diff --git a/.gitignore b/.gitignore index e01e8f136..b383e4ea7 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,5 @@ ciso_assistant/build.json *.sqlite3 db/django_secret_key db/attachments/ +db/data/ +db/pg_password.txt diff --git a/README.md b/README.md index 96d496be9..ad416e22f 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ To install gettext and pango, do `sudo apt update && sudo apt install gettext li ### Quick start 🚀 -There are two methods to run CISO locally: using Python or using Docker. +There are three methods to run CISO locally: using Python, using Docker or using docker-compose. By default, Django secret key is generated randomly at each start of Mira. This is convenient for quick test, but not recommended for production, as it can break the sessions (see this [topic](https://stackoverflow.com/questions/15170637/effects-of-changing-djangos-secret-key) for more information). To set a fixed secret key, use the environment variable DJANGO_SECRET_KEY. @@ -102,12 +102,12 @@ python manage.py collectstatic python manage.py createsuperuser ``` -5. Run CISO +5. Run CISO Assistant ```sh python manage.py runserver ``` -You can then reach CISO using your web brower at [http://127.0.0.1:8000/](http://127.0.0.1:8000/) +You can then reach CISO Assistant using your web brower at [http://127.0.0.1:8000/](http://127.0.0.1:8000/) #### Using Docker @@ -127,7 +127,7 @@ docker run --rm -it --env CREATE_SUPERUSER=true -p 8000:8000 -v ./db:/code/db c When asked for, enter your email and password for your superuser. -You can then reach CISO using your web brower at [http://127.0.0.1:8000/](http://127.0.0.1:8000/) +You can then reach CISO Assistant using your web brower at [http://127.0.0.1:8000/](http://127.0.0.1:8000/) For the following executions, simply run: @@ -137,7 +137,21 @@ docker run --rm -p 8000:8000 -v ./db:/code/db ciso-assistant:$( As said in the quickstart section, CISO generates a random Django secret key if not specified. To avoid broken sessions, it is preferable to set a fixed random value using the DJANGO_SECRET_KEY environment variable. +> As said in the quickstart section, CISO Assistant generates a random Django secret key if not specified. To avoid broken sessions, it is preferable to set a fixed random value using the DJANGO_SECRET_KEY environment variable. **Optional variables** ```sh -# CISO will use SQLite by default, but you can setup PostgreSQL by declaring these variables +# CISO Assistant will use SQLite by default, but you can setup PostgreSQL by declaring these variables export POSTGRES_NAME=ciso-assistant export POSTGRES_USER=ciso-assistantuser export POSTGRES_PASSWORD= +export POSTGRES_PASSWORD_FILE= # alternative way to specify password export DB_HOST=localhost export DB_PORT=5432 # optional, default value is 5432 diff --git a/ciso_assistant/VERSION b/ciso_assistant/VERSION index f374f6662..2003b639c 100644 --- a/ciso_assistant/VERSION +++ b/ciso_assistant/VERSION @@ -1 +1 @@ -0.9.1 +0.9.2 diff --git a/ciso_assistant/settings.py b/ciso_assistant/settings.py index 3a286870a..46f3505a9 100644 --- a/ciso_assistant/settings.py +++ b/ciso_assistant/settings.py @@ -238,6 +238,9 @@ if 'POSTGRES_NAME' in os.environ: print("Postgresql database engine") + fp = os.environ.get('POSTGRES_PASSWORD_FILE') + if fp: + os.environ['POSTGRES_PASSWORD'] = Path(fp).read_text().strip() DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql_psycopg2', @@ -248,7 +251,6 @@ 'PORT': os.environ.get('DB_PORT', '5432'), } } - print("Postgresql database engine") else: print("sqlite database engine") DATABASES = { diff --git a/docker-compose-pg.sh b/docker-compose-pg.sh new file mode 100755 index 000000000..147e632aa --- /dev/null +++ b/docker-compose-pg.sh @@ -0,0 +1,12 @@ +#! /usr/bin/env bash + +if [ -d db/data ] ; then + echo "the database seems already created" + echo "you should launch docker-compose up -d" +else + uuidgen > ./db/pg_password.txt + docker-compose up -d + echo "initialize your superuser account..." + docker-compose exec ciso-assistant python manage.py createsuperuser + echo "for successive runs you can now use docker compose up" +fi diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 000000000..90d18b7b2 --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,49 @@ +version: "3.5" +services: + ciso-assistant: + build: . + image: ciso-assistant:0.9.1 + container_name: "ciso-assistant" + ports: + - "8000:8000" + depends_on: + postgres: + condition: service_healthy + environment: + DJANGO_DEBUG: "True" + CISO_URL: http://127.0.0.1:8000 + POSTGRES_NAME: postgres + POSTGRES_USER: postgres + POSTGRES_PASSWORD_FILE: /run/secrets/pg_password +# CISO_SUPERUSER_EMAIL: ciso@assistant.local + EMAIL_HOST: your.mail.server + EMAIL_PORT: 1025 + EMAIL_HOST_USER: '' + EMAIL_HOST_PASSWORD: '' + EMAIL_USE_TLS: "False" + EMAIL_USE_SSL: "False" + DEFAULT_FROM_EMAIL: ciso@assistant.local + DB_HOST: ciso-postgres + volumes: + - ./db:/code/db + secrets: + - pg_password + + postgres: + image: postgres + container_name: "ciso-postgres" + restart: always + environment: + POSTGRES_PASSWORD_FILE: /run/secrets/pg_password + volumes: + - ./db/data:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 + secrets: + - pg_password +secrets: + pg_password: + file: ./db/pg_password.txt