senke/talas-group
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
talas-group/04_INFRA_DEPLOIEMENT/Notes_Operations/ciso_klean.txt
senke 66471934af Initial commit: Talas Group project management & documentation 
Knowledge base of ~80+ markdown files across 14 domains (00-13),
Logseq graph, hardware design files (KiCAD), infrastructure configs,
and talas-wiki static site.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 20:10:41 +02:00

270 lines
12 KiB
Text
Raw Permalink Blame History

https://github.com/intuitem/ciso-assistant-community?tab=readme-ov-file#setting-up-ciso-assistant-for-development
L'objectif est d'utiliser CISO Assistant sans docker et avec un reverse proxy Apache httpd plutot que Caddy.
### On host (edit /etc/hosts file):
10.184.116.195 febciso
### Inside an incus container ( ciso-assistant --> 10.184.116.195)
apt update && apt install -y python3 python3-pip python3-pexpect npm libyaml-cpp-dev curl git libpangoft2-1.0-0/stable libpango-1.0-0/stable python3-venv
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
curl -fsSL https://get.pnpm.io/install.sh | env PNPM_VERSION=10.0.0 sh -
curl -sSL https://install.python-poetry.org | python3 -
echo 'export PATH="/root/.local/bin:$PATH"' >> ~/.bashrc
source ~/.bashrc
pnpm env use --global lts
nvm install 22
git clone https://github.com/intuitem/ciso-assistant-community.git
cd ciso-assistant-community/
ndelprat@cosium.com
SasquatchùUndefinedùPropertyùPrelaunchùNumeratorùEngulf6
cd backend/
poetry install
pre-commit install
poetry run python manage.py migrate
poetry run python manage.py createsuperuser
export CISO_ASSISTANT_URL=https://ciso:443
export ALLOWED_HOSTS=ciso,localhost,z-ciso-backend-1,z-ciso-backend-2
poetry run python manage.py runserver
### In another prompt:
cd ..
cd .git/hooks
ln -fs ../../git_hooks/post-commit .
ln -fs ../../git_hooks/post-merge .
cd ../../
cd frontend/
npm install -g pnpm
pnpm install
pnpm run build
export HOST_HEADER=x-forwarded-host
export PROTOCOL_HEADER=x-forwarded-proto
export PUBLIC_BACKEND_API_EXPOSED_URL=https://ciso:443/api
export PUBLIC_BACKEND_API_URL=http://ciso:8000/api
export ORIGIN=https://ciso:443
node server
export ALLOWED_HOSTS=z-ciso,localhost,127.0.0.1
export CISO_ASSISTANT_URL=https://z-ciso:443
export DB_PORT=5432
export DB_HOST=127.0.0.1
export POSTGRES_PASSWORD=SecrecyùCackleùPennant3ùStarfishùStoppageùOvercoatùBrushùDrizzly
export POSTGRES_USER=ciso-assistant-user
export POSTGRES_NAME=ciso-assistant
Auto-signed certificate SSL:
mkdir /etc/haproxy/certs
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/haproxy/certs/ciso.key \
-out /etc/haproxy/certs/ciso.crt
cat /etc/haproxy/certs/ciso.crt /etc/haproxy/certs/ciso.key > /etc/haproxy/certs/ciso.pem
HaProxy Configuration :
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
ssl-default-bind-ciphers HIGH:!aNULL:!MD5
defaults
log global
option httplog
option dontlognull
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
retries 3
frontend https_front
bind *:443 ssl crt /etc/haproxy/certs/ciso.pem
mode http
option httplog
use_backend backend_ciso if { path_beg /api/ }
default_backend frontend_ciso
backend backend_ciso
mode http
balance roundrobin
option httpchk GET /
server backend1 127.0.0.1:8000 check
backend frontend_ciso
mode http
balance roundrobin
option httpchk GET /
server frontend1 127.0.0.1:3000 check
eventually install caddy :
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
create a Caddyfile :
https://ciso:8443 {
reverse_proxy /api/* localhost:8000
reverse_proxy /* localhost:3000
tls internal
}
launch the caddy server :
caddy run --config Caddyfile
plutot que :
- name: Create superuser (interactive)
command: poetry run python manage.py createsuperuser
args:
chdir: "{{ backend_path.stdout }}"
register: createsuperuser
ignore_errors: yes # Ignore l'erreur si un superutilisateur existe déjà
je veux un truc dans le forme de :
- name: Run docker-compose-exec.sh in the cloned repository
expect:
command: ./docker-compose-exec.sh
chdir: ciso-assistant-community
responses:
'Email: ': 'nmilovanovic@example.com'
'Password: ': 'AyrFg520mGmC'
'Password \(again\): ': 'AyrFg520mGmC'
no_log: true
apt update
apt install -y git curl npm
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion
nvm install 22
curl -fsSL https://get.pnpm.io/install.sh | env PNPM_VERSION=10.0.0 sh -
# pnpm
export PNPM_HOME="/root/.local/share/pnpm"
case ":$PATH:" in
*":$PNPM_HOME:"*) ;;
*) export PATH="$PNPM_HOME:$PATH" ;;
esac
# pnpm end
root@z:~/ciso-assistant-community/frontend# cat ~/.bash_history
apt update
apt install -y git npm
node -v
npm install -g pnpm
git clone https://github.com/intuitem/ciso-assistant-community.git
cd ciso-assistant-community/f
cd ciso-assistant-community/frontend/
ls
pnpm install
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
apt install -y curl
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
/root/.nvm/nvm.sh install 20
node -v
pnpm install
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
/root/.nvm/nvm.sh install 20
node -v
/root/.nvm/nvm.sh use 20
node -v
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # Charger NVM
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"
nvm use 20
nvm install 20
node -v
curl -fsSL https://get.pnpm.io/install.sh | env PNPM_VERSION=10.0.0 sh -
source ~/.bashrc
pnpm install
- name: Start database migration
args:
chdir: "{{ backend_path }}"
tags:
- ciso
- pip
- tetest
Reference in a new issue View git blame Copy permalink