diff --git a/.config/containers/systemd/hackspace-mgmt.container b/.config/containers/systemd/hackspace-mgmt.container new file mode 100644 index 0000000..09adf70 --- /dev/null +++ b/.config/containers/systemd/hackspace-mgmt.container @@ -0,0 +1,27 @@ +# documentation: https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html + +[Unit] +Description=The hackspace-Mgmt container +After=local-fs.target + +# Works if both quadlet services are on the SAME PC! +After=postgres-mgmt.container +Requires=postgres-mgmt.container + +[Container] +Image=hackspace-mgmt_app:latest +# don't think we need an Exec= command +Annotation="run.oci.keep_original_groups=1" +UserNS=keep-id +PublishPort=5000:5000 # change the first port to whatever you want it to be :). +# HostName=name +# IP=10.0.0.1 +# IPv6=2001::1 +# DNS= +# DNSOption= +# DNSSearch= +Environment=DATABASE_URI="postgresql+psycopg2://postgres:postgres@localhost:5432/hackspace" + +[Install] +# Start by default on boot +WantedBy=multi-user.target default.target \ No newline at end of file diff --git a/.config/containers/systemd/postgres-mgmt.container b/.config/containers/systemd/postgres-mgmt.container new file mode 100644 index 0000000..4d572a0 --- /dev/null +++ b/.config/containers/systemd/postgres-mgmt.container @@ -0,0 +1,39 @@ +# documentation: https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html + +[Unit] +Description=The postgres container for sensitive data from hackspace-Mgmt +After=local-fs.target +# May want to edit the After line to be e.g. after Postgres is available on other PC. + +[Container] +Image=postgres:18 + +# Apparently needed? +Annotation="run.oci.keep_original_groups=1" +UserNS=keep-id + +PublishPort=5432:5432 # need to change external port (left side) +# HostName=name +# IP=10.0.0.1 +# IPv6=2001::1 +# DNS= +# DNSOption= +# DNSSearch= + +# First try with these environment variables: +Environment=POSTGRES_HOST=localhost +Environment=POSTGRES_USER=postgres +Environment=POSTGRES_PASSWORD=postgres +Environment=POSTGRES_DB=hackspace + +# Then replace PASSWORD and try again: +# Secret=POSTGRES_PASSWORD,type=env,target=POSTGRES_PASSWORD + +Volume=/srv/USER/data/postgres:/var/lib/postgresql +Volume=/home/USER/hackspace-mgmt/migration:/docker-entrypoint-initdb.d:ro + +# NETWORK_MODE: HOST <- MAY BE NEEDED? + +[Install] +# Start by default on boot +WantedBy=multi-user.target default.target \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..2f86079 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,13 @@ +# syntax=docker/dockerfile:1 + +FROM python:latest +# WORKDIR /app +COPY . . +# RUN apt-get update && apt-get install -y python3.11 python3-pip +ENV PIP_ROOT_USER_ACTION=ignore +RUN pip install -r requirements.txt +ENV FLASK_APP hackspace_mgmt:create_app +#ENV FLASK_ENV development +EXPOSE 5000 +#CMD ["flask"] +ENTRYPOINT ["flask", "run", "--host=0.0.0.0", "--debug"] diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..a8b8ca6 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,57 @@ +version: '3.8' + +services: + app: + build: + context: . + dockerfile: ./Dockerfile + # dockerfile: .devcontainer/Dockerfile + ports: + - "5000:5000" + depends_on: + - db + # volumes: + # - ../..:/workspaces:cached + + # Overrides default command so things don't shut down after the process ends. + # command: sleep infinity + + # Runs app on the same network as the database container, allows "forwardPorts" in devcontainer.json function. + # network_mode: service:db + network_mode: host + # Use "forwardPorts" in **devcontainer.json** to forward an app port locally. + # (Adding the "ports" property to this file will not forward from a Codespace.) + +# DB_17 is provided as a means to stand up a postgres_17 database. I would hope we'll move to postgres_18 eventually. + # db_17: + # image: postgres:17 + # restart: unless-stopped + # volumes: + # - postgres-data:/var/lib/postgresql/data + # - ./migration:/docker-entrypoint-initdb.d:ro # This mounts the hacksapce-mgmt/migration folder to the postgresql container and initialises the hackspace database with all required tables using inserted scripts. + # environment: + # POSTGRES_HOST: localhost + # POSTGRES_USER: postgres + # POSTGRES_DB: hackspace + # POSTGRES_PASSWORD: postgres # pass in a secret here. + # ports: + # - 5432:5432 + # network_mode: host + + db: + image: postgres:18 + restart: unless-stopped + volumes: + - postgres-data:/var/lib/postgresql + - ./migration:/docker-entrypoint-initdb.d:ro # This mounts the hacksapce-mgmt/migration folder to the postgresql container and initialises the hackspace database with all required tables using inserted scripts. + environment: + POSTGRES_HOST: localhost + POSTGRES_USER: postgres + POSTGRES_DB: hackspace + POSTGRES_PASSWORD: postgres # pass in a secret here. + ports: + - 5432:5432 + network_mode: host + +volumes: + postgres-data: diff --git a/docs/01_dev_environment.md b/docs/01_dev_environment.md index 0832f6f..909b88c 100644 --- a/docs/01_dev_environment.md +++ b/docs/01_dev_environment.md @@ -4,7 +4,7 @@ This is a somewhat straightforward python Flask app, backed by a Postgres databa The repository has a dev container configured which you can use if you like. -Requiments: +Requirements: - Python 3.9+ - PostgreSQL 14+ - installed as part of the devcontainer if you are using it. - Some ability to run Postgres queries directly - pgAdmin is a good GUI option, while `psql` is a good CLI - both are bundled with Postgres @@ -15,10 +15,13 @@ Most of us use VsCode as a lightweight IDE. ### Database Setup +1. if you've run postgres in a container, first execute in to the container with `podman exec -it container_name sh` then become the postgres user with `su - postgres`. This wil then allow you to move on to the next step. 1. Connect to the database using `psql postgres` or using pgAdmin. 2. Create a database called `hackspace`. In psql, you can run the query `CREATE DATABASE hackspace;` (don't forget the semi-colon!). 3. Under the `hackspace-mgmt/migration` folder is a bunch of SQL scripts. Run these, in order, against the new hackspace database. In pgAdmin, you would right click on the database and open the `Query` tool. Then copy-paste in the contents of each file and run them one-by-one. +if you've connected to psql in a container, run each of these commands in a series: `postgres@564b3daf528f:/testdata/migration$ psql -d hackspace < 19_address_not_null.sql ` + If you had to change the username, then you'll want to create a postgres user. You can do this by right-clicking the server and then _Create->Login/Group role_. Name the role `postgres`, then on the _Priveleges_ tab, enable _Can Login_ and _Superuser_ (this isn't recommended for production, but fine for development). ### Webserver Setup diff --git a/docs/03_dockerfile.md b/docs/03_dockerfile.md new file mode 100644 index 0000000..2f1f12f --- /dev/null +++ b/docs/03_dockerfile.md @@ -0,0 +1,35 @@ +# Podman +build with `podman build -t hackspace-mgmt:latest .` + +run with `podman run --name hs-mgmt --network host --rm localhost/hackspace-mgmt:latest` + +access on your web browser at `localhost:5000/admin` + +# Podman-compose +run `podman-compose up [--build]` +access on your web browser at `localhost:5000/admin` + +# Quadlet +Copy the hackspace-mgmt.container file from `./quadlet/` to one of the locations mentioned below. +do a systemctl daemon-reload (whether as a root or as a `--user`) +do a systemctl start hackspace-mgmt.service (whether as a root or as a `--user`) +`systemctl [--user] status hackspace-mgmt.service` and `podman ps -a` to determine status. +access on your web browser at `localhost:5000/admin` +### Quadlet notes + +https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/building_running_and_managing_containers/assembly_porting-containers-to-systemd-using-podman_building-running-and-managing-containers + +Create the .container unit file in one of the following directories: + + For root users: /usr/share/containers/systemd/ or /etc/containers/systemd/ + For rootless users: $HOME/.config/containers/systemd/, $XDG_CONFIG_HOME/containers/systemd/, /etc/containers/systemd/users/$(UID), or /etc/containers/systemd/users/ + +The orchestration technology used in production is quadlet https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html +The two important settings for allowing the container to use the peer authentication with postgress are: + +``` +[container] +Annotation="run.oci.keep_original_groups=1" +UserNS=keep-id +``` +access on your web browser at `localhost:5000/admin` \ No newline at end of file diff --git a/hackspace_mgmt/__init__.py b/hackspace_mgmt/__init__.py index ec68931..7534e79 100644 --- a/hackspace_mgmt/__init__.py +++ b/hackspace_mgmt/__init__.py @@ -9,6 +9,8 @@ def create_app(test_config=None): app.config.from_mapping( SECRET_KEY="dev", SQLALCHEMY_DATABASE_URI="postgresql+psycopg2://postgres:postgres@localhost:5432/hackspace", + # note USERNAME AND PASSWORD NEED TO CHANGE HERE + # SQLALCHEMY_DATABASE_URI=os.getenv('DATABASE_URL'), STORAGE_LOGIN_SECRET="dev", STORAGE_APP_URL="http://example.com" ) diff --git a/hackspace_mgmt/admin/__init__.py b/hackspace_mgmt/admin/__init__.py index edf6954..dd3452c 100644 --- a/hackspace_mgmt/admin/__init__.py +++ b/hackspace_mgmt/admin/__init__.py @@ -1,8 +1,9 @@ from flask_admin import Admin +from flask_admin.theme import Bootstrap4Theme from . import machine, induction, firmware_update, card, bulk_card, member, label, quiz, audit -admin = Admin(None, 'Hackspace Management Admin', template_mode='bootstrap4', endpoint="admin", url="/admin") +admin = Admin(None, 'Hackspace Management Admin', theme=Bootstrap4Theme(), endpoint="admin", url="/admin") machine.create_views(admin) induction.create_views(admin) @@ -12,4 +13,4 @@ member.create_views(admin) label.create_views(admin) quiz.create_views(admin) -audit.create_views(admin) \ No newline at end of file +audit.create_views(admin)