Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Tom Niget
slapos
Commits
c60f6369
Commit
c60f6369
authored
Oct 13, 2023
by
Alain Takoudjou
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add patrowl engines software-type with some engines
parent
b9dfcb49
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
453 additions
and
61 deletions
+453
-61
software/patrowl/buildout.hash.cfg
software/patrowl/buildout.hash.cfg
+11
-3
software/patrowl/instance-patrowl-engines.cfg.jinja2.in
software/patrowl/instance-patrowl-engines.cfg.jinja2.in
+224
-0
software/patrowl/instance-patrowl.cfg.jinja2.in
software/patrowl/instance-patrowl.cfg.jinja2.in
+38
-9
software/patrowl/instance.cfg.in
software/patrowl/instance.cfg.in
+17
-4
software/patrowl/nginx-engines.conf.in
software/patrowl/nginx-engines.conf.in
+49
-0
software/patrowl/patrowl-wapper.sh.in
software/patrowl/patrowl-wapper.sh.in
+1
-0
software/patrowl/software.cfg
software/patrowl/software.cfg
+113
-45
No files found.
software/patrowl/buildout.hash.cfg
View file @
c60f6369
...
@@ -15,15 +15,19 @@
...
@@ -15,15 +15,19 @@
[instance]
[instance]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum =
6b6eadb804d0d15c116d865d02938322
md5sum =
1eca3808d5caededd6170e0d2126c66c
[template-patrowl]
[template-patrowl]
filename = instance-patrowl.cfg.jinja2.in
filename = instance-patrowl.cfg.jinja2.in
md5sum = 9a955d621b255cc1c71f7ad7008b7d6e
md5sum = 552bf4e4e4625f6fdefb054d06578cf7
[template-patrowl-engines]
filename = instance-patrowl-engines.cfg.jinja2.in
md5sum = 492e7f0a1a476189895a4f8b8addb253
[template-patrowl-wrapper]
[template-patrowl-wrapper]
filename = patrowl-wapper.sh.in
filename = patrowl-wapper.sh.in
md5sum =
b58da4365f8b12afb492523c5310cc49
md5sum =
d2d8c018fd46a9e2936736961a3fa872
[template-create_default_admin.py.in]
[template-create_default_admin.py.in]
filename = create_default_admin.py.in
filename = create_default_admin.py.in
...
@@ -32,3 +36,7 @@ md5sum = 9b7bb45c5c934884054eedc0f7d801ef
...
@@ -32,3 +36,7 @@ md5sum = 9b7bb45c5c934884054eedc0f7d801ef
[template-nginx.conf.in]
[template-nginx.conf.in]
filename = nginx.conf.in
filename = nginx.conf.in
md5sum = 4046c3f1e9c7e9d17e1ba245177daa58
md5sum = 4046c3f1e9c7e9d17e1ba245177daa58
[template-nginx-engines.conf.in]
filename = nginx-engines.conf.in
md5sum = 9221f27c6ceb71ea1b39dfac41e3e421
software/patrowl/instance-patrowl-engines.cfg.jinja2.in
0 → 100644
View file @
c60f6369
{% set local_ipv4 = (ipv4 | list)[0] -%}
{% set local_ipv6 = (ipv6 | list)[0] -%}
{% set engine_port_dict = {} -%}
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
bin = ${buildout:directory}/bin
srv = ${buildout:directory}/srv
var = ${buildout:directory}/var
run = ${:var}/run
log = ${:var}/log
scripts = ${:etc}/run
services = ${:etc}/service
plugins = ${:etc}/plugin
ssl = ${:etc}/ssl
tmp = ${:srv}/tmp
nginx = ${:srv}/nginx
[gunicorn]
recipe = slapos.recipe.template
engines-directory = ${directory:srv}/patrowl-engines
inline =
#!/bin/sh -e
FOLDER=${:engines-directory}
[ ! -d "$FOLDER" ] && cp -ax {{ parameter_dict['engines-location'] }} $FOLDER
cd $FOLDER/engines/$ENGINE_FOLER_NAME
# export PYTHONPATH=$FOLDER:$PYTHONPATH
exec {{ gunicorn_bin }} "$@"
output = ${directory:bin}/gunicorn
{% if slapparameter_dict.get('apivoid-apikey') -%}
# Deploy apivoid
[service-apivoid]
recipe = slapos.cookbook:wrapper
command-line =
${gunicorn:output} engine-apivoid:app -b {{ local_ipv4 }}:${:port}
--access-logfile ${directory:log}/apivoid.log --log-level error
wrapper-path = ${directory:services}/gunicorn-apivoid
port = 5022
environment =
ENGINE_FOLER_NAME=apivoid
APP_MAXSCANS=${instance-parameters:app-maxscans}
APIVOID_APIKEY=${instance-parameters:apivoid-apikey}
depends =
${configure-engine-apivoid:recipe}
[configure-engine-apivoid]
recipe = plone.recipe.command
stop-on-error = true
update-command = ${:command}
command =
BASE=${gunicorn:engines-directory}/engines/apivoid
mkdir -p $BASE/results
cp $BASE/apivoid.json.sample $BASE/apivoid.json
[apivoid-promise]
<= monitor-promise-base
promise = check_socket_listening
name = apivoid_promise.py
config-host = {{ local_ipv4 }}
config-port = ${service-apivoid:port}
depends =
${apivoid-url-promise:recipe}
[apivoid-url-promise]
<= monitor-promise-base
promise = check_url_available
name = apivoid_url_promise.py
config-url = http://{{ local_ipv4 }}:${service-apivoid:port}/engines/apivoid/status
{% do engine_port_dict.__setitem__('engine-apivoid', '${apivoid-promise:config-port}') -%}
{% endif %}
{% if slapparameter_dict.get('enable-sslscan', True) -%}
[sslscan.json]
recipe = slapos.recipe.template
output = ${gunicorn:engines-directory}/engines/sslscan/sslscan.json
inline ={
"name": "SSLScan",
"version": "2",
"description": "SSL Scanner based on SSLScan",
"allowed_asset_types": ["domain", "fqdn", "url", "ip"],
"options": {
"bin_path": "{{ parameter_dict['sslscan-bin'] }}",
"show-certificate": { "type": "optional", "value": "--show-certificate"},
"no-check-certificate": { "type": "optional", "value": "--no-check-certificate"},
"ssl2-only": { "type": "optional", "value": "--ssl2"},
"ssl3-only": { "type": "optional", "value": "--ssl3"},
"tls10-only": { "type": "optional", "value": "--tls10"},
"tls11-only": { "type": "optional", "value": "--tls11"},
"tls12-only": { "type": "optional", "value": "--tls12"},
"tlsall": { "type": "optional", "value": "--tlsall"},
"show_ocsp_status": { "type": "optional", "value": "--oscp"},
"no-ciphersuites": { "type": "optional", "value": "--no-ciphersuites"},
"no-renegociation": { "type": "optional", "value": "--no-renegociation"},
"no-fallback": { "type": "optional", "value": "--no-fallback"},
"no-compression": { "type": "optional", "value": "--no-compression"},
"no-heartbleed": { "type": "optional", "value": "--no-heartbleed"}
}
}
[service-sslscan]
recipe = slapos.cookbook:wrapper
command-line =
${gunicorn:output} engine-sslscan:app -b {{ local_ipv4 }}:${:port}
--access-logfile ${directory:log}/sslscan.log --log-level error
wrapper-path = ${directory:services}/gunicorn-sslscan
port = 5014
environment =
ENGINE_FOLER_NAME=sslscan
APP_MAXSCANS=${instance-parameters:app-maxscans}
depends =
${directory-sslscan:recipe}
${sslscan.json:recipe}
[directory-sslscan]
recipe = slapos.cookbook:mkdirectory
results = ${gunicorn:engines-directory}/engines/sslscan/results
[sslscan-promise]
<= monitor-promise-base
promise = check_socket_listening
name = sslscan_promise.py
config-host = {{ local_ipv4 }}
config-port = ${service-sslscan:port}
depends =
${sslscan-url-promise:recipe}
[sslscan-url-promise]
<= monitor-promise-base
promise = check_url_available
name = sslscan_url_promise.py
config-url = http://{{ local_ipv4 }}:${service-sslscan:port}/engines/sslscan/status
{% do engine_port_dict.__setitem__('engine-sslscan', '${sslscan-promise:config-port}') -%}
{% endif %}
[nginx-parameters]
nginx-ip = {{ local_ipv6 }}
local-ipv4 = {{ local_ipv4 }}
nginx-port = 8050
access-log = ${directory:log}/nginx.patrowlengines-access.log
error-log = ${directory:log}/nginx.patrowlengines-error.log
nginx-mime-types = {{ nginx_mime_types }}
key-file = ${nginx-certificate:key-file}
cert-file = ${nginx-certificate:cert-file}
path-pid = ${directory:run}/nginx-engines.pid
nb-workers = 2
{% for name, port in engine_port_dict.items() -%}
{{ name }} = {{ port }}
{% endfor %}
[nginx-conf]
recipe = slapos.recipe.template:jinja2
url = {{ parameter_dict['nginx-engines-conf'] }}
context =
section parameter_dict nginx-parameters
output = ${directory:etc}/nginx-engines.conf
# self-signed certificate for https
[nginx-certificate]
recipe = plone.recipe.command
stop-on-error = true
cert-file = ${directory:ssl}/nginx_backend.crt
key-file = ${directory:ssl}/nginx_backend.key
command =
test -e ${:key-file} || \
{{ openssl_bin }} req -newkey rsa -batch -new -x509 -days 3650 -nodes \
-keyout ${:key-file} -out ${:cert-file}
update-command = ${:command}
[service-nginx]
recipe = slapos.cookbook:wrapper
command-line =
{{ nginx_bin }} -p ${directory:nginx} -c ${nginx-conf:output}
wrapper-path = ${directory:services}/nginx
url = https://[${nginx-parameters:nginx-ip}]:${nginx-parameters:nginx-port}
[promise-nginx]
<= monitor-promise-base
promise = check_command_execute
name = promise_nginx_site.py
promise = check_url_available
config-http-code = 404
config-url = ${service-nginx:url}
[patrowl-engines-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Patrowl engines Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
shared = true
config-url = ${service-nginx:url}
config-https-only = true
return = domain secure_access
[patrowl-engines-frontend-promise]
<= monitor-promise-base
promise = check_url_available
name = check_engines_frontend.py
config-url = ${patrowl-engines-frontend:connection-secure_access}
config-http-code = 404
[publish-connection-information]
<= monitor-publish
recipe = slapos.cookbook:publish
engines-url = ${patrowl-engines-frontend:connection-secure_access}
[instance-parameters]
apivoid-apikey = {{ slapparameter_dict.get('apivoid-apikey', '')}}
app-maxscans = {{ slapparameter_dict.get('app-maxscans', 25)}}
enable-sslscan = true
[buildout]
extends = {{ template_monitor }}
parts =
patrowl-engines-frontend-promise
publish-connection-information
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
software/patrowl/instance-patrowl.cfg.jinja2.in
View file @
c60f6369
...
@@ -12,13 +12,16 @@ scripts = ${:etc}/run
...
@@ -12,13 +12,16 @@ scripts = ${:etc}/run
services = ${:etc}/service
services = ${:etc}/service
plugins = ${:etc}/plugin
plugins = ${:etc}/plugin
ssl = ${:etc}/ssl
ssl = ${:etc}/ssl
www = ${:srv}/www
tmp = ${:srv}/tmp
tmp = ${:srv}/tmp
rabbitmq = ${:srv}/rabbitmq
rabbitmq = ${:srv}/rabbitmq
mqlog = ${:log}/rabbitmq
mqlog = ${:log}/rabbitmq
mqlib = ${:var}/lib/rabbitmq
mqlib = ${:var}/lib/rabbitmq
nginx = ${:srv}/nginx
nginx = ${:srv}/nginx
[rabbitmq-password]
recipe = slapos.cookbook:generate.password
storage-path = ${directory:etc}/.rabbitmq
[service-rabbitmq]
[service-rabbitmq]
recipe = slapos.cookbook:wrapper
recipe = slapos.cookbook:wrapper
command-line =
command-line =
...
@@ -31,6 +34,8 @@ environment =
...
@@ -31,6 +34,8 @@ environment =
RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS=-rabbit log_levels [{connection,error}]
RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS=-rabbit log_levels [{connection,error}]
RABBITMQ_ADVANCED_CONFIG_FILE=${directory:rabbitmq}/advanced.config
RABBITMQ_ADVANCED_CONFIG_FILE=${directory:rabbitmq}/advanced.config
RABBITMQ_CONF_ENV_FILE=${directory:rabbitmq}/rabbitmq-env.conf
RABBITMQ_CONF_ENV_FILE=${directory:rabbitmq}/rabbitmq-env.conf
RABBITMQ_DEFAULT_USER=${:username}
RABBITMQ_DEFAULT_PASS=${:password}
RABBITMQ_NODE_IP_ADDRESS={{ local_ipv4 }}
RABBITMQ_NODE_IP_ADDRESS={{ local_ipv4 }}
RABBITMQ_NODE_PORT=${:port}
RABBITMQ_NODE_PORT=${:port}
ERL_EPMD_ADDRESS={{ local_ipv4 }}
ERL_EPMD_ADDRESS={{ local_ipv4 }}
...
@@ -41,6 +46,29 @@ environment =
...
@@ -41,6 +46,29 @@ environment =
RABBITMQ_PLUGINS_DIR=${directory:mqlib}/plugins
RABBITMQ_PLUGINS_DIR=${directory:mqlib}/plugins
PATH={{ parameter_dict['erlang-location'] }}/bin:/usr/local/bin:/usr/bin:/bin
PATH={{ parameter_dict['erlang-location'] }}/bin:/usr/local/bin:/usr/bin:/bin
port = 5672
port = 5672
username = rabbitmq
password = ${rabbitmq-password:passwd}
[service-rabbitmqctl]
recipe = slapos.cookbook:wrapper
command-line =
{{ parameter_dict['rabbitmq-location'] }}/sbin/rabbitmqctl
wrapper-path = ${directory:bin}/rabbitmqctl
environment =
${service-rabbitmq:environment}
[rabbimq-configure-script]
recipe = slapos.recipe.template
inline =#!/bin/bash -e
TEST_FILE=${directory:rabbitmq}/.user_created
[ -f "$TEST_FILE" ] && exit 0;
echo '${service-rabbitmq:password}' | ${service-rabbitmqctl:wrapper-path} add_user '${service-rabbitmq:username}'
# Grants a user permissions to all virtual hosts.
for v in $(${service-rabbitmqctl:wrapper-path} list_vhosts --silent); do
${service-rabbitmqctl:wrapper-path} set_permissions -p $v "${service-rabbitmq:username}" ".*" ".*" ".*";
done
touch $TEST_FILE
output = ${directory:scripts}/configure-rabbitmq
[promise-rabbitmq]
[promise-rabbitmq]
<= monitor-promise-base
<= monitor-promise-base
...
@@ -77,7 +105,7 @@ config-command =
...
@@ -77,7 +105,7 @@ config-command =
[gunicorn-wrapper]
[gunicorn-wrapper]
recipe = slapos.cookbook:wrapper
recipe = slapos.cookbook:wrapper
command-line =
command-line =
{{
parameter_dict['gunicorn-bin']
}} -b {{ local_ipv4 }}:${:port} app.wsgi:application
{{
gunicorn_bin
}} -b {{ local_ipv4 }}:${:port} app.wsgi:application
--timeout 300 --log-level error
--timeout 300 --log-level error
wrapper-path = ${directory:bin}/gunicorn
wrapper-path = ${directory:bin}/gunicorn
port = 8003
port = 8003
...
@@ -104,8 +132,8 @@ inline =
...
@@ -104,8 +132,8 @@ inline =
export RABBITMQ_HOST={{ local_ipv4 }}
export RABBITMQ_HOST={{ local_ipv4 }}
export RABBITMQ_PORT=${service-rabbitmq:port}
export RABBITMQ_PORT=${service-rabbitmq:port}
export RABBITMQ_HOSTNAME='{{ local_ipv4 }}:${service-rabbitmq:port}'
export RABBITMQ_HOSTNAME='{{ local_ipv4 }}:${service-rabbitmq:port}'
export RABBIT_ENV_USER='
guest
'
export RABBIT_ENV_USER='
${service-rabbitmq:username}
'
#export RABBIT_ENV_PASS='guest
'
export RABBIT_ENV_PASS='${service-rabbitmq:password}
'
export BROKER_URL=
export BROKER_URL=
export PE_INSTALL_PATH=
export PE_INSTALL_PATH=
export PATROWL_SU_USERNAME="admin"
export PATROWL_SU_USERNAME="admin"
...
@@ -198,7 +226,7 @@ access-log = ${directory:log}/nginx.patrowlmanager-access.log
...
@@ -198,7 +226,7 @@ access-log = ${directory:log}/nginx.patrowlmanager-access.log
error-log = ${directory:log}/nginx.patrowlmanager-error.log
error-log = ${directory:log}/nginx.patrowlmanager-error.log
gunicorn-url = http://{{ local_ipv4 }}:${gunicorn-wrapper:port}
gunicorn-url = http://{{ local_ipv4 }}:${gunicorn-wrapper:port}
patrowl-directory = ${patrowl-parameters:patrowl-directory}
patrowl-directory = ${patrowl-parameters:patrowl-directory}
nginx-mime-types = {{
parameter_dict['nginx-mime-types']
}}
nginx-mime-types = {{
nginx_mime_types
}}
key-file = ${nginx-certificate:key-file}
key-file = ${nginx-certificate:key-file}
cert-file = ${nginx-certificate:cert-file}
cert-file = ${nginx-certificate:cert-file}
path-pid = ${directory:run}/nginx.pid
path-pid = ${directory:run}/nginx.pid
...
@@ -206,7 +234,7 @@ nb-workers = 4
...
@@ -206,7 +234,7 @@ nb-workers = 4
[nginx-conf]
[nginx-conf]
recipe = slapos.recipe.template:jinja2
recipe = slapos.recipe.template:jinja2
url = {{
parameter_dict['nginx-conf']
}}
url = {{
nginx_conf
}}
context =
context =
section parameter_dict nginx-parameters
section parameter_dict nginx-parameters
output = ${directory:etc}/nginx.conf
output = ${directory:etc}/nginx.conf
...
@@ -226,7 +254,7 @@ update-command = ${:command}
...
@@ -226,7 +254,7 @@ update-command = ${:command}
[service-nginx]
[service-nginx]
recipe = slapos.cookbook:wrapper
recipe = slapos.cookbook:wrapper
command-line =
command-line =
{{
parameter_dict['nginx-bin']
}} -p ${directory:nginx} -c ${nginx-conf:output}
{{
nginx_bin
}} -p ${directory:nginx} -c ${nginx-conf:output}
wrapper-path = ${directory:services}/nginx
wrapper-path = ${directory:services}/nginx
url = https://[${nginx-parameters:nginx-ip}]:${nginx-parameters:nginx-port}
url = https://[${nginx-parameters:nginx-ip}]:${nginx-parameters:nginx-port}
...
@@ -241,10 +269,10 @@ config-url = ${service-nginx:url}
...
@@ -241,10 +269,10 @@ config-url = ${service-nginx:url}
[patrowl-frontend]
[patrowl-frontend]
<= slap-connection
<= slap-connection
recipe = slapos.cookbook:requestoptional
recipe = slapos.cookbook:requestoptional
name = Patrowl
nginx
Frontend
name = Patrowl
Manager
Frontend
# XXX We have hardcoded SR URL here.
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
s
lave
= true
s
hared
= true
config-url = ${service-nginx:url}
config-url = ${service-nginx:url}
config-https-only = true
config-https-only = true
return = domain secure_access
return = domain secure_access
...
@@ -274,6 +302,7 @@ parts =
...
@@ -274,6 +302,7 @@ parts =
publish-connection-information
publish-connection-information
promise-postgresql
promise-postgresql
service-rabbitmq
service-rabbitmq
rabbimq-configure-script
promise-rabbitmq
promise-rabbitmq
service-patrowl
service-patrowl
service-nginx
service-nginx
...
...
software/patrowl/instance.cfg.in
View file @
c60f6369
...
@@ -11,6 +11,7 @@ offline = true
...
@@ -11,6 +11,7 @@ offline = true
recipe = slapos.cookbook:switch-softwaretype
recipe = slapos.cookbook:switch-softwaretype
default = dynamic-template-patrowl:output
default = dynamic-template-patrowl:output
RootSoftwareInstance = ${:default}
RootSoftwareInstance = ${:default}
engines = dynamic-template-patrowl-engines:output
[slap-configuration]
[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
recipe = slapos.cookbook:slapconfiguration.serialised
...
@@ -35,6 +36,10 @@ context =
...
@@ -35,6 +36,10 @@ context =
key slapparameter_dict slap-configuration:configuration
key slapparameter_dict slap-configuration:configuration
key computer_id slap-configuration:computer
key computer_id slap-configuration:computer
key partition_id slap-configuration:partition
key partition_id slap-configuration:partition
raw nginx_bin {{ nginx_bin }}
raw gunicorn_bin {{ bin_directory }}/gunicorn
raw nginx_conf {{ template_nginx_conf }}
raw nginx_mime_types {{ nginx_mime_types }}
raw openssl_bin {{ openssl_location }}/bin/openssl
raw openssl_bin {{ openssl_location }}/bin/openssl
raw python_bin {{ bin_directory }}/{{ python_with_eggs }}
raw python_bin {{ bin_directory }}/{{ python_with_eggs }}
raw template_monitor {{ template_monitor_cfg }}
raw template_monitor {{ template_monitor_cfg }}
...
@@ -45,14 +50,10 @@ context =
...
@@ -45,14 +50,10 @@ context =
erlang-location = {{ erlang_location }}
erlang-location = {{ erlang_location }}
rabbitmq-location = {{ rabbitmq_location }}
rabbitmq-location = {{ rabbitmq_location }}
postgresql-location = {{ postgresql_location }}
postgresql-location = {{ postgresql_location }}
gunicorn-bin = {{ bin_directory }}/gunicorn
celery-bin = {{ bin_directory }}/celery
celery-bin = {{ bin_directory }}/celery
patrowl-wrapper = {{ template_patrowl_wrapper }}
patrowl-wrapper = {{ template_patrowl_wrapper }}
patrowl-location = {{ patrowl_location }}
patrowl-location = {{ patrowl_location }}
template-create-admin = {{ template_create_admin }}
template-create-admin = {{ template_create_admin }}
nginx-conf = {{ template_nginx_conf }}
nginx-bin = {{ nginx_bin }}
nginx-mime-types = {{ nginx_mime_types }}
[dynamic-template-patrowl]
[dynamic-template-patrowl]
<= jinja2-template-base
<= jinja2-template-base
...
@@ -60,3 +61,15 @@ url = {{ template_patrowl }}
...
@@ -60,3 +61,15 @@ url = {{ template_patrowl }}
filename = instance-patrowl.cfg
filename = instance-patrowl.cfg
extra-context =
extra-context =
section parameter_dict dynamic-template-patrowl-parameters
section parameter_dict dynamic-template-patrowl-parameters
[dynamic-template-patrowl-engines-parameters]
engines-location = {{ patrowl_engines_location }}
nginx-engines-conf = {{ template_nginx_engines_conf }}
sslscan-bin = {{ sslscan_bin }}
[dynamic-template-patrowl-engines]
<= jinja2-template-base
url = {{ telplate_patrowl_engines }}
filename = instance-patrowl-engines.cfg
extra-context =
section parameter_dict dynamic-template-patrowl-engines-parameters
software/patrowl/nginx-engines.conf.in
0 → 100644
View file @
c60f6369
worker_processes {{ parameter_dict['nb-workers'] }};
pid {{ parameter_dict['path-pid'] }};
error_log {{ parameter_dict['access-log' ] }};
daemon off;
events {
worker_connections 1024;
accept_mutex off;
}
http {
include {{ parameter_dict['nginx-mime-types'] }};
default_type application/octet-stream;
types_hash_bucket_size 64;
access_log {{ parameter_dict['access-log' ] }} combined;
server {
listen [{{ parameter_dict['nginx-ip' ] }}]:{{ parameter_dict['nginx-port' ] }} ssl http2;
autoindex off;
server_name _;
ssl_certificate {{ parameter_dict['cert-file'] }};
ssl_certificate_key {{ parameter_dict['key-file'] }};
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
{% for name, value in parameter_dict.items() %}
{% if name.startswith('engine-') -%}
{% set engine = name.split('-')[1] -%}
location /engines/{{ engine }}/ {
proxy_pass http://{{ parameter_dict['local-ipv4' ] }}:{{ value }}/engines/{{ engine }}/;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect off;
}
{% endif %}
{% endfor %}
}
}
software/patrowl/patrowl-wapper.sh.in
View file @
c60f6369
...
@@ -75,4 +75,5 @@ fi
...
@@ -75,4 +75,5 @@ fi
# Start Gunicorn WSGI server
# Start Gunicorn WSGI server
echo
"[+] Starting server"
echo
"[+] Starting server"
sleep
2
exec
{{
parameter_dict[
'gunicorn-wrapper'
]
}}
exec
{{
parameter_dict[
'gunicorn-wrapper'
]
}}
software/patrowl/software.cfg
View file @
c60f6369
...
@@ -4,6 +4,7 @@ extends =
...
@@ -4,6 +4,7 @@ extends =
../../component/postgresql/buildout.cfg
../../component/postgresql/buildout.cfg
../../component/psycopg2/buildout.cfg
../../component/psycopg2/buildout.cfg
../../component/erlang/buildout.cfg
../../component/erlang/buildout.cfg
../../component/sslscan/buildout.cfg
../../component/openssl/buildout.cfg
../../component/openssl/buildout.cfg
../../component/nginx/buildout.cfg
../../component/nginx/buildout.cfg
../../stack/monitor/buildout.cfg
../../stack/monitor/buildout.cfg
...
@@ -34,6 +35,7 @@ recipe = zc.recipe.egg
...
@@ -34,6 +35,7 @@ recipe = zc.recipe.egg
interpreter = python_eggs
interpreter = python_eggs
eggs =
eggs =
celery
celery
click
gunicorn
gunicorn
Django
Django
django-celery-beat
django-celery-beat
...
@@ -50,29 +52,77 @@ eggs =
...
@@ -50,29 +52,77 @@ eggs =
psutil
psutil
django-organizations
django-organizations
django-annoying
django-annoying
${django-dbconn-retry-setup:egg}
django-dbconn-retry
${django-reset-migrations-setup:egg}
django-reset-migrations
django-celery-results
django-celery-results
djangorestframework-datatables
djangorestframework-datatables
${Flask:egg}
Flask-Cors
flasgger
gevent
greenlet
itsdangerous
${Jinja2:egg}
jsonschema
markupsafe
meld3
meld3
mistune
more-itertools
more-itertools
netaddr
netaddr
openapi-codec
openapi-codec
PatrowlEnginesUtils
pyrsistent
${psycopg2-binary:egg}
${psycopg2-binary:egg}
python-crontab
python-crontab
python-dateutil
python-dateutil
python-magic
python-magic
python-memcached
python-memcached
${thehive4py-setup:egg}
PyYAML
ratelimit
thehive4py
tornado
tornado
tzlocal
tzlocal
Werkzeug
typing-extensions
${Werkzeug:egg}
zipp
zipp
cpe
cpe
scripts =
scripts =
gunicorn
gunicorn
celery
celery
[slapos-cookbook]
recipe = zc.recipe.egg:custom
setup-eggs =
${Flask:egg}
[Flask]
recipe = zc.recipe.egg:custom
egg = Flask
setup-eggs =
click
itsdangerous
${Jinja2:egg}
markupsafe
${Werkzeug:egg}
[Jinja2]
recipe = zc.recipe.egg:custom
egg = Jinja2
setup-eggs =
markupsafe
[Werkzeug]
recipe = zc.recipe.egg:custom
egg = Werkzeug
setup-eggs =
markupsafe
[slapos.recipe.template]
recipe = zc.recipe.egg:custom
egg = slapos.recipe.template
setup-eggs =
${Jinja2:egg}
[gitclone]
[gitclone]
recipe = slapos.recipe.build:gitclone
recipe = slapos.recipe.build:gitclone
git-executable = ${git:location}/bin/git
git-executable = ${git:location}/bin/git
...
@@ -80,35 +130,12 @@ git-executable = ${git:location}/bin/git
...
@@ -80,35 +130,12 @@ git-executable = ${git:location}/bin/git
[patrowl]
[patrowl]
<= gitclone
<= gitclone
repository = https://github.com/Patrowl/PatrowlManager.git
repository = https://github.com/Patrowl/PatrowlManager.git
git-executable = ${git:location}/bin/git
revision = 1.8.4
[django-dbconn-retry]
<= gitclone
repository = https://github.com/jdelic/django-dbconn-retry.git
[django-reset-migrations]
<= gitclone
repository = https://github.com/valdergallo/django-reset-migrations.git
[
thehive4py
]
[
patrowl-engines
]
<= gitclone
<= gitclone
repository = https://github.com/TheHive-Project/Thehive4py.git
repository = https://github.com/Patrowl/PatrowlEngines.git
revision = 1.8.1
revision = 1.5.12
[django-dbconn-retry-setup]
recipe = zc.recipe.egg:develop
egg = django-dbconn-retry
setup = ${django-dbconn-retry:location}
[django-reset-migrations-setup]
recipe = zc.recipe.egg:develop
egg = django-reset-migrations
setup = ${django-reset-migrations:location}
[thehive4py-setup]
recipe = zc.recipe.egg:develop
egg = thehive4py
setup = ${thehive4py:location}
[download-template]
[download-template]
recipe = slapos.recipe.build:download
recipe = slapos.recipe.build:download
...
@@ -128,31 +155,39 @@ context =
...
@@ -128,31 +155,39 @@ context =
key erlang_location erlang:location
key erlang_location erlang:location
key openssl_location openssl:location
key openssl_location openssl:location
key patrowl_location patrowl:location
key patrowl_location patrowl:location
key patrowl_engines_location patrowl-engines:location
key postgresql_location postgresql:location
key postgresql_location postgresql:location
key nginx_bin nginx-output:nginx
key nginx_bin nginx-output:nginx
key nginx_mime_types nginx-output:mime
key nginx_mime_types nginx-output:mime
key python_with_eggs eggs:interpreter
key python_with_eggs eggs:interpreter
key rabbitmq_location rabbitmq:location
key rabbitmq_location rabbitmq:location
raw sslscan_bin ${sslscan:location}/bin/sslscan
key template_create_admin template-create_default_admin.py.in:target
key template_create_admin template-create_default_admin.py.in:target
key template_patrowl template-patrowl:target
key template_patrowl template-patrowl:target
key telplate_patrowl_engines template-patrowl-engines:target
key template_patrowl_wrapper template-patrowl-wrapper:target
key template_patrowl_wrapper template-patrowl-wrapper:target
key template_nginx_conf template-nginx.conf.in:target
key template_nginx_conf template-nginx.conf.in:target
key template_nginx_engines_conf template-nginx-engines.conf.in:target
depends =
${slapos.recipe.template:egg}
[template-patrowl]
[template-patrowl]
<= download-template
<= download-template
output = ${buildout:directory}/instance-patrowl.cfg.jinja2
[template-patrowl-engines]
<= download-template
[template-patrowl-wrapper]
[template-patrowl-wrapper]
<= download-template
<= download-template
output = ${buildout:directory}/patrowl-wapper.sh.in
[template-create_default_admin.py.in]
[template-create_default_admin.py.in]
<= download-template
<= download-template
output = ${buildout:directory}/create_default_admin.py.in
[template-nginx.conf.in]
[template-nginx.conf.in]
<= download-template
<= download-template
output = ${buildout:directory}/nginx.conf.in
[template-nginx-engines.conf.in]
<= download-template
[versions]
[versions]
amqp = 2.5.2
amqp = 2.5.2
...
@@ -180,17 +215,17 @@ flower = 0.9.2
...
@@ -180,17 +215,17 @@ flower = 0.9.2
future = 0.16.0
future = 0.16.0
futures = 3.1.1
futures = 3.1.1
gunicorn = 20.0.4
gunicorn = 20.0.4
idna = 2.5
#
idna = 2.5
importlib-metadata = 0.23
importlib-metadata = 0.23
itypes = 1.1.0
itypes = 1.1.0
Jinja2 = 2.11.3
#
Jinja2 = 2.11.3
jsonfield = 2.0.2
jsonfield = 2.0.2
kombu = 4.6.7
kombu = 4.6.7
libmagic = 1.0
libmagic = 1.0
MarkupSafe = 1.1.0
#
MarkupSafe = 1.1.0
meld3 = 1.0.2
meld3 = 1.0.2
more-itertools = 7.2.0
more-itertools = 7.2.0
netaddr = 0.7.19
#
netaddr = 0.7.19
openapi-codec = 1.3.2
openapi-codec = 1.3.2
#psycopg2-binary = 2.8.6
#psycopg2-binary = 2.8.6
psycopg2-binary = 2.8.6
psycopg2-binary = 2.8.6
...
@@ -200,12 +235,12 @@ python-magic = 0.4.15
...
@@ -200,12 +235,12 @@ python-magic = 0.4.15
#python-magic-bin = 0.4.14
#python-magic-bin = 0.4.14
python-memcached = 1.59
python-memcached = 1.59
pytz = 2019.2
pytz = 2019.2
requests = 2.25.1
#
requests = 2.25.1
simplejson = 3.16.0
simplejson = 3.16.0
singledispatch = 3.4.0.3
singledispatch = 3.4.0.3
six = 1.10.0
#
six = 1.10.0
sqlparse = 0.4.2
sqlparse = 0.4.2
thehive4py = 1.8.1
thehive4py = 1.8.1
:whl
#thehive4py = 1.5.1
#thehive4py = 1.5.1
PyJWT = 2.8.0
PyJWT = 2.8.0
tornado = 5.1
tornado = 5.1
...
@@ -219,12 +254,45 @@ django-filter = 2.4.0
...
@@ -219,12 +254,45 @@ django-filter = 2.4.0
django-cors-headers = 3.2.0
django-cors-headers = 3.2.0
djangorestframework-simplejwt = 4.4.0
djangorestframework-simplejwt = 4.4.0
django-health-check = 3.12.1
django-health-check = 3.12.1
psutil = 5.7.0
#
psutil = 5.7.0
django-organizations = 1.1.2
django-organizations = 1.1.2
django-annoying = 0.10.6
django-annoying = 0.10.6
#django-reset-migrations
#django-reset-migrations
#django-dbconn-retry
#django-dbconn-retry
cpe = 1.2.1
cpe = 1.2.1
django-dbconn-retry = 0.1.7
django-dbconn-retry = 0.1.7:whl
django-reset-migrations = 0.4.0
django-reset-migrations = 0.4.0:whl
# Dependencies for engines
click = 8.0
Flask = 2.0.3
#2.2.3
itsdangerous = 2.0
Jinja2 = 3.1.2
MarkupSafe = 2.0.1
requests = 2.28.2
werkzeug = 2.0.0
#2.2.3
# PatrowlEnginesUtils = 1.0.1
ratelimit = 2.2.1
netaddr = 0.8.0
# nmap
gevent = 22.10.2
greenlet = 2.0.1
idna = 2.7
PatrowlEnginesUtils = 1.0.2
psutil = 5.9.4
# sslscan
Flask-Cors = 3.0.10
flasgger = 0.9.5
importlib-metadata = 4.8.1
# itsdangerous = 2.0.1
#jsonschema = 4.1.0
mistune = 2.0.3:whl
pyrsistent = 0.18.0
PyYAML = 5.4.1
six = 1.16.0
#typing-extensions = 3.10.0.2
#zipp = 3.6.0
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment