Merge pull request #328 from 8ear/8ear-add-docker-capabilitites

Add Docker Capabilitites
2019-09-02 19:55:58 +02:00 · 2019-09-02 19:55:58 +02:00 · a719e142d8
parent 30d9567e8c 4f0237508e
commit a719e142d8
5 changed files with 228 additions and 16 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -10,6 +10,9 @@ python:
    - "3.6-dev"
    - "3.7-dev"

+before_install:
+    - docker build -t misp-modules --build-arg BUILD_DATE=$(date -u +"%Y-%m-%d") docker/
+
 install:
    - sudo apt-get install libzbar0 libzbar-dev libpoppler-cpp-dev
    - pip install pipenv
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -0,0 +1,130 @@
+FROM python:3.7-buster AS build
+
+ENV DEBIAN_FRONTEND noninteractive
+ENV WORKDIR="/usr/local/src/misp_modules"
+ENV VENV_DIR="/misp_modules"
+
+# Install Packages for build
+RUN set -eu \
+        ;mkdir -p ${WORKDIR} ${VENV_DIR} \
+        ;apt-get update  \
+        ;apt-get install -y \
+                git \
+                libpq5 \
+                libjpeg-dev \
+                tesseract-ocr \
+                libpoppler-cpp-dev \
+                imagemagick \
+                virtualenv \
+                libopencv-dev \
+                zbar-tools \
+                libzbar0 \
+                libzbar-dev \
+                libfuzzy-dev \
+        ;apt-get -y autoremove \
+        ;apt-get -y clean \
+        ;rm -rf /var/lib/apt/lists/* \
+        ;
+
+# Create MISP Modules
+RUN set -eu \
+        ;git clone https://github.com/MISP/misp-modules.git ${WORKDIR} \
+        ;virtualenv -p python3 ${VENV_DIR}/venv \
+        ;cd ${WORKDIR} \
+        ;${VENV_DIR}/venv/bin/pip3 install -I -r REQUIREMENTS --no-cache-dir \
+        ;${VENV_DIR}/venv/bin/pip3 install . --no-cache-dir \
+        ;
+
+#########################################
+# Start Final Docker Image
+#
+FROM python:3.7-slim-buster AS final
+
+ENV DEBIAN_FRONTEND noninteractive 
+ENV VENV_DIR="/misp_modules"
+
+# Copy all builded files from build stage
+COPY --from=build ${VENV_DIR} ${VENV_DIR}
+
+# Install Packages to run it
+RUN set -eu \
+        ;apt-get update  \
+        ;apt-get install -y \
+                curl \
+                libpq5 \
+                # libjpeg-dev \
+                tesseract-ocr \
+                libpoppler-cpp-dev \
+                imagemagick \
+                # virtualenv \
+                # libopencv-dev \
+                zbar-tools \
+                libzbar0 \
+                # libzbar-dev \
+                # libfuzzy-dev \
+        ;apt-get -y autoremove \
+        ;apt-get -y clean \
+        ;rm -rf /var/lib/apt/lists/* \
+        ;chown -R nobody ${VENV_DIR} \
+        ;
+
+# Entrypoint
+        COPY files/entrypoint.sh /entrypoint.sh
+        ENTRYPOINT [ "/entrypoint.sh" ]
+
+# Add Healthcheck Config
+        COPY files/healthcheck.sh /healthcheck.sh
+        HEALTHCHECK --interval=1m --timeout=45s --retries=3 CMD ["/healthcheck.sh"]
+
+# Change Workdir
+        WORKDIR ${VENV_DIR}
+
+# Change from root to www-data
+        USER nobody
+
+# Expose Port
+        EXPOSE 6666
+
+# Shortterm ARG Variables:
+        ARG VENDOR="MISP"
+        ARG COMPONENT="misp-modules"
+        ARG BUILD_DATE
+        ARG GIT_REPO="https://github.com/MISP/misp-modules"
+        ARG VCS_REF
+        ARG RELEASE_DATE
+        ARG NAME="MISP-dockerized-misp-modules"
+        ARG DESCRIPTION="This docker container contains MISP modules in an Debian Container."
+        ARG DOCUMENTATION="https://misp.github.io/misp-modules/"
+        ARG AUTHOR="MISP"
+        ARG LICENSE="BSD-3-Clause"
+
+# Longterm Environment Variables
+ENV \
+        BUILD_DATE=${BUILD_DATE} \
+        NAME=${NAME} \
