Skip to content

Commit

Permalink
Merge pull request #141 from kobotoolbox/138-warning-exposed-back-end…
Browse files Browse the repository at this point in the history
…-ports

Do not show exposed port warning on front-end only installation
  • Loading branch information
noliveleger authored Dec 4, 2020
2 parents 7256bab + 691bc63 commit 317c601
Show file tree
Hide file tree
Showing 3 changed files with 58 additions and 56 deletions.
8 changes: 4 additions & 4 deletions helpers/command.py
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ def info(cls, timeout=600):
CLI.colored_print(
'\nSometimes front-end containers cannot '
'communicate with back-end containers.\n'
'Restarting the frontend containers usually '
'Restarting the front-end containers usually '
'fixes it.\n', CLI.COLOR_INFO)
question = 'Would you like to try?'
response = CLI.yes_no_question(question)
Expand Down Expand Up @@ -304,7 +304,7 @@ def start(cls, frontend_only=False):

cls.stop(output=False, frontend_only=frontend_only)
if frontend_only:
CLI.colored_print('Launching frontend containers', CLI.COLOR_INFO)
CLI.colored_print('Launching front-end containers', CLI.COLOR_INFO)
else:
CLI.colored_print('Launching environment', CLI.COLOR_INFO)

Expand Down Expand Up @@ -392,7 +392,7 @@ def start(cls, frontend_only=False):
cls.info()
else:
CLI.colored_print(
('{} backend server is starting up and should be '
('{} back-end server is starting up and should be '
'up & running soon!\nPlease look at docker logs for '
'further information: `python3 run.py -cb logs -f`'.format(
dict_['backend_server_role'])),
Expand All @@ -418,7 +418,7 @@ def stop(cls, output=True, frontend_only=False):
CLI.run_command(maintenance_down_command,
dict_['kobodocker_path'])

# Shut down frontend containers
# Shut down front-end containers
frontend_command = ['docker-compose',
'-f', 'docker-compose.frontend.yml',
'-f', 'docker-compose.frontend.override.yml',
Expand Down
52 changes: 27 additions & 25 deletions helpers/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ class Config(metaclass=Singleton):
DEFAULT_NGINX_PORT = '80'
DEFAULT_NGINX_HTTPS_PORT = '443'
KOBO_DOCKER_BRANCH = '2.020.49-pre'
KOBO_INSTALL_VERSION = '4.4.0'
KOBO_INSTALL_VERSION = '4.4.1'
MAXIMUM_AWS_CREDENTIAL_ATTEMPTS = 3

def __init__(self):
Expand Down Expand Up @@ -67,7 +67,7 @@ def auto_detect_network(self):
@property
def aws(self):
"""
Checks whether questions are backend only
Checks whether questions are back end only
Returns:
bool
Expand Down Expand Up @@ -157,7 +157,7 @@ def get_upgraded_dict(self):
@property
def backend_questions(self):
"""
Checks whether questions are backend only
Checks whether questions are back end only
Returns:
bool
Expand Down Expand Up @@ -250,7 +250,7 @@ def first_time(self):
@property
def frontend(self):
"""
Checks whether setup is running on a frontend server
Checks whether setup is running on a front-end server
Returns:
dict: all values from user's responses needed to create
Expand All @@ -262,7 +262,7 @@ def frontend(self):
@property
def frontend_questions(self):
"""
Checks whether questions are frontend only
Checks whether questions are front-end only
Returns:
bool
Expand Down Expand Up @@ -470,7 +470,7 @@ def maintenance(self):
@property
def primary_backend(self):
"""
Checks whether setup is running on a primary backend server
Checks whether setup is running on a primary back-end server
Returns:
bool
Expand All @@ -482,7 +482,8 @@ def primary_backend(self):
@property
def multi_servers(self):
"""
Checks whether installation is for separate frontend and backend servers
Checks whether installation is for separate front-end and back-end
servers
Returns:
bool
Expand Down Expand Up @@ -556,7 +557,7 @@ def read_unique_id(self):
@property
def secondary_backend(self):
"""
Checks whether setup is running on a secondary backend server
Checks whether setup is running on a secondary back-end server
Returns:
bool
Expand Down Expand Up @@ -1110,7 +1111,7 @@ def __questions_dev_mode(self):
default=self.__dict['debug']
)

