Commits

György Kohut committed 744e3f8

Change to set things up for non-root

Comments (0)

Files changed (10)

vagrant/puppet/modules/backend/files/etc/environment

-PATH="/opt/glassfish/bin:/opt/honeynet/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"
+PATH="/opt/glassfish3/bin:/opt/honeynet/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"

vagrant/puppet/modules/backend/files/etc/init.d/glassfish

-#!/bin/sh
-### BEGIN INIT INFO
-# Provides:          glassfish
-# Required-Start:    networking
-# Required-Stop:     
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: glassfish
-# Description:       Start/stop Glassfish
-### END INIT INFO
-
-PATH="/opt/glassfish/bin:$PATH"
-export PATH
-
-case "$1" in
-    start) 
-        asadmin --port 9948 start-domain hbbackend
-    ;;
-    stop)
-        asadmin --port 9948 stop-domain hbbackend
-    ;;
-    restart)
-        asadmin --port 9948 restart-domain hbbackend
-    ;;
-esac
-    
-
-

vagrant/puppet/modules/backend/files/etc/init.d/hbbackend

+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          hbbackend
+# Required-Start:    networking
+# Required-Stop:     
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: hbbackend
+# Description:       Start/stop hbbackend
+### END INIT INFO
+
+TARGETUSER=vagrant
+
+asadmin="/opt/glassfish3/bin/asadmin"
+
+case "$1" in
+    start) 
+        sudo -u $TARGETUSER $asadmin --port 9948 start-domain hbbackend
+    ;;
+    stop)
+        sudo -u $TARGETUSER $asadmin --port 9948 stop-domain hbbackend
+    ;;
+    restart)
+        sudo -u $TARGETUSER $asadmin --port 9948 restart-domain hbbackend
+    ;;
+esac
+    
+

vagrant/puppet/modules/backend/files/opt/honeynet/bin/create-hbbackend-db.sh

+#!/bin/sh
+
+# important note - this setup is only good for development!
+# change these permissions and passwords for production!
+
+if [ ! -f ~/_hbbackend_db_created ]
+then
+    echo "create user hbbackend with password 'hbbackend';" | sudo -u postgres psql
+    echo "create database hbbackend owner hbbackend;" | sudo -u postgres psql template1
+    PGPASSWORD=hbbackend psql -h localhost -U hbbackend < /repo/hbbackend/schema/hbbackend.sql
+    PGPASSWORD=hbbackend psql -h localhost -U hbbackend < /repo/hbbackend/schema/hbbackend_functions.sql
+
+    touch ~/_hbbackend_db_created
+fi
+

vagrant/puppet/modules/backend/files/opt/honeynet/bin/create-hbbackend-domain.sh

+#!/bin/sh
+
+TARGETUSER=vagrant
+
+PATH="/opt/glassfish3/bin:$PATH"
+export PATH
+
+if [ ! -f ~/_hbbackend_domain_created ]
+then
+
+asadmin create-domain --nopassword=true --portbase 9900 hbbackend
+chown -R $TARGETUSER: /opt/glassfish3/glassfish/domains/hbbackend
+
+touch ~/_hbbackend_domain_created
+
+fi
+

vagrant/puppet/modules/backend/files/opt/honeynet/bin/install-glassfish.sh

 #!/bin/sh
 
-if [ ! -f "/etc/glassfish_installed" ]
+if [ ! -f ~/_glassfish_installed ]
 then
     # race condition here. Don't run on shared machine
     mkdir /tmp/$$
     rm -f *
     wget -O glassfish.zip http://download.java.net/glassfish/3.1.1/release/glassfish-3.1.1.zip
     unzip glassfish.zip
-    mv glassfish3/* /opt/glassfish
-    chown -R root:root /opt/glassfish
+    mv glassfish3/* /opt/glassfish3
+    chown -R root:root /opt/glassfish3
     # rm -rf /tmp/$$
-    touch /etc/glassfish_installed
+    touch ~/_glassfish_installed
 fi

