From a5ddc703d8219eae319c1c6f52be782478fdc201 Mon Sep 17 00:00:00 2001 From: Michal Cichra Date: Mon, 23 Oct 2017 17:03:26 +0200 Subject: [PATCH 01/11] move Roverfile to apicast directory because only apicast directory is uploaded to s2i image --- .circleci/config.yml | 4 ++-- Makefile | 2 +- Roverfile | 13 ------------- apicast/Roverfile | 15 +++++++++++++++ Roverfile.lock => apicast/Roverfile.lock | 2 +- 5 files changed, 19 insertions(+), 17 deletions(-) delete mode 100644 Roverfile create mode 100644 apicast/Roverfile rename Roverfile.lock => apicast/Roverfile.lock (93%) diff --git a/.circleci/config.yml b/.circleci/config.yml index 7582efe41..72b3755ff 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -48,12 +48,12 @@ jobs: - run: rm -rf lua_modules - restore_cache: keys: - - apicast-rocks-{{ arch }}-{{ checksum "Roverfile.lock" }} + - apicast-rocks-{{ arch }}-{{ checksum "apicast/Roverfile.lock" }} - apicast-rocks-{{ arch }}-{{ .Branch }} - apicast-rocks-{{ arch }}-master - run: make dependencies - save_cache: - key: apicast-rocks-{{ arch }}-{{ checksum "Roverfile.lock" }} + key: apicast-rocks-{{ arch }}-{{ checksum "apicast/Roverfile.lock" }} paths: - lua_modules - run: mkdir -p tmp/junit diff --git a/Makefile b/Makefile index 717af0489..0e3359d5d 100644 --- a/Makefile +++ b/Makefile @@ -130,7 +130,7 @@ rover: $(ROVER) @echo $(ROVER) dependencies: $(ROVER) - $(ROVER) install + $(ROVER) install --roverfile=apicast/Roverfile lua_modules/bin/rover: @luarocks install --server=http://luarocks.org/dev lua-rover --tree lua_modules 1>&2 diff --git a/Roverfile b/Roverfile deleted file mode 100644 index 56b3e578c..000000000 --- a/Roverfile +++ /dev/null @@ -1,13 +0,0 @@ -luarocks { - - rockspec 'apicast/apicast-0.1-0.rockspec', - - group 'testing' { - module { 'busted' }, - }, - - group 'development' { - rockspec 'rockspec', - } -} - diff --git a/apicast/Roverfile b/apicast/Roverfile new file mode 100644 index 000000000..ff06d73d3 --- /dev/null +++ b/apicast/Roverfile @@ -0,0 +1,15 @@ +luarocks { + + rockspec 'apicast-0.1-0.rockspec', + + group 'testing' { + module { 'busted' }, + }, + + group 'development' { + module {'ldoc'}, + module {'lua-resty-repl'}, + module {'lua-resty-iputils', '0.3.0'}, + } +} + diff --git a/Roverfile.lock b/apicast/Roverfile.lock similarity index 93% rename from Roverfile.lock rename to apicast/Roverfile.lock index 1003e1a28..e85290c4b 100644 --- a/Roverfile.lock +++ b/apicast/Roverfile.lock @@ -2,7 +2,7 @@ busted 2.0.rc12-1 dkjson 2.5-2 inspect 3.1.0-1 ldoc 1.4.6-2 -lua-resty-env 0.3.0-1 +lua-resty-env 0.4.0-1 lua-resty-http 0.10-0 lua-resty-iputils 0.3.0-1 lua-resty-jwt 0.1.10-1 From ee6565da751043db2efa944dda07c5387040e50d Mon Sep 17 00:00:00 2001 From: Michal Cichra Date: Mon, 23 Oct 2017 17:04:09 +0200 Subject: [PATCH 02/11] [circle] use rover s2i image --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 72b3755ff..bf6935880 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -7,7 +7,7 @@ jobs: environment: S2I_VERSION: "1.1.7-226afa1" DOCKER_COMPOSE_VERSION: "1.16.1" - OPENRESTY_VERSION: "1.11.2.5-1" + OPENRESTY_VERSION: "1.11.2.5-1-rover" steps: - run: apk update && apk add wget make bash curl py-pip git openssh-client - run: | @@ -37,7 +37,7 @@ jobs: - run: make prove-docker build: docker: - - image: quay.io/3scale/s2i-openresty-centos7:1.11.2.5-2 + - image: quay.io/3scale/s2i-openresty-centos7:1.11.2.5-1-rover environment: TEST_NGINX_BINARY: openresty LUA_BIN_PATH: /opt/app-root/bin From 629d23688a27416429ad63ad1ef026920eaa0ca9 Mon Sep 17 00:00:00 2001 From: Michal Cichra Date: Mon, 23 Oct 2017 17:05:45 +0200 Subject: [PATCH 03/11] properly install rover via makefile workaround for https://github.com/luarocks/luarocks/issues/740 --- Makefile | 3 +-- apicast/config-5.1.lua | 5 +++++ 2 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 apicast/config-5.1.lua diff --git a/Makefile b/Makefile index 0e3359d5d..a12c9bfef 100644 --- a/Makefile +++ b/Makefile @@ -25,7 +25,6 @@ ROVER ?= $(shell which rover 2> /dev/null) ifeq ($(ROVER),) ROVER := lua_modules/bin/rover endif -export LUAROCKS_CONFIG=luarocks.config export COMPOSE_PROJECT_NAME @@ -133,7 +132,7 @@ dependencies: $(ROVER) $(ROVER) install --roverfile=apicast/Roverfile lua_modules/bin/rover: - @luarocks install --server=http://luarocks.org/dev lua-rover --tree lua_modules 1>&2 + @LUAROCKS_CONFIG=apicast/config-5.1.lua luarocks install --server=http://luarocks.org/dev lua-rover --tree lua_modules 1>&2 clean-containers: apicast-source $(DOCKER_COMPOSE) down --volumes diff --git a/apicast/config-5.1.lua b/apicast/config-5.1.lua new file mode 100644 index 000000000..209105e2b --- /dev/null +++ b/apicast/config-5.1.lua @@ -0,0 +1,5 @@ +-- vim: set ft=lua: +-- workaround for https://github.com/luarocks/luarocks/issues/740 +rocks_trees = { + { name = 'rover', root = [[lua_modules]] }, +} From c3c46f1e49079546b0fe0b99a2eb94c0b1675d48 Mon Sep 17 00:00:00 2001 From: Michal Cichra Date: Mon, 23 Oct 2017 17:07:06 +0200 Subject: [PATCH 04/11] fix loading custom config with full path --- apicast/src/proxy.lua | 12 +++++++++++- t/004-custom-config.t | 6 ++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/apicast/src/proxy.lua b/apicast/src/proxy.lua index b03dbab0a..3274900bc 100644 --- a/apicast/src/proxy.lua +++ b/apicast/src/proxy.lua @@ -480,8 +480,18 @@ end if custom_config then local path = package.path local module = gsub(custom_config, '%.lua$', '') -- strip .lua from end of the file - package.path = package.path .. ';' .. ngx.config.prefix() .. '?.lua;' + package.path = package.path .. ';' .. './?.lua;' local ok, c = pcall(function() return require(module) end) + + if not ok then + local chunk, _ = loadfile(custom_config) + + if chunk then + ok = true + c = chunk() + end + end + package.path = path if ok then diff --git a/t/004-custom-config.t b/t/004-custom-config.t index 59d58f6e8..44915d8ad 100644 --- a/t/004-custom-config.t +++ b/t/004-custom-config.t @@ -1,13 +1,15 @@ use lib 't'; use TestAPIcast 'no_plan'; +$ENV{APICAST_CUSTOM_CONFIG} = "$Test::Nginx::Util::HtmlDir/custom.lua"; + +env_to_nginx('APICAST_CUSTOM_CONFIG'); + run_tests(); __DATA__ === TEST 1: loading custom config file works ---- main_config - env APICAST_CUSTOM_CONFIG=html/custom.lua; --- http_config