google
diff --git a/‎.gitignore‎
Lines changed: 3 additions & 0 deletions b/‎.gitignore‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎contrib/docker/dev/.env.template‎
Lines changed: 16 additions & 0 deletions b/‎contrib/docker/dev/.env.template‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎contrib/docker/dev/README.md‎
Lines changed: 144 additions & 0 deletions b/‎contrib/docker/dev/README.md‎
Lines changed: 144 additions & 0 deletions
diff --git a/‎contrib/docker/dev/compose.yaml‎
Lines changed: 127 additions & 0 deletions b/‎contrib/docker/dev/compose.yaml‎
Lines changed: 127 additions & 0 deletions
@@ -53,3 +53,6 @@ vagrant/*.log
 
 # Exclude JetBrains IDE files
 .idea/
+
+# Exclude Docker Compose .env file
+.env
@@ -0,0 +1,16 @@
+GIFT_PPA_TRACK="stable"
+GIFT_PPA_URL="https://ppa.launchpadcontent.net/gift/${GIFT_PPA_TRACK}/ubuntu"
+NODE_VERSION="18.x"
+NODE_PPA_URL="https://deb.nodesource.com/node_${NODE_VERSION}"
+NODE_NPMRC=""
+YARN_YARNRC=""
+PYTHON_PIP_CONF=""
+
+TIMESKETCH_BASE_IMAGE="ubuntu:22.04"
+TIMESKETCH_CONF_DIR="/etc/timesketch"
+TIMESKETCH_SECRET_KEY="L4np0jV3yAdAFdbVzWRMaBqiFMV8FKYd+Je1WKE40o8="
+TIMESKETCH_USER="dev"
+TIMESKETCH_PASSWORD="dev"
+
+POSTGRES_USER="timesketch"
+POSTGRES_PASSWORD="password"
@@ -0,0 +1,144 @@
+## Docker for development
+
+You can run Timesketch on Docker in development mode.
+Make sure to follow the docker [post-install](https://docs.docker.com/engine/install/linux-postinstall/) to run without superuser. If not then make sure to execute all `docker` commands here as *superuser*.
+
+NOTE: It is not recommended to try to run on a system with less than 8 GB of RAM.
+
+### Prepare a .env file
+
+Compose requires a `.env` file with top level environment variables to be set.
+To create it, just copy the `.env.template` file as a base.
+
+```bash
+cp .env.template .env
+```
+
+Note the `.env` is ignored by Git: you can safely write sensitive data in it.
+
+You can optionally edit the `.env` file.
+This is useful if you need to build images with some company restrictions (accessing
+remote Ubuntu, PyPI or Node repositories).
+
+### Start a developer version of docker containers in this directory
+
+```bash
+docker compose up -d
+```
+
+The provided container definition runs Timesketch in development mode as a volume from your cloned repo. Any changes you make will appear in Timesketch automatically.
+
+If you see the following message you can continue
+
+```text
+Timesketch development server is ready!
+```
+
+### Start a celery container shell
+
+Start the container in foreground (add `-d` to run in background):
+
+```bash
+docker compose exec timesketch \
+  celery \
+  -A timesketch.lib.tasks \
+  worker \
+  --loglevel info
+```
+
+### Start development webserver (and metrics server)
+
+Start the container in foreground (add `-d` to run in background):
+
+```bash
+docker compose exec timesketch \
+  gunicorn \
+  --reload \
+  -b 0.0.0.0:5000 \
+  --log-file - \
+  --timeout 600 \
+  -c /usr/local/src/timesketch/data/gunicorn_config.py \
+  timesketch.wsgi:application
+```
+
+You now can access your development version at http://127.0.0.1:5000/
+
+Log in with user: dev password: dev
+
+You can also access a metrics dashboard at http://127.0.0.1:3000/
+
+### Non-interactive
+
+A script applies the previous commands in background for you.
+
+```bash
+docker compose up -d
+./start-frontend-ng-no-dev.sh
+```
+
+A second script starts an additional development server for the frontend
+(http://127.0.0.1:5001/).
+You need to wait a few seconds before accessing it.
+
+```bash
+docker compose up -d
+./start-frontend-ng-dev.sh
+```
+
+### Run tests
+
+```bash
+docker compose exec \
+    -w /usr/local/src/timesketch \
+    -it \
+    timesketch \
+    python3 run_tests.py --coverage
+```
+
+That will run all tests in your docker container. It is recommended to run all tests at least before creating a pull request.
+
+### Jupyter Notebook
+
+To access a Jupyter notebook that has access to the Timesketch development
+environment start a browser and visit http://localhost:8844/ . The password to
+gain access is "timesketch".
+
+By default, the /tmp directory is mapped as the data directory to store all
+notebooks. To change that, modify the line:
+
+```yaml
+      - /tmp/:/usr/local/src/picadata/
+```
+
+in the _compose.yaml_ file to point to a directory of your choosing.
+In order for the jupyter notebook to be able to make use of that folder it has
+to have read and write permission for the user with the UID 1000.
+
+By default, the latest checked in code of the timesketch API client and
+timesketch import client are installed. In order to install a new version, if
+you are modifying the clients you'll need to make sure that the timesketch
+source code on your machine is readable by the user with the UID 1000 and
+gid 1000.
+If that is done, then the code is mapped into the `/usr/local/src/timesketch`
+folder on the docker container.
+
+New versions of timesketch api client can then be installed using:
+
+```bash
+!pip install -e /usr/local/src/timesketch/api_client/python/
+```
+
+And the importer client:
+
+```bash
+!pip install -e /usr/local/src/timesketch/importer_client/python
+```
+
+Just remember to restart the kernel runtime in order for the changes to be
+active.
