Bugfix to add rhel 6 installation or XDR agent, includes changes to setup AzCopy and Storage Account downloads

README.md

@@ -102,7 +102,7 @@ A virtual machine or virtual machine scale set.
 | <a name="input_run_command_type_handler_version_windows"></a> [run\_command\_type\_handler\_version\_windows](#input\_run\_command\_type\_handler\_version\_windows) | Type handler version number for Windows VMs | `string` | `"1.1"` | no |
 | <a name="input_run_xdr_agent"></a> [run\_xdr\_agent](#input\_run\_xdr\_agent) | Install XDR agents using run command script? | `bool` | `false` | no |
 | <a name="input_run_xdr_collector"></a> [run\_xdr\_collector](#input\_run\_xdr\_collector) | Install XDR collectors using run command script? | `bool` | `false` | no |
-| <a name="input_scheduledscansettings"></a> [scheduledscansettings](#input\_scheduledscansettings) | Enable Scanning | `map(string)` | <pre>{<br>  "day": "7",<br>  "isEnabled": "true",<br>  "scanType": "Quick",<br>  "time": "120"<br>}</pre> | no |
+| <a name="input_scheduledscansettings"></a> [scheduledscansettings](#input\_scheduledscansettings) | Enable Scanning | `map(string)` | <pre>{<br/>  "day": "7",<br/>  "isEnabled": "true",<br/>  "scanType": "Quick",<br/>  "time": "120"<br/>}</pre> | no |
 | <a name="input_soc_vault_name"></a> [soc\_vault\_name](#input\_soc\_vault\_name) | The name of the SOC Key Vault. | `string` | `"soc-prod"` | no |
 | <a name="input_soc_vault_rg"></a> [soc\_vault\_rg](#input\_soc\_vault\_rg) | The name of the resource group where the SOC Key Vault is located. | `string` | `"soc-core-infra-prod-rg"` | no |
 | <a name="input_splunk_group"></a> [splunk\_group](#input\_splunk\_group) | Splunk universal forwarder global target group. | `string` | `"hmcts_forwarders"` | no |

scripts/linux_run_script.sh

@@ -1,70 +1,103 @@
 #!/bin/bash
     set -ex
-    
-   # Get OS type
-    
+
+# Get OS type/version/name
+check_os_version() {
     if [ -f /etc/os-release ]; then
         . /etc/os-release
         OS=$ID
+        OS_TYPE=$NAME
+        VERSION=$VERSION_ID
+    elif type lsb_release >/dev/null 2>&1; then
+        OS=$(lsb_release -si)
+        OS_TYPE=$(lsb_release -sd | sed 's/"//g')
+        VERSION=$(lsb_release -sr)
+    elif [ -f /etc/redhat-release ]; then
+        OS=$(awk '{print $1$2$3$5}' /etc/redhat-release)
+        OS_TYPE=$(awk '{print $1, $2, $3, $4, $5}' /etc/redhat-release)
+        VERSION=$(cat /etc/redhat-release | sed 's/[^0-9.]*//g')
     else
         echo "Cannot determine the operating system."
     fi
 
-    # Run the command only if the OS is not Ubuntu
-    if [ "$OS" != "ubuntu" ]; then
-        echo "Running command on $OS"
-
-        sudo yum install redhat-lsb-core -y
-    else
-        echo "Skipping command on Ubuntu"
-    fi
-
-    if command -v lsb_release &> /dev/null
+    echo "Operating System: $OS"
+    echo "Version: $VERSION"
+}
+
+check_os_version
+
+# Run the command only if the OS is not Ubuntu
+if [ "$OS" != "ubuntu" ]; then
+    echo "Running command on $OS"
+    sudo yum install redhat-lsb-core -y
+else
+    echo "Skipping command on Ubuntu"
+fi
+
+STORAGE_ACCOUNT_NAME="cftptlintsvc"
+CONTAINER_NAME="xdr-collectors"
+
+
+install_azcopy() {
+    # Install Azure CLI (if not already installed)
+
+    if ! command -v azcopy &> /dev/null
     then
-        OS_TYPE=$(lsb_release -a | grep "Description" | cut -f2 -d: | sed -e 's/^[[:space:]]*//')
+        if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"6."* ]]; then
+            echo "Downloading AzCopy"
+            sudo wget https://aka.ms/downloadazcopy-v10-linux
+            sudo tar -xvf downloadazcopy-v10-linux
+
+            echo "Adding AzCopy to path"
+            sudo rm -f /usr/bin/azcopy
+            sudo cp ./azcopy_linux_amd64_*/azcopy /usr/bin/
+            sudo chmod 755 /usr/bin/azcopy
+
+            echo "Completing cleanup"
+            sudo rm -f downloadazcopy-v10-linux
+            sudo rm -rf ./azcopy_linux_amd64_*/
+        fi
     else
-        echo "Operating System could not be determined."
+        echo "AzCopy is already installed."
     fi
 
