added a chron job to start the ACA on reboot

This commit is contained in:
iadgovuser26 2023-09-13 16:56:39 -04:00
parent cb4ad4d51a
commit 7f7238f4d2
6 changed files with 54 additions and 25 deletions

View File

@ -16,7 +16,7 @@ RUN dnf -y install java-17-openjdk-devel -y
#RUN tar -xzf apache-tomcat-10.1.1.tar.gz -C /opt/tomcat --strip-components=1
# Install HIRS dependencies
RUN dnf install -y mariadb-server rpmdevtools initscripts firewalld policycoreutils net-tools libtool cmake make git gcc-c++ && yum clean all
RUN dnf install -y mariadb-server rpmdevtools initscripts firewalld policycoreutils net-tools libtool cmake make git gcc-c++ cronie && yum clean all
RUN dnf install -y wget openssl openssl-devel protobuf tpm2-tss-devel tpm2-abrmd libcurl-devel libssh-devel && yum clean all
# Install PACCOR for Device Info Gathering

View File

@ -86,8 +86,11 @@ ospackage {
// Post Install
postInstall 'sh /opt/hirs/aca/scripts/aca/aca_setup.sh -u'
postInstall 'sh /opt/hirs/aca/scripts/aca/aca_bootRun.sh -p /opt/hirs/aca/HIRS_AttestationCAPortal.war'
// Note need to add service or chron job to start on system boot
// add chrontab to run ACA at boot
postInstall 'echo "@reboot sh /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w" >> /etc/crontab'
// run ACA after install
postInstall 'sh /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w'
postInstall 'chmod +x /opt/hirs/aca/scripts/aca/aca_bootRun.sh'
// Uninstall
preUninstall 'sh /opt/hirs/aca/scripts/aca/aca_remove_setup.sh'

View File

@ -13,6 +13,7 @@ ECC_PATH=ecc_512_sha384_certs
SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; )
LOG_FILE=/dev/null
GRADLE_WRAPPER="./gradlew"
DEPLOYED_WAR=false
# Check for sudo or root user
if [ "$EUID" -ne 0 ]
@ -25,7 +26,8 @@ help () {
echo " Syntax: sh aca_setup.sh [-u|h|sb|sp|--skip-db|--skip-pki]"
echo " options:"
echo " -p | --path Path to the HIRS_AttestationCAPortal.war file"
echo " -h | --help Print this Help."
echo " -w | --war Use deployed war file"
echo " -h | --help Print this help"
echo
}
@ -38,8 +40,15 @@ while [[ $# -gt 0 ]]; do
USE_WAR=YES
shift # past argument
WAR_PATH=$@
DEPLOYED_WAR=true
shift # past parameter
;;
-w|--war)
USE_WAR=YES
shift # past argument
WAR_PATH="/opt/hirs/aca/HIRS_AttestationCAPortal.war"
DEPLOYED_WAR=true
;;
-h|--help)
help
exit 0
@ -60,7 +69,6 @@ done
if [ -z "${WAR_PATH}" ]; then
WAR_PATH="HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war"
NOT_USING_RPM=true
fi
set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
@ -87,7 +95,7 @@ if [ ! -d "$CERT_PATH" ]; then
exit 1;
fi
if [ $NOT_USING_RPM = true ]; then
if [ $DEPLOYED_WAR = false ]; then
if [ ! -f "$GRADLE_WRAPPER" ]; then
echo "This script needs to be run from the HIRS top level project directory. Exiting."
exit 1;
@ -123,5 +131,4 @@ if [ -z "$USE_WAR" ]; then
else
echo "Booting the ACA from a $USE_WAR file..."
java -jar $WAR_PATH $CONNECTOR_PARAMS$WEB_TLS_PARAMS &
# Note add check for ACA to get started
fi

View File

@ -43,11 +43,6 @@ if [ "$EUID" -ne 0 ]; then
echo "This script requires root. Please run as root"
exit 1
fi
# Check install setup pki files
if [ ! -d $CERT_PATH ]; then
echo "$CERT_PATH directory does not exist. Please run aca_setup.sh and try again."
exit 1;
fi
# Argument handling
@ -70,6 +65,26 @@ while [[ $# -gt 0 ]]; do
esac
done
# Check if aca setup was performed
# Check is RPM was installed via RPM package
rpm -q --quiet HIRS_AttestationCA
if [ $? -eq 0 ]; then
echo "HIRS ACA was installed via rpm package on this device"
if [[ $(cat /etc/crontab | grep -c hirs/aca) > 0 ]]; then
echo " HIRS ACA is set to start on boot via crontab file"
else
echo " HIRS ACA is NOT set to start on boot via crontab file"
fi
else
echo "HIRS ACA was NOT installed via rpm package on this device"
fi
# Check install setup pki files
if [ ! -d $CERT_PATH ]; then
echo " $CERT_PATH directory does not exist. Exiting..."
echo "Please run aca_setup.sh and try again"
exit 1;
fi
source /etc/hirs/aca/aca.properties;
source $SCRIPT_DIR/../db/start_mysqld.sh
@ -127,16 +142,16 @@ check_mysql_setup () {
}
check_cert () {
TRUST_STORE=$1
CERT=$2
RESULT=$(openssl verify -CAfile "$TRUST_STORE" $CERT)
if [ $? -ne 0 ]; then
ALL_CHECKS_PASSED=false
ALL_CERTS_PASSED=false
fi
if [ ! -z "${ARG_VERBOSE}" ]; then
TRUST_STORE=$1
CERT=$2
RESULT=$(openssl verify -CAfile "$TRUST_STORE" $CERT)
if [ $? -ne 0 ]; then
ALL_CHECKS_PASSED=false
ALL_CERTS_PASSED=false
fi
if [ ! -z "${ARG_VERBOSE}" ]; then
echo " "$RESULT
fi
fi
}
check_pki () {
@ -250,7 +265,7 @@ check_fips () {
echo "Checking FIPS mode on this device..."
echo " "$(sysctl -a | grep crypto.fips_enabled)
}
# Run Checks
check_for_container
check_pwds
check_pki

View File

@ -28,6 +28,10 @@ popd
echo "Removing certificates and config files..."
rm -rf /etc/hirs
# Note add check for ACA running and stop the process if it is
# Remove crontab and current ACA process
echo "Removing the ACA crontab"
sed -i '/aca_bootRun.sh/d' /etc/crontab
echo "Shutting down the aca..."
#pkill -f hirs/aca >/dev/null 2>&1;
ps axf | grep HIRS_AttestationCAPortal.war | grep -v grep | awk '{print "kill " $1}' | sh >/dev/null 2>&1
echo "ACA setup removal complete."

View File

@ -14,7 +14,7 @@ help () {
echo " -u | --unattended Run unattended"
echo " -h | --help Print this Help."
echo " -sp | --skip-pki run the setup without pki setup."
echo " -sb | --skip-db run the setup without databse setup."
echo " -sb | --skip-db run the setup without database setup."
echo
}