From 28214941b331c1907c87cec4e9ed52dcc9584906 Mon Sep 17 00:00:00 2001 From: To-om Date: Fri, 5 May 2017 14:54:43 +0200 Subject: [PATCH] #193 Fix docker entrypoint --- build.sbt | 37 +++++---- docker/thehive/docker-compose.yml | 21 +++++ docker/thehive/thehive.conf | 5 ++ install/docker/entrypoint | 129 ++++++++++++++++++++++++++---- install/empty | 0 install/thehive.conf | 6 +- install/thehive.service | 13 +-- project/Release.scala | 1 + 8 files changed, 165 insertions(+), 47 deletions(-) create mode 100644 docker/thehive/docker-compose.yml create mode 100644 docker/thehive/thehive.conf create mode 100644 install/empty diff --git a/build.sbt b/build.sbt index 6fc95c6ccc..4504f463a3 100644 --- a/build.sbt +++ b/build.sbt @@ -34,10 +34,10 @@ run := { (run in Compile).evaluated frontendDev.value } - mappings in packageBin in Assets ++= frontendFiles.value -// Remove conf files// Install service files // +// Remove conf files +// Install service files mappings in Universal ~= { _.flatMap { case (file, "conf/application.conf") => Nil @@ -87,7 +87,7 @@ linuxEtcDefaultTemplate in Debian := (baseDirectory.value / "install" / "etc_def linuxMakeStartScript in Debian := None // RPM // -rpmRelease := "7" +rpmRelease := "8" rpmVendor in Rpm := "TheHive Project" rpmUrl := Some("http://thehive-project.org/") rpmLicense := Some("AGPL") @@ -101,23 +101,30 @@ rpmPrefix := Some(defaultLinuxInstallLocation.value) linuxEtcDefaultTemplate in Rpm := (baseDirectory.value / "install" / "etc_default_thehive").asURL // DOCKER // -import com.typesafe.sbt.packager.docker.{Cmd, ExecCmd} +import com.typesafe.sbt.packager.docker.{ Cmd, ExecCmd } -dockerBaseImage := "elasticsearch:2.3" -dockerExposedVolumes += "/data" +defaultLinuxInstallLocation in Docker := "/opt/thehive" dockerRepository := Some("certbdf") dockerUpdateLatest := true -mappings in Docker += file("install/docker/entrypoint") -> "bin/entrypoint" - -dockerCommands := dockerCommands.value.map { - case ExecCmd("ENTRYPOINT", _*) => ExecCmd("ENTRYPOINT", "bin/entrypoint") - case cmd => cmd +dockerEntrypoint := Seq("/opt/thehive/entrypoint") +dockerExposedPorts := Seq(9000) +mappings in Docker ++= Seq( + file("install/docker/entrypoint") -> "/opt/thehive/entrypoint", + file("conf/logback.xml") -> "/etc/thehive/logback.xml", + file("install/empty") -> "/var/log/thehive/application.log") +mappings in Docker ~= (_.filterNot { + case (_, filepath) => filepath == "/opt/thehive/conf/application.conf" +}) +dockerCommands ~= { dc => + val (dockerInitCmds, dockerTailCmds) = dc.splitAt(4) + dockerInitCmds ++ + Seq( + Cmd("ADD", "var", "/var"), + Cmd("ADD", "etc", "/etc"), + ExecCmd("RUN", "chown", "-R", "daemon:daemon", "/var/log/thehive")) ++ + dockerTailCmds } -dockerCommands := (dockerCommands.value.head +: - Cmd("EXPOSE", "9000") +: - dockerCommands.value.tail) - // Bintray // bintrayOrganization := Some("cert-bdf") bintrayRepository := "thehive" diff --git a/docker/thehive/docker-compose.yml b/docker/thehive/docker-compose.yml new file mode 100644 index 0000000000..eaf55df300 --- /dev/null +++ b/docker/thehive/docker-compose.yml @@ -0,0 +1,21 @@ +version: "2" +services: + elasticsearch: + image: elasticsearch:2 + command: [ + -Des.script.inline=on, + -Des.cluster.name=hive, + -Des.threadpool.index.queue_size=100000, + -Des.threadpool.search.queue_size=100000, + -Des.threadpool.bulk.queue_size=1000] + cortex: + image: certbdf/cortex:latest + ports: + - "0.0.0.0:9001:9000" + thehive: + image: certbdf/thehive:latest + depends_on: + - elasticsearch + - cortex + ports: + - "0.0.0.0:9000:9000" \ No newline at end of file diff --git a/docker/thehive/thehive.conf b/docker/thehive/thehive.conf new file mode 100644 index 0000000000..c1eb27fd4c --- /dev/null +++ b/docker/thehive/thehive.conf @@ -0,0 +1,5 @@ +cortex { + aa { + url = "http://192.168.1.1" + } +} diff --git a/install/docker/entrypoint b/install/docker/entrypoint index 14a34201ef..07db120a82 100755 --- a/install/docker/entrypoint +++ b/install/docker/entrypoint @@ -1,24 +1,119 @@ #!/bin/bash -/docker-entrypoint.sh elasticsearch \ - -Des.path.data=/data \ - -Des.script.inline=on \ - -Des.cluster.name=hive \ - -Des.threadpool.index.queue_size=100000 \ - -Des.threadpool.search.queue_size=100000 \ - -Des.threadpool.bulk.queue_size=1000 & +ES_HOSTNAME=elasticsearch +CONFIG_SECRET=1 +CONFIG_ES=1 +CONFIG_CORTEX=1 +CORTEX_HOSTNAME=cortex +CORTEX_PROTO=http +CORTEX_PORT=9000 +CORTEX_URLS=() +CONFIG=1 +CONFIG_FILE=/etc/thehive/application.conf +function usage { + cat <<- _EOF_ + Available options: + --no-config | do not try to configure TheHive (add secret and elasticsearch) + --no-config-secret | do not add random secret to configuration + --no-config-es | do not add elasticsearch hosts to configuration + --es-hosts | use this string to configure elasticsearch hosts (format: ["host1:9300","host2:9300"]) + --es-hostname | resolve this hostname to find elasticseach instances + --secret | secret to secure sessions + --cortex-proto | define protocol to connect to Cortex (default: http) + --cortex-port | define port to connect to Cortex (default: 9000) + --cortex-url | add Cortex connection + --cortex-hostname | resolve this hostname to find Cortex instances + _EOF_ + exit 1 +} -if test ! -e conf/application.conf +STOP=0 +while test $# -gt 0 -o $STOP = 1 +do + case "$1" in + "--no-config") CONFIG=0;; + "--no-config-secret") CONFIG_SECRET=0;; + "--secret") shift; SECRET=$1;; + "--no-config-es") CONFIG_ES=0;; + "--es-hosts") shift; ES_HOSTS=$1;; + "--es-hostname") shift; ES_HOSTNAME=$1;; + "--no-config-cortex") CONFIG_CORTEX=0;; + "--cortex-proto") shift; CORTEX_PROTO=$1;; + "--cortex-port") shift; CORTEX_PORT=$1;; + "--cortex-url") shift; CORTEX_URLS+=($1);; + "--cortex-hostname") shift; CORTEX_HOSTNAME=$1;; + "--") STOP=1;; + *) usage + esac + shift +done + +if test $CONFIG = 1 then - mkdir -p conf - cat > conf/application.conf <<- _EOF_ - # Secret key - # ~~~~~ - # The secret key is used to secure cryptographics functions. - # If you deploy your application to several instances be sure to use the same key! - play.crypto.secret="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1)" - _EOF_ + CONFIG_FILE=$(mktemp).conf + if test $CONFIG_SECRET = 1 + then + if test -z "$SECRET" + then + SECRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1) + fi + echo Using secret: $SECRET + echo play.crypto.secret=\"$SECRET\" >> $CONFIG_FILE + fi + + if test $CONFIG_ES = 1 + then + if test -z "$ES_HOSTS" + then + function join_es_hosts { + echo -n "[\"$1" + shift + printf "%s:9300\"]" "${@/#/:9300\",\"}" + } + + ES=$(getent ahostsv4 $ES_HOSTNAME | awk '{ print $1 }' | sort -u) + if test -z "$ES" + then + echo "Warning automatic elasticsearch host config fails" + else + ES_HOSTS=$(join_es_hosts $ES) + fi + fi + if test -n "$ES_HOSTS" + then + echo Using elasticsearch host: $ES_HOSTS + echo search.host=$ES_HOSTS >> $CONFIG_FILE + else + echo elasticsearch host not configured + fi + fi + + if test $CONFIG_CORTEX = 1 + then + if test -n "$CORTEX_HOSTNAME" + then + CORTEX_URLS+=($(getent ahostsv4 $CORTEX_HOSTNAME | awk "{ print \"$CORTEX_PROTO://\"\$1\":$CORTEX_PORT\" }" | sort -u)) + fi + + if test ${#CORTEX_URLS[@]} -gt 0 + then + echo "play.modules.enabled += connectors.cortex.CortexConnector" >> $CONFIG_FILE + fi + I=1 + for C in ${CORTEX_URLS[@]} + do + echo Add Cortex cortex$I: $C + echo cortex.cortex$I.url=\"$C\" >> $CONFIG_FILE + I=$(($I+1)) + done + fi + + echo 'include file("/etc/thehive/application.conf")' >> $CONFIG_FILE fi -bin/thehive $@ +exec bin/thehive \ + -Dconfig.file=$CONFIG_FILE \ + -Dlogger.file=/etc/thehive/logback.xml \ + -Dpidfile.path=/dev/null \ + $@ diff --git a/install/empty b/install/empty new file mode 100644 index 0000000000..e69de29bb2 diff --git a/install/thehive.conf b/install/thehive.conf index a6d0d2e108..1c9ceb5102 100644 --- a/install/thehive.conf +++ b/install/thehive.conf @@ -1,7 +1,7 @@ # generated upstart config description "Scalable, Open Source and Free Security Incident Response Solutions" -author "Thomas Franco " # Stanzas # @@ -22,10 +22,6 @@ respawn limit 1 60 normal exit 0 -pre-start script - [ -d /var/run/thehive ] || install -m 755 -o thehive -g thehive -d /var/run/thehive -end script - # set the working directory of the job processes chdir /opt/thehive diff --git a/install/thehive.service b/install/thehive.service index 47508ca394..3c9848885d 100644 --- a/install/thehive.service +++ b/install/thehive.service @@ -10,17 +10,10 @@ WorkingDirectory=/opt/thehive User=thehive Group=thehive -RuntimeDirectory=thehive -RuntimeDirectoryMode=0750 - -ExecStartPre=/bin/mkdir -p /run/thehive /var/log/thehive -ExecStartPre=/bin/chown thehive:thehive /run/thehive /var/log/thehive -ExecStartPre=/bin/chmod 755 /run/thehive /var/log/thehive - ExecStart=/opt/thehive/bin/thehive \ - -Dconfig.file=/etc/thehive/application.conf \ - -Dlogger.file=/etc/thehive/logback.xml \ - -Dpidfile.path=/dev/null + -Dconfig.file=/etc/thehive/application.conf \ + -Dlogger.file=/etc/thehive/logback.xml \ + -Dpidfile.path=/dev/null StandardOutput=journal StandardError=inherit diff --git a/project/Release.scala b/project/Release.scala index 8f1b0d1d9a..e9fcffbabb 100644 --- a/project/Release.scala +++ b/project/Release.scala @@ -29,6 +29,7 @@ object Release { IO.load(properties, credentialsFile) val token = Option(properties.getProperty("token")).fold("")(t => s"-t $t") s"github_changelog_generator $token" ! sLog.value + () } ) } \ No newline at end of file