Rooba
/
tacticalrmm
mirror of https://github.com/amidaware/tacticalrmm.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

finished up docker

This commit is contained in:
Josh Krawczyk 2020-11-19 19:03:44 -05:00
parent 9ec2f6b64d
commit e83e73ead4
12 changed files with 95 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
api/tacticalrmm/core/management/commands/initial_mesh_setup.py
View File

@ -51,25 +51,33 @@ class Command(BaseCommand):
self.mesh_settings = CoreSettings.objects.first()
try:
# Check for Mesh Username
# Check for Mesh Username
if not self.mesh_settings.mesh_username and settings.MESH_USERNAME:
self.mesh_settings.mesh_username = settings.MESH_USERNAME
# Check for Mesh Site
# Check for Mesh Site
if not self.mesh_settings.mesh_site and settings.MESH_SITE:
self.mesh_settings.mesh_site = settings.MESH_SITE
# Check for Mesh Token
if not self.mesh_settings.mesh_token and settings.MESH_TOKEN_KEY:
# Check for Mesh Token
if (
not self.mesh_settings.mesh_token
or settings.MESH_TOKEN_KEY != self.mesh_settings.mesh_token
):
self.mesh_settings.mesh_token = settings.MESH_TOKEN_KEY
except AttributeError:
pass
self.mesh_settings.save()
if self.mesh_settings.mesh_token:
except AttributeError:
self.stdout.write(
"Mesh Setup was skipped because the configuration wasn't available. Needs to be setup manually."
)
return
try:
asyncio.get_event_loop().run_until_complete(self.websocket_call())
self.stdout.write("Initial Mesh Central setup complete")
else:
except websockets.exceptions.ConnectionClosedError:
self.stdout.write(
"Mesh Setup was skipped being the token wasn't set. Set it up manually."
"Unable to connect to MeshCentral. Please verify it is online and the configuration is correct in the settings."
)

10
api/tacticalrmm/scripts/models.py
View File

@ -39,9 +39,9 @@ class Script(BaseAuditModel):
@property
def file(self):
if self.script_type == "userdefined":
return f"{settings.SCRIPTS_URL}/userdefined/{self.filename}"
return f"{settings.SCRIPTS_DIR}/userdefined/{self.filename}"
else:
return f"{settings.SCRIPTS_URL}/{self.filename}"
return f"{settings.SCRIPTS_DIR}/{self.filename}"
@property
def code(self):
@ -65,11 +65,7 @@ class Script(BaseAuditModel):
# files will be copied by the update script or in docker to /srv/salt/scripts
# for install script
try:
scripts_dir = os.path.join(Path(settings.BASE_DIR).parents[1], "scripts")
# for docker
except:
scripts_dir = os.path.join(Path(settings.BASE_DIR).parents[0], "scripts")
scripts_dir = settings.SCRIPTS_DIR
with open(
os.path.join(settings.BASE_DIR, "scripts/community_scripts.json")

2
api/tacticalrmm/scripts/tests.py
View File

@ -94,7 +94,7 @@ class TestScriptViews(TacticalTestCase):
def test_load_community_scripts(self):
valid_shells = ["powershell", "python", "cmd"]
scripts_dir = os.path.join(Path(settings.BASE_DIR).parents[1], "scripts")
scripts_dir = settings.SCRIPTS_DIR
with open(
os.path.join(settings.BASE_DIR, "scripts/community_scripts.json")

5
docker/.env.example
View File

@ -1,4 +1,4 @@
IMAGE_REPO=
IMAGE_REPO=tacticalrmm
VERSION=latest
# tactical credentials (Used to login to dashboard)
@ -19,6 +19,3 @@ MONGODB_PASSWORD=mongopass
# database settings
POSTGRES_USER=postgres
POSTGRES_PASS=postgrespass
# salt settings
SALT_PASS=saltpass

2
docker/containers/tactical-frontend/dockerfile
View File

@ -19,3 +19,5 @@ COPY --from=builder /home/node/app/dist/ ${PUBLIC_DIR}
COPY docker/containers/tactical-frontend/entrypoint.sh /docker-entrypoint.d/
RUN chmod +x /docker-entrypoint.d/entrypoint.sh
EXPOSE 80

