#!/bin/bash # SRTool - shell script to start "Security Response Tool" # Copyright (C) 2013-2015 Intel Corp. # Copyright (C) 2018 Wind River Systems # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see http://www.gnu.org/licenses/. HELP=" Usage: source srt start|stop [webport=] Optional arguments: [webport] Set the SRTool server port (default: localhost:8000) [noautoupdate] Disable the auto update server " databaseCheck() { retval=0 # you can always add a superuser later via # ../srt/manage.py createsuperuser --username= $MANAGE migrate --noinput || retval=1 if [ $retval -eq 1 ] ; then echo "Failed migrations, aborting system start" 1>&2 return $retval fi $MANAGE checksettings --traceback || retval=1 if [ $retval -eq 1 ]; then printf "\nError while checking settings; aborting\n" return $retval fi return $retval } get_srt_env_settings() { mainapp="yp" # Apply all shell settings except default app 'yp' # Only look in directories with proper 'datasource.json' files for envscript in $(find ./bin -name "datasource.json") ; do envscript=${envscript/datasource.json/srtool_env.sh} if [ -f "$envscript" -a "$envscript" = "${envscript/bin\/yp/}" ] ; then . $envscript fi done # if no main app, default to 'yp' if [ -z "$SRT_MAIN_APP" ] ; then . ./bin/yp/srtool_env.sh fi echo "SRT_MAIN_APP=$SRT_MAIN_APP" } webserverKillAll() { local pidfile for pidfile in ${SRT_BASE_DIR}/.srtmain.pid ; do if [ -f ${pidfile} ] ; then pid=`cat ${pidfile}` while kill -0 $pid 2>/dev/null; do echo "KILL:$pid" kill -SIGTERM -9 $pid 2>/dev/null sleep 1 done rm ${pidfile} fi done # Stop the Update app if [ 0 -eq $no_auto_update ] ; then ./bin/common/srtool_update.py --cron-stop fi } webserverStartAll() { # do not start if srtmain points to a valid process if ! cat "${SRT_BASE_DIR}/.srtmain.pid" 2>/dev/null | xargs -I{} kill -0 {} ; then retval=1 rm "${SRT_BASE_DIR}/.srtmain.pid" fi retval=0 # check the database databaseCheck || return 1 echo "Starting SRTool webserver..." $MANAGE runserver --noreload "$ADDR_PORT" \ >${SRT_BASE_DIR}/srt_web.log 2>&1 \ & echo $! >${SRT_BASE_DIR}/.srtmain.pid sleep 1 if ! cat "${SRT_BASE_DIR}/.srtmain.pid" | xargs -I{} kill -0 {} ; then retval=1 rm "${SRT_BASE_DIR}/.srtmain.pid" echo "SRTool webserver NOT STARTED" else echo "SRTool webserver started at http://$ADDR_PORT" fi # Start the Update app if [ 0 -eq $no_auto_update ] ; then ./bin/common/srtool_update.py --cron-start > /dev/null 2>&1 & echo "SRTool update service started at PID $!" fi return $retval } INSTOPSYSTEM=0 # define the stop command stop_system() { # prevent reentry if [ $INSTOPSYSTEM -eq 1 ] ; then return; fi INSTOPSYSTEM=1 webserverKillAll # unset exported variables unset SRT_BASE_DIR trap - SIGHUP #trap - SIGCHLD INSTOPSYSTEM=0 } verify_prereq() { # Quick check for Python3 if [ -z "$(which python3)" ] ; then echo "ERROR: missing 'python3' host package" return 2 fi if [ -z "$(which sqlite3)" ] ; then echo "ERROR: missing 'sqlite3' host package" return 2 fi # Verify Django version reqfile=$(python3 -c "import os; print(os.path.realpath('$SRT_BASE_DIR/bin/srtool-requirements.txt'))") exp='s/Django$[><=]\+$$[^,]\+$,$[><=]\+$$.\+$/' # expand version parts to 2 digits to support 1.10.x > 1.8 # (note:helper functions hard to insert in-line) exp=$exp'import sys,django;' # Allow for development versions like '2.2.dev20181217100344' exp=$exp'version=["%02d" % int(n) for n in django.get_version().replace("dev","").split(".")];' exp=$exp'vmin=["%02d" % int(n) for n in "\2".split(".")];' exp=$exp'vmax=["%02d" % int(n) for n in "\4".split(".")];' exp=$exp'sys.exit(not (version \1 vmin and version \3 vmax))' exp=$exp'/p' if ! sed -n "$exp" $reqfile | python3 - ; then req=`grep ^Django $reqfile` echo "This program needs $req" echo "Please install with pip3 install -r $reqfile" return 2 fi return 0 } create_restart() { cat > $SRT_BASE_DIR/bin/srt_start.sh << endmsg #!/bin/bash # Restart the SRTool using the last start options if [ -f $SRT_BASE_DIR/.srtmain.pid ] ; then $SRT_BASE_DIR/bin/srt_stop.sh fi $SRT_BASE_DIR/bin/srt $* endmsg chmod +x $SRT_BASE_DIR/bin/srt_start.sh cat > $SRT_BASE_DIR/bin/srt_stop.sh << endmsg #!/bin/bash # Stop the SRTool based on the the last start options if [ 1 -eq $no_auto_update ] ; then $SRT_BASE_DIR/bin/srt stop noautoupdate else $SRT_BASE_DIR/bin/srt stop fi endmsg chmod +x $SRT_BASE_DIR/bin/srt_stop.sh } # read command line parameters if [ -n "$BASH_SOURCE" ] ; then SRT=${BASH_SOURCE} elif [ -n "$ZSH_NAME" ] ; then SRT=${(%):-%x} else SRT=$0 fi # read command line parameters if [ -n "$BASH_SOURCE" ] ; then SRT=${BASH_SOURCE} elif [ -n "$ZSH_NAME" ] ; then SRT=${(%):-%x} else SRT=$0 fi # set up base paths and definitions export SRT_BASE_DIR=$(dirname $SRT) SRT_BASE_DIR=$(readlink -f $SRT_BASE_DIR) SRT_BASE_DIR=$(dirname $SRT_BASE_DIR) MANAGE="python3 $SRT_BASE_DIR/lib/manage.py" # Fetch the datasource environent settings get_srt_env_settings # insure basic directories are present mkdir -p $SRT_BASE_DIR/data mkdir -p $SRT_BASE_DIR/data/cache mkdir -p $SRT_BASE_DIR/update_logs touch $SRT_BASE_DIR/update_logs/master_log.txt ADDR_PORT="localhost:8000" unset CMD manage_cmd="" if [ "1" = "$SRT_SKIP_AUTOUPDATE" ] ; then no_auto_update=1 else no_auto_update=0 fi for param in $*; do case $param in start ) CMD=$param ;; stop ) CMD=$param ;; manage ) CMD=$param ;; webport=*) ADDR_PORT="${param#*=}" # Split the addr:port string ADDR=`echo $ADDR_PORT | cut -f 1 -d ':'` PORT=`echo $ADDR_PORT | cut -f 2 -d ':'` # If only a port has been specified then set address to localhost. if [ $ADDR = $PORT ] ; then ADDR_PORT="localhost:$PORT" fi ;; noautoupdate ) no_auto_update=1 ;; --help) echo "$HELP" exit 0 ;; *) if [ "manage" == "$CMD" ] ; then cd $SRT_BASE_DIR/lib manage_cmd="$manage_cmd $param" else echo "$HELP" exit 1 fi ;; esac done verify_prereq || exit 1 # this defines the dir SRTool will use for # 1) the sqlite db if that is being used. # 2) pid's we need to clean up on exit/shutdown # Determine the action. If specified by arguments, fine, if not, toggle it if [ "$CMD" = "start" ] ; then if [ -n "$BBSERVER" ]; then echo " SRT is already running. Exiting..." exit 1 fi elif [ "$CMD" = "" ]; then echo "No command specified" echo "$HELP" exit 1 fi echo "The system will $CMD." # Execute the commands case $CMD in start ) # check if addr:port is not in use if [ "$CMD" == 'start' ] ; then $MANAGE checksocket "$ADDR_PORT" || exit 1 fi if ! webserverStartAll; then echo "Failed ${CMD}." exit 4 fi # create working directories for srtool mkdir -p $SRT_BASE_DIR/update_logs mkdir -p $SRT_BASE_DIR/backups mkdir -p $SRT_BASE_DIR/reports # set fail safe stop system on terminal exit trap stop_system SIGHUP echo "Successful ${CMD}." create_restart $* exit 0 ;; stop ) stop_system echo "Successful ${CMD}." ;; manage ) $MANAGE $manage_cmd ;; esac