From c892050162773aa926cda88496e71afb380e60a9 Mon Sep 17 00:00:00 2001 From: AxyFr Date: Mon, 6 Feb 2023 17:13:15 +0100 Subject: [PATCH] Adding Rhel integration --- src/linux/Dockerfile-rhel | 31 +- src/linux/RPM-GPG-KEY-centosofficial | 30 ++ src/linux/centos.repo | 6 + src/linux/fpm-rhel | 4 +- src/linux/scripts/afterRemoveDEB.sh | 2 +- src/linux/scripts/afterRemoveRPM.sh | 10 +- tests/Upgrade.py | 516 ++++++++++++++++++++++++++- 7 files changed, 574 insertions(+), 25 deletions(-) create mode 100644 src/linux/RPM-GPG-KEY-centosofficial create mode 100644 src/linux/centos.repo diff --git a/src/linux/Dockerfile-rhel b/src/linux/Dockerfile-rhel index a67eb9b5..13dc0aca 100644 --- a/src/linux/Dockerfile-rhel +++ b/src/linux/Dockerfile-rhel @@ -1,16 +1,25 @@ -FROM redhat/ubi8:8.6 +FROM redhat/ubi8:8.7 ENV OS=rhel ENV NGINX_VERSION 1.22.1 -# Resolving problems -RUN subscription-manager remove --all && \ - subscription-manager clean +# # Resolving problems +# RUN subscription-manager remove --all && \ +# subscription-manager clean -# RHEL subscription -RUN subscription-manager register --username=username --password=password && \ - pool_id=$(subscription-manager list --available | awk '/^Pool ID:/ {print $3}' | head -1) && \ - subscription-manager attach --pool=$pool_id +# # RHEL subscription +# RUN subscription-manager register --username=bunkerfrsq --password=RiIlOTHgUHbDthY2aLEJ && \ +# pool_id=$(subscription-manager list --available | awk '/^Pool ID:/ {print $3}' | head -1) && \ +# subscription-manager attach --pool=$pool_id + +# Copy centos repo +COPY src/linux/centos.repo /etc/yum.repos.d/centos.repo + +# Copy RPM-GPG-KEY-CentOS-Official +COPY src/linux/RPM-GPG-KEY-centosofficial /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial + +# Import RPM-GPG-KEY-CentOS-Official +RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial # Install fpm RUN dnf install -y ruby ruby-devel make gcc redhat-rpm-config rpm-build wget && \ @@ -22,7 +31,9 @@ RUN dnf install -y ruby ruby-devel make gcc redhat-rpm-config rpm-build wget && # Nginx COPY src/linux/nginx.repo /etc/yum.repos.d/nginx.repo RUN dnf install yum-utils -y && \ - dnf install nginx-1.22.1 -y + wget https://nginx.org/packages/rhel/8/x86_64/RPMS/nginx-1.22.1-1.el8.ngx.x86_64.rpm && \ + dnf install nginx-1.22.1-1.el8.ngx.x86_64.rpm -y && \ + rm -rf nginx-1.22.1-1.el8.ngx.x86_64.rpm # Copy dependencies sources folder COPY src/deps /tmp/bunkerweb/deps @@ -36,7 +47,7 @@ RUN mkdir -p /usr/share/bunkerweb/deps && \ rm -rf /tmp/req # Compile and install dependencies -RUN dnf install -y readline readline-devel python39-pip brotli brotli-devel gperftools-devel perl libxslt-devel libxml2 libxslt bash gd gd-devel gcc-c++ curl znc-modtcl gawk libtool pcre-devel automake autoconf gcc make openssl-devel git zlib-devel libxml2-devel pkgconf libcurl-devel geoip-devel && \ +RUN dnf install -y readline-devel python39-pip brotli brotli-devel gperftools-devel perl libxslt-devel libxml2 libxslt bash gd gd-devel gcc-c++ curl znc-modtcl gawk libtool pcre-devel automake autoconf gcc make openssl-devel git zlib-devel libxml2-devel pkgconf libcurl-devel geoip-devel --skip-broken && \ pip3.9 install --no-cache-dir --upgrade pip && \ pip3.9 install wheel && \ #mkdir -p /usr/share/bunkerweb/deps && \ diff --git a/src/linux/RPM-GPG-KEY-centosofficial b/src/linux/RPM-GPG-KEY-centosofficial new file mode 100644 index 