Drop root privileges for celery worker #3272
Conversation
| celerybeat-schedule | ||
| celerybeat-schedule.db |
There was a problem hiding this comment.
| celerybeat-schedule.db | |
| celerybeat-schedule.dat |
There was a problem hiding this comment.
celerybeat-schedule.db is apparently also a thing 😅
| celerybeat-schedule | ||
| celerybeat-schedule.db |
There was a problem hiding this comment.
celerybeat-schedule.db is apparently also a thing 😅
| @@ -47,7 +47,7 @@ done | |||
| listen_for_devserver & | |||
|
|
|||
| # Run Celery worker process | |||
| celery -A integreat_cms.integreat_celery worker -l INFO -B --concurrency=1 & | |||
| deescalate_privileges celery -A integreat_cms.integreat_celery worker -l INFO -B --concurrency=1 & | |||
There was a problem hiding this comment.
This is more a question than a comment, but: are we dependent on celery for the dev env? Because as far as I can tell, I can still do everything I normally would in the CMS when commenting out this line. I get that background workers won't be available, but will this crash the dev server, or just lead to errors in the logs?
If it is "optional", I would love the option to set an environment variable to skip starting celery (and thus not need redis installed).
If it is mandatory, I think the docs should mention that redis is also a mandatory prerequisite to running the dev server.
Short description
The run.sh is running with root privileges. However, celery does not need those.
Proposed changes
Side effects
Resolved issues
Fixes: https://chat.tuerantuer.org/digitalfabrik/pl/qcemkcp5aid8dnhes6obwtiooo
Pull Request Review Guidelines