librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Adding Rhel integration

This commit is contained in:
AxyFr 2023-02-06 17:13:15 +01:00
parent 89930f1a34
commit c892050162
7 changed files with 574 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/linux/Dockerfile-rhel
View File

@ -1,16 +1,25 @@
FROM redhat/ubi8:8.6
FROM redhat/ubi8:8.7
ENV OS=rhel
ENV NGINX_VERSION 1.22.1
# Resolving problems
RUN subscription-manager remove --all && \
subscription-manager clean
# # Resolving problems
# RUN subscription-manager remove --all && \
# subscription-manager clean
# RHEL subscription
RUN subscription-manager register --username=username --password=password && \
pool_id=$(subscription-manager list --available | awk '/^Pool ID:/ {print $3}' | head -1) && \
subscription-manager attach --pool=$pool_id
# # RHEL subscription
# RUN subscription-manager register --username=bunkerfrsq --password=RiIlOTHgUHbDthY2aLEJ && \
# pool_id=$(subscription-manager list --available | awk '/^Pool ID:/ {print $3}' | head -1) && \
# subscription-manager attach --pool=$pool_id
# Copy centos repo
COPY src/linux/centos.repo /etc/yum.repos.d/centos.repo
# Copy RPM-GPG-KEY-CentOS-Official
COPY src/linux/RPM-GPG-KEY-centosofficial /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
# Import RPM-GPG-KEY-CentOS-Official
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
# Install fpm
RUN dnf install -y ruby ruby-devel make gcc redhat-rpm-config rpm-build wget && \
@ -22,7 +31,9 @@ RUN dnf install -y ruby ruby-devel make gcc redhat-rpm-config rpm-build wget &&
# Nginx
COPY src/linux/nginx.repo /etc/yum.repos.d/nginx.repo
RUN dnf install yum-utils -y && \
dnf install nginx-1.22.1 -y
wget https://nginx.org/packages/rhel/8/x86_64/RPMS/nginx-1.22.1-1.el8.ngx.x86_64.rpm && \
dnf install nginx-1.22.1-1.el8.ngx.x86_64.rpm -y && \
rm -rf nginx-1.22.1-1.el8.ngx.x86_64.rpm
# Copy dependencies sources folder
COPY src/deps /tmp/bunkerweb/deps
@ -36,7 +47,7 @@ RUN mkdir -p /usr/share/bunkerweb/deps && \
rm -rf /tmp/req
# Compile and install dependencies
RUN dnf install -y readline readline-devel python39-pip brotli brotli-devel gperftools-devel perl libxslt-devel libxml2 libxslt bash gd gd-devel gcc-c++ curl znc-modtcl gawk libtool pcre-devel automake autoconf gcc make openssl-devel git zlib-devel libxml2-devel pkgconf libcurl-devel geoip-devel && \
RUN dnf install -y readline-devel python39-pip brotli brotli-devel gperftools-devel perl libxslt-devel libxml2 libxslt bash gd gd-devel gcc-c++ curl znc-modtcl gawk libtool pcre-devel automake autoconf gcc make openssl-devel git zlib-devel libxml2-devel pkgconf libcurl-devel geoip-devel --skip-broken && \
pip3.9 install --no-cache-dir --upgrade pip && \
pip3.9 install wheel && \
#mkdir -p /usr/share/bunkerweb/deps && \