vagrant/puppet/modules/backend/files/opt/honeynet/bin/setup-db.sh

-#!/bin/sh
-
-# important note - this setup is only good for development!
-# change these permissions and passwords for production!
-
-if [ ! -f /etc/db_installed ]
-then
-    echo "create user hbbackend with password 'hbbackend' superuser;" | sudo -u postgres psql
-    echo "create database hbbackend owner hbbackend;" | sudo -u postgres psql template1
-    sudo -u postgres psql hbbackend < /repo/hbbackend/schema/hbbackend.sql
-    sudo -u postgres psql hbbackend < /repo/hbbackend/schema/hbbackend_functions.sql
-fi

vagrant/puppet/modules/backend/files/opt/honeynet/bin/setup-glassfish.sh

-#!/bin/sh
-
-
-if [ ! -f "/etc/glassfish_configured" ]
-then
-
-PATH="/opt/glassfish/bin:$PATH"
-export PATH
-asadmin create-domain --nopassword=true --portbase 9900 hbbackend
-cp /repo/hbbackend/lib/* /opt/glassfish/glassfish/domains/hbbackend/lib/
-
-# start
-asadmin --port 9948 start-domain hbbackend
-
-## postgres connection pool and jdbc
-asadmin --port 9948 <<EOL
-create-jdbc-connection-pool --datasourceclassname org.postgresql.xa.PGXADataSource --restype javax.sql.XADataSource --property user=hbbackend:password=hbbackend:databaseName=hbbackend:serverName=localhost:port=5432 PgPool
-ping-connection-pool PgPool
-create-jdbc-resource --connectionpoolid PgPool jdbc/hbbackend
-EOL
-
-## xadisk then restart domain for the thread pool to become available
-asadmin --port 9948 <<EOL
-create-threadpool --minthreadpoolsize=5 --maxthreadpoolsize=50 hbbackend-xadisk-thread-pool
-restart-domain hbbackend 
-create-resource-adapter-config --threadpoolid hbbackend-xadisk-thread-pool --property xaDiskHome=/opt/hbbackend/xadisk:instanceId=hbbackend xadisk
-deploy --name xadisk /opt/glassfish/glassfish/domains/hbbackend/lib/xadisk-1.1.rar
-create-connector-connection-pool --raname xadisk --connectiondefinition org.xadisk.connector.outbound.XADiskConnectionFactory --property instanceId=hbbackend --transactionsupport XATransaction xadisk/ConnectionFactory
-ping-connection-pool xadisk/ConnectionFactory
-create-connector-resource --poolname xadisk/ConnectionFactory xadisk/ConnectionFactory
-EOL
-
-## jms stomp bridge and disable autocreate
-asadmin --port 9948 <<EOL
-set configs.config.server-config.jms-service.jms-host.default_JMS_host.property.imq\\.bridge\\.enabled=true
-set configs.config.server-config.jms-service.jms-host.default_JMS_host.property.imq\\.bridge\\.activelist=stomp
-set configs.config.server-config.jms-service.jms-host.default_JMS_host.property.imq\\.bridge\\.admin\\.user=admin
-set configs.config.server-config.jms-service.jms-host.default_JMS_host.property.imq\\.bridge\\.admin\\.password=admin
-set configs.config.server-config.jms-service.jms-host.default_JMS_host.property.imq\\.bridge\\.stomp\\.tcp\\.port=9972
