Bring forward when database updates occur (#76)

Remove await_settings_db() entirely

Linebuffer some outputs so they look nicer

Move redis specific config items to minimum_config*json

Add start_interval to docker-compose.yml to avoid runUpdates race condition caused by health check which could lead to bad db updates, which seems to have been an issue for quite a while but is very hard to reproduce
pull/77/head
UFOSmuggler 2024-06-14 22:41:55 +10:00 committed by GitHub
parent 303ea9d2f9
commit 8aaec5d836
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 32 additions and 39 deletions

View File

@ -23,25 +23,20 @@ export GPG_BINARY="$(which gpg)"
export SETTING_CONTACT="${MISP_CONTACT-$ADMIN_EMAIL}" export SETTING_CONTACT="${MISP_CONTACT-$ADMIN_EMAIL}"
export SETTING_EMAIL="${MISP_EMAIL-$ADMIN_EMAIL}" export SETTING_EMAIL="${MISP_EMAIL-$ADMIN_EMAIL}"
init_cli_only_config() { init_minimum_config() {
# I think no matter what we do, we should wait for this table to turn up. # Temporarily disable DB to apply config file settings, reenable after if needed
# Only really impacts us on first run, and on my machine only takes a few seconds to turn up.
# TODO: this is not the right solution because `system_settings` is not part of the original dump
# await_system_settings_table
# Temporarily disable DB to apply cli_only settings, since these MUST be in the config.php file (by design or otherwise)
# This will reenable upon init_settings "db_enable" below if it is indeed enabled
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.system_setting_db" false sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "MISP.system_setting_db" false
init_settings "cli_only" init_settings "minimum_config"
init_settings "db_enable"
} }
init_configuration(){ init_configuration() {
init_settings "db_enable"
init_settings "initialisation" init_settings "initialisation"
} }
init_workers(){ init_workers() {
echo "... starting background workers" echo "... starting background workers"
supervisorctl start misp-workers:* stdbuf -oL supervisorctl start misp-workers:*
} }
configure_gnupg() { configure_gnupg() {
@ -215,16 +210,16 @@ set_up_proxy() {
apply_updates() { apply_updates() {
# Disable 'ZeroMQ_enable' to get better logs when applying updates # Disable 'ZeroMQ_enable' to get better logs when applying updates
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.ZeroMQ_enable" false # sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.ZeroMQ_enable" false
# Run updates (strip colors since output might end up in a log) # Run updates (strip colors since output might end up in a log)
sudo -u www-data /var/www/MISP/app/Console/cake Admin runUpdates | sed -r "s/[[:cntrl:]]\[[0-9]{1,3}m//g" sudo -u www-data /var/www/MISP/app/Console/cake Admin runUpdates | stdbuf -oL sed -r "s/[[:cntrl:]]\[[0-9]{1,3}m//g"
# Re-enable 'ZeroMQ_enable' # Re-enable 'ZeroMQ_enable'
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.ZeroMQ_enable" true # sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.ZeroMQ_enable" true
} }
init_user() { init_user() {
# Create the main user if it is not there already # Create the main user if it is not there already
sudo -u www-data /var/www/MISP/app/Console/cake user init -q 2>&1 > /dev/null sudo -u www-data /var/www/MISP/app/Console/cake user init -q > /dev/null 2>&1
echo "UPDATE misp.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQLCMD} echo "UPDATE misp.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQLCMD}
@ -250,7 +245,7 @@ init_user() {
if [ ! -z "$ADMIN_PASSWORD" ]; then if [ ! -z "$ADMIN_PASSWORD" ]; then
echo "... setting admin password to '${ADMIN_PASSWORD}'" echo "... setting admin password to '${ADMIN_PASSWORD}'"
PASSWORD_POLICY=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_complexity" | jq ".value" -r) PASSWORD_POLICY=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_complexity" | jq ".value" -r)
PASSWORD_LENGTH=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_length" | jq ".value") PASSWORD_LENGTH=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_length" | jq ".value" -r)
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" 1 sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_length" 1
sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" '/.*/' sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.password_policy_complexity" '/.*/'
sudo -u www-data /var/www/MISP/app/Console/cake User change_pw "${ADMIN_EMAIL}" "${ADMIN_PASSWORD}" sudo -u www-data /var/www/MISP/app/Console/cake User change_pw "${ADMIN_EMAIL}" "${ADMIN_PASSWORD}"
@ -366,13 +361,6 @@ init_settings() {
fi fi
} }
await_system_settings_table() {
until [[ $(echo "SELECT EXISTS(SELECT 1 FROM information_schema.tables WHERE table_schema = '$MYSQL_DATABASE' and table_name = 'system_settings');" | ${MYSQLCMD}) -eq 1 ]]; do
echo "... awaiting availability of system_settings table"
sleep 2
done
}
update_components() { update_components() {
sudo -u www-data /var/www/MISP/app/Console/cake Admin updateGalaxies sudo -u www-data /var/www/MISP/app/Console/cake Admin updateGalaxies
sudo -u www-data /var/www/MISP/app/Console/cake Admin updateTaxonomies sudo -u www-data /var/www/MISP/app/Console/cake Admin updateTaxonomies
@ -440,7 +428,9 @@ create_sync_servers() {
echo "MISP | Update CA certificates ..." && update_ca_certificates echo "MISP | Update CA certificates ..." && update_ca_certificates
echo "MISP | CLI_only configuration directives ..." && init_cli_only_config echo "MISP | Apply minimum configuration directives ..." && init_minimum_config
echo "MISP | Apply DB updates ..." && apply_updates
echo "MISP | Initialize configuration ..." && init_configuration echo "MISP | Initialize configuration ..." && init_configuration
@ -448,8 +438,6 @@ echo "MISP | Initialize workers ..." && init_workers
echo "MISP | Configure GPG key ..." && configure_gnupg echo "MISP | Configure GPG key ..." && configure_gnupg
echo "MISP | Apply updates ..." && apply_updates
echo "MISP | Init default user and organization ..." && init_user echo "MISP | Init default user and organization ..." && init_user
echo "MISP | Resolve critical issues ..." && apply_critical_fixes echo "MISP | Resolve critical issues ..." && apply_critical_fixes