30
src/linux/RPM-GPG-KEY-centosofficial Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
mQINBFzMWxkBEADHrskpBgN9OphmhRkc7P/YrsAGSvvl7kfu+e9KAaU6f5MeAVyn
rIoM43syyGkgFyWgjZM8/rur7EMPY2yt+2q/1ZfLVCRn9856JqTIq0XRpDUe4nKQ
8BlA7wDVZoSDxUZkSuTIyExbDf0cpw89Tcf62Mxmi8jh74vRlPy1PgjWL5494b3X
5fxDidH4bqPZyxTBqPrUFuo+EfUVEqiGF94Ppq6ZUvrBGOVo1V1+Ifm9CGEK597c
aevcGc1RFlgxIgN84UpuDjPR9/zSndwJ7XsXYvZ6HXcKGagRKsfYDWGPkA5cOL/e
f+yObOnC43yPUvpggQ4KaNJ6+SMTZOKikM8yciyBwLqwrjo8FlJgkv8Vfag/2UR7
JINbyqHHoLUhQ2m6HXSwK4YjtwidF9EUkaBZWrrskYR3IRZLXlWqeOi/+ezYOW0m
vufrkcvsh+TKlVVnuwmEPjJ8mwUSpsLdfPJo1DHsd8FS03SCKPaXFdD7ePfEjiYk
nHpQaKE01aWVSLUiygn7F7rYemGqV9Vt7tBw5pz0vqSC72a5E3zFzIIuHx6aANry
Gat3aqU3qtBXOrA/dPkX9cWE+UR5wo/A2UdKJZLlGhM2WRJ3ltmGT48V9CeS6N9Y
m4CKdzvg7EWjlTlFrd/8WJ2KoqOE9leDPeXRPncubJfJ6LLIHyG09h9kKQARAQAB
tDpDZW50T1MgKENlbnRPUyBPZmZpY2lhbCBTaWduaW5nIEtleSkgPHNlY3VyaXR5
QGNlbnRvcy5vcmc+iQI3BBMBAgAhBQJczFsZAhsDBgsJCAcDAgYVCAIJCgsDFgIB
Ah4BAheAAAoJEAW1VbOEg8ZdjOsP/2ygSxH9jqffOU9SKyJDlraL2gIutqZ3B8pl
Gy/Qnb9QD1EJVb4ZxOEhcY2W9VJfIpnf3yBuAto7zvKe/G1nxH4Bt6WTJQCkUjcs
N3qPWsx1VslsAEz7bXGiHym6Ay4xF28bQ9XYIokIQXd0T2rD3/lNGxNtORZ2bKjD
vOzYzvh2idUIY1DgGWJ11gtHFIA9CvHcW+SMPEhkcKZJAO51ayFBqTSSpiorVwTq
a0cB+cgmCQOI4/MY+kIvzoexfG7xhkUqe0wxmph9RQQxlTbNQDCdaxSgwbF2T+gw
byaDvkS4xtR6Soj7BKjKAmcnf5fn4C5Or0KLUqMzBtDMbfQQihn62iZJN6ZZ/4dg
q4HTqyVpyuzMXsFpJ9L/FqH2DJ4exGGpBv00ba/Zauy7GsqOc5PnNBsYaHCply0X
407DRx51t9YwYI/ttValuehq9+gRJpOTTKp6AjZn/a5Yt3h6jDgpNfM/EyLFIY9z
V6CXqQQ/8JRvaik/JsGCf+eeLZOw4koIjZGEAg04iuyNTjhx0e/QHEVcYAqNLhXG
rCTTbCn3NSUO9qxEXC+K/1m1kaXoCGA0UWlVGZ1JSifbbMx0yxq/brpEZPUYm+32
o8XfbocBWljFUJ+6aljTvZ3LQLKTSPW7TFO+GXycAOmCGhlXh2tlc6iTc41PACqy
yy+mHmSv
=kkH7
-----END PGP PUBLIC KEY BLOCK-----

6
src/linux/centos.repo Normal file
View File

@ -0,0 +1,6 @@
[centos8-base]
name = CentOS 8 Base OS
baseurl = http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/
gpgcheck = 1
enabled = 1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial

4
src/linux/fpm-rhel
View File

@ -3,11 +3,11 @@
--license agpl3
--version %VERSION%
--architecture x86_64
--depends bash --depends epel-release --depends python39 --depends 'nginx = 1:1.22.1-1.el8.ngx' --depends libcurl-devel --depends libxml2 --depends lmdb-libs --depends GeoIP-devel --depends file-libs --depends net-tools --depends gd --depends sudo --depends procps --depends lsof
--depends bash --depends python39 --depends 'nginx = 1:1.22.1-1.el8.ngx' --depends libcurl-devel --depends libxml2 --depends file-libs --depends net-tools --depends gd --depends sudo --depends procps --depends lsof
--description "BunkerWeb %VERSION% for Rhel 8"
--url "https://www.bunkerweb.io"
--maintainer "Bunkerity <contact at bunkerity dot com>"
--before-install /usr/share/bunkerweb/scripts/beforeInstall.sh
--after-install /usr/share/bunkerweb/scripts/postinstall.sh
--after-remove /usr/share/bunkerweb/scripts/afterRemove.sh
--after-remove /usr/share/bunkerweb/scripts/afterRemoveRPM.sh
/usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb /etc/letsencrypt=/etc/letsencrypt

2
src/linux/scripts/afterRemoveDEB.sh
View File

@ -102,7 +102,7 @@ fi
# Detect OS
OS=$(lsb_release -is | tr '[:upper:]' '[:lower:]')
if ! [[ "$OS" =~ (debian|ubuntu|centos|fedora) ]]; then
if ! [[ "$OS" =~ (debian|ubuntu) ]]; then
echo "❌ Unsupported Operating System"
exit 1
fi

10
src/linux/scripts/afterRemoveRPM.sh
View File

@ -100,9 +100,13 @@ if [ $(id -u) -ne 0 ] ; then
exit 1
fi
# Detect OS
OS=$(lsb_release -is | tr '[:upper:]' '[:lower:]')
if ! [[ "$OS" =~ (debian|ubuntu|centos|fedora) ]]; then
if [ -f /etc/redhat-release ]; then
OS="redhat"
else
OS=$(lsb_release -is | tr '[:upper:]' '[:lower:]')
fi
if ! [[ "$OS" =~ (centos|fedora|redhat) ]]; then
echo "❌ Unsupported Operating System"
exit 1
fi

