diff --git a/nodes/CMakeLists.txt b/nodes/CMakeLists.txt index 84f401c..6937a7a 100644 --- a/nodes/CMakeLists.txt +++ b/nodes/CMakeLists.txt @@ -11,5 +11,6 @@ set(COMMON_LIBRARIES "-lngen_core;-lcompression_utils;-lssl;-lcrypto;-lz;-lboost include(packaging.cmake) add_subdirectory(orchestration) +add_subdirectory(agent_cache) add_subdirectory(http_transaction_handler) add_subdirectory(attachment_registration_manager) diff --git a/nodes/agent_cache/CMakeLists.txt b/nodes/agent_cache/CMakeLists.txt new file mode 100755 index 0000000..803b5ee --- /dev/null +++ b/nodes/agent_cache/CMakeLists.txt @@ -0,0 +1,8 @@ +add_subdirectory(package) + +gen_package( + install-cp-nano-agent-cache.sh + agent_cache + ./install-cp-nano-agent-cache.sh + Check Point Cache Nano Service Version ${PACKAGE_VERSION} Install Package +) diff --git a/nodes/agent_cache/package/CMakeLists.txt b/nodes/agent_cache/package/CMakeLists.txt new file mode 100755 index 0000000..c06c27a --- /dev/null +++ b/nodes/agent_cache/package/CMakeLists.txt @@ -0,0 +1,49 @@ +execute_process ( + COMMAND bash -c "find / -name \"redis.conf\"" + OUTPUT_VARIABLE redis_conf_path + OUTPUT_STRIP_TRAILING_WHITESPACE +) + +execute_process ( + COMMAND bash -c "which redis-server" + OUTPUT_VARIABLE redis_server_path + OUTPUT_STRIP_TRAILING_WHITESPACE +) + +if (IS_SYMLINK ${redis_server_path}) + execute_process ( + COMMAND bash -c "readlink -f ${redis_server_path}" + OUTPUT_VARIABLE redis_server_path + OUTPUT_STRIP_TRAILING_WHITESPACE + ) +endif() + +execute_process ( + COMMAND bash -c "which redis-cli" + OUTPUT_VARIABLE redis_cli_path + OUTPUT_STRIP_TRAILING_WHITESPACE +) + +execute_process ( + COMMAND bash -c "find /usr/lib -name \"libatomic.so*\" | awk '{printf \$0\";\"}'" + OUTPUT_VARIABLE atomic +) + +execute_process ( + COMMAND bash -c "find /usr/lib -name \"libjemalloc*\" | awk '{printf \$0\";\"}'" + OUTPUT_VARIABLE jemalloc +) + +execute_process ( + COMMAND bash -c "find /usr/lib -name \"liblua*\" | awk '{printf \$0\";\"}'" + OUTPUT_VARIABLE lua +) + +install(FILES ${atomic} DESTINATION agent_cache/lib) +install(FILES ${jemalloc} DESTINATION agent_cache/lib) +install(FILES ${lua} DESTINATION agent_cache/lib) +install(FILES install-cp-nano-agent-cache.sh DESTINATION agent_cache/ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ) +install(FILES cp-nano-agent-cache.cfg DESTINATION agent_cache/ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ) +install(FILES ${redis_conf_path} DESTINATION agent_cache/) +install(FILES ${redis_server_path} DESTINATION agent_cache/bin/ RENAME redis-server PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ) +install(FILES ${redis_cli_path} DESTINATION agent_cache/bin PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ) diff --git a/nodes/agent_cache/package/cp-nano-agent-cache.cfg b/nodes/agent_cache/package/cp-nano-agent-cache.cfg new file mode 100755 index 0000000..866fb69 --- /dev/null +++ b/nodes/agent_cache/package/cp-nano-agent-cache.cfg @@ -0,0 +1 @@ +execution_flags=" /etc/cp/conf/redis.conf" \ No newline at end of file diff --git a/nodes/agent_cache/package/install-cp-nano-agent-cache.sh b/nodes/agent_cache/package/install-cp-nano-agent-cache.sh new file mode 100755 index 0000000..6e8822d --- /dev/null +++ b/nodes/agent_cache/package/install-cp-nano-agent-cache.sh @@ -0,0 +1,130 @@ +#!/bin/sh + +FORCE_STDOUT=true +INSTALLATION_LOG_FILE="/var/log/nano_agent/install-cp-nano-agent-cache.log" +INSTALLATION_TIME=$(date) +CONF_PATH=/etc/cp/conf +CACHE_SERVICE_PATH=/etc/cp/agentCache +WATCHDOG_PATH=/etc/cp/watchdog/cp-nano-watchdog +USR_LIB_PATH="/usr/lib" + +export INSTALL_COMMAND +is_install="$(command -v install)" +if [ -z ${is_install} ]; then + INSTALL_COMMAND="cp -f" + cp_print "[WARNING]: install command not found - using cp instead" ${FORCE_STDOUT} +else + INSTALL_COMMAND=install +fi + +mkdir -p /var/log/nano_agent + +cp_print() +{ + var_text=$1 + var_std_out=$2 + touch $INSTALLATION_LOG_FILE + if [ -n "$var_std_out" ]; then + if [ "$var_std_out" = "true" ]; then + printf "%b\n" "$var_text" + fi + fi + printf "%b\n" "$var_text" >> $INSTALLATION_LOG_FILE +} + +cp_exec() +{ + var_cmd=$1 + var_std_out=$2 + # Send exec output to RES + RES=$($var_cmd 2>&1) + if [ -n "$RES" ]; then + cp_print "$RES" "$var_std_out" + fi +} + +run_installation() +{ + cp_print "Starting installation of Check Point Cache service [$INSTALLATION_TIME]\n" $FORCE_STDOUT + cp_exec "${WATCHDOG_PATH} --un-register ${CACHE_SERVICE_PATH}/cp-nano-agent-cache" + cp_exec "mkdir -p ${CACHE_SERVICE_PATH}" + cp_exec "mkdir -p ${USR_LIB_PATH}/cpnano" + cp_exec "cp -rf lib/* ${USR_LIB_PATH}/cpnano" + cp_exec "cp -rf bin/redis-server ${CACHE_SERVICE_PATH}/" + cp_exec "cp -rf bin/redis-cli ${CACHE_SERVICE_PATH}/" + cp_exec "cp -f redis.conf ${CONF_PATH}/redis.conf" + cp_exec "cp -f cp-nano-agent-cache.cfg ${CACHE_SERVICE_PATH}/cp-nano-agent-cache.cfg" + cp_exec "mv ${CACHE_SERVICE_PATH}/redis-server ${CACHE_SERVICE_PATH}/cp-nano-agent-cache" + cp_exec "mv ${CACHE_SERVICE_PATH}/redis-cli ${CACHE_SERVICE_PATH}/cp-nano-cache-cli" + cp_exec "chmod +x ${CACHE_SERVICE_PATH}/cp-nano-agent-cache" + cp_exec "chmod +x ${CACHE_SERVICE_PATH}/cp-nano-cache-cli" + cp_exec "chmod 600 ${CACHE_SERVICE_PATH}/cp-nano-agent-cache.cfg" + + cp_exec "${WATCHDOG_PATH} --register ${CACHE_SERVICE_PATH}/cp-nano-agent-cache" + cp_print "Installation completed successfully." $FORCE_STDOUT +} + +usage() +{ + echo "Check Point: available flags are" + echo "--install : install agent inteligence Service" + echo "--uninstall : remove agent inteligenceService" + echo "--pre_install_test : run Pre-installation test for agent inteligence Service install package" + echo "--post_install_test : run Post-installation test for agent inteligence Service install package" + exit 255 +} + +run_uninstall() +{ + cp_print "Starting uninstall of Check Point Cache service [$INSTALLATION_TIME]\n" $FORCE_STDOUT + + cp_exec "${WATCHDOG_PATH} --un-register ${CACHE_SERVICE_PATH}/cp-nano-agent-cache" + cp_exec "rm -rf ${CACHE_SERVICE_PATH}/" + cp_exec "rm -rf ${CONF_PATH}/redis.conf" + + cp_print "Check Point Cache service was removed successfully\n" $FORCE_STDOUT +} + +run_pre_install_test() +{ + cp_print "Successfully finished pre-installation test for Check Point Cache service installation package [$INSTALLATION_TIME]\n" $FORCE_STDOUT + exit 0 +} + +run_post_install_test() +{ + if [ ! -d ${CACHE_SERVICE_PATH} ]; then + cp_print "Failed post-installation test for Check Point Cache service installation package [$INSTALLATION_TIME]\n" $FORCE_STDOUT + exit 1 + fi + + cp_print "Successfully finished post-installation test for Check Point Cache service installation package [$INSTALLATION_TIME]\n" $FORCE_STDOUT + exit 0 +} + + +run() +{ + if [ '--install' = "$1" ]; then + run_installation "${@}" + elif [ '--uninstall' = "$1" ]; then + run_uninstall + elif [ '--pre_install_test' = "$1" ]; then + run_pre_install_test + elif [ '--post_install_test' = "$1" ]; then + run_post_install_test + else + usage + exit 1 + fi +} + +if [ "$(id -u)" != "0" ]; then + echo "Administrative privileges required for this Package (use su or sudo)" + exit 1 +fi + +shift +run "${@}" + +exit 0 diff --git a/nodes/orchestration/package/watchdog/watchdog b/nodes/orchestration/package/watchdog/watchdog index 5dd8869..546069f 100755 --- a/nodes/orchestration/package/watchdog/watchdog +++ b/nodes/orchestration/package/watchdog/watchdog @@ -56,7 +56,7 @@ load_paths() if [ -n "${CP_INIT_D_PATH}" ]; then INIT_D_PATH=$CP_INIT_D_PATH fi - + if [ -z "${MAX_FILE_SIZE}" ]; then MAX_FILE_SIZE=$DEFAULT_MAX_FILE_SIZE fi @@ -123,7 +123,7 @@ if [ -f /pfrm2.0/bin/cposd ]; then SUB_HW_VER=`fw_printenv -n sub_hw_ver` - # Clear TMPDIR(set by nano-egg in SMB), + # Clear TMPDIR(set by nano-egg in SMB), # so the nano-agent will use the default tmp dir(/tmp). export TMPDIR= fi @@ -667,7 +667,7 @@ load_services() fi log "load_services" "Respawn ${service}" - if [ "${service}" == "/etc/cp/agentIntelligence/redis/redis-server" ] || [ "${service}" = "/etc/cp/crowdsecAux/cp-nano-crowdsec-aux" ]; then + if [ "${service}" = "${FILESYSTEM_PATH}/agentCache/cp-nano-agent-cache" ] || [ "${service}" == "/etc/cp/agentIntelligence/redis/redis-server" ] || [ "${service}" = "/etc/cp/crowdsecAux/cp-nano-crowdsec-aux" ]; then eval "LD_LIBRARY_PATH=${NGEN_LIB_PATH} ${service} ${execution_flags} &" else eval "LD_LIBRARY_PATH=${NGEN_LIB_PATH} ${service} ${execution_flags} --filesystem_path=${FILESYSTEM_PATH} --log_files_path=${LOG_FILE_PATH} &"