Implement proper storage metrics (P0-009)\n\n- Add dedicated storage_metrics table\n- Create StorageMetricReport models with proper field names\n- Add ReportStorageMetrics to agent client\n- Update storage scanner to use new method\n- Implement server-side handlers and queries\n- Register new routes and update UI\n- Remove legacy Scan() method\n- Follow ETHOS principles: honest naming, clean architecture
This commit is contained in:
Fimeg
@@ -14,7 +14,11 @@ if [ "$EUID" -ne 0 ]; then
|
||||
fi
|
||||
|
||||
AGENT_USER="redflag-agent"
|
||||
AGENT_HOME="/var/lib/redflag-agent"
|
||||
BASE_DIR="/var/lib/redflag"
|
||||
CONFIG_DIR="/etc/redflag"
|
||||
AGENT_CONFIG_DIR="/etc/redflag/agent"
|
||||
LOG_DIR="/var/log/redflag"
|
||||
AGENT_LOG_DIR="/var/log/redflag/agent"
|
||||
SUDOERS_FILE="/etc/sudoers.d/redflag-agent"
|
||||
|
||||
# Function to detect package manager
|
||||
@@ -45,7 +49,7 @@ VERSION="{{.Version}}"
|
||||
LOG_DIR="/var/log/redflag"
|
||||
BACKUP_DIR="${CONFIG_DIR}/backups/backup.$(date +%s)"
|
||||
AGENT_USER="redflag-agent"
|
||||
AGENT_HOME="/var/lib/redflag-agent"
|
||||
AGENT_HOME="{{.AgentHome}}"
|
||||
SUDOERS_FILE="/etc/sudoers.d/redflag-agent"
|
||||
|
||||
echo "=== RedFlag Agent v${VERSION} Installation ==="
|
||||
@@ -99,12 +103,29 @@ else
|
||||
echo "✓ User $AGENT_USER created"
|
||||
fi
|
||||
|
||||
# Create home directory
|
||||
# Create home directory structure
|
||||
if [ ! -d "$AGENT_HOME" ]; then
|
||||
# Create nested directory structure
|
||||
sudo mkdir -p "$BASE_DIR"
|
||||
sudo mkdir -p "$AGENT_HOME"
|
||||
sudo chown "$AGENT_USER:$AGENT_USER" "$AGENT_HOME"
|
||||
sudo mkdir -p "$AGENT_HOME/cache"
|
||||
sudo mkdir -p "$AGENT_HOME/state"
|
||||
sudo mkdir -p "$AGENT_CONFIG_DIR"
|
||||
sudo mkdir -p "$AGENT_LOG_DIR"
|
||||
|
||||
# Set ownership and permissions
|
||||
sudo chown -R "$AGENT_USER:$AGENT_USER" "$BASE_DIR"
|
||||
sudo chmod 750 "$BASE_DIR"
|
||||
sudo chmod 750 "$AGENT_HOME"
|
||||
echo "✓ Home directory created at $AGENT_HOME"
|
||||
sudo chmod 750 "$AGENT_HOME/cache"
|
||||
sudo chmod 750 "$AGENT_HOME/state"
|
||||
sudo chmod 755 "$AGENT_CONFIG_DIR"
|
||||
sudo chmod 755 "$AGENT_LOG_DIR"
|
||||
|
||||
echo "✓ Agent directory structure created:"
|
||||
echo " - Agent home: $AGENT_HOME"
|
||||
echo " - Config: $AGENT_CONFIG_DIR"
|
||||
echo " - Logs: $AGENT_LOG_DIR"
|
||||
fi
|
||||
|
||||
# Step 4: Install sudoers configuration with OS-specific commands
|
||||
@@ -173,10 +194,10 @@ fi
|
||||
|
||||
# Step 4: Create directories
|
||||
echo "Creating directories..."
|
||||
sudo mkdir -p "${CONFIG_DIR}"
|
||||
sudo mkdir -p "${CONFIG_DIR}/backups"
|
||||
sudo mkdir -p "${AGENT_CONFIG_DIR}"
|
||||
sudo mkdir -p "${CONFIG_DIR}/backups" # Legacy backup location
|
||||
sudo mkdir -p "$AGENT_HOME"
|
||||
sudo mkdir -p "/var/log/redflag"
|
||||
sudo mkdir -p "$AGENT_LOG_DIR"
|
||||
|
||||
# Step 5: Download agent binary
|
||||
echo "Downloading agent binary..."
