floraachy
/
console
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

set default agent setup config

This commit is contained in:
liugq 2023-06-08 16:31:32 +08:00
parent ec44fb0c66
commit be1dd920c7
6 changed files with 101 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
console.yml
View File

@ -1,10 +1,10 @@
path.configs: "config" path.configs: "config"
configs.auto_reload: true configs.auto_reload: true
env: #env:
INFINI_CONSOLE_ENDPOINT: "http://127.0.0.1:9000" # INFINI_CONSOLE_ENDPOINT: "http://127.0.0.1:9000"
INGEST_CLUSTER_ENDPOINT: "https://127.0.0.1:9200" # INGEST_CLUSTER_ENDPOINT: "https://127.0.0.1:9200"
INGEST_CLUSTER_CREDENTIAL_ID: chjkp9dath21f1ae9tq0 # INGEST_CLUSTER_CREDENTIAL_ID: chjkp9dath21f1ae9tq0
web: web:
enabled: true enabled: true
@ -71,12 +71,12 @@ badger:
# redirect_url: "" # redirect_url: ""
# scopes: [] # scopes: []
agent: #agent:
setup: # setup:
download_url: "https://release.infinilabs.com/agent/stable" # download_url: "https://release.infinilabs.com/agent/stable"
version: 0.5.0-214 # version: 0.5.0-214
ca_cert: "config/certs/ca.crt" # ca_cert: "config/certs/ca.crt"
ca_key: "config/certs/ca.key" # ca_key: "config/certs/ca.key"
console_endpoint: $[[env.INFINI_CONSOLE_ENDPOINT]] # console_endpoint: $[[env.INFINI_CONSOLE_ENDPOINT]]
ingest_cluster_endpoint: $[[env.INGEST_CLUSTER_ENDPOINT]] # ingest_cluster_endpoint: $[[env.INGEST_CLUSTER_ENDPOINT]]
ingest_cluster_credential_id: $[[env.INGEST_CLUSTER_CREDENTIAL_ID]] # ingest_cluster_credential_id: $[[env.INGEST_CLUSTER_CREDENTIAL_ID]]

16
modules/agent/agent.go
View File

@ -49,15 +49,23 @@ func (module *AgentModule) Start() error {
var ( var (
executor client.Executor executor client.Executor
err error err error
caFile string
caKey string
) )
if module.AgentConfig.Setup == nil { if module.AgentConfig.Setup != nil {
executor = &client.HttpExecutor{} caFile = module.AgentConfig.Setup.CACertFile
}else{ caKey = module.AgentConfig.Setup.CAKeyFile
executor, err = client.NewMTLSExecutor(module.AgentConfig.Setup.CACertFile, module.AgentConfig.Setup.CAKeyFile) }
if caFile == "" && caKey == "" {
caFile, caKey, err = common.GetOrInitDefaultCaCerts()
if err != nil { if err != nil {
panic(err) panic(err)
} }
} }
executor, err = client.NewMTLSExecutor(caFile, caKey)
if err != nil {
panic(err)
}
agClient := &client.Client{ agClient := &client.Client{
Executor: executor, Executor: executor,
} }

