Skip to content
Snippets Groups Projects
user avatar
9cee86d5

CRI Intranet

Developper setup

Initial setup

You will need docker and docker-compose installed on your computer.

$ pipenv install --dev
$ cd docker/
$ ./gen_secrets.sh
$ docker-compose up --build

Regular usage

$ cd docker/
$ DOCKER_BUILDKIT=1 COMPOSE_DOCKER_CLI_BUILD=1 docker-compose up --build

Formatting

We use python/black as a code formatter. It can be enabled through git pre-commit with the following command:

$ pipenv run pre-commit install

Linting

We also use pylint to check the coding style. It is configured with gitlab-ci and produce warnings in gitlab. To check if the project matches pylint's recommendations you can use the following command:

$ pipenv run prospector --profile base

Services

Adminer

URL: http://localhost:8010/
System: 'PostgreSQL'
User: 'intranet_dev'
Password in: docker/secrets/postgres-passwd
Database: 'intranet_dev'

Website

URL: http://localhost:8000/
Username: admin
Password in: docker/secrets/kerberos-admin

SPNEGO

If you want to test that SPNEGO is working properly on your machine you need to get a ticket for a user that have a kerberos principal, for instance admin has by default a relation to the principal admin/admin.

Then you can launch your favorite browser, configure it for SPNEGO support and specify the location of the keytab used by SPNEGO.

Getting a ticket from kerberos

To get a kerberos ticket from admin/admin type the following command.

$ KRB5_CONFIG=docker/config/krb5.conf kinit admin/admin < docker/secrets/kerberos-admin

In general type the following command.

$ KRB5_CONFIG=docker/config/krb5.conf kinit MY_KERBEROS_USER

For chromium

Launch chromium with the following command.

$ KRB5_CONFIG=docker/config/krb5.conf KRB5_KTNAME="docker/secrets/spnego.keytab" chromium --auth-server-whitelist="localhost"

For firefox

Launch firefox with the following command.

$ KRB5_CONFIG=docker/config/krb5.conf KRB5_KTNAME="docker/secrets/spnego.keytab" firefox

Go to about:config then change network.negotiate-auth.trusted-uris to localhost.