ci/cd - fix BW CVEs and fix Linux restart
This commit is contained in:
parent
fa7c7ac91f
commit
461789aed6
|
@ -74,7 +74,7 @@ RUN apk add --no-cache pcre bash python3 && \
|
|||
chmod 660 /usr/share/bunkerweb/INTEGRATION
|
||||
|
||||
# Fix CVEs
|
||||
# No need to update anything for now, there are no CVE concerning the already installed packages inside this image
|
||||
RUN apk add "curl>=7.83.1-r6" "libcrypto1.1>=1.1.1t-r1" "libcurl>=7.83.1-r6" "libssl1.1>=1.1.1t-r1"
|
||||
|
||||
VOLUME /data /etc/nginx
|
||||
|
||||
|
|
|
@ -78,10 +78,10 @@ function start() {
|
|||
# Set the PYTHONPATH
|
||||
export PYTHONPATH=/usr/share/bunkerweb/deps/python
|
||||
|
||||
log "ENTRYPOINT" "ℹ️" "Starting BunkerWeb service ..."
|
||||
log "SYSTEMCTL" "ℹ️" "Starting BunkerWeb service ..."
|
||||
|
||||
# Setup and check /data folder
|
||||
/usr/share/bunkerweb/helpers/data.sh "ENTRYPOINT"
|
||||
/usr/share/bunkerweb/helpers/data.sh "SYSTEMCTL"
|
||||
|
||||
# Stop scheduler if it's running
|
||||
stop_scheduler
|
||||
|
@ -95,15 +95,15 @@ function start() {
|
|||
fi
|
||||
/usr/share/bunkerweb/gen/main.py --variables /var/tmp/bunkerweb/tmp.env --no-linux-reload
|
||||
if [ $? -ne 0 ] ; then
|
||||
log "ENTRYPOINT" "❌" "Error while generating config from /var/tmp/bunkerweb/tmp.env"
|
||||
log "SYSTEMCTL" "❌" "Error while generating config from /var/tmp/bunkerweb/tmp.env"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Start nginx
|
||||
log "ENTRYPOINT" "ℹ️" "Starting nginx ..."
|
||||
log "SYSTEMCTL" "ℹ️" "Starting nginx ..."
|
||||
nginx
|
||||
if [ $? -ne 0 ] ; then
|
||||
log "ENTRYPOINT" "❌" "Error while executing nginx"
|
||||
log "SYSTEMCTL" "❌" "Error while executing nginx"
|
||||
exit 1
|
||||
fi
|
||||
count=0
|
||||
|
@ -114,13 +114,13 @@ function start() {
|
|||
fi
|
||||
count=$(($count + 1))
|
||||
sleep 1
|
||||
log "ENTRYPOINT" "ℹ️" "Waiting for nginx to start ..."
|
||||
log "SYSTEMCTL" "ℹ️" "Waiting for nginx to start ..."
|
||||
done
|
||||
if [ $count -ge 10 ] ; then
|
||||
log "ENTRYPOINT" "❌" "nginx is not started"
|
||||
log "SYSTEMCTL" "❌" "nginx is not started"
|
||||
exit 1
|
||||
fi
|
||||
log "ENTRYPOINT" "ℹ️" "nginx started ..."
|
||||
log "SYSTEMCTL" "ℹ️" "nginx started ..."
|
||||
|
||||
# Create dummy variables.env
|
||||
if [ ! -f /etc/bunkerweb/variables.env ]; then
|
||||
|
@ -128,59 +128,60 @@ function start() {
|
|||
fi
|
||||
|
||||
# Update database
|
||||
log "SYSTEMCTL" "ℹ️" "Updating database ..."
|
||||
if [ ! -f /var/lib/bunkerweb/db.sqlite3 ]; then
|
||||
/usr/share/bunkerweb/gen/save_config.py --variables /etc/bunkerweb/variables.env --init
|
||||
else
|
||||
/usr/share/bunkerweb/gen/save_config.py --variables /etc/bunkerweb/variables.env
|
||||
fi
|
||||
if [ $? -ne 0 ] ; then
|
||||
log "ENTRYPOINT" "❌" "save_config failed"
|
||||
log "SYSTEMCTL" "❌" "save_config failed"
|
||||
exit 1
|
||||
fi
|
||||
log "SYSTEMCTL" "ℹ️" "Database updated ..."
|
||||
|
||||
# Execute scheduler
|
||||
log "ENTRYPOINT" "ℹ️ " "Executing scheduler ..."
|
||||
log "SYSTEMCTL" "ℹ️ " "Executing scheduler ..."