20
modules/agent/api/setup.go
View File

@ -74,11 +74,7 @@ func (h *APIHandler) generateInstallCommand(w http.ResponseWriter, req *http.Req
tokens.Store(tokenStr, t) tokens.Store(tokenStr, t)
consoleEndpoint := agCfg.Setup.ConsoleEndpoint consoleEndpoint := agCfg.Setup.ConsoleEndpoint
if consoleEndpoint == "" { if consoleEndpoint == "" {
scheme := "http" consoleEndpoint = getDefaultConsoleEndpoint(req)
if req.TLS != nil {
scheme = "https"
}
consoleEndpoint = fmt.Sprintf("%s://%s", scheme, req.Host)
} }
h.WriteJSON(w, util.MapStr{ h.WriteJSON(w, util.MapStr{
"script": fmt.Sprintf(`sudo BASE_URL="%s" AGENT_VER="%s" INSTALL_PATH="/opt" bash -c "$(curl -L '%s/agent/install.sh?token=%s')"`, agCfg.Setup.DownloadURL, agCfg.Setup.Version, consoleEndpoint, tokenStr), "script": fmt.Sprintf(`sudo BASE_URL="%s" AGENT_VER="%s" INSTALL_PATH="/opt" bash -c "$(curl -L '%s/agent/install.sh?token=%s')"`, agCfg.Setup.DownloadURL, agCfg.Setup.Version, consoleEndpoint, tokenStr),
@ -87,6 +83,14 @@ func (h *APIHandler) generateInstallCommand(w http.ResponseWriter, req *http.Req
}, http.StatusOK) }, http.StatusOK)
} }
func getDefaultConsoleEndpoint(req *http.Request) string{
scheme := "http"
if req.TLS != nil {
scheme = "https"
}
return fmt.Sprintf("%s://%s", scheme, req.Host)
}
func (h *APIHandler) getInstallScript(w http.ResponseWriter, req *http.Request, ps httprouter.Params) { func (h *APIHandler) getInstallScript(w http.ResponseWriter, req *http.Request, ps httprouter.Params) {
tokenStr := h.GetParameter(req, "token") tokenStr := h.GetParameter(req, "token")
if strings.TrimSpace(tokenStr) == "" { if strings.TrimSpace(tokenStr) == "" {
@ -127,10 +131,14 @@ func (h *APIHandler) getInstallScript(w http.ResponseWriter, req *http.Request,
if port == "" { if port == "" {
port = "8080" port = "8080"
} }
consoleEndpoint := agCfg.Setup.ConsoleEndpoint
if consoleEndpoint == "" {
consoleEndpoint = getDefaultConsoleEndpoint(req)
}
_, err = tpl.Execute(w, map[string]interface{}{ _, err = tpl.Execute(w, map[string]interface{}{
"base_url": agCfg.Setup.DownloadURL, "base_url": agCfg.Setup.DownloadURL,
"agent_version": agCfg.Setup.Version, "agent_version": agCfg.Setup.Version,
"console_endpoint": agCfg.Setup.ConsoleEndpoint, "console_endpoint": consoleEndpoint,
"client_crt": clientCertPEM, "client_crt": clientCertPEM,
"client_key": clientKeyPEM, "client_key": clientKeyPEM,
"ca_crt": caCert, "ca_crt": caCert,

6
modules/agent/common/cert.go
View File

@ -24,9 +24,6 @@ func GenerateServerCert(caFile, caKey string) (caCert, serverCertPEM, serverKeyP
func generateCert(caFile, caKey string, isServer bool)(caCert, instanceCertPEM, instanceKeyPEM []byte, err error){ func generateCert(caFile, caKey string, isServer bool)(caCert, instanceCertPEM, instanceKeyPEM []byte, err error){
pool := x509.NewCertPool() pool := x509.NewCertPool()
if caFile == "" {
caFile = path.Join(global.Env().GetConfigDir(), "certs", "ca.crt")
}
caCert, err = os.ReadFile(caFile) caCert, err = os.ReadFile(caFile)
if err != nil { if err != nil {
return return
@ -39,9 +36,6 @@ func generateCert(caFile, caKey string, isServer bool)(caCert, instanceCertPEM,
if err != nil { if err != nil {
return return
} }
if caKey == "" {
caKey = path.Join(global.Env().GetConfigDir(), "certs", "ca.key")
}
var keyBytes []byte var keyBytes []byte
keyBytes, err = os.ReadFile(caKey) keyBytes, err = os.ReadFile(caKey)
if err != nil { if err != nil {