516
tests/Upgrade.py
View File

@ -433,7 +433,7 @@ if distro == "ubuntu":
"systemd-ubuntu",
"bash",
"-c",
'sudo apt-get install -y nginx=1.20.2-1~jammy',
'apt-get install -y nginx=1.20.2-1~jammy',
]
)
subprocess.run(
@ -455,7 +455,7 @@ if distro == "ubuntu":
"systemd-ubuntu",
"bash",
"-c",
"sudo apt update"
"apt update"
]
)
subprocess.run(
@ -466,7 +466,7 @@ if distro == "ubuntu":
"systemd-ubuntu",
"bash",
"-c",
"sudo apt install -y bunkerweb=1.4.5",
"apt install -y bunkerweb=1.4.5",
]
)
@ -494,7 +494,7 @@ if distro == "ubuntu":
"systemd-ubuntu",
"bash",
"-c",
"sudo apt remove -y nginx",
"apt remove -y nginx",
]
)
subprocess.run(
@ -505,7 +505,7 @@ if distro == "ubuntu":
"systemd-ubuntu",
"bash",
"-c",
"sudo apt purge -y nginx",
"apt purge -y nginx",
]
)
subprocess.run(
@ -516,7 +516,7 @@ if distro == "ubuntu":
"systemd-ubuntu",
"bash",
"-c",
"sudo apt autoremove -y",
"apt autoremove -y",
]
)
subprocess.run(
@ -527,7 +527,7 @@ if distro == "ubuntu":
"systemd-ubuntu",
"bash",
"-c",
"sudo apt install -y /data/bunkerweb.deb",
"apt install -y /data/bunkerweb.deb",
]
)
@ -1674,8 +1674,506 @@ elif distro == "fedora":
sys.exit(1)
elif distro == "rhel":
echo("RHEL not supported yet")
exit(1)
test_results = {
"Installation test": None,
"Reloading test": None,
"Removing test": None,
"Upgrading test": None,
}
subprocess.run(
[
"sudo",
"docker",
"build",
"-t",
"rhel-image",
"-f",
"src/linux/Dockerfile-rhel",
".",
]
)
subprocess.run(
[
"sudo",
"docker",
"run",
"-it",
"--name",
"rhel-container",
"-v",
"deb:/data",
"rhel-image",
]
)
subprocess.run(
[
"docker",
"run",
"-d",
"--name",
"systemd-rhel",
"-v",
"deb:/data",
"--privileged",
"-v",
"/sys/fs/cgroup:/sys/fs/cgroup",
"registry.access.redhat.com/ubi8/ubi-init:8.7-10",
]
)
# Installing test
print("Installing bunkerweb...")
bash_script = """
dnf install yum-utils wget sudo -y
wget https://nginx.org/packages/rhel/8/x86_64/RPMS/nginx-1.22.1-1.el8.ngx.x86_64.rpm
dnf install nginx-1.22.1-1.el8.ngx.x86_64.rpm -y
dnf install /data/bunkerweb.rpm -y
"""
with tempfile.NamedTemporaryFile(mode="w") as f:
f.write(bash_script)
f.flush()
subprocess.run(
["docker", "cp", f.name, "systemd-rhel:/data/install_nginx.sh"]
)
result = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"/data/install_nginx.sh",
]
)
if result.returncode != 0:
bunkerweb_logs = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"systemctl status bunkerweb.service",
],
capture_output=True,
)
print("Logs from bunkerweb:", bunkerweb_logs.stdout.decode())
bunkerweb_ui_logs = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"systemctl status bunkerweb-ui.service",
],
capture_output=True,
)
print("Logs from bunkerweb-ui:", bunkerweb_ui_logs.stdout.decode())
sys.exit(result.returncode)
exit(result.returncode)
else:
print("✔️ Installation successful ✔️")
# Checking Installation test
try:
if result.returncode == 0:
test_results["Installation test"] = "OK"
else:
test_results["Installation test"] = "KO"
sys.exit(1)
except:
test_results["Installation test"] = "KO"
sys.exit(1)
# Reloading test
print("Reloading bunkerweb...")
subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"echo 'HTTPS_PORT=8443' >> /etc/bunkerweb/variables.env",
]
)
subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"echo 'new_value=1' >> /etc/bunkerweb/ui.env",
]
)
subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"systemctl reload bunkerweb",
]
)
subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"systemctl reload bunkerweb-ui",
]
)
bunkerweb_state = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"systemctl is-active bunkerweb.service",
],
capture_output=True,
)
if bunkerweb_state.stdout.decode().strip() != "active":
bunkerweb_logs = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"journalctl -u bunkerweb.service",
],
capture_output=True,
)
print(
"❌ bunkerweb.service is not running. Logs:", bunkerweb_logs.stdout.decode()
)
bunkerweb_ui_state = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"systemctl is-active bunkerweb-ui.service",
],
capture_output=True,
)
if bunkerweb_ui_state.stdout.decode().strip() != "active":
