From 69c0c26042ef4832a880ab83d649aa337c640984 Mon Sep 17 00:00:00 2001 From: To-om Date: Thu, 3 Jun 2021 13:55:44 +0200 Subject: [PATCH] #2042 Include cloner tool in docker entrypoint --- docker.sbt | 2 +- .../scala/org/thp/thehive/cloner/Cloner.scala | 2 +- package/docker/entrypoint | 122 +++++++++++------- 3 files changed, 74 insertions(+), 52 deletions(-) diff --git a/docker.sbt b/docker.sbt index 94a925c413..159a940811 100644 --- a/docker.sbt +++ b/docker.sbt @@ -46,7 +46,7 @@ dockerCommands := Seq( Cmd("ADD", "--chown=root:root", "opt", "/opt"), Cmd("ADD", "--chown=thehive:thehive", "var", "/var"), Cmd("ADD", "--chown=thehive:thehive", "etc", "/etc"), - ExecCmd("RUN", "chmod", "+x", "/opt/thehive/bin/thehive", "/opt/thehive/entrypoint"), + ExecCmd("RUN", "chmod", "+x", "/opt/thehive/bin/thehive", "/opt/thehive/entrypoint", "/opt/thehive/bin/cloner", "/opt/thehive/bin/migrate"), Cmd("RUN", "mkdir", "/data", "/opt/thp", "&&", "chown", "thehive:thehive", "/data", "/opt/thp"), Cmd("EXPOSE", "9000"), Cmd("USER", "thehive"), diff --git a/migration/src/main/scala/org/thp/thehive/cloner/Cloner.scala b/migration/src/main/scala/org/thp/thehive/cloner/Cloner.scala index f281ddf3a7..5d15b3cadd 100644 --- a/migration/src/main/scala/org/thp/thehive/cloner/Cloner.scala +++ b/migration/src/main/scala/org/thp/thehive/cloner/Cloner.scala @@ -39,7 +39,7 @@ object Cloner extends App with IntegrityCheckApp { val argParser = { import builder._ OParser.sequence( - programName("clone"), + programName("cloner"), version('v', "version"), help('h', "help"), head("TheHive cloner tool", getVersion), diff --git a/package/docker/entrypoint b/package/docker/entrypoint index bd64d6fa0a..9f7b5b4ec6 100755 --- a/package/docker/entrypoint +++ b/package/docker/entrypoint @@ -21,6 +21,9 @@ test "${TH_NO_CONFIG}" == 1 CONFIG=$? CONFIG_FILE=${TH_CONFIG_FILE:-/etc/thehive/application.conf} CORTEX_KEYS=${TH_CORTEX_KEYS} +MIGRATE=${TH_MIGRATE:-0} +CLONER=${TH_CLONER:-0} + function usage { cat <<- _EOF_ Available options: @@ -42,16 +45,18 @@ function usage { --cortex-port | define port to connect to Cortex (default: 9001) --cortex-hostname ,,... | resolve this hostname to find Cortex instances --cortex-keys ,,... | define Cortex key + migrate ... | run migration tool + cloner ... | run cloner tool _EOF_ exit 1 } STOP=0 -while test $# -gt 0 -o "${STOP}" = 1 +while test $# -gt 0 -a "${STOP}" = 0 do case "$1" in - "--config-file") shift;CONFIG_FILE=$1 ;; + "--config-file") shift; CONFIG_FILE=$1 ;; "--no-config") CONFIG=0 ;; "--no-config-secret") CONFIG_SECRET=0 ;; "--secret") shift; SECRET=$1 ;; @@ -70,12 +75,26 @@ do "--cortex-port") shift; CORTEX_PORT=$1 ;; "--cortex-hostnames") shift; CORTEX_HOSTNAMES=$1 ;; "--cortex-keys") shift; CORTEX_KEYS=$1 ;; - "--") STOP=1;; - *) usage + "--") STOP=1 ;; + "migrate") MIGRATE=1; STOP=1 ;; + "cloner") CLONER=1; STOP=1 ;; + *) echo param is -"$1"-; usage esac shift done +if test "${MIGRATE}" = 1 +then + bin/migrate "$@" + exit $? +fi + +if test "${CLONER}" = 1 +then + bin/cloner "$@" + exit $? +fi + if test "${CONFIG}" = 1 then CONFIG_FILE=$(mktemp --tmpdir thehive-XXXXXX.conf) @@ -84,9 +103,9 @@ then if test -z "${SECRET}" then