Merge pull request #39 from bpereto/feature-set-admin

FEATURE: set superuser on start

.env

@@ -15,6 +15,7 @@ APP_LOG_LEVEL=INFO
 # DJANGO_TIME_ZONE=UTC
 #
 DJANGO_ALLOWED_HOSTS=*
+BORGHIVE_ADMIN_USER=admin
 #
 # ldap settings
 LDAP_ORGANISATION=borghive

Dockerfile.base

@@ -4,15 +4,16 @@ MAINTAINER bpereto
 # set environment variables
 ENV PYTHONDONTWRITEBYTE 1
 ENV PYTHONUNBUFFERED 1
+ENV DEBIAN_FRONTEND noninteractive
 
-RUN apt-get update && apt-get install -y libmariadbclient-dev python3-pip libsasl2-dev python-dev libldap2-dev libssl-dev netcat
+RUN apt-get update && apt-get install -y libmariadbclient-dev mariadb-client python3-pip libsasl2-dev python-dev libldap2-dev libssl-dev && rm -rf /var/lib/apt/lists/*
 
 RUN mkdir /app /staticfiles && groupadd -g 1000 borg && \
     useradd -rm -u 1000 -g 1000 borg && chown -R borg:borg /app /staticfiles
 WORKDIR /app
 COPY requirements.txt /app/
 
-RUN pip install --no-cache -r requirements.txt
+RUN pip3 install --no-cache -r requirements.txt
 
 # install uwsgi now because it takes a little while
 RUN pip3 install --no-cache uwsgi

Dockerfile.borg

@@ -4,23 +4,22 @@ MAINTAINER bpereto
 # set environment variables
 ENV PYTHONDONTWRITEBYTE 1
 ENV PYTHONUNBUFFERED 1
-
 ENV DEBIAN_FRONTEND noninteractive
 
 # Install SSH, Mariadb and LDAP Deps
-RUN apt-get update && apt-get install -y libmariadbclient-dev python3-pip openssh-server sshfs acl libsasl2-dev python-dev libldap2-dev libssl-dev libpam-ldapd netcat rsync
+RUN apt-get update && apt-get install -y libmariadbclient-dev python3-pip openssh-server sshfs acl libsasl2-dev python-dev libldap2-dev libssl-dev libpam-ldapd netcat rsync && rm -rf /var/lib/apt/lists/*
 
 # Install dependencies for borgbackup source installation
-RUN apt-get install -y git python3-dev libssl-dev openssl libacl1-dev libacl1 build-essential pkg-config
+RUN apt-get update && apt-get install -y git python3-dev libssl-dev openssl libacl1-dev libacl1 build-essential pkg-config && rm -rf /var/lib/apt/lists/*
 
 RUN mkdir /app
 WORKDIR /app
 COPY requirements.txt /app/
 COPY borg/requirements.txt /app/borg/requirements.txt
 
 # needed for borgbackup
-RUN pip install Cython pkgconfig
-RUN pip install -r requirements.txt -r borg/requirements.txt
+RUN pip install --no-cache Cython pkgconfig
+RUN pip install --no-cache -r requirements.txt -r borg/requirements.txt
 
 COPY src /app/
 

docker-compose.dev.yml

@@ -21,7 +21,9 @@ services:
       - MYSQL_DATABASE=borghive
       - MYSQL_USER=borghive
       - MYSQL_PASSWORD=borghive
+      - BORGHIVE_ADMIN_PASSWORD=login
     env_file:
+      - .env
       - .dev
     volumes:
       - ./src:/app
@@ -45,6 +47,7 @@ services:
       - MYSQL_USER=borghive
       - MYSQL_PASSWORD=borghive
     env_file:
+      - .env
       - .dev
     volumes:
       - ./src:/app

docker-compose.yml

@@ -10,7 +10,7 @@ services:
       - .env
 
   app:
-    image: bpereto/borg-hive:0.1.1
+    image: bpereto/borg-hive:0.1.2
     env_file:
       - .env
     volumes:
@@ -23,7 +23,7 @@ services:
       - db
 
