## Installing in production

### Build image

```
docker build --no-cache=true -t ndn-pwman .
```

### Add secret
Make a `secret.txt` file and add a random 50 character secret in a data dir. This is just an example.

```
6dxjpk*+-ywfxxi#_wmpzon@-p6hwwh9z)7q0t)h7zy*tdz20x
```


### Migrate database

If running for the first time or if changes has been made to the database scheme you should run the django migrate script. You should store the database in a volume.

```
docker run --rm -ti -v $(pwd)/data:/opt/pwman ndn-pwman migrate
```

### Collect statics

You need to server the static content using either apache or nginx.
To export the static files use the same data dir as you did for the database, and run the  `collectstatic` command.

```
docker run --rm --ti ndn-pwman -v $(pwd)/data:/opt/pwman collectstatic
```


## Running pwman

You need a useradmin keytab file, and the admin password for our ldap.

```
	docker run --rm -ti --name pwman -e LDAP_PASSWORD="1234secrets"  -v /etc/useradmin.keytab:/etc/useradmin.keytab:ro -v $(pwd)/data:/opt/pwman ndn-pwman server
```


## Debugging

You can run the image with the argument shell.

```
docker run --rm -ti ndn-pwman shell
```

## Environement variables

Required veriables marked with a `*`

- LDAP_URL - defaults to `ldaps://ldap.norud.net`
- LDAP_USER - defaults to `cn=admin,dc=nordu,dc=net`
- LDAP_PASSWORD*
- KERBEROS_SCRIPT - `/opt/pwman/kerberos.pl`
- DEBUG_MODE - defaults to `False`
- SECRET_KEY_FILE - use a file containing a secret. Will overwrite SECRET_KEY if present. Defaults to `DATA_DIR/secret.txt`
- SECRET_KEY - random 50 characters (including specials)
- DATA_DIR - defaults to `/opt/pwman`, where the database, static files etc will be stored.