From 0fd03849153336dc069fbdcdb4825fd7fe300ac5 Mon Sep 17 00:00:00 2001
From: Temur Maisuradze <temur@grena.ge>
Date: Wed, 16 Dec 2020 17:22:20 +0400
Subject: [PATCH] superviord on entrypoint for misp. filebeat as supervisord's
service for all containers
---
.../mispsupervisord.conf} | 17 +++++++++++++++--
.../mysqlsupervisord.conf} | 12 ++++++++++++
roles/build/tasks/misp.yml | 5 -----
roles/build/tasks/mysql.yml | 5 -----
roles/build/templates/misp/Dockerfile.j2 | 1 -
roles/cassandra/tasks/main.yml | 5 +++++
roles/cortex/tasks/main.yml | 5 +++++
roles/docker/tasks/misp.yml | 1 -
roles/filebeat/tasks/main.yml | 4 ++--
roles/keycloak/tasks/main.yml | 5 +++++
roles/misp/tasks/config.yml | 3 +++
roles/misp/tasks/start.yml | 17 +++++++++++++----
roles/misp/tasks/stop.yml | 16 ++++++++++++++++
roles/mysql/tasks/misp.yml | 5 +++++
roles/thehive/tasks/main.yml | 5 +++++
15 files changed, 86 insertions(+), 20 deletions(-)
rename roles/build/{templates/misp/supervisord.conf.j2 => files/mispsupervisord.conf} (72%)
rename roles/build/{templates/mysql/supervisord.conf.j2 => files/mysqlsupervisord.conf} (72%)
diff --git a/roles/build/templates/misp/supervisord.conf.j2 b/roles/build/files/mispsupervisord.conf
similarity index 72%
rename from roles/build/templates/misp/supervisord.conf.j2
rename to roles/build/files/mispsupervisord.conf
index ee1e0c4..fce59b7 100644
--- a/roles/build/templates/misp/supervisord.conf.j2
+++ b/roles/build/files/mispsupervisord.conf
@@ -47,7 +47,7 @@ autostart=false
autorestart=true
[program:misp-modules]
-command=/bin/bash -c "/usr/local/bin/misp-modules -l '0.0.0.0' -s"
+command=/bin/bash -c "/usr/local/bin/misp-modules -l '0.0.0.0' -s && sleep infinity"
user = apache
autostart=false
autorestart=unexpected
@@ -59,7 +59,7 @@ stderr_logfile = /var/log/supervisor/misp-modules_stderr.log
stdout_logfile = /var/log/supervisor/misp-modules_stdout.log
[program:workers]
-command=/bin/bash /var/www/MISP/app/Console/worker/start.sh
+command=/bin/bash -c "cleanup() { /var/www/MISP/app/Console/worker/stop.sh; }; trap 'echo signal received!; kill ${child_pid}; wait ${child_pid}; cleanup' SIGINT SIGTERM; /var/www/MISP/app/Console/worker/start.sh; sleep infinity & child_pid=$!; wait ${child_pid};"
user=apache
autostart=false
autorestart=unexpected
@@ -68,3 +68,16 @@ stdout_logfile_backups = 0
stderr_logfile_backups = 0
stderr_logfile = /var/log/supervisor/workers_stderr.log
stdout_logfile = /var/log/supervisor/workers_stdout.log
+
+[program:filebeat]
+directory=/opt/filebeat
+user=root
+group=root
+command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/filebeat_stderr.log
+stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/templates/mysql/supervisord.conf.j2 b/roles/build/files/mysqlsupervisord.conf
similarity index 72%
rename from roles/build/templates/mysql/supervisord.conf.j2
rename to roles/build/files/mysqlsupervisord.conf
index 78258b5..60d3109 100644
--- a/roles/build/templates/mysql/supervisord.conf.j2
+++ b/roles/build/files/mysqlsupervisord.conf
@@ -31,3 +31,15 @@ stderr_logfile_backups = 0
stderr_logfile = /var/log/supervisor/cron_stderr.log
stdout_logfile = /var/log/supervisor/cron_stdout.log
+[program:filebeat]
+directory=/opt/filebeat
+user=root
+group=root
+command=/bin/bash -c '/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/filebeat_stderr.log
+stdout_logfile = /var/log/supervisor/filebeat_stdout.log
diff --git a/roles/build/tasks/misp.yml b/roles/build/tasks/misp.yml
index d52c39c..3bfe7c9 100644
--- a/roles/build/tasks/misp.yml
+++ b/roles/build/tasks/misp.yml
@@ -5,11 +5,6 @@
src: misp/Dockerfile.j2
dest: "{{role_path}}/files/mispDockerfile"
-- name: Configure the misp supervisor
- template:
- src: misp/supervisord.conf.j2
- dest: "{{role_path}}/files/mispsupervisord.conf"
-
- name: Configure the misp worker startscript
template:
src: misp/start.sh.j2
diff --git a/roles/build/tasks/mysql.yml b/roles/build/tasks/mysql.yml
index a028190..75d9625 100644
--- a/roles/build/tasks/mysql.yml
+++ b/roles/build/tasks/mysql.yml
@@ -5,11 +5,6 @@
src: mysql/Dockerfile.j2
dest: "{{role_path}}/files/mysqlDockerfile"
-- name: Configure the mysql supervisor
- template:
- src: mysql/supervisord.conf.j2
- dest: "{{role_path}}/files/mysqlsupervisord.conf"
-
- name: Build mysql image
command: docker build -t {{repo}}/mysql:{{version}}{{suffix}} -f {{role_path}}/files/mysqlDockerfile {{role_path}}/files
diff --git a/roles/build/templates/misp/Dockerfile.j2 b/roles/build/templates/misp/Dockerfile.j2
index 28f5bc8..e8637f8 100644
--- a/roles/build/templates/misp/Dockerfile.j2
+++ b/roles/build/templates/misp/Dockerfile.j2
@@ -85,4 +85,3 @@ ENV PATH "$PATH:/opt/rh/rh-php72/root/bin/"