|
||||
/usr/share/bunkerweb/scheduler/main.py --variables /etc/bunkerweb/variables.env
|
||||
if [ "$?" -ne 0 ] ; then
|
||||
log "ENTRYPOINT" "❌" "Scheduler failed"
|
||||
log "SYSTEMCTL" "❌" "Scheduler failed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
log "ENTRYPOINT" "ℹ️ " "Scheduler stopped"
|
||||
log "SYSTEMCTL" "ℹ️ " "Scheduler stopped"
|
||||
}
|
||||
|
||||
function stop() {
|
||||
log "ENTRYPOINT" "ℹ️" "Stopping BunkerWeb service ..."
|
||||
log "SYSTEMCTL" "ℹ️" "Stopping BunkerWeb service ..."
|
||||
|
||||
stop_nginx
|
||||
stop_scheduler
|
||||
|
||||
log "ENTRYPOINT" "ℹ️" "BunkerWeb service stopped"
|
||||
log "SYSTEMCTL" "ℹ️" "BunkerWeb service stopped"
|
||||
}
|
||||
|
||||
function reload()
|
||||
{
|
||||
|
||||
log "ENTRYPOINT" "ℹ️" "Reloading BunkerWeb service ..."
|
||||
log "SYSTEMCTL" "ℹ️" "Reloading BunkerWeb service ..."
|
||||
|
||||
PID_FILE_PATH="/var/tmp/bunkerweb/scheduler.pid"
|
||||
if [ -f "$PID_FILE_PATH" ];
|
||||
then
|
||||
var=$(cat "$PID_FILE_PATH")
|
||||
# Send signal to scheduler to reload
|
||||
log "ENTRYPOINT" "ℹ️" "Sending reload signal to scheduler ..."
|
||||
log "SYSTEMCTL" "ℹ️" "Sending reload signal to scheduler ..."
|
||||
kill -SIGHUP $var
|
||||
result=$?
|
||||
if [ $result -ne 0 ] ; then
|
||||
log "ENTRYPOINT" "❌" "Your command exited with non-zero status $result"
|
||||
log "SYSTEMCTL" "❌" "Your command exited with non-zero status $result"
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
log "ENTRYPOINT" "❌" "Scheduler is not running"
|
||||
log "SYSTEMCTL" "❌" "Scheduler is not running"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
log "ENTRYPOINT" "ℹ️" "BunkerWeb service reloaded ..."
|
||||
log "SYSTEMCTL" "ℹ️" "BunkerWeb service reloaded ..."
|
||||
}
|
||||
|
||||
# List of differents args
|
||||
|
|
|
@ -382,22 +382,45 @@ if __name__ == "__main__":
|
|||
else:
|
||||
logger.info("Successfuly sent /data/cache folder")
|
||||
|
||||
# reload nginx
|
||||
logger.info("Reloading nginx ...")
|
||||
# restart nginx
|
||||
logger.info("Stopping temp nginx ...")
|
||||
if integration == "Linux":
|
||||
# Reloading the nginx server.
|
||||
# Stop temp nginx
|
||||
proc = subprocess_run(
|
||||
# Reload nginx
|
||||
["/usr/sbin/nginx", "-s", "reload"],
|
||||
["/usr/sbin/nginx", "-s", "stop"],
|
||||
stdin=DEVNULL,
|
||||
stderr=STDOUT,
|
||||
env=deepcopy(env),
|
||||
)
|
||||
if proc.returncode == 0:
|
||||
logger.info("Successfuly reloaded nginx")
|
||||
logger.info("Successfuly sent stop signal to temp nginx")
|
||||
i = 0
|
||||
while i < 20 :
|
||||
if not Path("/var/tmp/bunkerweb/nginx.pid").is_file() :
|
||||
break
|
||||
logger.warning("Waiting for temp nginx to stop ...")
|
||||
sleep(1)
|
||||
i += 1
|
||||
if i >= 20 :
|
||||
logger.error("Timeout error while waiting for temp nginx to stop")
|
||||
else :
|
||||
# Start nginx
|
||||
logger.info("Starting nginx ...")
|
||||
proc = subprocess_run(
|
||||
["/usr/sbin/nginx"],
|
||||
stdin=DEVNULL,
|
||||
stderr=STDOUT,
|
||||
env=deepcopy(env),
|
||||
)
|
||||
if proc.returncode == 0:
|
||||
logger.info("Successfuly started nginx")
|
||||
else :
|
||||
logger.error(
|
||||
f"Error while starting nginx - returncode: {proc.returncode} - error: {proc.stderr.decode('utf-8')}",
|
||||
)
|
||||
else:
|
||||
logger.error(
|
||||
f"Error while reloading nginx - returncode: {proc.returncode} - error: {proc.stderr.decode('utf-8')}",
|
||||
f"Error while sending stop signal to temp nginx - returncode: {proc.returncode} - error: {proc.stderr.decode('utf-8')}",
|
||||
)
|
||||
else:
|
||||
if api_caller._send_to_apis("POST", "/reload"):
|
||||
|
|
Loading…
Reference in New Issue