SECRET=$(dd if=/dev/urandom bs=1024 count=1 | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1) - test "${SHOW_SECRET}" = 1 && echo Using secret: ${SECRET} + test "${SHOW_SECRET}" = 1 && echo "Using secret: ${SECRET}" fi - echo "play.http.secret.key = \"${SECRET}\"" >> ${CONFIG_FILE} + echo "play.http.secret.key = \"${SECRET}\"" >> "${CONFIG_FILE}" fi if test "${CONFIG_DB}" = 1 @@ -95,16 +114,19 @@ then declare -a CQL for C in "${CQL_HOSTS[@]}" do - CQL+=($(getent ahostsv4 "$C" | awk '{ print $1 }' | sort -u)) + for IP in $(getent ahostsv4 "$C" | awk '{ print $1 }' | sort -u) + do + CQL+=("$IP") + done done - echo "db.janusgraph {" >> ${CONFIG_FILE} + echo "db.janusgraph {" >> "${CONFIG_FILE}" if test "${#CQL[@]}" = 0 then echo "Local database in ${BDB_DIRECTORY} is be used" mkdir -p "${BDB_DIRECTORY}" - echo "storage.backend = berkeleyje" >> ${CONFIG_FILE} - echo "storage.directory = \"${BDB_DIRECTORY}\"" >> ${CONFIG_FILE} - echo "berkeleyje.freeDisk = 1" >> ${CONFIG_FILE} + echo "storage.backend = berkeleyje" >> "${CONFIG_FILE}" + echo "storage.directory = \"${BDB_DIRECTORY}\"" >> "${CONFIG_FILE}" + echo "berkeleyje.freeDisk = 1" >> "${CONFIG_FILE}" if test -e "${BDB_DIRECTORY}" then test -w "${BDB_DIRECTORY}" || echo "WARNING the directory used to store database ($BDB_DIRECTORY) is not writable" @@ -112,50 +134,50 @@ then mkdir -p "${BDB_DIRECTORY}" || echo "WARNING the directory used to store database ($BDB_DIRECTORY) is not writable" fi else - echo "Using cassandra address = ${CQL[@]}" - echo "storage.backend = cql" >> ${CONFIG_FILE} + echo "Using cassandra address = ${CQL[*]}" + echo "storage.backend = cql" >> "${CONFIG_FILE}" if [[ -n $CQL_USERNAME && -n $CQL_PASSWORD ]] then - echo "storage.username = \"${CQL_USERNAME}\"" >> ${CONFIG_FILE} - echo "storage.password = \"${CQL_PASSWORD}\"" >> ${CONFIG_FILE} - printf "Using ${CQL_USERNAME} as cassandra username and ${CQL_PASSWORD} as its password\n" + echo "storage.username = \"${CQL_USERNAME}\"" >> "${CONFIG_FILE}" + echo "storage.password = \"${CQL_PASSWORD}\"" >> "${CONFIG_FILE}" + echo "Using ${CQL_USERNAME} as cassandra username and ${CQL_PASSWORD} as its password" fi - echo "storage.cql.cluster-name = thp" >> ${CONFIG_FILE} - echo "storage.cql.keyspace = thehive" >> ${CONFIG_FILE} - echo "storage.hostname = [" >> ${CONFIG_FILE} - printf '%s\n' "${CQL_HOSTS[@]}" >> ${CONFIG_FILE} - echo "]" >> ${CONFIG_FILE} + echo "storage.cql.cluster-name = thp" >> "${CONFIG_FILE}" + echo "storage.cql.keyspace = thehive" >> "${CONFIG_FILE}" + echo "storage.hostname = [" >> "${CONFIG_FILE}" + printf '%s\n' "${CQL_HOSTS[@]}" >> "${CONFIG_FILE}" + echo "]" >> "${CONFIG_FILE}" echo "Waiting until Cassandra DB is up" sleep 30 # Sleep until cassandra Db is up fi - echo "index.search.backend = lucene" >> ${CONFIG_FILE} - echo "index.search.directory = \"${INDEX_DIRECTORY}\"" >> ${CONFIG_FILE} + echo "index.search.backend = lucene" >> "${CONFIG_FILE}" + echo "index.search.directory = \"${INDEX_DIRECTORY}\"" >> "${CONFIG_FILE}" if test -e "${INDEX_DIRECTORY}" then test -w "${INDEX_DIRECTORY}" || echo "WARNING the directory used to store index ($INDEX_DIRECTORY) is not