -f "$tmpfile"; exit 1; }
|
|
umask $old_umask
|
|
fi
|
|
export DJANGO_SECRET_KEY="$(tr -d '\r\n' < "$SECRET_FILE")"
|
|
|
|
# Process priority configuration
|
|
# UWSGI_NICE_LEVEL: Absolute nice value for uWSGI/streaming (default: 0 = normal priority)
|
|
# CELERY_NICE_LEVEL: Absolute nice value for Celery/background tasks (default: 5 = low priority)
|
|
# Note: The script will automatically calculate the relative offset for Celery since it's spawned by uWSGI
|
|
export UWSGI_NICE_LEVEL=${UWSGI_NICE_LEVEL:-0}
|
|
CELERY_NICE_ABSOLUTE=${CELERY_NICE_LEVEL:-5}
|
|
|
|
# Calculate relative nice value for Celery (since nice is relative to parent process)
|
|
# Celery is spawned by uWSGI, so we need to add the offset to reach the desired absolute value
|
|
export CELERY_NICE_LEVEL=$((CELERY_NICE_ABSOLUTE - UWSGI_NICE_LEVEL))
|
|
|
|
# Set LIBVA_DRIVER_NAME if user has specified it
|
|
if [ -v LIBVA_DRIVER_NAME ]; then
|
|
export LIBVA_DRIVER_NAME
|
|
fi
|
|
# Extract version information from version.py
|
|
export DISPATCHARR_VERSION=$(python -c "import sys; sys.path.append('/app'); import version; print(version.__version__)")
|
|
export DISPATCHARR_TIMESTAMP=$(python -c "import sys; sys.path.append('/app'); import version; print(version.__timestamp__ or '')")
|
|
|
|
# Display version information with timestamp if available
|
|
if [ -n "$DISPATCHARR_TIMESTAMP" ]; then
|
|
echo "📦 Dispatcharr version: ${DISPATCHARR_VERSION} (build: ${DISPATCHARR_TIMESTAMP})"
|
|
else
|
|
echo "📦 Dispatcharr version: ${DISPATCHARR_VERSION}"
|
|
fi
|
|
export DISPATCHARR_LOG_LEVEL
|
|
# Set log level with default if not provided
|
|
DISPATCHARR_LOG_LEVEL=${DISPATCHARR_LOG_LEVEL:-INFO}
|
|
# Convert to uppercase
|
|
DISPATCHARR_LOG_LEVEL=${DISPATCHARR_LOG_LEVEL^^}
|
|
|
|
|
|
echo "Environment DISPATCHARR_LOG_LEVEL set to: '${DISPATCHARR_LOG_LEVEL}'"
|
|
|
|
# Also make the log level available in /etc/environment for all login shells
|
|
#grep -q "DISPATCHARR_LOG_LEVEL" /etc/environment || echo "DISPATCHARR_LOG_LEVEL=${DISPATCHARR_LOG_LEVEL}" >> /etc/environment
|
|
|
|
# Translate Dispatcharr POSTGRES_SSL_* env vars into libpq-recognized PGSSL*
|
|
# env vars. Called once before any external PostgreSQL connection; all child
|
|
# processes (psql, pg_dump, pg_isready, createdb, dropdb) inherit these
|
|
# automatically. No-op when POSTGRES_SSL is not "true".
|
|
setup_pg_ssl_env() {
|
|
if [ "${POSTGRES_SSL:-false}" != "true" ]; then
|
|
return 0
|
|
fi
|
|
export PGSSLMODE="${POSTGRES_SSL_MODE:-verify-full}"
|
|
if [ -n "${POSTGRES_SSL_CA_CERT:-}" ]; then export PGSSLROOTCERT="$POSTGRES_SSL_CA_CERT"; fi
|
|
if [ -n "${POSTGRES_SSL_CERT:-}" ]; then export PGSSLCERT="$POSTGRES_SSL_CERT"; fi
