We use cookies to ensure you get the best experience on our website
Home Esplora Aiuto
Registrati Accedi
0ct0pu5
/
crowdsec
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Albero (Tree): db9e1e280d
Rami (Branch) Tag
crowdsec
/
cmd
/
crowdsec-cli
/
dashboard.go

dashboard.go 12 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375 
  1. package main
    2. 

  2. 

  3. import (
    4. 

  4. 	"archive/zip"
    5. 

  5. 	"bufio"
    6. 

  6. 	"bytes"
    7. 

  7. 	"context"
    8. 

  8. 	"encoding/json"
    9. 

  9. 	"fmt"
    10. 

  10. 	"io"
    11. 

  11. 	"io/ioutil"
    12. 

  12. 	"net/http"
    13. 

  13. 	"os"
    14. 

  14. 	"path"
    15. 

  15. 	"strings"
    16. 

  16. 	"time"
    17. 

  17. 

  18. 	"github.com/crowdsecurity/crowdsec/pkg/cwversion"
    19. 

  19. 	"github.com/dghubble/sling"
    20. 

  20. 	"github.com/docker/docker/api/types"
    21. 

  21. 	"github.com/docker/docker/api/types/container"
    22. 

  22. 	"github.com/docker/docker/api/types/mount"
    23. 

  23. 	"github.com/docker/docker/client"
    24. 

  24. 	"github.com/docker/go-connections/nat"
    25. 

  25. 	log "github.com/sirupsen/logrus"
    26. 

  26. 	"github.com/spf13/cobra"
    27. 

  27. )
    28. 

  28. 

  29. var (
    30. 

  30. 	metabaseImage  = "metabase/metabase"
    31. 

  31. 	metabaseDbURI  = "https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/metabase.db.zip"
    32. 

  32. 	metabaseDbPath = "/var/lib/crowdsec/data"
    33. 

  33. 	/**/
    34. 

  34. 	metabaseListenAddress = "127.0.0.1"
    35. 

  35. 	metabaseListenPort    = "3000"
    36. 

  36. 	metabaseContainerID   = "/crowdsec-metabase"
    37. 

  37. 	/*informations needed to setup a random password on user's behalf*/
    38. 

  38. 	metabaseURI          = "http://localhost:3000/api/"
    39. 

  39. 	metabaseURISession   = "session"
    40. 

  40. 	metabaseURIRescan    = "database/2/rescan_values"
    41. 

  41. 	metabaseURIUpdatepwd = "user/1/password"
    42. 

  42. 	defaultPassword      = "c6cmetabase"
    43. 

  43. 	defaultEmail         = "metabase@crowdsec.net"
    44. 

  44. )
    45. 

  45. 

  46. func NewDashboardCmd() *cobra.Command {
    47. 

  47. 	/* ---- UPDATE COMMAND */
    48. 

  48. 	var cmdDashboard = &cobra.Command{
    49. 

  49. 		Use:   "dashboard",
    50. 

  50. 		Short: "Start a dashboard (metabase) container.",
    51. 

  51. 		Long:  `Start a metabase container exposing dashboards and metrics.`,
    52. 

  52. 		Args:  cobra.ExactArgs(1),
    53. 

  53. 		Example: `cscli dashboard setup
    54. 

  54. cscli dashboard start
    55. 

  55. cscli dashboard stop
    56. 

  56. cscli dashboard setup --force`,
    57. 

  57. 	}
    58. 

  58. 

  59. 	var force bool
    60. 

  60. 	var cmdDashSetup = &cobra.Command{
    61. 

  61. 		Use:   "setup",
    62. 

  62. 		Short: "Setup a metabase container.",
    63. 

  63. 		Long:  `Perform a metabase docker setup, download standard dashboards, create a fresh user and start the container`,
    64. 

  64. 		Args:  cobra.ExactArgs(0),
    65. 

  65. 		Example: `cscli dashboard setup
    66. 

  66. cscli dashboard setup --force
    67. 

  67. cscli dashboard setup -l 0.0.0.0 -p 443
    68. 

  68.  `,
    69. 

  69. 		Run: func(cmd *cobra.Command, args []string) {
    70. 

  70. 			if err := downloadMetabaseDB(force); err != nil {
    71. 

  71. 				log.Fatalf("Failed to download metabase DB : %s", err)
    72. 

  72. 			}
    73. 

  73. 			log.Infof("Downloaded metabase DB")
    74. 

  74. 			if err := createMetabase(); err != nil {
    75. 

  75. 				log.Fatalf("Failed to start metabase container : %s", err)
    76. 