26
docker/containers/tactical-frontend/entrypoint.sh
View File

@ -3,9 +3,29 @@
# https://www.freecodecamp.org/news/how-to-implement-runtime-environment-variables-with-create-react-app-docker-and-nginx-7f9d42a91d70/
#
# Recreate js config file
# Recreate js config file on start
rm -rf ${PUBLIC_DIR}/env-config.js
touch ${PUBLIC_DIR}/env-config.js
# Add assignment
echo "window._env_ = {PROD_URL: \"${API_HOST}\"}" >> ${PUBLIC_DIR}/env-config.js
# Add runtime base url assignment
echo "window._env_ = {PROD_URL: \"https://${API_HOST}\"}" >> ${PUBLIC_DIR}/env-config.js
nginx_config="$(cat << EOF
server {
listen 80;
charset utf-8;
location / {
root /usr/share/nginx/html;
try_files \$uri \$uri/ /index.html;
add_header Cache-Control "no-store, no-cache, must-revalidate";
add_header Pragma "no-cache";
}
error_log /var/log/nginx/app-error.log;
access_log /var/log/nginx/app-access.log;
}
EOF
)"
echo "${nginx_config}" > /etc/nginx/conf.d/default.conf

4
docker/containers/tactical-nginx/entrypoint.sh
View File

@ -15,8 +15,8 @@ rm -f /etc/nginx/conf.d/default.conf
# check for certificates in env variable
if [ "${CERT_PRIV_KEY}" == 'none' ] || [ "${CERT_PUB_KEY}" == 'none' ]; then
echo "${CERT_PRIV_KEY}" > ${CERT_PRIV_PATH}
echo "${CERT_PUB_KEY}" > ${CERT_PUB_PATH}
echo "${CERT_PRIV_KEY}" | base64 --decode > ${CERT_PRIV_PATH}
echo "${CERT_PUB_KEY}" | base64 --decode > ${CERT_PUB_PATH}
else
# generate a self signed cert
if [ ! -f "${CERT_PRIV_PATH}" ] || [ ! -f "${CERT_PUB_PATH}" ]; then

2
docker/containers/tactical/dockerfile
View File

@ -38,3 +38,5 @@ RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
WORKDIR ${TACTICAL_DIR}/api
EXPOSE 80

6
docker/docker-compose.yml
View File

@ -18,11 +18,13 @@ volumes:
salt_data:
postgres_data:
mongo_data:
mesh_data:
services:
# postgres database for api service
tactical-postgres:
image: postgres:13
restart: always
environment:
POSTGRES_DB: tacticalrmm
POSTGRES_USER: ${POSTGRES_USER}
@ -35,6 +37,7 @@ services:
# redis container for celery tasks
tactical-redis:
image: redis
restart: always
networks:
- redis
@ -88,12 +91,14 @@ services:
- mesh-db
volumes:
- tactical_data:/opt/tactical
- mesh_data:/home/node/app/meshcentral-data
depends_on:
- tactical-mongodb
# mongodb container for meshCentral
tactical-mongodb:
image: mongo
restart: always
environment:
MONGO_INITDB_ROOT_USERNAME: ${MONGODB_USER}
MONGO_INITDB_ROOT_PASSWORD: ${MONGODB_PASSWORD}
@ -120,6 +125,7 @@ services:
networks:
- proxy
- api-db
- redis
volumes:
- tactical_data:/opt/tactical
depends_on:

3
docker/image-build.sh
View File

@ -5,7 +5,8 @@
set -o errexit
set -o pipefail
DOCKER_IMAGES="tactical tactical-nginx tactical-meshcentral tactical-salt tactical-frontend"
# tactical tactical-frontend tactical-nginx tactical-meshcentral tactical-salt
DOCKER_IMAGES="tactical"
cd ..

