PASSBOLT-1334 demo container

.gitignore

@@ -0,0 +1,45 @@
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff:
+.idea/workspace.xml
+.idea/tasks.xml
+.idea/dictionaries
+.idea/vcs.xml
+.idea/jsLibraryMappings.xml
+
+# Sensitive or high-churn files:
+.idea/dataSources.ids
+.idea/dataSources.xml
+.idea/dataSources.local.xml
+.idea/sqlDataSources.xml
+.idea/dynamic.xml
+.idea/uiDesigner.xml
+
+# Gradle:
+.idea/gradle.xml
+.idea/libraries
+
+# Mongo Explorer plugin:
+.idea/mongoSettings.xml
+
+## File-based project format:
+*.iws
+
+## Plugin-specific files:
+
+# IntelliJ
+/out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+

Dockerfile

@@ -0,0 +1,87 @@
+FROM debian:jessie
+
+# mysql before installation configuration
+RUN export DEBIAN_FRONTEND="noninteractive" \
+    && echo "mysql-server mysql-server/root_password password root" | debconf-set-selections \
+    && echo "mysql-server mysql-server/root_password_again password root" | debconf-set-selections
+
+# debian packages installation
+RUN apt-get clean && apt-get update && apt-get install -y \
+    # persistent &runtime deps. \
+    ca-certificates curl libpcre3 librecode0 libsqlite3-0 libxml2 --no-install-recommends \
+    # unix tools \
+    nano wget openssh-client \
+    # versioning & package manager \
+    git npm \
+    # phpize dependencies \
+    autoconf file g++ gcc libc-dev make pkg-config re2c \
+    # persistance
+    redis-server mysql-server-5.5 \
+    # php \
+    php5-json php5-cli php5-common \
+    php5-curl php5-dev php5-gd php5-mcrypt \
+    php5-mysql php5-xdebug php5-xsl php5-intl \
+    # memchached \
+    memcached php5-memcached \
+    # apache \
+    apache2 apache2-utils libapache2-mod-php5 \
+    # gnupg dependency \
+    libgpgme11-dev \
+    # pear \
+    php-pear \
+    # Commented until the following bug is fixed : https://github.com/docker/hub-feedback/issues/556 \
+    #&& apt-get clean \
+     && rm -rf /var/lib/apt/lists/*
+
+# Configure the user www-data environment
+RUN mkdir /home/www-data/ \
+    && chown www-data:www-data /home/www-data/ \
+    && usermod -d /home/www-data www-data
+
+# Configure node and install grunt
+# On debian they choose to rename node in nodejs, some tools try to access nodejs by using the commande noe.
+RUN ln -s /usr/bin/nodejs /usr/bin/node \
+    # install grunt
+    && npm install -g grunt-cli
+
+
+# Install and configure gnupg
+RUN pecl install gnupg \
+    && echo "extension=gnupg.so;" > /etc/php5/mods-available/gnupg.ini \
+    && ln -s /etc/php5/mods-available/gnupg.ini /etc/php5/apache2/conf.d/20-gnupg.ini \
+    && ln -s /etc/php5/mods-available/gnupg.ini /etc/php5/cli/conf.d/20-gnupg.ini \
+    # configure the user www-data env to work with gnupg \
+    && mkdir /home/www-data/.gnupg \
+    && chown www-data:www-data /home/www-data/.gnupg \
+    && chmod 0777 /home/www-data/.gnupg
+
+# Configure apache
+ADD /server-conf/apache/passbolt.conf /etc/apache2/sites-available/passbolt.conf
+ADD /server-conf/apache/000-default.conf /etc/apache2/sites-available/000-default.conf
+
+RUN rm -f /etc/apache2/sites-enabled/* \
+    && rm -fr /var/www/html \
+    && a2enmod proxy \
+    && a2enmod proxy_http \
+    && a2enmod rewrite \
+    && a2ensite passbolt \
+    && a2ensite 000-default.conf
+
+# Configure php
+RUN echo "memory_limit=1024M" > /etc/php5/apache2/conf.d/20-memory-limit.ini \
+    && echo "memory_limit=1024M" > /etc/php5/cli/conf.d/20-memory-limit.ini
+
+# Install composer
+RUN curl -sS https://getcomposer.org/installer | php \
+    && mv composer.phar /usr/local/bin/composer
+
+# Special hack for macosx, to let www-data able to write on mounted volumes.
+# See docker bug: https://github.com/boot2docker/boot2docker/issues/581.
+RUN usermod -u 1000 www-data \
+    && usermod -a -G staff www-data \
+    && chown -Rf www-data:www-data /var/www/
+
+ADD /entry-point.sh /entry-point.sh
+RUN chmod 0755 /entry-point.sh
+
+CMD ["bash", "/entry-point.sh"]

