Docker-compose PatrowlManager Backend

dsever · Oct 4, 2018 · 9813855 · 9813855
1 parent a42dc3e
commit 9813855
Show file tree

Hide file tree

Showing 14 changed files with 453 additions and 58 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,10 @@
+.DS_Store
+app/settings.py
+var/log/*.log
+var/log/*.log.[0-9]*
+var/tmp/*.pid
+**/migrations/[0-9]*.py
+media/*
+*.pyc
+__pycache__
+env
diff --git a/.gitignore b/.gitignore
@@ -12,6 +12,5 @@ media/policies/*
 media/reports/*
 var/tmp/db.json
 **/migrations/[0-9]*.py
-.idea
 .scannerwork
 staticfiles
diff --git a/Dockerfile b/Dockerfile
@@ -1,10 +1,19 @@
 FROM python:2.7
+#FROM python:2.7-slim
 ENV PYTHONUNBUFFERED 1
 RUN mkdir -p /opt/patrowl-manager/
 WORKDIR /opt/patrowl-manager/
 COPY . /opt/patrowl-manager/
-RUN pip install -r requirements.txt
-RUN python manage.py collectstatic --no-input
+COPY app/settings.py.sample /opt/patrowl-manager/app/settings.py
+
+RUN apt-get update -yq
+RUN apt-get install -yq --no-install-recommends virtualenv python-pip libmagic-dev
+RUN apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
+	&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+RUN virtualenv env
+RUN /bin/bash -c "source env/bin/activate && pip install -r requirements.txt && deactivate"
 
 EXPOSE 8001
-CMD ["gunicorn", "--bind", ":8000", "app.wsgi:application"]
+ENTRYPOINT ["/opt/patrowl-manager/docker-entrypoint.sh"]
+CMD ["run"]
diff --git a/app/settings.py.sample b/app/settings.py.sample
@@ -17,11 +17,11 @@ SECURE_HSTS_SECONDS = 3600 # 1 hour (for testing only, otherwise, set 31536000)
 SECURE_HSTS_INCLUDE_SUBDOMAINS = True
 SECURE_SSL_REDIRECT = False # Dev/test environment
 #SECURE_SSL_REDIRECT = True # Production environment, if HTTPS is enabled
-X_FRAME_OPTIONS = 'DENY'
+#X_FRAME_OPTIONS = 'DENY'
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True    # Dev/test environment
-#DEBUG = False  # Production environment
+#DEBUG = os.environ.get('DEBUG', True)    # Dev/test environment
+DEBUG = os.environ.get('DEBUG', False)   # Production environment
 
 ALLOWED_HOSTS = ['*'] # /!\ Not safe for production environment
 
@@ -83,6 +83,7 @@ LOGIN_REQUIRED_URLS_EXCEPTIONS = (
     r'/logout(.*)$',
     r'/home$',
     r'/signup$',
+    r'/static/(.*)$',
 )
 
 LOGIN_URL = '/login'
@@ -121,7 +122,7 @@ DATABASES = {
         'NAME': os.environ.get('DB_ENV_DB', 'patrowl_db'),
         'USER': os.environ.get('DB_ENV_POSTGRES_USER', 'PATROWL_DB_USER'),
         'PASSWORD': os.environ.get('DB_ENV_POSTGRES_PASSWORD', 'PATROWL_DB_PASSWD_TO_CHANGE'),
-        'HOST': os.environ.get('DB_PORT_5432_TCP_ADDR', 'localhost'),
+        'HOST': os.environ.get('DB_PORT_5432_TCP_HOST', 'localhost'),
         'PORT': os.environ.get('DB_PORT_5432_TCP_PORT', ''),
     }
 }
@@ -153,8 +154,8 @@ USE_TZ = False
 
 
 # Static files (CSS, JavaScript, Images)
-STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')
 STATIC_URL = '/static/'
+STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')
 STATICFILES_DIRS = [
     os.path.join(BASE_DIR, "static"),
 ]
@@ -170,7 +171,7 @@ if RABBIT_HOSTNAME.startswith('tcp://'):
     RABBIT_HOSTNAME = RABBIT_HOSTNAME.split('//')[1]
 