-    STORAGE_ACCOUNT_NAME="cftptlintsvc"    
-    CONTAINER_NAME="xdr-collectors"
+}
 
 install_azcli() {
     # Install Azure CLI (if not already installed)
-    
+
     if ! command -v az &> /dev/null
     then
 
         if [ "$OS" != "ubuntu" ]; then
             sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
             rpm -q dnf || sudo yum install dnf -y
         fi
-
-        if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"7."* ]]; then
-                        echo -e "[azure-cli]
+        if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"7."* ]]; then
+            echo -e "[azure-cli]
 name=Azure CLI
 baseurl=https://packages.microsoft.com/yumrepos/azure-cli
 enabled=1
 gpgcheck=1
 gpgkey=https://packages.microsoft.com/keys/microsoft.asc" | sudo tee /etc/yum.repos.d/azure-cli.repo
 
-           sudo dnf clean all
-           sudo dnf -v install azure-cli -y
-        elif [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"8."* ]]; then
+            sudo dnf clean all
+            sudo dnf -v install azure-cli -y
+
+        elif [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"8."* ]]; then
             sudo dnf install -y https://packages.microsoft.com/config/rhel/8/packages-microsoft-prod.rpm
+            sudo dnf install azure-cli
 
+        elif [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"9."* ]]; then
+            sudo dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm
             sudo dnf install azure-cli
-        elif [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"9."* ]]; then
-           sudo dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm
 
-           sudo dnf install azure-cli
         else
             curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
         fi
     else
         echo "Azure CLI is already installed."
     fi
-
 }
 
 install_agent() {
@@ -76,7 +109,7 @@ install_agent() {
         sudo apt-get update
         sudo apt-get install -y selinux-utils policycoreutils
     fi
-    
+
     local SA_KEY="$1"
     local ENV="$2"
     local XDR_TAGS="$3"
@@ -87,20 +120,19 @@ install_agent() {
     mkdir -p XDR_DOWNLOAD
 
     if [[ "$OS_TYPE" == *"Red Hat Enterprise Linux"* ]]; then
-
         # Download conf file
         local BLOB_NAME="${ENV}/${ENV}_agent-HMCTS_Linux_rpm_8.5.0.125392/cortex.conf"
         local LOCAL_FILE_PATH="XDR_DOWNLOAD/cortex.conf"
         download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH"
         sudo echo "$STRING_TO_APPEND" >> $LOCAL_FILE_PATH
         sudo mkdir -p /etc/panw
         sudo cp $LOCAL_FILE_PATH /etc/panw/
-        
+
         # Install agent
         local BLOB_NAME="${ENV}/${ENV}_agent-HMCTS_Linux_rpm_8.5.0.125392/cortex-8.5.0.125392.rpm"
         local LOCAL_FILE_PATH="XDR_DOWNLOAD/cortexagent.rpm"
         download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH"
-        rpm -qa | grep -i cortex-agent || rpm -Uh $LOCAL_FILE_PATH
+        rpm -qa | grep -i cortex-agent || sudo rpm -Uh $LOCAL_FILE_PATH
         rm -rf $LOCAL_FILE_PATH
         echo "Installation of Agents on RedHat VM completed"
     else
@@ -112,8 +144,8 @@ install_agent() {
         sudo echo "$STRING_TO_APPEND" >> $LOCAL_FILE_PATH
         sudo mkdir -p /etc/panw
         sudo cp $LOCAL_FILE_PATH /etc/panw/
-        
-         # Install agent
+
+        # Install agent
         local BLOB_NAME="${ENV}/${ENV}_agent-HMCTS_Linux_deb_8.5.0.125392/cortex-8.5.0.125392.deb"
         local LOCAL_FILE_PATH="XDR_DOWNLOAD/cortexagent.deb"
         download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH"
@@ -126,7 +158,7 @@ install_agent() {
 
 install_collector() {
     echo "Info: Installing XDR Collectors"
-    
+
     if [ "$OS" != "ubuntu" ]; then
         sudo yum install -y selinux-policy-devel
     else
@@ -147,12 +179,12 @@ install_collector() {
         download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH"
         sudo mkdir -p /etc/panw
         sudo cp $LOCAL_FILE_PATH /etc/panw/
-        
+
         # Install collector
         local BLOB_NAME="${ENV}/collector-1.4.1.1089.rpm/collector-1.4.1.1089.rpm"
         local LOCAL_FILE_PATH="XDR_DOWNLOAD/collector.rpm"
         download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH"
-        rpm -qa | grep -i xdr-collector || rpm -Uh $LOCAL_FILE_PATH
+        rpm -qa | grep -i xdr-collector || sudo rpm -Uh $LOCAL_FILE_PATH
         rm -rf $LOCAL_FILE_PATH
         echo "Installation of collectors on RedHat VM completed"
     else
@@ -163,8 +195,8 @@ install_collector() {
         download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH"
         sudo mkdir -p /etc/panw
         sudo cp $LOCAL_FILE_PATH /etc/panw/
-        
-         # Install collector
+
+        # Install collector
         local BLOB_NAME="${ENV}/collector-1.4.1.1089.deb/collector-1.4.1.1089.deb"
         local LOCAL_FILE_PATH="XDR_DOWNLOAD/collector.deb"
         download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH"
@@ -181,19 +213,31 @@ download_blob(){
     local CONTAINER_NAME="$3"
     local BLOB_NAME="$4"
     local LOCAL_FILE_PATH="$5"
-    az storage blob download --account-name $STORAGE_ACCOUNT_NAME --account-key $SA_KEY --container-name $CONTAINER_NAME --name $BLOB_NAME --file $LOCAL_FILE_PATH
-}
-
 
+    if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"6."* ]]; then
+        # This command uses SA_KEY as a variable but it should be a SAS Token for RHEL 6 VMs
+        azcopy copy "https://$STORAGE_ACCOUNT_NAME.blob.core.windows.net/$CONTAINER_NAME/$BLOB_NAME?$SA_KEY" "$LOCAL_FILE_PATH"
+    else
+        az storage blob download --account-name $STORAGE_ACCOUNT_NAME --account-key $SA_KEY --container-name $CONTAINER_NAME --name $BLOB_NAME --file $LOCAL_FILE_PATH
+    fi
+}
 
 if [ "${RUN_XDR_AGENT}" = "true" ]
 then
-  install_azcli
-  install_agent "${STORAGE_ACCOUNT_KEY}" "${ENV}" "${XDR_TAGS}"
+    if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"6."* ]]; then
+        install_azcopy
+    else
+        install_azcli
+    fi
+    install_agent "${STORAGE_ACCOUNT_KEY}" "${ENV}" "${XDR_TAGS}"
 fi
 
 if [ "${RUN_XDR_COLLECTOR}" = "true" ]
 then
-  install_azcli
-  install_collector "${STORAGE_ACCOUNT_KEY}" "${ENV}"
+    if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"6."* ]]; then
+        install_azcopy
+    else
+        install_azcli
+    fi
+    install_collector "${STORAGE_ACCOUNT_KEY}" "${ENV}"
 fi