From ef8daebdcadd0d28a905a599462e6864ad9d1475 Mon Sep 17 00:00:00 2001
From: Claire Peters <clairepeters@g.harvard.edu>
Date: Mon, 25 Sep 2023 16:20:43 -0700
Subject: [PATCH 1/2] update Dockerfiles and startup script

---
 Dockerfile                       | 58 +++++++++++++++++---------------
 Dockerfile-ifx => Dockerfile-dev |  9 +++--
 container_startup.sh             | 14 ++++++--
 3 files changed, 46 insertions(+), 35 deletions(-)
 rename Dockerfile-ifx => Dockerfile-dev (88%)

diff --git a/Dockerfile b/Dockerfile
index ba8dff04a..a85354763 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,46 +1,50 @@
 # syntax=docker/dockerfile:experimental
-FROM python:3.6
+FROM python:3.8
 
-EXPOSE 9000
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    libsasl2-dev libldap2-dev libssl-dev \
-    nginx supervisor \
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+    && apt-get install -y redis redis-server \
+    && apt-get install -y libsasl2-dev libldap2-dev libssl-dev \
     && rm -rf /var/lib/apt/lists/*
 RUN mkdir ~/.ssh && echo "Host git*\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config
-RUN echo 'TLS_REQCERT allow' >> /etc/ldap/ldap.conf
-
-RUN echo "daemon off;" >> /etc/nginx/nginx.conf
-COPY etc/nginx.conf /etc/nginx/sites-available/default
-COPY etc/supervisor.conf /etc/supervisor/conf.d/app.conf
 
 WORKDIR /usr/src/app
 COPY requirements.txt ./
 
+ARG IPYTHON_STARTUP=/root/.ipython/profile_default/startup
+RUN mkdir -p ${IPYTHON_STARTUP}
+COPY etc/ipython_init.py ${IPYTHON_STARTUP}
+
 ARG IFXURLS_COMMIT=549af42dbe83d07b12dd37055a5ec6368d4b649
 ARG NANITES_CLIENT_COMMIT=1e67ce787e27c9c0e32a4c97a4967c297d30b7cf
-ARG IFXMAIL_CLIENT_COMMIT=cc1a9f9cc6cdb951828b6b912bc830c0172785f1
-ARG IFXUSER_COMMIT=4fbf3ee574edf1c2599a059cbd7f05d37cd69c3f
-ARG FIINE_CLIENT_COMMIT=e79f569aa22b43876945bfb75cf169b11a555138
-ARG IFXVALIDCODE_COMMIT=4dd332c5a8e13d904a90da014094406a81b617e6
-ARG IFXBILLING_COMMIT=f4920d351968b0158cd0fbef0a151eb6ea610944
+ARG IFXUSER_COMMIT=6b7194698b49550ae6df395cfea96380536a41bc
+ARG IFXMAIL_CLIENT_COMMIT=8f728ff54441d2f2449fd3c31b75f0f77372b5f2
+ARG FIINE_CLIENT_COMMIT=1946c8db410077d374b8b16f6de5199d9ed10d7e
+ARG IFXEC_COMMIT=0c09c90890fb87d4db22c635a6c403c89e1a957f
+ARG IFXBILLING_COMMIT=58d07688e52b4c63fb93a903cbb8a1e5ed24ea34
 
 RUN --mount=type=ssh pip install --upgrade pip && \
-    pip install gunicorn && \
-    pip install 'Django>2.2,<3' && \
-    pip install django-author==1.0.2 && \
-    pip install git+ssh://git@github.com/harvardinformatics/ifxurls.git@${IFXURLS_COMMIT} && \
+    pip install ldap3 django_auth_ldap && \
+    pip install django-author==1.0.2
+RUN --mount=type=ssh pip install git+ssh://git@github.com/harvardinformatics/ifxurls.git@${IFXURLS_COMMIT} && \
     pip install git+ssh://git@github.com/harvardinformatics/nanites.client.git@${NANITES_CLIENT_COMMIT} && \
-    pip install git+ssh://git@github.com/harvardinformatics/ifxmail.client.git@${IFXMAIL_CLIENT_COMMIT} && \
     pip install git+ssh://git@github.com/harvardinformatics/ifxuser.git@${IFXUSER_COMMIT} && \
-    pip install git+ssh://git@gitlab-int.rc.fas.harvard.edu/informatics/fiine.client.git@${FIINE_CLIENT_COMMIT} && \
-    pip install git+ssh://git@gitlab-int.rc.fas.harvard.edu/informatics/ifxvalidcode.git@${IFXVALIDCODE_COMMIT} && \
-    pip install git+ssh://git@gitlab-int.rc.fas.harvard.edu/informatics/ifxbilling.git@${IFXBILLING_COMMIT} && \
-    pip install ldap3 django_auth_ldap && \
+    pip install git+ssh://git@github.com/harvardinformatics/ifxmail.client.git@${IFXMAIL_CLIENT_COMMIT} && \
+    pip install git+ssh://git@github.com/harvardinformatics/fiine.client.git@${FIINE_CLIENT_COMMIT} && \
+    pip install git+ssh://git@github.com/harvardinformatics/ifxec.git@${IFXEC_COMMIT} && \
+    pip install git+ssh://git@github.com/harvardinformatics/ifxbilling.git@${IFXBILLING_COMMIT} && \
     pip install -r requirements.txt
 
 COPY . .
 