   worker:
-    image: bpereto/borg-hive:0.1.1
+    image: bpereto/borg-hive:0.1.2
     entrypoint: celery worker -A core -l INFO -B --scheduler django_celery_beat.schedulers:DatabaseScheduler
     env_file:
       - .env
@@ -34,7 +34,7 @@ services:
       - db
 
   watcher:
-    image: bpereto/borg-hive:0.1.1
+    image: bpereto/borg-hive:0.1.2
     entrypoint: /bin/bash -c "/app/manage.py watch_repositories"
     env_file:
       - .env
@@ -44,7 +44,7 @@ services:
       - db
 
   borg:
-    image: bpereto/borg-hive:borg-0.1.1
+    image: bpereto/borg-hive:borg-0.1.2
     depends_on:
       - db
     env_file:

docs/installation.rst

@@ -1,6 +1,6 @@
-
+#############
 Installation
-============
+#############
 
 The application is optimized for a containerized setup.
 
@@ -12,36 +12,28 @@ There are different ways to install and run Borg-Hive:
 .. _docker:
 
 Docker
-------
+******
 
 Prerequisites: You should have docker and docker-compose installed and running.
 
 .. code-block:: bash
 
-   # Configure the environment and optionally set EMAIL or LDAP settings
+   # Configure the environment
+   # Set Admin password: BORGHIVE_ADMIN_PASSWORD=
+   # optionally set EMAIL or LDAP settings
    vi .env
 
    # start app
    docker-compose up
 
-   # wait untill both the db worker complete initialization
-   # and "waiting for connections", restart the app
-   docker-compose down; docker-compose up
-
    # wait untill the app worker is finished setting up
 
-   # change into app container
-   docker exec -it borg-hive_app_1 /bin/bash
-
-   # create superuser
-   ./manage.py createsuperuser
-
 Open the browser and navigate to your host: ex. http://localhost:8000
 
 .. _k8s:
 
 Kubernetes
-----------
+***********
 
 Prerequisites:
 
@@ -65,12 +57,13 @@ Configuration:
 
    # mariadb should be installed first
    helm install mariadb bitnami/mariadb --namespace borg-hive -f values.db.yaml
-   helm upgrade --install borg-hive . -f values.yaml --namespace borg-hive     
+   helm upgrade --install borg-hive . -f values.yaml --namespace borg-hive
 
 .. important:: :code:`helm upgrade` does regenerate the secrets (passwords) of mariadb and openldap.
                 therefore the mariadb is installed sepparate. Keep in mind: on each helm upgrade, the pods of borg-hive should be deleted (and will be recreated) to adjust the secret for openldap in the container.
 
-**Services**
+Services
+---------
 
 - The web-tier should now be accessible through the ingress.
   In this example: https://borg-hive.app.local

helm/templates/deployment.yaml

@@ -37,6 +37,9 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+          #envFrom:
+          #  - configMapRef:
+          #    name: app-config
           env:          
             - name: "MYSQL_DATBASE"
               value: "{{ .Values.app.db.name }}"
@@ -55,6 +58,16 @@ spec:
               value: "{{ .Values.app.logLevel }}"
             - name: "DJANGO_ALLOWED_HOSTS"
               value: "{{ .Values.app.allowedHosts }}"
+            - name: "BORGHIVE_ADMIN_PASSWORD"
+              valueFrom:
+                secretKeyRef:
+                  key: BORGHIVE_ADMIN_PASSWORD
+                  name: borg-hive-app
+            - name: "SECRET_KEY"
+              valueFrom:
+                secretKeyRef:
+                  key: SECRET_KEY
+                  name: borg-hive-app
             - name: "LDAP_HOST"
               value: "ldap://borg-hive-openldap"
             - name: "LDAP_PASSWORD"

