ready to test defect dojo deployment

emmanuel-knafo · emmanuel-knafo · commit ebf8a79da32e · 2024-11-27T00:15:18.000-05:00
diff --git a/infra/defect-dojo/deployDefectDojo.ps1 b/infra/defect-dojo/deployDefectDojo.ps1
@@ -12,7 +12,13 @@ param (
     [Parameter()]
     [string]$subscriptionId = "IT Test",
     [Parameter()]
-    [string]$sshKeyPath = "$HOME\.ssh\vm-defectdojo-${nameSuffix}-id_rsa"
+    [string]$sshKeyPath = "$HOME\.ssh\vm-defectdojo-${nameSuffix}-id_rsa",
+    [Parameter()]
+    [string] $username = "ddadmin",
+    [Parameter()]
+    [string] $password = "booWgDmaYdgNxO5eNWql",
+    [Parameter()]
+    [string] $adminUsername = "azureuser"
 )
 
 # function to generate random password
@@ -70,9 +76,9 @@ Write-Output "Public key:"
 $sshPublicKey = Get-Content "$sshKeyPath.pub"
 Write-Output $sshPublicKey
 
-# generate random password for postgresql
-$password = New-Password -length 32
-Write-Output "Generated password for PostgreSQL: $password"
+# # generate random password for postgresql
+# $password = New-Password -length 32
+# Write-Output "Generated password for PostgreSQL: $password"
 
 # deploy bicep
 Write-Output "Deploying bicep template $templateFile to resource group $resourceGroupName"
@@ -82,7 +88,9 @@ az deployment group create `
     --template-file main.bicep `
     --parameters sshPublicKey="`"$sshPublicKey`"" `
     --parameters administratorLoginPassword="`"$password`"" `
-    --parameters nameSuffix="`"$nameSuffix`""
+    --parameters nameSuffix="`"$nameSuffix`"" `
+    --parameters adminUsername="`"$adminUsername`"" `
+    --parameters administratorLogin="`"$username`"" `
 
 # output vm public ip address from deployment output
 $fqdn = (az deployment group show `
diff --git a/infra/defect-dojo/main.bicep b/infra/defect-dojo/main.bicep
@@ -7,12 +7,12 @@ param virtualNetworkName string = 'vnet-vm-defectdojo-${nameSuffix}-${uniqueStri
 param networkSecurityGroupName string = 'nsg-vm-defectdojo-${nameSuffix}-${uniqueString(resourceGroup().id)}'
 
 param location string = resourceGroup().location
-param adminUsername string = 'azureuser'
+param adminUsername string //= 'azureuser'
 
 param sshPublicKey string //= 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4AAZjNhnoNi/tBRwOFPoVg82Ejvt3qLEutQHEUJcBfohXW31R+aeWaGYkz3t4x1nYejoxX2m2Qk8wUsxU0SYhzI9DkOlov39PJ+MoggSGzKnpAUDeJ324kYIlu/2ZkRxkcnnDSe9t32yMWC4KC0tJMNuFzuAObIyi4h5JFJ/f8WqWuWK9uSv1FqnFqvALks8+f1eg5WMw4u4wa5wWBUICGOqVQ4zzQwq+hcAVgCgvi41mJbYn2oVKJyeX2R8mFDjaV+VPRkhgCMphG55ultCkNoH5naLQxLIjSop2ioDxPeYcdqCdO97MSPvkHhwKZgT03R/JJhQJ89Gm8QAdTIGiV5R16vq9EOL83vaVHsJ1jR1zsgDa/EVsQQBmxVNlybs0tgqlgn138Af+1QTNdYQu05fLqd6ara2Wgl61al0HMNjBrLgtJ1To4yxrYJ1iQY9W4I77a4jrq2Sg0ouObgsJu45dwrRpt22Fbh1OWhkfK/XFoEu5O9vr1ghRcZAwxjU= generated-by-azure'
 
 param flexibleServers_psql_name string = 'psql-defectdojo-${nameSuffix}-${uniqueString(resourceGroup().id)}'
-param administratorLogin string = 'ddadmin'
+param administratorLogin string //= 'ddadmin'
 