  76. 			}
    77. 

  77. 			log.Infof("Started metabase")
    78. 

  78. 			newpassword := generatePassword()
    79. 

  79. 			if err := resetMetabasePassword(newpassword); err != nil {
    80. 

  80. 				log.Fatalf("Failed to reset password : %s", err)
    81. 

  81. 			}
    82. 

  82. 			log.Infof("Setup finished")
    83. 

  83. 			log.Infof("url : http://%s:%s", metabaseListenAddress, metabaseListenPort)
    84. 

  84. 			log.Infof("username: %s", defaultEmail)
    85. 

  85. 			log.Infof("password: %s", newpassword)
    86. 

  86. 		},
    87. 

  87. 	}
    88. 

  88. 	cmdDashSetup.Flags().BoolVarP(&force, "force", "f", false, "Force setup : override existing files.")
    89. 

  89. 	cmdDashSetup.Flags().StringVarP(&metabaseDbPath, "dir", "d", metabaseDbPath, "Shared directory with metabase container.")
    90. 

  90. 	cmdDashSetup.Flags().StringVarP(&metabaseListenAddress, "listen", "l", metabaseListenAddress, "Listen address of container")
    91. 

  91. 	cmdDashSetup.Flags().StringVarP(&metabaseListenPort, "port", "p", metabaseListenPort, "Listen port of container")
    92. 

  92. 	cmdDashboard.AddCommand(cmdDashSetup)
    93. 

  93. 

  94. 	var cmdDashStart = &cobra.Command{
    95. 

  95. 		Use:   "start",
    96. 

  96. 		Short: "Start the metabase container.",
    97. 

  97. 		Long:  `Stats the metabase container using docker.`,
    98. 

  98. 		Args:  cobra.ExactArgs(0),
    99. 

  99. 		Run: func(cmd *cobra.Command, args []string) {
    100. 

  100. 			if err := startMetabase(); err != nil {
    101. 

  101. 				log.Fatalf("Failed to start metabase container : %s", err)
    102. 

  102. 			}
    103. 

  103. 			log.Infof("Started metabase")
    104. 

  104. 			log.Infof("url : http://%s:%s", metabaseListenAddress, metabaseListenPort)
    105. 

  105. 		},
    106. 

  106. 	}
    107. 

  107. 	cmdDashboard.AddCommand(cmdDashStart)
    108. 

  108. 

  109. 	var remove bool
    110. 

  110. 	var cmdDashStop = &cobra.Command{
    111. 

  111. 		Use:   "stop",
    112. 

  112. 		Short: "Stops the metabase container.",
    113. 

  113. 		Long:  `Stops the metabase container using docker.`,
    114. 

  114. 		Args:  cobra.ExactArgs(0),
    115. 

  115. 		Run: func(cmd *cobra.Command, args []string) {
    116. 

  116. 			if err := stopMetabase(remove); err != nil {
    117. 

  117. 				log.Fatalf("Failed to stop metabase container : %s", err)
    118. 

  118. 			}
    119. 

  119. 		},
    120. 

  120. 	}
    121. 

  121. 	cmdDashStop.Flags().BoolVarP(&remove, "remove", "r", false, "remove (docker rm) container as well.")
    122. 

  122. 	cmdDashboard.AddCommand(cmdDashStop)
    123. 

  123. 	return cmdDashboard
    124. 

  124. }
    125. 

  125. 

  126. func downloadMetabaseDB(force bool) error {
    127. 

  127. 

  128. 	metabaseDBSubpath := path.Join(metabaseDbPath, "metabase.db")
    129. 

  129. 

  130. 	_, err := os.Stat(metabaseDBSubpath)
    131. 

  131. 	if err == nil && !force {
    132. 

  132. 		log.Printf("%s exists, skip.", metabaseDBSubpath)
    133. 

  133. 		return nil
    134. 

  134. 	}
    135. 

  135. 

  136. 	if err := os.MkdirAll(metabaseDBSubpath, 0755); err != nil {
    137. 

  137. 		return fmt.Errorf("failed to create %s : %s", metabaseDBSubpath, err)
    138. 

  138. 	}
    139. 

  139. 

  140. 	req, err := http.NewRequest("GET", metabaseDbURI, nil)
    141. 

  141. 	if err != nil {
    142. 

  142. 		return fmt.Errorf("failed to build request to fetch metabase db : %s", err)
    143. 

  143. 	}
    144. 

  144. 	//This needs to be removed once we move the zip out of github
    145. 

  145. 	req.Header.Add("Accept", `application/vnd.github.v3.raw`)
    146. 

  146. 	resp, err := http.DefaultClient.Do(req)
    147. 

  147. 	if err != nil {
    148. 

  148. 		return fmt.Errorf("failed request to fetch metabase db : %s", err)
    149. 

  149. 	}
    150. 

  150. 	if resp.StatusCode != 200 {
    151. 

  151. 		return fmt.Errorf("got http %d while requesting metabase db %s, stop", resp.StatusCode, metabaseDbURI)
    152. 

  152. 	}
    153. 

  153. 	defer resp.Body.Close()
    154. 

  154. 	body, err := ioutil.ReadAll(resp.Body)
    155. 

  155. 	if err != nil {
    156. 

  156. 		return fmt.Errorf("failed request read while fetching metabase db : %s", err)
    157. 

  157. 	}
    158. 

  158. 

  159. 	log.Printf("Got %d bytes archive", len(body))
    160. 

  160. 	if err := extractMetabaseDB(bytes.NewReader(body)); err != nil {
    161. 

  161. 		return fmt.Errorf("while extracting zip : %s", err)
    162. 

  162. 	}
    163. 

  163. 	return nil
    164. 

  164. }
    165. 

  165. 

  166. func extractMetabaseDB(buf *bytes.Reader) error {
    167. 

  167. 	r, err := zip.NewReader(buf, int64(buf.Len()))
    168. 

  168. 	if err != nil {
    169. 

  169. 		log.Fatal(err)
    170. 

  170. 	}
    171. 

  171. 	for _, f := range r.File {
    172. 

  172. 		if strings.Contains(f.Name, "..") {
    173. 

  173. 			return fmt.Errorf("invalid path '%s' in archive", f.Name)
    174. 

  174. 		}
    175. 

  175. 		tfname := fmt.Sprintf("%s/%s", metabaseDbPath, f.Name)
    176. 

  176. 		log.Debugf("%s -> %d", f.Name, f.UncompressedSize64)
    177. 

  177. 		if f.UncompressedSize64 == 0 {
    178. 

  178. 			continue
    179. 

  179. 		}
    180. 

  180. 		tfd, err := os.OpenFile(tfname, os.O_RDWR|os.O_TRUNC|os.O_CREATE, 0644)
    181. 

  181. 		if err != nil {
    182. 

  182. 			return fmt.Errorf("failed opening target file '%s' : %s", tfname, err)
    183. 

  183. 		}
    184. 

  184. 		rc, err := f.Open()
    185. 

  185. 		if err != nil {
    186. 

  186. 			return fmt.Errorf("while opening zip content %s : %s", f.Name, err)
    187. 

  187. 		}
    188. 

  188. 		written, err := io.Copy(tfd, rc)
    189. 

  189. 		if err == io.EOF {
    190. 

  190. 			log.Printf("files finished ok")
    191. 

  191. 		} else if err != nil {
    192. 

  192. 			return fmt.Errorf("while copying content to %s : %s", tfname, err)
    193. 

  193. 		}
    194. 

  194. 		log.Infof("written %d bytes to %s", written, tfname)
    195. 

  195. 		rc.Close()
    196. 

  196. 	}
    197. 

  197. 	return nil
    198. 

  198. }
    199. 

  199. 

  200. func resetMetabasePassword(newpassword string) error {
    201. 

  201. 

  202. 	httpctx := sling.New().Base(metabaseURI).Set("User-Agent", fmt.Sprintf("CrowdWatch/%s", cwversion.VersionStr()))
    203. 

  203. 

  204. 	log.Printf("Waiting for metabase API to be up (can take up to a minute)")
    205. 

  205. 	for {
    206. 

  206. 		sessionreq, err := httpctx.New().Post(metabaseURISession).BodyJSON(map[string]string{"username": defaultEmail, "password": defaultPassword}).Request()
    207. 

  207. 		if err != nil {
    208. 

  208. 			return fmt.Errorf("api signin: HTTP request creation failed: %s", err)
    209. 

  209. 		}
    210. 

  210. 		httpClient := http.Client{Timeout: 20 * time.Second}
    211. 

  211. 		resp, err := httpClient.Do(sessionreq)
    212. 

  212. 		if err != nil {
    213. 

  213. 			fmt.Printf(".")
    214. 

  214. 			log.Debugf("While waiting for metabase to be up : %s", err)
    215. 

  215. 			time.Sleep(1 * time.Second)
    216. 

  216. 			continue
    217. 

  217. 		}
    218. 

  218. 		defer resp.Body.Close()
    219. 

  219. 		fmt.Printf("\n")
    220. 

  220. 		log.Printf("Metabase API is up")
    221. 

  221. 		body, err := ioutil.ReadAll(resp.Body)
    222. 

  222. 		if err != nil {
    223. 

  223. 			return fmt.Errorf("metabase session unable to read API response body: '%s'", err)
    224. 

  224. 		}
    225. 

  225. 		if resp.StatusCode != 200 {
    226. 

  226. 			return fmt.Errorf("metabase session http error (%d): %s", resp.StatusCode, string(body))
    227. 

  227. 		}
    228. 

  228. 		log.Printf("Successfully authenticated")
    229. 

  229. 		jsonResp := make(map[string]string)
    230. 

  230. 		err = json.Unmarshal(body, &jsonResp)
    231. 

  231. 		if err != nil {
    232. 

  232. 			return fmt.Errorf("failed to unmarshal metabase api response '%s': %s", string(body), err.Error())
    233. 

  233. 		}
    234. 

  234. 		log.Debugf("unmarshaled response : %v", jsonResp)
    235. 

  235. 		httpctx = httpctx.Set("Cookie", fmt.Sprintf("metabase.SESSION=%s", jsonResp["id"]))
    236. 

  236. 		break
    237. 

  237. 	}
    238. 

  238. 

  239. 	/*rescan values*/
    240. 

  240. 	sessionreq, err := httpctx.New().Post(metabaseURIRescan).Request()
    241. 

  241. 	if err != nil {
    242. 

  242. 		return fmt.Errorf("metabase rescan_values http error : %s", err)
    243. 

  243. 	}
    244. 

  244. 	httpClient := http.Client{Timeout: 20 * time.Second}
    245. 

  245. 	resp, err := httpClient.Do(sessionreq)
    246. 

  246. 	if err != nil {
    247. 

  247. 		return fmt.Errorf("while trying to do rescan api call to metabase : %s", err)
    248. 

  248. 	}
    249. 

  249. 	defer resp.Body.Close()
    250. 

  250. 	body, err := ioutil.ReadAll(resp.Body)
    251. 

  251. 	if err != nil {
    252. 

  252. 		return fmt.Errorf("while reading rescan api call response : %s", err)
    253. 

  253. 	}
    254. 

  254. 	if resp.StatusCode != 200 {
    255. 

  255. 		return fmt.Errorf("got '%s' (http:%d) while trying to rescan metabase", string(body), resp.StatusCode)
    256. 

  256. 	}
    257. 

  257. 	/*update password*/
    258. 

  258. 	sessionreq, err = httpctx.New().Put(metabaseURIUpdatepwd).BodyJSON(map[string]string{
    259. 

  259. 		"id":           "1",
    260. 

  260. 		"password":     newpassword,
    261. 

  261. 		"old_password": defaultPassword}).Request()
    262. 

  262. 	if err != nil {
    263. 

  263. 		return fmt.Errorf("metabase password change http error : %s", err)
    264. 

  264. 	}
    265. 

  265. 	httpClient = http.Client{Timeout: 20 * time.Second}
    266. 

  266. 	resp, err = httpClient.Do(sessionreq)
    267. 

  267. 	if err != nil {
    268. 

  268. 		return fmt.Errorf("while trying to reset metabase password : %s", err)
    269. 

  269. 	}
    270. 

  270. 	defer resp.Body.Close()
    271. 

  271. 	body, err = ioutil.ReadAll(resp.Body)
    272. 

  272. 	if err != nil {
    273. 

  273. 		return fmt.Errorf("while reading from %s: '%s'", metabaseURIUpdatepwd, err)
    274. 

  274. 	}
    275. 

  275. 	if resp.StatusCode != 200 {
    276. 

  276. 		log.Printf("Got %s (http:%d) while trying to reset password.", string(body), resp.StatusCode)
    277. 

  277. 		log.Printf("Password has probably already been changed.")
    278. 

  278. 		log.Printf("Use the dashboard install command to reset existing setup.")
    279. 

  279. 		return fmt.Errorf("got http error %d on %s : %s", resp.StatusCode, metabaseURIUpdatepwd, string(body))
    280. 

  280. 	}
    281. 

  281. 	log.Printf("Changed password !")
    282. 

  282. 	return nil
    283. 

  283. }
    284. 

  284. 

  285. func startMetabase() error {
    286. 

  286. 	ctx := context.Background()
    287. 

  287. 	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
    288. 

  288. 	if err != nil {
    289. 

  289. 		return fmt.Errorf("failed to create docker client : %s", err)
    290. 

  290. 	}
    291. 

  291. 

