Skip to content

Dockerfile Updates for Emu#2780

Merged
mkultraWasHere merged 14 commits into
masterfrom
bleepbop/VIRTS-4594/emu-docker-updates
Jul 27, 2023
Merged

Dockerfile Updates for Emu#2780
mkultraWasHere merged 14 commits into
masterfrom
bleepbop/VIRTS-4594/emu-docker-updates

Conversation

@bleepbop
Copy link
Copy Markdown
Contributor

@bleepbop bleepbop commented Jun 28, 2023
edited
Loading

Description

Users were running into InvalidToken cryptography errors when running the platform with Docker. This was due to the following scenario:

  • The platform was started and stopped locally first (without Docker). This created an encrypted local backup.
  • Users then tried to run the app with the Dockerfile, which does not run CALDERA with any flags in the Dockerfile. So the app would attempt to start with an existing local.yml file and a backup, should they exist.
  • The original Dockerfile rewrote local.yml and its encryption keys used to load previous saves of the platform, writing a copy of default.yml into local.yml. The correct encryption keys from the original local.yml were overwritten, and the platform was unable to load previously saved data, ending execution with an InvalidToken error.

The Dockerfile has been updated to account for an existing local.yml file, and will make the necessary edits to that file as an opposed to overwriting it entirely. If a local.yml file is missing, a new one will be generated from default.yml, but with randomly set encryption/passwords (similarly to how the server normally creates that file).

Additionally, the Dockerfile has been updated to conditionally run necessary Emu installations if the Emu plugin is enabled.

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • This change requires a documentation update

How Has This Been Tested?

Used this branch to rerun steps that produced error on master:

  1. Ran server with --fresh. Shut down the server.
  2. Built Docker Image (docker build . --build-arg WIN_BUILD=true -t caldera:latest).
  3. Ran Docker Image (docker run -p 8888:8888 caldera:latest).

The server was verified to start successfully, with the Emu plugin loaded.

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Jun 28, 2023

Please retry analysis of this Pull-Request directly on SonarCloud.

1 similar comment
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Jun 28, 2023

Please retry analysis of this Pull-Request directly on SonarCloud.

@bleepbop bleepbop marked this pull request as ready for review June 28, 2023 01:17
@bleepbop bleepbop requested a review from clenk June 28, 2023 01:17
mkultraWasHere
mkultraWasHere previously approved these changes Jul 5, 2023
View reviewed changes
@mkultraWasHere
Copy link
Copy Markdown
Contributor

mkultraWasHere commented Jul 5, 2023

LGTM

clenk
clenk requested changes Jul 6, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@clenk clenk left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If conf/local.yml is used, this won't install the emu dependencies/download payloads. Maybe update it to create local.yml if it doesn't exist (similar to how it did previously), and then when checking if emu is enabled, it only has to check local.yml and not both.

Also when I ran this with docker-compose, when downloading the emu payloads I got the error "No such file or directory." The working directory for that command might be thrown off. Did you run into this?

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Jul 7, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@bleepbop
Copy link
Copy Markdown
Contributor Author

bleepbop commented Jul 10, 2023
edited
Loading

If conf/local.yml is used, this won't install the emu dependencies/download payloads. Maybe update it to create local.yml if it doesn't exist (similar to how it did previously), and then when checking if emu is enabled, it only has to check local.yml and not both.

Also when I ran this with docker-compose, when downloading the emu payloads I got the error "No such file or directory." The working directory for that command might be thrown off. Did you run into this?

@clenk That makes sense. If we are using the default.yml to create our new local.yml, will there be any security issues with that? Technically this would be no different than running with --insecure even though we are not using that flag, because we are just using the encryption key from default.yml.

The script has been updated to fix the directory issue as well, that was just a matter of updating the WORKDIR.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Jul 12, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@bleepbop bleepbop requested a review from clenk July 12, 2023 02:06
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Jul 12, 2023

Please retry analysis of this Pull-Request directly on SonarCloud.

clenk
clenk reviewed Jul 21, 2023
View reviewed changes
Comment thread Dockerfile Outdated
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Jul 24, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@bleepbop bleepbop requested a review from clenk July 24, 2023 02:20
@bleepbop bleepbop requested a review from mkultraWasHere July 24, 2023 22:50
@mkultraWasHere mkultraWasHere merged commit a453ebb into master Jul 27, 2023
@mkultraWasHere mkultraWasHere deleted the bleepbop/VIRTS-4594/emu-docker-updates branch July 27, 2023 17:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@clenk clenk clenk approved these changes

+1 more reviewer

@mkultraWasHere mkultraWasHere mkultraWasHere approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bleepbop @mkultraWasHere @clenk