Browse Source

experimental service

main
pvincent 7 months ago
parent
commit
ec66d2bd14
  1. 7
      README.md
  2. 52
      scripts/miaou
  3. 8
      templates/monit/hosts.j2
  4. 65
      templates/nginx/snippets/banner_exp.conf

7
README.md

@ -72,3 +72,10 @@ Development mode
* # requirement Codium IDE * # requirement Codium IDE
* sudo apt install y shellcheck shfmt * sudo apt install y shellcheck shfmt
Different Targets + experimental
--------------------------------
* BETA: the 'exp' mode stands for experimental and allow bypassing the SMTP dropped connection limitation
* PROD: the 'exp' mode is not recommanded and triggers a warning issue
* DEV: the 'exp' mode is not recommanded and triggers a warning issue

52
scripts/miaou

@ -126,15 +126,35 @@ function expand_conf() {
yqmi '.expanded.monitored.containers = ([ .services[] | to_entries | .[] | .value | select (.enabled == true ) | .container ] | unique)' yqmi '.expanded.monitored.containers = ([ .services[] | to_entries | .[] | .value | select (.enabled == true ) | .container ] | unique)'
# add monitored.hosts section # add monitored.hosts section
yqmi '.expanded.monitored.hosts = [( .services[][] | select (.enabled == true ) | {"domain": ( parent | key ), "subdomain": key, "fqdn": key + (parent | parent | parent | .expanded.fqdn_middlepart) + ( parent | key ), "container":.container, "port":.port, "app":.app })]'
# yqmi '.expanded.monitored.hosts = [( .services[][] | select (.enabled == true ) | {"domain": ( parent | key ), "subdomain": key, "fqdn": key + (parent | parent | parent | .expanded.fqdn_middlepart) + ( parent | key ), "container":.container, "port":.port, "app":.app })]'
# add services section # add services section
if [[ ${#services_app_only[@]} -gt 0 ]]; then if [[ ${#services_app_only[@]} -gt 0 ]]; then
yqmi '.expanded.services = [( .services[][] | select (.enabled == true ) | {"domain": ( parent | key ), "subdomain": key, "fqdn": key + (parent | parent | parent | .expanded.fqdn_middlepart) + ( parent | key ), "container":.container, "port":.port, "app":.app, "name": .name // ""})]'
yqmi '.expanded.services = [( .services[][] | select (.enabled == true ) | {"domain": ( parent | key ), "subdomain": key, "fqdn": key + (parent | parent | parent | .expanded.fqdn_middlepart) + ( parent | key ), "container":.container, "port":.port, "app":.app, "name": .name // "", "exp": .exp // false })]'
else else
yqmi '.expanded.services = []' yqmi '.expanded.services = []'
fi fi
# change fqdn when exp:true found
readarray -t services < <(yqmt '.expanded.services[] | [ .[] ]')
index=0
for i in "${services[@]}"; do
read -r -a item <<<"$i"
exp=${item[7]}
if [[ "$exp" == true ]]; then
domain=${item[0]}
subdomain=${item[1]}
fqdn=${item[2]}
if [[ $target != beta ]]; then
echowarn "experimental service <$subdomain.exp.$domain> not recommended for target <$target>"
else
echo "experimental service <$subdomain.exp.$domain> detected"
fi
yqmi ".expanded.services[$index].fqdn = \"$subdomain.exp.$domain\""
fi
index=$((index + 1))
done
# add firewall section, bridge_subnet + mail_passthrough if any # add firewall section, bridge_subnet + mail_passthrough if any
bridge_subnet=$(lxc network get lxdbr0 ipv4.address) bridge_subnet=$(lxc network get lxdbr0 ipv4.address)
yqmi ".firewall.bridge_subnet = \"$bridge_subnet\"" yqmi ".firewall.bridge_subnet = \"$bridge_subnet\""
@ -188,13 +208,14 @@ function monit_show() {
PREFIX="monit:show" PREFIX="monit:show"
: $PREFIX : $PREFIX
readarray -t hosts < <(yqmt '.expanded.monitored.hosts[] | [ .container, .port, .fqdn, .app ]')
echo "================="
echo "${#hosts[@]} available hosts"
echo "================="
readarray -t services < <(yqmt '.expanded.services[] | [ .container, .port, .fqdn, .app ]')
echo "======================"
echo "${#services[@]} available services"
echo "======================"
for service in "${services[@]}"; do
read -r -a item <<<"$service"
for host in "${hosts[@]}"; do
read -r -a item <<<"$host"
container=${item[0]} container=${item[0]}
port=${item[1]} port=${item[1]}
fqdn=${item[2]} fqdn=${item[2]}
@ -217,7 +238,7 @@ function build_monit() {
# test whether monitored items actually run safely # test whether monitored items actually run safely
PREFIX="monit:build" PREFIX="monit:build"
echo -n "testing monitored hosts ..." echo -n "testing monitored hosts ..."
readarray -t hosts < <(yqmt '.expanded.monitored.hosts[] | [ .container, .port, .fqdn ]')
readarray -t hosts < <(yqmt '.expanded.services[] | [ .container, .port, .fqdn ]')
for host in "${hosts[@]}"; do for host in "${hosts[@]}"; do
read -r -a item <<<"$host" read -r -a item <<<"$host"
container=${item[0]} container=${item[0]}
@ -225,18 +246,18 @@ function build_monit() {
fqdn=${item[2]} fqdn=${item[2]}
if ! (lxc exec "$container" -- ss -tln | grep -q "\(0.0.0.0\|*\):$port"); then if ! (lxc exec "$container" -- ss -tln | grep -q "\(0.0.0.0\|*\):$port"); then
echoerr
PREFIX='' echo
echoerr "no HTTP server responds on <$container.lxd:$port>" echoerr "no HTTP server responds on <$container.lxd:$port>"
echoerr "please review configuration <miaou.yaml> for fqdn: $fqdn" echoerr "please review configuration <miaou.yaml> for fqdn: $fqdn"
exit 2 exit 2
fi fi
if ! curl_check_unsecure "https://$fqdn"; then if ! curl_check_unsecure "https://$fqdn"; then
echoerr
PREFIX='' echo
echoerr "DMZ does not seem to dispatch <https://$fqdn> please review DMZ Nginx proxy" echoerr "DMZ does not seem to dispatch <https://$fqdn> please review DMZ Nginx proxy"
exit 3 exit 3
elif [[ "$target" != 'dev' ]] && ! curl_check "https://$fqdn"; then elif [[ "$target" != 'dev' ]] && ! curl_check "https://$fqdn"; then
PREFIX="" echo
PREFIX='' echo
echowarn "T=$target missing valid certificate for fqdn <https://$fqdn> please review DMZ certbot" echowarn "T=$target missing valid certificate for fqdn <https://$fqdn> please review DMZ certbot"
fi fi
@ -288,17 +309,17 @@ function build_nftables() {
fi fi
} }
# check whether http server responds 200 OK, required <url>, ie: http://example.com:8001, https://example.com
# check whether http server responds something, required <url>, ie: http://example.com:8001, https://example.com
function curl_check() { function curl_check() {
arg1_required "$@" arg1_required "$@"
# echo "curl $1" # echo "curl $1"
curl -m $MAX_WAIT -sLI4 "$1" | grep -q "^HTTP.* 200"
curl -m $MAX_WAIT -sLI4 "$1" | grep -q "^HTTP.* [2|3|4].*"
} }
# check whether https server responds 200 OK, even unsecured certificate (auto-signed in mode DEV) # check whether https server responds 200 OK, even unsecured certificate (auto-signed in mode DEV)
function curl_check_unsecure() { function curl_check_unsecure() {
arg1_required "$@" arg1_required "$@"
curl -m $MAX_WAIT -skLI4 "$1" | grep -q "^HTTP.* 200"
curl -m $MAX_WAIT -skLI4 "$1" | grep -q "^HTTP.* [2|3|4].*"
} }
function get_dmz_ip() { function get_dmz_ip() {
@ -478,6 +499,5 @@ if check_expand_conf; then
build_routes build_routes
build_monit build_monit
else else
build_routes
monit_show monit_show
fi fi

