Add script to initialize volumes and permissions

.env

@@ -1,3 +1,6 @@
+#
+# Users that do not exist in the respective Docker image must be specified by their user ID
+#
 FAF_DB_USER=root
 FAF_PYTHON_SERVER_USER=root
 FAF_JAVA_SERVER_USER=root

docker-compose.yml

@@ -2,6 +2,19 @@ version: '3.2'
 
 services:
 
+  #
+  # Initialize all data directories with correct permissions.
+  # This is a workaround for the fact that Docker always creates volumes as root. This could also be done outside
+  # docker-compose in a shell script, but it would add yet another manual maintenance step. This way, permissions are
+  # set correctly by simply using docker-compose.
+  #
+  faf-init-volumes:
+    container_name: faf-init-volumes
+    image: alpine:latest
+    volumes:
+      - ./:/faf-stack
+    command: sh -c "cd /faf-stack && sh scripts/init-volumes.sh"
+
   #
   # FAF MySQL database.
   #
@@ -19,6 +32,8 @@ services:
       - "127.0.0.1:3306:3306"
     volumes:
       - ./data/faf-db:/var/lib/mysql
+    depends_on:
+      - faf-init-volumes
 
   #
   # FAF game server for clients to connect to.
@@ -38,14 +53,15 @@ services:
     ports:
       - "8001:8001" # Server
     depends_on:
+      - faf-init-volumes
       - faf-db
 
   #
   # FAF game server for clients to connect to.
   #
   faf-java-server:
     container_name: faf-java-server
-    image: faforever/faf-java-server::1.0.0
+    image: faforever/faf-java-server:1.0.0
     user: ${FAF_JAVA_SERVER_USER}
     networks:
       faf:
@@ -58,6 +74,7 @@ services:
     ports:
       - "8001:8001" # Server
     depends_on:
+      - faf-init-volumes
       - faf-db
     # TODO move to Dockerfile
     healthcheck:
@@ -86,6 +103,7 @@ services:
     ports:
       - "8010:8010" # HTTP API
     depends_on:
+      - faf-init-volumes
       - faf-db
     # TODO move to Dockerfile
     healthcheck:
@@ -106,6 +124,7 @@ services:
         aliases:
           - "faf-python-api"
     depends_on:
+      - faf-init-volumes
       - faf-db
     env_file: ./config/faf-python-api/faf-python-api.env
     environment:
@@ -172,6 +191,8 @@ services:
     volumes:
       - ./config/faf-prometheus/faf-prometheus.yml:/etc/prometheus/prometheus.yml
       - ./data/faf-prometheus:/prometheus
+    depends_on:
+      - faf-init-volumes
 
   #
   # Grafana reads data from Prometheus and draws monitoring dashboards.
@@ -186,6 +207,8 @@ services:
     volumes:
       - ./config/faf-grafana:/etc/grafana/scripts
       - ./data/faf-grafana:/var/lib/grafana
+    depends_on:
+      - faf-init-volumes
     env_file: ./config/faf-grafana/faf-grafana.env
     ports:
       - "8090:3000"
@@ -208,6 +231,7 @@ services:
           - "irc.faforever.com"
           - "services.faforever.com"
     depends_on:
+      - faf-init-volumes
       - faf-db
     volumes:
       - ./config/faf-unrealircd/ssl:/home/unreal/unrealircd/conf/ssl
@@ -231,6 +255,7 @@ services:
     build: git://github.com/FAForever/QAI#5817e717ffee4ad50093ec3219fd8c73d535e460
     user: ${FAF_QAI_USER}
     depends_on:
+      - faf-init-volumes
       - faf-unrealircd
     volumes:
       - ./config/faf-qai:/config
@@ -265,6 +290,8 @@ services:
     restart: always
     volumes:
       - ./data/content/app:/usr/share/nginx/html
+    depends_on:
+      - faf-init-volumes
     env_file: ./config/faf-legacy-apps/faf-legacy-apps.env
     ports:
       - "127.0.0.1:8094:80"
@@ -285,6 +312,7 @@ services:
         aliases:
           - "faf-wordpress"
     depends_on:
+      - faf-init-volumes
       - faf-db
     env_file: ./config/faf-wordpress/faf-wordpress.env
     ports:
@@ -336,6 +364,7 @@ services:
     networks:
       - faf
     depends_on:
+      - faf-init-volumes
       - faf-db
     restart: always
     env_file: ./config/faf-phpbb3/faf-phpbb3.env
@@ -354,6 +383,7 @@ services:
     networks:
       - faf
     depends_on:
+      - faf-init-volumes
       - faf-db
     restart: always
     env_file: ./config/faf-content/faf-content.env
@@ -370,6 +400,8 @@ services:
     restart: always
     volumes:
       - ./data/faf-mediawiki:/usr/share/nginx/html
+    depends_on:
+      - faf-init-volumes
     env_file: ./config/faf-mediawiki/faf-mediawiki.env
     ports:
       - "127.0.0.1:8092:80"
@@ -387,6 +419,7 @@ services:
     networks:
       - faf
     depends_on:
+      - faf-init-volumes
       - faf-db
     restart: always
     env_file: ./config/faf-legacy-updater/faf-legacy-updater.env
@@ -406,6 +439,7 @@ services:
     networks:
       - faf
     depends_on:
+      - faf-init-volumes
       - faf-db
     restart: always
     env_file: ./config/faf-legacy-live-replay-server/faf-legacy-live-replay-server.env
@@ -425,6 +459,7 @@ services:
     networks:
       - faf
     depends_on:
+      - faf-init-volumes
       - faf-db
     restart: always
     env_file: ./config/faf-legacy-secondary-server/faf-legacy-secondary-server.env
@@ -453,6 +488,8 @@ services:
     volumes:
       - ./config/faf-discord-irc/config.json:/config/config.json
     restart: always
+    depends_on:
+      - faf-init-volumes
 