# Frontend development
# Front-end development
self.__dict['npm_container'] = CLI.yes_no_question(
'How do you want to run `npm`?',
default=self.__dict['npm_container'],
Expand Down Expand Up @@ -1224,7 +1225,7 @@ def _round_nearest_quarter(dt):
def __questions_mongo(self):
"""
Ask for MongoDB credentials only when server is for:
- primary backend
- primary back end
- single server installation
"""
if self.primary_backend or not self.multi_servers:
Expand Down Expand Up @@ -1313,10 +1314,10 @@ def __questions_mongo(self):
def __questions_multi_servers(self):
"""
Asks if installation is for only one server
or different frontend and backend servers.
or different front-end and back-end servers.
"""
self.__dict['multi'] = CLI.yes_no_question(
'Do you want to use separate servers for frontend and backend?',
'Do you want to use separate servers for front end and back end?',
default=self.__dict['multi']
)

Expand Down Expand Up @@ -1572,7 +1573,7 @@ def reset_ports():

if not self.multi_servers:
self.__dict['expose_backend_ports'] = CLI.yes_no_question(
'Do you want to expose backend container ports '
'Do you want to expose back-end container ports '
'(`PostgreSQL`, `MongoDB`, `redis`)?',
default=self.__dict['expose_backend_ports']
)
Expand All @@ -1583,13 +1584,14 @@ def reset_ports():
reset_ports()
return

message = (
'WARNING!\n\n'
'When exposing backend container ports, it is STRONGLY '
'recommended to use a firewall to grant access to frontend '
'containers only.'
)
CLI.framed_print(message)
if self.backend:
message = (
'WARNING!\n\n'
'When exposing back-end container ports, it is STRONGLY '
'recommended to use a firewall to grant access to front-end '
'containers only.'
)
CLI.framed_print(message)

self.__dict['customized_ports'] = CLI.yes_no_question(
'Do you want to customize service ports?',
Expand Down Expand Up @@ -1619,7 +1621,7 @@ def reset_ports():
def __questions_private_routes(self):
"""
Asks if configuration uses a DNS for private domain names
for communication between frontend and backend.
for communication between front end and back end.
Otherwise, it will create entries in `extra_hosts` in composer
file based on the provided ip.
"""
Expand All @@ -1628,7 +1630,7 @@ def __questions_private_routes(self):
default=self.__dict['use_private_dns']
)
if self.__dict['use_private_dns'] is False:
CLI.colored_print('IP address (IPv4) of primary backend server?',
CLI.colored_print('IP address (IPv4) of primary back-end server?',
CLI.COLOR_QUESTION)
self.__dict['primary_backend_ip'] = CLI.get_response(
r'~\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}',
Expand Down Expand Up @@ -1697,7 +1699,7 @@ def __questions_raven(self):
def __questions_redis(self):
"""
Ask for redis password only when server is for:
- primary backend
- primary back end
- single server installation
"""
if self.primary_backend or not self.multi_servers:
Expand Down Expand Up @@ -1836,15 +1838,15 @@ def __questions_roles(self):

if self.__dict['server_role'] == 'backend':
CLI.colored_print(
'Which role do you want to assign to this backend server?',
'Which role do you want to assign to this back-end server?',
CLI.COLOR_QUESTION)
CLI.colored_print('\t1) primary')
CLI.colored_print('\t2) secondary')
self.__dict['backend_server_role'] = CLI.get_response(
['primary', 'secondary'],
self.__dict['backend_server_role'])
else:
# It may be useless to force backend role when using multi servers.
# It may be useless to force back-end role when using multi servers.
self.__dict['backend_server_role'] = 'primary'

def __questions_secret_keys(self):
Expand Down
54 changes: 27 additions & 27 deletions readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -56,10 +56,10 @@ Get version:
Build kpi and kobocat (dev mode):
`$kobo-install> python3 run.py --build`

Run docker commands on frontend containers:
Run docker commands on front-end containers:
`$kobo-install> python run.py --compose-frontend [docker-compose arguments]`

Run docker commands on backend containers:
Run docker commands on back-end containers:
`$kobo-install> python run.py --compose-backend [docker-compose arguments]`

Start maintenance mode:
Expand All @@ -79,48 +79,48 @@ User can choose between 2 types of installations:
|Option|Default|Workstation|Server
|---|---|---|---|
|Installation directory| **../kobo-docker** |||
|SMTP information| || ✓ (frontend only) |
|Public domain name| **kobo.local** | | ✓ (frontend only) |
|Subdomain names| **kf, kc, ee** | | ✓ (frontend only) |
|Use HTTPS<sup>1</sup>| **False** (Workstation)<br>**True** (Server) | | ✓ (frontend only) |
|Super user's username| **super_admin** || ✓ (frontend only) |
|Super user's password| **Random string** || ✓ (frontend only) |
|Activate backups<sup>2</sup>| **False** || ✓ (backend only) |
|SMTP information| || ✓ (front end only) |
|Public domain name| **kobo.local** | | ✓ (front end only) |
|Subdomain names| **kf, kc, ee** | | ✓ (front end only) |
|Use HTTPS<sup>1</sup>| **False** (Workstation)<br>**True** (Server) | | ✓ (front end only) |
|Super user's username| **super_admin** || ✓ (front end only) |
|Super user's password| **Random string** || ✓ (front end only) |
|Activate backups<sup>2</sup>| **False** || ✓ (back end only) |

