Docker fixes and documentation

Dockerfile

@@ -1,10 +1,10 @@
 FROM ubuntu:16.04
 MAINTAINER StackFocus
 ENV DEBIAN_FRONTEND noninteractive
+VOLUME ['/opt/postmaster/logs']
 
 RUN ln -snf /bin/bash /bin/sh
 RUN mkdir -p /opt/postmaster/git
-RUN mkdir -p /opt/postmaster/logs
 
 COPY ./ /opt/postmaster/git
 
@@ -32,10 +32,11 @@ RUN virtualenv -p /usr/bin/python2.7 /opt/postmaster/env
 
 WORKDIR /opt/postmaster/git
 
+RUN mkdir -p /opt/postmaster/logs
 RUN /opt/postmaster/env/bin/pip install -r requirements.txt
 RUN cp -pn /opt/postmaster/git/config.default.py /opt/postmaster/git/config.py
 RUN source /opt/postmaster/env/bin/activate && python manage.py clean
-RUN chown -R www-data:www-data /opt/postmaster
+RUN chown -R www-data:www-data /opt/postmaster/git /opt/postmaster/env
 RUN chmod +x /opt/postmaster/git/ops/docker.sh
 RUN /usr/sbin/a2dissite 000-default.conf
 RUN cp -f ops/ansible/roles/postmaster_deploy/files/apache2/postmaster.conf /etc/apache2/sites-available/postmaster.conf

config.default.py

@@ -12,7 +12,7 @@ class BaseConfiguration(object):
     # We introduce very little risk by disabling this.
     WTF_CSRF_ENABLED = False
     # Make this random (used to generate session keys)
-    SECRET_KEY = 'e9987dce48df3ce98542529fd074d9e9f9cd40e66fc6c4c2'
+    SECRET_KEY = '123456789abcdef123456789'
     SQLALCHEMY_TRACK_MODIFICATIONS = True
     SQLALCHEMY_DATABASE_URI = 'mysql://root:vagrant@localhost:3306/servermail'
     basedir = path.abspath(path.dirname(__file__))

docs/ChangeLog.md

@@ -14,6 +14,7 @@ Features:
 * Database upgrades/migrations are automatic during ugrades via the deb package and Docker [GH-138]
 * Adds the ability to unlock administrators and reset administrator passwords via the CLI [GH-145]
 * Adds the `python manage.py version` command [GH-156]
+* Adds the `python manage.py setkey` command [CHANGEME]
 
 Improvements:
 

docs/Configuration/CommandLineConfiguration.md

@@ -33,6 +33,8 @@ Use the following commands to restore the proper permissions on the PostMaster f
 **generatekey** replaces the secret key in config.py which is used by Flask (the Python framework used for PostMaster) for cryptographic functions.
 After the initial installation, this command should not be run again as all current logins would become invalid upon the next restart of the PostMaster.
 
+**setkey** replaces the secret key with one provided in config.py which is used by Flask (the Python framework used for PostMaster) for cryptographic functions.
+
 **unlockadmin username** unlocks a locked out administrator (replace username with the actual value).
 
 **resetadminpassword username password** resets an administrator's password to the desired value (replace user and password with the actual values)

docs/Installation/Docker.md

@@ -42,13 +42,25 @@ bind-address is set 0.0.0.0 and not 127.0.0.1 in:
         cd ~/PostMaster-*
         docker build -t postmaster .
 
+4. Create a directory on the Docker host to contain PostMaster's application and Apache logs:
+
+        mkdir -p /opt/postmaster_data/logs
+
 4. Run a PostMaster Docker container from the created image.
 The -p has the Docker host serve port 80 of the PostMaster container. Change this to what suits your environment.
 The -e specifies the value of the DB_URI environment variable, which is the URI that PostMaster will use to connect to your mail server's MySQL server.
+The -v parameter specifies that the /opt/postmaster_data/logs should be mounted as a volume at /opt/postmaster/logs inside the container.
 Make sure to replace 'password_changeme' and 'docker.postmaster.local' with what you configured in step 2 of MySQL Preparation:
 
-        docker run -p 0.0.0.0:80:8082 \
-             -e DB_URI=mysql://postmasteruser:password_changeme@docker.postmaster.local:3306/servermail -d postmaster
+        docker run \
+             -p 0.0.0.0:80:8082 \
+             -e DB_URI=mysql://postmasteruser:password_changeme@docker.postmaster.local:3306/servermail \
+             -v /opt/postmaster_data/logs:/opt/postmaster/logs \
+             -d postmaster
+
+Note: If you plan to deploy PostMaster behind a load-balancer, set the SECRET_KEY environment variable to a
+random string (preferably hex characters) that is the same across all running containers behind the load-balancer.
+This SECRET_KEY is used by Flask (the Python framework used for PostMaster) for cryptographic functions.
 
 5. PostMaster should now be running. Simply use the username "admin" and the password "PostMaster" to login.
 You can change your username and password from Manage -> Administrators.

manage.py

@@ -74,6 +74,13 @@ def generatekey():
         print(sub(r'(?<=SECRET_KEY = \')(.+)(?=\')', urandom(24).encode('hex'), line.rstrip()))
 
 
+@manager.command
+def setkey(key):
+    """Replaces the SECRET_KEY in config.py with one specified"""
+    for line in input('config.py', inplace=True):
+        print(sub(r'(?<=SECRET_KEY = \')(.+)(?=\')', key, line.rstrip()))
+
+
 @manager.command
 def setdburi(uri):
     """Replaces the BaseConfiguration SQLALCHEMY_DATABASE_URI in config.py with one supplied"""

ops/docker.sh

@@ -1,27 +1,39 @@
 #!/bin/bash
 # Remove any remnants of apache if it didn't shut down properly
 rm -f /var/run/apache2/apache2.pid
+# Only change the group membership so that the owner can be controlled on the Docker host when this folder is
+# mounted, and grant Apache write access to the logs folder
+chgrp -R www-data /opt/postmaster/logs
+chmod g+rwx /opt/postmaster/logs
+
+if [ ! -f /.mysql_db_configured ]; then
 
-if [ -f /.mysql_db_created ]; then
-    unset DB_URI
-    exec /usr/sbin/apache2ctl -D FOREGROUND
-else
     if [ -z "${DB_URI}" ]; then
         echo 'The environment variable DB_URI was not set. The application cannot run.' 1>&2
         exit 1
     fi
 
     source /opt/postmaster/env/bin/activate
-    python manage.py setdburi "${DB_URI}"
 
-    if python manage.py upgradedb; then
-        python manage.py generatekey
-        touch /.mysql_db_created
-        unset DB_URI
-        deactivate
-        exec /usr/sbin/apache2ctl -D FOREGROUND
+    if [ "${SECRET_KEY}" ]; then
+        python manage.py setkey "${SECRET_KEY}"
     else
+        python manage.py generatekey
+    fi
+
+    python manage.py setdburi "${DB_URI}"
+    # Clean up the pyc files for the config changes to take effect
+    python manage.py clean
+
+    if ! python manage.py upgradedb; then
         echo 'The database creation failed. Please check that the environment variable DB_URI is correct.' 1>&2
         exit 1
     fi
+
+    # Create a placeholder file to signify that the container has been configured
+    touch /.mysql_db_configured
 fi
+
+unset DB_URI
+unset SECRET_KEY
+exec /usr/sbin/apache2ctl -D FOREGROUND