-ENV PYTHONPATH /usr/src/app
+# RUN pip install django-redis reportlab==3.6.6
+# RUN pip install django-debug-toolbar
+
+ENV PYTHONPATH /usr/src/app:/usr/src/app/ifxreport
+
+RUN mkdir -p /usr/src/app/media/reports
+
+EXPOSE 80
+EXPOSE 25
 
-CMD ./manage.py collectstatic --no-input && ./manage.py makemigrations && ./manage.py migrate && /usr/bin/supervisord -n
-RUN ./manage.py qcluster &
+CMD ["/bin/bash", "./container_startup.sh"]
diff --git a/Dockerfile-ifx b/Dockerfile-dev
similarity index 88%
rename from Dockerfile-ifx
rename to Dockerfile-dev
index fadaf1a30..e9a603cc0 100644
--- a/Dockerfile-ifx
+++ b/Dockerfile-dev
@@ -24,15 +24,15 @@ ARG IFXEC_COMMIT=0c09c90890fb87d4db22c635a6c403c89e1a957f
 ARG IFXBILLING_COMMIT=58d07688e52b4c63fb93a903cbb8a1e5ed24ea34
 
 RUN --mount=type=ssh pip install --upgrade pip && \
-    pip install django-author==1.0.2 && \
-    pip install git+ssh://git@github.com/harvardinformatics/ifxurls.git@${IFXURLS_COMMIT} && \
+    pip install ldap3 django_auth_ldap && \
+    pip install django-author==1.0.2
+RUN --mount=type=ssh pip install git+ssh://git@github.com/harvardinformatics/ifxurls.git@${IFXURLS_COMMIT} && \
     pip install git+ssh://git@github.com/harvardinformatics/nanites.client.git@${NANITES_CLIENT_COMMIT} && \
     pip install git+ssh://git@github.com/harvardinformatics/ifxuser.git@${IFXUSER_COMMIT} && \
     pip install git+ssh://git@github.com/harvardinformatics/ifxmail.client.git@${IFXMAIL_CLIENT_COMMIT} && \
     pip install git+ssh://git@github.com/harvardinformatics/fiine.client.git@${FIINE_CLIENT_COMMIT} && \
     pip install git+ssh://git@github.com/harvardinformatics/ifxec.git@${IFXEC_COMMIT} && \
     pip install git+ssh://git@github.com/harvardinformatics/ifxbilling.git@${IFXBILLING_COMMIT} && \
-    pip install ldap3 django_auth_ldap && \
     pip install -r requirements.txt
 
 COPY . .
@@ -47,5 +47,4 @@ RUN mkdir -p /usr/src/app/media/reports
 EXPOSE 80
 EXPOSE 25
 
-CMD ["/bin/bash", "./container_startup.sh"]
-# CMD ["python", "manage.py", "runserver", "0.0.0.0:80", "--insecure"]
+CMD ["/bin/bash", "./container_startup-dev.sh dev"]
diff --git a/container_startup.sh b/container_startup.sh
index ee114f731..a5af99584 100644
--- a/container_startup.sh
+++ b/container_startup.sh
@@ -7,11 +7,19 @@
 # turn on bash's job control
 # set -m
 
-# RUN python3 ./manage.py initial_setup
-# RUN python3 ./manage.py load_test_data
 service redis-server start
 python ./manage.py qcluster &
 python ./manage.py add_scheduled_tasks
+source /srv/coldfront/venv/bin/activate
+python ./manage.py collectstatic
 # initial_setup does not appear to work as requested.
 python ./manage.py initial_setup &
-python ./manage.py runserver 0.0.0.0:80 --insecure
+
+case $1 in
+    'dev')
+            python ./manage.py runserver 0.0.0.0:80 --insecure
+        ;;
+    *)
+            python ./manage.py runserver 0.0.0.0:80
+        ;;
+esac

From 59d86e17c7da910bf3698a0ca8b8985d6951e4b8 Mon Sep 17 00:00:00 2001
From: Claire Peters <clairepeters@g.harvard.edu>
Date: Mon, 25 Sep 2023 16:20:56 -0700
Subject: [PATCH 2/2] update envexample