-set configs.config.server-config.jms-service.jms-host.default_JMS_host.property.imq\\.autocreate\\.queue=false
-set configs.config.server-config.jms-service.jms-host.default_JMS_host.property.imq\\.autocreate\\.topic=false
-EOL
-
-# destinations
-asadmin --port 9948 <<EOL
-create-jmsdest --desttype topic new_attack
-create-jmsdest --desttype topic new_attack_geoip
-create-jmsdest --desttype topic new_binary
-create-jmsdest --desttype topic new_ip
-create-jms-resource --restype javax.jms.Topic --property Name=new_attack jms/new_attack
-create-jms-resource --restype javax.jms.Topic --property Name=new_attack_geoip jms/new_attack_geoip
-create-jms-resource --restype javax.jms.Topic --property Name=new_binary jms/new_binary
-create-jms-resource --restype javax.jms.Topic --property Name=new_ip jms/new_ip
-EOL
-
-# connection factories
-asadmin --port 9948 <<EOL
-create-jms-resource --restype javax.jms.ConnectionFactory jms/ConnectionFactory
-create-jms-resource --restype javax.jms.ConnectionFactory --property ClientId=testdurable jms/TestDurableConnectionFactory
-create-jms-resource --restype javax.jms.ConnectionFactory --property ClientId=ipfilter jms/DurableConsumer/ipfilter
-create-jms-resource --restype javax.jms.ConnectionFactory --property ClientId=cymruwhois jms/DurableConsumer/cymruwhois
-create-jms-resource --restype javax.jms.ConnectionFactory --property ClientId=shadowserverdns jms/DurableConsumer/shadowserverdns
-create-jms-resource --restype javax.jms.ConnectionFactory --property ClientId=maxmindgeoip jms/DurableConsumer/maxmindgeoip
-create-jms-resource --restype javax.jms.ConnectionFactory --property ClientId=virustotal jms/DurableConsumer/virustotal
-ping-connection-pool jms/ConnectionFactory
-EOL
-
-# logback config location and monitoring
-asadmin --port 9948 <<EOL
-create-jvm-options -Dlogback.configurationFile=/opt/hbbackend/conf/logback.xml
-enable-monitoring --modules connector-connection-pool=HIGH:connector-service=HIGH:deployment=HIGH:ejb-container=HIGH:http-service=HIGH:jdbc-connection-pool=HIGH:jms-service=HIGH:jvm=HIGH:thread-pool=HIGH:transaction-service=HIGH:jms-service=HIGH:web-container=HIGH
-EOL
-
-# finally, restart once again for a clean start
-asadmin --port 9948 restart-domain hbbackend
-
-# and deploy the code
-asadmin --port 9948 <<EOL
-deploy /repo/hbbackend/target/modules/org.honeynet.hbbackend.virustotal.jar
-deploy /repo/hbbackend/target/modules/org.honeynet.hbbackend.cymruwhois.jar
-deploy /repo/hbbackend/target/modules/org.honeynet.hbbackend.shadowserverdns.jar
-deploy /repo/hbbackend/target/modules/org.honeynet.hbbackend.ipfilter.jar
-deploy /repo/hbbackend/target/modules/org.honeynet.hbbackend.maxmindgeoip.jar
-deploy /repo/hbbackend/target/modules/org.honeynet.hbbackend.submithttp.war
-EOL
-
-touch /etc/glassfish_configured
-
-
-fi
-

