From 1eb7a1a25f98bcb181fc2983af494eeeb89fe561 Mon Sep 17 00:00:00 2001 From: Ken Toler Date: Fri, 28 Feb 2020 21:47:21 -0500 Subject: [PATCH 01/17] updated Dockerfile group permissions to support openshift --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index d884c2e..40b70ca 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,4 +6,5 @@ ADD Gemfile /myapp/Gemfile ADD Gemfile.lock /myapp/Gemfile.lock RUN bundle install ADD . /myapp - +RUN chgrp -R 0 /myapp \ + && chmod -R g+rwX /myapp \ No newline at end of file From 8c4e4283cd6a30860a33621cbfc3a5dc615508c5 Mon Sep 17 00:00:00 2001 From: Ken Toler Date: Fri, 28 Feb 2020 21:49:12 -0500 Subject: [PATCH 02/17] update database.yml to support openshift posgresql db --- config/database.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/config/database.yml b/config/database.yml index f630e92..2303625 100755 --- a/config/database.yml +++ b/config/database.yml @@ -3,6 +3,10 @@ # # Ensure the SQLite 3 gem is defined in your Gemfile # gem 'sqlite3' +<% user = ENV.key?("POSTGRESQL_ADMIN_PASSWORD") ? "root" : ENV["POSTGRESQL_USER"] %> +<% password = ENV.key?("POSTGRESQL_ADMIN_PASSWORD") ? ENV["POSTGRESQL_ADMIN_PASSWORD"] : ENV["POSTGRESQL_PASSWORD"] %> +<% db_service = ENV.fetch("DATABASE_SERVICE_NAME","").upcase %> + development: adapter: sqlite3 database: db/development.sqlite3 @@ -32,3 +36,15 @@ production: database: db/production.sqlite3 pool: 5 timeout: 5000 + +openshift: + adapter: postgresql + encoding: unicode + # For details on connection pooling, see rails configuration guide + # http://guides.rubyonrails.org/configuring.html#database-pooling + pool: <%= ENV["POSTGRESQL_MAX_CONNECTIONS"] || 5 %> + username: <%= user %> + password: <%= password %> + host: <%= ENV["#{db_service}_SERVICE_HOST"] %> + port: <%= ENV["#{db_service}_SERVICE_PORT"] %> + database: <%= ENV["POSTGRESQL_DATABASE"] %> \ No newline at end of file From 4d71f0b23491810dfcc6a1c7cbfddde1344fc176 Mon Sep 17 00:00:00 2001 From: Ken Toler Date: Fri, 28 Feb 2020 23:48:06 -0500 Subject: [PATCH 03/17] added pg gem for postgres support --- Gemfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Gemfile b/Gemfile index 56ea6ef..b18b64c 100644 --- a/Gemfile +++ b/Gemfile @@ -28,6 +28,7 @@ gem "therubyracer" gem "turbolinks" gem "uglifier" gem "unicorn" +gem "pg" # Add SMTP server support using MailCatcher # NOTE: https://github.com/sj26/mailcatcher#bundler From e5a03e4da6bbbb22d8595ddddd3af25078ae816c Mon Sep 17 00:00:00 2001 From: Ken Toler Date: Sat, 29 Feb 2020 18:52:33 -0500 Subject: [PATCH 04/17] pg update and config.hosts --- Gemfile | 4 ++++ config/environments/development.rb | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index b18b64c..a64ebad 100644 --- a/Gemfile +++ b/Gemfile @@ -60,3 +60,7 @@ end group :mysql do gem "mysql2" end + +group :openshift do + gem "pg" +end diff --git a/config/environments/development.rb b/config/environments/development.rb index 5196727..da2a271 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true Railsgoat::Application.configure do # Settings specified here will take precedence over those in config/application.rb - + config.hosts << '.svc.cluster.local' # In the development environment your application's code is reloaded on # every request. This slows down response time but is perfect for development # since you don't have to restart the web server when you make code changes. From ad311cdda1efec594b64f4d396ccf6c5153780fa Mon Sep 17 00:00:00 2001 From: Ken Toler Date: Sun, 1 Mar 2020 13:57:00 -0500 Subject: [PATCH 05/17] added openshift configs --- README.md | 54 ++++++++++++++++++++++++++++++++ config/environments/openshift.rb | 51 ++++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 config/environments/openshift.rb diff --git a/README.md b/README.md index