 param dnsLabelPrefix string = 'app-defectdojo-${nameSuffix}-${uniqueString(resourceGroup().id)}'
 
diff --git a/infra/defect-dojo/post-install/docker-compose.override.https.initializefalse.yml b/infra/defect-dojo/post-install/docker-compose.override.https.initializefalse.yml
@@ -0,0 +1,20 @@
+---
+version: '3.8'
+services:
+  nginx:
+    environment:
+      USE_TLS: 'true'
+      GENERATE_TLS_CERTIFICATE: 'false' # Set to 'true' to generate a self-signed certificate, 
+      # otherwise false if you have your own certificate e.g. from Let's Encrypt
+    ports:
+      - target: 8443
+        published: ${DD_TLS_PORT:-8443}
+        protocol: tcp
+        mode: host
+  uwsgi:
+    environment:
+      DD_SESSION_COOKIE_SECURE: 'True'
+      DD_CSRF_COOKIE_SECURE: 'True'
+  initializer:
+    environment:
+      DD_INITIALIZE: 'False' # Set to 'True' to initialize the database, otherwise false if you have already initialized the database
diff --git a/infra/defect-dojo/post-install/docker/environments/postgres-redis.env b/infra/defect-dojo/post-install/docker/environments/postgres-redis.env
@@ -0,0 +1,16 @@
+DD_DATABASE_URL=postgresql://__DD_DATABASE_USER__:__DD_DATABASE_PASSWORD__@__DD_DATABASE_HOST__:__DD_DATABASE_PORT__/__DD_DATABASE_NAME__
+DD_DATABASE_ENGINE=django.db.backends.postgresql
+DD_DATABASE_HOST=__DD_DATABASE_HOST__
+DD_DATABASE_PORT=__DD_DATABASE_PORT__
+
+DD_DATABASE_NAME=__DD_DATABASE_NAME__
+DD_DATABASE_USER=__DD_DATABASE_USER__
+DD_DATABASE_PASSWORD=__DD_DATABASE_PASSWORD__
+
+DD_TEST_DATABASE_NAME=test_defectdojo
+DD_TEST_DATABASE_URL=postgresql://defectdojo:defectdojo@postgres:5432/test_defectdojo
+
+DD_CELERY_BROKER_URL=redis://redis:6379/0
+
+DD_DOCKERCOMPOSE_DATABASE=postgres
+DD_DOCKERCOMPOSE_BROKER=redis
diff --git a/infra/defect-dojo/post-install/post-install.sh b/infra/defect-dojo/post-install/post-install.sh
@@ -0,0 +1,229 @@
+# prompt the user for the variables
+# ask for the instance name
+#echo "Enter the instance name (e.g. defectdojo-002):"
+#read instanceName
+#echo "Instance name is: $instanceName"
+# set as environment variable
+export instanceName="app-defectdojo-ek005"
+
+# set all variables here:
+export USERNAME="ddadmin"
+export PASSWORD="booWgDmaYdgNxO5eNWql"
+export postgresHostname="$instanceName-postgresql.devopsshield.com"
+export NEWHOSTNAME="$instanceName.devopsshield.com"
+export nginx_folder="$HOME/django-DefectDojo/nginx"
+export databaseName="defectdojo"
+export databasePort="5432"
+export doPauses="false" # set to "true" to pause after each step
+# wait time for the container to be up and migrations to be done
+export waitTime=300
+
+export EMAIL="emmanuel.knafo@devopsshield.com"
+export adminUser="emmanuel"
+export adminPassword="N9rw04entPmou3Rbf6JP!"
+
+# check that the hostname is correct
+echo "The hostname is: $NEWHOSTNAME"
+# check that it resolves to the correct IP
+echo "The IP address for the hostname is:"
+dig +short $NEWHOSTNAME
+
+
+# update the system
+# skip a line
+echo ""
+echo "STEP 1: Updating the system"
+echo "==========================="
+
+# disble auto updates
+sudo apt-get update -y
+sudo apt-get upgrade -y
+#sudo apt-get autoremove -y
+#sudo apt-get autoclean -y
+sudo NEEDRESTART_MODE=a apt-get dist-upgrade --yes
+
+# find and replace the variables in the files
+find $HOME/OSS_django-DefectDojo/docker/environments/postgres-redis.env -type f -exec sed -i "s/__DD_DATABASE_USER__/$USERNAME/g" {} \;