vagrant/puppet/modules/backend/files/opt/honeynet/bin/setup-hbbackend-domain.sh

+#!/bin/sh
+
+
+if [ ! -f ~/_hbbackend_domain_set_up ]
+then
+
+PATH="/opt/glassfish3/bin:$PATH"
+export PATH
+
+# copy deps
+libdir=/repo/hbbackend/lib
+cp $libdir/postgresql-*.jdbc4.jar \
+        $libdir/xadisk-*.jar \
+        $libdir/xadisk-*.rar \
+        $libdir/slf4j-api-*.jar \
+        $libdir/logback-core-*.jar \
+        $libdir/logback-classic-*.jar\
+        $libdir/concurrentlinkedhashmap-lru-*.jar \
+/opt/glassfish3/glassfish/domains/hbbackend/lib
+
+
+# start
+asadmin --port 9948 start-domain hbbackend
+
+## postgres connection pool and jdbc
+asadmin --port 9948 <<EOL
+create-jdbc-connection-pool --datasourceclassname org.postgresql.xa.PGXADataSource --restype javax.sql.XADataSource --property user=hbbackend:password=hbbackend:databaseName=hbbackend:serverName=localhost:port=5432 PgPool
+ping-connection-pool PgPool
+create-jdbc-resource --connectionpoolid PgPool jdbc/hbbackend
+EOL
+
+## xadisk then restart domain for the thread pool to become available
+asadmin --port 9948 <<EOL
+create-threadpool --minthreadpoolsize=5 --maxthreadpoolsize=50 hbbackend-xadisk-thread-pool
+restart-domain hbbackend 
+create-resource-adapter-config --threadpoolid hbbackend-xadisk-thread-pool --property xaDiskHome=/opt/hbbackend/xadisk:instanceId=hbbackend xadisk
+deploy --name xadisk /opt/glassfish3/glassfish/domains/hbbackend/lib/xadisk-1.1.rar
+create-connector-connection-pool --raname xadisk --connectiondefinition org.xadisk.connector.outbound.XADiskConnectionFactory --property instanceId=hbbackend --transactionsupport XATransaction xadisk/ConnectionFactory
+ping-connection-pool xadisk/ConnectionFactory
+create-connector-resource --poolname xadisk/ConnectionFactory xadisk/ConnectionFactory
+EOL
+
+## jms stomp bridge and disable autocreate
+asadmin --port 9948 <<EOL
+set configs.config.server-config.jms-service.jms-host.default_JMS_host.property.imq\\\\.bridge\\\\.enabled=true
+set configs.config.server-config.jms-service.jms-host.default_JMS_host.property.imq\\\\.bridge\\\\.activelist=stomp
+set configs.config.server-config.jms-service.jms-host.default_JMS_host.property.imq\\\\.bridge\\\\.admin\\\\.user=admin
+set configs.config.server-config.jms-service.jms-host.default_JMS_host.property.imq\\\\.bridge\\\\.admin\\\\.password=admin
+set configs.config.server-config.jms-service.jms-host.default_JMS_host.property.imq\\\\.bridge\\\\.stomp\\\\.tcp\\\\.port=9972
+set configs.config.server-config.jms-service.jms-host.default_JMS_host.property.imq\\\\.autocreate\\\\.queue=false
+set configs.config.server-config.jms-service.jms-host.default_JMS_host.property.imq\\\\.autocreate\\\\.topic=false
+EOL
+
+# destinations
+asadmin --port 9948 <<EOL
+create-jmsdest --desttype topic new_attack
+create-jmsdest --desttype topic new_attack_geoip
+create-jmsdest --desttype topic new_binary
+create-jmsdest --desttype topic new_ip
+create-jms-resource --restype javax.jms.Topic --property Name=new_attack jms/new_attack
+create-jms-resource --restype javax.jms.Topic --property Name=new_attack_geoip jms/new_attack_geoip
+create-jms-resource --restype javax.jms.Topic --property Name=new_binary jms/new_binary
+create-jms-resource --restype javax.jms.Topic --property Name=new_ip jms/new_ip
+EOL
+
+# connection factories
+asadmin --port 9948 <<EOL
+create-jms-resource --restype javax.jms.ConnectionFactory jms/ConnectionFactory
+create-jms-resource --restype javax.jms.ConnectionFactory --property ClientId=testdurable jms/TestDurableConnectionFactory
+create-jms-resource --restype javax.jms.ConnectionFactory --property ClientId=ipfilter jms/DurableConsumer/ipfilter
+create-jms-resource --restype javax.jms.ConnectionFactory --property ClientId=cymruwhois jms/DurableConsumer/cymruwhois
+create-jms-resource --restype javax.jms.ConnectionFactory --property ClientId=shadowserverdns jms/DurableConsumer/shadowserverdns
+create-jms-resource --restype javax.jms.ConnectionFactory --property ClientId=maxmindgeoip jms/DurableConsumer/maxmindgeoip
+create-jms-resource --restype javax.jms.ConnectionFactory --property ClientId=virustotal jms/DurableConsumer/virustotal
+ping-connection-pool jms/ConnectionFactory
+EOL
+
+# logback config location and monitoring
+asadmin --port 9948 <<EOL
+create-jvm-options -Dlogback.configurationFile=/opt/hbbackend/conf/logback.xml
+enable-monitoring --modules connector-connection-pool=HIGH:connector-service=HIGH:deployment=HIGH:ejb-container=HIGH:http-service=HIGH:jdbc-connection-pool=HIGH:jms-service=HIGH:jvm=HIGH:thread-pool=HIGH:transaction-service=HIGH:jms-service=HIGH:web-container=HIGH
+EOL
+
+# finally, restart once again for a clean start
+asadmin --port 9948 restart-domain hbbackend
+
+# and deploy the code
+asadmin --port 9948 <<EOL
+deploy /repo/hbbackend/target/modules/org.honeynet.hbbackend.virustotal.jar
+deploy /repo/hbbackend/target/modules/org.honeynet.hbbackend.cymruwhois.jar
+deploy /repo/hbbackend/target/modules/org.honeynet.hbbackend.shadowserverdns.jar
+deploy /repo/hbbackend/target/modules/org.honeynet.hbbackend.ipfilter.jar
+deploy /repo/hbbackend/target/modules/org.honeynet.hbbackend.maxmindgeoip.jar
+deploy /repo/hbbackend/target/modules/org.honeynet.hbbackend.submithttp.war
+EOL
+
+touch ~/_hbbackend_domain_set_up
+
+fi
+

