logo

한국어
#!/bin/bash
###########################################################
#
# Application Defender On-Premises Installation
# (root로 실행)
#
# 이 스크립트는 CentOS 7 x86_64에서 테스트 되었음.
#
# by 이존석(hasu0707@gmail.com)
#
###########################################################
CURRENT_DIR=/root/package
APPDEFENDER_IP=10.10.10.40
VERTICA_DB1_IP=10.10.10.41
INSTALL_DIR=/opt/appdefender
KEY_PASSPHRASE=<mypassphrase>

VERTICA_DB=db_appdefender
VERTICA_PW=<verticapw>
VERTICA_USER=dbadmin

POSTGRES_DB=db_appdefender
POSTGRES_PW=<postgrespw>
POSTGRES_USER=postgres

# MAIL_TO가 최초 로그인 계정이 되며, Forget password로 이메일을 통해 초기 암호를 발급 받아야 한다.
SMTP_SERVER=10.10.10.1
MAIL_FROM=user@gmail.com
MAIL_TO=user@gmail.com


PROPERTIES_FILE=${CURRENT_DIR}/HPE_Security_AppDefender_17.10/appdefender.properties

ulimit -n 65535
###########################################################
#
# docker 설치
#
###########################################################
do_install_docker_compose() {
  yum install -y yum-utils device-mapper-persistent-data lvm2
  yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
  yum-config-manager --enable docker-ce-edge
  yum-config-manager --enable docker-ce-test
  yum install -y docker-ce
  yum-config-manager --disable docker-ce-test
  yum-config-manager --disable docker-ce-edge
  curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
  chmod 755 /usr/local/bin/docker-compose
  yum list docker-ce --showduplicates | sort -r
  systemctl daemon-reload
  systemctl enable docker
  systemctl start docker
  echo "" >> /etc/rc.d/rc.local
  echo "ulimit -n 65535" >> /etc/rc.d/rc.local
}

###########################################################
#
# 필요한 패키지 설치
#
###########################################################
do_install_yum_pkg() {
  yum -y install sendmail
  yum -y install ntp
  systemctl daemon-reload
  systemctl disable sendmail
  systemctl enable ntpd
  systemctl start ntpd
  systemctl start sendmail
}

###########################################################
#
# Appdefender docker 이미지 풀기
#
###########################################################
do_unzip_docker_images() {
  mkdir -p ${INSTALL_DIR}/docker_images
  unzip appdefender_docker_images.zip -d ${INSTALL_DIR}/docker_images
}

###########################################################
#
# docker 실행 스크립트 재구성
# load.sh → docker_load.sh
#
###########################################################
do_make_docker_load_script() {
  export SED_PATH_STRING=$(echo ${INSTALL_DIR} | sed 's_/_\\/_g')
  echo '#!/bin/bash' > ${INSTALL_DIR}/docker_images/docker_load.sh
  cat ${INSTALL_DIR}/docker_images/load.sh >> ${INSTALL_DIR}/docker_images/docker_load.sh
  sed -i "s/\r//g" ${INSTALL_DIR}/docker_images/docker_load.sh
  chmod 755 ${INSTALL_DIR}/docker_images/docker_load.sh
  sed -i "s/ \./ ${SED_PATH_STRING}\/docker_images/g" ${INSTALL_DIR}/docker_images/docker_load.sh
}

###########################################################
#
# 스크립트 파일 복사
#
###########################################################
do_copy_script() {
  cp -f ./scripts/run_appdefender.sh ${INSTALL_DIR}/
  chmod 755 ${INSTALL_DIR}/*.sh
}

###########################################################
#
# 인증서 생성
#
###########################################################
do_generate_cert() {
  rm -rf ${INSTALL_DIR}/CertGeneration
  tar -C ${INSTALL_DIR} -xzf ./HPE_Security_AppDefender_17.10/CertGeneration.tar.gz
  clear
  cd ${INSTALL_DIR}/CertGeneration && ./server-root-self-signed.sh
  clear
  cd ${INSTALL_DIR}/CertGeneration && ./build-stores.sh
  cd ${CURRENT_DIR}

  # If you want to use certificates from third party CA then copy server certificate, server private key, Intermediate ROOT certificate and Third party ROOT certificate to output directory:
  # Enter 1 for self-signed cert or 2 for third-party CA - Default Self signed  1 <엔터키 입력>
  # Creating output directory if it doesn't exist
  # Enter passphrase that you want to set for Java keystore (atleast 6 characters) and press [ENTER]: <비밀번호 입력>
}

###########################################################
#
# 라이선스 파일 복사
#
###########################################################
do_copy_licenses() {
  cd ${CURRENT_DIR}
  cp -Rf licenses ${INSTALL_DIR}
}

###########################################################
#
# appdefender.properties
#
###########################################################
do_make_properties() {
  if [ ! -e ${PROPERTIES_FILE}.orig ]; then
    cp -f ${PROPERTIES_FILE} ${PROPERTIES_FILE}.orig
  fi
  echo "deploy: single" > ${PROPERTIES_FILE}
  echo "lb_host:${APPDEFENDER_IP}" >> ${PROPERTIES_FILE}
  echo "apps_host:[['1','${APPDEFENDER_IP}','appplications']]" >> ${PROPERTIES_FILE}
  echo "infrastructure_host:[['1','${APPDEFENDER_IP}','infrastructure']]" >> ${PROPERTIES_FILE}
  echo "apps_host_mac_address:F4:03:43:57:E8:30" >> ${PROPERTIES_FILE}
  echo "appdefender_registry:appdefender" >> ${PROPERTIES_FILE}
  echo "defender_logs:${INSTALL_DIR}/logs" >> ${PROPERTIES_FILE}
  echo "defender_data:${INSTALL_DIR}/data" >> ${PROPERTIES_FILE}
  echo "initial_user_email:${MAIL_TO}" >> ${PROPERTIES_FILE}
  echo "initial_user_first_name:HPE Fortify" >> ${PROPERTIES_FILE}
  echo "initial_user_last_name:Application Defender" >> ${PROPERTIES_FILE}
  echo "initial_tenant_domain:esvali.com" >> ${PROPERTIES_FILE}
  echo "initial_tenant_name:eSecuVali_Corp" >> ${PROPERTIES_FILE}
  echo "mail_from:${MAIL_FROM}" >> ${PROPERTIES_FILE}
  echo "mail_host:${SMTP_SERVER}" >> ${PROPERTIES_FILE}
  echo "mail_port:25" >> ${PROPERTIES_FILE}
  echo "mail_username:" >> ${PROPERTIES_FILE}
  echo "mail_password:" >> ${PROPERTIES_FILE}
  echo "postgres_ip:${APPDEFENDER_IP}" >> ${PROPERTIES_FILE}
  echo "postgres_dbname:${POSTGRES_DB}" >> ${PROPERTIES_FILE}
  echo "postgres_user:${POSTGRES_USER}" >> ${PROPERTIES_FILE}
  echo "postgres_password:${POSTGRES_PW}" >> ${PROPERTIES_FILE}
  echo "vertica_ip:${VERTICA_DB1_IP}" >> ${PROPERTIES_FILE}
  echo "vertica_dbname:${VERTICA_DB}" >> ${PROPERTIES_FILE}
  echo "vertica_user:${VERTICA_USER}" >> ${PROPERTIES_FILE}
  echo "vertica_password:${VERTICA_PW}" >> ${PROPERTIES_FILE}
  echo "keystore_path:${INSTALL_DIR}/CertGeneration/keystore.jks" >> ${PROPERTIES_FILE}
  echo "keystore_password:${KEY_PASSPHRASE}" >> ${PROPERTIES_FILE}
  echo "truststore_path:${INSTALL_DIR}/CertGeneration/truststore.jks" >> ${PROPERTIES_FILE}
  echo "truststore_password:${KEY_PASSPHRASE}" >> ${PROPERTIES_FILE}
  echo "itemstore_path:${INSTALL_DIR}/CertGeneration/itemstore.jks" >> ${PROPERTIES_FILE}
  echo "itemstore_password:${KEY_PASSPHRASE}" >> ${PROPERTIES_FILE}
  echo "license_file_dir:${INSTALL_DIR}/licenses" >> ${PROPERTIES_FILE}
  echo "haproxy_config_location:" >> ${PROPERTIES_FILE}
  echo "docker_folder:" >> ${PROPERTIES_FILE}
  echo "version:17.1" >> ${PROPERTIES_FILE}
  echo "syslog:disable" >> ${PROPERTIES_FILE}
}

###########################################################
#
# 초기화
#
###########################################################
reset_data() {
  docker stop $(docker ps -a -q)
  docker rm $(docker ps -a -q)
  rm -rf ${INSTALL_DIR}/data/*
}

###########################################################
#
# 설정파일 생성
#
###########################################################
do_generate_yaml() {
  mkdir -p ${INSTALL_DIR}/yaml
  cd ${CURRENT_DIR}
  cp -f ./HPE_Security_AppDefender_17.10/generate-compose-yaml.py ${INSTALL_DIR}/yaml
  rm -rf ./HPE_Security_AppDefender_17.10/appdefender
  rm -rf ${INSTALL_DIR}/yaml/appdefender
  cd ${INSTALL_DIR}/yaml
  python generate-compose-yaml.py ${PROPERTIES_FILE}
  mkdir -p ${INSTALL_DIR}
}

###########################################################
#
# AppDefender docker 이미지 로드 (기존 이미지 모두 제거)
#
###########################################################
load_docker_images() {
  docker stop $(docker ps -a -q)
  docker rm $(docker ps -a -q)
  docker rmi $(docker images -q)

  docker load -i ${INSTALL_DIR}/docker_images/appdefender_backend-jobs_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_cassandra_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_command-channel_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_consul_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_db-migrations_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_edge_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_haproxy_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_kafka_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_postgres_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_registrator_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_rsyslog_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_storm-nimbus_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_storm-supervisor_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_topologies_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_ui-customer_17.1.tar
  docker load -i ${INSTALL_DIR}/docker_images/appdefender_zookeeper_17.1.tar
}

###########################################################
#
# AppDefender Docker image up
# (실행 후
#  select * from all_tables where table_type='TABLE';
#  쿼리를 사용하여 Vertica 테이블 생성 확인)
#
###########################################################
docker_compose_up() {
  cd ${INSTALL_DIR}/yaml/appdefender
  /usr/local/bin/docker-compose -f postgres.yml up -d
  /usr/local/bin/docker-compose -f infrastructures.yml up -d db_migrations
  docker logs -f db_migrations
  /usr/local/bin/docker-compose -f applications.yml up -d ui_customer
  /usr/local/bin/docker-compose -f infrastructures.yml up -d
  /usr/local/bin/docker-compose -f applications.yml up -d
  docker logs -f appdefender_ui_customer_1
  docker ps
  docker ps | wc -l
}

###########################################################
#
# docker image 초기화
#
###########################################################
reset_docker_images() {
  docker stop $(docker ps -a -q)
  docker rm $(docker ps -a -q)
  docker rmi $(docker images -q)
}

###########################################################
#
# 함수 실행
#
###########################################################
do_install_docker_compose
do_install_yum_pkg
do_unzip_docker_images
do_copy_script
do_generate_cert
do_copy_licenses
do_make_properties
do_generate_yaml
reset_data
load_docker_images
docker_compose_up