Merge branch 'develop' into quickstart_updates

.gitignore

@@ -60,3 +60,4 @@ boto.cfg
 secmonkey.env
 *.crt
 *.key
+postgres-data/

Dockerfile

@@ -42,5 +42,3 @@ RUN chmod +x /usr/local/src/security_monkey/docker/*.sh &&\
 
 WORKDIR /usr/local/src/security_monkey
 EXPOSE 5000
-
-ENTRYPOINT ["/usr/local/src/security_monkey/docker/api-start.sh"]

docker-compose.init.yml

@@ -0,0 +1,21 @@
+---
+
+version: '2'
+services:
+  postgres:
+    container_name: secmonkey-db
+    image: postgres:9
+
+  init:
+    container_name: init
+    build: .
+    image: secmonkey:latest
+    working_dir: /usr/local/src/security_monkey
+    volumes:
+      - ./data/aws_accounts.json:/usr/local/src/security_monkey/data/aws_accounts.json
+      - ./docker:/usr/local/src/security_monkey/docker/
+      - ./env-config/config-docker.py:/usr/local/src/security_monkey/env-config/config-docker.py
+    depends_on:
+      - postgres
+    env_file: secmonkey.env
+    entrypoint: /usr/local/src/security_monkey/docker/api-init.sh

docker-compose.shell.yml

@@ -0,0 +1,8 @@
+---
+
+version: '2'
+services:
+  data:
+    stdin_open: true
+    tty: true
+    entrypoint: ["/bin/bash"]

docker-compose.yml

@@ -5,25 +5,34 @@
 # Documentation: http://securitymonkey.readthedocs.io/en/latest/index.html
 #                http://securitymonkey.readthedocs.io/en/latest/docker.html
 #
-# shortcuts
-# open https://$(docker-machine active | xargs docker-machine ip)
-#
 ###
 
-
 version: '2'
 services:
   postgres:
     container_name: secmonkey-db
     image: postgres:9
-    # volumes:
-    #    - ./postgres-data/:/var/lib/postgresql/data
+    #volumes:
+    #  - ./postgres-data/:/var/lib/postgresql/data
+
+  data:
+    container_name: secmonkey-data
+    build: .
+    image: secmonkey:latest
+    working_dir: /usr/local/src/security_monkey
+    volumes:
+      - ./data/aws_accounts.json:/usr/local/src/security_monkey/data/aws_accounts.json
+      - ./docker:/usr/local/src/security_monkey/docker/
+      - ./env-config/config-docker.py:/usr/local/src/security_monkey/env-config/config-docker.py
+    depends_on:
+      - postgres
+    env_file: secmonkey.env
 
   api:
     container_name: secmonkey-api
     image: secmonkey:latest
     volumes_from:
-      - init
+      - data
     depends_on:
       - postgres
     env_file: secmonkey.env
@@ -33,7 +42,7 @@ services:
     container_name: secmonkey-scheduler
     image: secmonkey:latest
     volumes_from:
-      - init
+      - data
     depends_on:
       - api
     env_file: secmonkey.env
@@ -42,14 +51,14 @@ services:
   nginx:
     container_name: secmonkey-nginx
     build:
-      context: ./
+      context: .
       dockerfile: ./docker/nginx/Dockerfile
     image: secmonkey-nginx:latest
     working_dir: /etc/nginx
     volumes:
       - ./docker/nginx/server.crt:/etc/nginx/ssl/server.crt
       - ./docker/nginx/server.key:/etc/nginx/ssl/server.key
-      - ./docker/nginx/securitymonkey.conf:/etc/nginx/conf.d/securitymonkey.conf
+      - ./docker/nginx/conf.d:/etc/nginx/conf.d/
       - ./docker/nginx/start-nginx.sh:/usr/local/src/security_monkey/docker/nginx/start-nginx.sh
     depends_on:
       - api
@@ -58,29 +67,3 @@ services:
       - 443:443
     links:
       - api:smapi
-
-# volumes:
-#    - postgres-data: {}
-
-###   ###   ###
-   ###   ###   ###
-
-  init:
-    container_name: init
-    build: .
-    image: secmonkey:latest
-    working_dir: /usr/local/src/security_monkey
-    volumes:
-      - ./data/aws_accounts.json:/usr/local/src/security_monkey/data/aws_accounts.json
-      - ./docker:/usr/local/src/security_monkey/docker/
-      - ./env-config/config-docker.py:/usr/local/src/security_monkey/env-config/config-docker.py
-    depends_on:
-      - postgres
-    env_file: secmonkey.env
-    # environment:
-    #   - AWS_ACCESS_KEY_ID=
-    #   - AWS_SECRET_ACCESS_KEY=
-    #   - SECURITY_MONKEY_POSTGRES_HOST=
-    entrypoint: # /usr/local/src/security_monkey/docker/api-init.sh
-      - sleep
-      - 8h