vagrant/puppet/modules/backend/manifests/init.pp

+#$targetuser="vagrant"
+
 
 # Class: backend::tuning
 #
 #
 class backend::tuning {
     exec { "sysctl":
-        command => "/sbin/sysctl -w kernel.shmmax=46088192 && touch /etc/first_boot",
-        creates => "/etc/first_boot"
+        command => "/sbin/sysctl -w kernel.shmmax=46088192 && touch ~/_first_boot",
+        creates => "/root/_first_boot"
     }
     file { "/etc/sysctl.conf":
         ensure => file,
 class backend::files {
 
     file { "/opt/hbbackend":
-        ensure  => "present",
-        owner   => "root", 
-        group   => "root",
-        recurse => "true",
+        ensure  => present,
+        owner   => $::targetuser,
+        group   => $::targetuser,
+        recurse => true,
         source  => "puppet:///modules/backend/opt/hbbackend"
     }
 
     file { "/opt/hbbackend/conf/local.conf":
        ensure => file,
-       owner   => "root",
-       group   => "root",
+       owner   => $::targetuser,
+       group   => $::targetuser,
        source => "puppet:///modules/backend/opt/hbbackend/conf/local.conf"
     }   
 
     file { "/opt/honeynet":
-       ensure => "present",
+       ensure => present,
        source => "puppet:///modules/backend/opt/honeynet",
-       recurse => "true",
+       recurse => true,
        owner   => "root",
-       group   => "root",
+       group   => "root"
     }   
    
     file { "/etc/environment":
-        ensure => "present",
+        ensure => present,
         owner  => "root", 
         group  => "root", 
         source => "puppet:///modules/backend/etc/environment"
     }
 
-    file { "/opt/java":
-        ensure => "directory",
-        owner  => "root", 
-        group  => "root",
-        mode   => 755
-    }
-
-    file { "/opt/glassfish":
-        ensure => "directory",
+    file { "/opt/glassfish3":
+        ensure => directory,
         owner  => "root",
         group  => "root"
     }
 
-    file { "/etc/init.d/glassfish":
-        ensure => "present",
+    file { "/etc/init.d/hbbackend":
+        ensure => present,
         owner  => "root", 
         group  => "root",
         mode   => "0755",
-        source => "puppet:///modules/backend/etc/init.d/glassfish"
+        source => "puppet:///modules/backend/etc/init.d/hbbackend"
     }
 
-    file { "/etc/rc0.d/S20glassfish":
+    file { "/etc/rc0.d/S20hbbackend":
         ensure  => link,
-        target  => "/etc/init.d/glassfish",
-        require => File["/etc/init.d/glassfish"]
+        target  => "/etc/init.d/hbbackend",
+        require => File["/etc/init.d/hbbackend"]
     }
 
