From 2e34599b0b214738fd73201dcd2b3ddfc893dfc1 Mon Sep 17 00:00:00 2001 From: eric-intuitem <71850047+eric-intuitem@users.noreply.github.com> Date: Sun, 22 Oct 2023 02:33:23 +0200 Subject: [PATCH 1/3] Add docker-compose configuration with pg database --- .gitignore | 1 + README.md | 22 ++++++++++++++++++---- docker-compose-pg.sh | 11 +++++++++++ docker-compose.yaml | 42 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 72 insertions(+), 4 deletions(-) create mode 100755 docker-compose-pg.sh create mode 100644 docker-compose.yaml diff --git a/.gitignore b/.gitignore index e01e8f136..22180b445 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ ciso_assistant/build.json *.sqlite3 db/django_secret_key db/attachments/ +db/data/ diff --git a/README.md b/README.md index 96d496be9..23f44ca5e 100644 --- a/README.md +++ b/README.md @@ -102,12 +102,12 @@ python manage.py collectstatic python manage.py createsuperuser ``` -5. Run CISO +5. Run CISO Assistant ```sh python manage.py runserver ``` -You can then reach CISO using your web brower at [http://127.0.0.1:8000/](http://127.0.0.1:8000/) +You can then reach CISO Assistant using your web brower at [http://127.0.0.1:8000/](http://127.0.0.1:8000/) #### Using Docker @@ -127,7 +127,7 @@ docker run --rm -it --env CREATE_SUPERUSER=true -p 8000:8000 -v ./db:/code/db c When asked for, enter your email and password for your superuser. -You can then reach CISO using your web brower at [http://127.0.0.1:8000/](http://127.0.0.1:8000/) +You can then reach CISO Assistant using your web brower at [http://127.0.0.1:8000/](http://127.0.0.1:8000/) For the following executions, simply run: @@ -137,7 +137,21 @@ docker run --rm -p 8000:8000 -v ./db:/code/db ciso-assistant:$( Date: Mon, 23 Oct 2023 00:48:50 +0200 Subject: [PATCH 2/3] manage pg password using docker secrets - manage pg password using docker secrets - add POSTGRES_PASSWORD_FILE variable support - update doc - remove duplicate print --- .gitignore | 1 + README.md | 9 +++++---- ciso_assistant/settings.py | 4 +++- docker-compose-pg.sh | 3 ++- docker-compose.yaml | 11 +++++++++-- 5 files changed, 20 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 22180b445..b383e4ea7 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ ciso_assistant/build.json db/django_secret_key db/attachments/ db/data/ +db/pg_password.txt diff --git a/README.md b/README.md index 23f44ca5e..ad416e22f 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ To install gettext and pango, do `sudo apt update && sudo apt install gettext li ### Quick start 🚀 -There are two methods to run CISO locally: using Python or using Docker. +There are three methods to run CISO locally: using Python, using Docker or using docker-compose. By default, Django secret key is generated randomly at each start of Mira. This is convenient for quick test, but not recommended for production, as it can break the sessions (see this [topic](https://stackoverflow.com/questions/15170637/effects-of-changing-djangos-secret-key) for more information). To set a fixed secret key, use the environment variable DJANGO_SECRET_KEY. @@ -149,7 +149,7 @@ When asked for, enter your email and password for your superuser. You can then reach CISO Assistant using your web brower at [http://127.0.0.1:8000/](http://127.0.0.1:8000/) -For following executions, use "docker-compose up" directly. +For the following executions, use "docker-compose up" directly. ### How to set up CISO Assistant for development? ✍️ @@ -182,15 +182,16 @@ export EMAIL_HOST=localhost export EMAIL_PORT=1025 ``` -> As said in the quickstart section, CISO generates a random Django secret key if not specified. To avoid broken sessions, it is preferable to set a fixed random value using the DJANGO_SECRET_KEY environment variable. +> As said in the quickstart section, CISO Assistant generates a random Django secret key if not specified. To avoid broken sessions, it is preferable to set a fixed random value using the DJANGO_SECRET_KEY environment variable. **Optional variables** ```sh -# CISO will use SQLite by default, but you can setup PostgreSQL by declaring these variables +# CISO Assistant will use SQLite by default, but you can setup PostgreSQL by declaring these variables export POSTGRES_NAME=ciso-assistant export POSTGRES_USER=ciso-assistantuser export POSTGRES_PASSWORD= +export POSTGRES_PASSWORD_FILE= # alternative way to specify password export DB_HOST=localhost export DB_PORT=5432 # optional, default value is 5432 diff --git a/ciso_assistant/settings.py b/ciso_assistant/settings.py index 3a286870a..46f3505a9 100644 --- a/ciso_assistant/settings.py +++ b/ciso_assistant/settings.py @@ -238,6 +238,9 @@ if 'POSTGRES_NAME' in os.environ: print("Postgresql database engine") + fp = os.environ.get('POSTGRES_PASSWORD_FILE') + if fp: + os.environ['POSTGRES_PASSWORD'] = Path(fp).read_text().strip() DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql_psycopg2', @@ -248,7 +251,6 @@ 'PORT': os.environ.get('DB_PORT', '5432'), } } - print("Postgresql database engine") else: print("sqlite database engine") DATABASES = { diff --git a/docker-compose-pg.sh b/docker-compose-pg.sh index 5f4f02dcc..147e632aa 100755 --- a/docker-compose-pg.sh +++ b/docker-compose-pg.sh @@ -4,7 +4,8 @@ if [ -d db/data ] ; then echo "the database seems already created" echo "you should launch docker-compose up -d" else - POSTGRES_PASSWORD=`uuidgen` docker-compose up -d + uuidgen > ./db/pg_password.txt + docker-compose up -d echo "initialize your superuser account..." docker-compose exec ciso-assistant python manage.py createsuperuser echo "for successive runs you can now use docker compose up" diff --git a/docker-compose.yaml b/docker-compose.yaml index a133a8d6b..90d18b7b2 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -14,7 +14,7 @@ services: CISO_URL: http://127.0.0.1:8000 POSTGRES_NAME: postgres POSTGRES_USER: postgres - POSTGRES_PASSWORD: $POSTGRES_PASSWORD + POSTGRES_PASSWORD_FILE: /run/secrets/pg_password # CISO_SUPERUSER_EMAIL: ciso@assistant.local EMAIL_HOST: your.mail.server EMAIL_PORT: 1025 @@ -26,13 +26,15 @@ services: DB_HOST: ciso-postgres volumes: - ./db:/code/db + secrets: + - pg_password postgres: image: postgres container_name: "ciso-postgres" restart: always environment: - POSTGRES_PASSWORD: $POSTGRES_PASSWORD + POSTGRES_PASSWORD_FILE: /run/secrets/pg_password volumes: - ./db/data:/var/lib/postgresql/data healthcheck: @@ -40,3 +42,8 @@ services: interval: 5s timeout: 5s retries: 5 + secrets: + - pg_password +secrets: + pg_password: + file: ./db/pg_password.txt From 3298b4c46d02dff1b2f00872cd2f44004e5b9921 Mon Sep 17 00:00:00 2001 From: eric-intuitem <71850047+eric-intuitem@users.noreply.github.com> Date: Mon, 23 Oct 2023 01:19:09 +0200 Subject: [PATCH 3/3] Update VERSION --- ciso_assistant/VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ciso_assistant/VERSION b/ciso_assistant/VERSION index f374f6662..2003b639c 100644 --- a/ciso_assistant/VERSION +++ b/ciso_assistant/VERSION @@ -1 +1 @@ -0.9.1 +0.9.2