diff --git a/config/settings/base.py b/config/settings/base.py
index 855096930674372ad38d734dbb65e4f2dfcd73bf..662c4eac890bddcc84d195165180ff6bc9c8b0e7 100644
--- a/config/settings/base.py
+++ b/config/settings/base.py
@@ -26,7 +26,7 @@ MAINTENANCE_MODE = False
MAINTENANCE_MODE_MESSAGE = None
# Version ---------------------------------------------------------------------
-PROJECT_VERSION = '2.7.1'
+PROJECT_VERSION = '2.7.1-1'
# Unauthenticated access ------------------------------------------------------
# This variable should eventually control whether unauthenticated access is
diff --git a/config/settings/container/dev.py b/config/settings/container/dev.py
index 65c467a37346cf34bfe04b50ec00ee01d54e78ee..e705a2932f912c2f15ad4c3b6613e096379c200d 100644
--- a/config/settings/container/dev.py
+++ b/config/settings/container/dev.py
@@ -1,7 +1,7 @@
# Settings for a test/dev GraceDB instance running in a container
from .base import *
-CONFIG_NAME = "TEST"
+CONFIG_NAME = "DEV"
# Debug settings
DEBUG = True
@@ -28,6 +28,14 @@ INSTALLED_APPS += [
# Add testserver to ALLOWED_HOSTS
ALLOWED_HOSTS += ['testserver']
+# Turn on XMPP alerts
+SEND_XMPP_ALERTS = True
+
+# Enforce that phone and email alerts are off
+SEND_PHONE_ALERTS = False
+SEND_EMAIL_ALERTS = False
+
+
# Settings for django-silk profiler
SILKY_AUTHENTICATION = True
SILKY_AUTHORISATION = True
@@ -62,3 +70,20 @@ if sentry_dsn is not None:
# Turn off default admin error emails
LOGGING['loggers']['django.request']['handlers'] = []
+
+# Home page stuff
+INSTANCE_TITLE = 'GraceDB Development Server'
+INSTANCE_INFO = """
+<h3>Development Instance</h3>
+<p>
+This GraceDB instance is designed for GraceDB maintainers to develop and
+test in the AWS cloud architecture. There is <b>no guarantee</b> that the
+behavior of this instance will mimic the production system at any time.
+Events and associated data may change or be removed at any time.
+</p>
+<ul>
+<li>Phone and e-mail alerts are turned off.</li>
+<li>Only LIGO logins are provided (no login via InCommon or Google).</li>
+<li>LVAlert messages are sent to lvalert-dev.cgca.uwm.edu.</li>
+</ul>
+"""
diff --git a/config/settings/container/playground.py b/config/settings/container/playground.py
new file mode 100644
index 0000000000000000000000000000000000000000..c6b3d8ca06fa862d2b81ee3c4528fc12c4a909b0
--- /dev/null
+++ b/config/settings/container/playground.py
@@ -0,0 +1,52 @@
+# Settings for a playground GraceDB instance (for user testing) running
+# in a container on AWS. These settings inherent from base.py)
+# and overrides or adds to them.
+from .base import *
+
+CONFIG_NAME = "USER TESTING"
+
+# Debug settings
+DEBUG = False
+
+# Override EMBB email address
+# TP (8 Aug 2017): not sure why?
+EMBB_MAIL_ADDRESS = 'gracedb@{fqdn}'.format(fqdn=SERVER_FQDN)
+
+# Turn on XMPP alerts
+SEND_XMPP_ALERTS = True
+
+# Enforce that phone and email alerts are off
+SEND_PHONE_ALERTS = False
+SEND_EMAIL_ALERTS = False
+
+# Define correct LVAlert settings
+LVALERT_OVERSEER_INSTANCES = [
+ {
+ "lvalert_server": "lvalert-playground.cgca.uwm.edu",
+ "listen_port": 8001,
+ },
+]
+
+# Add testserver to ALLOWED_HOSTS
+ALLOWED_HOSTS += ['testserver']
+
+# Home page stuff
+INSTANCE_TITLE = 'GraceDB Playground'
+INSTANCE_INFO = """
+<h3>Playground instance</h3>
+<p>
+This GraceDB instance is designed for users to develop and test their own
+applications. It mimics the production instance in all but the following ways:
+</p>
+<ul>
+<li>Phone and e-mail alerts are turned off.</li>
+<li>Only LIGO logins are provided (no login via InCommon or Google).</li>
+<li>LVAlert messages are sent to lvalert-playground.cgca.uwm.edu.</li>
+<li>Events and associated data will <b>not</b> be preserved indefinitely.
+A nightly cron job removes events older than 21 days.</li>
+</ul>
+"""
+
+# Safety check on debug mode for playground
+if (DEBUG == True):
+ raise RuntimeError("Turn off debug mode for playground")
diff --git a/config/settings/container/test.py b/config/settings/container/test.py
new file mode 100644
index 0000000000000000000000000000000000000000..f703bb5f5b90ed68acfbf13024a5ae2c1e9c2e95
--- /dev/null
+++ b/config/settings/container/test.py
@@ -0,0 +1,89 @@
+# Settings for a test/dev GraceDB instance running in a container
+from .base import *
+
+CONFIG_NAME = "TEST"
+
+# Debug settings
+DEBUG = True
+
+# Override EMBB email address
+# TP (8 Aug 2017): not sure why?