 }
         ensure  => "present",
         owner   => "postgres", 
         group   => "postgres",
-        recurse => "true",
+        recurse => true,
         source  => "puppet:///modules/backend/etc/postgresql/9.1/main/postgresql.conf",
         require => Package["postgresql"],
         notify  => Exec["restart-postgres"]
 
     exec { "restart-postgres":
         command => "/etc/init.d/postgresql restart",
-        refreshonly => true,
+        refreshonly => true
     }
 
 }
 #
 #
 class backend::packages {
-    package { ["ant", "ivy"] : ensure => present }
     package { "openjdk-7-jdk": ensure => present }
+    package { ["ant", "ivy"] : ensure => present }
     package { "unzip": ensure => present }
     package { "curl": ensure => present}
 }
 
-# run the various scripts 
-# we use 20,000 seconds as a totally arbitary timeout here
+
+# we use 20,000 seconds as a totally arbitary below
 # should give enough time to download even on slow broadband without being
 # infinite (0)
 
+class backend::glassfish {
+    require backend::files
+
+    #group { "glassfish":
+    #	  ensure => present,
+    #	  system => true
+    #}
+
+    exec { "/opt/honeynet/bin/install-glassfish.sh":
+        timeout => 20000,
+	user => "root",
+	group => "root"
+    }
+
+}
+
 class backend {
+    $targetuser="vagrant"
+
     require backend::files
     require backend::packages
     require backend::postgres
+    require backend::glassfish
 
-    exec { "/opt/honeynet/bin/install-geoip.sh":
-        timeout => 20000
+    exec { "create-hbbackend-db.sh":
+    	command => "/opt/honeynet/bin/create-hbbackend-db.sh", 
+        require => Package["postgresql"],
+	user => "root",
+	group => "root"
     }
 
-    exec { "/opt/honeynet/bin/install-glassfish.sh":
-        timeout => 20000
+    exec { "create-hbbackend-domain.sh":
+    	command => "/opt/honeynet/bin/create-hbbackend-domain.sh",
+        user => "root",
+	group => "root"
     }
 
-    exec { "/opt/honeynet/bin/setup-db.sh":
-        require => Package["postgresql"]
+    exec { "install-geoip.sh":
+    	command => "/usr/bin/sudo -u ${targetuser} /opt/honeynet/bin/install-geoip.sh",
+        timeout => 20000,
+#	user => $targetuser,
+#	group => $targetuser
     }
 
-    exec { "/opt/honeynet/bin/build-backend.sh":
+    exec { "build-backend.sh":
+        command => "/usr/bin/sudo -u ${targetuser} /opt/honeynet/bin/build-backend.sh",
         timeout => 600,
-        creates => "/repo/hbbackend/lib"
+        creates => ["/repo/hbbackend/target", "/repo/hbbackend/lib"],
+#	user => $targetuser,
+#	group => $targetuser
     }
     
-    exec { "/opt/honeynet/bin/setup-glassfish.sh":
+    exec { "/opt/honeynet/bin/setup-hbbackend-domain.sh":
+    	command => "/usr/bin/sudo -i -u ${targetuser} /opt/honeynet/bin/setup-hbbackend-domain.sh",
         timeout => 600,
-        require => [Exec["/opt/honeynet/bin/setup-db.sh"], Exec["/opt/honeynet/bin/install-geoip.sh"], 
-                    Exec["/opt/honeynet/bin/build-backend.sh"], Exec["/opt/honeynet/bin/install-glassfish.sh"]]
+        require => [Exec["create-hbbackend-db.sh"], Exec["create-hbbackend-domain.sh"],
+		    Exec["install-geoip.sh"], Exec["build-backend.sh"], ],
+#	user => $targetuser,
+#	group => $targetuser
     }
 
-    service { "glassfish":
-        ensure => running,
+    service { "hbbackend":
         hasrestart => true,
         enable => true,
-        require => Exec["/opt/honeynet/bin/setup-glassfish.sh"],
+        require => Exec["/opt/honeynet/bin/setup-hbbackend-domain.sh"]
     }
 
 }