helm/templates/secrets.yaml

@@ -0,0 +1,18 @@
+{{- $fullName := include "borg-hive.fullname" . -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $fullName }}-app
+  labels:
+    app.kubernetes.io/name: {{ include "borg-hive.fullname" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "borg-hive.chart" . }}
+  annotations:
+    helm.sh/resource-policy: keep
+    helm.sh/hook: "pre-install"
+    helm.sh/hook-delete-policy: "before-hook-creation"
+type: Opaque
+data:
+  BORGHIVE_ADMIN_PASSWORD: {{ randAlphaNum 22 | b64enc | quote }}
+  SECRET_KEY: {{ randAlphaNum 128 | b64enc | quote }}

helm/values.yaml

@@ -7,8 +7,8 @@ replicaCount: 1
 image:
   repository: bpereto/borg-hive
   pullPolicy: Always
-  tag: "0.1.1"
-  borgtag: "borg-0.1.1"
+  tag: "0.1.2"
+  borgtag: "borg-0.1.2"
 
 imagePullSecrets: []
 nameOverride: ""
@@ -27,7 +27,7 @@ service:
     type: ClusterIP
     port: 8000
   borg:
-    type: Loadbalancer
+    type: LoadBalancer
     port: 22
 
 ingress:

scripts/init.sh

@@ -14,43 +14,86 @@ EOF
 DEBUG="${DEBUG:-True}"
 MIGRATE="${MIGRATE:-True}"
 FIXTURES="${FIXTURES:-True}"
+BORGHIVE_ADMIN_USER="${BORGHIVE_ADMIN_USER:-admin}"
 
 echo "DEBUG:     ${DEBUG}"
 echo "MIGRATE:   ${MIGRATE}"
 echo "FIXTURES:  ${FIXTURES}"
-
+echo ""
 
 #
 # STATIC FILES
 #
+echo "Collect static files"
 ./manage.py collectstatic --noinput
+echo ""
 
 #
 # DB INIT
 #
-if [[ -z "${MYSQL_DATABASE}" ]];
-then
-    echo "Waiting for database..."
-
-    while ! nc -z ${MYSQL_HOST} 3306; do
-      sleep 1
-    done
+if [[ ! -z "${MYSQL_DATABASE}" ]]; then
+  echo -n "Waiting for database"
 
-    echo "DB started"
+  until echo "select 1;" | ./manage.py dbshell > /dev/null
+  do
+    echo -n "."
+    sleep 1
+  done
+  echo ""
+  echo "DB started"
 fi
 
 #
 # MIGRATE
 #
 if [[ "${MIGRATE}" == "True" ]]; then
+  echo "Migrate..."
   ./manage.py migrate --no-input --force-color
+  echo ""
+fi
+
+#
+# CREATE SUPERUSER
+#
+if [[ ! -z "${BORGHIVE_ADMIN_PASSWORD}" ]]; then
+
+  # create admin account if not exists
+  SUPERUSER_EXISTS=$(echo "SELECT * from auth_user;" | ./manage.py dbshell | grep "${BORGHIVE_ADMIN_USER}")
+  if [[ -z "${SUPERUSER_EXISTS}" ]]; then
+    echo "Create superuser: ${BORGHIVE_ADMIN_USER}"
+    cat <<EOD | ./manage.py shell
+import os
+from django.contrib.auth.models import User
+User.objects.create_superuser(
+  os.getenv('BORGHIVE_ADMIN_USER'),
+  os.getenv('BORGHIVE_ADMIN_MAIL', 'root@localhost'),
+  os.getenv('BORGHIVE_ADMIN_PASSWORD')
+)
+EOD
+  else
+    echo "Superuser \"${BORGHIVE_ADMIN_USER}\" exists already"
+  fi
+
+  # set superuser password
+  echo "Set superuser password"
+  cat <<EOD | ./manage.py shell
+import os
+from django.contrib.auth.models import User
+u = User.objects.get(username=os.getenv('BORGHIVE_ADMIN_USER'))
+u.set_password(os.getenv('BORGHIVE_ADMIN_PASSWORD'))
+u.save()
+EOD
+
+echo ""
 fi
 
 #
 # LOAD DATA
 #
 if [[ "${FIXTURES}" == "True" ]]; then
+  echo "Load data / fixtures..."
   ./manage.py loaddata borghive/fixtures/setup/*
+  echo ""
 fi
 
 #