51
modules/agent/common/config.go
View File

@ -5,17 +5,62 @@
package common package common
import ( import (
"crypto/x509"
"encoding/pem"
log "github.com/cihub/seelog"
"infini.sh/console/modules/agent/model" "infini.sh/console/modules/agent/model"
"infini.sh/framework/core/env" "infini.sh/framework/core/env"
log "src/github.com/cihub/seelog" "infini.sh/framework/core/global"
"infini.sh/framework/core/util"
"os"
"path"
) )
func GetAgentConfig() *model.AgentConfig { func GetAgentConfig() *model.AgentConfig {
agentCfg := &model.AgentConfig{} agentCfg := &model.AgentConfig{
Enabled: true,
Setup: &model.SetupConfig{
DownloadURL: "https://release.infinilabs.com/agent/stable",
Version: "0.5.0-214",
},
}
_, err := env.ParseConfig("agent", agentCfg ) _, err := env.ParseConfig("agent", agentCfg )
if err != nil { if err != nil {
log.Error("agent config not found: %v", err) log.Debug("agent config not found: %v", err)
}
if agentCfg.Setup.CACertFile == "" && agentCfg.Setup.CAKeyFile == "" {
agentCfg.Setup.CACertFile, agentCfg.Setup.CAKeyFile, err = GetOrInitDefaultCaCerts()
if err != nil {
log.Errorf("generate default ca certs error: %v", err)
}
} }
return agentCfg return agentCfg
}
func GetOrInitDefaultCaCerts()(string, string, error){
dataDir := global.Env().GetDataDir()
caFile := path.Join(dataDir, "certs/ca.crt")
caKey := path.Join(dataDir, "certs/ca.key")
if !(util.FileExists(caFile) && util.FileExists(caKey) ) {
err := os.MkdirAll(path.Join(dataDir, "certs"), 0775)
if err != nil {
return "", "", err
}
log.Info("auto generating cert files")
_, rootKey, rootCertPEM := util.GetRootCert()
caKeyPEM := pem.EncodeToMemory(&pem.Block{
Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(rootKey),
})
_, err = util.FilePutContentWithByte(caKey, caKeyPEM)
if err != nil {
return "", "", err
}
_, err = util.FilePutContentWithByte(caFile, rootCertPEM)
if err != nil {
return "", "", err
}
}
return caFile, caKey, nil
} }

15
modules/agent/common/helper.go
View File

@ -11,6 +11,7 @@ import (
"infini.sh/framework/core/credential" "infini.sh/framework/core/credential"
"infini.sh/framework/core/elastic" "infini.sh/framework/core/elastic"
"infini.sh/framework/core/event" "infini.sh/framework/core/event"
"infini.sh/framework/core/global"
"infini.sh/framework/core/orm" "infini.sh/framework/core/orm"
"infini.sh/framework/core/util" "infini.sh/framework/core/util"
log "src/github.com/cihub/seelog" log "src/github.com/cihub/seelog"
@ -385,11 +386,20 @@ func GetAgentIngestConfig() (string, *elastic.BasicAuth, error) {
endpoint string endpoint string
ok bool ok bool
) )
emptyIngestClusterEndpoint := false
if agCfg.Setup.IngestClusterEndpoint == nil {
emptyIngestClusterEndpoint = true
}
if endpoint, ok = agCfg.Setup.IngestClusterEndpoint.(string);ok { if endpoint, ok = agCfg.Setup.IngestClusterEndpoint.(string);ok {
if endpoint = strings.TrimSpace(endpoint); endpoint == "" { if endpoint = strings.TrimSpace(endpoint); endpoint == "" {
return "", nil, fmt.Errorf("config ingest_cluster_endpoint must not be empty") emptyIngestClusterEndpoint = true
} }
} }
if emptyIngestClusterEndpoint {
cfg := elastic.GetConfig(global.MustLookupString(elastic.GlobalSystemElasticsearchID))
endpoint = cfg.Endpoint
}
var ( var (
basicAuth elastic.BasicAuth basicAuth elastic.BasicAuth
) )
@ -407,6 +417,9 @@ func GetAgentIngestConfig() (string, *elastic.BasicAuth, error) {
if basicAuth, ok = info.(elastic.BasicAuth); !ok { if basicAuth, ok = info.(elastic.BasicAuth); !ok {
log.Debug("invalid credential: ", cred) log.Debug("invalid credential: ", cred)
} }
}else{
cfg := elastic.GetConfig(global.MustLookupString(elastic.GlobalSystemElasticsearchID))
basicAuth = *cfg.BasicAuth
} }
tpl := `elasticsearch: tpl := `elasticsearch:
- name: default - name: default