README.md

@@ -1 +1,42 @@
-# passbolt_docker_debian
+# PASSBOLT DEBIAN DOCKER CONTAINER
+
+ERRATUM : THIS IS A DEMO CONTAINER. DO NOT USE IT IN PRODUCTION.
+
+How to use it
+-------------
+1) First, download passbolt source code from git.
+```
+	git clone https://github.com/passbolt/passbolt.git
+```
+
+2) Then, configure the container.
+There is a configuration file located in /conf/conf.sh
+
+It contains the following options :
+
+- PASSBOLT_DIR : path to passbolt source code.
+- MYSQL_HOST : mysql host. Keep it as 'localhost' to let the container handle the database.
+- MYSQL_ROOT_PASSWORD : root password of mysql. It is only useful if MYSQL_HOST is set to localhost.
+- MYSQL_USERNAME : valid username for the database.
+- MYSQL_PASSWORD : valid password for the database.
+- MYSQL_DATABASE : name of the database to be used.
+
+Enter the values corresponding to your settings. The most important setting is PASSBOLT_DIR. You can keep the default values for the rest.
+
+3) Finally, you can build and run the container :
+```
+	cd /path/to/docker/files
+	docker build -t passbolt_debian .
+	./launch-container.sh
+```
+
+Behavior
+--------
+By default the container will create a new database and use it to install passbolt.
+However, in case an external database is provided in the settings, it will try to use it.
+A few consideration :
+- There should be a valid username, password and database on the mysql server.
+- If the database exists but without passbolt installed, then passbolt will be installed normally.
+- If the database exists and already has a passbolt installed, then no db installation will be done and the existing data will be kept.
+
+

conf/conf.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# Passbolt directory.
+PASSBOLT_DIR=/path/to/passbolt/dir
+
+# MySQL configuration.
+MYSQL_HOST=localhost
+# Only necessary if we use the local database.
+MYSQL_ROOT_PASSWORD=rootpassword
+MYSQL_USERNAME=passbolt
+MYSQL_PASSWORD=password123
+MYSQL_DATABASE=passbolt
+

