superviord on entrypoint for misp. filebeat as supervisord's service for all containers

0fd03849 · Temur Maisuradze · 6ee16ffa · 0fd03849 · 0fd03849 · 0fd03849
Commit 0fd03849 authored 4 years ago by Temur Maisuradze
--- a/roles/build/templates/misp/supervisord.conf.j2
+++ b/roles/build/templates/misp/supervisord.conf.j2
@@ -47,7 +47,7 @@ autostart=false
 autorestart=true

 [program:misp-modules]
-command=/bin/bash -c "/usr/local/bin/misp-modules -l '0.0.0.0' -s"
+command=/bin/bash -c "/usr/local/bin/misp-modules -l '0.0.0.0' -s && sleep infinity"
 user = apache
 autostart=false
 autorestart=unexpected
@@ -59,7 +59,7 @@ stderr_logfile = /var/log/supervisor/misp-modules_stderr.log
 stdout_logfile = /var/log/supervisor/misp-modules_stdout.log

 [program:workers]
-command=/bin/bash /var/www/MISP/app/Console/worker/start.sh
+command=/bin/bash -c "cleanup() { /var/www/MISP/app/Console/worker/stop.sh; }; trap 'echo signal received!; kill ${child_pid}; wait ${child_pid}; cleanup' SIGINT SIGTERM; /var/www/MISP/app/Console/worker/start.sh; sleep infinity & child_pid=$!; wait ${child_pid};"
 user=apache
 autostart=false
 autorestart=unexpected
@@ -68,3 +68,16 @@ stdout_logfile_backups = 0
 stderr_logfile_backups = 0
 stderr_logfile = /var/log/supervisor/workers_stderr.log
 stdout_logfile = /var/log/supervisor/workers_stdout.log
+
+[program:filebeat]
+directory=/opt/filebeat
+user=root
+group=root
+command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/filebeat_stderr.log
+stdout_logfile = /var/log/supervisor/filebeat_stdout.log
--- a/roles/build/templates/mysql/supervisord.conf.j2
+++ b/roles/build/templates/mysql/supervisord.conf.j2
@@ -31,3 +31,15 @@ stderr_logfile_backups = 0
 stderr_logfile = /var/log/supervisor/cron_stderr.log
 stdout_logfile = /var/log/supervisor/cron_stdout.log

+[program:filebeat]
+directory=/opt/filebeat
+user=root
+group=root
+command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/filebeat_stderr.log
+stdout_logfile = /var/log/supervisor/filebeat_stdout.log
--- a/roles/build/tasks/misp.yml
+++ b/roles/build/tasks/misp.yml
@@ -5,11 +5,6 @@
    src: misp/Dockerfile.j2
    dest: "{{role_path}}/files/mispDockerfile"

- name: Configure the misp supervisor
-  template:
-    src: misp/supervisord.conf.j2
-    dest: "{{role_path}}/files/mispsupervisord.conf"
-
 - name: Configure the misp worker startscript
  template:
    src: misp/start.sh.j2

--- a/roles/build/tasks/mysql.yml
+++ b/roles/build/tasks/mysql.yml
@@ -5,11 +5,6 @@
    src: mysql/Dockerfile.j2
    dest: "{{role_path}}/files/mysqlDockerfile"

- name: Configure the mysql supervisor
-  template:
-    src: mysql/supervisord.conf.j2
-    dest: "{{role_path}}/files/mysqlsupervisord.conf"
-
 - name: Build mysql image
  command: docker build -t {{repo}}/mysql:{{version}}{{suffix}} -f {{role_path}}/files/mysqlDockerfile {{role_path}}/files

--- a/roles/build/templates/misp/Dockerfile.j2
+++ b/roles/build/templates/misp/Dockerfile.j2
@@ -85,4 +85,3 @@ ENV PATH "$PATH:/opt/rh/rh-php72/root/bin/"

 COPY mispsupervisord.conf /etc/supervisord.conf
 ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
-#ENTRYPOINT ["/bin/bash"]
--- a/roles/cassandra/tasks/main.yml
+++ b/roles/cassandra/tasks/main.yml
@@ -24,6 +24,11 @@
  tags:
    - start