View File

@ -2,15 +2,6 @@
"MISP.ca_path": { "MISP.ca_path": {
"default_value": "/var/www/MISP/app/Lib/cakephp/lib/Cake/Config/cacert.pem" "default_value": "/var/www/MISP/app/Lib/cakephp/lib/Cake/Config/cacert.pem"
}, },
"MISP.redis_port": {
"default_value": 6379
},
"MISP.redis_database": {
"default_value": 13
},
"MISP.redis_password": {
"default_value": ""
},
"MISP.language": { "MISP.language": {
"default_value": "eng" "default_value": "eng"
}, },
@ -113,6 +104,10 @@
"Security.check_sec_fetch_site_header": { "Security.check_sec_fetch_site_header": {
"default_value": true "default_value": true
}, },
"Security.encryption_key": {
"default_value": "",
"command_args": "-f"
},
"Security.username_in_response_header": { "Security.username_in_response_header": {
"default_value": true "default_value": true
}, },

View File

@ -12,9 +12,6 @@
"MISP.contact": { "MISP.contact": {
"default_value": "${SETTING_CONTACT}" "default_value": "${SETTING_CONTACT}"
}, },
"MISP.redis_host": {
"default_value": "${REDIS_FQDN}"
},
"Plugin.ZeroMQ_redis_host": { "Plugin.ZeroMQ_redis_host": {
"default_value": "${REDIS_FQDN}" "default_value": "${REDIS_FQDN}"
}, },

View File

@ -24,6 +24,15 @@
"default_value": "/etc/ssl/certs/ca-certificates.crt", "default_value": "/etc/ssl/certs/ca-certificates.crt",
"command_args": "-f" "command_args": "-f"
}, },
"MISP.redis_port": {
"default_value": 6379
},
"MISP.redis_database": {
"default_value": 13
},
"MISP.redis_password": {
"default_value": ""
},
"MISP.menu_custom_right_link": { "MISP.menu_custom_right_link": {
"default_value": "" "default_value": ""
}, },

View File

@ -2,6 +2,9 @@
"MISP.python_bin": { "MISP.python_bin": {
"default_value": "${PYTHON_BIN}" "default_value": "${PYTHON_BIN}"
}, },
"MISP.redis_host": {
"default_value": "${REDIS_FQDN}"
},
"GnuPG.binary": { "GnuPG.binary": {
"default_value": "${GPG_BINARY}" "default_value": "${GPG_BINARY}"
}, },

View File

@ -68,6 +68,7 @@ services:
timeout: 1s timeout: 1s
retries: 3 retries: 3
start_period: 30s start_period: 30s
start_interval: 30s
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"