8
templates/monit/hosts.j2

@ -1,6 +1,6 @@
{% for host in expanded.monitored.hosts -%}
check host {{ host.container }}.{{ host.port }} with address {{ host.container }}.lxd
depends on {{ host.container }}.running
if failed port {{ host.port }} protocol http for 2 cycles then alert
{% for service in expanded.services -%}
check host {{ service.container }}.{{ service.port }} with address {{ service.container }}.lxd
depends on {{ service.container }}.running
if failed port {{ service.port }} protocol http for 2 cycles then alert
{% endfor -%} {% endfor -%}

65
templates/nginx/snippets/banner_exp.conf

@ -0,0 +1,65 @@
proxy_set_header Accept-Encoding "";
subs_filter '</body>' '
<div class="betabanner_box">
<div class="betabanner_ribbon"><span>EXP</span></div>
</div>
<style>
.betabanner_box {
height: 100%;
position: absolute;
bottom: 0;
pointer-events: none;
opacity: 0.7;
}
.betabanner_ribbon {
position: fixed;
left: -5px;
bottom : 0;
z-index: 9999;
overflow: hidden;
width: 75px; height: 75px;
text-align: right;
}
.betabanner_ribbon span {
font-size: 10px;
font-weight: bold;
color: #FFF;
text-transform: uppercase;
text-align: center;
line-height: 20px;
transform: rotate(45deg);
-webkit-transform: rotate(45deg);
width: 100px;
display: block;
background: linear-gradient(salmon 30%, orange 81%);
box-shadow: 5px 9px 27px -4px rgba(0, 0, 0, 1);
position: absolute;
bottom: 16px;
left: -21px;
}
.betabanner_ribbon span::before {
content: "";
position: absolute; left: 0px; top: 100%;
z-index: -1;
border-left: 3px solid #79A70A;
border-right: 3px solid transparent;
border-bottom: 3px solid transparent;
border-top: 3px solid #79A70A;
}
.betabanner_ribbon span::after {
content: "";
position: absolute; right: 0px; top: 100%;
z-index: -1;
border-left: 3px solid transparent;
border-right: 3px solid #79A70A;
border-bottom: 3px solid transparent;
border-top: 3px solid #79A70A;
}
</style>
</body>
';
Loading…
Cancel
Save