From e83e73ead467c5e86378a50bea0562c590e26f81 Mon Sep 17 00:00:00 2001 From: Josh Krawczyk Date: Thu, 19 Nov 2020 19:03:44 -0500 Subject: [PATCH] finished up docker --- .../management/commands/initial_mesh_setup.py | 26 ++++-- api/tacticalrmm/scripts/models.py | 10 +-- api/tacticalrmm/scripts/tests.py | 2 +- docker/.env.example | 5 +- .../containers/tactical-frontend/dockerfile | 2 + .../tactical-frontend/entrypoint.sh | 26 +++++- .../containers/tactical-nginx/entrypoint.sh | 4 +- docker/containers/tactical/dockerfile | 2 + docker/docker-compose.yml | 6 ++ docker/image-build.sh | 3 +- docker/readme.md | 88 +++++++------------ web/src/boot/axios.js | 7 +- 12 files changed, 95 insertions(+), 86 deletions(-) diff --git a/api/tacticalrmm/core/management/commands/initial_mesh_setup.py b/api/tacticalrmm/core/management/commands/initial_mesh_setup.py index 79a5835a..1c82f296 100644 --- a/api/tacticalrmm/core/management/commands/initial_mesh_setup.py +++ b/api/tacticalrmm/core/management/commands/initial_mesh_setup.py @@ -51,25 +51,33 @@ class Command(BaseCommand): self.mesh_settings = CoreSettings.objects.first() try: - # Check for Mesh Username + # Check for Mesh Username if not self.mesh_settings.mesh_username and settings.MESH_USERNAME: self.mesh_settings.mesh_username = settings.MESH_USERNAME - # Check for Mesh Site + # Check for Mesh Site if not self.mesh_settings.mesh_site and settings.MESH_SITE: self.mesh_settings.mesh_site = settings.MESH_SITE - # Check for Mesh Token - if not self.mesh_settings.mesh_token and settings.MESH_TOKEN_KEY: + # Check for Mesh Token + if ( + not self.mesh_settings.mesh_token + or settings.MESH_TOKEN_KEY != self.mesh_settings.mesh_token + ): self.mesh_settings.mesh_token = settings.MESH_TOKEN_KEY - except AttributeError: - pass + self.mesh_settings.save() - if self.mesh_settings.mesh_token: + except AttributeError: + self.stdout.write( + "Mesh Setup was skipped because the configuration wasn't available. Needs to be setup manually." + ) + return + + try: asyncio.get_event_loop().run_until_complete(self.websocket_call()) self.stdout.write("Initial Mesh Central setup complete") - else: + except websockets.exceptions.ConnectionClosedError: self.stdout.write( - "Mesh Setup was skipped being the token wasn't set. Set it up manually." + "Unable to connect to MeshCentral. Please verify it is online and the configuration is correct in the settings." ) diff --git a/api/tacticalrmm/scripts/models.py b/api/tacticalrmm/scripts/models.py index c0d5b1f3..2a687707 100644 --- a/api/tacticalrmm/scripts/models.py +++ b/api/tacticalrmm/scripts/models.py @@ -39,9 +39,9 @@ class Script(BaseAuditModel): @property def file(self): if self.script_type == "userdefined": - return f"{settings.SCRIPTS_URL}/userdefined/{self.filename}" + return f"{settings.SCRIPTS_DIR}/userdefined/{self.filename}" else: - return f"{settings.SCRIPTS_URL}/{self.filename}" + return f"{settings.SCRIPTS_DIR}/{self.filename}" @property def code(self): @@ -65,11 +65,7 @@ class Script(BaseAuditModel): # files will be copied by the update script or in docker to /srv/salt/scripts # for install script - try: - scripts_dir = os.path.join(Path(settings.BASE_DIR).parents[1], "scripts") - # for docker - except: - scripts_dir = os.path.join(Path(settings.BASE_DIR).parents[0], "scripts") + scripts_dir = settings.SCRIPTS_DIR with open( os.path.join(settings.BASE_DIR, "scripts/community_scripts.json") diff --git a/api/tacticalrmm/scripts/tests.py b/api/tacticalrmm/scripts/tests.py index 2fbd7cff..b8fb076d 100644 --- a/api/tacticalrmm/scripts/tests.py +++ b/api/tacticalrmm/scripts/tests.py @@ -94,7 +94,7 @@ class TestScriptViews(TacticalTestCase): def test_load_community_scripts(self): valid_shells = ["powershell", "python", "cmd"] - scripts_dir = os.path.join(Path(settings.BASE_DIR).parents[1], "scripts") + scripts_dir = settings.SCRIPTS_DIR with open( os.path.join(settings.BASE_DIR, "scripts/community_scripts.json") diff --git a/docker/.env.example b/docker/.env.example index fa64318e..3ff38f1c 100644 --- a/docker/.env.example +++ b/docker/.env.example @@ -1,4 +1,4 @@ -IMAGE_REPO= +IMAGE_REPO=tacticalrmm VERSION=latest # tactical credentials (Used to login to dashboard) @@ -19,6 +19,3 @@ MONGODB_PASSWORD=mongopass # database settings POSTGRES_USER=postgres POSTGRES_PASS=postgrespass - -# salt settings -SALT_PASS=saltpass \ No newline at end of file diff --git a/docker/containers/tactical-frontend/dockerfile b/docker/containers/tactical-frontend/dockerfile index c59b03fa..910083a5 100644 --- a/docker/containers/tactical-frontend/dockerfile +++ b/docker/containers/tactical-frontend/dockerfile @@ -19,3 +19,5 @@ COPY --from=builder /home/node/app/dist/ ${PUBLIC_DIR} COPY docker/containers/tactical-frontend/entrypoint.sh /docker-entrypoint.d/ RUN chmod +x /docker-entrypoint.d/entrypoint.sh + +EXPOSE 80 diff --git a/docker/containers/tactical-frontend/entrypoint.sh b/docker/containers/tactical-frontend/entrypoint.sh index 8e1fabf5..b02a92a6 100644 --- a/docker/containers/tactical-frontend/entrypoint.sh +++ b/docker/containers/tactical-frontend/entrypoint.sh @@ -3,9 +3,29 @@ # https://www.freecodecamp.org/news/how-to-implement-runtime-environment-variables-with-create-react-app-docker-and-nginx-7f9d42a91d70/ # -# Recreate js config file +# Recreate js config file on start rm -rf ${PUBLIC_DIR}/env-config.js touch ${PUBLIC_DIR}/env-config.js -# Add assignment -echo "window._env_ = {PROD_URL: \"${API_HOST}\"}" >> ${PUBLIC_DIR}/env-config.js +# Add runtime base url assignment +echo "window._env_ = {PROD_URL: \"https://${API_HOST}\"}" >> ${PUBLIC_DIR}/env-config.js + +nginx_config="$(cat << EOF +server { + listen 80; + charset utf-8; + + location / { + root /usr/share/nginx/html; + try_files \$uri \$uri/ /index.html; + add_header Cache-Control "no-store, no-cache, must-revalidate"; + add_header Pragma "no-cache"; + } + + error_log /var/log/nginx/app-error.log; + access_log /var/log/nginx/app-access.log; +} +EOF +)" + +echo "${nginx_config}" > /etc/nginx/conf.d/default.conf \ No newline at end of file diff --git a/docker/containers/tactical-nginx/entrypoint.sh b/docker/containers/tactical-nginx/entrypoint.sh index fac6adcb..0a917ce5 100644 --- a/docker/containers/tactical-nginx/entrypoint.sh +++ b/docker/containers/tactical-nginx/entrypoint.sh @@ -15,8 +15,8 @@ rm -f /etc/nginx/conf.d/default.conf # check for certificates in env variable if [ "${CERT_PRIV_KEY}" == 'none' ] || [ "${CERT_PUB_KEY}" == 'none' ]; then - echo "${CERT_PRIV_KEY}" > ${CERT_PRIV_PATH} - echo "${CERT_PUB_KEY}" > ${CERT_PUB_PATH} + echo "${CERT_PRIV_KEY}" | base64 --decode > ${CERT_PRIV_PATH} + echo "${CERT_PUB_KEY}" | base64 --decode > ${CERT_PUB_PATH} else # generate a self signed cert if [ ! -f "${CERT_PRIV_PATH}" ] || [ ! -f "${CERT_PUB_PATH}" ]; then diff --git a/docker/containers/tactical/dockerfile b/docker/containers/tactical/dockerfile index 0b422a28..1b4d3db7 100644 --- a/docker/containers/tactical/dockerfile +++ b/docker/containers/tactical/dockerfile @@ -38,3 +38,5 @@ RUN chmod +x /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] WORKDIR ${TACTICAL_DIR}/api + +EXPOSE 80 diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 0530d80d..3ea38b41 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -18,11 +18,13 @@ volumes: salt_data: postgres_data: mongo_data: + mesh_data: services: # postgres database for api service tactical-postgres: image: postgres:13 + restart: always environment: POSTGRES_DB: tacticalrmm POSTGRES_USER: ${POSTGRES_USER} @@ -35,6 +37,7 @@ services: # redis container for celery tasks tactical-redis: image: redis + restart: always networks: - redis @@ -88,12 +91,14 @@ services: - mesh-db volumes: - tactical_data:/opt/tactical + - mesh_data:/home/node/app/meshcentral-data depends_on: - tactical-mongodb # mongodb container for meshCentral tactical-mongodb: image: mongo + restart: always environment: MONGO_INITDB_ROOT_USERNAME: ${MONGODB_USER} MONGO_INITDB_ROOT_PASSWORD: ${MONGODB_PASSWORD} @@ -120,6 +125,7 @@ services: networks: - proxy - api-db + - redis volumes: - tactical_data:/opt/tactical depends_on: diff --git a/docker/image-build.sh b/docker/image-build.sh index 07998be8..2bb4499c 100755 --- a/docker/image-build.sh +++ b/docker/image-build.sh @@ -5,7 +5,8 @@ set -o errexit set -o pipefail -DOCKER_IMAGES="tactical tactical-nginx tactical-meshcentral tactical-salt tactical-frontend" +# tactical tactical-frontend tactical-nginx tactical-meshcentral tactical-salt +DOCKER_IMAGES="tactical" cd .. diff --git a/docker/readme.md b/docker/readme.md index cbde179b..5654128e 100644 --- a/docker/readme.md +++ b/docker/readme.md @@ -1,11 +1,9 @@ # Docker Setup -- install docker and docker-compose -- Obtain wildcard cert or individual certs for each subdomain -- You can copy any wildcard cert public and private key to the docker/nginx-proxy/certs folder. - -## Generate certificates with certbot (Optional if you already have the certs) +- Install docker and docker-compose +- Optional (but strongly recommended) obtain valid wildcard cert for domain. If not certs are present a self-signed cert will be generated. See below on how to generate a free Let's Encrypt +## (Optional) Generate certificates with certbot Install Certbot ``` @@ -13,12 +11,11 @@ sudo add-apt-repository ppa:certbot/certbot sudo apt-get install certbot ``` -Generate the wildcard certificate. Add the DNS entry for domain validation. +Generate the wildcard certificate. Add the DNS entry for domain validation. Replace `example.com` with your root doamin ``` sudo certbot certonly --manual -d *.example.