Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dockerfile Updates for Emu #2780

Merged
merged 14 commits into from
Jul 27, 2023
Merged

Dockerfile Updates for Emu #2780

merged 14 commits into from
Jul 27, 2023

Conversation

bleepbop
Copy link
Contributor

@bleepbop bleepbop commented Jun 28, 2023
edited
Loading

Description

Users were running into InvalidToken cryptography errors when running the platform with Docker. This was due to the following scenario:

  • The platform was started and stopped locally first (without Docker). This created an encrypted local backup.
  • Users then tried to run the app with the Dockerfile, which does not run CALDERA with any flags in the Dockerfile. So the app would attempt to start with an existing local.yml file and a backup, should they exist.
  • The original Dockerfile rewrote local.yml and its encryption keys used to load previous saves of the platform, writing a copy of default.yml into local.yml. The correct encryption keys from the original local.yml were overwritten, and the platform was unable to load previously saved data, ending execution with an InvalidToken error.

The Dockerfile has been updated to account for an existing local.yml file, and will make the necessary edits to that file as an opposed to overwriting it entirely. If a local.yml file is missing, a new one will be generated from default.yml, but with randomly set encryption/passwords (similarly to how the server normally creates that file).

Additionally, the Dockerfile has been updated to conditionally run necessary Emu installations if the Emu plugin is enabled.

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • This change requires a documentation update

How Has This Been Tested?

Used this branch to rerun steps that produced error on master:

  1. Ran server with --fresh. Shut down the server.
  2. Built Docker Image (docker build . --build-arg WIN_BUILD=true -t caldera:latest).
  3. Ran Docker Image (docker run -p 8888:8888 caldera:latest).

The server was verified to start successfully, with the Emu plugin loaded.

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works

@sonarcloud
Copy link

sonarcloud bot commented Jun 28, 2023

Please retry analysis of this Pull-Request directly on SonarCloud.

1 similar comment
@sonarcloud
Copy link

sonarcloud bot commented Jun 28, 2023

Please retry analysis of this Pull-Request directly on SonarCloud.

@bleepbop bleepbop marked this pull request as ready for review June 28, 2023 01:17
@bleepbop bleepbop requested a review from clenk June 28, 2023 01:17
elegantmoose
elegantmoose previously approved these changes Jul 5, 2023
View reviewed changes
@elegantmoose
Copy link
Contributor

LGTM

clenk
clenk requested changes Jul 6, 2023
View reviewed changes
Copy link
Contributor

@clenk clenk left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If conf/local.yml is used, this won't install the emu dependencies/download payloads. Maybe update it to create local.yml if it doesn't exist (similar to how it did previously), and then when checking if emu is enabled, it only has to check local.yml and not both.

Also when I ran this with docker-compose, when downloading the emu payloads I got the error "No such file or directory." The working directory for that command might be thrown off. Did you run into this?

@sonarcloud
Copy link

sonarcloud bot commented Jul 7, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@bleepbop
Copy link
Contributor Author

bleepbop commented Jul 10, 2023
edited
Loading

If conf/local.yml is used, this won't install the emu dependencies/download payloads. Maybe update it to create local.yml if it doesn't exist (similar to how it did previously), and then when checking if emu is enabled, it only has to check local.yml and not both.

Also when I ran this with docker-compose, when downloading the emu payloads I got the error "No such file or directory." The working directory for that command might be thrown off. Did you run into this?

@clenk That makes sense. If we are using the default.yml to create our new local.yml, will there be any security issues with that? Technically this would be no different than running with --insecure even though we are not using that flag, because we are just using the encryption key from default.yml.

The script has been updated to fix the directory issue as well, that was just a matter of updating the WORKDIR.

@sonarcloud
Copy link

sonarcloud bot commented Jul 12, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@bleepbop bleepbop requested a review from clenk July 12, 2023 02:06
@sonarcloud
Copy link

sonarcloud bot commented Jul 12, 2023

Please retry analysis of this Pull-Request directly on SonarCloud.

clenk
clenk reviewed Jul 21, 2023
View reviewed changes
Dockerfile Outdated Show resolved Hide resolved
@sonarcloud
Copy link

sonarcloud bot commented Jul 24, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@bleepbop bleepbop requested a review from clenk July 24, 2023 02:20
@elegantmoose elegantmoose merged commit a453ebb into master Jul 27, 2023
12 checks passed
@elegantmoose elegantmoose deleted the bleepbop/VIRTS-4594/emu-docker-updates branch July 27, 2023 17:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clenk clenk clenk approved these changes

@elegantmoose elegantmoose elegantmoose approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@bleepbop @elegantmoose @clenk