writable" else mkdir -p "${INDEX_DIRECTORY}" || echo "WARNING the directory used to store index ($INDEX_DIRECTORY) is not writable" fi - echo "}" >> ${CONFIG_FILE} + echo "}" >> "${CONFIG_FILE}" fi if test "${CONFIG_STORAGE}" = 1 then - echo "storage {" >> ${CONFIG_FILE} + echo "storage {" >> "${CONFIG_FILE}" if test -n "${HDFS_URL}" then echo "Using HDFS ${HDFS_URL}" - echo "provider: hdfs" >> ${CONFIG_FILE} - echo "hdfs {" >> ${CONFIG_FILE} - echo "root: \"${HDFS_URL}\"" >> ${CONFIG_FILE} - echo "location: "/thehive"" >> ${CONFIG_FILE} - echo "username: thehive" >> ${CONFIG_FILE} - echo "}" >> ${CONFIG_FILE} + echo "provider: hdfs" >> "${CONFIG_FILE}" + echo "hdfs {" >> "${CONFIG_FILE}" + echo "root: \"${HDFS_URL}\"" >> "${CONFIG_FILE}" + echo "location: \"/thehive\"" >> "${CONFIG_FILE}" + echo "username: thehive" >> "${CONFIG_FILE}" + echo "}" >> "${CONFIG_FILE}" else echo "Using local storage in ${STORAGE_DIRECTORY}" mkdir -p "${STORAGE_DIRECTORY}" - echo "provider: localfs" >> ${CONFIG_FILE} - echo "localfs.directory: \"${STORAGE_DIRECTORY}\"" >> ${CONFIG_FILE} + echo "provider: localfs" >> "${CONFIG_FILE}" + echo "localfs.directory: \"${STORAGE_DIRECTORY}\"" >> "${CONFIG_FILE}" if test -e "${STORAGE_DIRECTORY}" then test -w "${STORAGE_DIRECTORY}" || echo "WARNING the directory used to store files ($STORAGE_DIRECTORY) is not writable" @@ -163,7 +185,7 @@ then mkdir -p "${STORAGE_DIRECTORY}" || echo "WARNING the directory used to store files ($STORAGE_DIRECTORY) is not writable" fi fi - echo "}" >> ${CONFIG_FILE} + echo "}" >> "${CONFIG_FILE}" fi if test "${CONFIG_CORTEX}" = 1 @@ -177,34 +199,34 @@ then done if test ${#CORTEX_URLS[@]} -gt 0 then - echo "play.modules.enabled += org.thp.thehive.connector.cortex.CortexModule" >> ${CONFIG_FILE} - echo "cortex.servers = [" >> ${CONFIG_FILE} + echo "play.modules.enabled += org.thp.thehive.connector.cortex.CortexModule" >> "${CONFIG_FILE}" + echo "cortex.servers = [" >> "${CONFIG_FILE}" I=0 - for C in ${CORTEX_URLS[@]} + for C in "${CORTEX_URLS[@]}" do echo "Add Cortex cortex${I}: ${C}" - echo "{" >> ${CONFIG_FILE} - echo "name = cortex${I}" >> ${CONFIG_FILE} - echo "url = \"$C\"" >> ${CONFIG_FILE} - echo auth { >> ${CONFIG_FILE} - echo "type = \"bearer\"" >> ${CONFIG_FILE} - echo "key = \"${CK[$I]}\"" >> ${CONFIG_FILE} - echo "}" >> ${CONFIG_FILE} - echo "}" >> ${CONFIG_FILE} - I=$((${I}+1)) + echo "{" >> "${CONFIG_FILE}" + echo "name = cortex${I}" >> "${CONFIG_FILE}" + echo "url = \"$C\"" >> "${CONFIG_FILE}" + echo "auth {" >> "${CONFIG_FILE}" + echo "type = \"bearer\"" >> "${CONFIG_FILE}" + echo "key = \"${CK[$I]}\"" >> "${CONFIG_FILE}" + echo "}" >> "${CONFIG_FILE}" + echo "}" >> "${CONFIG_FILE}" + I=$((I+1)) done - echo "]" >> ${CONFIG_FILE} + echo "]" >> "${CONFIG_FILE}" fi fi - echo "include file(\"/etc/thehive/application.conf\")" >> ${CONFIG_FILE} + echo "include file(\"/etc/thehive/application.conf\")" >> "${CONFIG_FILE}" fi bin/thehive \ - -Dconfig.file=${CONFIG_FILE} \ + -Dconfig.file="${CONFIG_FILE}" \ -Dlogger.file=/etc/thehive/logback.xml \ -Dpidfile.path=/dev/null \ - $@ + "$@" PID=$! trap 'kill -SIGTERM "${PID}"; wait "${PID}"; exit 143' SIGTERM SIGINT wait ${PID}