 BROKER_URL = os.environ.get('BROKER_URL', '')
-if not BROKER_URL:
+if BROKER_URL == "":
     BROKER_URL = 'amqp://{user}:{password}@{hostname}/{vhost}/'.format(
         user=os.environ.get('RABBIT_ENV_USER', 'guest'),
         password=os.environ.get('RABBIT_ENV_RABBITMQ_PASS', 'guest'),

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -4,61 +4,59 @@ services:
   rabbitmq:
     image: rabbitmq:latest
     container_name: patrowl_rabbitmq
+    environment:
+      - RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="-rabbit log_levels [{connection,error}]"
     ports:
       - '5672:5672'
-    #env_file: secrets.env
 
   db:
     # image: postgres:latest
     image: postgres:10.1-alpine
     container_name: patrowl_postgres
     environment:
-      - POSTGRES_DB="patrowl_db"
-      - POSTGRES_USER="PATROWL_DB_USER"
-      - POSTGRES_PASSWORD="PATROWL_DB_PASSWD_TO_CHANGE"
+      - POSTGRES_DB=patrowl_db
+      - POSTGRES_USER=PATROWL_DB_USER
+      - POSTGRES_PASSWORD=PATROWL_DB_PASSWD_TO_CHANGE
     ports:
       - '5432:5432'
-    expose:
-      - "5432"
-    volumes: 
-      - ./var/db/create_user_and_db.sql:/docker-entrypoint-initdb.d/create_user_and_db.sql
-    #env_file: secrets.env
+    volumes:
+      - ./var/db/init_db.sql:/docker-entrypoint-initdb.d/init_db.sql
     # volumes:
     #   - postgres_data:/var/lib/postgresql/data/
-
-  nginx:
-    image: nginx:latest
-    container_name: patrowl_nginx
-    ports:
-      - "18000:18000"
-    # volumes_from:
-    #   - web
-    depends_on:
-      - web
-    #env_file: secrets.env
+  #
+  # nginx:
+  #   image: nginx:latest
+  #   restart: always
+  #   container_name: patrowl_nginx
+  #   ports:
+  #     - "18000:18000"
+  #   links:
+  #     - web:web
+  #   volumes:
+  #     - ./:/opt/patrowl-manager/
+  #     - ./nginx_docker.conf:/etc/nginx/conf.d/default.conf
 
   web:
     container_name: patrowl_django
     build: .
-    command: python manage.py migrate --noinput
     environment:
       - DB_PORT_5432_TCP_HOST=db
+      - DEBUG=True
+      - RABBIT_PORT_5672_TCP=rabbitmq:5672
     depends_on:
       - db
       - rabbitmq
-    volumes:
-      - ./src:/src
-    expose:
-      - "18000"
+    # volumes:
+    #   - ./:/opt/patrowl-manager/
+    ports:
+      - "0.0.0.0:8001:8001"
     links:
       - db
       - rabbitmq
-    #env_file: secrets.env
-
 
-  start_dependencies:
-    image: dadarek/wait-for-dependencies
-    depends_on:
-      - db
-      - rabbitmq
-    command: db:5432 rabbitmq:5672
+  # start_dependencies:
+  #   image: dadarek/wait-for-dependencies
+  #   depends_on:
+  #     - db
+  #     - rabbitmq
+  #   command: db:5432 rabbitmq:5672
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -1,17 +1,35 @@
 #!/bin/bash
 
-# Collect static filesdd
-# echo "Collect static files"
-# python manage.py collectstatic --noinput
+source env/bin/activate
+
+# Collect static files
+echo "[+] Collect static files"
+python manage.py collectstatic --noinput
 
 # Apply database migrations
-echo "Make database migrations"
+echo "[+] Make database migrations"
 python manage.py makemigrations
 
 # Apply database migrations
-echo "Apply database migrations"
+echo "[+] Apply database migrations"
 python manage.py migrate
 