lua_package_path "$TEST_NGINX_LUA_PATH"; --- config From dfab63b94b5aee464fea80abc1d9beb57fdce33f Mon Sep 17 00:00:00 2001 From: Michal Cichra Date: Mon, 23 Oct 2017 17:09:00 +0200 Subject: [PATCH 05/11] ability to run apicast without nginx prefix --- Makefile | 8 +++++--- apicast/bin/apicast | 7 ++++--- apicast/conf/nginx.conf | 2 +- apicast/src/configuration_loader.lua | 6 ++++-- t/014-resolver.t | 4 +++- 5 files changed, 17 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index a12c9bfef..9fdfac338 100644 --- a/Makefile +++ b/Makefile @@ -90,9 +90,9 @@ test-builder-image: export IMAGE_NAME = apicast-test test-builder-image: builder-image clean-containers ## Smoke test the builder image. Pass any docker image in IMAGE_NAME parameter. $(DOCKER_COMPOSE) --version @echo -e $(SEPARATOR) - $(DOCKER_COMPOSE) run --rm --user 100001 gateway openresty -p /opt/app -t + $(DOCKER_COMPOSE) run --rm --user 100001 gateway openresty -c /opt/app-root/src/conf/nginx.conf -g 'error_log stderr info; pid /tmp/nginx.pid;' -t @echo -e $(SEPARATOR) - $(DOCKER_COMPOSE) run --rm --user 100001 gateway openresty -p /opt/app + $(DOCKER_COMPOSE) run --rm --user 100001 gateway openresty -c /opt/app-root/src/conf/nginx.conf -g 'error_log stderr info; pid /tmp/nginx.pid;' @echo -e $(SEPARATOR) $(DOCKER_COMPOSE) run --rm test bash -c 'for i in {1..5}; do curl --fail http://gateway:8090/status/live && break || sleep 1; done' $(DOCKER_COMPOSE) logs gateway @@ -105,7 +105,9 @@ test-builder-image: builder-image clean-containers ## Smoke test the builder ima @echo -e $(SEPARATOR) $(DOCKER_COMPOSE) run --rm test curl --fail -X POST http://gateway:8090/boot @echo -e $(SEPARATOR) - $(DOCKER_COMPOSE) run --rm -e THREESCALE_PORTAL_ENDPOINT=https://echo-api.3scale.net gateway /opt/app/libexec/boot | grep 'APIcast/' + $(DOCKER_COMPOSE) run --rm -e THREESCALE_PORTAL_ENDPOINT=https://echo-api.3scale.net gateway libexec/boot | grep 'APIcast/' + @echo -e $(SEPARATOR) + $(DOCKER_COMPOSE) run --rm gateway bin/apicast -c http://echo-api.3scale.net -d -b gateway-logs: export IMAGE_NAME = does-not-matter gateway-logs: diff --git a/apicast/bin/apicast b/apicast/bin/apicast index 191835d79..f454e49bd 100755 --- a/apicast/bin/apicast +++ b/apicast/bin/apicast @@ -43,8 +43,6 @@ done log="log_level_${log_level}" log_level="${!log}" -mkdir -p "${apicast_dir}/logs" - daemon=off worker_processes=${APICAST_WORKERS:-1} @@ -125,5 +123,8 @@ main+=$(printenv | awk '$1 ~ /^(APICAST|THREESCALE)_/ {split($0,env,"="); print function join_by { local IFS="$1"; shift; echo "$*"; } args=$(join_by '' "${args[@]}") main=$(join_by '' "${main[@]}") + +cd "${apicast_dir}" + # shellcheck disable=SC2086 -exec "${openresty_binary}" -p "${apicast_dir}" -c conf/nginx.conf ${args} -g "${main} error_log ${log_file} ${log_levels[log_level]};" +exec "${openresty_binary}" -c "${apicast_dir}/conf/nginx.conf" ${args} -g "${main} error_log ${log_file} ${log_levels[log_level]};" diff --git a/apicast/conf/nginx.conf b/apicast/conf/nginx.conf index 9bd765aac..59174bcef 100644 --- a/apicast/conf/nginx.conf +++ b/apicast/conf/nginx.conf @@ -26,7 +26,7 @@ http { log_format time '[$time_local] $host:$server_port $remote_addr:$remote_port "$request" $status $body_bytes_sent ($request_time) $post_action_impact'; access_log off; - lua_package_path ";;${prefix}?.lua;${prefix}src/?.lua"; + lua_package_path ";;./?.lua;./src/?.lua"; # Enabling the Lua code cache is strongly encouraged for production use # Disabling it should only be done for testing and development purposes diff --git a/apicast/src/configuration_loader.lua b/apicast/src/configuration_loader.lua index ff529f911..3d024da79 100644 --- a/apicast/src/configuration_loader.lua +++ b/apicast/src/configuration_loader.lua @@ -11,6 +11,7 @@ local synchronization = require('resty.synchronization').new(1) local error = error local len = string.len +local format = string.format local assert = assert local pcall = pcall local tonumber = tonumber @@ -89,8 +90,9 @@ end -- Cosocket API is not available in the init_by_lua* context (see more here: https://github.com/openresty/lua-nginx-module#cosockets-not-available-everywhere) -- For this reason a new process needs to be started to download the configuration through 3scale API function _M.run_external_command(cmd, cwd) - cwd = cwd or env.get('TEST_NGINX_APICAST_PATH') or ngx.config.prefix() - local config, err, code = util.system("cd '" .. cwd .."' && libexec/"..(cmd or "boot")) + local config, err, code = util.system(format('cd %s && libexec/%s', + cwd or env.get('TEST_NGINX_APICAST_PATH') or '.', + cmd or 'boot')) -- Try to read the file in current working directory before changing to the prefix. if err then config = file_loader.call() end diff --git a/t/014-resolver.t b/t/014-resolver.t index a30ed869e..4b1ff99ce 100644 --- a/t/014-resolver.t +++ b/t/014-resolver.t @@ -4,6 +4,8 @@ use TestAPIcast 'no_plan'; $ENV{TEST_NGINX_HTTP_CONFIG} = "$TestAPIcast::path/http.d/*.conf"; $ENV{RESOLVER} = '127.0.1.1:5353'; +$ENV{TEST_NGINX_RESOLV_CONF} = "$Test::Nginx::Util::HtmlDir/resolv.conf"; + env_to_nginx( 'RESOLVER' ); @@ -18,7 +20,7 @@ both RESOLVER env variable and resolvers in resolv.conf should be used --- http_config lua_package_path "$TEST_NGINX_LUA_PATH"; init_by_lua_block { - require('resty.resolver').init(ngx.config.prefix() .. 'html/resolv.conf') + require('resty.resolver').init('$TEST_NGINX_RESOLV_CONF') } --- config location = /t { From 9b443cd7d8cc203a4eaf7ef3e77d71daa3fc8e04 Mon Sep 17 00:00:00 2001 From: Michal Cichra Date: Mon, 23 Oct 2017 17:09:34 +0200 Subject: [PATCH 06/11] respect SSL_CERT_FILE --- apicast/.s2i/environment | 1 + apicast/.s2iignore | 2 +- apicast/libexec/run | 4 +++- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/apicast/.s2i/environment b/apicast/.s2i/environment index abbb9981e..5a6250a77 100644 --- a/apicast/.s2i/environment +++ b/apicast/.s2i/environment @@ -1 +1,2 @@ OPENSSL_VERIFY=false +SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt diff --git a/apicast/.s2iignore b/apicast/.s2iignore index 43cbc75e1..d8d87b542 100644 --- a/apicast/.s2iignore +++ b/apicast/.s2iignore @@ -1,3 +1,3 @@ -.s2i +.s2i/bin conf/ca-bundle.crt apicast.d/proxy_ssl.conf diff --git a/apicast/libexec/run