@@ -26,8 +26,6 @@ like extracting firmware, scanning APKs, or analyzing the extracted firmware. Th
2626that serves the client-side of the FMD application. The client-side is a React application that served by Django and
2727gunicorn. The main database is a MongoDB database that stores the extracted firmware and the analysis results.
2828
29-
30-
3129### Main directories and files
3230Following is a brief overview of the main directories and files in the FirmwareDroid repository (state of 2024-07-08):
3331- ` setup.py ` : A standalone script that installs the necessary environment files and sets up the project.
@@ -48,6 +46,65 @@ Following is a brief overview of the different docker containers used in the Fir
4846- ` backend-work ` : The main webserver that serves the FMD application.
4947- ` extractor-worker ` : A worker container that extracts the firmware and handles files.
5048- ` apk_scanner-worker ` : A worker container that is responsible for APK scanning with various static analysis tools.
51- - ` nginx ` : The reverse proxy that forwards the requests to the backend and the client.
49+ - ` nginx ` : The reverse proxy that forwards the requests to the backend and the client. Used to provide TLS termination.
5250- ` mongo-db-1 ` : The MongoDB database that stores the extracted firmware and the analysis results. Running as a replica
5351set.
52+
53+ By default, the docker containers are started with the ` docker-compose.yml ` file in the root directory of the server.
54+ The docker-compose.yml consumes the ` .env ` file in the root directory of the server to set the environment variables
55+ for the different containers.
56+
57+ ### Environment Variables
58+ The FMD application uses environment variables to configure the different components. The environment variables are
59+ stored in the ` .env ` file in the root directory of the server. Additionally, there exists a ` env ` directory, that
60+ contains the environment files for the different docker containers.
61+
62+ ### RQ Worker Queues
63+ The queues in the RQ worker (see [ RQ] ( https://python-rq.org/ ) ) are used to manage the different tasks and workers.
64+ The following queues are used in the FMD application (state of 2024-07-08):
65+ - ` high-python ` : The high-privilege queue for Python workers that have the access right to mount directories. This queue
66+ is mainly used for the extraction of firmware and should not be used for other tasks.
67+ - ` default-python ` : The default-privilege queue for Python workers that scan APKs and analyze the extracted firmware.
68+
69+ The queues are initialized in the ` settings.py ` file of the Django application. The following snippet shows the
70+ default configuration:
71+ ```
72+ RQ_QUEUES = {
73+ 'high-python': {
74+ 'HOST': REDIS_HOST,
75+ 'PORT': 6379,
76+ 'DB': 0,
77+ 'PASSWORD': REDIS_PASSWORD,
78+ 'DEFAULT_TIMEOUT': 60 * 60 * 24 * 14,
79+ 'DEFAULT_RESULT_TTL': 60 * 60 * 24 * 3,
80+ },
81+ 'default-python': {
82+ 'HOST': REDIS_HOST,
83+ 'PORT': 6379,
84+ 'DB': 0,
85+ 'PASSWORD': REDIS_PASSWORD,
86+ 'DEFAULT_TIMEOUT': 60 * 60 * 24 * 14,
87+ 'DEFAULT_RESULT_TTL': 60 * 60 * 24 * 3,
88+ },
89+ }
90+ ```
91+ Additional queues can be added by extending the ` RQ_QUEUES ` dictionary in the ` settings.py ` file.
92+
93+ Tasks can be enqueued in the different queues by using the ` django_rq ` library. The following snippet shows how to
94+ enqueue a task in a specific queue:
95+ ```
96+ queue_name = 'high-python'
97+ func_to_run = 'path.to.your.function'
98+ queue = django_rq.get_queue(queue_name)
99+ job = queue.enqueue(func_to_run, job_timeout=ONE_WEEK_TIMEOUT)
100+ ```
101+ When workers are listening, they will pick up the tasks from the different queues in a first-in-first-out manner. Every
102+ worker is assigned to a specific queue and will only process tasks from this queue. Workers are spawned by the
103+ ` rqworker ` command and can be scaled up and down depending on the workload. The following snippet shows how to start
104+ a worker for a specific queue within a docker container:
105+ ```
106+ # Snippet from the docker-compose.yml
107+ ...
108+ command: rqworker --logging_level INFO --name extractor-worker-high-1 --url redis://:${REDIS_PASSWORD}@redis:6379/0 high-python
109+ ...
110+ ```
0 commit comments