+# Create the default admin user
+echo "[+] Create the default admin user"
+echo "from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser('admin', 'admin@dev.patrowl.io', 'Bonjour1!')" | python manage.py shell
+
+# Populate the db with default data
+echo "[+] Populate the db with default data"
+python manage.py loaddata var/data/assets.AssetCategory.json
+python manage.py loaddata var/data/engines.Engine.json
+python manage.py loaddata var/data/engines.EnginePolicyScope.json
+python manage.py loaddata var/data/engines.EnginePolicy.json
+
+# Start Supervisord (Celery workers)
+echo "[+] Start Supervisord (Celery workers)"
+supervisord -c var/etc/supervisord.conf
+
 # Start server
-# echo "Starting server"
-# python manage.py runserver 0.0.0.0:8000
+echo "[+] Starting server"
+#python manage.py runserver 0.0.0.0:8001
+gunicorn -b :8001 app.wsgi:application
diff --git a/nginx_docker.conf b/nginx_docker.conf
@@ -0,0 +1,21 @@
+server {
+    listen 80;
+    autoindex on;
+    server_name localhost;
+
+    #root .;
+
+    access_log /opt/patrowl-manager/var/log/nginx.patrowlmanager-access.log;
+    error_log /opt/patrowl-manager/var/log/nginx.patrowlmanager-error.log;
+
+    location / {
+        proxy_pass http://127.0.0.1:8000;
+    }
+
+    location /static {
+        alias /opt/patrowl-manager/staticfiles;
+    }
+    location /media {
+        alias /opt/patrowl-manager/media;
+    }
+}
diff --git a/users/views.py b/users/views.py
@@ -112,7 +112,7 @@ def signup(request):
             username = form.cleaned_data.get('username')
             raw_password = form.cleaned_data.get('password1')
             user = authenticate(username=username, password=raw_password)
-            django.contrib.auth.login(request, user)
+            login_d(request, user)
             return redirect('homepage_dashboard_view')
     else:
         form = UserCreationForm()