e3c1556..185581a 100755 --- a/README.md +++ b/README.md @@ -81,6 +81,60 @@ Exiting ``` In this case, remove that server.pid file and try again. Note also that this file is in your current working directory, not inside the container. +## Openshift Deployment +To deploy Railsgoat with Openshift you must first have a working [Openshift Cluster](https://docs.okd.io/latest/welcome/index.html) installed. The Railsgoat Openshift deployment currently supports Postgres on the native Openshift Postgres imagestream. + +```bash +$ oc new-project railsgoat --description="Railsgoat Openshift Deployment" --display-name="Railsgoat" +``` +### Creating a Database Service + +Although Railsgoat in Openshift can be used with the development SQL Lite database, it also takes advantage of the PostgreSQL database image in Openshift for more creative demonstrations and an expansion of SQL attacks. To create the database service you will use the `oc new-app` command and will need to pass some environment variables. You can change these to anything you want. + +```bash +$ oc new-app postgresql -e POSTGRESQL_DATABASE=db_name -e POSTGRESQL_USER=username -e POSTGRESQL_PASSWORD=password +``` + +You can also set the password for the database admin by appending the previous command with: + +```bash +-e POSTGRESQL_ADMIN_PASSWORD=admin_pw +``` + +To deploy Railsgoat alongside the postgres database, you will need to run: +```bash +$ oc new-app https://github.com/relotnek/railsgoat.git --name=railsgoat -e POSTGRESQL_USER=username -e POSTGRESQL_PASSWORD=password -e POSTGRESQL_DATABASE=db_name -e DATABASE_SERVICE_NAME=postgresql -e RAILS_ENV=openshift +``` + +If you changed the database environment variables, make sure they match up. + +Enter the deployments of your new Railsgoat project and locate the railsgoat deployment config. Add the following to the config under the container object. + +``` + command: + - /bin/bash + - '-c' + args: + - rails server -p 3000 -b 0.0.0.0 + ports: + - containerPort: 3000 + protocol: TCP +``` + +From the openshift console run the following where `` is the active pod: + +```bash +$ oc rsh +``` + +From the terminal: + +```bash +$ rails db:migrate +``` + + +Once the railgoat deployment is running ## Capybara Tests RailsGoat now includes a set of failing Capybara RSpecs, each one indicating that a separate vulnerability exists in the application. To run them, you first need to install [PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs) (version 2.1.1 has been tested in Dev and on Travis CI), which is required by the Poltergeist Capybara driver. Upon installation, simply run the following task: diff --git a/config/environments/openshift.rb b/config/environments/openshift.rb new file mode 100644 index 0000000..da2a271 --- /dev/null +++ b/config/environments/openshift.rb @@ -0,0 +1,51 @@ +# frozen_string_literal: true +Railsgoat::Application.configure do + # Settings specified here will take precedence over those in config/application.rb + config.hosts << '.svc.cluster.local' + # In the development environment your application's code is reloaded on + # every request. This slows down response time but is perfect for development + # since you don't have to restart the web server when you make code changes. + config.cache_classes = false + + # Show full error reports and disable caching + config.consider_all_requests_local = true + config.action_controller.perform_caching = false + + # Don't care if the mailer can't send + config.action_mailer.raise_delivery_errors = false + + # Print deprecation notices to the Rails logger + config.active_support.deprecation = :log + + # Only use best-standards-support built into browsers + config.action_dispatch.best_standards_support = :builtin + + # Tired of caching causing issues + config.middleware.delete