---
 envexample | 53 +++++++++++++++++++++++++++++++++--------------------
 1 file changed, 33 insertions(+), 20 deletions(-)

diff --git a/envexample b/envexample
index 72ee60d63..23d62622f 100644
--- a/envexample
+++ b/envexample
@@ -15,6 +15,16 @@ SESSION_COOKIE_SECURE=True
 # LANGUAGE_CODE='en-us'
 # TIME_ZONE='America/New_York'
 
+# To override ColdFront stock templates, create a directory and add your
+# custom templates. By default, ColdFront looks in /usr/share/coldfront/site/templates
+# and /usr/share/coldfront/site/static. If you'd like to use a different directory
+# then be sure to set the following environment variable:
+# SITE_TEMPLATES=/path/to/your/templates
+
+# override any static files such as CSS or images by creating a directory and
+# adding your custom static assets, then setting the following variable:
+# SITE_STATIC=/path/to/static/files
+
 
 #------------------------------------------------------------------------------
 # Core settings
@@ -86,14 +96,14 @@ CENTER_HELP_URL='https://portal.rc.fas.harvard.edu/rcrt/submit_ticket'
 #------------------------------------------------------------------------------
 # None of the below settings are needed if using a sqlite database for testing.
 
-# # username for database login
-# DB_USER=coldfront
-# # Database connection. If not set, sqlite:///coldfront.db will be used.
+# username for database login
+DB_USER=coldfront
+# Database connection. If not set, sqlite:///coldfront.db will be used.
 # DB_URL=mysql://user:password@127.0.0.1:3306/database
-# # password for database login
-# DB_PASS=MYPASSWORD
-# # host container for database
-# DB_HOST=coldfront-db
+# password for database login
+DB_PASS=$DB_PASS
+# host container for database
+DB_HOST=coldfront-db
 
 
 #------------------------------------------------------------------------------
@@ -209,32 +219,32 @@ EMAIL_SIGNATURE='FAS Research Computing'
 #------------------------------------------------------------------------------
 # set the following if you are using LDAP integration
 
-# # Enable LDAP Authentication Backend, default False
+# Enable LDAP Authentication Backend, default False
 # PLUGIN_AUTH_LDAP=False
 
-# # URI of LDAP server
+# URI of LDAP server
 # AUTH_LDAP_SERVER_URI=ldaps://my.ldap:636
 
-# # User search base dn
+# User search base dn
 # AUTH_LDAP_USER_SEARCH_BASE='OU=Domain Users,dc=rc,dc=domain'
 
-# # Enable/disable start tls, default True
+# Enable/disable start tls, default True
 # AUTH_LDAP_START_TLS=False
 
-# # Authentication will leave the LDAP connection bound as the authenticating user,
-# # rather than forcing it to re-bind, default False
+# Authentication will leave the LDAP connection bound as the authenticating user,
+# rather than forcing it to re-bind, default False
 # AUTH_LDAP_BIND_AS_AUTHENTICATING_USER=False
 
-# # The distinguished name to use when binding to the LDAP server
+# The distinguished name to use when binding to the LDAP server
 # AUTH_LDAP_BIND_DN='CN=xdmodldap,OU=Service Accounts,OU=Domain Users,DC=rc,DC=domain'
 
-# # The password to use AUTH_LDAP_BIND_DN
+# The password to use AUTH_LDAP_BIND_DN
 # AUTH_LDAP_BIND_PASSWORD='password_in_singlequotes'
 
-# # Enable/disable mirroring of groups, default True
+# Enable/disable mirroring of groups, default True
 # AUTH_LDAP_MIRROR_GROUPS=True
 
-# # Group search base dn
+# Group search base dn
 # AUTH_LDAP_GROUP_SEARCH_BASE='OU=Domain Groups,dc=rc,dc=domain'
 
 
@@ -247,7 +257,10 @@ PLUGIN_IFX=True
 
 # If using the FASRC plugin, uncomment the lines below and add the neo4j password.
 # PLUGIN_FASRC=True
-# neo4jp=NEO4J_INSTANCE_PASSWORD
+# NEO4JP=$NEO4JP
+
+# If using the FASRC LDAP plugin, uncomment the line below
+# PLUGIN_LDAP=True
 
 
 #------------------------------------------------------------------------------
@@ -255,5 +268,5 @@ PLUGIN_IFX=True
 #------------------------------------------------------------------------------
 # If using SFtoCF, uncomment the lines below and add starfish account details.
 # PLUGIN_SFTOCF=True
-# SFUSER=STARFISH_ACCOUNT_USERNAME
-# SFPASS=STARFISH_ACCOUNT_PASSWORD
+# SFUSER=$SFUSER
+# SFPASS=$SFPASS