+- name: Set Autostart for supervisord's services
+  shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
+  tags:
+    - start
+
 - name: Stop Cassandra
  remote_user: root
  command: "supervisorctl stop cassandra"

--- a/roles/cortex/tasks/main.yml
+++ b/roles/cortex/tasks/main.yml
@@ -75,6 +75,11 @@
    - start
    - startcortex

+- name: Set Autostart for supervisord's services
+  shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
+  tags:
+    - start
+
 - name: Stop Elasticsearch
  remote_user: root
  command: "supervisorctl stop elasticsearch"

--- a/roles/docker/tasks/misp.yml
+++ b/roles/docker/tasks/misp.yml
@@ -7,7 +7,6 @@
    image: "{{ misp_img }}"
    networks:
      - name: "{{ soctools_netname}}"
-    entrypoint: "/bin/bash"
    interactive: "yes"
    networks_cli_compatible: yes
    published_ports:

--- a/roles/filebeat/tasks/main.yml
+++ b/roles/filebeat/tasks/main.yml
@@ -22,8 +22,8 @@
    - start

 - name: Start filebeat
-  shell: "daemonize -c / -p /filebeat.pid -l /filebeat.lock /opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml"
-  become: true
+  remote_user: root
+  shell: "supervisorctl restart filebeat"
  ignore_errors: yes
  tags:
    - start

--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -113,6 +113,11 @@
  tags:
    - start

+- name: Set Autostart for supervisord's services
+  shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
+  tags:
+    - start
+
 - name: Stop Keycloak
  remote_user: root
  command: "supervisorctl stop keycloak"

--- a/roles/misp/tasks/config.yml
+++ b/roles/misp/tasks/config.yml
@@ -63,3 +63,6 @@
  with_items:
    - fetchFeed
    - cacheFeed
+
+- name: Set Autostart for supervisord's services
+  shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
--- a/roles/misp/tasks/start.yml
+++ b/roles/misp/tasks/start.yml
@@ -57,8 +57,17 @@
 - name: Check if database is initialized
  command: /var/www/MISP/checkdb.sh

- name: Start supervisord
-  shell: "/usr/bin/supervisord -c /etc/supervisord.conf &"
+- name: Start php-fpm
+  command: "supervisorctl start php-fpm"

- name: Start MISP Services
-  command: "supervisorctl start all"
+- name: Start redis-server
+  command: "supervisorctl start redis-server"
+
+- name: Start apache2
+  command: "supervisorctl start apache2"
+
+- name: Start misp-modules
+  command: "supervisorctl start misp-modules"
+
+- name: Start workers
+  command: "supervisorctl start workers"
--- a/roles/misp/tasks/stop.yml
+++ b/roles/misp/tasks/stop.yml
 ---
+- name: Stop php-fpm
+  command: "supervisorctl stop php-fpm"
+
+- name: Stop redis-server
+  command: "supervisorctl stop redis-server"
+
+- name: Stop apache2
+  command: "supervisorctl stop apache2"
+
+- name: Stop misp-modules
+  command: "supervisorctl stop misp-modules"
+
+- name: Stop workers
+  #command: "supervisorctl start workers"
+  command: 'su - -s /bin/bash -c "/var/www/MISP/app/Console/worker/stop.sh" apache'
+
--- a/roles/mysql/tasks/misp.yml
+++ b/roles/mysql/tasks/misp.yml
@@ -18,6 +18,11 @@
  tags:
    - start

+- name: Set Autostart for supervisord's services
+  shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
+  tags:
+    - start
+

 #  CREATE DATABASE IF NOT EXISTS {{misp_dbname}};
 #  {% for misp_host in groups['mispcontainers'] %}

--- a/roles/thehive/tasks/main.yml
+++ b/roles/thehive/tasks/main.yml
@@ -24,6 +24,11 @@
  tags:
    - start

+- name: Set Autostart for supervisord's services
+  shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
+  tags:
+    - start
+
 - name: Stop TheHive
  remote_user: root
  command: "supervisorctl stop thehive"