Rack::ETag + + # Do not compress assets + config.assets.compress = false + + # Expands the lines which load the assets + config.assets.debug = true + + # ActionMailer settings for email support + config.action_mailer.delivery_method = :smtp + config.action_mailer.smtp_settings = { address: "127.0.0.1", port: 1025 } + config.action_mailer.default_url_options = { host: "127.0.0.1:3000" } + + # config.middleware.insert_before( + # Rack::Lock, Rack::LiveReload, + # :min_delay => 500, + # :max_delay => 1000, + # :port => 35727, + # :host => 'railsgoat.dev', + # :ignore => [ %r{dont/modify\.html$} ] + # ) + + # For Rails 4.0+ + # Do not eager load code on boot. This avoids loading your whole application + # just for the purpose of running a single test. If you are using a tool that + # preloads Rails for running tests, you may have to set it to true. + config.eager_load = false +end From df140fe79a90a35d586086b61035de7f58999229 Mon Sep 17 00:00:00 2001 From: Ken Toler Date: Sun, 1 Mar 2020 14:01:33 -0500 Subject: [PATCH 06/17] railsgoat service --- openshift-configs/railsgoatservice.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 openshift-configs/railsgoatservice.yaml diff --git a/openshift-configs/railsgoatservice.yaml b/openshift-configs/railsgoatservice.yaml new file mode 100644 index 0000000..dfe64f1 --- /dev/null +++ b/openshift-configs/railsgoatservice.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: railsgoat +spec: + selector: + app: railsgoat + ports: + - protocol: TCP + port: 80 + targetPort: 3000 \ No newline at end of file From f640c5c4efecea4cbbfd0df71021fe1d5b151f21 Mon Sep 17 00:00:00 2001 From: Ken Toler Date: Sun, 1 Mar 2020 14:08:56 -0500 Subject: [PATCH 07/17] finished README for openshift --- README.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 185581a..aa3baed 100755 --- a/README.md +++ b/README.md @@ -121,7 +121,7 @@ Enter the deployments of your new Railsgoat project and locate the railsgoat dep protocol: TCP ``` -From the openshift console run the following where `` is the active pod: +From the openshift console run the following where `` is the active pod (for example, `railsgoat-2-dkalf`): ```bash $ oc rsh @@ -133,8 +133,20 @@ From the terminal: $ rails db:migrate ``` +Create the railsgoat service using the template in the openshift-configs folder by either creating it in the openshift terminal window or pulling it directly from git. + +```bash +$ oc create -f https://raw.githubusercontent.com/relotnek/railsgoat/master/openshift-configs/railsgoatservice.yaml +``` + +Expose the service + +```bash +$ oc expose service railsgoat +``` + +Once the railgoat deployment is running navigate to the indicated route -Once the railgoat deployment is running ## Capybara Tests RailsGoat now includes a set of failing Capybara RSpecs, each one indicating that a separate vulnerability exists in the application. To run them, you first need to install [PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs) (version 2.1.1 has been tested in Dev and on Travis CI), which is required by the Poltergeist Capybara driver. Upon installation, simply run the following task: From a1f117f0cdeeb17e5c3377c6d56fdbed67daeb3a Mon Sep 17 00:00:00 2001 From: Ken Toler Date: Sun, 1 Mar 2020 14:10:19 -0500 Subject: [PATCH 08/17] changed repo in instructions for openshift --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index aa3baed..c9823be 100755 --- a/README.md +++ b/README.md @@ -103,7 +103,7 @@ You can also set the password for the database admin by appending the previous c To deploy Railsgoat alongside the postgres database, you will need to run: ```bash -$ oc new-app https://github.com/relotnek/railsgoat.git --name=railsgoat -e POSTGRESQL_USER=username -e POSTGRESQL_PASSWORD=password -e POSTGRESQL_DATABASE=db_name -e