feat: Add comprehensive start script to simplify setup and update processes. Closes #752#756
Conversation
…ntelowlproject#752) This commit implements a comprehensive bash script that streamlines the GreedyBear setup, deployment, and update processes. Key Features: - Automated environment setup (env_file, env_file_postgres, .env) - Dependency checks for Docker and Docker Compose - Smart Docker Compose orchestration with multiple override files - Deployment modes: prod, dev, test - One-command operations: init, up, down, update, logs, ps, etc. - Silent mode (-s flag) for non-interactive installations - Support for deployment flags: --https, --elastic, --stag, --use-version - Automatic Django secret generation - Color-coded logging for better UX - Comprehensive help documentation Benefits: - Reduces setup from ~10 manual steps to 1-2 commands - Simplifies updates with a single command - Provides clear feedback and error messages - Makes deployment more accessible and less error-prone - Supports automated deployments (e.g., Ansible) Updated README.md with quick start guide and common command examples. Co-authored-by: IntelOwl team <intelowl@honeynet.org>
Questions for MaintainersHey! @regulartim @mlodic Before finalizing this PR, I have a few questions: 1.Re-running
|
|
Hey @opbot-xd ! Looks great so far. 👍
I think you should ask if they should be regenerated and override them in silent mode. Do you think that's sensible?
Don't they have to align anyways? If the local files are on version 1.6.0 for example and you start the docker image 3.0.0, that might break things. So I would guess the safest think to do is to rely on both.
That's a great question, unfortunately I don't have an answer for that. It would be fine for me to rely on manual testing. If we have some kind of automated testing - great! If that means that we have to maintain a complicated testing framework, then I don't know if that's worth it.
Yes, the more the better. Packet managers don't change much over time. So if we support a specific distro, after an initial test, it's should not be much work to maintain that support. In the best case we would match the distros supported by T-Pot: Alma, Debian, Fedora Server, OpenSUSE, Rocky, Ubuntu.
All the features you listed are nice to have in my opinion. So if you like them and think they provide value to users and/or developers, feel free to implement them! :) |
|
Also, the name of the script ("start") does not really reflect what it does. Can you think of a better name? I have some suggestions but I am open for your ideas: |
… multi-distro support - Add env file regeneration with backup in interactive mode - Override env files in silent mode for automation - Implement git tag checkout for version management (aligns code + Docker images) - Add Docker installation support for Alma, Fedora, Rocky, OpenSUSE (matching T-Pot) - Improve user experience with better prompts and feedback
- Avoid conflict with existing greedybear/ Django app directory - Follow kubectl/systemctl naming convention - Update all documentation and help text to use gb-ctl
- Cleaner name matching kubectl/systemctl convention - Easier to type without hyphen
New commands: - backup: Create timestamped PostgreSQL backups with gzip compression - restore: Restore from backup with confirmation prompt - health: Check all services status with visual indicators - clean: Complete removal of all data and containers (with safety confirmation) Enhances operational capabilities for production deployments.
|
Script Naming: Quick Start: ./gbctl init --prod && ./gbctl up --prodAlso implemented:
|
Minimal Installation Support?Hi @regulartim Suggested approach: Create a lightweight curl -sSL https://raw.githubusercontent.com/honeynet/GreedyBear/main/bootstrap.sh | bashThis bootstrap script would:
Would this be valuable? |
There was a problem hiding this comment.
Pull request overview
Adds a new gbctl bash script intended to simplify GreedyBear setup/management and documents the new workflow in the README (closing #752).
Changes:
- Introduces
gbctlwith commands for init/up/down/logs/update/backup/restore/health/clean plus env/feature flags. - Adds automated environment file creation from templates and basic dependency checks.
- Updates
README.mdwith a “Quick Start” and commongbctlcommand examples.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 18 comments.
| File | Description |
|---|---|
gbctl |
New management script implementing setup, orchestration, and operational commands via Docker Compose. |
README.md |
Documents the new gbctl workflow and common commands for setup and operations. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 14 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@regulartim finally the PR is ready to review. |
|
Hey @opbot-xd ! I'm really excited to test this, but it might take a while. Will get back to you next week. |
Yes, I think it would! |
mlodic
left a comment
There was a problem hiding this comment.
it is well done but at the same time maybe a little overkill...also we have no tests about this so we need that you can please try the most complex commands and show us that they work at least.