+        PATH=$PATH:${VENV_DIR}/venv/bin
+
+# Labels
+LABEL org.label-schema.build-date="${BUILD_DATE}" \
+        org.label-schema.name="${NAME}" \
+        org.label-schema.description="${DESCRIPTION}" \
+        org.label-schema.vcs-ref="${VCS_REF}" \
+        org.label-schema.vcs-url="${GIT_REPO}" \
+        org.label-schema.url="${GIT_REPO}" \
+        org.label-schema.vendor="${VENDOR}" \
+        org.label-schema.version="${VERSION}" \
+        org.label-schema.usage="${DOCUMENTATION}" \
+        org.label-schema.schema-version="1.0.0-rc1"
+
+LABEL   org.opencontainers.image.created="${BUILD_DATE}" \
+        org.opencontainers.image.url="${GIT_REPO}" \
+        org.opencontainers.image.source="${GIT_REPO}" \
+        org.opencontainers.image.version="${VERSION}" \
+        org.opencontainers.image.revision="${VCS_REF}" \
+        org.opencontainers.image.vendor="${VENDOR}" \
+        org.opencontainers.image.title="${NAME}" \
+        org.opencontainers.image.description="${DESCRIPTION}" \
+        org.opencontainers.image.documentation="${DOCUMENTATION}" \
+        org.opencontainers.image.authors="${AUTHOR}" \
+        org.opencontainers.image.licenses="${LICENSE}"
+
--- a/docker/files/entrypoint.sh
+++ b/docker/files/entrypoint.sh
@ -0,0 +1,37 @@
+#!/bin/sh
+set -eu
+
+# Variables
+NC='\033[0m' # No Color
+Light_Green='\033[1;32m' 
+STARTMSG="${Light_Green}[ENTRYPOINT_MISP_MODULES]${NC}"
+VENV_DIR=${VENV_DIR:-"/misp-modules"}
+MISP_MODULES_BINARY="${VENV_DIR}/venv/bin/misp-modules"
+DEBUG=""
+
+# Functions
+echo (){
+    command echo "$STARTMSG $*"
+}
+
+# Environment Variables
+MISP_MODULES_DEBUG=${MISP_MODULES_DEBUG:-"false"}
+
+#
+#   MAIN
+#
+
+
+# Check if debugging mode should be enabled
+[ "$MISP_MODULES_DEBUG" = "true" ] && DEBUG="-d"
+
+# check if a command parameter exists and start misp-modules
+if [ $# = 0 ]
+then
+    # If no cmd parameter is set
+    echo "Start MISP Modules" && $MISP_MODULES_BINARY $DEBUG -l 0.0.0.0  > /dev/stdout 2> /dev/stderr
+else
+    # If cmd parameter is set
+    echo "Start MISP Modules" && $MISP_MODULES_BINARY $DEBUG -l 0.0.0.0 > /dev/stdout 2> /dev/stderr &
+    exec "$@"
+fi
--- a/docker/files/healthcheck.sh
+++ b/docker/files/healthcheck.sh
@ -0,0 +1,4 @@
+#!/bin/sh
+
+# If no contain is there or curl get an error back: exit 1. Docker restart then the container.
+curl -fk http://0.0.0.0:6666/modules || exit 1
--- a/docs/install.md
+++ b/docs/install.md
@ -1,32 +1,69 @@
-## How to install and start MISP modules in a Python virtualenv?
+## How to install and start MISP modules (in a Python virtualenv)?

 ~~~~bash
-sudo apt-get install python3-dev python3-pip libpq5 libjpeg-dev tesseract-ocr imagemagick
-sudo -u www-data virtualenv -p python3 /var/www/MISP/venv
+sudo apt-get install python3-dev python3-pip libpq5 libjpeg-dev tesseract-ocr libpoppler-cpp-dev imagemagick virtualenv libopencv-dev zbar-tools libzbar0 libzbar-dev libfuzzy-dev
+# With virtualenv: sudo -u www-data virtualenv -p python3 /var/www/MISP/venv
 cd /usr/local/src/
 sudo git clone https://github.com/MISP/misp-modules.git
 cd misp-modules
+
+# BEGIN with virtualenv: 
 sudo -u www-data /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
 sudo -u www-data /var/www/MISP/venv/bin/pip install .
-sudo apt install ruby-pygments.rb -y
-sudo gem install asciidoctor-pdf --pre
+# END with virtualenv
+
+# BEGIN without virtualenv: 
+pip install -I -r REQUIREMENTS
+pip install .
+# END without virtualenv
+
+# To start after reboot: 
 sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
+
+# Start the Module:
 /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s & #to start the modules
 ~~~~

