mirror of https://github.com/MISP/misp-docker
Move settings and mysql env vars around
parent
7e595ff585
commit
043437c83f
|
@ -3,8 +3,6 @@
|
|||
source /rest_client.sh
|
||||
source /utilities.sh
|
||||
|
||||
MYSQLCMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE"
|
||||
|
||||
# We now use envsubst for safe variable substitution with pseudo-json objects for env var enforcement
|
||||
# envsubst won't evaluate anything like $() or conditional variable expansion so lets do that here
|
||||
export PYTHON_BIN="$(which python3)"
|
||||
|
@ -210,10 +208,10 @@ init_user() {
|
|||
# Create the main user if it is not there already
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake user init -q > /dev/null 2>&1
|
||||
|
||||
echo "UPDATE $MYSQL_DATABASE.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQLCMD}
|
||||
echo "UPDATE $MYSQL_DATABASE.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQL_CMD}
|
||||
|
||||
if [ ! -z "$ADMIN_ORG" ]; then
|
||||
echo "UPDATE $MYSQL_DATABASE.organisations SET name = \"${ADMIN_ORG}\" where id = 1;" | ${MYSQLCMD}
|
||||
echo "UPDATE $MYSQL_DATABASE.organisations SET name = \"${ADMIN_ORG}\" where id = 1;" | ${MYSQL_CMD}
|
||||
fi
|
||||
|
||||
if [ -n "$ADMIN_KEY" ]; then
|
||||
|
@ -243,7 +241,7 @@ init_user() {
|
|||
else
|
||||
echo "... setting admin password skipped"
|
||||
fi
|
||||
echo "UPDATE $MYSQL_DATABASE.users SET change_pw = 0 WHERE id = 1;" | ${MYSQLCMD}
|
||||
echo "UPDATE $MYSQL_DATABASE.users SET change_pw = 0 WHERE id = 1;" | ${MYSQL_CMD}
|
||||
}
|
||||
|
||||
apply_critical_fixes() {
|
||||
|
@ -280,76 +278,6 @@ apply_optional_fixes() {
|
|||
# fi
|
||||
#}
|
||||
|
||||
# Kludgy alternative to using cake Admin getSetting.
|
||||
setting_is_set_alt() {
|
||||
local setting="$1"
|
||||
local config_json=$(echo '<?php require_once "/var/www/MISP/app/Config/config.php"; echo json_encode($config, JSON_THROW_ON_ERROR | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES); ?>'|/usr/bin/php)
|
||||
local db_settings_enabled=$(jq -e 'getpath(("MISP.system_setting_db" | split("."))) // false' <<< $config_json)
|
||||
local setting_in_config_file=$(jq -e 'getpath(("'"$setting"'" | split("."))) != null' <<< $config_json)
|
||||
if $setting_in_config_file; then
|
||||
return 0
|
||||
elif $db_settings_enabled; then
|
||||
local setting_in_db=$(echo "SELECT EXISTS(SELECT 1 FROM $MYSQL_DATABASE.system_settings WHERE setting = \"${setting}\");" | ${MYSQLCMD})
|
||||
if [[ $setting_in_db -eq 1 ]]; then
|
||||
return 0
|
||||
fi
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
||||
set_default_settings() {
|
||||
local settings_json="$1"
|
||||
local description="$2"
|
||||
|
||||
for setting in $(jq -r 'keys[]' <<< $settings_json); do
|
||||
local default_value="$(jq -r '."'"$setting"'"["default_value"]' <<< $settings_json)"
|
||||
local command_args="$(jq -r '."'"$setting"'"["command_args"] // ""' <<< $settings_json)"
|
||||
|
||||
set_safe_default "$setting" "$default_value" "$description" "$command_args"
|
||||
done
|
||||
}
|
||||
|
||||
enforce_env_settings() {
|
||||
local settings_json="$1"
|
||||
local description="$2"
|
||||
for setting in $(jq -r 'keys[]' <<< $settings_json); do
|
||||
local default_value="$(jq -r '."'"$setting"'"["default_value"]' <<< $settings_json)"
|
||||
local command_args="$(jq -r '."'"$setting"'"["command_args"] // ""' <<< $settings_json)"
|
||||
echo "Enforcing $description setting '$setting' to env var or default value '$default_value'..."
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q $command_args "$setting" "$default_value"
|
||||
done
|
||||
}
|
||||
|
||||
set_safe_default() {
|
||||
local setting="$1"
|
||||
local default_value="$2"
|
||||
local description="$3"
|
||||
local command_args="$4"
|
||||
|
||||
if ! setting_is_set_alt "$setting"; then
|
||||
echo "Updating unset $description setting '$setting' to '$default_value'..."
