| Current File : //opt/imunify360/venv/lib/python3.11/site-packages/defence360agent/migrate.py |
#!/opt/imunify360/venv/bin/python3
"""This module import peewee_migrate and apply migrations, for Imunify-AV
it's entrypoint for service"""
import os
import sys
import signal
import threading
import time
from logging import getLogger
from peewee_migrate import migrator
import defence360agent.internals.logger
from defence360agent.application import app
from defence360agent.application.settings import configure
from defence360agent.contracts.config import Core
from defence360agent.contracts.config import Model
from defence360agent.router import Router
from defence360agent.subsys import systemd_notifier
from defence360agent.model.instance import db
from defence360agent.model import tls_check
from defence360agent.utils import (
write_pid_file,
IM360_RESIDENT_PID_PATH,
cleanup_pid_file,
)
logger = getLogger(__name__)
GO_SERVICE_NAME = "/usr/bin/imunify-resident"
def apply_migrations(migrations_dirs, attached_dbs=tuple()):
"""Apply migrations: restructure db, config files, etc."""
logger.info("Applying database migrations...")
systemd_notifier.notify(systemd_notifier.AgentState.MIGRATING)
# prepare database to operate in WAL journal_mode and run migrations
tls_check.reset()
db.init(Model.PATH)
for db_path, schema_name in attached_dbs:
db.execute_sql(f"ATTACH '{db_path}' AS {schema_name}")
try:
with db.atomic("EXCLUSIVE"):
router = Router(
db,
migrations_dirs=migrations_dirs,
logger=logger,
)
# HACK: Migrator uses global unconfigurable LOGGER,
# overrride it, to use our logging settings
migrator.LOGGER = logger
router.run()
finally:
# close connection immediately since later this process
# will be replaced by execv
db.close()
# required in case package manager or user sends signals while migrations are still running
def signal_handler(sig, _):
logger.warning("Received signal %s in signal_handler", sig)
logger.warning(
"waiting %d seconds so that migrations can finish",
Core.SIGNAL_HANDLER_MIGRATION_TIMEOUT_SECS,
)
time.sleep(Core.SIGNAL_HANDLER_MIGRATION_TIMEOUT_SECS)
logger.info("Exiting")
sys.exit(0)
def run(*, start_pkg="defence360agent", configure=configure):
"""Entry point for Imunify-AV service. Apply migrations,
and then replace process with {start_pkg}.run module."""
for sig in (signal.SIGINT, signal.SIGTERM, signal.SIGHUP):
signal.signal(sig, signal_handler)
try:
if start_pkg == "im360.run_resident":
write_pid_file(IM360_RESIDENT_PID_PATH)
os.umask(Core.FILE_UMASK)
configure()
defence360agent.internals.logger.reconfigure()
migration_thread = threading.Thread(
target=apply_migrations,
args=(app.MIGRATIONS_DIRS, app.MIGRATIONS_ATTACHED_DBS),
)
migration_thread.start()
migration_thread.join()
systemd_notifier.notify(systemd_notifier.AgentState.READY)
logger.info("Starting main process...")
systemd_notifier.notify(systemd_notifier.AgentState.STARTING)
if start_pkg == "im360.run_resident":
Core.GO_FLAG_FILE.touch(exist_ok=True)
logger.info("Run imunify-resident service")
os.execv(
GO_SERVICE_NAME,
[
GO_SERVICE_NAME,
]
+ sys.argv[1:],
)
else:
os.execv(
sys.executable,
[sys.executable, "-m", "{}".format(start_pkg)] + sys.argv[1:],
)
except Exception:
if start_pkg == "im360.run_resident":
cleanup_pid_file(IM360_RESIDENT_PID_PATH)
if __name__ == "__main__":
run()