From 5730d665749feadf4e42c1fedda8e69d58e27fe8 Mon Sep 17 00:00:00 2001 From: "o.omahony" Date: Tue, 13 Dec 2022 11:50:34 +0000 Subject: [PATCH 1/5] added config|noreplace into the packaging --- .nfpm.yaml | 1 + scripts/.local-nfpm.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/.nfpm.yaml b/.nfpm.yaml index 6c1c827c4..83a2c7795 100644 --- a/.nfpm.yaml +++ b/.nfpm.yaml @@ -14,6 +14,7 @@ contents: dst: /usr/bin/nginx-agent - src: nginx-agent.conf dst: /etc/nginx-agent/nginx-agent.conf + type: config|noreplace file_info: mode: 0640 - src: ./scripts/packages/nginx-agent.service diff --git a/scripts/.local-nfpm.yaml b/scripts/.local-nfpm.yaml index 26a4b6001..a2e64083d 100644 --- a/scripts/.local-nfpm.yaml +++ b/scripts/.local-nfpm.yaml @@ -12,6 +12,7 @@ contents: dst: /usr/bin/nginx-agent - src: nginx-agent.conf dst: /etc/nginx-agent/nginx-agent.conf + type: config|noreplace file_info: mode: 0640 - src: ./scripts/packages/nginx-agent.service From 2b6751df0cd15c5d362381fe5c31e031374cd5b8 Mon Sep 17 00:00:00 2001 From: "o.omahony" Date: Tue, 13 Dec 2022 15:31:00 +0000 Subject: [PATCH 2/5] trying packager from nfpm test cases --- .nfpm.yaml | 19 +++++++++++++++++++ scripts/.local-nfpm.yaml | 19 +++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/.nfpm.yaml b/.nfpm.yaml index 83a2c7795..97f6dd714 100644 --- a/.nfpm.yaml +++ b/.nfpm.yaml @@ -15,6 +15,25 @@ contents: - src: nginx-agent.conf dst: /etc/nginx-agent/nginx-agent.conf type: config|noreplace + packager: rpm + file_info: + mode: 0640 + - src: nginx-agent.conf + dst: /etc/nginx-agent/nginx-agent.conf + type: config|noreplace + packager: deb + file_info: + mode: 0640 + - src: nginx-agent.conf + dst: /etc/nginx-agent/nginx-agent.conf + type: config|noreplace + packager: pkg + file_info: + mode: 0640 + - src: nginx-agent.conf + dst: /etc/nginx-agent/nginx-agent.conf + type: config|noreplace + packager: apk file_info: mode: 0640 - src: ./scripts/packages/nginx-agent.service diff --git a/scripts/.local-nfpm.yaml b/scripts/.local-nfpm.yaml index a2e64083d..7d0d7ef04 100644 --- a/scripts/.local-nfpm.yaml +++ b/scripts/.local-nfpm.yaml @@ -13,6 +13,25 @@ contents: - src: nginx-agent.conf dst: /etc/nginx-agent/nginx-agent.conf type: config|noreplace + packager: rpm + file_info: + mode: 0640 + - src: nginx-agent.conf + dst: /etc/nginx-agent/nginx-agent.conf + type: config|noreplace + packager: deb + file_info: + mode: 0640 + - src: nginx-agent.conf + dst: /etc/nginx-agent/nginx-agent.conf + type: config|noreplace + packager: pkg + file_info: + mode: 0640 + - src: nginx-agent.conf + dst: /etc/nginx-agent/nginx-agent.conf + type: config|noreplace + packager: apk file_info: mode: 0640 - src: ./scripts/packages/nginx-agent.service From 7353762ad777370603e9b4d5387dc89129be1ce2 Mon Sep 17 00:00:00 2001 From: "o.omahony" Date: Tue, 13 Dec 2022 16:36:50 +0000 Subject: [PATCH 3/5] default the config in the package --- .nfpm.yaml | 26 +----------- scripts/.local-nfpm.yaml | 26 +----------- scripts/packages/postinstall.sh | 73 +++++++++++++++++++++++++++++++++ 3 files changed, 77 insertions(+), 48 deletions(-) diff --git a/.nfpm.yaml b/.nfpm.yaml index 97f6dd714..870770695 100644 --- a/.nfpm.yaml +++ b/.nfpm.yaml @@ -12,30 +12,8 @@ changelog: "./scripts/changelog.yml" contents: - src: ./build/nginx-agent dst: /usr/bin/nginx-agent - - src: nginx-agent.conf - dst: /etc/nginx-agent/nginx-agent.conf - type: config|noreplace - packager: rpm - file_info: - mode: 0640 - - src: nginx-agent.conf - dst: /etc/nginx-agent/nginx-agent.conf - type: config|noreplace - packager: deb - file_info: - mode: 0640 - - src: nginx-agent.conf - dst: /etc/nginx-agent/nginx-agent.conf - type: config|noreplace - packager: pkg - file_info: - mode: 0640 - - src: nginx-agent.conf - dst: /etc/nginx-agent/nginx-agent.conf - type: config|noreplace - packager: apk - file_info: - mode: 0640 + - dst: /etc/nginx-agent + type: dir - src: ./scripts/packages/nginx-agent.service dst: /etc/systemd/system/nginx-agent.service - src: ./scripts/selinux/nginx_agent_selinux.8.gz diff --git a/scripts/.local-nfpm.yaml b/scripts/.local-nfpm.yaml index 7d0d7ef04..8254281f7 100644 --- a/scripts/.local-nfpm.yaml +++ b/scripts/.local-nfpm.yaml @@ -10,30 +10,8 @@ license: Apache 2.0 contents: - src: ./build/nginx-agent dst: /usr/bin/nginx-agent - - src: nginx-agent.conf - dst: /etc/nginx-agent/nginx-agent.conf - type: config|noreplace - packager: rpm - file_info: - mode: 0640 - - src: nginx-agent.conf - dst: /etc/nginx-agent/nginx-agent.conf - type: config|noreplace - packager: deb - file_info: - mode: 0640 - - src: nginx-agent.conf - dst: /etc/nginx-agent/nginx-agent.conf - type: config|noreplace - packager: pkg - file_info: - mode: 0640 - - src: nginx-agent.conf - dst: /etc/nginx-agent/nginx-agent.conf - type: config|noreplace - packager: apk - file_info: - mode: 0640 + - dst: /etc/nginx-agent + type: dir - src: ./scripts/packages/nginx-agent.service dst: /etc/systemd/system/nginx-agent.service - src: ./scripts/selinux/nginx_agent_selinux.8.gz diff --git a/scripts/packages/postinstall.sh b/scripts/packages/postinstall.sh index 9547c07b9..efd0fc9d7 100755 --- a/scripts/packages/postinstall.sh +++ b/scripts/packages/postinstall.sh @@ -174,6 +174,78 @@ update_unit_file() { fi } +add_default_config_file() { + if [ ! -f "${BSD_HIER}"/etc/nginx-agent/nginx-agent.conf ]; then + cat < "${BSD_HIER}"/etc/nginx-agent/nginx-agent.conf +# +# /etc/nginx-agent/nginx-agent.conf +# +# Configuration file for NGINX Agent. +# +# This file is to track agent configuration values that are meant to be statically set. There +# are additional agent configuration values that are set via the API and agent install script +# which can be found in /etc/nginx-agent/agent-dynamic.conf. + +# specify the server grpc port to connect to +server: + # host of the control plane + host: 127.0.0.1 + grpcPort: 54789 + # provide servername overrides if using SNI + # metrics: "" + # command: "" +# tls options +tls: + # enable tls in the nginx-agent setup for grpcs + # default to enable to connect with tls connection but without client cert for mtls + enable: false + # specify the absolute path to the CA certificate file to use for verifying + # the server certificate (also requires 'skip_verify: false' below) + # by default, this will be the trusted root CAs found in the OS CA store + # ca: /etc/nginx-agent/ca.pem + # specify the absolute path to the client cert, when mtls is enabled + # cert: /etc/nginx-agent/client.crt + # specify the absolute path to the client cert key, when mtls is enabled + # key: /etc/nginx-agent/client.key + # controls whether the server certificate chain and host name are verified. + # for production use, see instructions for configuring TLS + skip_verify: true +log: + # set log level (panic, fatal, error, info, debug, trace; default "info") + level: info + # set log path. if empty, don't log to file. + path: /var/log/nginx-agent/ +# data plane status message / 'heartbeat' +nginx: + # path of NGINX logs to exclude + exclude_logs: "" + socket: "unix:/var/run/nginx-agent/nginx.sock" + +dataplane: + status: + # poll interval for data plane status - the frequency the agent will query the dataplane for changes + poll_interval: 30s + # report interval for data plane status - the maximum duration to wait before syncing dataplane information if no updates have being observed + report_interval: 24h +metrics: + # specify the size of a buffer to build before sending metrics + bulk_size: 20 + # specify metrics poll interval + report_interval: 1m + collection_interval: 15s + mode: aggregated + +# OSS NGINX default config path +# path to aux file dirs can also be added +config_dirs: "/etc/nginx:/usr/local/etc/nginx:/usr/share/nginx/modules:/etc/nms" + +api: + # default port for Agent API, this is for the server configuration of the REST API + port: 8081 +EOF + fi +} + summary() { echo "----------------------------------------------------------------------" echo " NGINX Agent package has been successfully installed." @@ -202,6 +274,7 @@ summary() { create_agent_group create_run_dir update_unit_file + add_default_config_file summary } From 7a4b9cd28f61f359d05ae01430d7ea6d3c630b8f Mon Sep 17 00:00:00 2001 From: "o.omahony" Date: Tue, 13 Dec 2022 16:52:01 +0000 Subject: [PATCH 4/5] default config --- scripts/packages/postinstall.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/packages/postinstall.sh b/scripts/packages/postinstall.sh index efd0fc9d7..d1fe3fe55 100755 --- a/scripts/packages/postinstall.sh +++ b/scripts/packages/postinstall.sh @@ -176,6 +176,7 @@ update_unit_file() { add_default_config_file() { if [ ! -f "${BSD_HIER}"/etc/nginx-agent/nginx-agent.conf ]; then + printf "PostInstall: Creating default nginx-agent.conf file\n" cat < "${BSD_HIER}"/etc/nginx-agent/nginx-agent.conf # # /etc/nginx-agent/nginx-agent.conf From 3ae529a273bb8d1d7c00d9bb924608bc0f6d99df Mon Sep 17 00:00:00 2001 From: "o.omahony" Date: Tue, 13 Dec 2022 16:55:43 +0000 Subject: [PATCH 5/5] fixed file permissions on post install --- scripts/packages/postinstall.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/packages/postinstall.sh b/scripts/packages/postinstall.sh index d1fe3fe55..174e00940 100755 --- a/scripts/packages/postinstall.sh +++ b/scripts/packages/postinstall.sh @@ -244,6 +244,8 @@ api: # default port for Agent API, this is for the server configuration of the REST API port: 8081 EOF + printf "PostInstall: Updating file permissions for nginx-agent.conf to 0640\n" + chmod 0640 "${BSD_HIER}"/etc/nginx-agent/nginx-agent.conf fi }