00000000..94ebc832 --- /dev/null +++ b/src/linux/RPM-GPG-KEY-centosofficial @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.22 (GNU/Linux) + +mQINBFzMWxkBEADHrskpBgN9OphmhRkc7P/YrsAGSvvl7kfu+e9KAaU6f5MeAVyn +rIoM43syyGkgFyWgjZM8/rur7EMPY2yt+2q/1ZfLVCRn9856JqTIq0XRpDUe4nKQ +8BlA7wDVZoSDxUZkSuTIyExbDf0cpw89Tcf62Mxmi8jh74vRlPy1PgjWL5494b3X +5fxDidH4bqPZyxTBqPrUFuo+EfUVEqiGF94Ppq6ZUvrBGOVo1V1+Ifm9CGEK597c +aevcGc1RFlgxIgN84UpuDjPR9/zSndwJ7XsXYvZ6HXcKGagRKsfYDWGPkA5cOL/e +f+yObOnC43yPUvpggQ4KaNJ6+SMTZOKikM8yciyBwLqwrjo8FlJgkv8Vfag/2UR7 +JINbyqHHoLUhQ2m6HXSwK4YjtwidF9EUkaBZWrrskYR3IRZLXlWqeOi/+ezYOW0m +vufrkcvsh+TKlVVnuwmEPjJ8mwUSpsLdfPJo1DHsd8FS03SCKPaXFdD7ePfEjiYk +nHpQaKE01aWVSLUiygn7F7rYemGqV9Vt7tBw5pz0vqSC72a5E3zFzIIuHx6aANry +Gat3aqU3qtBXOrA/dPkX9cWE+UR5wo/A2UdKJZLlGhM2WRJ3ltmGT48V9CeS6N9Y +m4CKdzvg7EWjlTlFrd/8WJ2KoqOE9leDPeXRPncubJfJ6LLIHyG09h9kKQARAQAB +tDpDZW50T1MgKENlbnRPUyBPZmZpY2lhbCBTaWduaW5nIEtleSkgPHNlY3VyaXR5 +QGNlbnRvcy5vcmc+iQI3BBMBAgAhBQJczFsZAhsDBgsJCAcDAgYVCAIJCgsDFgIB +Ah4BAheAAAoJEAW1VbOEg8ZdjOsP/2ygSxH9jqffOU9SKyJDlraL2gIutqZ3B8pl +Gy/Qnb9QD1EJVb4ZxOEhcY2W9VJfIpnf3yBuAto7zvKe/G1nxH4Bt6WTJQCkUjcs +N3qPWsx1VslsAEz7bXGiHym6Ay4xF28bQ9XYIokIQXd0T2rD3/lNGxNtORZ2bKjD +vOzYzvh2idUIY1DgGWJ11gtHFIA9CvHcW+SMPEhkcKZJAO51ayFBqTSSpiorVwTq +a0cB+cgmCQOI4/MY+kIvzoexfG7xhkUqe0wxmph9RQQxlTbNQDCdaxSgwbF2T+gw +byaDvkS4xtR6Soj7BKjKAmcnf5fn4C5Or0KLUqMzBtDMbfQQihn62iZJN6ZZ/4dg +q4HTqyVpyuzMXsFpJ9L/FqH2DJ4exGGpBv00ba/Zauy7GsqOc5PnNBsYaHCply0X +407DRx51t9YwYI/ttValuehq9+gRJpOTTKp6AjZn/a5Yt3h6jDgpNfM/EyLFIY9z +V6CXqQQ/8JRvaik/JsGCf+eeLZOw4koIjZGEAg04iuyNTjhx0e/QHEVcYAqNLhXG +rCTTbCn3NSUO9qxEXC+K/1m1kaXoCGA0UWlVGZ1JSifbbMx0yxq/brpEZPUYm+32 +o8XfbocBWljFUJ+6aljTvZ3LQLKTSPW7TFO+GXycAOmCGhlXh2tlc6iTc41PACqy +yy+mHmSv +=kkH7 +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/src/linux/centos.repo b/src/linux/centos.repo new file mode 100644 index 00000000..4966fc2c --- /dev/null +++ b/src/linux/centos.repo @@ -0,0 +1,6 @@ +[centos8-base] +name = CentOS 8 Base OS +baseurl = http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/ +gpgcheck = 1 +enabled = 1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial \ No newline at end of file diff --git a/src/linux/fpm-rhel b/src/linux/fpm-rhel index e52ce491..bde8090f 100644 --- a/src/linux/fpm-rhel +++ b/src/linux/fpm-rhel @@ -3,11 +3,11 @@ --license agpl3 --version %VERSION% --architecture x86_64 ---depends bash --depends epel-release --depends python39 --depends 'nginx = 1:1.22.1-1.el8.ngx' --depends libcurl-devel --depends libxml2 --depends lmdb-libs --depends GeoIP-devel --depends file-libs --depends net-tools --depends gd --depends sudo --depends procps --depends lsof +--depends bash --depends python39 --depends 'nginx = 1:1.22.1-1.el8.ngx' --depends libcurl-devel --depends libxml2 --depends file-libs --depends net-tools --depends gd --depends sudo --depends procps --depends lsof --description "BunkerWeb %VERSION% for Rhel 8" --url "https://www.bunkerweb.io" --maintainer "Bunkerity " --before-install /usr/share/bunkerweb/scripts/beforeInstall.sh --after-install /usr/share/bunkerweb/scripts/postinstall.sh ---after-remove /usr/share/bunkerweb/scripts/afterRemove.sh +--after-remove /usr/share/bunkerweb/scripts/afterRemoveRPM.sh /usr/share/bunkerweb/=/usr/share/bunkerweb/ /usr/bin/bwcli=/usr/bin/bwcli /etc/bunkerweb/=/etc/bunkerweb /var/tmp/bunkerweb/=/var/tmp/bunkerweb /var/cache/bunkerweb/=/var/cache/bunkerweb /lib/systemd/system/bunkerweb.service=/lib/systemd/system/bunkerweb.service /lib/systemd/system/bunkerweb-ui.service=/lib/systemd/system/bunkerweb-ui.service /var/lib/bunkerweb=/var/lib/bunkerweb /etc/letsencrypt=/etc/letsencrypt \ No newline at end of file diff --git a/src/linux/scripts/afterRemoveDEB.sh b/src/linux/scripts/afterRemoveDEB.sh index c7197265..ec72a8f5 100644 --- a/src/linux/scripts/afterRemoveDEB.sh +++ b/src/linux/scripts/afterRemoveDEB.sh @@ -102,7 +102,7 @@ fi # Detect OS OS=$(lsb_release -is | tr '[:upper:]' '[:lower:]') -if ! [[ "$OS" =~ (debian|ubuntu|centos|fedora) ]]; then +if ! [[ "$OS" =~ (debian|ubuntu) ]]; then echo "❌ Unsupported Operating System" exit 1 fi diff --git a/src/linux/scripts/afterRemoveRPM.sh b/src/linux/scripts/afterRemoveRPM.sh index 06482451..b2e9c51b 100644 --- a/src/linux/scripts/afterRemoveRPM.sh +++ b/src/linux/scripts/afterRemoveRPM.sh @@ -100,9 +100,13 @@ if [ $(id -u) -ne 0 ] ; then exit 1 fi -# Detect OS -OS=$(lsb_release -is | tr '[:upper:]' '[:lower:]') -if ! [[ "$OS" =~ (debian|ubuntu|centos|fedora) ]]; then +if [ -f /etc/redhat-release ]; then + OS="redhat" +else + OS=$(lsb_release -is | tr '[:upper:]' '[:lower:]') +fi + +if ! [[ "$OS" =~ (centos|fedora|redhat) ]]; then echo "❌ Unsupported Operating System" exit 1 fi diff --git a/tests/Upgrade.py b/tests/Upgrade.py index 2e1fe43b..189edf51 100644 --- a/tests/Upgrade.py +++ b/tests/Upgrade.py @@ -433,7 +433,7 @@ if distro == "ubuntu": "systemd-ubuntu", "bash", "-c", - 'sudo apt-get install -y nginx=1.20.2-1~jammy', + 'apt-get install -y nginx=1.20.2-1~jammy', ] ) subprocess.run( @@ -455,7 +455,7 @@ if distro == "ubuntu": "systemd-ubuntu", "bash", "-c", - "sudo apt update" + "apt update" ] ) subprocess.run( @@ -466,7 +466,7 @@ if distro == "ubuntu": "systemd-ubuntu", "bash", "-c", - "sudo apt install -y bunkerweb=1.4.5", + "apt install -y bunkerweb=1.4.5", ] ) @@ -494,7 +494,7 @@ if distro == "ubuntu": "systemd-ubuntu", "bash", "-c", - "sudo apt remove -y nginx", + "apt remove -y nginx", ] ) subprocess.run( @@ -505,7 +505,7 @@ if distro == "ubuntu": "systemd-ubuntu", "bash", "-c", - "sudo apt purge -y nginx", + "apt purge -y nginx", ] ) subprocess.run( @@ -516,7 +516,7 @@ if distro == "ubuntu": "systemd-ubuntu", "bash", "-c", - "sudo apt autoremove -y", + "apt autoremove -y", ] ) subprocess.run( @@ -527,7 +527,7 @@ if distro == "ubuntu": "systemd-ubuntu", "bash", "-c", - "sudo apt install -y /data/bunkerweb.deb", + "apt install -y /data/bunkerweb.deb", ] ) @@ -1674,8 +1674,506 @@ elif distro == "fedora": sys.exit(1) elif distro == "rhel": - echo("RHEL not supported yet") - exit(1) + test_results = { + "Installation test": None, + "Reloading test": None, + "Removing test": None, + "Upgrading test": None, + } + subprocess.run( + [ + "sudo", + "docker", + "build", + "-t", + "rhel-image", + "-f", + "src/linux/Dockerfile-rhel", + ".", + ] + ) + subprocess.run( + [ + "sudo", + "docker", + "run", + "-it", + "--name", + "rhel-container", + "-v", + "deb:/data", + "rhel-image", + ] + ) + subprocess.run( + [ + "docker", + "run", + "-d", + "--name", + "systemd-rhel", + "-v", + "deb:/data", + "--privileged", + "-v", + "/sys/fs/cgroup:/sys/fs/cgroup", + "registry.access.redhat.com/ubi8/ubi-init:8.7-10", + ] + ) + + # Installing test + print("Installing bunkerweb...") + bash_script = """ + dnf install yum-utils wget sudo -y + wget