From 7700bf2b0a3822521d68aa0f81a60123e4cb5b1e Mon Sep 17 00:00:00 2001 From: Chris Adams Date: Wed, 17 May 2023 15:21:29 +0100 Subject: [PATCH 1/3] Packages scripts refactor --- scripts/packages/manifest | 2 +- scripts/packages/postinstall.sh | 11 ++++----- scripts/packages/preinstall.sh | 41 +++++++++++---------------------- scripts/selinux/README.md | 4 ++-- 4 files changed, 21 insertions(+), 37 deletions(-) diff --git a/scripts/packages/manifest b/scripts/packages/manifest index 8b5a1e6b71..957c0f6f22 100644 --- a/scripts/packages/manifest +++ b/scripts/packages/manifest @@ -2,7 +2,7 @@ name: nginx-agent version: "${VERSION}" origin: www/nginx-agent comment: "Monitors NGINX" -desc: "Unified agent for various NGINX control plane services." +desc: "NGINX Agent for various NGINX control plane services." maintainer: "NGINX Inc. " www: https://nginx.com prefix: / \ No newline at end of file diff --git a/scripts/packages/postinstall.sh b/scripts/packages/postinstall.sh index b7c92f4996..9e4b26d0a1 100755 --- a/scripts/packages/postinstall.sh +++ b/scripts/packages/postinstall.sh @@ -183,9 +183,9 @@ add_default_config_file() { # # Configuration file for NGINX Agent. # -# This file is to track agent configuration values that are meant to be statically set. There -# are additional agent configuration values that are set via the API and agent install script -# which can be found in /var/lib/nginx-agent/agent-dynamic.conf. +# This file is to track NGINX Agent configuration values that are meant to be statically set. There +# are additional NGINX Agent configuration values that are set via the API and NGINX Agent install script +# which can be found in /etc/nginx-agent/agent-dynamic.conf. # specify the server grpc port to connect to server: @@ -224,7 +224,7 @@ nginx: dataplane: status: - # poll interval for data plane status - the frequency the agent will query the dataplane for changes + # poll interval for data plane status - the frequency the NGINX Agent will query the dataplane for changes poll_interval: 30s # report interval for data plane status - the maximum duration to wait before syncing dataplane information if no updates have being observed report_interval: 24h @@ -241,7 +241,7 @@ metrics: config_dirs: "/etc/nginx:/usr/local/etc/nginx:/usr/share/nginx/modules:/etc/nms" api: - # default port for Agent API, this is for the server configuration of the REST API + # default port for NGINX Agent API, this is for the server configuration of the REST API port: 8081 EOF printf "PostInstall: Updating file permissions for nginx-agent.conf to 0640\n" @@ -303,4 +303,3 @@ summary() { upgrade_config_file summary } - diff --git a/scripts/packages/preinstall.sh b/scripts/packages/preinstall.sh index 864fb5c6c4..fb10964873 100644 --- a/scripts/packages/preinstall.sh +++ b/scripts/packages/preinstall.sh @@ -24,33 +24,28 @@ export AGENT_GROUP="${AGENT_GROUP:-$(id -ng)}" if [ "$ID" = "freebsd" ]; then AGENT_CONFIG_FILE=${AGENT_CONFIG_FILE:-"/usr/local/etc/nginx-agent/nginx-agent.conf"} - AGENT_DYNAMIC_CONFIG_DIR="/var/db/nginx-agent" - # Old location of agent-dynamic.conf - OLD_DYNAMIC_CONFIG_DIR="/etc/nginx-agent" + AGENT_DYNAMIC_CONFIG_DIR="/usr/local/etc/nginx-agent" mkdir -p /var/log/nginx-agent/ else AGENT_CONFIG_FILE=${AGENT_CONFIG_FILE:-"/etc/nginx-agent/nginx-agent.conf"} - AGENT_DYNAMIC_CONFIG_DIR="/var/lib/nginx-agent" - # Old location of agent-dynamic.conf - OLD_DYNAMIC_CONFIG_DIR="/etc/nginx-agent" + AGENT_DYNAMIC_CONFIG_DIR="/etc/nginx-agent" fi AGENT_DYNAMIC_CONFIG_FILE="${AGENT_DYNAMIC_CONFIG_DIR}/agent-dynamic.conf" -OLD_DYNAMIC_CONFIG_FILE="${OLD_DYNAMIC_CONFIG_DIR}/agent-dynamic.conf" AGENT_DYNAMIC_CONFIG_COMMENT="# # dynamic-agent.conf # # Dynamic configuration file for NGINX Agent. # -# The purpose of this file is to track agent configuration -# values that can be dynamically changed via the API and the agent install script. +# The purpose of this file is to track NGINX Agent configuration +# values that can be dynamically changed via the API and the NGINX Agent install script. # You may edit this file, but API calls that modify the tags on this system will # overwrite the tag values in this file. # -# The agent configuration values that API calls can modify are as follows: +# The NGINX Agent configuration values that API calls can modify are as follows: # - tags # -# The agent configuration value(s) that the agent install script can modify are as follows: +# The NGINX Agent configuration value(s) that the NGINX Agent install script can modify are as follows: # - instance_group " @@ -67,8 +62,6 @@ err_exit() { title() { printf "\n --- NGINX Agent Package Installer --- \n\n" - printf " --- Will install the NGINX Agent in 5 seconds ---\n" - sleep 5 } ensure_sudo() { @@ -80,20 +73,12 @@ ensure_sudo() { } load_config_values() { + # If the file doesn't exist attempt to create it if [ ! -f "$AGENT_DYNAMIC_CONFIG_FILE" ]; then - if [ -f "$OLD_DYNAMIC_CONFIG_FILE" ]; then - printf "Moving %s to %s\n" "$OLD_DYNAMIC_CONFIG_FILE" "$AGENT_DYNAMIC_CONFIG_FILE" - mkdir -p ${AGENT_DYNAMIC_CONFIG_DIR} - mv "$OLD_DYNAMIC_CONFIG_FILE" "$AGENT_DYNAMIC_CONFIG_FILE" - printf "Creating symlink %s at %s\n" "$AGENT_DYNAMIC_CONFIG_FILE" "$OLD_DYNAMIC_CONFIG_FILE" - ln -s "$AGENT_DYNAMIC_CONFIG_FILE" "$OLD_DYNAMIC_CONFIG_FILE" - else - printf "Could not find %s ... Creating file\n" ${AGENT_DYNAMIC_CONFIG_FILE} - mkdir -p ${AGENT_DYNAMIC_CONFIG_DIR} - printf "%s" "${AGENT_DYNAMIC_CONFIG_COMMENT}" | tee ${AGENT_DYNAMIC_CONFIG_FILE} > /dev/null - printf "Successfully created %s\n" "${AGENT_DYNAMIC_CONFIG_FILE}" - fi - + printf "Could not find %s ... Creating file\n" ${AGENT_DYNAMIC_CONFIG_FILE} + mkdir -p ${AGENT_DYNAMIC_CONFIG_DIR} + printf "%s" "${AGENT_DYNAMIC_CONFIG_COMMENT}" | tee ${AGENT_DYNAMIC_CONFIG_FILE} > /dev/null + printf "Successfully created %s\n" "${AGENT_DYNAMIC_CONFIG_FILE}" fi # Check if there are existing values @@ -109,7 +94,7 @@ update_config_file() { printf "Updating %s ...\n" "${AGENT_DYNAMIC_CONFIG_FILE}" if [ ! -f "$AGENT_CONFIG_FILE" ]; then - printf "Agent config file %s does not exist. Could not be updated\n" "$AGENT_CONFIG_FILE" + printf "NGINX Agent config file %s does not exist. Could not be updated\n" "$AGENT_CONFIG_FILE" exit 0 fi @@ -160,4 +145,4 @@ update_config_file() { ensure_sudo load_config_values update_config_file -} +} \ No newline at end of file diff --git a/scripts/selinux/README.md b/scripts/selinux/README.md index 3d98c61bc2..f20d4a4e12 100644 --- a/scripts/selinux/README.md +++ b/scripts/selinux/README.md @@ -44,8 +44,8 @@ sudo ./nginx_agent.sh --update ## Debugging * To check for policy violation look at the file `/var/log/audit/audit.log` -* To check if agent is confined by selinux: `ps -efZ | grep nginx-agent` +* To check if NGINX Agent is confined by selinux: `ps -efZ | grep nginx-agent` * For debugging nginx selinux issues refer to this nginx blog: https://www.nginx.com/blog/using-nginx-plus-with-selinux ## References -* https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/writing-a-custom-selinux-policy_using-selinux +* https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/writing-a-custom-selinux-policy_using-selinux \ No newline at end of file From 9dc702c94535247dd5a866abb92b4851495f5b88 Mon Sep 17 00:00:00 2001 From: Chris Adams Date: Thu, 18 May 2023 14:06:58 +0100 Subject: [PATCH 2/3] Packages scripts refactor --- scripts/packages/postinstall.sh | 2 +- scripts/packages/preinstall.sh | 27 ++++++++++++++++++++------- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/scripts/packages/postinstall.sh b/scripts/packages/postinstall.sh index 9e4b26d0a1..36cadc71e9 100755 --- a/scripts/packages/postinstall.sh +++ b/scripts/packages/postinstall.sh @@ -185,7 +185,7 @@ add_default_config_file() { # # This file is to track NGINX Agent configuration values that are meant to be statically set. There # are additional NGINX Agent configuration values that are set via the API and NGINX Agent install script -# which can be