entry-point.sh

@@ -0,0 +1,92 @@
+#!/bin/bash
+IS_MYSQL_LOCAL=1
+if [[ $MYSQL_HOST != "localhost" ]];
+then
+    IS_MYSQL_LOCAL=0
+fi
+
+
+# If Mysql is local (no persistence), we reset everything and create the database.
+if [ $IS_MYSQL_LOCAL == 1 ]; then
+    echo "using local mysql"
+    echo "Resetting root password, and create user ${MYSQL_USERNAME}"
+    # Start mysql
+    service mysql start
+    # Change password of database
+mysql --host=localhost --user=root --password=root << EOSQL
+    SET @@SESSION.SQL_LOG_BIN=0;
+    SET PASSWORD FOR 'root'@'localhost' = PASSWORD('${MYSQL_ROOT_PASSWORD}');
+    GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ;
+    DROP DATABASE IF EXISTS test ;
+    FLUSH PRIVILEGES ;
+EOSQL
+
+    # Create the passbolt database
+    echo "Create database ${MYSQL_DATABASE}"
+    mysql -u "root" --password="${MYSQL_ROOT_PASSWORD}" -e "create database ${MYSQL_DATABASE}"
+    echo "Create user ${MYSQL_USERNAME} and give access to ${MYSQL_DATABASE}"
+    mysql -u "root" --password="${MYSQL_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON ${MYSQL_DATABASE}.* To '${MYSQL_USERNAME}'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD}'"
+    echo "flush privileges"
+    mysql -u "root" --password="${MYSQL_ROOT_PASSWORD}" -e "FLUSH PRIVILEGES"
+
+# If Mysql is on a different host, check if the database exists.
+else
+    echo "using remote mysql"
+    echo "Checking database ${MYSQL_DATABASE}"
+    RESULT=`mysql -h $MYSQL_HOST  -u $MYSQL_USERNAME -p$MYSQL_PASSWORD --skip-column-names -e "SHOW DATABASES LIKE '$MYSQL_DATABASE'"`
+    if [ "$RESULT" != "$MYSQL_DATABASE" ]; then
+        echo "The database $MYSQL_DATABASE does not exist in the mysql instance provided."
+    fi
+    echo "ok"
+fi
+
+# Restart the apache2 service
+service apache2 restart
+
+# Start the memcached service
+service memcached restart
+
+# Default configuration files
+cp -a /var/www/passbolt/app/Config/app.php.default /var/www/passbolt/app/Config/app.php
+cp -a /var/www/passbolt/app/Config/core.php.default /var/www/passbolt/app/Config/core.php
+cp -a /var/www/passbolt/app/webroot/js/app/config/config.json.default /var/www/passbolt/app/webroot/js/app/config/config.json
+
+DATABASE_CONF=/var/www/passbolt/app/Config/database.php
+# Set configuration in file
+cat > $DATABASE_CONF << EOL
+    <?php
+    class DATABASE_CONFIG {
+        public \$default = array(
+            'datasource' => 'Database/Mysql',
+            'persistent' => false,
+            'host' => '${MYSQL_HOST}',
+            'login' => '${MYSQL_USERNAME}',
+            'password' => '${MYSQL_PASSWORD}',
+            'database' => '${MYSQL_DATABASE}',
+            'prefix' => '',
+            'encoding' => 'utf8',
+        );
+    };
+EOL
+
+# Check if passbolt is already installed.
+IS_PASSBOLT_INSTALLED=0
+OUTPUT=$(mysql -N -s -u ${MYSQL_USERNAME} -p${MYSQL_PASSWORD} -e "select count(*) from information_schema.tables where table_schema='${MYSQL_DATABASE}' and table_name='users';")
+echo "OUTPUT=${OUTPUT}"
+if [ $OUTPUT  == "1" ]; then
+    echo "passbolt is already installed in this database"
+    IS_PASSBOLT_INSTALLED=1
+else
+    echo "passbolt is not installed in this database. Proceeding.."
+fi
+
+
+# Install passbolt
+if [[ $IS_PASSBOLT_INSTALLED == "0"]]; then
+    echo "Installing"
+    su -s /bin/bash -c "/var/www/passbolt/app/Console/cake install" www-data
+    echo "We are all set. Have fun with Passbolt !"
+    echo "Reminder : THIS IS A DEMO CONTAINER. DO NOT USE IT IN PRODUCTION!!!!"
+fi
+
+/bin/bash

launch-container.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+SRC=$(cd $(dirname "$0"); pwd)
+source "${SRC}/conf/conf.sh"
+
+docker run -p 8081:8081 -p 80:80 -d -it --hostname=passbolt.docker --name passbolt \
+    -v $PASSBOLT_DIR:/var/www/passbolt \
+    -e MYSQL_HOST=$MYSQL_HOST \
+    -e MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD \
+    -e MYSQL_USERNAME=$MYSQL_USERNAME \
+    -e MYSQL_PASSWORD=$MYSQL_PASSWORD \
+    -e MYSQL_DATABASE=$MYSQL_DATABASE \
+    passbolt_debian

server-conf/apache/000-default.conf

@@ -0,0 +1,31 @@
+<VirtualHost *:80>
+	# The ServerName directive sets the request scheme, hostname and port that
+	# the server uses to identify itself. This is used when creating
+	# redirection URLs. In the context of virtual hosts, the ServerName
+	# specifies what hostname must appear in the request's Host: header to
+	# match this virtual host. For the default virtual host (this file) this
+	# value is not decisive as it is used as a last resort host regardless.
+	# However, you must set it for any further virtual host explicitly.
+	#ServerName www.example.com
+
+	ServerAdmin webmaster@localhost
+	DocumentRoot /var/www
+
+	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+	# error, crit, alert, emerg.
+	# It is also possible to configure the loglevel for particular
+	# modules, e.g.
+	#LogLevel info ssl:warn
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+	# For most configuration files from conf-available/, which are
+	# enabled or disabled at a global level, it is possible to
+	# include a line for only one particular virtual host. For example the
+	# following line enables the CGI configuration for this host only
+	# after it has been globally disabled with "a2disconf".
+	#Include conf-available/serve-cgi-bin.conf
+</VirtualHost>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

server-conf/apache/passbolt.conf

@@ -0,0 +1,14 @@
+Listen 8081
+
+<VirtualHost *:8081>
+	DocumentRoot /var/www/passbolt
+	RewriteEngine On
+
+	# Other directives here
+    <Directory /var/www/passbolt>
+            Options Indexes FollowSymLinks
+            AllowOverride All
+            Order allow,deny
+            allow from all
+    </Directory>
+</VirtualHost>