https://nginx.org/packages/rhel/8/x86_64/RPMS/nginx-1.22.1-1.el8.ngx.x86_64.rpm + dnf install nginx-1.22.1-1.el8.ngx.x86_64.rpm -y + dnf install /data/bunkerweb.rpm -y + """ + + with tempfile.NamedTemporaryFile(mode="w") as f: + f.write(bash_script) + f.flush() + subprocess.run( + ["docker", "cp", f.name, "systemd-rhel:/data/install_nginx.sh"] + ) + result = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "/data/install_nginx.sh", + ] + ) + if result.returncode != 0: + bunkerweb_logs = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "systemctl status bunkerweb.service", + ], + capture_output=True, + ) + print("Logs from bunkerweb:", bunkerweb_logs.stdout.decode()) + + bunkerweb_ui_logs = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "systemctl status bunkerweb-ui.service", + ], + capture_output=True, + ) + print("Logs from bunkerweb-ui:", bunkerweb_ui_logs.stdout.decode()) + sys.exit(result.returncode) + exit(result.returncode) + else: + print("✔️ Installation successful ✔️") + # Checking Installation test + try: + if result.returncode == 0: + test_results["Installation test"] = "OK" + else: + test_results["Installation test"] = "KO" + sys.exit(1) + except: + test_results["Installation test"] = "KO" + sys.exit(1) + + # Reloading test + print("Reloading bunkerweb...") + subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "echo 'HTTPS_PORT=8443' >> /etc/bunkerweb/variables.env", + ] + ) + subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "echo 'new_value=1' >> /etc/bunkerweb/ui.env", + ] + ) + subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "systemctl reload bunkerweb", + ] + ) + subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "systemctl reload bunkerweb-ui", + ] + ) + + bunkerweb_state = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "systemctl is-active bunkerweb.service", + ], + capture_output=True, + ) + if bunkerweb_state.stdout.decode().strip() != "active": + bunkerweb_logs = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "journalctl -u bunkerweb.service", + ], + capture_output=True, + ) + print( + "❌ bunkerweb.service is not running. Logs:", bunkerweb_logs.stdout.decode() + ) + + bunkerweb_ui_state = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "systemctl is-active bunkerweb-ui.service", + ], + capture_output=True, + ) + if bunkerweb_ui_state.stdout.decode().strip() != "active": + bunkerweb_ui_logs = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "journalctl -u bunkerweb-ui.service", + ], + capture_output=True, + ) + print( + "❌ bunkerweb-ui.service is not running. Logs:", + bunkerweb_ui_logs.stdout.decode(), + ) + else: + print("✔️ bunkerweb.service and bunkerweb-ui.service are running ✔️") + # Checking Reloading test + try: + if bunkerweb_state.stdout.decode().strip() == "active": + test_results["Reloading test"] = "OK" + else: + test_results["Reloading test"] = "KO" + except: + test_results["Reloading test"] = "KO" + + # Removing test + print("Removing bunkerweb...") + subprocess.run( + [ + "sudo", + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "dnf remove -y bunkerweb", + ] + ) + + result = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "[ -d /usr/share/bunkerweb ]", + ], + capture_output=True, + ) + if result.returncode != 0: + print("✔️ /usr/share/bunkerweb not found.") + else: + print("❌ /usr/share/bunkerweb found.") + + result = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "[ -d /var/tmp/bunkerweb ]", + ], + capture_output=True, + ) + if result.returncode != 0: + print("✔️ /var/tmp/bunkerweb not found.") + else: + print("❌ /var/tmp/bunkerweb found.") + + result = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "[ -d /var/cache/bunkerweb ]", + ], + capture_output=True, + ) + if result.returncode != 0: + print("✔️ /var/cache/bunkerweb not found.") + else: + print("❌ /var/cache/bunkerweb found.") + + result = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "[ -f /usr/bin/bwcli ]", + ], + capture_output=True, + ) + if result.returncode != 0: + print("✔️ /usr/bin/bwcli not found.") + else: + print("❌ /usr/bin/bwcli found.") + + result = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "[ -d /var/lib/bunkerweb ]", + ], + capture_output=True, + ) + if result.returncode != 0: + print("✔️ /var/lib/bunkerweb not found.") + else: + print("❌ /var/lib/bunkerweb found.") + + result = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "[ -d /etc/bunkerweb ]", + ], + capture_output=True, + ) + if result.returncode != 0: + print("✔️ /etc/bunkerweb not found.") + else: + print("❌ /etc/bunkerweb found.") + # Checking Removing test + try: + if ( + os.path.exists("/usr/share/bunkerweb") + or os.path.exists("/var/tmp/bunkerweb") + or os.path.exists("/var/cache/bunkerweb") + or os.path.exists("/usr/bin/bwcli") + or os.path.isdir("/var/lib/bunkerweb") + or os.path.isdir("/etc/bunkerweb") + ): + test_results["Removing test"] = "KO" + else: + test_results["Removing test"] = "OK" + except: + test_results["Removing test"] = "KO" + + # Upgrading test + print("Upgrading bunkerweb...") + subprocess.run( + [ + "docker", + "rm", + "-f", + "systemd-rhel", + ] + ) + subprocess.run( + [ + "docker", + "run", + "-d", + "--name", + "systemd-rhel", + "-v", + "deb:/data", + "--privileged", + "-v", + "/sys/fs/cgroup:/sys/fs/cgroup", + "registry.access.redhat.com/ubi8/ubi-init:8.7-10", + ] + ) + subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash", + ] + ) + subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "sudo dnf check-update", + ] + ) + subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "sudo dnf install -y bunkerweb-1.4.5", + ] + ) + + # Checking version + old_version = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "cat /opt/bunkerweb/VERSION", + ], + capture_output=True, + ) + print("Old version:", old_version.stdout.decode().strip()) + + # Upgrading package + subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "sudo dnf remove -y nginx", + ] + ) + subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "sudo dnf autoremove -y", + ] + ) + subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "sudo dnf install -y /data/bunkerweb.rpm", + ] + ) + + # Checking version + new_version = subprocess.run( + [ + "docker", + "exec", + "-it", + "systemd-rhel", + "bash", + "-c", + "cat /usr/share/bunkerweb/VERSION", + ], + capture_output=True, + ) + print("New version:", new_version.stdout.decode().strip()) + try: + if old_version.stdout.decode().strip() != new_version.stdout.decode().strip(): + test_results["Upgrading test"] = "OK" + else: + test_results["Upgrading test"] = "KO" + except: + test_results["Upgrading test"] = "KO" + + # Print summary + for key, value in test_results.items(): + print(f"{key}: {value}") + if "KO" in test_results.values(): + sys.exit(1) + elif distro == "centos": test_results = { "Installation test": None,