+find $HOME/OSS_django-DefectDojo/docker/environments/postgres-redis.env -type f -exec sed -i "s/__DD_DATABASE_PASSWORD__/$PASSWORD/g" {} \;
+find $HOME/OSS_django-DefectDojo/docker/environments/postgres-redis.env -type f -exec sed -i "s/__DD_DATABASE_HOST__/$postgresHostname/g" {} \;
+find $HOME/OSS_django-DefectDojo/docker/environments/postgres-redis.env -type f -exec sed -i "s/__DD_DATABASE_NAME__/$databaseName/g" {} \;
+find $HOME/OSS_django-DefectDojo/docker/environments/postgres-redis.env -type f -exec sed -i "s/__DD_DATABASE_PORT__/$databasePort/g" {} \;
+
+# show the files
+cat $HOME/OSS_django-DefectDojo/docker/environments/postgres-redis.env
+
+# pause if needed
+if [ "$doPauses" = "true" ]; then
+    read -p "Press enter to continue"
+fi
+
+echo ""
+echo "STEP 2: Installing Docker and Docker Compose"
+echo "============================================"
+
+# install docker and docker compose
+# on Ubuntu 22.04
+# Add Docker's official GPG key:
+sudo apt-get update -y
+sudo apt-get install ca-certificates curl -y
+sudo install -m 0755 -d /etc/apt/keyrings
+sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+sudo chmod a+r /etc/apt/keyrings/docker.asc
+
+# Add the repository to Apt sources:
+echo \
+"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
+$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+sudo apt-get update -y
+
+# install docker-compose
+sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
+
+# allow to run docker without sudo
+sudo groupadd docker
+sudo usermod -aG docker $USER
+sudo apt install acl -y
+sudo setfacl -m user:$USER:rw /var/run/docker.sock
+docker run hello-world
+
+# pause if needed
+if [ "$doPauses" = "true" ]; then
+    read -p "Press enter to continue"
+fi
+
+echo ""
+echo "STEP 3: Fix hostname and create certificates"
+echo "============================================"
+
+# hostname change
+# set the hostname
+sudo hostnamectl set-hostname $NEWHOSTNAME
+sudo hostnamectl set-hostname "Defect Dojo VM" --pretty
+sudo hostnamectl set-hostname $NEWHOSTNAME --static
+sudo hostnamectl set-hostname $NEWHOSTNAME --transient
+
+# check hostname
+hostnamectl
+
+# create certificates using certbot -- should be done after the DNS is set
+# may need to set dns entry for the hostname
+sudo apt-get update -y
+sudo apt-get install certbot -y
+sudo certbot certonly --standalone --non-interactive -d $NEWHOSTNAME --agree-tos --email $EMAIL
+
+# copy certificates to the nginx folder
+sudo cp /etc/letsencrypt/live/$NEWHOSTNAME/fullchain.pem $nginx_folder/nginx.crt
+sudo cp /etc/letsencrypt/live/$NEWHOSTNAME/privkey.pem $nginx_folder/nginx.key
+ls -ls $nginx_folder
+
+# pause if needed
+if [ "$doPauses" = "true" ]; then
+    read -p "Press enter to continue"
+fi
+
+echo ""
+echo "STEP 4: Install Postgresql client and create database"
+echo "====================================================="
+
+# install postgresql client
+sudo apt update -y
+sudo apt install gnupg2 wget vim -y
+sudo sh -c 'echo "deb https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
+sudo wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
+sudo apt update -y
+sudo apt-get install postgresql-client-16 -y
+
+#psql "postgres://$USERNAME:$PASSWORD@$postgresHostname:5432/postgres"
+
+# create database and user in psql client
+
+# create the database with psql then exit