   #
   # An nginx proxy which exposes FAF services such as the website, the API etc. through HTTP. It does so by listening
@@ -472,6 +509,8 @@ services:
       - ./data/faf-nginx/vhost.d:/etc/nginx/vhost.d:ro
       - ./data/faf-nginx/certs:/etc/nginx/certs:ro
       - /usr/share/nginx/html
+    depends_on:
+      - faf-init-volumes
     ports:
       - "80:80"
       - "443:443"
@@ -491,6 +530,8 @@ services:
       - ./data/faf-nginx/certs:/etc/nginx/certs:rw
       - ./data/faf-nginx/vhost.d:/etc/nginx/vhost.d:rw
       - /var/run/docker.sock:/var/run/docker.sock:ro
+    depends_on:
+      - faf-init-volumes
 
   #
   # Temporary avatar management tool.

scripts/init-volumes.sh

@@ -0,0 +1,27 @@
+#!/bin/sh
+
+if [ ! -f docker-compose.yml ]; then
+  echo "This script needs to be executed from the directory that contains the docker-compose.yml"
+  exit 1;
+fi
+
+function init_volume() {
+  directory=${1}
+  user=${2}
+
+  echo "Creating directory ${directory}"
+  mkdir -p ${directory}
+
+  echo "Changing owner of directory '${directory}' to '${user}'"
+  chown ${user} ${directory}
+}
+
+. .env
+
+init_volume data/faf-db ${FAF_DB_USER}
+init_volume data/faf-prometheus ${FAF_PROMETHEUS_USER}
+init_volume data/faf-grafana ${FAF_GRAFANA_USER}
+init_volume data/faf-wordpress ${FAF_WORDPRESS_USER}
+init_volume data/faf-phpbb3 ${FAF_PHPBB3_USER}
+init_volume data/faf-mediawiki ${FAF_MEDIAWIKI_USER}
+init_volume data/faf-nginx ${FAF_NGINX_USER}

scripts/migrate-faf.sh

@@ -33,7 +33,7 @@ ALLOW_PASSWORD_AUTHENTICATION="no"
 DEFAULT_UMASK="007"
 FAF_BASE_DIR="/opt/faf"
 FAF_STACK_URL="https://github.com/FAForever/faf-stack.git"
-DOCKER_COMPOSE_VERSION="1.13.0"
+DOCKER_COMPOSE_VERSION="1.16.1"
 
 declare -A PATH_MAPPINGS
 #              /opt/stable/api                       ignored, part of faf-stack
@@ -224,6 +224,21 @@ function update_apt_index {
   apt update || { echo "Failed to update APT index"; exit 1; }
 }
 
+function install_apt_https {
+  echo "Installing packages to allow APT to use repositories over HTTPS"
+  apt install apt-transport-https ca-certificates software-properties-common || { echo "Failed to install HTTPS repository support for APT"; exit 1; }
+}
+
+function install_curl {
+  if command -v curl >/dev/null 2>&1; then
+    echo "Not installing curl as it is already installed"
+    return
+  fi
+
+  echo "Installing curl"
+  yes | apt install curl || { echo "Failed to install curl"; exit 1; }
+}
+
 function install_git {
   if command -v git >/dev/null 2>&1; then
     echo "Not installing Git as it is already installed"
@@ -244,14 +259,18 @@ function install_rsync {
   yes | apt install rsync || { echo "Failed to install rsync"; exit 1; }
 }
 
-function install_docker {
+function install_docker_ce {
   if command -v docker >/dev/null 2>&1; then
     echo "Not installing Docker as it is already installed"
     return
   fi
 
   echo "Installing Docker"
-  yes | apt install docker.io || { echo "Failed to install Docker"; exit 1; }
+  curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+  # TODO verify fingerprint
+  add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+  apt update
+  yes | apt install docker-ce || { echo "Failed to install Docker CE"; exit 1; }
 }
 
 function install_docker_compose {
@@ -326,8 +345,10 @@ create_users
 generate_ssh_key_pair
 confirm_source_user_permissions
 update_apt_index
+install_apt_https
+install_curl
 install_git
-install_docker
+install_docker_ce
 install_docker_compose
 install_rsync
 clone_faf_stack