set default agent setup config

2023-06-08 16:31:32 +08:00 · 2023-06-08 16:31:32 +08:00 · be1dd920c7
parent ec44fb0c66
commit be1dd920c7
6 changed files with 101 additions and 33 deletions
--- a/console.yml
+++ b/console.yml
@ -1,10 +1,10 @@
 path.configs: "config"
 configs.auto_reload: true

-env:
-  INFINI_CONSOLE_ENDPOINT: "http://127.0.0.1:9000"
-  INGEST_CLUSTER_ENDPOINT: "https://127.0.0.1:9200"
-  INGEST_CLUSTER_CREDENTIAL_ID: chjkp9dath21f1ae9tq0
+#env:
+#  INFINI_CONSOLE_ENDPOINT: "http://127.0.0.1:9000"
+#  INGEST_CLUSTER_ENDPOINT: "https://127.0.0.1:9200"
+#  INGEST_CLUSTER_CREDENTIAL_ID: chjkp9dath21f1ae9tq0

 web:
  enabled: true
@ -71,12 +71,12 @@ badger:
 #    redirect_url: ""
 #    scopes: []

-agent:
-  setup:
-    download_url: "https://release.infinilabs.com/agent/stable"
-    version: 0.5.0-214
-    ca_cert: "config/certs/ca.crt"
-    ca_key: "config/certs/ca.key"
-    console_endpoint: $[[env.INFINI_CONSOLE_ENDPOINT]]
-    ingest_cluster_endpoint: $[[env.INGEST_CLUSTER_ENDPOINT]]
-    ingest_cluster_credential_id: $[[env.INGEST_CLUSTER_CREDENTIAL_ID]]
+#agent:
+#  setup:
+#    download_url: "https://release.infinilabs.com/agent/stable"
+#    version: 0.5.0-214
+#    ca_cert: "config/certs/ca.crt"
+#    ca_key: "config/certs/ca.key"
+#    console_endpoint: $[[env.INFINI_CONSOLE_ENDPOINT]]
+#    ingest_cluster_endpoint: $[[env.INGEST_CLUSTER_ENDPOINT]]
+#    ingest_cluster_credential_id: $[[env.INGEST_CLUSTER_CREDENTIAL_ID]]
--- a/modules/agent/agent.go
+++ b/modules/agent/agent.go
@ -49,15 +49,23 @@ func (module *AgentModule) Start() error {
 	var (
 		executor client.Executor
 		err error
+		caFile string
+		caKey string
 	)
-	if module.AgentConfig.Setup == nil {
-		executor = &client.HttpExecutor{}
-	}else{
-		executor, err = client.NewMTLSExecutor(module.AgentConfig.Setup.CACertFile, module.AgentConfig.Setup.CAKeyFile)
+	if module.AgentConfig.Setup != nil {
+		caFile = module.AgentConfig.Setup.CACertFile
+		caKey = module.AgentConfig.Setup.CAKeyFile
+	}
+	if caFile == "" && caKey == "" {
+		caFile, caKey, err = common.GetOrInitDefaultCaCerts()
 		if err != nil {
 			panic(err)
 		}
 	}
+	executor, err = client.NewMTLSExecutor(caFile, caKey)
+	if err != nil {
+		panic(err)
+	}
 	agClient := &client.Client{
 		Executor: executor,
 	}
--- a/modules/agent/api/setup.go
+++ b/modules/agent/api/setup.go
@ -74,11 +74,7 @@ func (h *APIHandler) generateInstallCommand(w http.ResponseWriter, req *http.Req
 	tokens.Store(tokenStr, t)
 	consoleEndpoint :=  agCfg.Setup.ConsoleEndpoint
 	if consoleEndpoint == "" {
-		scheme := "http"
-		if req.TLS != nil {
-			scheme = "https"
-		}
-		consoleEndpoint = fmt.Sprintf("%s://%s", scheme, req.Host)
+		consoleEndpoint = getDefaultConsoleEndpoint(req)
 	}
 	h.WriteJSON(w, util.MapStr{
 		"script": fmt.Sprintf(`sudo BASE_URL="%s" AGENT_VER="%s" INSTALL_PATH="/opt" bash -c "$(curl -L '%s/agent/install.sh?token=%s')"`, agCfg.Setup.DownloadURL, agCfg.Setup.Version, consoleEndpoint, tokenStr),
@ -87,6 +83,14 @@ func (h *APIHandler) generateInstallCommand(w http.ResponseWriter, req *http.Req
 	}, http.StatusOK)
 }

+func getDefaultConsoleEndpoint(req *http.Request) string{
+	scheme := "http"
+	if req.TLS != nil {
+		scheme = "https"
+	}
+	return fmt.Sprintf("%s://%s", scheme, req.Host)
+}
+
 func (h *APIHandler) getInstallScript(w http.ResponseWriter, req *http.Request, ps httprouter.Params) {
 	tokenStr := h.GetParameter(req, "token")
 	if strings.TrimSpace(tokenStr) == "" {
@ -127,10 +131,14 @@ func (h *APIHandler) getInstallScript(w http.ResponseWriter, req *http.Request,
 	if port == "" {
 		port = "8080"
 	}
+	consoleEndpoint := agCfg.Setup.ConsoleEndpoint
+	if consoleEndpoint == "" {
+		consoleEndpoint = getDefaultConsoleEndpoint(req)
+	}
 	_, err = tpl.Execute(w, map[string]interface{}{
 		"base_url":  agCfg.Setup.DownloadURL,
 		"agent_version": agCfg.Setup.Version,
-		"console_endpoint": agCfg.Setup.ConsoleEndpoint,
+		"console_endpoint": consoleEndpoint,
 		"client_crt": clientCertPEM,
 		"client_key": clientKeyPEM,
 		"ca_crt": caCert,
--- a/modules/agent/common/cert.go
+++ b/modules/agent/common/cert.go
@ -24,9 +24,6 @@ func GenerateServerCert(caFile, caKey string) (caCert, serverCertPEM, serverKeyP