-## How to install and start MISP modules?
+## How to install and start MISP modules on RHEL-based distributions ?
+
+As of this writing, the official RHEL repositories only contain Ruby 2.0.0 and Ruby 2.1 or higher is required. As such, this guide installs Ruby 2.2 from the SCL repository.

 ~~~~bash
-sudo apt-get install python3-dev python3-pip libpq5 libjpeg-dev tesseract-ocr imagemagick
-cd /usr/local/src/
-sudo git clone https://github.com/MISP/misp-modules.git
+sudo yum install rh-ruby22
+sudo yum install openjpeg-devel
+sudo yum install rubygem-rouge rubygem-asciidoctor zbar-devel opencv-devel gcc-c++ pkgconfig poppler-cpp-devel python-devel redhat-rpm-config
+cd /var/www/MISP
+git clone https://github.com/MISP/misp-modules.git
 cd misp-modules
-sudo pip3 install -I -r REQUIREMENTS
-sudo pip3 install -I .
-sudo apt install ruby-pygments.rb -y
-sudo gem install asciidoctor-pdf --pre
-sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s > /tmp/misp-modules_rc.local.log &\n' /etc/rc.local
-/var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s & #to start the modules
+sudo -u apache /usr/bin/scl enable rh-python36 "virtualenv -p python3 /var/www/MISP/venv"
+sudo -u apache /var/www/MISP/venv/bin/pip install -U -I -r REQUIREMENTS
+sudo -u apache /var/www/MISP/venv/bin/pip install -U .
+~~~~
+
+Create the service file /etc/systemd/system/misp-modules.service :
+
+~~~~bash
+echo "[Unit]
+Description=MISP's modules
+After=misp-workers.service
+
+[Service]
+Type=simple
+User=apache
+Group=apache
+ExecStart=/usr/bin/scl enable rh-python36 rh-ruby22  '/var/www/MISP/venv/bin/misp-modules –l 127.0.0.1 –s'
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target" | sudo tee /etc/systemd/system/misp-modules.service
+~~~~
+
+The After=misp-workers.service must be changed or removed if you have not created a misp-workers service. Then, enable the misp-modules service and start it:
+
+~~~~bash
+systemctl daemon-reload
+systemctl enable --now misp-modules
 ~~~~

 ## How to use an MISP modules Docker container
@ -36,6 +73,7 @@ sudo sed -i -e '$i \sudo -u www-data /var/www/MISP/venv/bin/misp-modules -l 127.
 ~~~~bash
 # Start Redis
 docker run --rm -d --name=misp-redis redis:alpine
+# Start MISP-modules
 docker run \
    --rm -d --name=misp-modules \
    -e REDIS_BACKEND=misp-redis \
@ -43,7 +81,7 @@ docker run \
    -e REDIS_PW="" \
    -e REDIS_DATABASE="245" \
    -e MISP_MODULES_DEBUG="false" \
-    dcso/misp-dockerized-redis
+    dcso/misp-dockerized-misp-modules
 ~~~~

 ### Docker-compose