Vulnerability Metadata as a Service
VMaaS is intended to be a microservice that has access to data connecting RPMs, repositories, errata, and CVEs, and can answer the question "What security changes do I have to apply to the following set of RPMs?"
The goal is to have a common set of data, that can be updated from multiple sources, and
accessed from an arbitrary number of web-service instances. To that end, database
contains the docker-definitions for getting the data store up and running, webapp is the
service that uses the data to answer a variety of vulnerability-related questions, and
reposcan is an example of a plugin whose job is to fill the datastore with vulnerability
information.
VMaaS is NOT intended to be an inventory-management system. It doesn't 'remember' system profiles or containers, or manage inventory workflow in any way. An inventory-management system could use VMaaS as one source of 'health' information for the entities being managed.
Build images and start containers
docker-compose up
Stop and remove containers (built images will persist)
docker-compose down
Stop and remove containers and database data volume (built images will persist)
docker-compose down -v
docker-compose build
All at once
docker-compose start
docker-compose stop
Single service
docker-compose start vmaas_database
docker-compose stop vmaas_database
Login to OpenShift cluster and select target project
oc login <openshift URL>
oc project my-project
Deploy latest builds from https://hub.docker.com/u/vmaas/
ansible-playbook openshift-deployment.yml --tags up
Delete deployment completely
ansible-playbook openshift-deployment.yml --tags down
This "Initial Setup" section was put together as I set up on my Fedora 27 system. Your mileage may vary.
sudo dnf install docker docker-compose
For OpenShift deployment install also following tools.
sudo dnf install origin-clients ansible
Start docker.
sudo systemctl start docker
Make sure it's working...
sudo docker run hello-world
If you get output that says "Hello from Docker!" you've successfully installed Docker. Continue the set up...
Start docker at boot.
sudo systemctl enable docker
Add docker group and your user to it. This will allow you to run docker as your user.
sudo groupadd docker
sudo usermod -aG docker $USER
Now, reboot the system to pick up the changes to the docker group. Then log back in and test running docker as your user.
docker run hello-world
Look for "Hello from Docker!" again.
Clone the VMaaS git repo.
git clone https://github.com/RedHatInsights/vmaas.git
Make sure postgresql isn't running locally... we need port 5432 available. If anything is running on port 8080, stop that, too.
sudo systemctl stop postgresql
Build the images and start containers
cd vmaas
docker-compose up
Congratulations!
Build and start your container in "developer mode"
./scripts/devel-compose build --no-cache vmaas_webapp
./scripts/devel-compose up vmaas_webapp
switch inside of the container
./scripts/devel-compose exec vmaas_webapp bash
now your local git directory is mounted under /git in the container so any change
you make you can immediatelly test.
[root@4cb6b50d0cb6 git]# python ./app.py
Note that by default container does NOT run the application (so you can run your own modificationtion) so if you want to run "original" (unmodified) application use
[root@4cb6b50d0cb6 git]# /app/entrypoint.sh