Skip to content

Commit

Permalink
fixed metrics (#127)
Browse files Browse the repository at this point in the history 
* fixed metrics got feedback from internal stakeholders and adjusted accordingly. Also tidied scripts

Co-authored-by: o.omahony <[email protected]>
  • Loading branch information
@oliveromahony
oliveromahony and o.omahony authored Dec 5, 2022
1 parent 317b21a commit 3c536cb
Show file tree
Hide file tree
Showing 10 changed files with 29 additions and 25 deletions.
28 changes: 16 additions & 12 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,26 +172,26 @@ test-install: ## Run agent install test
# Cert Generation #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
certs: ## Generate TLS certificates
scripts/mtls/gen_cnf.sh ca --cn '${CERT_CLIENT_CA_CN}' --state Cork --locality Cork --org NGINX --country IE --out ${CERTS_DIR}/client/conf
scripts/mtls/gen_cert.sh ca --config ${CERTS_DIR}/client/conf/ca.cnf --out ${CERTS_DIR}/client
scripts/tls/gen_cnf.sh ca --cn '${CERT_CLIENT_CA_CN}' --state Cork --locality Cork --org NGINX --country IE --out ${CERTS_DIR}/client/conf
scripts/tls/gen_cert.sh ca --config ${CERTS_DIR}/client/conf/ca.cnf --out ${CERTS_DIR}/client

scripts/mtls/gen_cnf.sh intermediate --cn '${CERT_CLIENT_INT_CN}' --org NGINX --locality Cork --out ${CERTS_DIR}/client/conf
scripts/mtls/gen_cert.sh intermediate --config ${CERTS_DIR}/client/conf/int.cnf --ca-cert ${CERTS_DIR}/client/ca.crt --ca-key ${CERTS_DIR}/client/ca.key --out ${CERTS_DIR}/client
scripts/tls/gen_cnf.sh intermediate --cn '${CERT_CLIENT_INT_CN}' --org NGINX --locality Cork --out ${CERTS_DIR}/client/conf
scripts/tls/gen_cert.sh intermediate --config ${CERTS_DIR}/client/conf/int.cnf --ca-cert ${CERTS_DIR}/client/ca.crt --ca-key ${CERTS_DIR}/client/ca.key --out ${CERTS_DIR}/client

scripts/mtls/gen_cnf.sh end-entity --cn '${CERT_CLIENT_EE_CN}' --san 'DNS.1=${CERT_CLIENT_DNS}' --out ${CERTS_DIR}/client/conf
scripts/mtls/gen_cert.sh end-entity --config ${CERTS_DIR}/client/conf/ee.cnf --ca-cert ${CERTS_DIR}/client/int.crt --ca-key ${CERTS_DIR}/client/int.key --out ${CERTS_DIR}/client
scripts/tls/gen_cnf.sh end-entity --cn '${CERT_CLIENT_EE_CN}' --san 'DNS.1=${CERT_CLIENT_DNS}' --out ${CERTS_DIR}/client/conf
scripts/tls/gen_cert.sh end-entity --config ${CERTS_DIR}/client/conf/ee.cnf --ca-cert ${CERTS_DIR}/client/int.crt --ca-key ${CERTS_DIR}/client/int.key --out ${CERTS_DIR}/client

cp ${CERTS_DIR}/client/ee.crt ${CERTS_DIR}/client.crt
cp ${CERTS_DIR}/client/ee.key ${CERTS_DIR}/client.key

scripts/mtls/gen_cnf.sh ca --cn '${CERT_SERVER_CA_CN}' --state Cork --locality Cork --org NGINX --country IE --out ${CERTS_DIR}/server/conf
scripts/mtls/gen_cert.sh ca --config ${CERTS_DIR}/server/conf/ca.cnf --out ${CERTS_DIR}/server
scripts/tls/gen_cnf.sh ca --cn '${CERT_SERVER_CA_CN}' --state Cork --locality Cork --org NGINX --country IE --out ${CERTS_DIR}/server/conf
scripts/tls/gen_cert.sh ca --config ${CERTS_DIR}/server/conf/ca.cnf --out ${CERTS_DIR}/server

