search

DefectDojo / godojo

Golang installer for DefectDojo
GNU General Public License v3.0
23 stars 22 forks source link

Installer does not honor DD_DB_Exists #53

Open noloader opened 2 years ago

noloader commented 2 years ago

It appears the installer does not honor DD_DB_Exists. According to the notes in dojoConfig.yml:

...
# Each line represents a value used by the installer in this format:
# [name]: [default] # [ENV] - [Description]
# where
# [name] is the name of the configuration item
# [default] is the default value for the configuration item
# [ENV] is the environmental variable used to override the config item at run time
# [Description] is a description of that the config item's purpose
...

  DB:
    Engine: "PostgreSQL" # DD_DB_Engine - Database engine to use ...
    Local: true # DD_DB_Local - Boolean for when DB is on the same host/server/vm (local)
    Exists: false # DD_DB_Exists - Boolean for when DB for DefectDojo already exists so no install needed

I set DD_DB_Exists=true as an envar to skip the database stuff, but the installer still tries to install PostgreSQL and configure the dojodb database (and fails):

Starting PostgreSQL database for DefectDojo...(-*--------) 
##############################################################################
  ERROR: 2022/09/01 00:41:31 - Failed to run OS command /usr/bin/postgresql-setup --initdb, error was: exit status 1
##############################################################################

Starting Database complete

==============================================================================
  Preparing the database needed for DefectDojo
==============================================================================

Checking connectivity to PostgreSQL
Validating DB connection settings

##############################################################################
  ERROR: Unable to create a new PostgreSQL database for DefectDojo
##############################################################################

When I look at the cmd-output log file:

...
[godojo] # PGPASSWORD="[~REDACTED~]" pg_isready --host=localhost --username=postgres --port=5432 
localhost:5432 - accepting connections
[godojo] # sudo -u postgres PGPASSWORD="[~REDACTED~]" psql --host=localhost --username=postgres --port=5432 --command="\l"
could not change directory to "/home/jwalton/godojo": Permission denied
                                  List of databases
   Name    |  Owner   | Encoding |   Collate   |    Ctype    |   Access privileges    
-----------+----------+----------+-------------+-------------+------------------------
 dojodb    | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres          +
           |          |          |             |             | postgres=CTc/postgres +
           |          |          |             |             | dojodbusr=CTc/postgres
 postgres  | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | 
 template0 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres           +
           |          |          |             |             | postgres=CTc/postgres
 template1 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres           +
           |          |          |             |             | postgres=CTc/postgres
(4 rows)

[godojo] # sudo -u postgres PGPASSWORD="[~REDACTED~]" psql --host=localhost --username=postgres --port=5432 --command="CREATE DATABASE dojodb;"
could not change directory to "/home/jwalton/godojo": Permission denied
ERROR:  database "dojodb" already exists

Here's the script I am using. There's not much to it. It is able to connect to the PostgreSQL database, so db_exists=true. A set -x verified the logic and commands.

#!/usr/bin/env bash

if [[ "${EUID}" != 0 ]]; then
    echo "Please run this script as root"
    exit 1
fi

rm -rf godojo logs/* /opt/dojo/

# Test if the database exists and we can login. If so, skip database install and configuration.
if [[ -f dojoConfig.yml ]]; then
    username=$(grep 'DD_DB_Ruser' dojoConfig.yml | awk '{ print $2 }' | sed -e 's/^"//' -e 's/"$//')
    password=$(grep 'DD_DB_Rpass' dojoConfig.yml | awk '{ print $2 }' | sed -e 's/^"//' -e 's/"$//')
    hostname=$(grep 'DD_DB_Host'  dojoConfig.yml | awk '{ print $2 }' | sed -e 's/^"//' -e 's/"$//')
    database=$(grep 'DD_DB_Name'  dojoConfig.yml | awk '{ print $2 }' | sed -e 's/^"//' -e 's/"$//')

    # In case it was stopped...
    systemctl start postgresql.service 2>/dev/null

    echo "Testing connection to database \"${database}\" for user \"${username}\""

    if PGPASSWORD=${password} pg_isready -h "${hostname}" -U "${username}" -d "${database}"; then
        echo "Database is accepting connections. Skipping PostgreSQL install and configuration"
        db_exists="true"
    else
        db_exists="false"
    fi
else
    db_exists="false"
fi

if ! go build -o godojo ./*.go; then
    echo "Failed to build godojo"
    exit 1
fi

if ! systemctl stop postgresql.service; then
    echo "Unable to stop postgresql.service"
    # exit 1
fi

set -x

# Amazing... https://github.com/DefectDojo/godojo/issues/56
hard_password='vee0Thoanae1daePooz0ieka'
rand_password=$(head -c 30 /dev/urandom | base64)
sed -i "s/${hard_password}/${rand_password}/g" dojoConfig.yml

# We don't enable Debug and Test in production
if ! DD_DEBUG=false DD_DB_Exists="${db_exists}" ./godojo; then
    echo "Failed to execute godojo. Check logs/cmd-output-NNNN.log and logs/dojo-install-NNNN.log"
    exit 1
fi

cp -p docs-and-scripts/dojo-start docs-and-scripts/dojo-stop /opt/dojo
chmod ugo+x /opt/dojo/dojo-start /opt/dojo/dojo-stop

if ! systemctl start postgresql.service; then
    echo "Failed to start postgresql.service"
    exit 1
fi

echo "DefectDojo can be started with /opt/dojo/dojo-start"

exit 0
mtesauro commented 2 years ago

I'll look into this - there's way to many environmental variables for DefectDojo and maybe this one was missed.