From ab018479a3bc9c00861db6b54810959bc2fbed83 Mon Sep 17 00:00:00 2001 From: hardy Date: Thu, 8 Jun 2023 14:22:10 +0800 Subject: [PATCH] add default certs and fix build and tpl --- build.sh | 6 +++++- config/certs/ca.crt | 24 ++++++++++++++++++++++++ config/certs/ca.key | 28 ++++++++++++++++++++++++++++ config/install_agent.tpl | 18 +++++++++--------- console.yml | 26 +++++++++++++------------- 5 files changed, 79 insertions(+), 23 deletions(-) create mode 100644 config/certs/ca.crt create mode 100644 config/certs/ca.key diff --git a/build.sh b/build.sh index 17225641..c178bef6 100644 --- a/build.sh +++ b/build.sh @@ -27,7 +27,10 @@ GOROOT="/infini/go-pkgs/go-loongarch" PATH=$GOROOT/bin:$PATH make build-linux-lo #copy-configs cp -rf $WORKBASE/framework/LICENSE $WORKDIR/bin && cat $WORKBASE/framework/NOTICE $WORKDIR/NOTICE > $WORKDIR/bin/NOTICE -mkdir -p $WORKDIR/bin/config && cp $WORKDIR/config/*.json $WORKDIR/bin/config && cp -rf $WORKDIR/config/*.tpl $WORKDIR/bin/config +mkdir -p $WORKDIR/bin/config +cp $WORKDIR/config/*.json $WORKDIR/bin/config +cp -rf $WORKDIR/config/*.tpl $WORKDIR/bin/config +cp -rf $WORKDIR/config/certs $WORKDIR/bin/config cd $WORKDIR/bin for t in 386 amd64 arm64 armv5 armv6 armv7 loong64 mips mips64 mips64le mipsle riscv64 ; do @@ -50,6 +53,7 @@ WORKDIR \${APP_HOME} COPY ["$PNAME-linux-$t", "$PNAME.yml", "\${APP_HOME}/"] COPY ["config", "\${APP_HOME}/config"] +COPY ["config/certs", "\${APP_HOME}/config/certs"] CMD ["/opt/$PNAME/${PNAME}-linux-$t"] EOF diff --git a/config/certs/ca.crt b/config/certs/ca.crt new file mode 100644 index 00000000..1d83be0b --- /dev/null +++ b/config/certs/ca.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID+zCCAuOgAwIBAgIUEctl/ds6wIoJGTW3PQc5L/0VlQ4wDQYJKoZIhvcNAQEL +BQAwgYwxCzAJBgNVBAYTAkNOMQ4wDAYDVQQIDAVodW5hbjERMA8GA1UEBwwIY2hh +bmdzaGExEzARBgNVBAoMCmluZmluaWxhYnMxCzAJBgNVBAsMAml0MRcwFQYDVQQD +DA5pbmZpbmlsYWJzLmNvbTEfMB0GA1UEAwwWcmVsZWFzZS5pbmZpbmlsYWJzLmNv +bTAeFw0yMzA2MDgwNTI1MzVaFw0zMzA2MDUwNTI1MzVaMIGMMQswCQYDVQQGEwJD +TjEOMAwGA1UECAwFaHVuYW4xETAPBgNVBAcMCGNoYW5nc2hhMRMwEQYDVQQKDApp +bmZpbmlsYWJzMQswCQYDVQQLDAJpdDEXMBUGA1UEAwwOaW5maW5pbGFicy5jb20x +HzAdBgNVBAMMFnJlbGVhc2UuaW5maW5pbGFicy5jb20wggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQD43Co0NROYEeeZWWH4O3m+V7U+1/4DVuAm+9u1bxqi +OnliE24wm9+gk3HEwdr6pMGTfMWS8BMmqUpjjgFVK4Tcur87Cqjq7XDe8j7h5Ipi +8yVUAgqF4wesIZpGtxXRZwwGWwRu38zX5CAa9n9Xbp0Y7tDdINRk0vLCp7VQbd2N +VbMXgqygJAaAImdNfrddAmojWJ92LCT5HKcDNq8Z62VwtLqOUePiEJxm1sUts9tT +sX8XlyLljz2aoWcX+Gzin8HkOftnpYeHptDL26Q2FyW7TYZR4oFuhU6FQ/YPfCsE +m/sxVC7BIBWal4DF29ZiivWvWk+wBNq03LxR1/TvJtOdAgMBAAGjUzBRMB0GA1Ud +DgQWBBSsTKk1fbAbRxPIydDSatzKh+YaGzAfBgNVHSMEGDAWgBSsTKk1fbAbRxPI +ydDSatzKh+YaGzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAl +0p1/QMgdahq22SY+shvvxH9AbtyQo3XFZjWXd0+rMbt0uci640NDhaZxBeMgDWaJ +jRe+K7sw+AhnIWzH9RbaYQfVAXxjFb7kHSb93bezXjA3m21O5KpwiQyaXCbsIVSf +n59pd3+EV/Q96EclNMoixpDUVtqI7i046/3imZ4XyBDpQPWCajaKpp8rkypCvykK +KQ7BGF8lr3WyAgfsoHi9UrWcN1n3ynyy9T9qr1CFmopQiwSQo+036a8F/3Y9KIFM +nhQWTBVcXkbmZtxpRRaD9rC6p+2aqfVNmjCDuYxjuGmTqL/0eayRefk0QwT5S51L +ea5WlmQtUbCpewnNiNrz +-----END CERTIFICATE----- diff --git a/config/certs/ca.key b/config/certs/ca.key new file mode 100644 index 00000000..ea1b62b9 --- /dev/null +++ b/config/certs/ca.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD43Co0NROYEeeZ +WWH4O3m+V7U+1/4DVuAm+9u1bxqiOnliE24wm9+gk3HEwdr6pMGTfMWS8BMmqUpj +jgFVK4Tcur87Cqjq7XDe8j7h5Ipi8yVUAgqF4wesIZpGtxXRZwwGWwRu38zX5CAa +9n9Xbp0Y7tDdINRk0vLCp7VQbd2NVbMXgqygJAaAImdNfrddAmojWJ92LCT5HKcD +Nq8Z62VwtLqOUePiEJxm1sUts9tTsX8XlyLljz2aoWcX+Gzin8HkOftnpYeHptDL +26Q2FyW7TYZR4oFuhU6FQ/YPfCsEm/sxVC7BIBWal4DF29ZiivWvWk+wBNq03LxR +1/TvJtOdAgMBAAECggEAHfFKQq3VhbPhzIRXUqlqpImjt8P/6XbyfBOhroWHttfs +8u1TkhWvJSrtwrbFxOfol/j97LK7cH4TV+x7dzvykycFC0g6ZXSG4sxS30Btm3+V +5jMOARNSllYUsfLQH+STgHrttZ7H5CdWlZKYZR9crOX5y3a/whcqOQbkvKCmH522 +CUWeoabELLFGh6sGkQ6dXMFMS/fzT9MK3gxoLYYoTum5vJN2HYxMBerTbc3wXPtN +/BY8gStkv9BtbovPqsHUWeWK1fXphqysfKE79k9zS9PPz8ErEPhhT44blIo0BKCp +akw4DjHXbHhFq8Onh+3NemTLIhx++8z0FgL+6jYdIQKBgQD7BnNhHSxRm/smvyVm +L3fOX22fL1ZruY9sV4h3pK7KEqMLoUfrOpBN1AiQd/Xb/XNGMrHSPdZGL+tSS7vJ +2ibcSJWGuvuhA8HXpSPRUE9ao5cdRtEOTpy0FncMYaa7XYFoi1NOH/xl0uhd2u2i +uqL122tafZ9cP8fzvrOICa9ydwKBgQD9yrq3D3m5oIj596jDUsX2jxCKRzdnGLu3 +/qRnnfsN07524Ydqo8lpQMU+u2ljJhNFjcBqTOjSsRnnd1qQHqxZ18ABgOteAws5 +FlfLNQ7nupZu0IMd3b2WoCqoUOzLBsofUnMUPGRZLI2QCxfS1gzgp57IpY1egHe9 +1HL2Ht/7iwKBgCCeYffIlq20GxqZ0/5HRMYoWFJLEGvHHP/zD+ScHapcaZtlRbcn +UQEMAGDldak0cfo5NCohpupP58A13x0Hn+0X8XYkbfYqStH+v3y/dtBMWaKQRTIa +vPoZwTZ2qffG2r3+/MA2H9ILae5oOGDg57QS4wxLLp4KG61spl+TAp1ZAoGAbtG8 +UD0gsO6pgUUkWw3kxXHZDhhk187UAVbe4SP5wSLpsy1tnSIhy6TtvCPHs/SnS6LH +F2O38nBE2G6ki/Po3F46SC3MGMQJfYcFFQV5GbS/BWplJoBxzbjoh5C2pTy0u5Kc +D4UDaHDs6638XCL9goeO7RxlK5O7NZf0DwaSVVsCgYB6JQoVjob9kRIkko1ob63W +idsWNZtG3Py1gx61lBPk/Lz/bxJKlsnWgvInjGgFQ0o0g98hnd4H3O89BPwyAgKa +dIKfW/2k7SG0B+wB1xhnaBtHvJ3tWdqcH9wcTbOQ4LbT1OlvEQYc2B7cYicS22oZ +1lUUI2e9WKSTzwHk+nZQEw== +-----END PRIVATE KEY----- diff --git a/config/install_agent.tpl b/config/install_agent.tpl index 0df7fab0..47c365f8 100644 --- a/config/install_agent.tpl +++ b/config/install_agent.tpl @@ -115,8 +115,8 @@ agent_exc="${install_path}/agent/agent-${os}-${arch}" #agent可执行文件 agent_exsit="true" if [ ! -d "${install_path}/agent" ]; then - printf "\n* mkdir ${install_path}/agent" - $sudo_cmd mkdir "${install_path}/agent" + printf "\n* mkdir -p ${install_path}/agent" + $sudo_cmd mkdir -p "${install_path}/agent" agent_exsit="false" fi @@ -161,7 +161,7 @@ rm -f ${agent} ################## # save cert ################## -$sudo_cmd mkdir config +$sudo_cmd mkdir -p config $sudo_cmd sh -c "echo '${ca_crt}' > ./config/ca.crt" $sudo_cmd sh -c "echo '${client_crt}' > ./config/client.crt" $sudo_cmd sh -c "echo '${client_key}' > ./config/client.key" @@ -184,9 +184,9 @@ api: enabled: true tls: enabled: true - cert_file: "${install_path}/agent/config/client.crt" - key_file: "${install_path}/agent/config/client.key" - ca_file: "${install_path}/agent/config/ca.crt" + cert_file: "config/client.crt" + key_file: "config/client.key" + ca_file: "config/ca.crt" skip_insecure_verify: false network: binding: \$[[env.API_BINDING]] @@ -213,10 +213,10 @@ fi $sudo_cmd chmod +x $agent_exc #try to stop and uninstall service -if [[ "$agent_exsit" == "true" ]]; then +if [[ -e /etc/systemd/system/agent.service ]]; then printf "\n* stop && uninstall service\n" - $sudo_cmd $agent_exc -service stop - $sudo_cmd $agent_exc -service uninstall + $sudo_cmd $agent_exc -service stop &>/dev/null + $sudo_cmd $agent_exc -service uninstall &>/dev/null fi printf "\n* start install service\n" diff --git a/console.yml b/console.yml index 8c0cff79..7b80fc8b 100644 --- a/console.yml +++ b/console.yml @@ -1,10 +1,10 @@ path.configs: "config" configs.auto_reload: true -#env: -# INFINI_CONSOLE_ENDPOINT: "http://192.168.3.9:9000" -# INGEST_CLUSTER_ENDPOINT: "http://192.168.3.9:9210" -# INGEST_CLUSTER_CREDENTIAL_ID: chjkp9dath21f1ae9tq0 +env: + INFINI_CONSOLE_ENDPOINT: "http://127.0.0.1:9000" + INGEST_CLUSTER_ENDPOINT: "https://127.0.0.1:9200" + INGEST_CLUSTER_CREDENTIAL_ID: chjkp9dath21f1ae9tq0 web: enabled: true @@ -71,12 +71,12 @@ badger: # redirect_url: "" # scopes: [] -#agent: -# setup: -# download_url: "https://release.infinilabs.com/agent/snapshot" -# version: 0.5.0_NIGHTLY-157 -# ca_cert: "/opt/config/certs/ca.crt" -# ca_key: "/opt/config/certs/ca.key" -# console_endpoint: $[[env.INFINI_CONSOLE_ENDPOINT]] -# ingest_cluster_endpoint: $[[env.INGEST_CLUSTER_ENDPOINT]] -# ingest_cluster_credential_id: $[[env.INGEST_CLUSTER_CREDENTIAL_ID]] \ No newline at end of file +agent: + setup: + download_url: "https://release.infinilabs.com/agent/stable" + version: 0.5.0-214 + ca_cert: "config/certs/ca.crt" + ca_key: "config/certs/ca.key" + console_endpoint: $[[env.INFINI_CONSOLE_ENDPOINT]] + ingest_cluster_endpoint: $[[env.INGEST_CLUSTER_ENDPOINT]] + ingest_cluster_credential_id: $[[env.INGEST_CLUSTER_CREDENTIAL_ID]] \ No newline at end of file