DATABASE_SERVICE_NAME=postgresql -e RAILS_ENV=openshift +$ oc new-app https://github.com/OWASP/railsgoat.git --name=railsgoat -e POSTGRESQL_USER=username -e POSTGRESQL_PASSWORD=password -e POSTGRESQL_DATABASE=db_name -e DATABASE_SERVICE_NAME=postgresql -e RAILS_ENV=openshift ``` If you changed the database environment variables, make sure they match up. From 026c308c99b47485b638f56fd240a29aa730ab27 Mon Sep 17 00:00:00 2001 From: Ken Toler Date: Sun, 1 Mar 2020 14:25:42 -0500 Subject: [PATCH 09/17] fixed Gemfile --- Gemfile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Gemfile b/Gemfile index a64ebad..b18b64c 100644 --- a/Gemfile +++ b/Gemfile @@ -60,7 +60,3 @@ end group :mysql do gem "mysql2" end - -group :openshift do - gem "pg" -end From 0dd2ed173ceac1543f7d2c73fa606ba37d700b8a Mon Sep 17 00:00:00 2001 From: Ken Toler Date: Sun, 1 Mar 2020 16:00:39 -0500 Subject: [PATCH 10/17] updated Gemfile.lock --- Gemfile.lock | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Gemfile.lock b/Gemfile.lock index bbe0b5f..87fbb6a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -199,6 +199,7 @@ GEM parallel (1.18.0) parser (2.6.5.0) ast (~> 2.4.0) + pg (1.2.2) poltergeist (1.18.1) capybara (>= 2.1, < 4) cliver (~> 0.3.1) @@ -364,6 +365,7 @@ DEPENDENCIES launchy minitest mysql2 + pg poltergeist powder pry From 11819bf14c3f3809f3b39c8d4694a6aaf9a14fd1 Mon Sep 17 00:00:00 2001 From: Ken Toler Date: Fri, 17 Apr 2020 15:38:24 -0400 Subject: [PATCH 11/17] Squashing changes associated with pg --- Dockerfile | 8 +++--- Gemfile | 1 - Gemfile.lock | 2 -- README.md | 66 --------------------------------------------- config/secrets.yml | 10 +++++++ config/secrets2.yml | 6 +++++ docs/openshift.md | 65 ++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 85 insertions(+), 73 deletions(-) create mode 100644 config/secrets.yml create mode 100644 config/secrets2.yml create mode 100644 docs/openshift.md diff --git a/Dockerfile b/Dockerfile index 40b70ca..b42e313 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,10 @@ FROM ruby:2.6.5 RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs RUN mkdir /myapp +RUN chgrp -R 0 /myapp \ + && chmod -R g+rwX /myapp WORKDIR /myapp +RUN bundle install ADD Gemfile /myapp/Gemfile ADD Gemfile.lock /myapp/Gemfile.lock -RUN bundle install -ADD . /myapp -RUN chgrp -R 0 /myapp \ - && chmod -R g+rwX /myapp \ No newline at end of file +ADD . /myapp \ No newline at end of file diff --git a/Gemfile b/Gemfile index b18b64c..56ea6ef 100644 --- a/Gemfile +++ b/Gemfile @@ -28,7 +28,6 @@ gem "therubyracer" gem "turbolinks" gem "uglifier" gem "unicorn" -gem "pg" # Add SMTP server support using MailCatcher # NOTE: https://github.com/sj26/mailcatcher#bundler diff --git a/Gemfile.lock b/Gemfile.lock index 87fbb6a..bbe0b5f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -199,7 +199,6 @@ GEM parallel (1.18.0) parser (2.6.5.0) ast (~> 2.4.0) - pg (1.2.2) poltergeist (1.18.1) capybara (>= 2.1, < 4) cliver (~> 0.3.1) @@ -365,7 +364,6 @@ DEPENDENCIES launchy minitest mysql2 - pg poltergeist powder pry diff --git a/README.md b/README.md index c9823be..e3c1556 100755 --- a/README.md +++ b/README.md @@ -81,72 +81,6 @@ Exiting ``` In this case, remove that server.pid file and try again. Note also that this file is in your current working directory, not inside the container. -## Openshift Deployment -To deploy Railsgoat with Openshift you must first have a working [Openshift Cluster](https://docs.okd.io/latest/welcome/index.html) installed. The Railsgoat Openshift deployment currently supports Postgres on the native Openshift Postgres imagestream. - -```bash -$ oc new-project railsgoat --description="Railsgoat Openshift Deployment" --display-name="Railsgoat" -``` -### Creating a Database Service - -Although Railsgoat in Openshift can be