docker/api-init.sh

@@ -1,5 +1,8 @@
 #!/bin/bash
 
+# Wait the database
+sleep 10
+
 sudo -u ${SECURITY_MONKEY_POSTGRES_USER:-postgres} psql\
     -h ${SECURITY_MONKEY_POSTGRES_HOST:-postgres} -p ${SECURITY_MONKEY_POSTGRES_PORT:-5432}\
     --command "ALTER USER ${SECURITY_MONKEY_POSTGRES_USER:-postgres} with PASSWORD '${SECURITY_MONKEY_POSTGRES_PASSWORD:-securitymonkeypassword}';"
@@ -13,3 +16,8 @@ touch "/var/log/security_monkey/security_monkey-deploy.log"
 
 cd /usr/local/src/security_monkey
 python manage.py db upgrade
+
+cat <<EOF | python manage.py create_user "admin@example.org" "Admin"
+${SECURITY_MONKEY_PASSWORD:-admin}
+${SECURITY_MONKEY_PASSWORD:-admin}
+EOF

docker/api-start.sh

@@ -1,4 +1,7 @@
 #!/bin/bash
 
+# wait the database
+sleep 10
+
 cd /usr/local/src/security_monkey
 python manage.py run_api_server -b 0.0.0.0:${SECURITY_MONKEY_API_PORT:-5000}

docker/nginx/Dockerfile

@@ -25,7 +25,6 @@ RUN apt-get update &&\
   rm -rf /var/lib/apt/lists/*
 
 RUN cd /usr/local/src &&\
-#   git clone -b $SECURITY_MONKEY_VERSION https://github.com/Netflix/security_monkey.git
   mkdir -p security_monkey
 ADD . /usr/local/src/security_monkey
 
@@ -43,8 +42,7 @@ RUN /bin/rm /etc/nginx/conf.d/default.conf &&\
 WORKDIR /etc/nginx
 EXPOSE 443
 
-ADD docker/nginx/securitymonkey.conf /etc/nginx/conf.d/securitymonkey.conf
+ADD docker/nginx/conf.d/securitymonkey.conf /etc/nginx/conf.d/securitymonkey.conf
 COPY docker/nginx/nginx.conf /etc/nginx/nginx.conf
-# ADD docker/nginx/server.crt docker/nginx/server.key /etc/nginx/ssl/
 
 ENTRYPOINT ["/usr/local/src/security_monkey/docker/nginx/start-nginx.sh"]

docker/nginx/start-nginx.sh

@@ -3,11 +3,10 @@
 SECURITY_MONKEY_SSL_CERT=${SECURITY_MONKEY_SSL_CERT:-/etc/nginx/ssl/server.crt}
 SECURITY_MONKEY_SSL_KEY=${SECURITY_MONKEY_SSL_KEY:-/etc/nginx/ssl/server.key}
 
+# if no SSL, disable HTTPS
 if [ ! -f "$SECURITY_MONKEY_SSL_CERT" ] || [ ! -f "$SECURITY_MONKEY_SSL_KEY" ]; then
-    # Fail if SSL is unavailable
     echo "$(date) Error: Missing files required for SSL"
-    # exit 1
-    sed -i.bak 's@.*ssl@# &@' /etc/nginx/conf.d/securitymonkey.conf &&\
+    sed -i.bak '/^#/! s/.*ssl/# &/' /etc/nginx/conf.d/securitymonkey.conf &&\
     echo "$(date) Warn: Disabled ssl in securitymonkey.conf"
 fi
 

docker/scheduler-start.sh

@@ -1,5 +1,8 @@
 #!/bin/bash
 
+# wait the database
+sleep 10
+
 mkdir -p /var/log/security_monkey
 touch /var/log/security_monkey/security_monkey-deploy.log
 

env-config/config-docker.py

@@ -245,7 +245,7 @@ def env_to_bool(input):
 from datetime import timedelta
 PERMANENT_SESSION_LIFETIME=timedelta(minutes=60)
 SESSION_REFRESH_EACH_REQUEST=True
-SESSION_COOKIE_SECURE=True
+SESSION_COOKIE_SECURE=env_to_bool(os.getenv('SESSION_COOKIE_SECURE', True))
 SESSION_COOKIE_HTTPONLY=True
 PREFERRED_URL_SCHEME='https'