From 0c836b6757d01b26aebb31048adf3f0b4b64bf73 Mon Sep 17 00:00:00 2001 From: nearlynocturnalbeach Date: Mon, 2 Dec 2024 10:28:44 +0000 Subject: [PATCH 1/2] allow nearbeach user to run cron this allows the container to run a non-root user --- Dockerfile | 6 +++--- Dockerfile.base | 6 ++++++ oceansuite/settings.py | 4 +++- setup_db_and_run_server.sh | 7 +++++-- 4 files changed, 17 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index b42076f..0177cdb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,13 +6,13 @@ RUN echo "**** install NearBeach Latest ****" && \ pip install NearBeach RUN echo "**** copy over the crontab configuration ****" -COPY crontab /etc/crontabs/root +COPY --chown=nearbeach:nearbeach crontab /etc/crontabs/nearbeach RUN echo "**** setup of working directory ****" WORKDIR /oceansuite RUN chown nearbeach:nearbeach /oceansuite - -#USER nearbeach + +USER nearbeach RUN echo "**** copy everything into the destination ****" COPY --chown=nearbeach:nearbeach . . diff --git a/Dockerfile.base b/Dockerfile.base index cc336de..cee0ad0 100644 --- a/Dockerfile.base +++ b/Dockerfile.base @@ -37,6 +37,12 @@ RUN echo "**** install build packages ****" && \ tini \ tk-dev \ zlib-dev + dcron \ + libcap + +RUN echo "**** allow nearbeach user to run cron ****" && \ + chown nearbeach:nearbeach /usr/sbin/crond && \ + setcap cap_setgid=ep /usr/sbin/crond ARG TARGET_BRANCH=main # Copy the requirements.txt file diff --git a/oceansuite/settings.py b/oceansuite/settings.py index c30027e..f0cb4ce 100644 --- a/oceansuite/settings.py +++ b/oceansuite/settings.py @@ -108,6 +108,8 @@ } +# CRONTAB_TIMESTR="0 0 * * *" + # Password validation # https://docs.djangoproject.com/en/3.2/ref/settings/#auth-password-validators @@ -171,7 +173,7 @@ STATIC_URL = '/static/' else: STATIC_URL = F"https://cdn.nearbeach.org/{VERSION}/" - + MEDIA_URL = '/media/' MEDIA_ROOT = os.path.join(BASE_DIR,'media/') diff --git a/setup_db_and_run_server.sh b/setup_db_and_run_server.sh index dac9097..4394fc8 100644 --- a/setup_db_and_run_server.sh +++ b/setup_db_and_run_server.sh @@ -10,8 +10,11 @@ python manage.py migrate python manage.py initadmin echo "**** DB setup complete ****" +echo "**** Updating Crontab ****" +python manage.py updatecrontab + echo "**** Starting Cron Services ****" -crond +crond -b -l 8 echo "**** running NearBeach ****" -python manage.py runserver 0.0.0.0:8000 \ No newline at end of file +python manage.py runserver 0.0.0.0:8000 From f55d73b52aa7a7b51b0f815b6055ce850b6761f2 Mon Sep 17 00:00:00 2001 From: nearlynocturnalbeach Date: Mon, 2 Dec 2024 10:30:03 +0000 Subject: [PATCH 2/2] default admin username and email makes testing and setup much easier --- extra/management/commands/initadmin.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/extra/management/commands/initadmin.py b/extra/management/commands/initadmin.py index b387df6..3a691d4 100644 --- a/extra/management/commands/initadmin.py +++ b/extra/management/commands/initadmin.py @@ -9,15 +9,15 @@ class Command(BaseCommand): def handle(self, *args, **options): if User.objects.count() == 0: - username = os.getenv("ADMIN_USERNAME") - email = os.getenv("ADMIN_EMAIL") + username = os.getenv("ADMIN_USERNAME", "admin") + email = os.getenv("ADMIN_EMAIL", "admin@localhost") password = self.generate_initial_password() print('Creating account for %s (%s)' % (username, email)) admin = User.objects.create_superuser(email=email, username=username, password=password) admin.is_active = True admin.is_admin = True admin.save() - + # from https://docs.python.org/3/library/secrets.html#recipes-and-best-practices def generate_initial_password(self): alpha = string.ascii_letters + string.digits