used with the development SQL Lite database, it also takes advantage of the PostgreSQL database image in Openshift for more creative demonstrations and an expansion of SQL attacks. To create the database service you will use the `oc new-app` command and will need to pass some environment variables. You can change these to anything you want. - -```bash -$ oc new-app postgresql -e POSTGRESQL_DATABASE=db_name -e POSTGRESQL_USER=username -e POSTGRESQL_PASSWORD=password -``` - -You can also set the password for the database admin by appending the previous command with: - -```bash --e POSTGRESQL_ADMIN_PASSWORD=admin_pw -``` - -To deploy Railsgoat alongside the postgres database, you will need to run: -```bash -$ oc new-app https://github.com/OWASP/railsgoat.git --name=railsgoat -e POSTGRESQL_USER=username -e POSTGRESQL_PASSWORD=password -e POSTGRESQL_DATABASE=db_name -e DATABASE_SERVICE_NAME=postgresql -e RAILS_ENV=openshift -``` - -If you changed the database environment variables, make sure they match up. - -Enter the deployments of your new Railsgoat project and locate the railsgoat deployment config. Add the following to the config under the container object. - -``` - command: - - /bin/bash - - '-c' - args: - - rails server -p 3000 -b 0.0.0.0 - ports: - - containerPort: 3000 - protocol: TCP -``` - -From the openshift console run the following where `` is the active pod (for example, `railsgoat-2-dkalf`): - -```bash -$ oc rsh -``` - -From the terminal: - -```bash -$ rails db:migrate -``` - -Create the railsgoat service using the template in the openshift-configs folder by either creating it in the openshift terminal window or pulling it directly from git. - -```bash -$ oc create -f https://raw.githubusercontent.com/relotnek/railsgoat/master/openshift-configs/railsgoatservice.yaml -``` - -Expose the service - -```bash -$ oc expose service railsgoat -``` - -Once the railgoat deployment is running navigate to the indicated route - ## Capybara Tests RailsGoat now includes a set of failing Capybara RSpecs, each one indicating that a separate vulnerability exists in the application. To run them, you first need to install [PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs) (version 2.1.1 has been tested in Dev and on Travis CI), which is required by the Poltergeist Capybara driver. Upon installation, simply run the following task: diff --git a/config/secrets.yml b/config/secrets.yml new file mode 100644 index 0000000..63757e7 --- /dev/null +++ b/config/secrets.yml @@ -0,0 +1,10 @@ +$ANSIBLE_VAULT;1.1;AES256 +63303430303835393535616235383138383365363438363234316163373866616539353065343530 +3138626232306637323534343936383734363439376437620a383165366162623936613764336363 +61393232626465306139333339643531396338363631653361363562346237366534306539373938 +3135343835633239660a353038623433353364636264636633356538646431303234326437366138 +63336262376136386463653033643064616432623763626132353062646431333032353137393833 +61303832323139633831333932616565313762356233646663316636363663323166633466373066 +36663631393339633163643364613261326530363238333761306163363463623736333363323937 +30363865623132653730396235383862303439613762313163376365373464383364366333663637 +3066 diff --git a/config/secrets2.yml b/config/secrets2.yml new file mode 100644 index 0000000..bd33525 --- /dev/null +++ b/config/secrets2.yml @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +35626437333463353464663839363636313435336332376561623031666263616263613638303031 +3064343638663837633934636537353736323335313663350a313338383464353231346661616563 +39353235353135323330653437333062653232366330316237656339383465653130636166346537 +6663373338366133610a383365303662306266303832326561646263363031666237303464663062 +3435 diff --git a/docs/openshift.md b/docs/openshift.md new file mode 