found in /etc/nginx-agent/agent-dynamic.conf. +# which can be found in /var/lib/nginx-agent/agent-dynamic.conf. # specify the server grpc port to connect to server: diff --git a/scripts/packages/preinstall.sh b/scripts/packages/preinstall.sh index fb10964873..4b0b31d024 100644 --- a/scripts/packages/preinstall.sh +++ b/scripts/packages/preinstall.sh @@ -24,14 +24,19 @@ export AGENT_GROUP="${AGENT_GROUP:-$(id -ng)}" if [ "$ID" = "freebsd" ]; then AGENT_CONFIG_FILE=${AGENT_CONFIG_FILE:-"/usr/local/etc/nginx-agent/nginx-agent.conf"} - AGENT_DYNAMIC_CONFIG_DIR="/usr/local/etc/nginx-agent" + AGENT_DYNAMIC_CONFIG_DIR="/var/db/nginx-agent" + # Old location of agent-dynamic.conf + OLD_DYNAMIC_CONFIG_DIR="/etc/nginx-agent" mkdir -p /var/log/nginx-agent/ else AGENT_CONFIG_FILE=${AGENT_CONFIG_FILE:-"/etc/nginx-agent/nginx-agent.conf"} - AGENT_DYNAMIC_CONFIG_DIR="/etc/nginx-agent" + AGENT_DYNAMIC_CONFIG_DIR="/var/lib/nginx-agent" + # Old location of agent-dynamic.conf + OLD_DYNAMIC_CONFIG_DIR="/etc/nginx-agent" fi AGENT_DYNAMIC_CONFIG_FILE="${AGENT_DYNAMIC_CONFIG_DIR}/agent-dynamic.conf" +OLD_DYNAMIC_CONFIG_FILE="${OLD_DYNAMIC_CONFIG_DIR}/agent-dynamic.conf" AGENT_DYNAMIC_CONFIG_COMMENT="# # dynamic-agent.conf # @@ -73,12 +78,20 @@ ensure_sudo() { } load_config_values() { - # If the file doesn't exist attempt to create it if [ ! -f "$AGENT_DYNAMIC_CONFIG_FILE" ]; then - printf "Could not find %s ... Creating file\n" ${AGENT_DYNAMIC_CONFIG_FILE} - mkdir -p ${AGENT_DYNAMIC_CONFIG_DIR} - printf "%s" "${AGENT_DYNAMIC_CONFIG_COMMENT}" | tee ${AGENT_DYNAMIC_CONFIG_FILE} > /dev/null - printf "Successfully created %s\n" "${AGENT_DYNAMIC_CONFIG_FILE}" + if [ -f "$OLD_DYNAMIC_CONFIG_FILE" ]; then + printf "Moving %s to %s\n" "$OLD_DYNAMIC_CONFIG_FILE" "$AGENT_DYNAMIC_CONFIG_FILE" + mkdir -p ${AGENT_DYNAMIC_CONFIG_DIR} + mv "$OLD_DYNAMIC_CONFIG_FILE" "$AGENT_DYNAMIC_CONFIG_FILE" + printf "Creating symlink %s at %s\n" "$AGENT_DYNAMIC_CONFIG_FILE" "$OLD_DYNAMIC_CONFIG_FILE" + ln -s "$AGENT_DYNAMIC_CONFIG_FILE" "$OLD_DYNAMIC_CONFIG_FILE" + else + printf "Could not find %s ... Creating file\n" ${AGENT_DYNAMIC_CONFIG_FILE} + mkdir -p ${AGENT_DYNAMIC_CONFIG_DIR} + printf "%s" "${AGENT_DYNAMIC_CONFIG_COMMENT}" | tee ${AGENT_DYNAMIC_CONFIG_FILE} > /dev/null + printf "Successfully created %s\n" "${AGENT_DYNAMIC_CONFIG_FILE}" + fi + fi # Check if there are existing values From 93ddc3275d37349fd57fe7cd26db5a43cdcb04e9 Mon Sep 17 00:00:00 2001 From: Chris Adams Date: Thu, 18 May 2023 14:10:27 +0100 Subject: [PATCH 3/3] Packages scripts refactor --- nginx-agent.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nginx-agent.conf b/nginx-agent.conf index adee227ab5..0399876cca 100644 --- a/nginx-agent.conf +++ b/nginx-agent.conf @@ -3,8 +3,8 @@ # # Configuration file for NGINX Agent. # -# This file is to track agent configuration values that are meant to be statically set. There -# are additional agent configuration values that are set via the API and agent install script +# This file is to track NGINX Agent configuration values that are meant to be statically set. There +# are additional NGINX Agent configuration values that are set via the API and NGINX Agent install script # which can be found in /var/lib/nginx-agent/agent-dynamic.conf. log: @@ -20,7 +20,7 @@ nginx: dataplane: status: - # poll interval for data plane status - the frequency the agent will query the dataplane for changes + # poll interval for data plane status - the frequency the NGINX Agent will query the dataplane for changes poll_interval: 30s # report interval for data plane status - the maximum duration to wait before syncing dataplane information if no updates have being observed report_interval: 24h @@ -37,5 +37,5 @@ metrics: config_dirs: "/etc/nginx:/usr/local/etc/nginx:/usr/share/nginx/modules:/etc/nms" api: - # default port for Agent API, this is for the server configuration of the REST API + # default port for NGINX Agent API, this is for the server configuration of the REST API port: 8081