|
||||
@@ -186,14 +207,14 @@ sudo chmod +x "${INSTALL_DIR}/${SERVICE_NAME}"
|
||||
# Step 6: Handle configuration
|
||||
# IMPORTANT: The agent handles its own migration on first start.
|
||||
# We either preserve existing config OR create a minimal template.
|
||||
if [ -f "${CONFIG_DIR}/config.json" ]; then
|
||||
if [ -f "${AGENT_CONFIG_DIR}/config.json" ]; then
|
||||
echo "[CONFIG] Upgrade detected - preserving existing configuration"
|
||||
echo "[CONFIG] Agent will handle migration automatically on first start"
|
||||
echo "[CONFIG] Backup created at: ${BACKUP_DIR}"
|
||||
else
|
||||
echo "[CONFIG] Fresh install - generating minimal configuration with registration token"
|
||||
# Create minimal config template - agent will populate missing fields on first start
|
||||
sudo tee "${CONFIG_DIR}/config.json" > /dev/null <<EOF
|
||||
sudo tee "${AGENT_CONFIG_DIR}/config.json" > /dev/null <<EOF
|
||||
{
|
||||
"version": 5,
|
||||
"agent_version": "${VERSION}",
|
||||
@@ -241,7 +262,7 @@ EOF
|
||||
fi
|
||||
|
||||
# Step 7: Set permissions on config file
|
||||
sudo chmod 600 "${CONFIG_DIR}/config.json"
|
||||
sudo chmod 600 "${AGENT_CONFIG_DIR}/config.json"
|
||||
|
||||
# Step 8: Create systemd service with security hardening
|
||||
echo "Creating systemd service with security configuration..."
|
||||
@@ -266,7 +287,7 @@ RestartPreventExitStatus=255
|
||||
# Note: NoNewPrivileges disabled to allow sudo for package management
|
||||
ProtectSystem=strict
|
||||
ProtectHome=true
|
||||
ReadWritePaths={{.AgentHome}} {{.ConfigDir}} {{.LogDir}}
|
||||
ReadWritePaths={{.AgentHome}} {{.AgentHome}}/cache {{.AgentHome}}/state {{.AgentHome}}/migration_backups {{.AgentConfigDir}} {{.AgentLogDir}}
|
||||
PrivateTmp=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectKernelModules=true
|
||||
@@ -286,13 +307,36 @@ EOF
|
||||
|
||||
# Set proper permissions on directories
|
||||
echo "Setting directory permissions..."
|
||||
sudo chown -R {{.AgentUser}}:{{.AgentUser}} "{{.ConfigDir}}"
|
||||
sudo chown {{.AgentUser}}:{{.AgentUser}} "{{.ConfigDir}}/config.json"
|
||||
sudo chmod 600 "{{.ConfigDir}}/config.json"
|
||||
sudo chown -R {{.AgentUser}}:{{.AgentUser}} "{{.AgentConfigDir}}"
|
||||
sudo chown {{.AgentUser}}:{{.AgentUser}} "{{.AgentConfigDir}}/config.json"
|
||||
sudo chmod 600 "{{.AgentConfigDir}}/config.json"
|
||||
sudo chown -R {{.AgentUser}}:{{.AgentUser}} "{{.AgentHome}}"
|
||||
sudo chmod 750 "{{.AgentHome}}"
|
||||
sudo chown -R {{.AgentUser}}:{{.AgentUser}} "{{.LogDir}}"
|
||||
sudo chmod 750 "{{.LogDir}}"
|
||||
sudo chown -R {{.AgentUser}}:{{.AgentUser}} "{{.AgentLogDir}}"
|
||||
sudo chmod 750 "{{.AgentLogDir}}"
|
||||
|
||||
# Register agent with server (if token provided)
|
||||
if [ -n "{{.RegistrationToken}}" ]; then
|
||||
echo "[INFO] [installer] [register] Registering agent with server..."
|
||||
if sudo -u "{{.AgentUser}}" "${INSTALL_DIR}/${SERVICE_NAME}" --server "{{.ServerURL}}" --token "{{.RegistrationToken}}" --register; then
|
||||
echo "[SUCCESS] [installer] [register] Agent registered successfully"
|
||||
echo "[INFO] [installer] [register] Agent ID assigned, configuration updated"
|
||||
else
|
||||
echo "[ERROR] [installer] [register] Registration failed - check token validity and server connectivity"
|
||||
echo "[WARN] [installer] [register] Agent installed but not registered. Service will not start."
|
||||
echo ""
|
||||
echo "[INFO] [installer] [register] To retry registration manually:"
|
||||
echo "[INFO] [installer] [register] sudo -u {{.AgentUser}} ${INSTALL_DIR}/${SERVICE_NAME} --server {{.ServerURL}} --token YOUR_TOKEN --register"
|
||||
echo "[INFO] [installer] [register] Then start service:"
|
||||
echo "[INFO] [installer] [register] sudo systemctl start ${SERVICE_NAME}"
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo "[INFO] [installer] [register] No registration token provided - skipping registration"
|
||||
echo "[INFO] [installer] [register] Service will start but agent will exit until registered"
|
||||
echo "[INFO] [installer] [register] To register manually:"
|
||||
echo "[INFO] [installer] [register] sudo -u {{.AgentUser}} ${INSTALL_DIR}/${SERVICE_NAME} --server {{.ServerURL}} --token YOUR_TOKEN --register"
|
||||
fi
|
||||
|
||||
# Step 9: Enable and start service
|
||||
echo "Enabling and starting service..."
|
||||
|
||||
Reference in New Issue
Block a user