diff --git a/var/data/engines.Engine.json b/var/data/engines.Engine.json
@@ -1,2 +1,101 @@
-/Users/nicolas/Documents/Projets/Patrowl/tmp
-[{"model": "engines.engine", "pk": 1, "fields": {"name": "NMAP", "description": "nmap", "allowed_asset_types": "[u'ip']", "created_at": "2017-07-09T18:41:41.473", "updated_at": "2017-07-09T18:41:41.473"}}, {"model": "engines.engine", "pk": 2, "fields": {"name": "NESSUS", "description": "ed", "allowed_asset_types": "[u'ip', u'fqdn', u'domain']", "created_at": "2017-07-12T21:57:30.467", "updated_at": "2017-07-12T21:57:30.467"}}, {"model": "engines.engine", "pk": 3, "fields": {"name": "ARACHNI", "description": "ARACHNI", "allowed_asset_types": "[u'url']", "created_at": "2017-07-16T10:49:16.107", "updated_at": "2017-07-23T14:42:44.202"}}, {"model": "engines.engine", "pk": 4, "fields": {"name": "VIRUSTOTAL", "description": "VT", "allowed_asset_types": "[u'ip', u'fqdn', u'domain', u'url']", "created_at": "2017-07-27T12:39:08.453", "updated_at": "2017-07-27T12:39:08.453"}}, {"model": "engines.engine", "pk": 5, "fields": {"name": "OWL_DNS", "description": "dns", "allowed_asset_types": "[u'ip', u'fqdn', u'domain']", "created_at": "2017-07-27T12:39:30.935", "updated_at": "2017-07-27T12:39:30.936"}}, {"model": "engines.engine", "pk": 6, "fields": {"name": "SSLLABS", "description": "SSLLABS", "allowed_asset_types": "[u'ip', u'fqdn', u'domain', u'url']", "created_at": "2017-07-27T12:39:48.520", "updated_at": "2017-07-27T12:39:48.520"}}, {"model": "engines.engine", "pk": 7, "fields": {"name": "URLVOID", "description": "URLVOID", "allowed_asset_types": "[u'url']", "created_at": "2017-07-27T12:40:10.816", "updated_at": "2017-07-27T12:40:10.816"}}, {"model": "engines.engine", "pk": 8, "fields": {"name": "CORTEX", "description": "CORTEX", "allowed_asset_types": "[u'ip', u'fqdn', u'domain', u'url']", "created_at": "2017-07-27T12:40:10.816", "updated_at": "2017-07-27T12:40:10.816"}}, {"model": "engines.engine", "pk": 9, "fields": {"name": "OWL_CODE", "description": "OWL_CODE", "allowed_asset_types": "[u'url', u'path']", "created_at": "2018-10-03T09:45:53.228", "updated_at": "2018-10-03T09:45:53.228"}}, {"model": "engines.engine", "pk": 10, "fields": {"name": "OWL_LEAKS", "description": "OWL_LEAKS", "allowed_asset_types": "[u'ip', u'ip-subnet', u'fqdn', u'domain', u'url', u'keyword', u'person']", "created_at": "2018-10-03T09:46:28.228", "updated_at": "2018-10-03T09:46:28.228"}}]
+[{
+  "model": "engines.engine",
+  "pk": 1,
+  "fields": {
+    "name": "NMAP",
+    "description": "nmap",
+    "allowed_asset_types": "[u'ip']",
+    "created_at": "2017-07-09T18:41:41.473",
+    "updated_at": "2017-07-09T18:41:41.473"
+  }
+}, {
+  "model": "engines.engine",
+  "pk": 2,
+  "fields": {
+    "name": "NESSUS",
+    "description": "ed",
+    "allowed_asset_types": "[u'ip', u'fqdn', u'domain']",
+    "created_at": "2017-07-12T21:57:30.467",
+    "updated_at": "2017-07-12T21:57:30.467"
+  }
+}, {
+  "model": "engines.engine",
+  "pk": 3,
+  "fields": {
+    "name": "ARACHNI",
+    "description": "ARACHNI",
+    "allowed_asset_types": "[u'url']",
+    "created_at": "2017-07-16T10:49:16.107",
+    "updated_at": "2017-07-23T14:42:44.202"
+  }
+}, {
+  "model": "engines.engine",
+  "pk": 4,
+  "fields": {
+    "name": "VIRUSTOTAL",
+    "description": "VT",
+    "allowed_asset_types": "[u'ip', u'fqdn', u'domain', u'url']",
+    "created_at": "2017-07-27T12:39:08.453",
+    "updated_at": "2017-07-27T12:39:08.453"
+  }
+}, {
+  "model": "engines.engine",
+  "pk": 5,
+  "fields": {
+    "name": "OWL_DNS",
+    "description": "dns",
+    "allowed_asset_types": "[u'ip', u'fqdn', u'domain']",
+    "created_at": "2017-07-27T12:39:30.935",
+    "updated_at": "2017-07-27T12:39:30.936"
+  }
+}, {
+  "model": "engines.engine",
+  "pk": 6,
+  "fields": {
+    "name": "SSLLABS",
+    "description": "SSLLABS",
+    "allowed_asset_types": "[u'ip', u'fqdn', u'domain', u'url']",
+    "created_at": "2017-07-27T12:39:48.520",
+    "updated_at": "2017-07-27T12:39:48.520"
+  }
+}, {
+  "model": "engines.engine",
+  "pk": 7,
+  "fields": {
+    "name": "URLVOID",
+    "description": "URLVOID",
+    "allowed_asset_types": "[u'url']",
+    "created_at": "2017-07-27T12:40:10.816",
+    "updated_at": "2017-07-27T12:40:10.816"
+  }
+}, {
+  "model": "engines.engine",
+  "pk": 8,
+  "fields": {
+    "name": "CORTEX",
+    "description": "CORTEX",
+    "allowed_asset_types": "[u'ip', u'fqdn', u'domain', u'url']",
+    "created_at": "2017-07-27T12:40:10.816",
+    "updated_at": "2017-07-27T12:40:10.816"
+  }
+}, {
+  "model": "engines.engine",
+  "pk": 9,
+  "fields": {
+    "name": "OWL_CODE",
+    "description": "OWL_CODE",
+    "allowed_asset_types": "[u'url', u'path']",
+    "created_at": "2018-10-03T09:45:53.228",
+    "updated_at": "2018-10-03T09:45:53.228"
+  }
+}, {
+  "model": "engines.engine",
+  "pk": 10,
+  "fields": {
+    "name": "OWL_LEAKS",
+    "description": "OWL_LEAKS",
+    "allowed_asset_types": "[u'ip', u'ip-subnet', u'fqdn', u'domain', u'url', u'keyword', u'person']",
+    "created_at": "2018-10-03T09:46:28.228",
+    "updated_at": "2018-10-03T09:46:28.228"
+  }
+}]