|
|
if [ -n "${POSTGRES_SSL_KEY:-}" ]; then export PGSSLKEY="$POSTGRES_SSL_KEY"; fi
|
|
}
|
|
|
|
# READ-ONLY - don't let users change these
|
|
export POSTGRES_DIR=/data/db
|
|
|
|
# Global variables, stored so other users inherit them.
|
|
# Rewritten every startup so that container restarts with changed env vars
|
|
# pick up the new values (not stale ones from a previous run).
|
|
# Define all variables to process
|
|
variables=(
|
|
PATH VIRTUAL_ENV DJANGO_SETTINGS_MODULE PYTHONUNBUFFERED PYTHONDONTWRITEBYTECODE
|
|
POSTGRES_DB POSTGRES_USER POSTGRES_PASSWORD POSTGRES_HOST POSTGRES_PORT
|
|
DISPATCHARR_ENV DISPATCHARR_DEBUG DISPATCHARR_LOG_LEVEL DISPATCHARR_ENABLE_IP_LOOKUP
|
|
REDIS_HOST REDIS_PORT REDIS_DB REDIS_PASSWORD REDIS_USER POSTGRES_DIR DISPATCHARR_PORT
|
|
DISPATCHARR_VERSION DISPATCHARR_TIMESTAMP LIBVA_DRIVERS_PATH LIBVA_DRIVER_NAME LD_LIBRARY_PATH
|
|
CELERY_NICE_LEVEL UWSGI_NICE_LEVEL DJANGO_SECRET_KEY
|
|
)
|
|
|
|
# TLS variables are optional — only propagate when set to avoid noisy warnings
|
|
for _tls_var in POSTGRES_SSL POSTGRES_SSL_MODE POSTGRES_SSL_CA_CERT POSTGRES_SSL_CERT POSTGRES_SSL_KEY \
|
|
REDIS_SSL REDIS_SSL_VERIFY REDIS_SSL_CA_CERT REDIS_SSL_CERT REDIS_SSL_KEY; do
|
|
if [ -n "${!_tls_var+x}" ]; then
|
|
variables+=("$_tls_var")
|
|
fi
|
|
done
|
|
|
|
# Truncate files before rewriting
|
|
> /etc/profile.d/dispatcharr.sh
|
|
|
|
# Process each variable for both profile.d and environment
|
|
for var in "${variables[@]}"; do
|
|
# Check if the variable is set in the environment
|
|
if [ -n "${!var+x}" ]; then
|
|
# Add to profile.d (quoted to handle special characters in values)
|
|
echo "export ${var}='${!var}'" >> /etc/profile.d/dispatcharr.sh
|
|
# Add/update in /etc/environment
|
|
sed -i "/^${var}=/d" /etc/environment
|
|
echo "${var}='${!var}'" >> /etc/environment
|
|
else
|
|
echo "Warning: Environment variable $var is not set"
|
|
fi
|
|
done
|
|
|
|
chmod +x /etc/profile.d/dispatcharr.sh
|
|
|
|
# Ensure root's .bashrc sources the profile.d scripts for interactive non-login shells
|
|
if ! grep -q "profile.d/dispatcharr.sh" /root/.bashrc 2>/dev/null; then
|
|
cat >> /root/.bashrc << 'EOF'
|
|
|
|
# Source Dispatcharr environment variables
|
|
if [ -f /etc/profile.d/dispatcharr.sh ]; then
|
|
. /etc/profile.d/dispatcharr.sh
|
|
fi
|
|
EOF
|
|
fi
|
|
|
|
# Run init scripts
|
|
echo "Starting user setup..."
|
|
. /app/docker/init/01-user-setup.sh
|
|
|
|
# Fix TLS client key permissions/ownership BEFORE any external PG connections.
|
|
# Must run after 01-user-setup.sh (user exists for chown) and before
|
|
# 02-postgres.sh / pg_isready (which make the first external PG connections).
|
|
FIXED_KEY_PATH="/data/.pg-client.key"
|
|
. /app/docker/init/00-fix-pg-ssl-key.sh
|
|
# Propagate the fixed path to login shells (su - strips env vars)
|
|
if [ "${POSTGRES_SSL_KEY:-}" = "$FIXED_KEY_PATH" ]; then
|
|
sed -i "/^POSTGRES_SSL_KEY=/d" /etc/environment
|
|
echo "POSTGRES_SSL_KEY='$FIXED_KEY_PATH'" >> /etc/environment
|
|
sed -i "s|export POSTGRES_SSL_KEY=.*|export POSTGRES_SSL_KEY='$FIXED_KEY_PATH'|" /etc/profile.d/dispatcharr.sh
|
|
fi
|
|
|
|
# Export libpq TLS env vars so all subsequent psql/pg_dump/pg_isready calls
|
|
# (in 02-postgres.sh, modular-mode checks, etc.) use TLS automatically.
|
|
setup_pg_ssl_env
|
|
|
|
# Initialize PostgreSQL (script handles modular vs internal mode internally)
|
|
echo "Setting up PostgreSQL..."
|
|
. /app/docker/init/02-postgres.sh
|
|
|
|
echo "Starting init process..."