scripts/mtls/gen_cnf.sh intermediate --cn '${CERT_SERVER_INT_CN}' --org NGINX --locality Cork --out ${CERTS_DIR}/server/conf
scripts/mtls/gen_cert.sh intermediate --config ${CERTS_DIR}/server/conf/int.cnf --ca-cert ${CERTS_DIR}/server/ca.crt --ca-key ${CERTS_DIR}/server/ca.key --out ${CERTS_DIR}/server
scripts/tls/gen_cnf.sh intermediate --cn '${CERT_SERVER_INT_CN}' --org NGINX --locality Cork --out ${CERTS_DIR}/server/conf
scripts/tls/gen_cert.sh intermediate --config ${CERTS_DIR}/server/conf/int.cnf --ca-cert ${CERTS_DIR}/server/ca.crt --ca-key ${CERTS_DIR}/server/ca.key --out ${CERTS_DIR}/server

scripts/mtls/gen_cnf.sh end-entity --cn '${CERT_SERVER_EE_CN}' --san 'DNS.1=${CERT_SERVER_DNS}' --out ${CERTS_DIR}/server/conf
scripts/mtls/gen_cert.sh end-entity --config ${CERTS_DIR}/server/conf/ee.cnf --ca-cert ${CERTS_DIR}/server/int.crt --ca-key ${CERTS_DIR}/server/int.key --out ${CERTS_DIR}/server
scripts/tls/gen_cnf.sh end-entity --cn '${CERT_SERVER_EE_CN}' --san 'DNS.1=${CERT_SERVER_DNS}' --out ${CERTS_DIR}/server/conf
scripts/tls/gen_cert.sh end-entity --config ${CERTS_DIR}/server/conf/ee.cnf --ca-cert ${CERTS_DIR}/server/int.crt --ca-key ${CERTS_DIR}/server/int.key --out ${CERTS_DIR}/server

cat ${CERTS_DIR}/server/int.crt ${CERTS_DIR}/server/ca.crt > ${CERTS_DIR}/ca.pem

Expand All @@ -216,3 +216,7 @@ build-docker: # Build agent docker image for NGINX Plus, need nginx-repo.crt and
run-docker: ## Run docker container from specified DOCKER_TAG
@echo Running Docker; \
docker run ${DOCKER_TAG}

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Dashboard Targets #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ Follow steps in the [Installation](#installation) section to download, install,
Run the following command in your development directory to clone the Agent source code from the GitHub repository. See [Cloning a GitHub Repository](https://docs.github.com/en/repositories/creating-and-managing-repositories/cloning-a-repository) for additional help.

```
git clone git@github.com:nginx/agent.git
git clone https://github.com/nginx/agent.git
```