100644 index 0000000..d7f5873 --- /dev/null +++ b/docs/openshift.md @@ -0,0 +1,65 @@ +## Openshift Deployment +To deploy Railsgoat with Openshift you must first have a working [Openshift Cluster](https://docs.okd.io/latest/welcome/index.html) installed. The Railsgoat Openshift deployment currently supports Postgres on the native Openshift Postgres imagestream. + +```bash +$ oc new-project railsgoat --description="Railsgoat Openshift Deployment" --display-name="Railsgoat" +``` +### Creating a Database Service + +Although Railsgoat in Openshift can be used with the development SQL Lite database, it also takes advantage of the PostgreSQL database image in Openshift for more creative demonstrations and an expansion of SQL attacks. To create the database service you will use the `oc new-app` command and will need to pass some environment variables. You can change these to anything you want. + +```bash +$ oc new-app postgresql -e POSTGRESQL_DATABASE=db_name -e POSTGRESQL_USER=username -e POSTGRESQL_PASSWORD=password +``` + +You can also set the password for the database admin by appending the previous command with: + +```bash +-e POSTGRESQL_ADMIN_PASSWORD=admin_pw +``` + +To deploy Railsgoat alongside the postgres database, you will need to run: +```bash +$ oc new-app https://github.com/OWASP/railsgoat.git --name=railsgoat -e POSTGRESQL_USER=username -e POSTGRESQL_PASSWORD=password -e POSTGRESQL_DATABASE=db_name -e DATABASE_SERVICE_NAME=postgresql -e RAILS_ENV=openshift +``` + +If you changed the database environment variables, make sure they match up. + +Enter the deployments of your new Railsgoat project and locate the railsgoat deployment config. Add the following to the config under the container object. + +``` + command: + - /bin/bash + - '-c' + args: + - rails server -p 3000 -b 0.0.0.0 + ports: + - containerPort: 3000 + protocol: TCP +``` + +From the openshift console run the following where `` is the active pod (for example, `railsgoat-2-dkalf`): + +```bash +$ oc rsh +``` + +From the terminal: + +```bash +$ rails db:migrate +``` + +Create the railsgoat service using the template in the openshift-configs folder by either creating it in the openshift terminal window or pulling it directly from git. + +```bash +$ oc create -f https://raw.githubusercontent.com/relotnek/railsgoat/master/openshift-configs/railsgoatservice.yaml +``` + +Expose the service + +```bash +$ oc expose service railsgoat +``` + +Once the railgoat deployment is running navigate to the indicated route \ No newline at end of file From cc0ff6055b9302325829de15aa70a078a012acb4 Mon Sep 17 00:00:00 2001 From: Ken Toler Date: Fri, 17 Apr 2020 15:42:06 -0400 Subject: [PATCH 12/17] added openshift group to dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b42e313..3395517 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ RUN mkdir /myapp RUN chgrp -R 0 /myapp \ && chmod -R g+rwX /myapp WORKDIR /myapp -RUN bundle install +RUN bundle install --with=openshift ADD Gemfile /myapp/Gemfile ADD Gemfile.lock /myapp/Gemfile.lock ADD . /myapp \ No newline at end of file From 4cc0a8f96c6a284b0d6f1eb1b7858fa9c2489bc6 Mon Sep 17 00:00:00 2001 From: Ken Toler Date: Fri, 17 Apr 2020 15:56:48 -0400 Subject: [PATCH 13/17] updated Gemfile to include openshift group --- Gemfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Gemfile b/Gemfile index 56ea6ef..451dba6 100644 --- a/Gemfile +++ b/Gemfile @@ -56,6 +56,10 @@ group :development, :test, :mysql do gem "test-unit" end +group :openshift do + gem "pg" +end + group :mysql do gem "mysql2" end From 63737625b56b14a7ea79ac20edf9a9c0bdfe2139 Mon Sep 17 00:00:00 2001 From: Ken Toler Date: Fri, 17 Apr 2020 16:00:51 -0400 Subject: [PATCH 14/17] minor mistake with permission order in Dockerfile --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3395517..8438c69 