COPY mispsupervisord.conf /etc/supervisord.conf
ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
-#ENTRYPOINT ["/bin/bash"]
diff --git a/roles/cassandra/tasks/main.yml b/roles/cassandra/tasks/main.yml
index b5dfeb4..814355e 100644
--- a/roles/cassandra/tasks/main.yml
+++ b/roles/cassandra/tasks/main.yml
@@ -24,6 +24,11 @@
tags:
- start
+- name: Set Autostart for supervisord's services
+ shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
+ tags:
+ - start
+
- name: Stop Cassandra
remote_user: root
command: "supervisorctl stop cassandra"
diff --git a/roles/cortex/tasks/main.yml b/roles/cortex/tasks/main.yml
index bcc9335..0c150c2 100644
--- a/roles/cortex/tasks/main.yml
+++ b/roles/cortex/tasks/main.yml
@@ -75,6 +75,11 @@
- start
- startcortex
+- name: Set Autostart for supervisord's services
+ shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
+ tags:
+ - start
+
- name: Stop Elasticsearch
remote_user: root
command: "supervisorctl stop elasticsearch"
diff --git a/roles/docker/tasks/misp.yml b/roles/docker/tasks/misp.yml
index 22042b5..f32e440 100644
--- a/roles/docker/tasks/misp.yml
+++ b/roles/docker/tasks/misp.yml
@@ -7,7 +7,6 @@
image: "{{ misp_img }}"
networks:
- name: "{{ soctools_netname}}"
- entrypoint: "/bin/bash"
interactive: "yes"
networks_cli_compatible: yes
published_ports:
diff --git a/roles/filebeat/tasks/main.yml b/roles/filebeat/tasks/main.yml
index 04e41e1..1c17549 100644
--- a/roles/filebeat/tasks/main.yml
+++ b/roles/filebeat/tasks/main.yml
@@ -22,8 +22,8 @@
- start
- name: Start filebeat
- shell: "daemonize -c / -p /filebeat.pid -l /filebeat.lock /opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml"
- become: true
+ remote_user: root
+ shell: "supervisorctl restart filebeat"
ignore_errors: yes
tags:
- start
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index 41a832c..f061ebc 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -113,6 +113,11 @@
tags:
- start
+- name: Set Autostart for supervisord's services
+ shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
+ tags:
+ - start
+
- name: Stop Keycloak
remote_user: root
command: "supervisorctl stop keycloak"
diff --git a/roles/misp/tasks/config.yml b/roles/misp/tasks/config.yml
index 52bfaac..1628108 100644
--- a/roles/misp/tasks/config.yml
+++ b/roles/misp/tasks/config.yml
@@ -63,3 +63,6 @@
with_items:
- fetchFeed
- cacheFeed
+
+- name: Set Autostart for supervisord's services
+ shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
diff --git a/roles/misp/tasks/start.yml b/roles/misp/tasks/start.yml
index fca3a0c..047dc10 100644
--- a/roles/misp/tasks/start.yml
+++ b/roles/misp/tasks/start.yml
@@ -57,8 +57,17 @@
- name: Check if database is initialized
command: /var/www/MISP/checkdb.sh
-- name: Start supervisord
- shell: "/usr/bin/supervisord -c /etc/supervisord.conf &"
+- name: Start php-fpm
+ command: "supervisorctl start php-fpm"
-- name: Start MISP Services
- command: "supervisorctl start all"
+- name: Start redis-server
+ command: "supervisorctl start redis-server"
+
+- name: Start apache2
+ command: "supervisorctl start apache2"
+
+- name: Start misp-modules
+ command: "supervisorctl start misp-modules"
+
+- name: Start workers
+ command: "supervisorctl start workers"
diff --git a/roles/misp/tasks/stop.yml b/roles/misp/tasks/stop.yml
index ed97d53..6a56d87 100644
--- a/roles/misp/tasks/stop.yml
+++ b/roles/misp/tasks/stop.yml
@@ -1 +1,17 @@
---
+- name: Stop php-fpm
+ command: "supervisorctl stop php-fpm"
+
+- name: Stop redis-server
+ command: "supervisorctl stop redis-server"
+
+- name: Stop apache2
+ command: "supervisorctl stop apache2"
+
+- name: Stop misp-modules
+ command: "supervisorctl stop misp-modules"
+
+- name: Stop workers
+ #command: "supervisorctl start workers"
+ command: 'su - -s /bin/bash -c "/var/www/MISP/app/Console/worker/stop.sh" apache'
+
diff --git a/roles/mysql/tasks/misp.yml b/roles/mysql/tasks/misp.yml
index b3262fc..7c9cc20 100644
--- a/roles/mysql/tasks/misp.yml
+++ b/roles/mysql/tasks/misp.yml
@@ -18,6 +18,11 @@
tags:
- start
+- name: Set Autostart for supervisord's services
+ shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
+ tags:
+ - start
+
# CREATE DATABASE IF NOT EXISTS {{misp_dbname}};
# {% for misp_host in groups['mispcontainers'] %}
diff --git a/roles/thehive/tasks/main.yml b/roles/thehive/tasks/main.yml
index 3a11515..b9ed5b5 100644
--- a/roles/thehive/tasks/main.yml
+++ b/roles/thehive/tasks/main.yml
@@ -24,6 +24,11 @@
tags:
- start
+- name: Set Autostart for supervisord's services
+ shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
+ tags:
+ - start
+
- name: Stop TheHive
remote_user: root
command: "supervisorctl stop thehive"
--
GitLab