+EMBB_MAIL_ADDRESS = 'gracedb@{fqdn}'.format(fqdn=SERVER_FQDN)
+
+# Add middleware
+debug_middleware = 'debug_toolbar.middleware.DebugToolbarMiddleware'
+MIDDLEWARE += [
+ debug_middleware,
+ #'silk.middleware.SilkyMiddleware',
+ #'core.middleware.profiling.ProfileMiddleware',
+ #'core.middleware.admin.AdminsOnlyMiddleware',
+]
+
+# Add to installed apps
+INSTALLED_APPS += [
+ 'debug_toolbar',
+ #'silk'
+]
+
+# Add testserver to ALLOWED_HOSTS
+ALLOWED_HOSTS += ['testserver']
+
+# Settings for django-silk profiler
+SILKY_AUTHENTICATION = True
+SILKY_AUTHORISATION = True
+if 'silk' in INSTALLED_APPS:
+ # Needed to prevent RequestDataTooBig for files > 2.5 MB
+ # when silk is being used. This setting is typically used to
+ # prevent DOS attacks, so should not be changed in production.
+ DATA_UPLOAD_MAX_MEMORY_SIZE = 20*(1024**2)
+
+# Tuple of IPs which are marked as internal, useful for debugging.
+# Tanner (5 Dec. 2017): DON'T CHANGE THIS! Django Debug Toolbar exposes
+# some headers which we want to keep hidden. So to be safe, we only allow
+# it to be used through this server. You need to configure a SOCKS proxy
+# on your local machine to use DJDT (see admin docs).
+INTERNAL_IPS = [
+ INTERNAL_IP_ADDRESS,
+]
+
+# Define correct LVAlert settings
+LVALERT_OVERSEER_INSTANCES = [
+ {
+ "lvalert_server": "lvalert-test.cgca.uwm.edu",
+ "listen_port": 8001,
+ },
+]
+
+# Set up Sentry for error logging
+sentry_dsn = get_from_env('DJANGO_SENTRY_DSN', fail_if_not_found=False)
+if sentry_dsn is not None:
+ USE_SENTRY = True
+
+ # Set up Sentry
+ import sentry_sdk
+ from sentry_sdk.integrations.django import DjangoIntegration
+ sentry_sdk.init(
+ environment='test',
+ dsn=sentry_dsn,
+ integrations=[DjangoIntegration()]
+ )
+
+ # Turn off default admin error emails
+ LOGGING['loggers']['django.request']['handlers'] = []
+
+# Home page stuff
+INSTANCE_TITLE = 'GraceDB Testing Server'
+INSTANCE_INFO = """
+<h3>Testing Instance</h3>
+<p>
+This GraceDB instance is designed for Quality Assurance (QA) testing and
+validation for GraceDB and electromagnetic follow-up (EMFollow) developers.
+Software should meet QA milestones on the test instance before being moved
+to Playground or Production. Note, on this GraceDB instance:
+</p>
+<ul>
+<li>Phone and e-mail alerts are turned off.</li>
+<li>Only LIGO logins are provided (no login via InCommon or Google).</li>
+<li>LVAlert messages are sent to lvalert-test.cgca.uwm.edu.</li>
+</ul>
+"""
diff --git a/docker/entrypoint b/docker/entrypoint
index e7adad3d3e6b3256e8163a723aadf1db3bc4d693..b112e3d62463cff640a7943461ef2e42eb4d182b 100644
--- a/docker/entrypoint
+++ b/docker/entrypoint
@@ -1,16 +1,22 @@
#!/bin/bash
+# Export the required UUID resource for the lvalert_overseer
+export LVALERT_OVERSEER_RESOURCE=${LVALERT_USER}_overseer_$(python -c 'import uuid; print(uuid.uuid4().hex)')
+
+# Change the file permissions and ownership on /app/db_data:
+chown gracedb:www-data /app/db_data
+chmod 755 /app/db_data
## PGA: 2019-10-15: use certs from secrets for Shibboleth SP
-SHIB_SP_CERT=/run/secrets/gracedb_ligo_org_saml_cert
-SHIB_SP_KEY=/run/secrets/gracedb_ligo_org_saml_privkey
+SHIB_SP_CERT=/run/secrets/saml_certificate
+SHIB_SP_KEY=/run/secrets/saml_private_key
if [[ -f $SHIB_SP_CERT && -f $SHIB_SP_KEY ]]
then
- echo "Using Shibboleth Cert from docker secrets over the image one"
- cp -f $SHIB_SP_CERT /etc/shibboleth/sp-cert.pem
- cp -f $SHIB_SP_KEY /etc/shibboleth/sp-key.pem
- chown _shibd:_shibd /etc/shibboleth/sp-{cert,key}.pem
- chmod 0600 /etc/shibboleth/sp-key.pem
+ echo "Using Shibboleth Cert from docker secrets over the image one"
+ cp -f $SHIB_SP_CERT /etc/shibboleth/sp-cert.pem
+ cp -f $SHIB_SP_KEY /etc/shibboleth/sp-key.pem
+ chown _shibd:_shibd /etc/shibboleth/sp-{cert,key}.pem
+ chmod 0600 /etc/shibboleth/sp-key.pem
fi
## PGA 2019-10-16: use secrets for sensitive environment variables
@@ -24,10 +30,9 @@ LIST="aws_ses_access_key_id
for SECRET in $LIST
do
- VARNAME=$( tr [:lower:] [:upper:] <<<$SECRET)
- [ -f /run/secrets/$SECRET ] && export $VARNAME="'$(< /run/secrets/$SECRET)'"
+ VARNAME=$( tr [:lower:] [:upper:] <<<$SECRET)
+ [ -f /run/secrets/$SECRET ] && export $VARNAME="$(< /run/secrets/$SECRET)"
done
-export LVALERT_OVERSEER_RESOURCE=${LVALERT_USER}_overseer_$(python -c 'import uuid; print(uuid.uuid4().hex)')
exec "$@"