bunkerweb_ui_logs = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"journalctl -u bunkerweb-ui.service",
],
capture_output=True,
)
print(
"❌ bunkerweb-ui.service is not running. Logs:",
bunkerweb_ui_logs.stdout.decode(),
)
else:
print("✔️ bunkerweb.service and bunkerweb-ui.service are running ✔️")
# Checking Reloading test
try:
if bunkerweb_state.stdout.decode().strip() == "active":
test_results["Reloading test"] = "OK"
else:
test_results["Reloading test"] = "KO"
except:
test_results["Reloading test"] = "KO"
# Removing test
print("Removing bunkerweb...")
subprocess.run(
[
"sudo",
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"dnf remove -y bunkerweb",
]
)
result = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"[ -d /usr/share/bunkerweb ]",
],
capture_output=True,
)
if result.returncode != 0:
print("✔️ /usr/share/bunkerweb not found.")
else:
print("❌ /usr/share/bunkerweb found.")
result = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"[ -d /var/tmp/bunkerweb ]",
],
capture_output=True,
)
if result.returncode != 0:
print("✔️ /var/tmp/bunkerweb not found.")
else:
print("❌ /var/tmp/bunkerweb found.")
result = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"[ -d /var/cache/bunkerweb ]",
],
capture_output=True,
)
if result.returncode != 0:
print("✔️ /var/cache/bunkerweb not found.")
else:
print("❌ /var/cache/bunkerweb found.")
result = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"[ -f /usr/bin/bwcli ]",
],
capture_output=True,
)
if result.returncode != 0:
print("✔️ /usr/bin/bwcli not found.")
else:
print("❌ /usr/bin/bwcli found.")
result = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"[ -d /var/lib/bunkerweb ]",
],
capture_output=True,
)
if result.returncode != 0:
print("✔️ /var/lib/bunkerweb not found.")
else:
print("❌ /var/lib/bunkerweb found.")
result = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"[ -d /etc/bunkerweb ]",
],
capture_output=True,
)
if result.returncode != 0:
print("✔️ /etc/bunkerweb not found.")
else:
print("❌ /etc/bunkerweb found.")
# Checking Removing test
try:
if (
os.path.exists("/usr/share/bunkerweb")
or os.path.exists("/var/tmp/bunkerweb")
or os.path.exists("/var/cache/bunkerweb")
or os.path.exists("/usr/bin/bwcli")
or os.path.isdir("/var/lib/bunkerweb")
or os.path.isdir("/etc/bunkerweb")
):
test_results["Removing test"] = "KO"
else:
test_results["Removing test"] = "OK"
except:
test_results["Removing test"] = "KO"
# Upgrading test
print("Upgrading bunkerweb...")
subprocess.run(
[
"docker",
"rm",
"-f",
"systemd-rhel",
]
)
subprocess.run(
[
"docker",
"run",
"-d",
"--name",
"systemd-rhel",
"-v",
"deb:/data",
"--privileged",
"-v",
"/sys/fs/cgroup:/sys/fs/cgroup",
"registry.access.redhat.com/ubi8/ubi-init:8.7-10",
]
)
subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash",
]
)
subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"sudo dnf check-update",
]
)
subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"sudo dnf install -y bunkerweb-1.4.5",
]
)
# Checking version
old_version = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"cat /opt/bunkerweb/VERSION",
],
capture_output=True,
)
print("Old version:", old_version.stdout.decode().strip())
# Upgrading package
subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"sudo dnf remove -y nginx",
]
)
subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"sudo dnf autoremove -y",
]
)
subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"sudo dnf install -y /data/bunkerweb.rpm",
]
)
# Checking version
new_version = subprocess.run(
[
"docker",
"exec",
"-it",
"systemd-rhel",
"bash",
"-c",
"cat /usr/share/bunkerweb/VERSION",
],
capture_output=True,
)
print("New version:", new_version.stdout.decode().strip())
try:
if old_version.stdout.decode().strip() != new_version.stdout.decode().strip():
test_results["Upgrading test"] = "OK"
else:
test_results["Upgrading test"] = "KO"
except:
test_results["Upgrading test"] = "KO"
# Print summary
for key, value in test_results.items():
print(f"{key}: {value}")
if "KO" in test_results.values():
sys.exit(1)
elif distro == "centos":
test_results = {
"Installation test": None,