pull main (#320)

* fix IPv6 masking * Prometheus support (#316) * Add prometheus support * Add prometheus support * Add prometheus support * Add prometheus support * Add prometheus support --------- Co-authored-by: avigailo <avigailo@checkpoint.com> * Fix Watchdog restarts (#319) * don't exit * fix restarting agent * fix watchdog restarts * Waf tag (#317) * add waf-tag to openappsec * fix waf tag to openappsec --------- Co-authored-by: wiaamm <wiaamm@checkpoint.com> --------- Co-authored-by: Wills Ward <wward@warddevelopment.com> Co-authored-by: orianelou <126462046+orianelou@users.noreply.github.com> Co-authored-by: avigailo <avigailo@checkpoint.com> Co-authored-by: wiaam96 <142393189+wiaam96@users.noreply.github.com> Co-authored-by: wiaamm <wiaamm@checkpoint.com>
2025-11-16 09:21:54 +03:00 · 2025-06-11 15:18:17 +03:00
parent 6847c1faba
commit b02eb3d2e1
21 changed files with 771 additions and 19 deletions
--- a/build_system/docker/entry.sh
+++ b/build_system/docker/entry.sh
@@ -6,6 +6,7 @@ HTTP_TRANSACTION_HANDLER_SERVICE="install-cp-nano-service-http-transaction-handl
 ATTACHMENT_REGISTRATION_SERVICE="install-cp-nano-attachment-registration-manager.sh"
 ORCHESTRATION_INSTALLATION_SCRIPT="install-cp-nano-agent.sh"
 CACHE_INSTALLATION_SCRIPT="install-cp-nano-agent-cache.sh"
+PROMETHEUS_INSTALLATION_SCRIPT="install-cp-nano-service-prometheus.sh"

 var_fog_address=
 var_proxy=
@@ -81,6 +82,10 @@ fi
 /nano-service-installers/$CACHE_INSTALLATION_SCRIPT --install
 /nano-service-installers/$HTTP_TRANSACTION_HANDLER_SERVICE --install

+if [ "$PROMETHEUS" == "true" ]; then
+    /nano-service-installers/$PROMETHEUS_INSTALLATION_SCRIPT --install
+fi
+
 if [ "$CROWDSEC_ENABLED" == "true" ]; then
    /nano-service-installers/$INTELLIGENCE_INSTALLATION_SCRIPT --install
    /nano-service-installers/$CROWDSEC_INSTALLATION_SCRIPT --install
@@ -93,25 +98,16 @@ if [ -f "$FILE" ]; then
 fi

 touch /etc/cp/watchdog/wd.startup
+/etc/cp/watchdog/cp-nano-watchdog >/dev/null 2>&1 &
+active_watchdog_pid=$!
 while true; do
-    if [ -z "$init" ]; then
-        init=true
-        /etc/cp/watchdog/cp-nano-watchdog >/dev/null 2>&1 &
-        sleep 5
-        active_watchdog_pid=$(pgrep -f -x -o "/bin/(bash|sh) /etc/cp/watchdog/cp-nano-watchdog")
-    fi
-
-    current_watchdog_pid=$(pgrep -f -x -o "/bin/(bash|sh) /etc/cp/watchdog/cp-nano-watchdog")
-    if [ ! -f /tmp/restart_watchdog ] && [ "$current_watchdog_pid" != "$active_watchdog_pid" ]; then
-        echo "Error: Watchdog exited abnormally"
-        exit 1
-    elif [ -f /tmp/restart_watchdog ]; then
+    if [ -f /tmp/restart_watchdog ]; then
        rm -f /tmp/restart_watchdog
-        kill -9 "$(pgrep -f -x -o "/bin/(bash|sh) /etc/cp/watchdog/cp-nano-watchdog")"
-        /etc/cp/watchdog/cp-nano-watchdog >/dev/null 2>&1 &
-        sleep 5
-        active_watchdog_pid=$(pgrep -f -x -o "/bin/(bash|sh) /etc/cp/watchdog/cp-nano-watchdog")
+        kill -9 ${active_watchdog_pid}
+    fi
+    if [ ! "$(ps -f | grep cp-nano-watchdog | grep ${active_watchdog_pid})" ]; then
+        /etc/cp/watchdog/cp-nano-watchdog >/dev/null 2>&1 &
+        active_watchdog_pid=$!
    fi
-
    sleep 5
 done