Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

local mount, profiles and new docs #152

Closed
wants to merge 18 commits into from
Closed

local mount, profiles and new docs #152

wants to merge 18 commits into from

Conversation

MdreW
Copy link
Collaborator

@MdreW MdreW commented Aug 23, 2024

This is an example for a docker compose without static volumes, has only example scope

  • static mount are removed
  • added directory Docker-compose/satosa for satosa container application
  • added directory Docker-compose/djangosaml2_sp/* for django container application
  • added directory Docker-compose/mongo/db/* for mongo container db
  • updated .gitignore for exclude production data
  • removed rm-persistent-volumes.sh script
  • Updated run-docker-compose.sh
    • Create if no exists required folder
    • Added -f option for clean old dp/application data and reinitialize the sistem
    • Added -h option for print help
$ run-docker-compose.sh

### run-docker-compose.sh ###

initialize and start Satosa-Saml2Spid

Option
-f Force clean and reinitialize data for Satosa, MongoDB and Djangosaml2_SP
-h Print this help

@gitguardian GitGuardian
Copy link

gitguardian bot commented Aug 23, 2024
edited
Loading

⚠️ GitGuardian has uncovered 9 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
3369235 Triggered Generic High Entropy Secret 3c4c1d6 Docker-compose/mongo/db/.mongodb/mongosh/66c8648753e2f14983a26a12_log View secret
3369235 Triggered Generic High Entropy Secret 3c4c1d6 Docker-compose/mongo/db/.mongodb/mongosh/66c8776831e5574dd75e739b_log View secret
3369235 Triggered Generic High Entropy Secret 6c693af Docker-compose/mongo/db/.mongodb/mongosh/66c8648753e2f14983a26a12_log View secret
3369235 Triggered Generic High Entropy Secret 6c693af Docker-compose/mongo/db/.mongodb/mongosh/66c8776831e5574dd75e739b_log View secret
5632966 Triggered Username Password 87c7f90 Docker-compose/docker-compose.yml View secret
5632967 Triggered Generic High Entropy Secret 3c4c1d6 Docker-compose/mongo/db/.mongodb/mongosh/66c8776831e5574dd75e739b_log View secret
5632967 Triggered Generic High Entropy Secret 3c4c1d6 Docker-compose/mongo/db/.mongodb/mongosh/66c8648753e2f14983a26a12_log View secret
5632967 Triggered Generic High Entropy Secret 6c693af Docker-compose/mongo/db/.mongodb/mongosh/66c8776831e5574dd75e739b_log View secret
5632967 Triggered Generic High Entropy Secret 6c693af Docker-compose/mongo/db/.mongodb/mongosh/66c8648753e2f14983a26a12_log View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secrets safely. Learn here the best practices.
  3. Revoke and rotate these secrets.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

@MdreW MdreW mentioned this pull request Aug 23, 2024
Open
peppelinux
peppelinux reviewed Aug 27, 2024
View reviewed changes
Docker-compose/docker-compose.yml Outdated
@@ -110,8 +108,7 @@ services:
ports:
- "10000:10000"
volumes:
- /usr/share/zoneinfo/Europe/Rome:/etc/localtime:ro
- ../docker-example:/satosa_proxy:rw
- ./satosa:/satosa_proxy:rw
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

satosa -> project?

I agree that docker-example is too much related to the demo purposes, while satosa is too much generic and might confuse the software/application name with the local configuration, I suppose that project or any other similar alternative might better explain the purpose of that folder

@MdreW
Copy link
Collaborator Author

MdreW commented Aug 28, 2024
edited
Loading

Added TZ in docker compose, update satosa Dockerfile to support this.
a little optimization of Dockerfile RUN

[ranaldi@andrea-ranaldi-p Satosa-Saml2Spid]$ docker run -tie TZ=Europe/Berlin satosa bash
126b80233e9b:/satosa_proxy# date
Wed Aug 28 17:05:22 CEST 2024

[ranaldi@andrea-ranaldi-p Satosa-Saml2Spid]$ docker run -tie TZ=Australia/Melbourne satosa bash
7c1efed81ada:/satosa_proxy# date
Thu Aug 29 01:05:39 AEST 2024

@MdreW MdreW self-assigned this Aug 29, 2024
@MdreW
Copy link
Collaborator Author

MdreW commented Sep 8, 2024

I have added profiles demo to start all services and dataentry for add mongo-express service.
Nginx, satosa and mongo are every started for production.

I have update update run-docker-compose.sh to start demo profile as default, dataentry and production profiles are optional. I have added also an option to skip docker image update and compile -s.

### run-docker-compose.sh ###

initialize check update and start Satosa-Saml2Spid

Option
-f Force clean and reinitialize data for Satosa, MongoDB and Djangosaml2_SP
-h Print this help
-p Set production profile: start satosa, nginx, mongo
-s Skip docker image update
-d Set data entry profile: start satosa, nginx, mongo, mongo-express
   if isn't set -d or -p defatult demo profile is started
   default demo profile start: satosa, nginx, mongo, mongo-express, django-sp, spid-saml-check

At last I have update ./stop-docker-compose.sh to stop all profiles and remove orphan containers, but we can add an option to stop also only specific profiles.

@Zicchio you can try this on windows?

peppelinux
peppelinux reviewed Sep 8, 2024
View reviewed changes
Docker-compose/docker-compose.yml
ports:
- 8082:8081
depends_on:
- satosa-mongo
environment:
ME_CONFIG_BASICAUTH_USERNAME: satosauser
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldnt be mettere to have them in ENV?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For instances with only spid-saml backend? I can try 👍

Copy link
Collaborator Author

@MdreW MdreW Sep 9, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @peppelinux ,

I have tried and I can't use an Environment to enable mongo dependence on compose because depends_on don't accept "null" as value:
service "satosa-saml2spid" depends on undefined service "": invalid

I can propose a new docker compose profile for MongoDB? The profiles can be:

default (without profile):

  • satosa-sa,l2spid (without mongo dependancy)
  • satosa-nginx

db:

  • *default
  • satosa-mongo

dataentry:

  • *default
  • *db
  • satosa-mongoexpress

dev:

  • *default
  • django-sp
  • spid-samlcheck

demo:

  • default*
  • *db
  • *dataentry
  • *dev

If I use an external MongoDB, is sufficient don't start the db profile (only default) or use dev profile for a full system without mongo.
What do you think?

peppelinux
peppelinux reviewed Sep 12, 2024
View reviewed changes
Docker-compose/docker-compose.yml Outdated
@@ -110,8 +113,8 @@ services:
ports:
- "10000:10000"
volumes:
- /usr/share/zoneinfo/Europe/Rome:/etc/localtime:ro
- ../docker-example:/satosa_proxy:rw
- ./satosa:/satosa_proxy:rw
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- ./satosa:/satosa_proxy:rw
- ./satosa-project:/satosa_proxy:rw

@MdreW MdreW changed the title example with only local mount local mount, profiles and new docs Sep 15, 2024
@MdreW MdreW mentioned this pull request Sep 15, 2024
Closed
@MdreW
Copy link
Collaborator Author

MdreW commented Sep 15, 2024
edited
Loading

Fix #156 with 01fbf8d

@MdreW MdreW mentioned this pull request Sep 15, 2024
Closed
@MdreW
Copy link
Collaborator Author

MdreW commented Sep 16, 2024

Migrate to #160

@MdreW MdreW closed this Sep 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peppelinux peppelinux peppelinux left review comments

Assignees

@MdreW MdreW

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MdreW @peppelinux