From 35a02e79f54f296ad84acd20257482e2425d52c9 Mon Sep 17 00:00:00 2001 From: Jonathan Cobb Date: Tue, 8 Dec 2020 11:46:17 -0500 Subject: [PATCH] use su instead of sudo. disable docker compute by default. --- .../roles/bubble/tasks/postgresql_data.yml | 2 +- .../ansible/roles/common/tasks/main.yml | 8 +++--- .../templates/supervisor_bubble.conf.j2 | 2 +- .../templates/supervisor_mitmproxy.conf.j2 | 2 +- .../mitmproxy/files/bubble_conn_check.py | 4 +-- config/activation.json | 27 ++++++++++--------- docs/README.md | 5 ++++ 7 files changed, 28 insertions(+), 22 deletions(-) create mode 100644 docs/README.md diff --git a/bubble-server/src/main/resources/ansible/roles/bubble/tasks/postgresql_data.yml b/bubble-server/src/main/resources/ansible/roles/bubble/tasks/postgresql_data.yml index 164b488a..055b6adc 100644 --- a/bubble-server/src/main/resources/ansible/roles/bubble/tasks/postgresql_data.yml +++ b/bubble-server/src/main/resources/ansible/roles/bubble/tasks/postgresql_data.yml @@ -12,4 +12,4 @@ - "bubble.sql.gz" - name: Populate database - shell: sudo -H -u postgres bash -c "cd && full_reset_db.sh" + shell: su - postgres bash -c "full_reset_db.sh" diff --git a/bubble-server/src/main/resources/ansible/roles/common/tasks/main.yml b/bubble-server/src/main/resources/ansible/roles/common/tasks/main.yml index 4dd4006c..c22a6234 100644 --- a/bubble-server/src/main/resources/ansible/roles/common/tasks/main.yml +++ b/bubble-server/src/main/resources/ansible/roles/common/tasks/main.yml @@ -4,15 +4,15 @@ - name: Set hostname to {{ hostname }} hostname: name: '{{ hostname }}' - when: bubble_set_hostname == 'true' + when: bubble_set_hostname - name: Set system timezone via timedatectl - shell: timedatectl set-timezone {{ time_zone }} - when: bubble_set_timezone_script != 'true' + shell: timedatectl set-timezone {{ time_zone }} || echo "bubble_set_timezone_script was {{ bubble_set_timezone_script }}" >> /tmp/WTF.txt + when: not bubble_set_timezone_script - name: Set system timezone via script shell: bash -c "function set_tz () { TZ=${1:?no timezone} ; ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone ; } ; set_tz {{ time_zone }}" - when: bubble_set_timezone_script == 'true' + when: bubble_set_timezone_script - name: Set log flag to true with EX of 7 days for non-sage nodes shell: echo 'set bubble.StandardSelfNodeService.bubble_server_logs_enabled "true" EX 604800' | redis-cli diff --git a/bubble-server/src/main/resources/ansible/roles/finalizer/templates/supervisor_bubble.conf.j2 b/bubble-server/src/main/resources/ansible/roles/finalizer/templates/supervisor_bubble.conf.j2 index 83bb35a0..0cdb0893 100644 --- a/bubble-server/src/main/resources/ansible/roles/finalizer/templates/supervisor_bubble.conf.j2 +++ b/bubble-server/src/main/resources/ansible/roles/finalizer/templates/supervisor_bubble.conf.j2 @@ -5,7 +5,7 @@ stderr_logfile = /var/log/bubble/api-server-err.log command=bash -c 'chmod 0666 /dev/null && \ rm -rf /var/log/bubble/postgresql/* && \ service postgresql restart && \ - sudo -u bubble bash -c "/usr/bin/java \ + su - bubble bash -c "/usr/bin/java \ -Dfile.encoding=UTF-8 -Djava.net.preferIPv4Stack=true \ -XX:+UseG1GC -XX:MaxGCPauseMillis=400 {{ bubble_java_opts }} \ -cp /home/bubble/api/bubble.jar \ diff --git a/bubble-server/src/main/resources/ansible/roles/mitmproxy/templates/supervisor_mitmproxy.conf.j2 b/bubble-server/src/main/resources/ansible/roles/mitmproxy/templates/supervisor_mitmproxy.conf.j2 index 966a22df..b09719fc 100644 --- a/bubble-server/src/main/resources/ansible/roles/mitmproxy/templates/supervisor_mitmproxy.conf.j2 +++ b/bubble-server/src/main/resources/ansible/roles/mitmproxy/templates/supervisor_mitmproxy.conf.j2 @@ -2,6 +2,6 @@ [program:mitm{{ port }}] stdout_logfile = /var/log/bubble/mitm{{ port }}-out.log stderr_logfile = /var/log/bubble/mitm{{ port }}-err.log -command=sudo -H -u mitmproxy bash -c "/home/mitmproxy/mitmproxy/run_mitm.sh {{ port }}" +command=su - mitmproxy bash -c "/home/mitmproxy/mitmproxy/run_mitm.sh {{ port }}" stopasgroup=true stopsignal=QUIT diff --git a/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_conn_check.py b/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_conn_check.py index 172b2960..ef03361f 100644 --- a/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_conn_check.py +++ b/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_conn_check.py @@ -89,11 +89,11 @@ def show_block_stats(client_addr, fqdns): for fqdn in fqdns: show = REDIS.get(REDIS_KEY_DEVICE_SHOW_BLOCK_STATS+client_addr+':'+fqdn) if show is not None: - return show.decode() == 'true' + return show.decode().lower() == 'true' show = REDIS.get(REDIS_KEY_DEVICE_SHOW_BLOCK_STATS+client_addr) if show is None: return False - return show.decode() == 'true' + return show.decode().lower() == 'true' def conn_check_cache_prefix(client_addr, server_addr): diff --git a/config/activation.json b/config/activation.json index 0f1db8d4..15f52c80 100644 --- a/config/activation.json +++ b/config/activation.json @@ -71,19 +71,20 @@ }, // Docker can be used for testing or for advanced use cases - "DockerCompute": { - "config": {}, - "credentials": { - // these are the default settings, change as needed - "host": "unix:///var/run/docker.sock", - "tlsVerify": "false", // if tlsVerify is "true" then certPath must be set - "certPath": null, - "registryUrl": null, - "registryUsername": null, - "registryEmail": null, - "registryPassword": null - } - }, + // Leave this out if you're not going to use it + // "DockerCompute": { + // "config": {}, + // "credentials": { + // // these are the default settings, change as needed + // "host": "unix:///var/run/docker.sock", + // "tlsVerify": "false", // if tlsVerify is "true" then certPath must be set + // "certPath": null, + // "registryUrl": null, + // "registryUsername": null, + // "registryEmail": null, + // "registryPassword": null + // } + // }, /////////////////////// // Storage diff --git a/docs/README.md b/docs/README.md new file mode 100644 index 00000000..dbf67205 --- /dev/null +++ b/docs/README.md @@ -0,0 +1,5 @@ +Bubble Docs +=========== +The best place to start is on the [Bubble Main Page](../README.md). + +Or maybe you want to check out the [Bubble Website](https://getbubblenow.com/)?