diff options
author | Eddie Arrage <eddie.arrage@huawei.com> | 2018-03-21 18:38:59 +0000 |
---|---|---|
committer | Eddie Arrage <eddie.arrage@huawei.com> | 2018-03-30 01:22:37 +0000 |
commit | 1575a9b3f7e7f475d4d5d8d1541f783948c0d398 (patch) | |
tree | 6c663149df632258e41a5d961079a9236d42a7a8 /samples/services/nginx/docker/grpc/nginx_grpc_server.py | |
parent | 9f3d87d798cf04c243e82d284a7dc4f7b3ec5c1a (diff) |
Added initial nginx services
- Proxy allows ingress traffic to be sent to another element in
service mesh
- Mirroring is also in the default configuration
- Default configuration is to proxy to a clover-server and mirror
to snort-ids
- A location_path (URI in HTTP requests) can be reconfigured to
restrict proxing; default to '/'
- A proxy_path can be reconfigured to specify an alternate destination
- A mirror path can be reconfigured to specify where traffic
will be spanned
- The default server_port (listen port) for the proxy is 9180 but can be
reconfigured
- The default server_name is http-proxy but can be reconfigured
- Reconfiguration is done over GRPC with jinja2 template for nginx
- Currently snort ids sends alerts to proxy with stub code in GRPC
- Refactored the code to have a nginx base with subservices
- Proxy, Load Balancer (lb), and Server can share code - mainly GRPC
server
- Nginx subservices have separate docker builds
- Improved build scripts for CI
- Render yaml manifests dynamically
- Improve nginx_client for runtime modifications (but not really
useful yet)
Change-Id: Icbff6890021bcc8a8da4690c9261205d6e1ca43a
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Diffstat (limited to 'samples/services/nginx/docker/grpc/nginx_grpc_server.py')
-rw-r--r-- | samples/services/nginx/docker/grpc/nginx_grpc_server.py | 142 |
1 files changed, 142 insertions, 0 deletions
diff --git a/samples/services/nginx/docker/grpc/nginx_grpc_server.py b/samples/services/nginx/docker/grpc/nginx_grpc_server.py new file mode 100644 index 0000000..6f2de0f --- /dev/null +++ b/samples/services/nginx/docker/grpc/nginx_grpc_server.py @@ -0,0 +1,142 @@ +# Copyright (c) Authors of Clover +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 + + +from concurrent import futures +import time +import sys +import grpc +import subprocess +import pickle +import logging +import nginx_pb2 +import nginx_pb2_grpc + +from jinja2 import Template + +_ONE_DAY_IN_SECONDS = 60 * 60 * 24 +GRPC_PORT = '[::]:50054' + + +class Controller(nginx_pb2_grpc.ControllerServicer): + + def __init__(self, service_type): + logging.basicConfig(filename='nginx.log', level=logging.DEBUG) + self.service_type = service_type + self.out_file = '/etc/nginx/nginx.conf' + # self.out_file = 'testfile' + if service_type == "proxy": + # self.template_file = 'templates/proxy.template' + self.template_file = '/grpc/templates/proxy.template' + self.ModifyProxy(nginx_pb2.ConfigProxy( + server_port='9180', server_name='http-proxy', + location_path='/', proxy_path='http://clover-server:9180', + mirror_path='http://snort-ids:80'), "") + if service_type == "server": + # self.template_file = 'templates/server.template' + self.template_file = '/grpc/templates/server.template' + self.ModifyServer(nginx_pb2.ConfigServer( + server_port='9180', server_name='clover-server', + site_root='/var/www/html', + site_index='index.nginx-debian.html'), "") + if service_type == "lb": + # self.template_file = 'templates/lb.template' + self.template_file = '/grpc/templates/lb.template' + slb_list = pickle.dumps( + ['clover-server1', 'clover-server2', 'clover-server3']) + self.ModifyLB(nginx_pb2.ConfigLB( + server_port='9180', server_name='http-lb', + slb_list=slb_list, + slb_group='cloverlb', lb_path='/'), "") + + def ModifyProxy(self, r, context): + try: + with open(self.template_file) as f: + tmpl = Template(f.read()) + output = tmpl.render( + server_port=r.server_port, + server_name=r.server_name, + location_path=r.location_path, + proxy_path=r.proxy_path, + mirror_path=r.mirror_path + ) + with open(self.out_file, "wb") as fh: + fh.write(output) + msg = "Modified nginx config" + self.RestartNginx() + except Exception as e: + logging.debug(e) + msg = "Failed to modify nginx config" + return nginx_pb2.NginxReply(message=msg) + + def ModifyServer(self, r, context): + try: + with open(self.template_file) as f: + tmpl = Template(f.read()) + output = tmpl.render( + server_port=r.server_port, + server_name=r.server_name, + site_root=r.site_root, + site_index=r.site_index + ) + with open(self.out_file, "wb") as fh: + fh.write(output) + msg = "Modified nginx config" + self.RestartNginx() + except Exception as e: + logging.debug(e) + msg = "Failed to modify nginx config" + return nginx_pb2.NginxReply(message=msg) + + def ModifyLB(self, r, context): + try: + with open(self.template_file) as f: + tmpl = Template(f.read()) + output = tmpl.render( + server_port=r.server_port, + server_name=r.server_name, + slb_list=pickle.loads(r.slb_list), + slb_group=r.slb_group, + lb_path=r.lb_path + ) + with open(self.out_file, "wb") as fh: + fh.write(output) + msg = "Modified nginx config" + self.RestartNginx() + except Exception as e: + logging.debug(e) + msg = "Failed to modify nginx config" + return nginx_pb2.NginxReply(message=msg) + + def RestartNginx(self): + subprocess.Popen( + ["service nginx restart"], shell=True) + + def ProcessAlerts(self, request, context): + try: + msg = "Processed alert" + except Exception as e: + logging.debug(e) + msg = "Failed to process alert" + return nginx_pb2.NginxReply(message=msg) + + +def serve(service_type): + server = grpc.server(futures.ThreadPoolExecutor(max_workers=10)) + nginx_pb2_grpc.add_ControllerServicer_to_server( + Controller(service_type), server) + server.add_insecure_port(GRPC_PORT) + server.start() + try: + while True: + time.sleep(_ONE_DAY_IN_SECONDS) + except KeyboardInterrupt: + server.stop(0) + + +if __name__ == '__main__': + serve(sys.argv[1]) |