b/apicast/libexec/run index 3618d79c9..779bb8a13 100755 --- a/apicast/libexec/run +++ b/apicast/libexec/run @@ -2,7 +2,9 @@ ssl=$(mktemp -q) +certificate=${SSL_CERT_FILE:-"$(pwd)/conf/ca-bundle.crt"} + echo "lua_ssl_verify_depth 5;" >> "${ssl}" -echo "lua_ssl_trusted_certificate \"$(pwd)/conf/ca-bundle.crt\";" >> "${ssl}" +echo "lua_ssl_trusted_certificate \"${certificate}\";" >> "${ssl}" exec resty --http-include "${ssl}" "libexec/$(basename "$0").lua" "$@" From c91036fede4b0674311c1a2722a86b1cb940cb1c Mon Sep 17 00:00:00 2001 From: Michal Cichra Date: Mon, 23 Oct 2017 17:09:53 +0200 Subject: [PATCH 07/11] s2i should ignore cached lua modules --- apicast/.s2iignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apicast/.s2iignore b/apicast/.s2iignore index d8d87b542..965d36211 100644 --- a/apicast/.s2iignore +++ b/apicast/.s2iignore @@ -1,3 +1,5 @@ .s2i/bin conf/ca-bundle.crt apicast.d/proxy_ssl.conf +lua_modules +.cache From 5b5e74e149de810e7b0cb0f8f6f182edf542b22b Mon Sep 17 00:00:00 2001 From: Michal Cichra Date: Mon, 23 Oct 2017 18:04:05 +0200 Subject: [PATCH 08/11] [t] fix prove-docker with new paths --- Makefile | 6 +++--- docker-compose.yml | 5 ++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 9fdfac338..1c798c007 100644 --- a/Makefile +++ b/Makefile @@ -36,14 +36,14 @@ test: ## Run all tests apicast-source: export IMAGE_NAME ?= apicast-test apicast-source: ## Create Docker Volume container with APIcast source code - docker rm -v -f $(COMPOSE_PROJECT_NAME)-source - docker create --rm -v /opt/app --name $(COMPOSE_PROJECT_NAME)-source $(IMAGE_NAME) /bin/true - docker cp . $(COMPOSE_PROJECT_NAME)-source:/opt/app + docker create --rm -v /opt/app-root/src --name $(COMPOSE_PROJECT_NAME)-source $(IMAGE_NAME) /bin/true + docker cp . $(COMPOSE_PROJECT_NAME)-source:/opt/app-root/src danger: apicast-source danger: TEMPFILE := $(shell mktemp) danger: env | grep -E 'CIRCLE|TRAVIS|DANGER|SEAL' > $(TEMPFILE) - docker run --rm -w /opt/app/ --volumes-from=$(COMPOSE_PROJECT_NAME)-source --env-file=$(TEMPFILE) -u $(shell id -u) $(DANGER_IMAGE) danger + docker run --rm -w /opt/app-root/src --volumes-from=$(COMPOSE_PROJECT_NAME)-source --env-file=$(TEMPFILE) -u $(shell id -u) $(DANGER_IMAGE) danger busted: dependencies $(ROVER) ## Test Lua. @$(ROVER) exec bin/busted diff --git a/docker-compose.yml b/docker-compose.yml index 1189c6324..a699713bb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,7 +13,7 @@ services: - "8080:8080" - "8090:8090" volumes: - - .:/opt/app + - .:/opt/app-root/src env_file: .env environment: TEST_NGINX_BINARY: openresty @@ -36,9 +36,8 @@ services: entrypoint: "bash -ec" environment: TEST_NGINX_BINARY: openresty - TEST_NGINX_APICAST_PATH: /opt/app TEST_NGINX_REDIS_HOST: redis - command: "'$$TEST_NGINX_BINARY -V; prove; exit $$?'" + command: "'$$TEST_NGINX_BINARY -V; cd ; prove; exit $$?'" dns_search: - example.com depends_on: From f39a5018e048dc464e3def1feff29e1706c0e1e2 Mon Sep 17 00:00:00 2001 From: Michal Cichra Date: Mon, 23 Oct 2017 18:12:32 +0200 Subject: [PATCH 09/11] [changelog] updated s2i-openresty * new rover integration https://github.com/3scale/s2i-openresty/pull/38 * builder and runtime images have the same path `/opt/app-root/src` * apicast can start without a prefix, using default openresty prefix --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 028c9b195..636c60027 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/). - Increased number of background timers and connections in the cosocket pool [PR #290](https://github.com/3scale/apicast/pull/290) - Make OAuth tokens TTL configurable [PR #448](https://github.com/3scale/apicast/pull/448) - Detect when being executed in Test::Nginx and use default backend accordingly [PR #458](https://github.com/3scale/apicast/pull/458) +- Update the s2i-openresty image to have the same path (`/opt/app-root/src`) in all images [PR #460](https://github.com/3scale/apicast/pull/460) ### Fixed From 220e3e10156d4dad5846ce55ea962bdf90d483cb Mon Sep 17 00:00:00 2001 From: Michal Cichra Date: Wed, 25 Oct 2017 13:31:48 +0200 Subject: [PATCH 10/11] [make] pull latest danger image --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 1c798c007..a56b69a3f 100644 --- a/Makefile +++ b/Makefile @@ -43,6 +43,7 @@ danger: apicast-source danger: TEMPFILE := $(shell mktemp) danger: env | grep -E 'CIRCLE|TRAVIS|DANGER|SEAL' > $(TEMPFILE) + docker pull $(DANGER_IMAGE) docker run --rm -w /opt/app-root/src --volumes-from=$(COMPOSE_PROJECT_NAME)-source --env-file=$(TEMPFILE) -u $(shell id -u) $(DANGER_IMAGE) danger busted: dependencies $(ROVER) ## Test Lua. From 336270bfcbb928f56656fb63fbc2bc257ab008b1 Mon Sep 17 00:00:00 2001 From: Michal Cichra Date: Wed, 25 Oct 2017 15:57:15 +0200 Subject: [PATCH 11/11] drop danger integration because it broke --- .travis.yml | 4 ++-- Makefile | 8 -------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/.travis.yml b/.travis.yml index 13de66dfd..ae8ca0c1d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -33,5 +33,5 @@ before_install: - travis/install-s2i.sh - export PATH="${PATH}:${HOME}/openresty/bin:${HOME}/openresty/luajit/bin:${HOME}/openresty/nginx/sbin:${HOME}/bin:${HOME}/.luarocks/bin" script: -- make builder-image danger -- make test-doc \ No newline at end of file +- make builder-image +- make test-doc diff --git a/Makefile b/Makefile index a56b69a3f..f699f5c28 100644 --- a/Makefile +++ b/Makefile @@ -28,8 +28,6 @@ endif export COMPOSE_PROJECT_NAME -DANGER_IMAGE ?= quay.io/3scale/danger - test: ## Run all tests $(MAKE) --keep-going busted prove builder-image test-builder-image prove-docker runtime-image test-runtime-image @@ -39,12 +37,6 @@ apicast-source: ## Create Docker Volume container with APIcast source code docker create --rm -v /opt/app-root/src --name $(COMPOSE_PROJECT_NAME)-source $(IMAGE_NAME) /bin/true docker cp . $(COMPOSE_PROJECT_NAME)-source:/opt/app-root/src -danger: apicast-source -danger: TEMPFILE := $(shell mktemp) -danger: - env | grep -E 'CIRCLE|TRAVIS|DANGER|SEAL' > $(TEMPFILE) - docker pull $(DANGER_IMAGE) - docker run --rm -w /opt/app-root/src --volumes-from=$(COMPOSE_PROJECT_NAME)-source --env-file=$(TEMPFILE) -u $(shell id -u) $(DANGER_IMAGE) danger busted: dependencies $(ROVER) ## Test Lua. @$(ROVER) exec bin/busted