integration - continue work on storageless config for k8s and swarm

autoconf/prepare.sh

@@ -16,6 +16,7 @@ chmod ugo+x /opt/bunkerized-nginx/entrypoint/* /opt/bunkerized-nginx/scripts/*
 chmod ugo+x /opt/bunkerized-nginx/gen/main.py
 chmod ugo+x /opt/bunkerized-nginx/jobs/main.py
 chmod ugo+x /opt/bunkerized-nginx/jobs/reload.py
+chmod ugo+x /opt/bunkerized-nginx/jobs/certbot-*.sh
 chmod 770 /opt/bunkerized-nginx
 chmod 440 /opt/bunkerized-nginx/settings.json
 

autoconf/src/Config.py

@@ -6,6 +6,15 @@ import Controller
 
 from logger import log
 
+CONFIGS = {
+	"conf": "/etc/nginx",
+	"letsencrypt": "/etc/letsencrypt",
+	"http": "/http-confs",
+	"server": "/server-confs",
+	"modsec": "/modsec-confs",
+	"modsec-crs": "/modsec-crs-confs"
+}
+
 class Config :
 
 	def __init__(self, type, api_uri, http_port="8080") :
@@ -64,12 +73,32 @@ class Config :
 					instance.kill("SIGHUP")
 				except :
 					ret = False
-		elif self.__type == Controller.Type.SWARM :
-			ret = self.__api_call(instances, "/reload")
-		elif self.__type == Controller.Type.KUBERNETES :
+		elif self.__type == Controller.Type.SWARM or self.__type == Controller.Type.KUBERNETES :
 			ret = self.__api_call(instances, "/reload")
 		return ret
 
+	def send(self, instances) :
+		ret = True
+		if self.__type == Controller.Type.DOCKER :
+			return ret
+		elif self.__type == Controller.Type.SWARM or self.__type == Controller.Type.KUBERNERTES :
+			fail = False
+			for name, path in CONFIGS.items() :
+				file = self.__tarball(path)
+				if not self.__api_call(instances, "/" + name, file=file) :
+					log("config", "ERROR", "can't send config " + name + " to instance(s)")
+					fail = True
+				file.close()
+			if fail :
+				ret = False
+		return ret
+
+	def __tarball(path) :
+		file = io.BytesIO()
+		with tarfile.open(mode="w:gz", fileobj=file) as tar :
+			tar.add(path, arcname=".")
+		return file
+
 	def __ping(self, instances) :
 		return self.__api_call(instances, "/ping")
 
@@ -120,7 +149,7 @@ class Config :
 			log("config", "ERROR", "exception while waiting for bunkerized-nginx instances : " + traceback.format_exc())
 		return False
 
-	def __api_call(self, instances, path) :
+	def __api_call(self, instances, path, file=None) :
 		ret = True
 		nb = 0
 		urls = []
@@ -146,7 +175,10 @@ class Config :
 		for url in urls :
 			req = None
 			try :
-				req = requests.post(url)
+				if file == None :
+					req = requests.post(url)
+				else :
+					req = requests.post(url, {'file': file})
 			except :
 				pass
 			if req and req.status_code == 200 and req.text == "ok" :

autoconf/src/Controller.py

@@ -51,3 +51,10 @@ class Controller(ABC) :
 		except :
 			ret = False
 		return ret
+
+	def _send(self, instances) :
+		try :
+			ret = self._config.send(instances)
+		except :
+			ret = False
+		return ret

autoconf/src/IngressController.py

@@ -96,9 +96,9 @@ class IngressController(Controller.Controller) :
 
 	def process_events(self, current_env) :
 		self.__old_env = current_env
-		t_pod = Thread(target=self.__watch_pod)
-		t_ingress = Thread(target=self.__watch_ingress)
-		t_service = Thread(target=self.__watch_service)
+		t_pod = Thread(target=self.__watch, args=("pod",))
+		t_ingress = Thread(target=self.__watch, args=("ingress",))
+		t_service = Thread(target=self.__watch, args=("service",))
 		t_pod.start()
 		t_ingress.start()
 		t_service.start()
@@ -106,63 +106,38 @@ class IngressController(Controller.Controller) :
 		t_ingress.join()
 		t_service.join()
 
