271 lines
12 KiB
Text
271 lines
12 KiB
Text
|
https://github.com/intuitem/ciso-assistant-community?tab=readme-ov-file#setting-up-ciso-assistant-for-development
|
||
|
|
|
||
|
|
L'objectif est d'utiliser CISO Assistant sans docker et avec un reverse proxy Apache httpd plutot que Caddy.
|
||
|
|
### On host (edit /etc/hosts file):
|
||
|
|
10.184.116.195 febciso
|
||
|
|
|
||
|
|
### Inside an incus container ( ciso-assistant --> 10.184.116.195)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
apt update && apt install -y python3 python3-pip python3-pexpect npm libyaml-cpp-dev curl git libpangoft2-1.0-0/stable libpango-1.0-0/stable python3-venv
|
||
|
|
|
||
|
|
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
|
||
|
|
curl -fsSL https://get.pnpm.io/install.sh | env PNPM_VERSION=10.0.0 sh -
|
||
|
|
curl -sSL https://install.python-poetry.org | python3 -
|
||
|
|
echo 'export PATH="/root/.local/bin:$PATH"' >> ~/.bashrc
|
||
|
|
|
||
|
|
source ~/.bashrc
|
||
|
|
|
||
|
|
pnpm env use --global lts
|
||
|
|
|
||
|
|
nvm install 22
|
||
|
|
|
||
|
|
git clone https://github.com/intuitem/ciso-assistant-community.git
|
||
|
|
|
||
|
|
cd ciso-assistant-community/
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
ndelprat@cosium.com
|
||
|
|
SasquatchùUndefinedùPropertyùPrelaunchùNumeratorùEngulf6
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
cd backend/
|
||
|
|
|
||
|
|
poetry install
|
||
|
|
|
||
|
|
pre-commit install
|
||
|
|
|
||
|
|
poetry run python manage.py migrate
|
||
|
|
|
||
|
|
poetry run python manage.py createsuperuser
|
||
|
|
|
||
|
|
export CISO_ASSISTANT_URL=https://ciso:443
|
||
|
|
export ALLOWED_HOSTS=ciso,localhost,z-ciso-backend-1,z-ciso-backend-2
|
||
|
|
|
||
|
|
poetry run python manage.py runserver
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### In another prompt:
|
||
|
|
cd ..
|
||
|
|
cd .git/hooks
|
||
|
|
ln -fs ../../git_hooks/post-commit .
|
||
|
|
ln -fs ../../git_hooks/post-merge .
|
||
|
|
|
||
|
|
cd ../../
|
||
|
|
cd frontend/
|
||
|
|
|
||
|
|
npm install -g pnpm
|
||
|
|
pnpm install
|
||
|
|
|
||
|
|
pnpm run build
|
||
|
|
|
||
|
|
export HOST_HEADER=x-forwarded-host
|
||
|
|
export PROTOCOL_HEADER=x-forwarded-proto
|
||
|
|
export PUBLIC_BACKEND_API_EXPOSED_URL=https://ciso:443/api
|
||
|
|
export PUBLIC_BACKEND_API_URL=http://ciso:8000/api
|
||
|
|
export ORIGIN=https://ciso:443
|
||
|
|
|
||
|
|
node server
|
||
|
|
|
||
|
|
|
||
|
|
export ALLOWED_HOSTS=z-ciso,localhost,127.0.0.1
|
||
|
|
export CISO_ASSISTANT_URL=https://z-ciso:443
|
||
|
|
export DB_PORT=5432
|
||
|
|
export DB_HOST=127.0.0.1
|
||
|
|
export POSTGRES_PASSWORD=SecrecyùCackleùPennant3ùStarfishùStoppageùOvercoatùBrushùDrizzly
|
||
|
|
export POSTGRES_USER=ciso-assistant-user
|
||
|
|
export POSTGRES_NAME=ciso-assistant
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
Auto-signed certificate SSL:
|
||
|
|
mkdir /etc/haproxy/certs
|
||
|
|
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
|
||
|
|
-keyout /etc/haproxy/certs/ciso.key \
|
||
|
|
-out /etc/haproxy/certs/ciso.crt
|
||
|
|
|
||
|
|
cat /etc/haproxy/certs/ciso.crt /etc/haproxy/certs/ciso.key > /etc/haproxy/certs/ciso.pem
|
||
|
|
|
||
|
|
HaProxy Configuration :
|
||
|
|
global
|
||
|
|
log /dev/log local0
|
||
|
|
log /dev/log local1 notice
|
||
|
|
chroot /var/lib/haproxy
|
||
|
|
stats socket /run/haproxy/admin.sock mode 660 level admin
|
||
|
|
stats timeout 30s
|
||
|
|
user haproxy
|
||
|
|
group haproxy
|
||
|
|
daemon
|
||
|
|
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
|
||
|
|
ssl-default-bind-ciphers HIGH:!aNULL:!MD5
|
||
|
|
|
||
|
|
defaults
|
||
|
|
log global
|
||
|
|
option httplog
|
||
|
|
option dontlognull
|
||
|
|
timeout connect 5000ms
|
||
|
|
timeout client 50000ms
|
||
|
|
timeout server 50000ms
|
||
|
|
retries 3
|
||
|
|
|
||
|
|
frontend https_front
|
||
|
|
bind *:443 ssl crt /etc/haproxy/certs/ciso.pem