### Advanced Options

|Option|Default|Workstation|Server
|---|---|---|---|
|Webserver port| **80** || |
|Reverse proxy interal port| **8080** | | ✓ (frontend only) |
|Network interface| **Autodetected** || ✓ (frontend only) |
|Reverse proxy interal port| **8080** | | ✓ (front end only) |
|Network interface| **Autodetected** || ✓ (front end only) |
|Use separate servers| **No** | ||
|Use DNS for private routes| **No** | | ✓ (frontend only) |
|Primary backend IP _(if previous answer is no)_| **Local IP** | | ✓ (frontend only) |
|Use DNS for private routes| **No** | | ✓ (front end only) |
|Primary back end IP _(if previous answer is no)_| **Local IP** | | ✓ (front end only) |
|PostgreSQL DB| **kobo** |||
|PostgreSQL user's username| **kobo** |||
|PostgreSQL user's password| **Autogenerate** |||
|PostgreSQL number of connections<sup>3</sup>| **100** || ✓ (backend only) |
|PostgreSQL RAM<sup>3</sup>| **2** || ✓ (backend only) |
|PostgreSQL Application Profile<sup>3</sup>| **Mixed** || ✓ (backend only) |
|PostgreSQL Storage<sup>3</sup>| **HDD** || ✓ (backend only) |
|PostgreSQL number of connections<sup>3</sup>| **100** || ✓ (back end only) |
|PostgreSQL RAM<sup>3</sup>| **2** || ✓ (back end only) |
|PostgreSQL Application Profile<sup>3</sup>| **Mixed** || ✓ (back end only) |
|PostgreSQL Storage<sup>3</sup>| **HDD** || ✓ (back end only) |
|MongoDB super user's username| **root** |||
|MongoDB super user's password| **Autogenerate** |||
|MongoDB user's username| **kobo** |||
|MongoDB user's password| **Autogenerate** |||
|Redis password<sup>4</sup>| **Autogenerate** |||
|Use AWS storage<sup>5</sup>| **No** |||
|Use WAL-E PostgreSQL backups<sup>6</sup> | **No** || ✓ (backend only) |
|uWGI workers| **start: 2, max: 4** || ✓ (frontend only) |
|uWGI memory limit| **128 MB** || ✓ (frontend only) |
|uWGI harakiri timeout | **120s** || ✓ (frontend only) |
|uWGI worker reload timeout | **120s** || ✓ (frontend only) |
|Google UA| || ✓ (frontend only) |
|Google API Key| || ✓ (frontend only) |
|Raven tokens| || ✓ (frontend only) |
|Use WAL-E PostgreSQL backups<sup>6</sup> | **No** || ✓ (back end only) |
|uWGI workers| **start: 2, max: 4** || ✓ (front end only) |
|uWGI memory limit| **128 MB** || ✓ (front end only) |
|uWGI harakiri timeout | **120s** || ✓ (front end only) |
|uWGI worker reload timeout | **120s** || ✓ (front end only) |
|Google UA| || ✓ (front end only) |
|Google API Key| || ✓ (front end only) |
|Raven tokens| || ✓ (front end only) |
|Debug| **False** || |
|Developer mode| **False** || |
|Staging mode| **False** | | ✓ (frontend only) |
|Staging mode| **False** | | ✓ (front end only) |

<sup>1)</sup> _HTTPS certificates must be installed on a Reverse Proxy.
`kobo-install` can install one and use `Let's Encrypt` to generate certificates
Expand Down Expand Up @@ -156,7 +156,7 @@ User can choose between 2 types of installations:
_**WARNING:**_

- _If you use a firewall, be sure to open traffic publicly on NGINX port, otherwise kobo-install cannot work_
- _By default, additional ports are not exposed except when using multi servers configuration. If you choose to expose them, **be sure to not expose them publicly** (e.g. use a firewall and allow traffic between frontend and backend containers only. NGINX port still has to stay publicly opened though)._
- _By default, additional ports are not exposed except when using multi servers configuration. If you choose to expose them, **be sure to not expose them publicly** (e.g. use a firewall and allow traffic between front-end and back-end containers only. NGINX port still has to stay publicly opened though)._

<sup>5)</sup> _It has been tested with Ubuntu 14.04, 16.04 and 18.04, CentOS 8_

Expand Down

0 comments on commit 317c601

Please sign in to comment.