+echo "CREATE DATABASE defectdojo on $postgresHostname"
+psql "postgres://$USERNAME:$PASSWORD@$postgresHostname:5432/postgres" -c 'create database defectdojo;'
+
+#psql "postgres://$USERNAME:$PASSWORD@$postgresHostname:5432/postgres" -c 'create database defectdojo; quit();'
+
+# pause if needed
+if [ "$doPauses" = "true" ]; then
+    read -p "Press enter to continue"
+fi
+
+echo ""
+echo "STEP 5: Install DefectDojo"
+echo "=========================="
+
+rm -f docker-compose.override.yml
+ln -s docker-compose.override.https.yml docker-compose.override.yml
+
+echo "current docker-compose.override.yml"
+cat docker-compose.override.yml
+
+# build and run the docker-compose
+# first time should take a while
+sudo ./dc-build.sh
+#sudo ./dc-up.sh
+sudo ./dc-up-d.sh
+
+# check the logs if your quick
+# look for the Admin user
+# loop until the logs are available
+#docker logs dojo-initializer-1 | grep Admin
+
+# wait for container to be up and migrations to be done
+echo "Waiting for the container to be up and migrations to be done for $waitTime seconds..."
+sleep $waitTime
+
+# pause if needed
+if [ "$doPauses" = "true" ]; then
+    read -p "Press enter to continue"
+fi
+
+echo ""
+echo "STEP 6: Create a superuser"
+echo "=========================="
+
+# create a superuser
+#docker exec -it oss_django-defectdojo-uwsgi-1 /bin/bash
+#python manage.py createsuperuser
+#export DJANGO_SUPERUSER_PASSWORD="admin7"; python manage.py createsuperuser --no-input --username admin7 --email admin7@defectdojo.local;
+#docker exec oss_django-defectdojo-uwsgi-1 /bin/bash -c 'export DJANGO_SUPERUSER_PASSWORD="admin9"; python manage.py createsuperuser --no-input --username admin9 --email admin9@defectdojo.local;'
+
+export COMMAND="export DJANGO_SUPERUSER_PASSWORD="$adminPassword"; export DJANGO_SUPERUSER_USERNAME="$adminUser"; export DJANGO_SUPERUSER_EMAIL="$EMAIL"; python manage.py createsuperuser --no-input"
+echo "COMMAND: $COMMAND"
+docker exec oss_django-defectdojo-uwsgi-1 /bin/bash -c "$COMMAND"
+
+# test the application
+# open a browser and go to https://$NEWHOSTNAME:8443/dashboard
+echo "https://$NEWHOSTNAME:8443/dashboard"
+
+# pause if needed
+if [ "$doPauses" = "true" ]; then
+    read -p "Press enter to continue"
+fi
+
+echo ""
+echo "STEP 7: Setup systemd service for docker-compose automation"
+echo "==========================================================="
+
+# put back DD_INITIALIZE to false
+rm -f docker-compose.override.yml
+ln -s docker-compose.override.https.initializefalse.yml docker-compose.override.yml
+
+echo "current docker-compose.override.yml"
+cat docker-compose.override.yml
+
+# docker-compose service
+sudo cp $HOME/OSS_django-DefectDojo/systemd/defectdojo-composer.service /etc/systemd/system/
+sudo systemctl enable defectdojo-composer
+
+echo ""
+echo "STEP 8: Double check there are 5 running containers"
+echo "==================================================="
+
+docker ps
+
+echo "Done!"
+echo "The DefectDojo instance is now available at https://$NEWHOSTNAME:8443/dashboard"
+echo "The superuser is $adminUser with password $adminPassword"
+echo "Don't forget to change the password for the superuser!"
diff --git a/infra/defect-dojo/post-install/post-install.template.sh b/infra/defect-dojo/post-install/post-install.template.sh
diff --git a/infra/defect-dojo/post-install/run-local.ps1 b/infra/defect-dojo/post-install/run-local.ps1