|
|
. /app/docker/init/03-init-dispatcharr.sh
|
|
|
|
# Start PostgreSQL if NOT in modular mode (using external database)
|
|
if [[ "$DISPATCHARR_ENV" != "modular" ]]; then
|
|
echo "Starting Postgres..."
|
|
prepare_pg_socket_dir
|
|
su - "$POSTGRES_USER" -c "$PG_BINDIR/pg_ctl -D ${POSTGRES_DIR} start -w -t 300 -o '-c port=${POSTGRES_PORT}'"
|
|
# Wait for PostgreSQL to be ready
|
|
until su - "$POSTGRES_USER" -c "$PG_BINDIR/pg_isready -h ${POSTGRES_HOST} -p ${POSTGRES_PORT}" >/dev/null 2>&1; do
|
|
echo_with_timestamp "Waiting for PostgreSQL to be ready..."
|
|
sleep 1
|
|
done
|
|
postgres_pid=$(su - "$POSTGRES_USER" -c "$PG_BINDIR/pg_ctl -D ${POSTGRES_DIR} status" | sed -n 's/.*PID: \([0-9]\+\).*/\1/p')
|
|
echo "✅ Postgres started with PID $postgres_pid"
|
|
if [ -n "$postgres_pid" ]; then pids+=("$postgres_pid"); pid_names[$postgres_pid]="postgres"; fi
|
|
|
|
# Unconditional startup guarantees — run on every AIO startup.
|
|
# Each is idempotent and handles all scenarios (fresh, upgrade, restart).
|
|
promote_app_role
|
|
ensure_app_database
|
|
else
|
|
echo "🔗 Modular mode: Using external PostgreSQL at ${POSTGRES_HOST}:${POSTGRES_PORT}"
|
|
# Wait for external PostgreSQL to be ready using pg_isready (checks actual protocol readiness)
|
|
echo_with_timestamp "Waiting for external PostgreSQL to be ready..."
|
|
until $PG_BINDIR/pg_isready -h "${POSTGRES_HOST}" -p "${POSTGRES_PORT}" -q >/dev/null 2>&1; do
|
|
echo_with_timestamp "Waiting for PostgreSQL at ${POSTGRES_HOST}:${POSTGRES_PORT}..."
|
|
sleep 1
|
|
done
|
|
echo "✅ External PostgreSQL is ready"
|
|
|
|
# Check PostgreSQL version compatibility
|
|
check_external_postgres_version || exit 1
|
|
fi
|
|
|
|
# Wait for Redis to be ready and flush stale state.
|
|
# In modular mode Redis is external — call wait_for_redis.py here
|
|
# because uWSGI's exec-pre runs under 'su -' which strips env vars
|
|
# (DISPATCHARR_ENV, REDIS_HOST, etc.).
|
|
# In AIO mode Redis is started by uWSGI (attach-daemon), so the
|
|
# exec-pre in uwsgi.ini handles the wait + flush there instead.
|
|
if [[ "$DISPATCHARR_ENV" == "modular" ]]; then
|
|
echo "🔗 Modular mode: Using external Redis at ${REDIS_HOST}:${REDIS_PORT}"
|
|
echo_with_timestamp "Waiting for Redis to be ready..."
|
|
python3 /app/scripts/wait_for_redis.py
|
|
echo "✅ Redis is ready"
|
|
fi
|
|
|
|
# Ensure database encoding is UTF8 (handles both internal and external databases)
|
|
ensure_utf8_encoding
|
|
|
|
if [[ "$DISPATCHARR_ENV" = "dev" ]]; then
|
|
. /app/docker/init/99-init-dev.sh
|
|
echo "Starting frontend dev environment"
|
|
su - "$POSTGRES_USER" -c "cd /app/frontend && npm run dev &"
|
|
npm_pid=$(pgrep vite | sort | head -n1)
|
|
echo "✅ vite started with PID $npm_pid"
|
|
if [ -n "$npm_pid" ]; then pids+=("$npm_pid"); pid_names[$npm_pid]="vite"; fi
|
|
else
|
|
echo "🚀 Starting nginx..."
|
|
nginx
|
|
nginx_pid=$(pgrep nginx | sort | head -n1)
|
|
echo "✅ nginx started with PID $nginx_pid"
|
|
if [ -n "$nginx_pid" ]; then pids+=("$nginx_pid"); pid_names[$nginx_pid]="nginx"; fi
|
|
fi
|
|
|
|
|
|
# --- NumPy version switching for legacy hardware ---
|
|
if [ "$USE_LEGACY_NUMPY" = "true" ]; then
|
|
# Check if NumPy was compiled with baseline support
|
|
if "$VIRTUAL_ENV/bin/python" -c "import numpy; numpy.show_config()" 2>&1 | grep -qi "baseline" || [ $? -ne 0 ]; then
|
|
echo_with_timestamp "🔧 Switching to legacy NumPy (no CPU baseline)..."