+
+To update the docker image run:
+
+```bash
+$ sudo docker image pull us-docker.pkg.dev/osdfir-registry/timesketch/notebook:latest
+```
@@ -0,0 +1,127 @@
+name: timesketch-dev
+
+networks:
+  timesketch-dev:
+
+volumes:
+  opensearch-data:
+  postgres-data:
+  redis-data:
+  prometheus-data:
+
+services:
+  timesketch:
+    image: us-docker.pkg.dev/osdfir-registry/timesketch/dev:latest
+    build:
+      context: ../../..
+      dockerfile: contrib/docker/dev/timesketch/Dockerfile
+      args:
+        BASE_IMAGE: "${TIMESKETCH_BASE_IMAGE}"
+        GIFT_PPA_TRACK: "${GIFT_PPA_TRACK}"
+        GIFT_PPA_URL: "${GIFT_PPA_URL}"
+        NODE_VERSION: "${NODE_VERSION}"
+        NODE_PPA_URL: "${NODE_PPA_URL}"
+        NODE_NPMRC: "${NODE_NPMRC}"
+        YARN_YARNRC: "${YARN_YARNRC}"
+        PYTHON_PIP_CONF: "${PYTHON_PIP_CONF}"
+    command: timesketch
+    ports:
+      - "5000:5000"
+      - "5001:5001"
+      - "8080:8080"
+    env_file:
+      - timesketch/timesketch.env
+    volumes:
+      - "../../../:/usr/local/src/timesketch/"
+      - "./timesketch/timesketch.conf:${TIMESKETCH_CONF_DIR}/timesketch.conf:ro"
+      - "./timesketch/sigma_rules.txt:${TIMESKETCH_CONF_DIR}/sigma_rules.txt:ro"
+      - "../../../data/regex_features.yaml:${TIMESKETCH_CONF_DIR}/regex_features.yaml:ro"
+      - "../../../data/winevt_features.yaml:${TIMESKETCH_CONF_DIR}/winevt_features.yaml:ro"
+      - "../../../data/tags.yaml:${TIMESKETCH_CONF_DIR}/tags.yaml:ro"
+      - "../../../data/intelligence_tag_metadata.yaml:${TIMESKETCH_CONF_DIR}/intelligence_tag_metadata.yaml:ro"
+      - "../../../data/plaso.mappings:${TIMESKETCH_CONF_DIR}/plaso.mappings:ro"
+      - "../../../data/generic.mappings:${TIMESKETCH_CONF_DIR}/generic.mappings:ro"
+      - "../../../data/ontology.yaml:${TIMESKETCH_CONF_DIR}/ontology.yaml:ro"
+      - "../../../data/data_finder.yaml:${TIMESKETCH_CONF_DIR}/data_finder.yaml:ro"
+      - "../../../data/bigquery_matcher.yaml:${TIMESKETCH_CONF_DIR}/bigquery_matcher.yaml:ro"
+      - "../../../data/sigma_config.yaml:${TIMESKETCH_CONF_DIR}/sigma_config.yaml:ro"
+      - "../../../data/sigma:${TIMESKETCH_CONF_DIR}/sigma:ro"
+      - "../../../data/dfiq:${TIMESKETCH_CONF_DIR}/dfiq:ro"
+      - "../../../data/context_links.yaml:${TIMESKETCH_CONF_DIR}/context_links.yaml:ro"
+      - "../../../data/plaso_formatters.yaml:${TIMESKETCH_CONF_DIR}/plaso_formatters.yaml:ro"
+      - "../../../data/nl2q:${TIMESKETCH_CONF_DIR}/nl2q:ro"
+      - "../../../data/llm_summarize:${TIMESKETCH_CONF_DIR}/llm_summarize:ro"
+    depends_on:
+      - opensearch
+      - postgres
+      - redis
+    networks:
+      - timesketch-dev
+
+  opensearch:
+    image: opensearchproject/opensearch:2.15.0
+    env_file:
+      - opensearch/opensearch.env
+    ports:
+      - "9200:9200"
+    volumes:
+      - "opensearch-data:/usr/share/opensearch/data"
+    networks:
+      - timesketch-dev
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+
+  postgres:
+    image: postgres:13.1-alpine
+    env_file:
+      - postgresql/postgresql.env
+    ports:
+      - "5432:5432"
+    volumes:
+      - "postgres-data:/var/lib/postgresql/data"
+    networks:
+      - timesketch-dev
+
+  redis:
+    image: redis:6.0.10-alpine
+    ports:
+      - "6379:6379"
+    volumes:
+      - "redis-data:/data"
+    networks:
+      - timesketch-dev
+
+  notebook:
+    image: us-docker.pkg.dev/osdfir-registry/timesketch/notebook:latest
+    build:
+      context: ../../..
+      dockerfile: contrib/docker/dev/notebook/Dockerfile
+      args:
+        PYTHON_PIP_CONF: "${PYTHON_PIP_CONF}"
+    ports:
+      - "8844:8844"
+    volumes:
+      - "../../../:/usr/local/src/timesketch/:ro"
+      - "/tmp/:/usr/local/src/picadata/"
+    depends_on:
+      - opensearch
+    networks:
+      - timesketch-dev
+
+  prometheus:
+    image: prom/prometheus:v2.24.1
+    volumes:
+      - "./prometheus:/etc/prometheus:ro"
+      - "prometheus-data:/prometheus"
+    ports:
+      - "9090:9090"
+    command: --config.file=/etc/prometheus/prometheus.yml
+    depends_on:
+      - timesketch
+    networks:
+      - timesketch-dev