-
Notifications
You must be signed in to change notification settings - Fork 46
Expand file tree
/
Copy pathlinux-engine-install.sh
More file actions
135 lines (116 loc) · 4.97 KB
/
linux-engine-install.sh
File metadata and controls
135 lines (116 loc) · 4.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/bin/bash
############################################
#Author: Justin Ruth #
#Version: 1.1 #
# #
####################TODOS###################
## - Add in error handling #
#### - cxurl isn't up #
#### - unzip fails #
#### - docker fails #
## - Add engine registration API calls in #
## - Add scan API calls in #
############################################
############################################
# #
# Configuration section #
# #
############################################
##CxVersion: 9.3.RC1 #######################
############################################
CxEndpointIP=
NineThreeUrl=https://download.checkmarx.com/9.3.0/CxSAST.930.Release.Setup_9.3.0.860.zip
NineThreeZipPassword=
# server.env settings to set the server.env file appropriately
# most of this should be default, just update the CxEndpoint to your CxURL and password from your manager SEE README
EnviornmentFile=server.env
EngineRunScript=run.sh
ESmessageQueueUser=cxuser
ESmessageQueuePassword=
ESmessageQueueUrl=tcp://${CxEndpointIP}:61616
ESaccessControlUrl=http://${CxEndpointIP}/CxRestAPI/auth
ESendPoint=${CxEndpointIP}:8080
ESengineTLS=false
EsengineCertification=certificate_subject_name
EngineUnzipLocation=./cxsast-linux-engine-server/
#Usage
usage () {
echo "Place holder for usage instructions...\n\n"
}
#Check to make sure CxManager is accessible
CxManager_check () {
echo "making a curl request to http://${CxEndpointIP}..."
if [[ $(curl --silent -I http://${CxEndpointIP} | grep -E "^HTTP" | awk -F " " '{print $2}') == 200 ]];
then
echo "CxManager found..."
else
echo "curl request to CxManager failed, script halting...."
echo "Please check the following to make sure Cxmanager is running at"
echo ${server}
exit
fi
}
#Engine download section will grab 9.3 installer and rip out the windows parts
engine_download () {
# Can refactor this once angent is decoupled from 9.3 installer
# Currently we need to download 9.3, unzip with password to access engine.
echo "now downloaded 9.3 agent from " ${NineThreeUrl}
wget -O 93.zip ${NineThreeUrl}
echo "now unziping agent"
# unhardcode the unzip location and clean this up (password, overwrite, install dir).
unzip -P ${NineThreeZipPassword} -o 93.zip -d ./93Install
echo "seperating linux engine from rest of windows blah blah..."
mv ./93Install/CxSAST.930.Release.Setup_9.3.0.860/cxsast-linux-engine-server/cxsast-engine-server-docker-image/ ${EngineUnzipLocation}
rm -rf ./93Install
}
#engine configuration section for server.env
engine_configuration () {
echo "Engine is downloaded and seperated from windows blah blah..."
echo "Now configuraing engine enviornments correctly"
echo "backing up server.env as server.old"
cp ${EngineUnzipLocation}${EnviornmentFile} ${EngineUnzipLocation}server.old
rm ${EngineUnzipLocation}${EnviornmentFile}
echo "rewriting server.env to "${EngineUnzipLocation}${EnviornmentFile}
echo "" > ${EngineUnzipLocation}${EnviornmentFile}
echo "CX_ES_MESSAGE_QUEUE_USERNAME="${ESmessageQueueUser} >> ${EngineUnzipLocation}${EnviornmentFile}
echo "CX_ES_MESSAGE_QUEUE_PASSWORD="${ESmessageQueuePassword} >> ${EngineUnzipLocation}${EnviornmentFile}
echo "CX_ES_MESSAGE_QUEUE_URL="${ESmessageQueueUrl} >> ${EngineUnzipLocation}${EnviornmentFile}
echo "CX_ES_ACCESS_CONTROL_URL="${ESaccessControlUrl} >> ${EngineUnzipLocation}${EnviornmentFile}
echo "CX_ES_END_POINT="${ESendPoint} >> ${EnviornmentFile}
echo "CX_ENGINE_TLS_ENABLE="${ESengineTLS} >> ${EngineUnzipLocation}${EnviornmentFile}
echo "CX_ENGINE_CERTIFICATE_SUBJECT_NAME="${EsengineCertification} >> ${EngineUnzipLocation}${EnviornmentFile}
echo "server.env rewritten..."
echo ""
echo ""
echo "These are the configurations we are using for the container..."
cat ${EngineUnzipLocation}${EnviornmentFile}
echo ""
echo ""
echo ""
}
#Starting the engine linux
engine_run_wrapper () {
echo "Now stoping and starting docker and running run.sh from engine download."
service docker stop
service docker start
#${EngineUnzipLocation}${EngineRunScript}
#FROM RUN.SH
CX_SERVER_TAR=${EngineUnzipLocation}cx-engine-server.tar
CX_SERVER_ENV=${EngineUnzipLocation}server.env
echo loading checkmarx engine server image
docker load < $CX_SERVER_TAR
echo deploying checkmarx engine server container
docker run --env-file ${EngineUnzipLocation}${EnviornmentFile} -d -p 0.0.0.0:8088:8088 cx-engine-server
echo "Engine now running on container ID ->> "$(docker ps -qf ancestor=cx-engine-server)
echo "Setting docker logs to console output..."
docker logs -f $(docker ps -qf ancestor=cx-engine-server)
}
main () {
echo "Main run goes here"
CxManager_check
usage
engine_download
engine_configuration
engine_run_wrapper
}
main