From 81edb172f6a7682c1bb4b63b4aff84aef11b4b2a Mon Sep 17 00:00:00 2001 From: nvuillerm Date: Sun, 26 Apr 2020 01:52:46 +0200 Subject: [PATCH] Shameful theft of the deployment docker's sources --- .gitlab-ci.yml | 20 +++++++++ Dockerfile | 52 ++++++++++++++++++++++ docker-compose.yml | 24 ++++++++++ re2o-dev.sh | 9 ++++ settings_local.py | 108 +++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 213 insertions(+) create mode 100644 .gitlab-ci.yml create mode 100644 Dockerfile create mode 100644 docker-compose.yml create mode 100644 re2o-dev.sh create mode 100644 settings_local.py diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..c17c690 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,20 @@ +--- + +image: docker:stable +variables: +# IMAGE: $CI_REGISTRY_IMAGE + IMAGE: re2o + DOCKER_HOST: tcp://docker:2375/ + DOCKER_DRIVER: overlay2 +stages: + - build + +services: +- $RUNNER_IMAGE + +Build Re2o image: + stage: build + before_script: &before_script +# - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY + script: + - docker build -t $IMAGE:$CI_COMMIT_SHA . diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..b377576 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,52 @@ +FROM debian:buster as re2o_base +COPY ./apt_requirements.txt /var/www/re2o/apt_requirements.txt +COPY ./pip_requirements.txt /var/www/re2o/pip_requirements.txt +COPY ./install_utils/db.ldiff /var/www/re2o/install_utils/db.ldiff +COPY ./install_utils/schema.ldiff /var/www/re2o/install_utils/schema.ldiff +WORKDIR /var/www/re2o + +# Install dependancies +RUN apt-get update && apt-get upgrade -y +RUN cat apt_requirements.txt | xargs apt-get -y install +RUN pip3 install -r pip_requirements.txt + +# Install DB requirements +RUN apt-get install -y postgresql-client python3-psycopg2 + +# Install local LDAP +FROM re2o_base as re2o_ldap +ARG LDAP_PASSWORD=plopiplop +ARG LDAP_DN="dc=example,dc=net" + +ENV LDAP_ROOTPASS plopiplop +ENV LDAP_ORGANISATION Re2o +ENV LDAP_DOMAIN example.net + +RUN LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y slapd +RUN hashed_ldap_passwd="$(slappasswd -s $LDAP_PASSWORD)" && sed 's|dc=example,dc=net|'"$LDAP_DN"'|g' /var/www/re2o/install_utils/db.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db +RUN hashed_ldap_passwd="$(slappasswd -s $LDAP_PASSWORD)" && sed 's|dc=example,dc=net|'"$LDAP_DN"'|g' /var/www/re2o/install_utils/schema.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema +RUN service slapd stop +RUN rm -rf /etc/ldap/slapd.d/* +RUN rm -rf /var/lib/ldap/* +RUN slapadd -n 0 -l /tmp/schema -F /etc/ldap/slapd.d/ +RUN slapadd -n 1 -l /tmp/db +RUN chown -R openldap:openldap /etc/ldap/slapd.d +RUN chown -R openldap:openldap /var/lib/ldap +RUN service slapd start + +# Install apache +FROM re2o_ldap as re2o_apache +RUN apt-get -y install apache2 libapache2-mod-wsgi-py3 +RUN a2enmod ssl +RUN a2enmod wsgi +RUN a2enconf javascript-common +COPY ./install_utils/apache2/re2o.conf /etc/apache2/sites-available/re2o.conf +RUN rm /etc/apache2/sites-enabled/000-default.conf +RUN sed -i 's|URL_SERVER|'"re2o.example.net"'|g' /etc/apache2/sites-available/re2o.conf +RUN sed -i 's|PATH|'"$(pwd)"'|g' /etc/apache2/sites-available/re2o.conf +RUN a2ensite re2o + +# HERE WE GO +FROM re2o_apache as re2o +COPY ./re2o-dev.sh /var/www/re2o/ +CMD bash re2o-dev.sh diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..4724522 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,24 @@ +version: '3' + +volumes: + database_data: + driver: local + +services: + re2o: + build: . + ports: + - "8080:80" + volumes: + - .:/var/www/re2o + db: + image: postgres:latest + expose: + - 3306 + volumes: + - database_data:/var/lib/postgresql/data + environment: + POSTGRES_PASSWORD: plopiplop + POSTGRES_DB: re2o + POSTGRES_USER: re2o + MYSQL_PASSWORD: plopiplop diff --git a/re2o-dev.sh b/re2o-dev.sh new file mode 100644 index 0000000..fdbc18c --- /dev/null +++ b/re2o-dev.sh @@ -0,0 +1,9 @@ +#! /bin/bash + +service apache2 stop +python3 manage.py migrate +python3 manage.py collectstatic --noinput +python3 manage.py compilemessages +service apache2 start +service slapd start +sleep infinity diff --git a/settings_local.py b/settings_local.py new file mode 100644 index 0000000..a747abb --- /dev/null +++ b/settings_local.py @@ -0,0 +1,108 @@ +# coding: utf-8 +# Re2o est un logiciel d'administration développé initiallement au rezometz. Il +# se veut agnostique au réseau considéré, de manière à être installable en +# quelques clics. +# +# Copyright © 2017 Gabriel Détraz +# Copyright © 2017 Lara Kermarec +# Copyright © 2017 Augustin Lemesle +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +"""re2o.settings_locale +The file with all the available options for a locale configuration of re2o +""" + +from __future__ import unicode_literals + +# A secret key used by the server. +SECRET_KEY = "=0u1d+gi6r06+r4gmrtdg6dhsi0mc7v39a37di4m5cfqt2aro2" + +# The password to access the project database +DB_PASSWORD = "plopiplop" + +# AES key for secret key encryption. +# The length must be a multiple of 16 +AES_KEY = "gnbe3elnujzlspzkavgdmqho16zizvek" + +# Should the server run in debug mode ? +# SECURITY WARNING: don't run with debug turned on in production! +DEBUG = True + +# A list of admins of the services. Receive mails when an error occurs +ADMINS = [("Example", "admin@example.net")] + +# The list of hostname the server will respond to. +ALLOWED_HOSTS = ["*"] + +# The time zone the server is runned in +TIME_ZONE = "Europe/Paris" + +# The storage systems parameters to use +DATABASES = { + "default": { # The DB + "ENGINE": "django.db.backends.postgresql", + "NAME": "re2o", + "USER": "re2o", + "PASSWORD": DB_PASSWORD, + "HOST": "db", + "TEST": {"CHARSET": "utf8", "COLLATION": "utf8_general_ci"}, + }, + "ldap": { # The LDAP + "ENGINE": "ldapdb.backends.ldap", + "NAME": "ldap://localhost/", + "USER": "cn=admin,dc=example,dc=net", + "PASSWORD": "plopiplop", + }, +} + +# Security settings for secure https +# Activate once https is correctly configured +SECURE_CONTENT_TYPE_NOSNIFF = False +SECURE_BROWSER_XSS_FILTER = False +SESSION_COOKIE_SECURE = False +CSRF_COOKIE_SECURE = False +CSRF_COOKIE_HTTPONLY = False +X_FRAME_OPTIONS = "DENY" +SESSION_COOKIE_AGE = 60 * 60 * 3 + +# The path where your organization logo is stored +LOGO_PATH = "static_files/logo.png" + +# The mail configuration for Re2o to send mails +SERVER_EMAIL = "no-reply@example.net" # The mail address to use +EMAIL_HOST = "example.net" # The host to use +# EMAIL_PORT = MY_EMAIL_PORT # The port to use +EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' + +# Settings of the LDAP structure +LDAP = { + "base_user_dn": "cn=Utilisateurs,dc=example,dc=net", + "base_userservice_dn": "ou=service-users,dc=example,dc=net", + "base_usergroup_dn": "ou=posix,ou=groups,dc=example,dc=net", + "base_userservicegroup_dn": "ou=services,ou=groups,dc=example,dc=net", + "user_gid": 500, +} + +# A range of UID to use. Used in linux environement +UID_RANGES = {"users": [21001, 30000], "service-users": [20000, 21000]} + +# A range of GID to use. Used in linux environement +GID_RANGES = {"posix": [501, 600]} + +# Some optionnal Re2o Apps +OPTIONNAL_APPS_RE2O = () + +# Some Django apps you want to add in you local project +OPTIONNAL_APPS = OPTIONNAL_APPS_RE2O + ()