Added example dockerfile for using MySQL as datastore and updated documentation

Author: code040

.dockerignore

@@ -0,0 +1,61 @@
+# Git
+.git/
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.cache
+nosetests.xml
+coverage.xml
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Editor files
+*.iml
+.idea

.gitignore

@@ -52,3 +52,7 @@ docs/_build/
 
 # PyBuilder
 target/
+
+# Editor files
+*.iml
+.idea

Dockerfile

@@ -0,0 +1,30 @@
+# Set the base image to Python
+FROM python:2.7.9
+MAINTAINER [email protected]
+
+# Environment
+ENV DEBIAN_FRONTEND noninteractive
+
+# Create the working dir and set the working directory
+WORKDIR /
+
+# Install dependencies
+COPY ./requirements.txt /requirements.txt
+RUN pip install -r requirements.txt \
+    && pip install supervisor \
+    && pip install gunicorn
+
+# Install OpenTaxii
+RUN mkdir /opentaxii
+COPY ./ /opentaxii/
+RUN cd  /opentaxii && python setup.py install && rm -rf /opentaxii
+
+# Setup default config
+COPY opentaxii/defaults.yml /opentaxi.yml
+ENV OPENTAXII_CONFIG /opentaxii.yml
+
+# Expose and Run
+COPY docker-supervisord.conf /supervisord.conf
+EXPOSE 9000
+CMD ["supervisord","-c","/supervisord.conf"]
+

docker-supervisord.conf

@@ -0,0 +1,16 @@
+[supervisord]
+nodaemon=true
+
+[program:opentaxii]
+environment = OPENTAXII_CONFIG="/opentaxii.yml"
+command = gunicorn opentaxii.http:app
+        --workers 2
+        --log-level info
+        --log-file -
+        --timeout 300
+        --bind 0.0.0.0:9000
+
+stdout_logfile = /var/log/opentaxii.log
+redirect_stderr = true
+autostart = true
+autorestart = true

docs/docker.rst

@@ -0,0 +1,92 @@
+=============
+Docker
+=============
+
+.. highlight:: sh
+
+OpenTAXII can also be run using docker. This guide assumes that you have access to a local or remote docker server, and won't go into the setup of docker.
+
+To get a default (development) instance using docker
+
+
+.. code-block:: shell
+
+    docker run -d -p 9000:9000 intelworks/opentaxii
+
+.. note::
+
+    OpenTAXII is now accessible through port 9000, and is not configured.
+
+Extending
+====================
+
+A better way using the OpenTAXII docker image, is to extend it, and create the custom configuration on startup. An example of is can be found `examples/Dockerfile <https://raw.githubusercontent.com/Intelworks/OpenTAXII/master/examples/Dockerfile>`_. Here the the configuration is replaced by an instance using MySQL.
+
+.. code-block:: docker
+
+  FROM intelworks/opentaxii:latest
+  MAINTAINER [email protected]
+
+  RUN pip install mysql-python
+
+  COPY services.yml /services.yml
+  COPY collections.yml /collections.yml
+  COPY docker-entrypoint.sh /entrypoint.sh
+
+  ENV OPENTAXII_AUTH_SECRET "SOME SECRET"
+  ENV OPENTAXII_DOMAIN "localhost:9000"
+  ENV OPENTAXII_USER ""
+  ENV OPENTAXII_PASS ""
+  ENV DB_USER  ""
+  ENV DB_PASS  ""
+  ENV DB_NAME  ""
+  ENV DB_HOST  ""
+  ENV DB_PORT  ""
+
+  ENTRYPOINT ["./entrypoint.sh"]
+  CMD [ "supervisord","-c","/supervisord.conf" ]
+
+
+Using this configuration it is possible to add a new `/opentaxii.yml` configuration, which in this case is generated by the `entrypoint.sh` script. Furthermore it adds the example `services.yml` and `collections.yml` to the image.
+
+To see this in action, you can use the `docker-compose <https://docs.docker.com/compose/>`_ tool to run a complete working setup using mysql. The configuration is located at: `examples/docker-compose.yml <https://raw.githubusercontent.com/Intelworks/OpenTAXII/master/examples/docker-compose.yml>`_
+
+.. code-block:: yaml
+
+    db:
+      image: mysql
+      environment:
+        MYSQL_USER: user
+        MYSQL_PASSWORD: password
+        MYSQL_DATABASE: opentaxii
+        MYSQL_ROOT_PASSWORD: pass
+      ports:
+        - 3306:3306
+
+    opentaxii:
+      build: .
+      environment:
+        OPENTAXII_AUTH_SECRET: secret
+        OPENTAXII_DOMAIN: localhost:9000
+        OPENTAXII_USER: user1
+        OPENTAXII_PASS: pass1
+        DB_HOST: db
+        DB_PORT: 3306
+        DB_NAME: opentaxii
+        DB_USER: user
+        DB_PASS: password
+      ports:
+        - 9000:9000
+      links:
+        - db:db
+
+This configuration starts two containers: 'opentaxii' and 'mysql', creates the given collections and services, and adds a user for authentication.
+
+
+.. rubric:: Next steps
+
+Continue to :doc:`Authentication <auth>` page to learn how OpenTAXII authentication process works.
+
+
+
+.. vim: set spell spelllang=en:

docs/index.rst

@@ -32,6 +32,7 @@ OpenTAXII architecture follows TAXII specification in its idea of TTA (TAXII tra
    installation
    configuration
    running
+   docker
    auth
    public-apis
    opentaxii-apis

examples/Dockerfile

@@ -0,0 +1,21 @@
+FROM intelworks/opentaxii:latest
+MAINTAINER [email protected]
+
+RUN pip install mysql-python
+
+COPY services.yml /services.yml
+COPY collections.yml /collections.yml
+COPY docker-entrypoint.sh /entrypoint.sh
+
+ENV OPENTAXII_AUTH_SECRET "SOME SECRET"
+ENV OPENTAXII_DOMAIN "localhost:9000"
+ENV OPENTAXII_USER ""
+ENV OPENTAXII_PASS ""
+ENV DB_USER  ""
+ENV DB_PASS  ""
+ENV DB_NAME  ""
+ENV DB_HOST  ""
+ENV DB_PORT  ""
+
+ENTRYPOINT ["./entrypoint.sh"]
+CMD [ "supervisord","-c","/supervisord.conf" ]

examples/create-fixtures.sh

@@ -1,3 +1,4 @@
+#!/bin/bash
 
 DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
 

examples/docker-compose.yml

@@ -0,0 +1,27 @@
+db:
+  image: mysql
+  environment:
+    MYSQL_USER: user
+    MYSQL_PASSWORD: password
+    MYSQL_DATABASE: opentaxii
+    MYSQL_ROOT_PASSWORD: pass
+  ports:
+    - 3306:3306
+
+opentaxii:
+  build: .
+  environment:
+    OPENTAXII_AUTH_SECRET: secret
+    OPENTAXII_DOMAIN: localhost:9000
+    OPENTAXII_USER: user1
+    OPENTAXII_PASS: pass1
+    DB_HOST: db
+    DB_PORT: 3306
+    DB_NAME: opentaxii
+    DB_USER: user
+    DB_PASS: password
+
+  ports:
+    - 9000:9000
+  links:
+    - db:db

examples/docker-entrypoint.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+function wait_for_port() {
+    (echo >/dev/tcp/$1/$2) &>/dev/null
+    while [ $? -ne 0 ];
+    do
+        echo "Waiting for $1:$2 to become available"
+        sleep 1
+        (echo >/dev/tcp/$1/$2) &>/dev/null
+    done
+    echo "$1:$2 is now open"
+}
+
+AUTH_SECRET="${OPENTAXII_AUTH_SECRET-SOME_SECRET}"
+AUTH=""
+[ "$DB_USER" -a "$DB_PASS" ] &&  AUTH="${DB_USER}:${DB_PASS}@"
+PORT=":3306"
+[ "$DB_PORT" ] && PORT=":$DB_PORT"
+
+tmpConfig='/tmp/opentaxii.yml'
+cat > "$tmpConfig" <<-EOCONFIG
+---
+
+domain: "${OPENTAXII_DOMAIN}"
+
+persistence_api:
+  class: opentaxii.persistence.sqldb.SQLDatabaseAPI
+  parameters:
+    db_connection: mysql://${AUTH}${DB_HOST}${PORT}/${DB_NAME}
+    create_tables: yes
+
+auth_api:
+  class: opentaxii.auth.sqldb.SQLDatabaseAPI
+  parameters:
+    db_connection: mysql://${AUTH}${DB_HOST}${PORT}/${DB_NAME}
+    create_tables: yes
+    secret: ${AUTH_SECRET}
+
+logging:
+  opentaxii: info
+  root: info
+
+hooks:
+EOCONFIG
+cat $tmpConfig
+cp -f $tmpConfig /opentaxii.yml
+
+
+wait_for_port $DB_HOST $PORT
+[ -f /services.yml ] && opentaxii-create-services -c /services.yml
+[ -f /collections.yml ] &&  opentaxii-create-collections -c /collections.yml
+[ "$OPENTAXII_USER" -a "$OPENTAXII_PASS" ]  && opentaxii-create-account -u "$OPENTAXII_USER" -p "$OPENTAXII_PASS"
+
+exec "$@"