-
Notifications
You must be signed in to change notification settings - Fork 0
Installation
Note Ensure that you've set up the system security features you want installed before using in a production environment! At minimum you will want ports 80 and 443 to be open, but other things the server is doing might require other ports (unrelated to this project).
Installation works on Ubuntu Server LTS. Other Linux distributions may work, but other distributions may not work as expected. The following are required to be set up on the machine(s) before either of the installation methods documented below can be followed:
- LXD
- OpenSSL
First, you'll want to clone the repository:
[email protected]:mkorcha/CoyoteLab.git && cd CoyoteLab
LXD is a "hypervisor" for the LXC container system. First, install via your package manager:
Ubuntu 16.04
sudo apt-get install lxd
Ubuntu 14.04
Ensure you have enabled the trusty-backports repo, then:
sudo apt-get install lxd -t trusty-backports
Next, you need to initialize LXD. Follow the prompts, making sure to open to the network on address 0.0.0.0 and on the default port (if you change these, the configuration file config.py will need to be updated). Also, ensure you allow an IPv4 subnet to be created.
sudo lxd init
OpenSSL is needed to generate certificates needed when interfacing with LXD and for Nginx.
sudo apt-get install openssl
You'll need to generate a certificate and keyfile in the root of the project directory to be used for LXD:
openssl req -newkey rsa:2048 -nodes -keyout cert.key -out cert.csr
openssl x509 -signkey cert.key -in cert.csr -req -days 365 -out cert.crt
If you already have a certificate for Nginx, you can continue. Otherwise, switch to the docker/nginx directory and create certificates again there (the commands above will be sufficient).
The easiest way to set up the project is using Docker. Install Docker and Docker Compose using the following links:
Copy the certificate files you created above to the docker/app directory:
cp cert.* docker/app/.
Then, build and run the application:
sudo docker-compose build && sudo docker-compose up
In development mode, running in the foreground is helpful to see errors as they happen and monitor the services. However, in production, you probably want to be able to do other things. To run in the background:
sudo docker-compose up -d
To access the logs of a container, get the container name of the applicable container:
sudo docker ps
Then, view the logs:
sudo docker logs [CONTAINER_NAME] | less
Note on Firewall Rules
The containers use a shell script app/docker/set_host.sh to set where the host is on the network. This needs to be available to the containers on the port specified (to access the LXD API), but you most likely don't want that accessible to the world. This IPTables rule will allow containers to access the host machine on port 8443 (change to whatever you set it to when installing LXD):
-A INPUT -p tcp -m state --state NEW ---dport 8443 -s 172.0.0.0/8 -j ACCEPT
Once everything is up and running, you'll need to initialize some data. If you just want to test out how the system works without much effort, you can run the populate command:
sudo docker exec -it coyotelab_app_1 bash -c "cd /var/app/project && source ../set_host.sh && python manage.py db populate"
This creates a sample course and two sample accounts, mike-s and mike-i, a student and an instructor account, respectively. Both have temporary passwords of password123.
However, if you want to actually use this and not have temporary accounts lying around, you'll want to manually generate the initial container and the first instructor account:
sudo docker exec -it coyotelab_app_1 bash -c "cd /var/app/project && source ../set_host.sh && python manage.py lxd_init"
sudo docker exec -it coyotelab_app_1 bash -c "cd /var/app/project && source ../set_host.sh && python manage.py adduser -p <TEMPORARY PASSWORD? -n \"<USER'S NAME>\" instructor <USER'S EMAIL>"
Now, log in to the system with the credentials you provided and you should be good to go!