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,10 @@ FROM ruby:2.6.5 RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs RUN mkdir /myapp -RUN chgrp -R 0 /myapp \ - && chmod -R g+rwX /myapp WORKDIR /myapp RUN bundle install --with=openshift ADD Gemfile /myapp/Gemfile ADD Gemfile.lock /myapp/Gemfile.lock -ADD . /myapp \ No newline at end of file +ADD . /myapp +RUN chgrp -R 0 /myapp \ + && chmod -R g+rwX /myapp \ No newline at end of file From e53e47d25253371d97cc454e8f825be4c05131b1 Mon Sep 17 00:00:00 2001 From: Ken Toler Date: Fri, 17 Apr 2020 16:03:25 -0400 Subject: [PATCH 15/17] fixing Dockerfile mistakes so that it will build --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8438c69..1fc8b2a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,9 +2,9 @@ FROM ruby:2.6.5 RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs RUN mkdir /myapp WORKDIR /myapp -RUN bundle install --with=openshift ADD Gemfile /myapp/Gemfile ADD Gemfile.lock /myapp/Gemfile.lock +RUN bundle install --with=openshift ADD . /myapp RUN chgrp -R 0 /myapp \ && chmod -R g+rwX /myapp \ No newline at end of file From 438945cb57852da21ef3e0afc061c7da2a99ce57 Mon Sep 17 00:00:00 2001 From: Ken Toler Date: Mon, 8 Jun 2020 19:27:09 -0400 Subject: [PATCH 16/17] Openshift specific Dockerfile --- Dockerfile | 4 +--- openshift-configs/Dockerfile | 10 ++++++++++ 2 files changed, 11 insertions(+), 3 deletions(-) create mode 100644 openshift-configs/Dockerfile diff --git a/Dockerfile b/Dockerfile index 1fc8b2a..446bba7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,5 @@ RUN mkdir /myapp WORKDIR /myapp ADD Gemfile /myapp/Gemfile ADD Gemfile.lock /myapp/Gemfile.lock -RUN bundle install --with=openshift +RUN bundle install ADD . /myapp -RUN chgrp -R 0 /myapp \ - && chmod -R g+rwX /myapp \ No newline at end of file diff --git a/openshift-configs/Dockerfile b/openshift-configs/Dockerfile new file mode 100644 index 0000000..1fc8b2a --- /dev/null +++ b/openshift-configs/Dockerfile @@ -0,0 +1,10 @@ +FROM ruby:2.6.5 +RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs +RUN mkdir /myapp +WORKDIR /myapp +ADD Gemfile /myapp/Gemfile +ADD Gemfile.lock /myapp/Gemfile.lock +RUN bundle install --with=openshift +ADD . /myapp +RUN chgrp -R 0 /myapp \ + && chmod -R g+rwX /myapp \ No newline at end of file From 77a223b385ee85ae15e1dcb54df3eed33a2e8fc0 Mon Sep 17 00:00:00 2001 From: Ken Toler Date: Mon, 8 Jun 2020 19:39:20 -0400 Subject: [PATCH 17/17] Document Dockerfile changes --- docs/openshift.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/openshift.md b/docs/openshift.md index d7f5873..a36b22b 100644 --- a/docs/openshift.md +++ b/docs/openshift.md @@ -4,6 +4,21 @@ To deploy Railsgoat with Openshift you must first have a working [Openshift Clus ```bash $ oc new-project railsgoat --description="Railsgoat Openshift Deployment" --display-name="Railsgoat" ``` + +## Edit the Build Strategy +Since Railsgoat supports both normal Docker deployment and openshift deployment, the Openshift deployment is located in the `openshift-configs` directory. Find the railsgoat build in your openshift deployment and edit the dockerStrategy so that it reads something like: + +``` + strategy: + dockerStrategy: + dockerfilePath: openshift-configs/Dockerfile + from: + kind: ImageStreamTag + name: 'ruby:2.6.5' + namespace: railsgoat + type: Docker +``` + ### Creating a Database Service Although Railsgoat in Openshift can be used with the development SQL Lite database, it also takes advantage of the PostgreSQL database image in Openshift for more creative demonstrations and an expansion of SQL attacks. To create the database service you will use the `oc new-app` command and will need to pass some environment variables. You can change these to anything you want.