 func generateCert(caFile, caKey string, isServer bool)(caCert, instanceCertPEM, instanceKeyPEM []byte, err error){
 	pool := x509.NewCertPool()
-	if caFile == "" {
-		caFile = path.Join(global.Env().GetConfigDir(), "certs", "ca.crt")
-	}
 	caCert, err = os.ReadFile(caFile)
 	if err != nil {
 		return
@ -39,9 +36,6 @@ func generateCert(caFile, caKey string, isServer bool)(caCert, instanceCertPEM,
 	if err != nil {
 		return
 	}
-	if caKey == "" {
-		caKey = path.Join(global.Env().GetConfigDir(), "certs", "ca.key")
-	}
 	var keyBytes []byte
 	keyBytes, err = os.ReadFile(caKey)
 	if err != nil {
--- a/modules/agent/common/config.go
+++ b/modules/agent/common/config.go
@ -5,17 +5,62 @@
 package common

 import (
+	"crypto/x509"
+	"encoding/pem"
+	log "github.com/cihub/seelog"
 	"infini.sh/console/modules/agent/model"
 	"infini.sh/framework/core/env"
-	log "src/github.com/cihub/seelog"
+	"infini.sh/framework/core/global"
+	"infini.sh/framework/core/util"
+	"os"
+	"path"
 )


 func GetAgentConfig() *model.AgentConfig {
-	agentCfg := &model.AgentConfig{}
+	agentCfg := &model.AgentConfig{
+		Enabled: true,
+		Setup: &model.SetupConfig{
+			DownloadURL: "https://release.infinilabs.com/agent/stable",
+			Version: "0.5.0-214",
+		},
+	}
 	_, err := env.ParseConfig("agent", agentCfg )
 	if err != nil {
-		log.Error("agent config not found: %v", err)
+		log.Debug("agent config not found: %v", err)
+	}
+	if agentCfg.Setup.CACertFile == "" && agentCfg.Setup.CAKeyFile == "" {
+		agentCfg.Setup.CACertFile, agentCfg.Setup.CAKeyFile, err = GetOrInitDefaultCaCerts()
+		if err != nil {
+			log.Errorf("generate default ca certs error: %v", err)
+		}
 	}
 	return agentCfg
 }
+
+func GetOrInitDefaultCaCerts()(string, string, error){
+	dataDir := global.Env().GetDataDir()
+	caFile := path.Join(dataDir, "certs/ca.crt")
+	caKey := path.Join(dataDir, "certs/ca.key")
+	if !(util.FileExists(caFile) && util.FileExists(caKey) ) {
+		err := os.MkdirAll(path.Join(dataDir, "certs"), 0775)
+		if err != nil {
+			return "", "", err
+		}
+		log.Info("auto generating cert files")
+		_, rootKey, rootCertPEM := util.GetRootCert()
+
+		caKeyPEM := pem.EncodeToMemory(&pem.Block{
+			Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(rootKey),
+		})
+		_, err = util.FilePutContentWithByte(caKey, caKeyPEM)
+		if err != nil {
+			return "", "", err
+		}
+		_, err = util.FilePutContentWithByte(caFile, rootCertPEM)
+		if err != nil {
+			return "", "", err
+		}
+	}
+	return caFile, caKey, nil
+}
--- a/modules/agent/common/helper.go
+++ b/modules/agent/common/helper.go
@ -11,6 +11,7 @@ import (
 	"infini.sh/framework/core/credential"
 	"infini.sh/framework/core/elastic"
 	"infini.sh/framework/core/event"
+	"infini.sh/framework/core/global"
 	"infini.sh/framework/core/orm"
 	"infini.sh/framework/core/util"
 	log "src/github.com/cihub/seelog"
@ -385,11 +386,20 @@ func GetAgentIngestConfig() (string, *elastic.BasicAuth, error) {
 		endpoint string
 		ok bool
 	)
+	emptyIngestClusterEndpoint := false
+	if agCfg.Setup.IngestClusterEndpoint == nil {
+		emptyIngestClusterEndpoint = true
+	}
 	if endpoint, ok = agCfg.Setup.IngestClusterEndpoint.(string);ok {
 		if endpoint = strings.TrimSpace(endpoint); endpoint == "" {
-			return "", nil, fmt.Errorf("config ingest_cluster_endpoint must not be empty")
+			emptyIngestClusterEndpoint = true
 		}
 	}
+	if emptyIngestClusterEndpoint {
+		cfg := elastic.GetConfig(global.MustLookupString(elastic.GlobalSystemElasticsearchID))
+		endpoint = cfg.Endpoint
+	}
+
 	var (
 		basicAuth elastic.BasicAuth
 	)
@ -407,6 +417,9 @@ func GetAgentIngestConfig() (string, *elastic.BasicAuth, error) {
 		if basicAuth, ok = info.(elastic.BasicAuth); !ok {
 			log.Debug("invalid credential: ", cred)
 		}
+	}else{
+		cfg := elastic.GetConfig(global.MustLookupString(elastic.GlobalSystemElasticsearchID))
+		basicAuth = *cfg.BasicAuth
 	}
 	tpl := `elasticsearch:
  - name: default