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q $command_args "$setting" "$default_value"
|
||||
fi
|
||||
}
|
||||
|
||||
init_settings() {
|
||||
local description="$1"
|
||||
local enforced="/etc/misp-docker/${description}.envars.json"
|
||||
local defaults="/etc/misp-docker/${description}.defaults.json"
|
||||
|
||||
if [[ -e "$enforced" ]]; then
|
||||
echo "... enforcing env var settings"
|
||||
local settings_json="$(envsubst < $enforced)"
|
||||
enforce_env_settings "$settings_json" "$description"
|
||||
fi
|
||||
|
||||
if [[ -e "$defaults" ]]; then
|
||||
echo "... checking for unset default settings"
|
||||
local settings_json="$(cat $defaults)"
|
||||
set_default_settings "$settings_json" "$description"
|
||||
fi
|
||||
}
|
||||
|
||||
update_components() {
|
||||
UPDATE_SUDO_CMD="sudo -u www-data"
|
||||
if [ ! -z "${DB_ALREADY_INITIALISED}" ]; then
|
||||
|
|
|
@ -12,6 +12,7 @@ export MYSQL_PORT=${MYSQL_PORT:-3306}
|
|||
export MYSQL_USER=${MYSQL_USER:-misp}
|
||||
export MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}
|
||||
export MYSQL_DATABASE=${MYSQL_DATABASE:-misp}
|
||||
export MYSQL_CMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE"
|
||||
export REDIS_HOST=${REDIS_HOST:-redis}
|
||||
export REDIS_PORT=${REDIS_PORT:-6379}
|
||||
export REDIS_PASSWORD=${REDIS_PASSWORD:-redispassword}
|
||||
|
|
|
@ -8,19 +8,17 @@ term_proc() {
|
|||
|
||||
trap term_proc SIGTERM
|
||||
|
||||
MYSQLCMD="mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -P $MYSQL_PORT -h $MYSQL_HOST -r -N $MYSQL_DATABASE"
|
||||
|
||||
init_mysql(){
|
||||
# Test when MySQL is ready....
|
||||
# wait for Database come ready
|
||||
isDBup () {
|
||||
echo "SHOW STATUS" | $MYSQLCMD 1>/dev/null
|
||||
echo "SHOW STATUS" | $MYSQL_CMD 1>/dev/null
|
||||
echo $?
|
||||
}
|
||||
|
||||
isDBinitDone () {
|
||||
# Table attributes has existed since at least v2.1
|
||||
echo "DESCRIBE attributes" | $MYSQLCMD 1>/dev/null
|
||||
echo "DESCRIBE attributes" | $MYSQL_CMD 1>/dev/null
|
||||
echo $?
|
||||
}
|
||||
|
||||
|
@ -40,7 +38,7 @@ init_mysql(){
|
|||
export DB_ALREADY_INITIALISED=true
|
||||
else
|
||||
echo "... database has not been initialized, importing MySQL scheme..."
|
||||
$MYSQLCMD < /var/www/MISP/INSTALL/MYSQL.sql
|
||||
$MYSQL_CMD < /var/www/MISP/INSTALL/MYSQL.sql
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
|
@ -16,3 +16,73 @@ check_env_vars() {
|
|||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
# Kludgy alternative to using cake Admin getSetting.
|
||||
setting_is_set_alt() {
|
||||
local setting="$1"
|
||||
local config_json=$(echo '<?php require_once "/var/www/MISP/app/Config/config.php"; echo json_encode($config, JSON_THROW_ON_ERROR | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES); ?>'|/usr/bin/php)
|
||||
local db_settings_enabled=$(jq -e 'getpath(("MISP.system_setting_db" | split("."))) // false' <<< $config_json)
|
||||
local setting_in_config_file=$(jq -e 'getpath(("'"$setting"'" | split("."))) != null' <<< $config_json)
|
||||
if $setting_in_config_file; then
|
||||
return 0
|
||||
elif $db_settings_enabled; then
|
||||
local setting_in_db=$(echo "SELECT EXISTS(SELECT 1 FROM $MYSQL_DATABASE.system_settings WHERE setting = \"${setting}\");" | ${MYSQL_CMD})
|
||||
if [[ $setting_in_db -eq 1 ]]; then
|
||||
return 0
|
||||
fi
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
||||
set_default_settings() {
|
||||
local settings_json="$1"
|
||||
local description="$2"
|
||||
|
||||
for setting in $(jq -r 'keys[]' <<< $settings_json); do
|
||||
local default_value="$(jq -r '."'"$setting"'"["default_value"]' <<< $settings_json)"
|
||||
local command_args="$(jq -r '."'"$setting"'"["command_args"] // ""' <<< $settings_json)"
|
||||
|
||||
set_safe_default "$setting" "$default_value" "$description" "$command_args"
|
||||
done
|
||||
}
|
||||
|
||||
enforce_env_settings() {
|
||||
local settings_json="$1"
|
||||
local description="$2"
|
||||
for setting in $(jq -r 'keys[]' <<< $settings_json); do
|
||||
local default_value="$(jq -r '."'"$setting"'"["default_value"]' <<< $settings_json)"
|
||||
local command_args="$(jq -r '."'"$setting"'"["command_args"] // ""' <<< $settings_json)"
|
||||
echo "Enforcing $description setting '$setting' to env var or default value '$default_value'..."
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q $command_args "$setting" "$default_value"
|
||||
done
|
||||
}
|
||||
|
||||
set_safe_default() {
|
||||
local setting="$1"
|
||||
local default_value="$2"
|
||||
local description="$3"
|
||||
local command_args="$4"
|
||||
|
||||
if ! setting_is_set_alt "$setting"; then
|
||||
echo "Updating unset $description setting '$setting' to '$default_value'..."
|
||||
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q $command_args "$setting" "$default_value"
|
||||
fi
|
||||
}
|
||||
|
||||
init_settings() {
|
||||
local description="$1"
|
||||
local enforced="/etc/misp-docker/${description}.envars.json"
|
||||
local defaults="/etc/misp-docker/${description}.defaults.json"
|
||||
|
||||
if [[ -e "$enforced" ]]; then
|
||||
echo "... enforcing env var settings"
|
||||
local settings_json="$(envsubst < $enforced)"
|
||||
enforce_env_settings "$settings_json" "$description"
|
||||
fi
|
||||
|
||||
if [[ -e "$defaults" ]]; then
|
||||
echo "... checking for unset default settings"
|
||||
local settings_json="$(cat $defaults)"
|
||||
set_default_settings "$settings_json" "$description"
|
||||
fi
|
||||
}
|
Loading…
Reference in New Issue