We will need to do some manual tests too as maintainers to feel how much this is helpful or not in practice.
README.md
Outdated
| To install it locally, Please refer to our [installation guide](https://intelowlproject.github.io/docs/GreedyBear/Installation/) | ||
| ### Quick Start | ||
|
|
||
| GreedyBear now includes an automated setup script that simplifies installation and management: |
There was a problem hiding this comment.
the readme must be kept simple and short. please revert this and create a PR for the docs repo instead
There was a problem hiding this comment.
Sure! would revert back the changes in README.md
gbctl
Outdated
| if [ -f docker/env_file ]; then | ||
| if [ "$SILENT_MODE" = true ]; then | ||
| # Always create backup even in silent mode to protect user configs | ||
| local backup_name="docker/env_file.backup.$(date +%Y%m%d_%H%M%S)" |
There was a problem hiding this comment.
these files should be added to gitignore
There was a problem hiding this comment.
Great point! Even I noticed some untracked files were created during the testing of the script but forgot them to add to .gitignore
gbctl
Outdated
| if [ -f docker/env_file_postgres ]; then | ||
| if [ "$SILENT_MODE" = true ]; then | ||
| # Always create backup even in silent mode to protect user configs | ||
| local backup_name="docker/env_file_postgres.backup.$(date +%Y%m%d_%H%M%S)" |
gbctl
Outdated
| fi | ||
|
|
||
| # Generate Django secret if needed | ||
| if grep -q "^DJANGO_SECRET=$" docker/env_file 2>/dev/null || grep -q "^DJANGO_SECRET=\"\"$" docker/env_file 2>/dev/null; then |
There was a problem hiding this comment.
django secret is not necessary imho.
let django itself handle this automatically
There was a problem hiding this comment.
You're right, thanks for pointing this out! I'll remove the Django secret generation - Django handles this automatically. Will update the script.
gbctl
Outdated
| if [ "$ENABLE_HTTPS" = true ]; then | ||
| log_info "Access GreedyBear at: https://localhost" | ||
| else | ||
| log_info "Access GreedyBear at: http://localhost" |
There was a problem hiding this comment.
if nginx has been configured differently, this would be wrong. I am from the phone now and I cant check further but I think we can have a better solution
There was a problem hiding this comment.
Hi @mlodic Good point! The URL could be incorrect if nginx is configured with a custom domain/port. A few options:
- Remove the URL message entirely - users know where they deployed
- Make it generic:
"GreedyBear services started successfully"without assuming the URL - Read from config - parse the actual host from
docker/env_fileor nginx config (more complex)
I'd lean toward option 2 - just remove the URL assumption. Let me know what you prefer and I'll update it! Thanks.
|
|
||
| local backup_dir="backups" | ||
| local timestamp=$(date +%Y%m%d_%H%M%S) | ||
| local backup_file="${backup_dir}/greedybear_backup_${timestamp}" |
There was a problem hiding this comment.
backup
dir should be gitgignored
There was a problem hiding this comment.
Yes would update the .gitignore to fix this and other files also.
gbctl
Outdated
| shift | ||
| ;; | ||
| --use-version) | ||
| # Deprecated: --version now implicitly enables version override |
There was a problem hiding this comment.
I dont get where this code the AI got from? :P this script is new, it does not make sense to have deprecated commands
There was a problem hiding this comment.
Actually this was a suggestion given to me by Copilot PR review system and on reading the description I found it right so just clicked on commit suggestion. I did not notice the comments it added. Apologizes from my side, would be careful in implementing the suggestions next time.
gbctl
Outdated
| exit 1 | ||
| fi | ||
| # Deprecated: PROJECT_NAME is fixed to the default to avoid conflicts | ||
| log_warning "--project-name is deprecated and has no effect (container names are hardcoded)" |
There was a problem hiding this comment.