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns ``` -Copy the fullchain.pem and privkey.pem to the nginx-proxy/cert directory. ## Configure DNS and Firewall @@ -26,66 +23,47 @@ You will need to add DNS entries so that the three subdomains resolve to the IP ## Run the environment with Docker -Copy the .env.example to .env then -change values in .env to match your environment +Get the docker-compose and .env.example file on the host you which to install on + +``` +wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/docker/docker-compose.yml +wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/docker/.env.example +mv .env.example .env +``` + +Change the values in .env to match your environment. + +If you are supplying certificates through Let's Encrypt or another source, see the section below about base64 encoding the certificate files. + +Then run the below command to start the environment. ``` -cd docker sudo docker-compose up -d ``` -You may need to run this twice if some containers fail to start - -## Create a super user - -``` -sudo docker-compose exec api python manage.py createsuperuser -``` - ## Get MeshCentral EXE download link -Run the below command to get the download link for the mesh central exe. The dashboard will ask for this when you first sign in +Run the below command to get the download link for the mesh central exe. This needs to be uploaded on first successful signin. ``` -sudo docker-compose exec api python manage.py get_mesh_exe_url +sudo docker-compose exec tactical-backend python manage.py get_mesh_exe_url ``` -## Connect to a container instance shell +## Base64 encoding certificates to pass as env variables -The below command opens up a shell to the api service. +Use the below command to add the the correct values to the .env. + +Running this command multiple times will add redundant entries, so those will need to be removed. + +Let's encrypt certs are stored in: + +public key +`/etc/letsencrypt/live/${rootdomain}/fullchain.pem` + +private key +`/etc/letsencrypt/live${rootdomain}/privkey.pem` ``` -sudo docker-compose exec api /bin/bash +sudo echo "CERT_PUB_KEY=$(base64 /path/to/pub/key)" >> .env +sudo echo "CERT_PRIV_KEY=$(base64 /path/to/priv/key)" >> .env ``` - -If /bin/bash doesn't work then /bin/sh might need to be used. - -## Using Docker for Dev (optional) - -This allows you to edit the files locally and those changes will be presented to the containers. Hot Module Reload (Vue/webpack) and the Python equivalent will also work! - -### Setup - -Files that need to be manually created are: -- api/tacticalrmm/tacticalrmm/local_settings.py -- web/.env - -Make sure to add `MESH_WS_URL="ws://meshcentral:443"` in the local_settings.py file. This is needed for the mesh central setup - -For HMR to work with vue you can copy .env.example and modify the setting to fit your dev environment. - -### Create Python Virtual Env - -Each python container shares the same virtual env to make spinning up faster. It is located in api/tacticalrmm/env. - -There is a container dedicated to creating and keeping this up to date. Prior to spinning up the environment you can run `docker-compose -f docker-compose.yml -f docker-compose.dev.yml up venv` to make sure the virtual env is ready. Otherwise the api and celery containers will fail to start. - -### Spinup the environment - -Now run `docker-compose -f docker-compose.yml -f docker-compose.dev.yml up -d` to spin everything else up - -This will mount the local vue and python files in the app container with hot reload. Does not require rebuilding when changes to code are made and the changes will take effect immediately! - -### Other Considerations - -- It is recommended that you use the vscode docker plugin to manage containers. Docker desktop works well too on Windows. diff --git a/web/src/boot/axios.js b/web/src/boot/axios.js index aee796aa..59ca94a0 100644 --- a/web/src/boot/axios.js +++ b/web/src/boot/axios.js @@ -5,10 +5,9 @@ export default function ({ router, store }) { Vue.prototype.$axios = axios; - axios.defaults.baseURL = - process.env.NODE_ENV === "production" - ? window._env_.PROD_URL || process.env.PROD_API - : process.env.DEV_API; + axios.defaults.baseURL = process.env.NODE_ENV === "production" + ? window._env_.PROD_URL || process.env.PROD_API + : process.env.DEV_API; axios.interceptors.request.use( function (config) {