|
|
uv pip install --python "$VIRTUAL_ENV/bin/python" --no-cache --force-reinstall --no-deps /opt/numpy-*.whl
|
|
echo_with_timestamp "✅ Legacy NumPy installed"
|
|
else
|
|
echo_with_timestamp "✅ Legacy NumPy (no baseline) already installed, skipping reinstallation"
|
|
fi
|
|
fi
|
|
|
|
# Run Django commands as non-root user to prevent permission issues
|
|
su - "$POSTGRES_USER" -c "cd /app && python manage.py migrate --noinput"
|
|
su - "$POSTGRES_USER" -c "cd /app && python manage.py collectstatic --noinput"
|
|
|
|
# Select proper uwsgi config based on environment
|
|
if [ "$DISPATCHARR_ENV" = "dev" ] && [ "$DISPATCHARR_DEBUG" != "true" ]; then
|
|
echo "🚀 Starting uwsgi in dev mode..."
|
|
uwsgi_file="/app/docker/uwsgi.dev.ini"
|
|
elif [ "$DISPATCHARR_DEBUG" = "true" ]; then
|
|
echo "🚀 Starting uwsgi in debug mode..."
|
|
uwsgi_file="/app/docker/uwsgi.debug.ini"
|
|
elif [ "$DISPATCHARR_ENV" = "modular" ]; then
|
|
echo "🚀 Starting uwsgi in modular mode..."
|
|
uwsgi_file="/app/docker/uwsgi.modular.ini"
|
|
else
|
|
echo "🚀 Starting uwsgi in production mode..."
|
|
uwsgi_file="/app/docker/uwsgi.ini"
|
|
fi
|
|
|
|
# Set base uwsgi args
|
|
uwsgi_args="--ini $uwsgi_file"
|
|
|
|
# Conditionally disable logging if not in debug mode
|
|
if [ "$DISPATCHARR_DEBUG" != "true" ]; then
|
|
uwsgi_args+=" --disable-logging"
|
|
fi
|
|
|
|
# Launch uwsgi with configurable nice level (default: 0 for normal priority)
|
|
# Users can override via UWSGI_NICE_LEVEL environment variable in docker-compose
|
|
# Start with nice as root, then use setpriv to drop privileges to dispatch user
|
|
# This preserves both the nice value and environment variables
|
|
nice -n "$UWSGI_NICE_LEVEL" su - "$POSTGRES_USER" -c "cd /app && exec $VIRTUAL_ENV/bin/uwsgi $uwsgi_args" & uwsgi_pid=$!
|
|
echo "✅ uwsgi started with PID $uwsgi_pid (nice $UWSGI_NICE_LEVEL)"
|
|
pids+=("$uwsgi_pid"); pid_names[$uwsgi_pid]="uwsgi"
|
|
|
|
# Wait for services to fully initialize before checking hardware
|
|
echo "⏳ Waiting for services to fully initialize before hardware check..."
|
|
sleep 5
|
|
|
|
# Run hardware check
|
|
echo "🔍 Running hardware acceleration check..."
|
|
. /app/docker/init/04-check-hwaccel.sh
|
|
|
|
# Wait for at least one process to exit and log the process that exited first
|
|
if [ ${#pids[@]} -gt 0 ]; then
|
|
echo "⏳ Dispatcharr is running. Monitoring processes..."
|
|
set +e
|
|
while kill -0 "${pids[@]}" 2>/dev/null; do
|
|
sleep 1 # Wait for a second before checking again
|
|
done
|
|
|
|
# Only report unexpected exits — skip if cleanup was already triggered by
|
|
# the trap (i.e. docker stop sent SIGTERM and we shut down intentionally)
|
|
if ! $_cleanup_done; then
|
|
echo "🚨 One of the processes exited unexpectedly! Checking which one..."
|
|
|
|
for pid in "${pids[@]}"; do
|
|
if ! kill -0 "$pid" 2>/dev/null; then
|
|
process_name=${pid_names[$pid]:-unknown}
|
|
echo "❌ Process $process_name (PID: $pid) has exited!"
|
|
fi
|
|
done
|
|
fi
|
|
else
|
|
echo "❌ No processes started. Exiting."
|
|
exit 1
|
|
fi
|
|
|
|
# Cleanup and stop remaining processes
|
|
cleanup
|