88
docker/readme.md
View File

@ -1,11 +1,9 @@
# Docker Setup
- install docker and docker-compose
- Obtain wildcard cert or individual certs for each subdomain
- You can copy any wildcard cert public and private key to the docker/nginx-proxy/certs folder.
## Generate certificates with certbot (Optional if you already have the certs)
- Install docker and docker-compose
- Optional (but strongly recommended) obtain valid wildcard cert for domain. If not certs are present a self-signed cert will be generated. See below on how to generate a free Let's Encrypt
## (Optional) Generate certificates with certbot
Install Certbot
```
@ -13,12 +11,11 @@ sudo add-apt-repository ppa:certbot/certbot
sudo apt-get install certbot
```
Generate the wildcard certificate. Add the DNS entry for domain validation.
Generate the wildcard certificate. Add the DNS entry for domain validation. Replace `example.com` with your root doamin
```
sudo certbot certonly --manual -d *.example.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns
```
Copy the fullchain.pem and privkey.pem to the nginx-proxy/cert directory.
## Configure DNS and Firewall
@ -26,66 +23,47 @@ You will need to add DNS entries so that the three subdomains resolve to the IP
## Run the environment with Docker
Copy the .env.example to .env then
change values in .env to match your environment
Get the docker-compose and .env.example file on the host you which to install on
```
wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/docker/docker-compose.yml
wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/docker/.env.example
mv .env.example .env
```
Change the values in .env to match your environment.
If you are supplying certificates through Let's Encrypt or another source, see the section below about base64 encoding the certificate files.
Then run the below command to start the environment.
```
cd docker
sudo docker-compose up -d
```
You may need to run this twice if some containers fail to start
## Create a super user
```
sudo docker-compose exec api python manage.py createsuperuser
```
## Get MeshCentral EXE download link
Run the below command to get the download link for the mesh central exe. The dashboard will ask for this when you first sign in
Run the below command to get the download link for the mesh central exe. This needs to be uploaded on first successful signin.
```
sudo docker-compose exec api python manage.py get_mesh_exe_url
sudo docker-compose exec tactical-backend python manage.py get_mesh_exe_url
```
## Connect to a container instance shell
## Base64 encoding certificates to pass as env variables
The below command opens up a shell to the api service.
Use the below command to add the the correct values to the .env.
Running this command multiple times will add redundant entries, so those will need to be removed.
Let's encrypt certs are stored in:
public key
`/etc/letsencrypt/live/${rootdomain}/fullchain.pem`
private key
`/etc/letsencrypt/live${rootdomain}/privkey.pem`
```
sudo docker-compose exec api /bin/bash
sudo echo "CERT_PUB_KEY=$(base64 /path/to/pub/key)" >> .env
sudo echo "CERT_PRIV_KEY=$(base64 /path/to/priv/key)" >> .env
```
If /bin/bash doesn't work then /bin/sh might need to be used.
## Using Docker for Dev (optional)
This allows you to edit the files locally and those changes will be presented to the containers. Hot Module Reload (Vue/webpack) and the Python equivalent will also work!
### Setup
Files that need to be manually created are:
- api/tacticalrmm/tacticalrmm/local_settings.py
- web/.env
Make sure to add `MESH_WS_URL="ws://meshcentral:443"` in the local_settings.py file. This is needed for the mesh central setup
For HMR to work with vue you can copy .env.example and modify the setting to fit your dev environment.
### Create Python Virtual Env
Each python container shares the same virtual env to make spinning up faster. It is located in api/tacticalrmm/env.
There is a container dedicated to creating and keeping this up to date. Prior to spinning up the environment you can run `docker-compose -f docker-compose.yml -f docker-compose.dev.yml up venv` to make sure the virtual env is ready. Otherwise the api and celery containers will fail to start.
### Spinup the environment
Now run `docker-compose -f docker-compose.yml -f docker-compose.dev.yml up -d` to spin everything else up
This will mount the local vue and python files in the app container with hot reload. Does not require rebuilding when changes to code are made and the changes will take effect immediately!
### Other Considerations
- It is recommended that you use the vscode docker plugin to manage containers. Docker desktop works well too on Windows.

7
web/src/boot/axios.js
View File

@ -5,10 +5,9 @@ export default function ({ router, store }) {
Vue.prototype.$axios = axios;
axios.defaults.baseURL =
process.env.NODE_ENV === "production"
? window._env_.PROD_URL || process.env.PROD_API
: process.env.DEV_API;
axios.defaults.baseURL = process.env.NODE_ENV === "production"
? window._env_.PROD_URL || process.env.PROD_API
: process.env.DEV_API;
axios.interceptors.request.use(
function (config) {