From 3c536cbd288608b21f938aa8d316f683393ce815 Mon Sep 17 00:00:00 2001 From: Oliver O'Mahony Date: Mon, 5 Dec 2022 11:17:21 +0000 Subject: [PATCH] fixed metrics (#127) * fixed metrics got feedback from internal stakeholders and adjusted accordingly. Also tidied scripts Co-authored-by: o.omahony --- Makefile | 28 +++++++++++-------- README.md | 4 +-- examples/grafana-metrics/Makefile | 2 +- nginx-agent.conf | 4 +-- scripts/{mtls => tls}/gen_cert.sh | 0 scripts/{mtls => tls}/gen_cnf.sh | 0 sdk/config_helpers_test.go | 4 +-- src/plugins/agent_api.go | 2 +- test/performance/user_workflow_test.go | 8 +++--- .../nginx/agent/v2/src/plugins/agent_api.go | 2 +- 10 files changed, 29 insertions(+), 25 deletions(-) rename scripts/{mtls => tls}/gen_cert.sh (100%) rename scripts/{mtls => tls}/gen_cnf.sh (100%) diff --git a/Makefile b/Makefile index 4760b3bd70..f1f35ff2d6 100644 --- a/Makefile +++ b/Makefile @@ -172,26 +172,26 @@ test-install: ## Run agent install test # Cert Generation # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # certs: ## Generate TLS certificates - scripts/mtls/gen_cnf.sh ca --cn '${CERT_CLIENT_CA_CN}' --state Cork --locality Cork --org NGINX --country IE --out ${CERTS_DIR}/client/conf - scripts/mtls/gen_cert.sh ca --config ${CERTS_DIR}/client/conf/ca.cnf --out ${CERTS_DIR}/client + scripts/tls/gen_cnf.sh ca --cn '${CERT_CLIENT_CA_CN}' --state Cork --locality Cork --org NGINX --country IE --out ${CERTS_DIR}/client/conf + scripts/tls/gen_cert.sh ca --config ${CERTS_DIR}/client/conf/ca.cnf --out ${CERTS_DIR}/client - scripts/mtls/gen_cnf.sh intermediate --cn '${CERT_CLIENT_INT_CN}' --org NGINX --locality Cork --out ${CERTS_DIR}/client/conf - scripts/mtls/gen_cert.sh intermediate --config ${CERTS_DIR}/client/conf/int.cnf --ca-cert ${CERTS_DIR}/client/ca.crt --ca-key ${CERTS_DIR}/client/ca.key --out ${CERTS_DIR}/client + scripts/tls/gen_cnf.sh intermediate --cn '${CERT_CLIENT_INT_CN}' --org NGINX --locality Cork --out ${CERTS_DIR}/client/conf + scripts/tls/gen_cert.sh intermediate --config ${CERTS_DIR}/client/conf/int.cnf --ca-cert ${CERTS_DIR}/client/ca.crt --ca-key ${CERTS_DIR}/client/ca.key --out ${CERTS_DIR}/client - scripts/mtls/gen_cnf.sh end-entity --cn '${CERT_CLIENT_EE_CN}' --san 'DNS.1=${CERT_CLIENT_DNS}' --out ${CERTS_DIR}/client/conf - scripts/mtls/gen_cert.sh end-entity --config ${CERTS_DIR}/client/conf/ee.cnf --ca-cert ${CERTS_DIR}/client/int.crt --ca-key ${CERTS_DIR}/client/int.key --out ${CERTS_DIR}/client + scripts/tls/gen_cnf.sh end-entity --cn '${CERT_CLIENT_EE_CN}' --san 'DNS.1=${CERT_CLIENT_DNS}' --out ${CERTS_DIR}/client/conf + scripts/tls/gen_cert.sh end-entity --config ${CERTS_DIR}/client/conf/ee.cnf --ca-cert ${CERTS_DIR}/client/int.crt --ca-key ${CERTS_DIR}/client/int.key --out ${CERTS_DIR}/client cp ${CERTS_DIR}/client/ee.crt ${CERTS_DIR}/client.crt cp ${CERTS_DIR}/client/ee.key ${CERTS_DIR}/client.key - scripts/mtls/gen_cnf.sh ca --cn '${CERT_SERVER_CA_CN}' --state Cork --locality Cork --org NGINX --country IE --out ${CERTS_DIR}/server/conf - scripts/mtls/gen_cert.sh ca --config ${CERTS_DIR}/server/conf/ca.cnf --out ${CERTS_DIR}/server + scripts/tls/gen_cnf.sh ca --cn '${CERT_SERVER_CA_CN}' --state Cork --locality Cork --org NGINX --country IE --out ${CERTS_DIR}/server/conf + scripts/tls/gen_cert.sh ca --config ${CERTS_DIR}/server/conf/ca.cnf --out ${CERTS_DIR}/server - scripts/mtls/gen_cnf.sh intermediate --cn '${CERT_SERVER_INT_CN}' --org NGINX --locality Cork --out ${CERTS_DIR}/server/conf - scripts/mtls/gen_cert.sh intermediate --config ${CERTS_DIR}/server/conf/int.cnf --ca-cert ${CERTS_DIR}/server/ca.crt --ca-key ${CERTS_DIR}/server/ca.key --out ${CERTS_DIR}/server + scripts/tls/gen_cnf.sh intermediate --cn '${CERT_SERVER_INT_CN}' --org NGINX --locality Cork --out ${CERTS_DIR}/server/conf + scripts/tls/gen_cert.sh intermediate --config ${CERTS_DIR}/server/conf/int.cnf --ca-cert ${CERTS_DIR}/server/ca.crt --ca-key ${CERTS_DIR}/server/ca.key --out ${CERTS_DIR}/server - scripts/mtls/gen_cnf.sh end-entity --cn '${CERT_SERVER_EE_CN}' --san 'DNS.1=${CERT_SERVER_DNS}' --out ${CERTS_DIR}/server/conf - scripts/mtls/gen_cert.sh end-entity --config ${CERTS_DIR}/server/conf/ee.cnf --ca-cert ${CERTS_DIR}/server/int.crt --ca-key ${CERTS_DIR}/server/int.key --out ${CERTS_DIR}/server + scripts/tls/gen_cnf.sh end-entity --cn '${CERT_SERVER_EE_CN}' --san 'DNS.1=${CERT_SERVER_DNS}' --out ${CERTS_DIR}/server/conf + scripts/tls/gen_cert.sh end-entity --config ${CERTS_DIR}/server/conf/ee.cnf --ca-cert ${CERTS_DIR}/server/int.crt --ca-key ${CERTS_DIR}/server/int.key --out ${CERTS_DIR}/server cat ${CERTS_DIR}/server/int.crt ${CERTS_DIR}/server/ca.crt > ${CERTS_DIR}/ca.pem @@ -216,3 +216,7 @@ build-docker: # Build agent docker image for NGINX Plus, need nginx-repo.crt and run-docker: ## Run docker container from specified DOCKER_TAG @echo Running Docker; \ docker run ${DOCKER_TAG} + +# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # +# Dashboard Targets # +# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # diff --git a/README.md b/README.md index a8903febce..952f4a8694 100644 --- a/README.md +++ b/README.md @@ -132,7 +132,7 @@ Follow steps in the [Installation](#installation) section to download, install, Run the following command in your development directory to clone the Agent source code from the GitHub repository. See [Cloning a GitHub Repository](https://docs.github.com/en/repositories/creating-and-managing-repositories/cloning-a-repository) for additional help. ``` -git clone git@github.com:nginx/agent.git +git clone https://github.com/nginx/agent.git ``` ## Starting the gRPC Mock Control Plane @@ -172,7 +172,7 @@ The Agent REST interface can be exposed by adding the following lines to the `ng ```yaml api: - port: 9090 # port to expose REST API + port: 8081 # port to expose REST API # REST TLS parameters cert: ".crt" diff --git a/examples/grafana-metrics/Makefile b/examples/grafana-metrics/Makefile index 9e9cf00db2..bc746e125f 100644 --- a/examples/grafana-metrics/Makefile +++ b/examples/grafana-metrics/Makefile @@ -11,5 +11,5 @@ build: ## Build agent package cd ../../ && GOWORK=off CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -o ./build/nginx-agent cd ../../ && nfpm pkg --config ./scripts/.local-nfpm.yaml --packager deb --target ./examples/grafana-metrics/build/nginx-agent.deb -run: ## Start docker containers +run: build ## Start docker containers docker-compose up --build diff --git a/nginx-agent.conf b/nginx-agent.conf index 049257ec4f..8fbc0fdbb5 100644 --- a/nginx-agent.conf +++ b/nginx-agent.conf @@ -11,7 +11,7 @@ server: # host of the control plane host: 127.0.0.1 - grpcPort: 443 + grpcPort: 54789 # provide servername overrides if using SNI # metrics: "" # command: "" @@ -19,7 +19,7 @@ server: tls: # enable tls in the nginx-agent setup for grpcs # default to enable to connect with tls connection but without client cert for mtls - enable: true + enable: false # specify the absolute path to the CA certificate file to use for verifying # the server certificate (also requires 'skip_verify: false' below) # by default, this will be the trusted root CAs found in the OS CA store diff --git a/scripts/mtls/gen_cert.sh b/scripts/tls/gen_cert.sh similarity index 100% rename from scripts/mtls/gen_cert.sh rename to scripts/tls/gen_cert.sh diff --git a/scripts/mtls/gen_cnf.sh b/scripts/tls/gen_cnf.sh similarity index 100% rename from scripts/mtls/gen_cnf.sh rename to scripts/tls/gen_cnf.sh diff --git a/sdk/config_helpers_test.go b/sdk/config_helpers_test.go index 09f9b1fb91..52db34a6a8 100644 --- a/sdk/config_helpers_test.go +++ b/sdk/config_helpers_test.go @@ -1067,14 +1067,14 @@ func getCertMeta(file string) crtMetaFields { } func generateCertificate() error { - cmd := exec.Command("../scripts/mtls/gen_cnf.sh", "ca", "--cn", "'ca.local'", "--state", "Cork", "--locality", "Cork", "--org", "NGINX", "--country", "IE", "--out", "certs/conf") + cmd := exec.Command("../scripts/tls/gen_cnf.sh", "ca", "--cn", "'ca.local'", "--state", "Cork", "--locality", "Cork", "--org", "NGINX", "--country", "IE", "--out", "certs/conf") err := cmd.Run() if err != nil { return err } - cmd1 := exec.Command("../scripts/mtls/gen_cert.sh", "ca", "--config", "certs/conf/ca.cnf", "--out", "/tmp/testdata/nginx/") + cmd1 := exec.Command("../scripts/tls/gen_cert.sh", "ca", "--config", "certs/conf/ca.cnf", "--out", "/tmp/testdata/nginx/") err = cmd1.Run() if err != nil { diff --git a/src/plugins/agent_api.go b/src/plugins/agent_api.go index 990c93f7dc..a7f1ef4934 100644 --- a/src/plugins/agent_api.go +++ b/src/plugins/agent_api.go @@ -91,7 +91,7 @@ func (a *AgentAPI) createHttpServer() { gatherer := prometheus.DefaultGatherer registerer.MustRegister(a.exporter) - mux.Handle("/metrics", promhttp.HandlerFor(gatherer, promhttp.HandlerOpts{})) + mux.Handle("/metrics/", promhttp.HandlerFor(gatherer, promhttp.HandlerOpts{})) mux.Handle("/nginx/", a.nginxHandler) diff --git a/test/performance/user_workflow_test.go b/test/performance/user_workflow_test.go index 8c1792d4ab..9fe9158e06 100644 --- a/test/performance/user_workflow_test.go +++ b/test/performance/user_workflow_test.go @@ -218,14 +218,14 @@ func generateCertificate() error { for i := 1; i <= 3; i++ { agentVersion := fmt.Sprintf("agent%v", i) filename := fmt.Sprintf("%v.local", agentVersion) - cmd := exec.Command("../../scripts/mtls/gen_cnf.sh", "ca", "--cn", filename, "--state", "Cork", "--locality", "Cork", "--org", "NGINX", "--country", "IE", "--out", "../testdata/configs/bigger/conf") + cmd := exec.Command("../../scripts/tls/gen_cnf.sh", "ca", "--cn", filename, "--state", "Cork", "--locality", "Cork", "--org", "NGINX", "--country", "IE", "--out", "../testdata/configs/bigger/conf") err := cmd.Run() if err != nil { return err } - cmd1 := exec.Command("../../scripts/mtls/gen_cert.sh", "ca", "--config", "../testdata/configs/bigger/conf/ca.cnf", "--out", "../testdata/configs/bigger/ssl") + cmd1 := exec.Command("../../scripts/tls/gen_cert.sh", "ca", "--config", "../testdata/configs/bigger/conf/ca.cnf", "--out", "../testdata/configs/bigger/ssl") err = cmd1.Run() if err != nil { return err @@ -246,14 +246,14 @@ func generateCertificate() error { } filename := "test.local" - cmd := exec.Command("../../scripts/mtls/gen_cnf.sh", "ca", "--cn", filename, "--state", "Cork", "--locality", "Cork", "--org", "NGINX", "--country", "IE", "--out", "../testdata/configs/bigger/conf") + cmd := exec.Command("../../scripts/tls/gen_cnf.sh", "ca", "--cn", filename, "--state", "Cork", "--locality", "Cork", "--org", "NGINX", "--country", "IE", "--out", "../testdata/configs/bigger/conf") err := cmd.Run() if err != nil { return err } - cmd1 := exec.Command("../../scripts/mtls/gen_cert.sh", "ca", "--config", "../testdata/configs/bigger/conf/ca.cnf", "--out", "../testdata/configs/bigger/ssl") + cmd1 := exec.Command("../../scripts/tls/gen_cert.sh", "ca", "--config", "../testdata/configs/bigger/conf/ca.cnf", "--out", "../testdata/configs/bigger/ssl") err = cmd1.Run() if err != nil { return err diff --git a/test/performance/vendor/github.com/nginx/agent/v2/src/plugins/agent_api.go b/test/performance/vendor/github.com/nginx/agent/v2/src/plugins/agent_api.go index 990c93f7dc..a7f1ef4934 100644 --- a/test/performance/vendor/github.com/nginx/agent/v2/src/plugins/agent_api.go +++ b/test/performance/vendor/github.com/nginx/agent/v2/src/plugins/agent_api.go @@ -91,7 +91,7 @@ func (a *AgentAPI) createHttpServer() { gatherer := prometheus.DefaultGatherer registerer.MustRegister(a.exporter) - mux.Handle("/metrics", promhttp.HandlerFor(gatherer, promhttp.HandlerOpts{})) + mux.Handle("/metrics/", promhttp.HandlerFor(gatherer, promhttp.HandlerOpts{})) mux.Handle("/nginx/", a.nginxHandler)