From be1dd920c7e44d0e85ab87ede350fcce3b05f44c Mon Sep 17 00:00:00 2001 From: liugq Date: Thu, 8 Jun 2023 16:31:32 +0800 Subject: [PATCH] set default agent setup config --- console.yml | 26 ++++++++--------- modules/agent/agent.go | 16 ++++++++--- modules/agent/api/setup.go | 20 +++++++++---- modules/agent/common/cert.go | 6 ---- modules/agent/common/config.go | 51 ++++++++++++++++++++++++++++++++-- modules/agent/common/helper.go | 15 +++++++++- 6 files changed, 101 insertions(+), 33 deletions(-) diff --git a/console.yml b/console.yml index 7b80fc8b..0a4588af 100644 --- a/console.yml +++ b/console.yml @@ -1,10 +1,10 @@ path.configs: "config" configs.auto_reload: true -env: - INFINI_CONSOLE_ENDPOINT: "http://127.0.0.1:9000" - INGEST_CLUSTER_ENDPOINT: "https://127.0.0.1:9200" - INGEST_CLUSTER_CREDENTIAL_ID: chjkp9dath21f1ae9tq0 +#env: +# INFINI_CONSOLE_ENDPOINT: "http://127.0.0.1:9000" +# INGEST_CLUSTER_ENDPOINT: "https://127.0.0.1:9200" +# INGEST_CLUSTER_CREDENTIAL_ID: chjkp9dath21f1ae9tq0 web: enabled: true @@ -71,12 +71,12 @@ badger: # redirect_url: "" # scopes: [] -agent: - setup: - download_url: "https://release.infinilabs.com/agent/stable" - version: 0.5.0-214 - ca_cert: "config/certs/ca.crt" - ca_key: "config/certs/ca.key" - console_endpoint: $[[env.INFINI_CONSOLE_ENDPOINT]] - ingest_cluster_endpoint: $[[env.INGEST_CLUSTER_ENDPOINT]] - ingest_cluster_credential_id: $[[env.INGEST_CLUSTER_CREDENTIAL_ID]] \ No newline at end of file +#agent: +# setup: +# download_url: "https://release.infinilabs.com/agent/stable" +# version: 0.5.0-214 +# ca_cert: "config/certs/ca.crt" +# ca_key: "config/certs/ca.key" +# console_endpoint: $[[env.INFINI_CONSOLE_ENDPOINT]] +# ingest_cluster_endpoint: $[[env.INGEST_CLUSTER_ENDPOINT]] +# ingest_cluster_credential_id: $[[env.INGEST_CLUSTER_CREDENTIAL_ID]] \ No newline at end of file diff --git a/modules/agent/agent.go b/modules/agent/agent.go index 1a9241e4..9b86e2d9 100644 --- a/modules/agent/agent.go +++ b/modules/agent/agent.go @@ -49,15 +49,23 @@ func (module *AgentModule) Start() error { var ( executor client.Executor err error + caFile string + caKey string ) - if module.AgentConfig.Setup == nil { - executor = &client.HttpExecutor{} - }else{ - executor, err = client.NewMTLSExecutor(module.AgentConfig.Setup.CACertFile, module.AgentConfig.Setup.CAKeyFile) + if module.AgentConfig.Setup != nil { + caFile = module.AgentConfig.Setup.CACertFile + caKey = module.AgentConfig.Setup.CAKeyFile + } + if caFile == "" && caKey == "" { + caFile, caKey, err = common.GetOrInitDefaultCaCerts() if err != nil { panic(err) } } + executor, err = client.NewMTLSExecutor(caFile, caKey) + if err != nil { + panic(err) + } agClient := &client.Client{ Executor: executor, } diff --git a/modules/agent/api/setup.go b/modules/agent/api/setup.go index 5a4ff435..c63017c9 100644 --- a/modules/agent/api/setup.go +++ b/modules/agent/api/setup.go @@ -74,11 +74,7 @@ func (h *APIHandler) generateInstallCommand(w http.ResponseWriter, req *http.Req tokens.Store(tokenStr, t) consoleEndpoint := agCfg.Setup.ConsoleEndpoint if consoleEndpoint == "" { - scheme := "http" - if req.TLS != nil { - scheme = "https" - } - consoleEndpoint = fmt.Sprintf("%s://%s", scheme, req.Host) + consoleEndpoint = getDefaultConsoleEndpoint(req) } h.WriteJSON(w, util.MapStr{ "script": fmt.Sprintf(`sudo BASE_URL="%s" AGENT_VER="%s" INSTALL_PATH="/opt" bash -c "$(curl -L '%s/agent/install.sh?token=%s')"`, agCfg.Setup.DownloadURL, agCfg.Setup.Version, consoleEndpoint, tokenStr), @@ -87,6 +83,14 @@ func (h *APIHandler) generateInstallCommand(w http.ResponseWriter, req *http.Req }, http.StatusOK) } +func getDefaultConsoleEndpoint(req *http.Request) string{ + scheme := "http" + if req.TLS != nil { + scheme = "https" + } + return fmt.Sprintf("%s://%s", scheme, req.Host) +} + func (h *APIHandler) getInstallScript(w http.ResponseWriter, req *http.Request, ps httprouter.Params) { tokenStr := h.GetParameter(req, "token") if strings.TrimSpace(tokenStr) == "" { @@ -127,10 +131,14 @@ func (h *APIHandler) getInstallScript(w http.ResponseWriter, req *http.Request, if port == "" { port = "8080" } + consoleEndpoint := agCfg.Setup.ConsoleEndpoint + if consoleEndpoint == "" { + consoleEndpoint = getDefaultConsoleEndpoint(req) + } _, err = tpl.Execute(w, map[string]interface{}{ "base_url": agCfg.Setup.DownloadURL, "agent_version": agCfg.Setup.Version, - "console_endpoint": agCfg.Setup.ConsoleEndpoint, + "console_endpoint": consoleEndpoint, "client_crt": clientCertPEM, "client_key": clientKeyPEM, "ca_crt": caCert, diff --git a/modules/agent/common/cert.go b/modules/agent/common/cert.go index 61521509..9b324009 100644 --- a/modules/agent/common/cert.go +++ b/modules/agent/common/cert.go @@ -24,9 +24,6 @@ func GenerateServerCert(caFile, caKey string) (caCert, serverCertPEM, serverKeyP func generateCert(caFile, caKey string, isServer bool)(caCert, instanceCertPEM, instanceKeyPEM []byte, err error){ pool := x509.NewCertPool() - if caFile == "" { - caFile = path.Join(global.Env().GetConfigDir(), "certs", "ca.crt") - } caCert, err = os.ReadFile(caFile) if err != nil { return @@ -39,9 +36,6 @@ func generateCert(caFile, caKey string, isServer bool)(caCert, instanceCertPEM, if err != nil { return } - if caKey == "" { - caKey = path.Join(global.Env().GetConfigDir(), "certs", "ca.key") - } var keyBytes []byte keyBytes, err = os.ReadFile(caKey) if err != nil { diff --git a/modules/agent/common/config.go b/modules/agent/common/config.go index 33319101..54b1cc0e 100644 --- a/modules/agent/common/config.go +++ b/modules/agent/common/config.go @@ -5,17 +5,62 @@ package common import ( + "crypto/x509" + "encoding/pem" + log "github.com/cihub/seelog" "infini.sh/console/modules/agent/model" "infini.sh/framework/core/env" - log "src/github.com/cihub/seelog" + "infini.sh/framework/core/global" + "infini.sh/framework/core/util" + "os" + "path" ) func GetAgentConfig() *model.AgentConfig { - agentCfg := &model.AgentConfig{} + agentCfg := &model.AgentConfig{ + Enabled: true, + Setup: &model.SetupConfig{ + DownloadURL: "https://release.infinilabs.com/agent/stable", + Version: "0.5.0-214", + }, + } _, err := env.ParseConfig("agent", agentCfg ) if err != nil { - log.Error("agent config not found: %v", err) + log.Debug("agent config not found: %v", err) + } + if agentCfg.Setup.CACertFile == "" && agentCfg.Setup.CAKeyFile == "" { + agentCfg.Setup.CACertFile, agentCfg.Setup.CAKeyFile, err = GetOrInitDefaultCaCerts() + if err != nil { + log.Errorf("generate default ca certs error: %v", err) + } } return agentCfg +} + +func GetOrInitDefaultCaCerts()(string, string, error){ + dataDir := global.Env().GetDataDir() + caFile := path.Join(dataDir, "certs/ca.crt") + caKey := path.Join(dataDir, "certs/ca.key") + if !(util.FileExists(caFile) && util.FileExists(caKey) ) { + err := os.MkdirAll(path.Join(dataDir, "certs"), 0775) + if err != nil { + return "", "", err + } + log.Info("auto generating cert files") + _, rootKey, rootCertPEM := util.GetRootCert() + + caKeyPEM := pem.EncodeToMemory(&pem.Block{ + Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(rootKey), + }) + _, err = util.FilePutContentWithByte(caKey, caKeyPEM) + if err != nil { + return "", "", err + } + _, err = util.FilePutContentWithByte(caFile, rootCertPEM) + if err != nil { + return "", "", err + } + } + return caFile, caKey, nil } \ No newline at end of file diff --git a/modules/agent/common/helper.go b/modules/agent/common/helper.go index 4c4b8d8a..a6d26216 100644 --- a/modules/agent/common/helper.go +++ b/modules/agent/common/helper.go @@ -11,6 +11,7 @@ import ( "infini.sh/framework/core/credential" "infini.sh/framework/core/elastic" "infini.sh/framework/core/event" + "infini.sh/framework/core/global" "infini.sh/framework/core/orm" "infini.sh/framework/core/util" log "src/github.com/cihub/seelog" @@ -385,11 +386,20 @@ func GetAgentIngestConfig() (string, *elastic.BasicAuth, error) { endpoint string ok bool ) + emptyIngestClusterEndpoint := false + if agCfg.Setup.IngestClusterEndpoint == nil { + emptyIngestClusterEndpoint = true + } if endpoint, ok = agCfg.Setup.IngestClusterEndpoint.(string);ok { if endpoint = strings.TrimSpace(endpoint); endpoint == "" { - return "", nil, fmt.Errorf("config ingest_cluster_endpoint must not be empty") + emptyIngestClusterEndpoint = true } } + if emptyIngestClusterEndpoint { + cfg := elastic.GetConfig(global.MustLookupString(elastic.GlobalSystemElasticsearchID)) + endpoint = cfg.Endpoint + } + var ( basicAuth elastic.BasicAuth ) @@ -407,6 +417,9 @@ func GetAgentIngestConfig() (string, *elastic.BasicAuth, error) { if basicAuth, ok = info.(elastic.BasicAuth); !ok { log.Debug("invalid credential: ", cred) } + }else{ + cfg := elastic.GetConfig(global.MustLookupString(elastic.GlobalSystemElasticsearchID)) + basicAuth = *cfg.BasicAuth } tpl := `elasticsearch: - name: default