From f28e9efdc2e9d54577acc6eae2962654dd7d068f Mon Sep 17 00:00:00 2001 From: PrahlM93 Date: Tue, 16 Aug 2016 22:02:18 -0400 Subject: [PATCH] Added the ability to specify a SECRET_KEY when running Docker, and added Docker documentation --- Dockerfile | 5 +-- config.default.py | 2 +- docs/ChangeLog.md | 1 + .../Configuration/CommandLineConfiguration.md | 2 ++ docs/Installation/Docker.md | 16 +++++++-- manage.py | 7 ++++ ops/docker.sh | 34 +++++++++++++------ 7 files changed, 51 insertions(+), 16 deletions(-) diff --git a/Dockerfile b/Dockerfile index ba18d45..3d632a6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,10 @@ FROM ubuntu:16.04 MAINTAINER StackFocus ENV DEBIAN_FRONTEND noninteractive +VOLUME ['/opt/postmaster/logs'] RUN ln -snf /bin/bash /bin/sh RUN mkdir -p /opt/postmaster/git -RUN mkdir -p /opt/postmaster/logs COPY ./ /opt/postmaster/git @@ -32,10 +32,11 @@ RUN virtualenv -p /usr/bin/python2.7 /opt/postmaster/env WORKDIR /opt/postmaster/git +RUN mkdir -p /opt/postmaster/logs RUN /opt/postmaster/env/bin/pip install -r requirements.txt RUN cp -pn /opt/postmaster/git/config.default.py /opt/postmaster/git/config.py RUN source /opt/postmaster/env/bin/activate && python manage.py clean -RUN chown -R www-data:www-data /opt/postmaster +RUN chown -R www-data:www-data /opt/postmaster/git /opt/postmaster/env RUN chmod +x /opt/postmaster/git/ops/docker.sh RUN /usr/sbin/a2dissite 000-default.conf RUN cp -f ops/ansible/roles/postmaster_deploy/files/apache2/postmaster.conf /etc/apache2/sites-available/postmaster.conf diff --git a/config.default.py b/config.default.py index 0fc0cb9..7810186 100644 --- a/config.default.py +++ b/config.default.py @@ -12,7 +12,7 @@ class BaseConfiguration(object): # We introduce very little risk by disabling this. WTF_CSRF_ENABLED = False # Make this random (used to generate session keys) - SECRET_KEY = 'e9987dce48df3ce98542529fd074d9e9f9cd40e66fc6c4c2' + SECRET_KEY = '123456789abcdef123456789' SQLALCHEMY_TRACK_MODIFICATIONS = True SQLALCHEMY_DATABASE_URI = 'mysql://root:vagrant@localhost:3306/servermail' basedir = path.abspath(path.dirname(__file__)) diff --git a/docs/ChangeLog.md b/docs/ChangeLog.md index 3001efb..2558732 100644 --- a/docs/ChangeLog.md +++ b/docs/ChangeLog.md @@ -14,6 +14,7 @@ Features: * Database upgrades/migrations are automatic during ugrades via the deb package and Docker [GH-138] * Adds the ability to unlock administrators and reset administrator passwords via the CLI [GH-145] * Adds the `python manage.py version` command [GH-156] +* Adds the `python manage.py setkey` command [CHANGEME] Improvements: diff --git a/docs/Configuration/CommandLineConfiguration.md b/docs/Configuration/CommandLineConfiguration.md index ce60eef..48ed66b 100644 --- a/docs/Configuration/CommandLineConfiguration.md +++ b/docs/Configuration/CommandLineConfiguration.md @@ -33,6 +33,8 @@ Use the following commands to restore the proper permissions on the PostMaster f **generatekey** replaces the secret key in config.py which is used by Flask (the Python framework used for PostMaster) for cryptographic functions. After the initial installation, this command should not be run again as all current logins would become invalid upon the next restart of the PostMaster. +**setkey** replaces the secret key with one provided in config.py which is used by Flask (the Python framework used for PostMaster) for cryptographic functions. + **unlockadmin username** unlocks a locked out administrator (replace username with the actual value). **resetadminpassword username password** resets an administrator's password to the desired value (replace user and password with the actual values) diff --git a/docs/Installation/Docker.md b/docs/Installation/Docker.md index 1ce2694..ff1bea4 100644 --- a/docs/Installation/Docker.md +++ b/docs/Installation/Docker.md @@ -42,13 +42,25 @@ bind-address is set 0.0.0.0 and not 127.0.0.1 in: cd ~/PostMaster-* docker build -t postmaster . +4. Create a directory on the Docker host to contain PostMaster's application and Apache logs: + + mkdir -p /opt/postmaster_data/logs + 4. Run a PostMaster Docker container from the created image. The -p has the Docker host serve port 80 of the PostMaster container. Change this to what suits your environment. The -e specifies the value of the DB_URI environment variable, which is the URI that PostMaster will use to connect to your mail server's MySQL server. +The -v parameter specifies that the /opt/postmaster_data/logs should be mounted as a volume at /opt/postmaster/logs inside the container. Make sure to replace 'password_changeme' and 'docker.postmaster.local' with what you configured in step 2 of MySQL Preparation: - docker run -p 0.0.0.0:80:8082 \ - -e DB_URI=mysql://postmasteruser:password_changeme@docker.postmaster.local:3306/servermail -d postmaster + docker run \ + -p 0.0.0.0:80:8082 \ + -e DB_URI=mysql://postmasteruser:password_changeme@docker.postmaster.local:3306/servermail \ + -v /opt/postmaster_data/logs:/opt/postmaster/logs \ + -d postmaster + +Note: If you plan to deploy PostMaster behind a load-balancer, set the SECRET_KEY environment variable to a +random string (preferably hex characters) that is the same across all running containers behind the load-balancer. +This SECRET_KEY is used by Flask (the Python framework used for PostMaster) for cryptographic functions. 5. PostMaster should now be running. Simply use the username "admin" and the password "PostMaster" to login. You can change your username and password from Manage -> Administrators. diff --git a/manage.py b/manage.py index 1446aed..c25e378 100644 --- a/manage.py +++ b/manage.py @@ -74,6 +74,13 @@ def generatekey(): print(sub(r'(?<=SECRET_KEY = \')(.+)(?=\')', urandom(24).encode('hex'), line.rstrip())) +@manager.command +def setkey(key): + """Replaces the SECRET_KEY in config.py with one specified""" + for line in input('config.py', inplace=True): + print(sub(r'(?<=SECRET_KEY = \')(.+)(?=\')', key, line.rstrip())) + + @manager.command def setdburi(uri): """Replaces the BaseConfiguration SQLALCHEMY_DATABASE_URI in config.py with one supplied""" diff --git a/ops/docker.sh b/ops/docker.sh index e84d987..e0c42d2 100644 --- a/ops/docker.sh +++ b/ops/docker.sh @@ -1,27 +1,39 @@ #!/bin/bash # Remove any remnants of apache if it didn't shut down properly rm -f /var/run/apache2/apache2.pid +# Only change the group membership so that the owner can be controlled on the Docker host when this folder is +# mounted, and grant Apache write access to the logs folder +chgrp -R www-data /opt/postmaster/logs +chmod g+rwx /opt/postmaster/logs + +if [ ! -f /.mysql_db_configured ]; then -if [ -f /.mysql_db_created ]; then - unset DB_URI - exec /usr/sbin/apache2ctl -D FOREGROUND -else if [ -z "${DB_URI}" ]; then echo 'The environment variable DB_URI was not set. The application cannot run.' 1>&2 exit 1 fi source /opt/postmaster/env/bin/activate - python manage.py setdburi "${DB_URI}" - if python manage.py upgradedb; then - python manage.py generatekey - touch /.mysql_db_created - unset DB_URI - deactivate - exec /usr/sbin/apache2ctl -D FOREGROUND + if [ "${SECRET_KEY}" ]; then + python manage.py setkey "${SECRET_KEY}" else + python manage.py generatekey + fi + + python manage.py setdburi "${DB_URI}" + # Clean up the pyc files for the config changes to take effect + python manage.py clean + + if ! python manage.py upgradedb; then echo 'The database creation failed. Please check that the environment variable DB_URI is correct.' 1>&2 exit 1 fi + + # Create a placeholder file to signify that the container has been configured + touch /.mysql_db_configured fi + +unset DB_URI +unset SECRET_KEY +exec /usr/sbin/apache2ctl -D FOREGROUND