-	def __watch_pod(self) :
+	def __watch(self, type) :
 		w = watch.Watch()
-		for event in w.stream(self.__api.list_pod_for_all_namespaces, label_selector="bunkerized-nginx") :
+		what = None
+		if type == "pod" :
+			what = self.__api.list_pod_for_all_namespaces
+		elif type == "ingress" :
+			what = self.__extensions_api.list_ingress_for_all_namespaces
+		elif type == "service" :
+			what = self.__api.list_service_for_all_namespaces
+		for event in w.stream(what, label_selector="bunkerized-nginx") :
 			self.lock.acquire()
 			new_env = self.get_env()
 			if new_env != self.__old_env :
 				try :
-					if self.gen_conf(new_env) :
-						self.__old_env = new_env.copy()
-						log("CONTROLLER", "INFO", "successfully generated new configuration")
-						if self.reload() :
-							log("controller", "INFO", "successful reload")
-						else :
-							log("controller", "ERROR", "failed reload")
-				except :
-					log("controller", "ERROR", "exception while receiving event")
-			self.lock.release()
-
-	def __watch_ingress(self) :
-		w = watch.Watch()
-		for event in w.stream(self.__extensions_api.list_ingress_for_all_namespaces, label_selector="bunkerized-nginx") :
-			self.lock.acquire()
-			new_env = self.get_env()
-			if new_env != self.__old_env :
-				try :
-					if self.gen_conf(new_env) :
-						self.__old_env = new_env.copy()
-						log("CONTROLLER", "INFO", "successfully generated new configuration")
-						if self.reload() :
-							log("controller", "INFO", "successful reload")
-						else :
-							log("controller", "ERROR", "failed reload")
-				except :
-					log("controller", "ERROR", "exception while receiving event")
-			self.lock.release()
-
-	def __watch_service(self) :
-		w = watch.Watch()
-		for event in w.stream(self.__api.list_service_for_all_namespaces, label_selector="bunkerized-nginx") :
-			self.lock.acquire()
-			new_env = self.get_env()
-			if new_env != self.__old_env :
-				try :
-					if self.gen_conf(new_env) :
-						self.__old_env = new_env.copy()
-						log("CONTROLLER", "INFO", "successfully generated new configuration")
-						if self.reload() :
-							log("controller", "INFO", "successful reload")
-						else :
-							log("controller", "ERROR", "failed reload")
-				except :
-					log("controller", "ERROR", "exception while receiving event")
+					if not self.gen_conf(new_env) :
+						raise Exception("can't generate configuration")
+					if not self.send() :
+						raise Exception("can't send configuration")
+					if not self.reload() :
+						raise Exception("can't reload configuration")
+					self.__old_env = new_env.copy()
+					log("CONTROLLER", "INFO", "successfully loaded new configuration")
+				except Exception as e :
+					log("controller", "ERROR", "error while computing new event : " + str(e))
 			self.lock.release()
 
 	def reload(self) :
 		return self._reload(self.__get_services(autoconf=True))
 
+	def send(self) :
+		return self._send(self.__get_services(autoconf=True))
+
 	def wait(self) :
 		self.lock.acquire()
 		try :

autoconf/src/SwarmController.py

@@ -46,23 +46,24 @@ class SwarmController(Controller.Controller) :
 			if new_env != old_env :
 				self.lock.acquire()
 				try :
-					log("controller", "INFO", "generating new configuration")
-					if self.gen_conf(new_env) :
-						old_env = new_env.copy()
-						log("controller", "INFO", "successfully generated new configuration")
-						if self.reload() :
-							log("controller", "INFO", "successful reload")
-						else :
-							log("controller", "ERROR", "failed reload")
-					else :
-						log("controller", "ERROR", "can't generate new configuration")
-				except :
-					log("controller", "ERROR", "exception while receiving event")
+					if not self.gen_conf(new_env) :
+						raise Exception("can't generate configuration")
+					if not self.send() :
+						raise Exception("can't send configuration")
+					if not self.reload() :
+						raise Exception("can't reload configuration")
+					self.__old_env = new_env.copy()
+					log("CONTROLLER", "INFO", "successfully loaded new configuration")
+				except Exception as e :
+					log("controller", "ERROR", "error while computing new event : " + str(e))
 				self.lock.release()
 
 	def reload(self) :
 		return self._reload(self.__get_instances())
 
+	def send(self) :
+		return self._send(self.__get_instances())
+
 	def wait(self) :
 		self.lock.acquire()
 		try :