diff --git a/inventories/filebeat b/inventories/filebeat
index 408bdd3cd84412ff5cace6f26f7d56ff6faa5b05..e4442b309dd5235b4b0462cbdf8e4760730db898 100644
--- a/inventories/filebeat
+++ b/inventories/filebeat
@@ -10,3 +10,4 @@ dsoclab-keycloak ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor
dsoclab-mysql ansible_connection=docker FILEBEAT_FILES='["/var/opt/rh/rh-mariadb103/log/mariadb/mariadb.log"]' FILEBEAT_LOG_TYPE="mysql" FILEBEAT_LOG_FORMAT="text"
dsoclab-haproxy ansible_connection=docker FILEBEAT_SYSLOG_PORT=9000 FILEBEAT_LOG_TYPE="haproxy" FILEBEAT_LOG_FORMAT="text"
#dsoclab-zookeeper ansible_connection=docker FILEBEAT_FILES='[""]'
+dsoclab-cortex ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="cortex" FILEBEAT_LOG_FORMAT="text"
diff --git a/roles/build/files/cortexsupervisord.conf b/roles/build/files/cortexsupervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..dd015f8935abde558a3518265eac86ef2623e517
--- /dev/null
+++ b/roles/build/files/cortexsupervisord.conf
@@ -0,0 +1,43 @@
+[unix_http_server]
+file=/tmp/supervisor.sock
+
+[supervisord]
+pidfile=/tmp/supervisord.pid
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+logfile_maxbytes=10MB
+logfile_backups=10
+loglevel=info
+childlogdir=/var/log/supervisor/
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
+[program:elasticsearch]
+directory=/usr/share/elasticsearch
+user=elasticsearch
+group=elasticsearch
+command=/bin/bash -c '/usr/share/elasticsearch/bin/elasticsearch'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/elasticsearch_stderr.log
+stdout_logfile = /var/log/supervisor/elasticsearch_stdout.log
+
+[program:cortex]
+directory=/opt/cortex
+user=cortex
+group=cortex
+command=/bin/bash -c '/opt/cortex/bin/cortex -Dconfig.file=/etc/cortex/application.conf -Dlogger.file=/etc/cortex/logback.xml -J-Xms1g -J-Xmx1g -Dpidfile.path=/dev/null'
+autostart=false
+autorestart=true
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/cortex_stderr.log
+stdout_logfile = /var/log/supervisor/cortex_stdout.log
diff --git a/roles/build/templates/cortex/Dockerfile.j2 b/roles/build/templates/cortex/Dockerfile.j2
index d56dbf02c14be1e71860da43814eddc904aa7177..68ac1ed5d577913d92592a8fb236dcc896265b8a 100644
--- a/roles/build/templates/cortex/Dockerfile.j2
+++ b/roles/build/templates/cortex/Dockerfile.j2
@@ -27,6 +27,7 @@ RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
for I in responders/*/requirements.txt; do LC_ALL=en_US.UTF-8 pip3 install --no-cache-dir -U -r $I || true; done && \
yum -y clean all
EXPOSE 9001
-#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
-USER cortex
+COPY cortexsupervisord.conf /etc/supervisord.conf
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+#USER cortex
# ENTRYPOINT ["/start.sh"]
diff --git a/roles/cortex/tasks/main.yml b/roles/cortex/tasks/main.yml
index 5d1eeb21e68d7a614760b36f4867b2aede6397f8..bcc93356e0b457e0f4de25239cf026cac2e97788 100644
--- a/roles/cortex/tasks/main.yml
+++ b/roles/cortex/tasks/main.yml
@@ -17,6 +17,7 @@
- startcortex
- name: Copy certificates in cortex conf dir
+ remote_user: cortex
copy:
src: "{{ item }}"
dest: "/etc/cortex/{{ item }}"
@@ -42,18 +43,13 @@
- name: Start embedded Elasticsearch 6
remote_user: root
- command: >
- daemonize
- -u elasticsearch
- -c /usr/share/elasticsearch
- -p /tmp/elasticsearch.pid
- -o /tmp/elasticsearch-stdout.log
- /usr/share/elasticsearch/bin/elasticsearch
+ command: "supervisorctl start elasticsearch"
tags:
- start
- startcortex
- name: Configure Cortex
+ remote_user: cortex
template:
src: application.conf.j2
dest: /etc/cortex/application.conf
@@ -62,22 +58,14 @@
- startcortex
- name: Start Cortex
- command: >
- daemonize
- -c /opt/cortex
- -p /tmp/cortex.pid
- -o /tmp/cortex-stdout.log
- /opt/cortex/bin/cortex
- -Dconfig.file=/etc/cortex/application.conf
- -Dlogger.file=/etc/cortex/logback.xml
- -J-Xms1g
- -J-Xmx1g
- -Dpidfile.path=/dev/null
+ remote_user: root
+ command: "supervisorctl start cortex"
tags:
- start
- startcortex
- name: Wait for Cortex
+ remote_user: root
wait_for:
host: "{{groups['cortex'][0]}}"
port: 9001
@@ -87,8 +75,16 @@
- start
- startcortex
+- name: Stop Elasticsearch
+ remote_user: root
+ command: "supervisorctl stop elasticsearch"
+ tags:
+ - stop
+ - stopelasticsearch
+
- name: Stop Cortex
- command: "pkill -SIGTERM -F /tmp/cortex.pid"
+ remote_user: root
+ command: "supervisorctl stop cortex"
tags:
- stop
- stopcortex
diff --git a/roles/docker/tasks/cortex.yml b/roles/docker/tasks/cortex.yml
index c8d7b1ea2fd7564d5e4829620e994773168d11c7..15a0732d1d90e4403f020e1edf868c34ab0d5dfc 100644
--- a/roles/docker/tasks/cortex.yml
+++ b/roles/docker/tasks/cortex.yml
@@ -12,7 +12,6 @@
# - "9001:9001"
volumes:
- "{{item}}:/var/lib/elasticsearch/"
- entrypoint: "/bin/bash"
interactive: "yes"
with_items: "{{ groups['cortex'] }}"
tags: