Skip to content
Permalink
Browse files

Added new setup.bash installer, moved old one to legacy-setup.bash

  • Loading branch information...
mtesauro committed Nov 27, 2018
1 parent 81ce681 commit 1f84dd71c15ae7c662c9ea87d3b4ebcfd31ec4e1
@@ -0,0 +1,115 @@
## Documentation on setup.bash

The bash script setup.bash was created to automate installation of Defect Dojo and allow for the following install situations to be automated:

### Supported Installs

* Single Server - simplest DefectDojo install where DefectDojo, Dojo dependencies and 3rd party services are installed on a single server. [default install]
* Dev Install - install for local development where a Single Server install is run with credentials and other passwords set to known values.
* Stand-alone Server - install DefectDojo & Dojo dependencies only where 3rd party services (database) is running on other infrastructure.
* ? Docker Single Server - a Single Server install where DefectDojo, Dojo dependencies and 3rd party services are installed in a single container
* ? Docker Stand-alone - a Stand-alone Server install DefectDojo & Dojo dependencies only are installed in a single container.

Note: Cloning the DefectDojo repo and running ./setup.bash does a single server interactive install. Doing other install methods requires setting configuration values and/or using command-line options.

### TDB install situations

* Docker Dev Install - a dev install that uses docker + a mounted local directory structure to isolate dojo code from the rest of the run-time.
* Fronted Dojo Installs - a install of DefectDojo where a separate HTTP server answers the initial requests for DefectDojo such as using Nginx upstream of DefectDojo

### Assumptions

All installs make these assumption:

* DefectDojo will be run in a virtualenv
* All installs support an interactive and non-interactive install methods
* All installation configuration lives in ./dojo/settings/template-env
* * Running setup.bash without editing template-env assumes a single-server install.
* * Running setup.bash without editing template-env non-interactively assumes a single-server install with MySQL
* Any install configuration variable can be overridden by setting an environmental variable
* One of the following OSes is used as the base for the install
* * Ubuntu Linux - officially supported versions: 16.04 LTS, 18.04 LTS
* * CentOS - officially supported versions: ?
* * Mac OS X - officially supported versions: ?

### Definitions

* DefectDojo - the source code and supporting files for DefectDojo contained in the Github repo at https://github.com/DefectDojo/django-DefectDojo
* Dojo dependencies - any additional software, libraries or services needed to install and run the software in the DefectDojo repo. This includes Django and other pip packages, celery workers, and any binaries required to run DefectDojo such as wkhtmltopdf
* 3rd party services - additional services not maintained by DefectDojo but needed to run DefectDojo - currently a database

### Command-line options

```
./setup.bash --help
Usage: ./setup.bash [OPTION]...
Install DefectDojo in an interactive (default) or non-interactive method
Options:
-h or --help Display this help message and exit with a status code of 0
-n or --non-interactive Run install non-interactivity e.g. for Dockerfiles or automation
Note: No options are required, all are optional
```

### Installer details

setup.bash relies on the following files and directory structure:

```
setup.bash => the main install program
├── entrypoint_scripts
├── common
├── config-vars.sh
├── cmd-args.sh
├── prompt.sh
```

Install configuration is in config-vars.sh contains the following install options and default values:

**Format for this list:** *install option* [default value] - *definition*

* PROMPT [true] - Run the install in interactive mode aka prompt the user for config values
* DB_TYPE [MySQL] - The database type to be used by DefectDojo
* DB_LOCAL [true] - Boolean for if the database is installed locally aka on the same OS as DefectDojo
* DB_EXISTS [false] - Boolean for if the database already exists for DefectDojo to use aka doesn't need to be installed
* DB_NAME [dojodb] - Name of the database created to store DefectDojo data
* DB_USER [dojodbusr] - Database username used to access the DefectDojo database
* DB_PASS [vee0Thoanae1daePooz0ieka] - Default password used only for Dev installs, otherwise a random 24 character password is created at install time
* DB_HOST [localhost] - Database hostname where the DefectDojo database is located
* DB_PORT [3306] - Port database is listening on, default port is for the default database MySQL
* DB_DROP_EXISTING [true] - If the database name already exists in database server for DefectDojo, drop that database if this is true. If false and a database name match occurs, throw an error and exit the installer.
OS_USER=${OS_USER:-"dojo-srv"}
OS_PASS=${OS_PASS:-"wahlieboojoKa8aitheibai3"}
OS_GROUP=${OS_GROUP:-"dojo-srv"}
INSTALL_ROOT=${INSTALL_ROOT:-"/opt/dojo"}
DOJO_SOURCE=${DOJO_SOURCE:-"$INSTALL_ROOT/django-DefectDojo"}
DOJO_FILES=${DOJO_FILES:-"$INSTALL_ROOT/local"}
MEDIA_ROOT=${MEDIA_ROOT:-"$DOJO_FILES/media"}
STATIC_ROOT=${STATIC_ROOT:-"$DOJO_FILES/static"}
ADMIN_USER=${ADMIN_USER:-"admin"}
ADMIN_PASS=${ADMIN_PASS:-"admin"}
ADMIN_EMAIL=${ADMIN_EMAIL:-"ed@example.com"}

Configuration items for setup.py are in template-env in ./dojo/settings/ and contain

*

### Installers workflow

1. Check for command-line arguments, if none, do an interactive single server install
2. Check for install OS
3. Bootstrap any software needed by the install process
4. Install Dojo dependencies
5. Install 3rd party services


### Installer Bash variables

* REPO_BASE : The full path to where the DefectDojo source was cloned usually /opt/dojo
* LIB_PATH : The full path to where the configuration values and libraries are for the DefectDojo installer which is REPO_BASE + /entrypoint_scripts/common/
* DB_TYPPE : The database type DefectDojo will use - currently either SQLite, MySQL or PostgreSQL
*


@@ -0,0 +1,44 @@
# DefectDojo install 'library' to handle command-line arguments
#

function help() {
echo "Usage: $0 [OPTION]..."
echo ""
echo "Install DefectDojo in an interactive (default) or non-interactive method"
echo ""
echo "Options:"
echo " -h or --help Display this help message and exit with a status code of 0"
echo " -n or --non-interactive Run install non-interactivity e.g. for Dockerfiles or automation"
echo ""
echo "Note: No options are required, all are optional"
}

function welcome_msg() {
echo ""
echo "Welcome to DefectDojo! This is a quick script to get you up and running."
echo "For more info on how $0 does an install, see:"
echo " https://github.com/DefectDojo/django-DefectDojo/tree/master/entrypoint_scripts"
echo ""
}

function read_cmd_args() {
# Double check that we're in the DefectDojo source root - why not, the function was already written
verify_cwd

# Check the arguments sent to setup.bash
# from: https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash Method #1
for i in ${BASH_ARGV[*]}
do
case $i in
-h|--help)
help
exit 0
;;
-n|--non-interactive)
PROMPT=false
;;
esac
done

welcome_msg
}
@@ -0,0 +1,137 @@
# DefectDojo install 'library' to handle determining which OS the installer is being run on
#

find_linux_distro() {
# Determine Linux Distro
# Based on https://unix.stackexchange.com/questions/6345/how-can-i-get-distribution-name-and-version-number-in-a-simple-shell-script
if [ -f /etc/os-release ]; then
# freedesktop.org and systemd
. /etc/os-release
OS=$NAME
VER=$VERSION_ID
elif type lsb_release >/dev/null 2>&1; then
# linuxbase.org
OS=$(lsb_release -si)
VER=$(lsb_release -sr)
elif [ -f /etc/lsb-release ]; then
# For some versions of Debian/Ubuntu without lsb_release command
. /etc/lsb-release
OS=$DISTRIB_ID
VER=$DISTRIB_RELEASE
elif [ -f /etc/debian_version ]; then
# Older Debian/Ubuntu/etc.
OS=Debian
VER=$(cat /etc/debian_version)
elif [ -f /etc/SuSe-release ]; then
# Older SuSE/etc.
echo " ERROR: Unsupported Linux distro - exiting."
exit 1
elif [ -f /etc/redhat-release ]; then
# Older Red Hat, CentOS, etc.
echo " ERROR: Unsupported Linux distro - exiting."
exit 1
else
# Fall back to uname, e.g. "Linux <version>", also works for BSD, etc.
OS=$(uname -s)
VER=$(uname -r)
echo " ERROR: Unsupported Linux distro - exiting."
exit 1
fi

INSTALL_DISTRO=$OS
INSTALL_OS_VER=$VER
}

check_install_os() {
# Determine OS
# based on https://stackoverflow.com/questions/394230/how-to-detect-the-os-from-a-bash-script
echo "Inside check install os"
if [[ "$OSTYPE" == "linux-gnu" ]]; then
# Liux
echo "Install on Linux"
INSTALL_OS="linux-gnu"
find_linux_distro
elif [[ "$OSTYPE" == "darwin"* ]]; then
# Mac OSX
echo "Install on Mac OSX"
INSTALL_OS="darwin"
# From https://www.cyberciti.biz/faq/mac-osx-find-tell-operating-system-version-from-bash-prompt/
INSTALL_DISTRO=`sw_vers -productName`
INSTALL_OS_VER=`sw_vers -productVersion`
elif [[ "$OSTYPE" == "cygwin" ]]; then
# POSIX compatibility layer and Linux environment emulation for Windows
echo " ERROR: Windows isn't currently supported"
exit 1
elif [[ "$OSTYPE" == "msys" ]]; then
# Lightweight shell and GNU utilities compiled for Windows (part of MinGW)
echo " ERROR: MinGW isn't currently supported"
exit 1
elif [[ "$OSTYPE" == "win32" ]]; then
# I'm not sure this can happen.
echo " ERROR: Windows isn't currently supported"
exit 1
elif [[ "$OSTYPE" == "freebsd"* ]]; then
# FreeBSD
echo " ERROR: FreeBSD isn't currently supported"
exit 1
else
# Unable to determine OS, exit with error
echo " ERROR: Unable to determine OS type, exiting."
exit 1
fi
}

bootstrap_install() {
echo "Inside bootstrap install"

# Check for proper permissions - either root or sudo access
if [[ $EUID -ne 0 ]]; then
# Install user isn't root, check for sudo privileges
echo " Checking for sudo access, you may be prompted for your password"
sudo -v 2>/dev/null
SUDO_CHECK=`sudo -v | wc -l`
if [ "$SUDO_CHECK" = 0 ] ; then
echo " Install user has sudo access"
else
echo " ERROR: Install user needs sudo access or to be root, quitting"
exit 1
fi
else
echo " Install user is root, sudo not required"
fi

# Install any programs needed by the installer
case $INSTALL_DISTRO in
"Ubuntu")
echo " Bootstapping Ubuntu"
echo " Updating package list"
DEBIAN_FRONTEND=noninteractive apt update
echo " Updating $INSTALL_DISTRO packages"
DEBIAN_FRONTEND=noninteractive apt -y upgrade
echo " Installing packages needed for the installer"
DEBIAN_FRONTEND=noninteractive apt -y install curl sudo python expect wget git gnupg2
;;
"centos")
echo "Bootstapping CentOS"
echo " TBD: Pre-reqs for CentOS"
;;
*)
echo " Error: Unsupported OS"
exit 1
;;
esac
}

check_python_version() {
#
echo "Inside check python version"
# Detect Python version
PYV=`python -c "import sys;t='{v[0]}.{v[1]}'.format(v=list(sys.version_info[:2]));sys.stdout.write(t)";`
if [[ "$PYV"<"2.7" ]]; then
echo "ERROR: DefectDojo requires Python 2.7+"
exit 1;
else
echo "Python version 2.7+ found, installation can continue"
fi
}

0 comments on commit 1f84dd7

Please sign in to comment.
You can’t perform that action at this time.