Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running as a service (version 5.0.2 #1086

Open
hasninbl opened this issue Apr 14, 2024 · 2 comments
Open

Running as a service (version 5.0.2 #1086

hasninbl opened this issue Apr 14, 2024 · 2 comments

Comments

@hasninbl
Copy link

I Install the new version 5.0.2, but when I notice the fail to start the service.

root@lab-virtual-machine:/opt/cve/cve-search/_etc/systemd/system# systemctl start cvesearch.db_init.service
Failed to start cvesearch.db_init.service: Unit cvesearch.db_init.service not found.
root@lab-virtual-machine:/opt/cve/cve-search/_etc/systemd/system#
@oh2fih
Copy link
Contributor

oh2fih commented Apr 14, 2024
edited

The units in _etc/systemd/system are SystemD service examples. You should revise they fit to your needs & environment.

  • You already using the path in WorkingDirectory=/opt/cve/cve-search.

  • The example units also assume you have user cve.

  • Because the path /opt/cve/cve-search is used a a working directory, the user may also need to be a owner with write access to the path for, e.g., saving the log files.

    Personally, I use a different approach with a dynamic user that doesn't even exist in /etc/passwd, e.g.,

    [Service]
User=cvesearch
DynamicUser=yes
StateDirectory=cvesearch
Environment=HOME=/var/lib/cvesearch
SyslogIdentifier=cvesearch.db_updater
LogsDirectory=cve-search

After revising the units you can activate them by copying them to /etc/systemd/system/, and you probably also need to add your NVD NIST API KEY (get it using NIST's Request an API Key form) in your environment for all the units that needs it, e.g.,

sudo cp /opt/cve/cve-search/_etc/systemd/system/* /etc/systemd/system/
sudo mkdir /etc/systemd/system/cvesearch.db_init.service.d
sudo mkdir /etc/systemd/system/cvesearch.db_repopulate.service.d
sudo mkdir /etc/systemd/system/cvesearch.db_updater.service.d
echo -e "[Service]\nEnvironment=NVD_NIST_API_KEY=add-your-own-api-key" \
  | sudo tee /etc/systemd/system/cvesearch.db_init.service.d/APIKEY.conf \
  | sudo tee /etc/systemd/system/cvesearch.db_repopulate.service.d/APIKEY.conf \
  | sudo tee /etc/systemd/system/cvesearch.db_updater.service.d/APIKEY.conf
sudo systemctl daemon-reload

Finally, you need to notice that systemctl start cvesearch.db_init.service won't work because the unit has RefuseManualStart=true. As documented in the Populating the database section, there is the .target unit:

These could be also run as a SystemD service. Example units are under _etc/systemd/system/: cvesearch.db_init.service & cvesearch.db_init.target.

sudo systemctl start --no-block cvesearch.db_init.target

The purpose of this .target unit is to handle service dependencies. It stops the cvesearch.web.service because during database initialization (and repopulation) the data is in indefinable state and the API would give false results. Again, the SystemD units should be revised, because on a Production Installation with UWSGI app it might be the UWSGI that should be stopped, instead.

It is likely that the documentation is incomplete as it assumes some general knowledge on administering Linux servers. Any feedback on the documentation is welcome, so that it can be improved to help more users.

@oh2fih
Copy link
Contributor

oh2fih commented Apr 14, 2024
edited

✅ I have once again tested the cvesearch.db_init.target with CVE-Search 5.0.2 & CveXplore 0.3.29.

Testing environment:

  • Ubuntu 22.04 LTS.
  • An empty MongoDB cvedb.
  • The following dependencies come as stable versions from the Ubuntu repositories: 
     python3-aiohttp,
 python3-aioretry,
 python3-alembic,
 python3-aniso8601,
 python3-ansicolors,
 python3-attr,
 python3-bs4,
 python3-click-completion,
 python3-click,
 python3-dateutil,
 python3-dicttoxml,
 python3-dominate,
 python3-dotenv,
 python3-flask-login,
 python3-flask-socketio,
 python3-flask,
 python3-flaskext.wtf,
 python3-gevent-websocket,
 python3-gevent,
 python3-gunicorn,
 python3-ijson,
 python3-itsdangerous,
 python3-jinja2,
 python3-jsonpickle,
 python3-jsonschema,
 python3-markupsafe,
 python3-nltk,
 python3-oauthlib,
 python3-pandas,
 python3-pygelf,
 python3-pymongo,
 python3-pyrsistent,
 python3-redis,
 python3-requests,
 python3-six,
 python3-sqlalchemy,
 python3-tqdm,
 python3-tz,
 python3-urllib3,
 python3-werkzeug,
 python3-whoosh,
 python3-wtforms,
 python3
  • And the rest fresh from pip: 
    tqdm==4.66.1
ansicolors==1.1.8
pygelf>=0.4.2
aioretry>=5.0.2
https://github.com/marianoguerra/feedformatter/archive/master.zip
Flask-restx==1.1.0
Flask-Breadcrumbs==0.5.1
Flask-Bootstrap4==4.0.2
Flask-JWT-Extended==4.3.1
Flask-plugins==1.6.1
requirements-parser==0.5.0
nested-lookup==0.2.25
Flask-Menu==0.7.2
visitor==0.1.3 # Required-by: Flask-Bootstrap4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@oh2fih @hasninbl