gmakstutis/openrag
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

pre generate keys in tui for rootless podman

Browse source
This commit is contained in:
phact 2026-01-12 14:12:36 -05:00
parent 11b90f20bb
commit ff3a361aa0
2 changed files with 52 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docker-compose.yml
View file

@ -81,7 +81,7 @@ services:
- AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
volumes: volumes:
- ${OPENRAG_DOCUMENTS_PATH:-./openrag-documents}:/app/openrag-documents:Z - ${OPENRAG_DOCUMENTS_PATH:-./openrag-documents}:/app/openrag-documents:Z
- ${OPENRAG_KEYS_PATH:-./keys}:/app/keys:Z - ${OPENRAG_KEYS_PATH:-./keys}:/app/keys:U,z
- ${OPENRAG_FLOWS_PATH:-./flows}:/app/flows:U,z - ${OPENRAG_FLOWS_PATH:-./flows}:/app/flows:U,z
- ${OPENRAG_CONFIG_PATH:-./config}:/app/config:Z - ${OPENRAG_CONFIG_PATH:-./config}:/app/config:Z
- ${OPENRAG_DATA_PATH:-./data}:/app/data:Z - ${OPENRAG_DATA_PATH:-./data}:/app/data:Z

50
src/tui/main.py
View file

@ -1,5 +1,7 @@
"""Main TUI application for OpenRAG.""" """Main TUI application for OpenRAG."""
import os
import subprocess
import sys import sys
from pathlib import Path from pathlib import Path
from typing import Iterable, Optional from typing import Iterable, Optional
@ -683,6 +685,51 @@ def migrate_legacy_data_directories():
logger.info("Data migration completed successfully") logger.info("Data migration completed successfully")
def generate_jwt_keys(keys_dir: Path):
"""Generate RSA keys for JWT signing if they don't exist.
This pre-generates keys on the host so containers can read them,
avoiding permission issues with Podman rootless mode.
"""
private_key_path = keys_dir / "private_key.pem"
public_key_path = keys_dir / "public_key.pem"
if private_key_path.exists() and public_key_path.exists():
logger.debug("JWT keys already exist")
return
try:
# Generate private key
subprocess.run(
["openssl", "genrsa", "-out", str(private_key_path), "2048"],
check=True,
capture_output=True,
)
# Set restrictive permissions on private key (readable by owner only)
os.chmod(private_key_path, 0o600)
# Generate public key from private key
subprocess.run(
[
"openssl",
"rsa",
"-in", str(private_key_path),
"-pubout",
"-out", str(public_key_path),
],
check=True,
capture_output=True,
)
# Set permissions on public key (readable by all)
os.chmod(public_key_path, 0o644)
logger.info("Generated RSA keys for JWT signing")
except FileNotFoundError:
logger.warning("openssl not found, skipping JWT key generation (will be generated in container)")
except subprocess.CalledProcessError as e:
logger.error(f"Failed to generate RSA keys: {e}")
def setup_host_directories(): def setup_host_directories():
"""Initialize OpenRAG directory structure on the host. """Initialize OpenRAG directory structure on the host.
@ -708,6 +755,9 @@ def setup_host_directories():
directory.mkdir(parents=True, exist_ok=True) directory.mkdir(parents=True, exist_ok=True)
logger.debug(f"Ensured directory exists: {directory}") logger.debug(f"Ensured directory exists: {directory}")
# Generate JWT keys on host to avoid container permission issues
generate_jwt_keys(base_dir / "keys")
def run_tui(): def run_tui():
"""Run the OpenRAG TUI application.""" """Run the OpenRAG TUI application."""