Would be careful next time.
|
Totally fair points! I agree the script grew larger than initially planned as I added features from the feedback. Here's what I've verified works: # Basic flow
./gbctl init --prod ✓ Creates env files, prompts for regeneration
./gbctl init --prod --silent ✓ Auto-backups and regenerates without prompts
./gbctl up --dev ✓ Starts with [local.override.yml](http://_vscodecontentref_/0) (hot reload)
./gbctl health ✓ Shows service status with visual indicators
./gbctl ps / logs ✓ Passes through to docker compose
# Version management
./gbctl up --prod --version v1.2.0 ✓ Sets REACT_APP_INTELOWL_VERSION, includes version.override.ymlwould test more commands as well. |
|
could you also provide some screenshots as a reference here? If the code is well written and organized, imho it doesnt matter the size of the file, this is a standalone script so it is fine |
Add dummy first_name and last_name values to create-admin command in silent mode to satisfy required fields of custom user model.
Actually it was due to custom user model requirements! I missed that both
This satisfies all the I've tested it locally and verified it works! |
Remove deletion of backups directory from cmd_clean to prevent accidental data loss.
Thanks for the feedback! I agree these changes will significantly improve the CLI's usability. Here is my plan to address each point:
Does this approach sound good to you? |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 2 changed files in this pull request and generated 5 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Yeah, sounds good! :) I think after that we can merge and create separate issues if something else comes up. |
This commit implements the agreed refactor: - Configuration is now persisted in .gbctl.conf by 'init' and loaded by other commands. - 'logs app' command tails internal Django logs. - Version mismatch check warns if git branch doesn't match deployment mode. - 'up' command is now idempotent and configuration-driven.
|
I have implemented the changes as planned!
|
Export REACT_APP_INTELOWL_VERSION whenever a specific version is requested, regardless of ENV_MODE, to ensure correct image tags in all modes.
Escape ampersand in ELASTIC_ENDPOINT to correctly handle URL parameters during sed replacement.
Wrap docker exec in if-condition to properly handle failures with set -e, and remove duplicate comment.
Set restricted permissions (0700) for backup directory and (0600) for backup files to prevent unauthorized access on shared systems.
Support GB_ADMIN_USERNAME, GB_ADMIN_PASSWORD, and GB_ADMIN_EMAIL for secure silent admin creation.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 2 changed files in this pull request and generated 6 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Prevent exposure of admin credentials in process list by exporting them first and passing by name to docker exec.
Always export REACT_APP_INTELOWL_VERSION when USE_VERSION is true to prevent empty variable errors in docker-compose, even for 'latest'.
Replace insecure source command with safe key-value parsing for .gbctl.conf to prevent arbitrary code execution.
… allowing the script to continue execution with limited functionality.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 2 changed files in this pull request and generated 6 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
If you think your PR is ready to get a final review, please click the "re-request review" on the top right, next to my profile picture. |
regulartim
left a comment
There was a problem hiding this comment.
Hey @opbot-xd ! I really appreciate your work. I think this script is extremely valuable for the project. Thanks a lot!
I will test this in detail, but that will take some time. I do think however that this PR has good enough quality to be merged into develop. So will merge it and collect potential problems in a separate issue.
Description
This PR implements a comprehensive bash script that dramatically simplifies the GreedyBear setup, deployment, and update processes, addressing all requirements from issue #752.
Related issues
Closes #752
Key Features Implemented
1. Automated Setup Script (
./start)env_file,env_file_postgres, and.envfrom templates2. Deployment Modes
--prod): Standard production deployment with pre-built images--dev): Hot-reload enabled with local code mounting--test): Testing environment configuration3. Feature Flags
--https: Enable HTTPS with custom certificates--elastic: Enable Elasticsearch (with 16GB RAM requirement check)--stag: Staging environment configuration--use-version: Version-specific deployment--project-name: Custom project naming--version: Specify version to install4. Comprehensive Commands
init: Initialize environment files and configurationup/start: Start all servicesdown: Stop and remove servicesstop: Stop services without removingrestart: Restart serviceslogs: View service logs (supports follow mode)ps: List running servicesupdate: One-command update to latest versionbuild: Build custom Docker imagespull: Pull latest images5. Silent Mode (
-s/--silent)6. User Experience Enhancements
--help)Examples
Quick Start
git clone https://github.com/intelowlproject/GreedyBear.git cd GreedyBear ./start init --prod ./start up --prodDevelopment
Updates
Silent Installation (Ansible-ready)
Documentation Updates
Inspired By
This implementation is inspired by the IntelOwl project's
startscript, adapted specifically for GreedyBear's architecture and requirements.Type of change
Checklist
develop.Ruff) gave 0 errors. If you have correctly installed pre-commit, it does these checks and adjustments on your behalf.