Skip to content

Commit

Permalink
Merge pull request #73 from hmcts/marty/docker-install-option
Browse files Browse the repository at this point in the history 
Adding Docker install steps for Ubuntu to run command script
  • Loading branch information
@MartyFox
MartyFox authored Sep 17, 2024
2 parents 5617fd3 + eb035ba commit be6cea2
Show file tree
Hide file tree
Showing 4 changed files with 74 additions and 25 deletions.
2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,10 +89,12 @@ A virtual machine or virtual machine scale set.
| <a name="input_endpoint_protection_upgrade_minor_version"></a> [endpoint\_protection\_upgrade\_minor\_version](#input\_endpoint\_protection\_upgrade\_minor\_version) | Specifies if the platform deploys the latest minor version Endpoint Protection update to the type\_handler\_version specified. | `bool` | `true` | no |
| <a name="input_env"></a> [env](#input\_env) | Environment name. | `string` | n/a | yes |
| <a name="input_install_azure_monitor"></a> [install\_azure\_monitor](#input\_install\_azure\_monitor) | Install Azure Monitor Agent. | `bool` | `true` | no |
| <a name="input_install_docker"></a> [install\_docker](#input\_install\_docker) | Should Docker and Docker Compose be installed -- Ubuntu only | `bool` | `false` | no |
| <a name="input_install_dynatrace_oneagent"></a> [install\_dynatrace\_oneagent](#input\_install\_dynatrace\_oneagent) | Install Dynatrace OneAgent. | `bool` | `true` | no |
| <a name="input_install_endpoint_protection"></a> [install\_endpoint\_protection](#input\_install\_endpoint\_protection) | Install Endpoint Protection. | `bool` | `true` | no |
| <a name="input_install_nessus_agent"></a> [install\_nessus\_agent](#input\_install\_nessus\_agent) | Install Nessus Agent. | `bool` | `true` | no |
| <a name="input_install_splunk_uf"></a> [install\_splunk\_uf](#input\_install\_splunk\_uf) | Install Splunk UF. | `bool` | `true` | no |
| <a name="input_location"></a> [location](#input\_location) | The region in Azure that the Data collection rule will be deployed to. | `string` | `"UK South"` | no |
| <a name="input_nessus_groups"></a> [nessus\_groups](#input\_nessus\_groups) | Nessus group name. | `string` | `"Platform-Operation-Bastions"` | no |
| <a name="input_nessus_key"></a> [nessus\_key](#input\_nessus\_key) | Nessus linking key - read input from keyvault. | `string` | `null` | no |
| <a name="input_nessus_server"></a> [nessus\_server](#input\_nessus\_server) | Nessus server endpoint - read input from keyvault. | `string` | `""` | no |
Expand Down
2 changes: 2 additions & 0 deletions run_command.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ resource "azurerm_virtual_machine_scale_set_extension" "azure_vmss_run_command"
RUN_XDR_AGENT = var.run_xdr_agent ? "true" : "false"
ENV = var.xdr_env == "prod" ? var.xdr_env : "nonprod"
XDR_TAGS = local.xdr_tags_list
INSTALL_DOCKER = var.install_docker ? "true" : "false"
})) }) : jsonencode({ script = compact(tolist([templatefile("${path.module}/scripts/windows_run_script.ps1", {
STORAGE_ACCOUNT_KEY = var.run_command_sa_key
RUN_CIS = var.rc_script_file == "scripts/windows_cis.ps1" || var.run_cis ? "true" : "false"
Expand Down Expand Up @@ -44,6 +45,7 @@ resource "azurerm_virtual_machine_extension" "azure_vm_run_command" {
RUN_XDR_AGENT = var.run_xdr_agent ? "true" : "false"
ENV = var.xdr_env == "prod" ? var.xdr_env : "nonprod"
XDR_TAGS = local.xdr_tags_list
INSTALL_DOCKER = var.install_docker ? "true" : "false"
})) }) : jsonencode({ script = compact(tolist([templatefile("${path.module}/scripts/windows_run_script.ps1", {
STORAGE_ACCOUNT_KEY = var.run_command_sa_key
RUN_CIS = var.rc_script_file == "scripts/windows_cis.ps1" || var.run_cis ? "true" : "false"
Expand Down
82 changes: 58 additions & 24 deletions scripts/linux_run_script.sh
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
#!/bin/bash
set -ex
# Get OS type

# Get OS type

if [ -f /etc/os-release ]; then
. /etc/os-release
OS=$ID
Expand All @@ -13,25 +13,25 @@
# Run the command only if the OS is not Ubuntu
if [ "$OS" != "ubuntu" ]; then
echo "Running command on $OS"

sudo yum install redhat-lsb-core -y
else
echo "Skipping command on Ubuntu"
fi

if command -v lsb_release &> /dev/null
then
OS_TYPE=$(lsb_release -a | grep "Description" | cut -f2 -d: | sed -e 's/^[[:space:]]*//')
else
echo "Operating System could not be determined."
fi

STORAGE_ACCOUNT_NAME="cftptlintsvc"
STORAGE_ACCOUNT_NAME="cftptlintsvc"
CONTAINER_NAME="xdr-collectors"

install_azcli() {
# Install Azure CLI (if not already installed)

if ! command -v az &> /dev/null
then

Expand All @@ -48,23 +48,23 @@ enabled=1
gpgcheck=1
gpgkey=https://packages.microsoft.com/keys/microsoft.asc" | sudo tee /etc/yum.repos.d/azure-cli.repo

sudo dnf clean all
sudo dnf -v install azure-cli -y
sudo dnf clean all
sudo dnf -v install azure-cli -y
elif [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"8."* ]]; then
sudo dnf install -y https://packages.microsoft.com/config/rhel/8/packages-microsoft-prod.rpm

sudo dnf install azure-cli
elif [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"9."* ]]; then
sudo dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm
sudo dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm

sudo dnf install azure-cli
sudo dnf install azure-cli
else
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
fi
else
echo "Azure CLI is already installed."
fi

}

install_agent() {
Expand All @@ -76,7 +76,7 @@ install_agent() {
sudo apt-get update
sudo apt-get install -y selinux-utils policycoreutils
fi

local SA_KEY="$1"
local ENV="$2"
local XDR_TAGS="$3"
Expand All @@ -95,7 +95,7 @@ install_agent() {
sudo echo "$STRING_TO_APPEND" >> $LOCAL_FILE_PATH
sudo mkdir -p /etc/panw
sudo cp $LOCAL_FILE_PATH /etc/panw/

# Install agent
local BLOB_NAME="${ENV}/${ENV}_agent-HMCTS_Linux_rpm_8.5.0.125392/cortex-8.5.0.125392.rpm"
local LOCAL_FILE_PATH="XDR_DOWNLOAD/cortexagent.rpm"
Expand All @@ -112,8 +112,8 @@ install_agent() {
sudo echo "$STRING_TO_APPEND" >> $LOCAL_FILE_PATH
sudo mkdir -p /etc/panw
sudo cp $LOCAL_FILE_PATH /etc/panw/
# Install agent

# Install agent
local BLOB_NAME="${ENV}/${ENV}_agent-HMCTS_Linux_deb_8.5.0.125392/cortex-8.5.0.125392.deb"
local LOCAL_FILE_PATH="XDR_DOWNLOAD/cortexagent.deb"
download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH"
Expand All @@ -126,7 +126,7 @@ install_agent() {

install_collector() {
echo "Info: Installing XDR Collectors"

if [ "$OS" != "ubuntu" ]; then
sudo yum install -y selinux-policy-devel
else
Expand All @@ -147,7 +147,7 @@ install_collector() {
download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH"
sudo mkdir -p /etc/panw
sudo cp $LOCAL_FILE_PATH /etc/panw/

# Install collector
local BLOB_NAME="${ENV}/collector-1.4.1.1089.rpm/collector-1.4.1.1089.rpm"
local LOCAL_FILE_PATH="XDR_DOWNLOAD/collector.rpm"
Expand All @@ -163,8 +163,8 @@ install_collector() {
download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH"
sudo mkdir -p /etc/panw
sudo cp $LOCAL_FILE_PATH /etc/panw/
# Install collector

# Install collector
local BLOB_NAME="${ENV}/collector-1.4.1.1089.deb/collector-1.4.1.1089.deb"
local LOCAL_FILE_PATH="XDR_DOWNLOAD/collector.deb"
download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH"
Expand All @@ -184,16 +184,50 @@ download_blob(){
az storage blob download --account-name $STORAGE_ACCOUNT_NAME --account-key $SA_KEY --container-name $CONTAINER_NAME --name $BLOB_NAME --file $LOCAL_FILE_PATH
}

install_docker(){

echo "Info: Installing Docker and Docker Compose"

if [ "$OS" == "ubuntu" ]; then

if ! command -v docker &>/dev/null; then
apt update
apt install -y apt-transport-https ca-certificates curl software-properties-common

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list >/dev/null

apt update
apt install -y docker-ce
fi

DOCKER_PLUGINS_DIR="/usr/local/lib/docker/cli-plugins"

if [ ! -d "$DOCKER_PLUGINS_DIR" ]; then
mkdir -p "$DOCKER_PLUGINS_DIR"
if [ ! -f "$DOCKER_PLUGINS_DIR/docker-compose" ]; then
curl -SL https://github.com/docker/compose/releases/download/v2.3.3/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
fi
fi
fi
}


if [ "${RUN_XDR_AGENT}" = "true" ]
then
install_azcli
install_agent "${STORAGE_ACCOUNT_KEY}" "${ENV}" "${XDR_TAGS}"
install_azcli
install_agent "${STORAGE_ACCOUNT_KEY}" "${ENV}" "${XDR_TAGS}"
fi

if [ "${RUN_XDR_COLLECTOR}" = "true" ]
then
install_azcli
install_collector "${STORAGE_ACCOUNT_KEY}" "${ENV}"
install_azcli
install_collector "${STORAGE_ACCOUNT_KEY}" "${ENV}"
fi

if [ "${INSTALL_DOCKER}" = "true" ]
then
install_docker
fi
13 changes: 12 additions & 1 deletion variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -341,7 +341,6 @@ variable "run_xdr_collector" {
description = "Install XDR collectors using run command script?"
}


variable "run_xdr_agent" {
type = bool
default = false
Expand All @@ -353,3 +352,15 @@ variable "xdr_env" {
type = string
default = "prod"
}

variable "install_docker" {
description = "Should Docker and Docker Compose be installed -- Ubuntu only"
type = bool
default = false
}

variable "location" {
description = "The region in Azure that the Data collection rule will be deployed to."
type = string
default = "UK South"
}

0 comments on commit be6cea2

Please sign in to comment.