|
||
|
|
mode http
|
||
|
|
option httplog
|
||
|
|
use_backend backend_ciso if { path_beg /api/ }
|
||
|
|
default_backend frontend_ciso
|
||
|
|
|
||
|
|
backend backend_ciso
|
||
|
|
mode http
|
||
|
|
balance roundrobin
|
||
|
|
option httpchk GET /
|
||
|
|
server backend1 127.0.0.1:8000 check
|
||
|
|
|
||
|
|
backend frontend_ciso
|
||
|
|
mode http
|
||
|
|
balance roundrobin
|
||
|
|
option httpchk GET /
|
||
|
|
server frontend1 127.0.0.1:3000 check
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
eventually install caddy :
|
||
|
|
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
|
||
|
|
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
|
||
|
|
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
|
||
|
|
sudo apt update
|
||
|
|
sudo apt install caddy
|
||
|
|
|
||
|
|
create a Caddyfile :
|
||
|
|
https://ciso:8443 {
|
||
|
|
reverse_proxy /api/* localhost:8000
|
||
|
|
reverse_proxy /* localhost:3000
|
||
|
|
tls internal
|
||
|
|
}
|
||
|
|
|
||
|
|
launch the caddy server :
|
||
|
|
caddy run --config Caddyfile
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
plutot que :
|
||
|
|
- name: Create superuser (interactive)
|
||
|
|
command: poetry run python manage.py createsuperuser
|
||
|
|
args:
|
||
|
|
chdir: "{{ backend_path.stdout }}"
|
||
|
|
register: createsuperuser
|
||
|
|
ignore_errors: yes # Ignore l'erreur si un superutilisateur existe déjà
|
||
|
|
je veux un truc dans le forme de :
|
||
|
|
- name: Run docker-compose-exec.sh in the cloned repository
|
||
|
|
expect:
|
||
|
|
command: ./docker-compose-exec.sh
|
||
|
|
chdir: ciso-assistant-community
|
||
|
|
responses:
|
||
|
|
'Email: ': 'nmilovanovic@example.com'
|
||
|
|
'Password: ': 'AyrFg520mGmC'
|
||
|
|
'Password \(again\): ': 'AyrFg520mGmC'
|
||
|
|
no_log: true
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
apt update
|
||
|
|
apt install -y git curl npm
|
||
|
|
|
||
|
|
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
|
||
|
|
export NVM_DIR="$HOME/.nvm"
|
||
|
|
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
|
||
|
|
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion
|
||
|
|
|
||
|
|
nvm install 22
|
||
|
|
|
||
|
|
curl -fsSL https://get.pnpm.io/install.sh | env PNPM_VERSION=10.0.0 sh -
|
||
|
|
# pnpm
|
||
|
|
export PNPM_HOME="/root/.local/share/pnpm"
|
||
|
|
case ":$PATH:" in
|
||
|
|
*":$PNPM_HOME:"*) ;;
|
||
|
|
*) export PATH="$PNPM_HOME:$PATH" ;;
|
||
|
|
esac
|
||
|
|
# pnpm end
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
root@z:~/ciso-assistant-community/frontend# cat ~/.bash_history
|
||
|
|
|
||
|
|
|
||
|
|
apt update
|
||
|
|
apt install -y git npm
|
||
|
|
node -v
|
||
|
|
npm install -g pnpm
|
||
|
|
git clone https://github.com/intuitem/ciso-assistant-community.git
|
||
|
|
cd ciso-assistant-community/f
|
||
|
|
cd ciso-assistant-community/frontend/
|
||
|
|
ls
|
||
|
|
pnpm install
|
||
|
|
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
|
||
|
|
apt install -y curl
|
||
|
|
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
|
||
|
|
/root/.nvm/nvm.sh install 20
|
||
|
|
node -v
|
||
|
|
pnpm install
|
||
|
|
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
|
||
|
|
/root/.nvm/nvm.sh install 20
|
||
|
|
node -v
|
||
|
|
/root/.nvm/nvm.sh use 20
|
||
|
|
node -v
|
||
|
|
export NVM_DIR="$HOME/.nvm"
|
||
|
|
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # Charger NVM
|
||
|
|
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"
|
||
|
|
nvm use 20
|
||
|
|
nvm install 20
|
||
|
|
node -v
|
||
|
|
curl -fsSL https://get.pnpm.io/install.sh | env PNPM_VERSION=10.0.0 sh -
|
||
|
|
source ~/.bashrc
|
||
|
|
pnpm install
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
- name: Start database migration
|
||
|
|
|
||
|
|
args:
|
||
|
|
chdir: "{{ backend_path }}"
|
||
|
|
tags:
|
||
|
|
- ciso
|
||
|
|
- pip
|
||
|
|
- tetest
|
||
|
|
|