godojo
godojo copied to clipboard
Published
20 hours ago •
DefectDojo
DefectDojo
Installer does not honor DD_DB_Exists
It appears the installer does not honor DD_DB_Exists. According to the notes in dojoConfig.yml:
...
# Each line represents a value used by the installer in this format:
# [name]: [default] # [ENV] - [Description]
# where
# [name] is the name of the configuration item
# [default] is the default value for the configuration item
# [ENV] is the environmental variable used to override the config item at run time
# [Description] is a description of that the config item's purpose
...
DB:
Engine: "PostgreSQL" # DD_DB_Engine - Database engine to use ...
Local: true # DD_DB_Local - Boolean for when DB is on the same host/server/vm (local)
Exists: false # DD_DB_Exists - Boolean for when DB for DefectDojo already exists so no install needed
I set DD_DB_Exists=true as an envar to skip the database stuff, but the installer still tries to install PostgreSQL and configure the dojodb database (and fails):
Starting PostgreSQL database for DefectDojo...(-*--------)
##############################################################################
ERROR: 2022/09/01 00:41:31 - Failed to run OS command /usr/bin/postgresql-setup --initdb, error was: exit status 1
##############################################################################
Starting Database complete
==============================================================================
Preparing the database needed for DefectDojo
==============================================================================
Checking connectivity to PostgreSQL
Validating DB connection settings
##############################################################################
ERROR: Unable to create a new PostgreSQL database for DefectDojo
##############################################################################
When I look at the cmd-output log file:
...
[godojo] # PGPASSWORD="[~REDACTED~]" pg_isready --host=localhost --username=postgres --port=5432
localhost:5432 - accepting connections
[godojo] # sudo -u postgres PGPASSWORD="[~REDACTED~]" psql --host=localhost --username=postgres --port=5432 --command="\l"
could not change directory to "/home/jwalton/godojo": Permission denied
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+-------------+-------------+------------------------
dojodb | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres +
| | | | | postgres=CTc/postgres +
| | | | | dojodbusr=CTc/postgres
postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
(4 rows)
[godojo] # sudo -u postgres PGPASSWORD="[~REDACTED~]" psql --host=localhost --username=postgres --port=5432 --command="CREATE DATABASE dojodb;"
could not change directory to "/home/jwalton/godojo": Permission denied
ERROR: database "dojodb" already exists
Here's the script I am using. There's not much to it. It is able to connect to the PostgreSQL database, so db_exists=true. A set -x verified the logic and commands.
#!/usr/bin/env bash
if [[ "${EUID}" != 0 ]]; then
echo "Please run this script as root"
exit 1
fi
rm -rf godojo logs/* /opt/dojo/
# Test if the database exists and we can login. If so, skip database install and configuration.
if [[ -f dojoConfig.yml ]]; then
username=$(grep 'DD_DB_Ruser' dojoConfig.yml | awk '{ print $2 }' | sed -e 's/^"//' -e 's/"$//')
password=$(grep 'DD_DB_Rpass' dojoConfig.yml | awk '{ print $2 }' | sed -e 's/^"//' -e 's/"$//')
hostname=$(grep 'DD_DB_Host' dojoConfig.yml | awk '{ print $2 }' | sed -e 's/^"//' -e 's/"$//')
database=$(grep 'DD_DB_Name' dojoConfig.yml | awk '{ print $2 }' | sed -e 's/^"//' -e 's/"$//')
# In case it was stopped...
systemctl start postgresql.service 2>/dev/null
echo "Testing connection to database \"${database}\" for user \"${username}\""
if PGPASSWORD=${password} pg_isready -h "${hostname}" -U "${username}" -d "${database}"; then
echo "Database is accepting connections. Skipping PostgreSQL install and configuration"
db_exists="true"
else
db_exists="false"
fi
else
db_exists="false"
fi
if ! go build -o godojo ./*.go; then
echo "Failed to build godojo"
exit 1
fi
if ! systemctl stop postgresql.service; then
echo "Unable to stop postgresql.service"
# exit 1
fi
set -x
# Amazing... https://github.com/DefectDojo/godojo/issues/56
hard_password='vee0Thoanae1daePooz0ieka'
rand_password=$(head -c 30 /dev/urandom | base64)
sed -i "s/${hard_password}/${rand_password}/g" dojoConfig.yml
# We don't enable Debug and Test in production
if ! DD_DEBUG=false DD_DB_Exists="${db_exists}" ./godojo; then
echo "Failed to execute godojo. Check logs/cmd-output-NNNN.log and logs/dojo-install-NNNN.log"
exit 1
fi
cp -p docs-and-scripts/dojo-start docs-and-scripts/dojo-stop /opt/dojo
chmod ugo+x /opt/dojo/dojo-start /opt/dojo/dojo-stop
if ! systemctl start postgresql.service; then
echo "Failed to start postgresql.service"
exit 1
fi
echo "DefectDojo can be started with /opt/dojo/dojo-start"
exit 0
I'll look into this - there's way to many environmental variables for DefectDojo and maybe this one was missed.