  292. 	if err := cli.ContainerStart(ctx, metabaseContainerID, types.ContainerStartOptions{}); err != nil {
    293. 

  293. 		return fmt.Errorf("failed while starting %s : %s", metabaseContainerID, err)
    294. 

  294. 	}
    295. 

  295. 

  296. 	return nil
    297. 

  297. }
    298. 

  298. 

  299. func stopMetabase(remove bool) error {
    300. 

  300. 	log.Printf("Stop docker metabase %s", metabaseContainerID)
    301. 

  301. 	ctx := context.Background()
    302. 

  302. 	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
    303. 

  303. 	if err != nil {
    304. 

  304. 		return fmt.Errorf("failed to create docker client : %s", err)
    305. 

  305. 	}
    306. 

  306. 	var to time.Duration = 20 * time.Second
    307. 

  307. 	if err := cli.ContainerStop(ctx, metabaseContainerID, &to); err != nil {
    308. 

  308. 		return fmt.Errorf("failed while stopping %s : %s", metabaseContainerID, err)
    309. 

  309. 	}
    310. 

  310. 

  311. 	if remove {
    312. 

  312. 		log.Printf("Removing docker metabase %s", metabaseContainerID)
    313. 

  313. 		if err := cli.ContainerRemove(ctx, metabaseContainerID, types.ContainerRemoveOptions{}); err != nil {
    314. 

  314. 			return fmt.Errorf("failed remove container %s : %s", metabaseContainerID, err)
    315. 

  315. 		}
    316. 

  316. 	}
    317. 

  317. 	return nil
    318. 

  318. }
    319. 

  319. 

  320. func createMetabase() error {
    321. 

  321. 	ctx := context.Background()
    322. 

  322. 	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
    323. 

  323. 	if err != nil {
    324. 

  324. 		return fmt.Errorf("failed to start docker client : %s", err)
    325. 

  325. 	}
    326. 

  326. 

  327. 	log.Printf("Pulling docker image %s", metabaseImage)
    328. 

  328. 	reader, err := cli.ImagePull(ctx, metabaseImage, types.ImagePullOptions{})
    329. 

  329. 	if err != nil {
    330. 

  330. 		return fmt.Errorf("failed to pull docker image : %s", err)
    331. 

  331. 	}
    332. 

  332. 	defer reader.Close()
    333. 

  333. 	scanner := bufio.NewScanner(reader)
    334. 

  334. 	for scanner.Scan() {
    335. 

  335. 		fmt.Print(".")
    336. 

  336. 	}
    337. 

  337. 	if err := scanner.Err(); err != nil {
    338. 

  338. 		return fmt.Errorf("failed to read imagepull reader: %s", err)
    339. 

  339. 	}
    340. 

  340. 	fmt.Print("\n")
    341. 

  341. 

  342. 	hostConfig := &container.HostConfig{
    343. 

  343. 		PortBindings: nat.PortMap{
    344. 

  344. 			"3000/tcp": []nat.PortBinding{
    345. 

  345. 				{
    346. 

  346. 					HostIP:   metabaseListenAddress,
    347. 

  347. 					HostPort: metabaseListenPort,
    348. 

  348. 				},
    349. 

  349. 			},
    350. 

  350. 		},
    351. 

  351. 		Mounts: []mount.Mount{
    352. 

  352. 			{
    353. 

  353. 				Type:   mount.TypeBind,
    354. 

  354. 				Source: metabaseDbPath,
    355. 

  355. 				Target: "/metabase-data",
    356. 

  356. 			},
    357. 

  357. 		},
    358. 

  358. 	}
    359. 

  359. 	dockerConfig := &container.Config{
    360. 

  360. 		Image: metabaseImage,
    361. 

  361. 		Tty:   true,
    362. 

  362. 		Env:   []string{"MB_DB_FILE=/metabase-data/metabase.db"},
    363. 

  363. 	}
    364. 

  364. 

  365. 	log.Printf("Creating container")
    366. 

  366. 	resp, err := cli.ContainerCreate(ctx, dockerConfig, hostConfig, nil, metabaseContainerID)
    367. 

  367. 	if err != nil {
    368. 

  368. 		return fmt.Errorf("failed to create container : %s", err)
    369. 

  369. 	}
    370. 

  370. 	log.Printf("Starting container")
    371. 

  371. 	if err := cli.ContainerStart(ctx, resp.ID, types.ContainerStartOptions{}); err != nil {
    372. 

  372. 		return fmt.Errorf("failed to start docker container : %s", err)
    373. 

  373. 	}
    374. 

  374. 	return nil
    375. 

  375. }
    376.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5