## Starting the gRPC Mock Control Plane
Expand Down Expand Up @@ -172,7 +172,7 @@ The Agent REST interface can be exposed by adding the following lines to the `ng

```yaml
api:
port: 9090 # port to expose REST API
port: 8081 # port to expose REST API
# REST TLS parameters
cert: "<TLS-CERTIFICATE>.crt"
Expand Down
2 changes: 1 addition & 1 deletion examples/grafana-metrics/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ build: ## Build agent package
cd ../../ && GOWORK=off CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -o ./build/nginx-agent
cd ../../ && nfpm pkg --config ./scripts/.local-nfpm.yaml --packager deb --target ./examples/grafana-metrics/build/nginx-agent.deb

run: ## Start docker containers
run: build ## Start docker containers
docker-compose up --build
4 changes: 2 additions & 2 deletions nginx-agent.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,15 @@
server:
# host of the control plane
host: 127.0.0.1
grpcPort: 443
grpcPort: 54789
# provide servername overrides if using SNI
# metrics: ""
# command: ""
# tls options
tls:
# enable tls in the nginx-agent setup for grpcs
# default to enable to connect with tls connection but without client cert for mtls
enable: true
enable: false
# specify the absolute path to the CA certificate file to use for verifying
# the server certificate (also requires 'skip_verify: false' below)
# by default, this will be the trusted root CAs found in the OS CA store
Expand Down
0 scripts/mtls/gen_cert.sh → scripts/tls/gen_cert.sh
View file
File renamed without changes.
0 scripts/mtls/gen_cnf.sh → scripts/tls/gen_cnf.sh
View file
File renamed without changes.
4 changes: 2 additions & 2 deletions sdk/config_helpers_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1067,14 +1067,14 @@ func getCertMeta(file string) crtMetaFields {
}

func generateCertificate() error {
cmd := exec.Command("../scripts/mtls/gen_cnf.sh", "ca", "--cn", "'ca.local'", "--state", "Cork", "--locality", "Cork", "--org", "NGINX", "--country", "IE", "--out", "certs/conf")
cmd := exec.Command("../scripts/tls/gen_cnf.sh", "ca", "--cn", "'ca.local'", "--state", "Cork", "--locality", "Cork", "--org", "NGINX", "--country", "IE", "--out", "certs/conf")

err := cmd.Run()
if err != nil {
return err
}

cmd1 := exec.Command("../scripts/mtls/gen_cert.sh", "ca", "--config", "certs/conf/ca.cnf", "--out", "/tmp/testdata/nginx/")
cmd1 := exec.Command("../scripts/tls/gen_cert.sh", "ca", "--config", "certs/conf/ca.cnf", "--out", "/tmp/testdata/nginx/")

err = cmd1.Run()
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion src/plugins/agent_api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ func (a *AgentAPI) createHttpServer() {
gatherer := prometheus.DefaultGatherer

registerer.MustRegister(a.exporter)
mux.Handle("/metrics", promhttp.HandlerFor(gatherer, promhttp.HandlerOpts{}))
mux.Handle("/metrics/", promhttp.HandlerFor(gatherer, promhttp.HandlerOpts{}))

mux.Handle("/nginx/", a.nginxHandler)

Expand Down
8 changes: 4 additions & 4 deletions test/performance/user_workflow_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -218,14 +218,14 @@ func generateCertificate() error {
for i := 1; i <= 3; i++ {
agentVersion := fmt.Sprintf("agent%v", i)
filename := fmt.Sprintf("%v.local", agentVersion)
cmd := exec.Command("../../scripts/mtls/gen_cnf.sh", "ca", "--cn", filename, "--state", "Cork", "--locality", "Cork", "--org", "NGINX", "--country", "IE", "--out", "../testdata/configs/bigger/conf")
cmd := exec.Command("../../scripts/tls/gen_cnf.sh", "ca", "--cn", filename, "--state", "Cork", "--locality", "Cork", "--org", "NGINX", "--country", "IE", "--out", "../testdata/configs/bigger/conf")

err := cmd.Run()
if err != nil {
return err
}

cmd1 := exec.Command("../../scripts/mtls/gen_cert.sh", "ca", "--config", "../testdata/configs/bigger/conf/ca.cnf", "--out", "../testdata/configs/bigger/ssl")
cmd1 := exec.Command("../../scripts/tls/gen_cert.sh", "ca", "--config", "../testdata/configs/bigger/conf/ca.cnf", "--out", "../testdata/configs/bigger/ssl")
err = cmd1.Run()
if err != nil {
return err
Expand All @@ -246,14 +246,14 @@ func generateCertificate() error {
}

filename := "test.local"
cmd := exec.Command("../../scripts/mtls/gen_cnf.sh", "ca", "--cn", filename, "--state", "Cork", "--locality", "Cork", "--org", "NGINX", "--country", "IE", "--out", "../testdata/configs/bigger/conf")
cmd := exec.Command("../../scripts/tls/gen_cnf.sh", "ca", "--cn", filename, "--state", "Cork", "--locality", "Cork", "--org", "NGINX", "--country", "IE", "--out", "../testdata/configs/bigger/conf")

err := cmd.Run()
if err != nil {
return err
}

cmd1 := exec.Command("../../scripts/mtls/gen_cert.sh", "ca", "--config", "../testdata/configs/bigger/conf/ca.cnf", "--out", "../testdata/configs/bigger/ssl")
cmd1 := exec.Command("../../scripts/tls/gen_cert.sh", "ca", "--config", "../testdata/configs/bigger/conf/ca.cnf", "--out", "../testdata/configs/bigger/ssl")
err = cmd1.Run()
if err != nil {
return err
Expand Down
2 changes: 1 addition & 1 deletion test/performance/vendor/github.com/nginx/agent/v2/src/plugins/agent_api.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 3c536cb

Please sign in to comment.