Gateway SIGUSR1 restart keeps PID=1 alive but clears in-memory lock state, leaving .lock files that appear valid but are orphaned. This causes session file lock timeouts when new agent sessions try to acquire the same locks. Solution: On container start, clean all session lock files since they're guaranteed orphaned (new process state). Lock files are safe to remove on startup because the gateway hasn't started any agent sessions yet. Fixes session lock timeout errors after gateway restarts in Docker.
92 lines
3.3 KiB
Bash
Executable File
92 lines
3.3 KiB
Bash
Executable File
#!/bin/bash
|
|
# Phala Cloud CVM entrypoint - auto-configures Redpill provider on first boot
|
|
|
|
set -e
|
|
|
|
CONFIG_DIR="${CLAWDBOT_STATE_DIR:-/data/.clawdbot}"
|
|
CONFIG_FILE="$CONFIG_DIR/clawdbot.json"
|
|
|
|
# Create state directory if it doesn't exist
|
|
mkdir -p "$CONFIG_DIR"
|
|
|
|
# Build gateway auth arguments
|
|
GATEWAY_AUTH_ARGS=""
|
|
if [ "${GATEWAY_AUTH:-off}" = "token" ]; then
|
|
if [ -z "$GATEWAY_TOKEN" ]; then
|
|
# Generate a random token if not provided
|
|
GATEWAY_TOKEN=$(head -c 32 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 32)
|
|
echo "Generated gateway token: $GATEWAY_TOKEN"
|
|
fi
|
|
GATEWAY_AUTH_ARGS="--gateway-auth token --gateway-token $GATEWAY_TOKEN"
|
|
elif [ "${GATEWAY_AUTH:-off}" = "password" ]; then
|
|
if [ -z "$GATEWAY_PASSWORD" ]; then
|
|
echo "Error: GATEWAY_AUTH=password requires GATEWAY_PASSWORD to be set"
|
|
exit 1
|
|
fi
|
|
GATEWAY_AUTH_ARGS="--gateway-auth password --gateway-password $GATEWAY_PASSWORD"
|
|
else
|
|
GATEWAY_AUTH_ARGS="--gateway-auth off"
|
|
fi
|
|
|
|
# Check if we need to run initial setup
|
|
if [ ! -f "$CONFIG_FILE" ] && [ -n "$REDPILL_API_KEY" ]; then
|
|
echo "First boot detected with REDPILL_API_KEY - running auto-configuration..."
|
|
|
|
# shellcheck disable=SC2086
|
|
node dist/index.js onboard \
|
|
--non-interactive \
|
|
--accept-risk \
|
|
--mode local \
|
|
--auth-choice redpill-api-key \
|
|
--workspace "${CLAWDBOT_WORKSPACE_DIR:-/data/workspace}" \
|
|
--gateway-bind loopback \
|
|
$GATEWAY_AUTH_ARGS \
|
|
--skip-daemon \
|
|
--skip-skills \
|
|
--skip-health \
|
|
--skip-ui
|
|
|
|
echo "Auto-configuration complete."
|
|
|
|
# Configure channel allowlists if user IDs are provided
|
|
if [ -n "$TELEGRAM_ALLOWED_USERS" ] || [ -n "$DISCORD_ALLOWED_USERS" ]; then
|
|
echo "Configuring channel allowlists..."
|
|
|
|
if [ -n "$TELEGRAM_ALLOWED_USERS" ]; then
|
|
# Convert comma-separated list to JSON array
|
|
TELEGRAM_IDS=$(echo "$TELEGRAM_ALLOWED_USERS" | sed 's/,/", "/g' | sed 's/^/"/' | sed 's/$/"/')
|
|
node dist/index.js config set channels.telegram.dmPolicy allowlist || true
|
|
node dist/index.js config set "channels.telegram.allowFrom" "[$TELEGRAM_IDS]" --json || true
|
|
echo "✓ Telegram allowlist configured: $TELEGRAM_ALLOWED_USERS"
|
|
fi
|
|
|
|
if [ -n "$DISCORD_ALLOWED_USERS" ]; then
|
|
# Convert comma-separated list to JSON array
|
|
DISCORD_IDS=$(echo "$DISCORD_ALLOWED_USERS" | sed 's/,/", "/g' | sed 's/^/"/' | sed 's/$/"/')
|
|
node dist/index.js config set channels.discord.dm.policy allowlist || true
|
|
node dist/index.js config set "channels.discord.dm.allowFrom" "[$DISCORD_IDS]" --json || true
|
|
echo "✓ Discord allowlist configured: $DISCORD_ALLOWED_USERS"
|
|
fi
|
|
fi
|
|
|
|
echo "Starting gateway..."
|
|
fi
|
|
|
|
# Clean orphaned session locks from previous gateway restarts
|
|
# Gateway SIGUSR1 restart keeps PID=1 but clears in-memory lock state,
|
|
# leaving lock files that appear valid but are actually orphaned.
|
|
SESSIONS_DIR="$CONFIG_DIR/agents/main/sessions"
|
|
if [ -d "$SESSIONS_DIR" ]; then
|
|
LOCK_COUNT=$(find "$SESSIONS_DIR" -name "*.lock" -type f 2>/dev/null | wc -l)
|
|
if [ "$LOCK_COUNT" -gt 0 ]; then
|
|
echo "Cleaning $LOCK_COUNT orphaned session lock(s)..."
|
|
find "$SESSIONS_DIR" -name "*.lock" -type f -delete 2>/dev/null || true
|
|
fi
|
|
fi
|
|
|
|
# Start the gateway
|
|
exec node dist/index.js gateway \
|
|
--bind loopback \
|
|
--port "${GATEWAY_PORT:-18789}" \
|
|
--allow-unconfigured
|