def test_ssl(self):
config = NginxConfig(ssl_simple_config)
config.full_parse()
config.run_ssl_analysis()
ssl_certificates = config.ssl_certificates
assert_that(ssl_certificates, has_length(1))
# check contents
assert_that(ssl_certificates.keys()[0], ends_with('certs.d/example.com.crt'))
assert_that(ssl_certificates.values()[0], has_item('names'))
def test_ssl(self):
config = NginxConfig(ssl_simple_config)
config.full_parse()
config.run_ssl_analysis()
ssl_certificates = config.ssl_certificates
assert_that(ssl_certificates, has_length(1))
# check contents
assert_that(ssl_certificates.keys()[0], ends_with('certs.d/example.com.crt'))
assert_that(ssl_certificates.values()[0], has_item('names'))
def test_exclude_ssl(self):
config = NginxConfig(ssl_simple_config)
# also check that existing certs get cleared on subsequent parse
config.full_parse()
config.run_ssl_analysis()
ssl_certificates = config.ssl_certificates
assert_that(ssl_certificates, has_length(1))
config.full_parse(include_ssl_certs=False)
config.run_ssl_analysis()
ssl_certificates = config.ssl_certificates
assert_that(ssl_certificates, has_length(0))
def collect(self):
try:
config = NginxConfig(
self.object.conf_path,
binary=self.object.bin_path,
prefix=self.object.prefix
)
# check if config is changed (changes are: new files/certs, new mtimes)
config_files, config_dirs = config.collect_structure(include_ssl_certs=self.object.upload_ssl)
if config_files == self.previous_files and config_dirs == self.previous_directories:
return
# parse config tree
config.full_parse()
# Send event for parsing nginx config.
# Use config.parser.filename to account for default value defined in NginxConfigParser.
self.object.eventd.event(
level=INFO,
message='nginx config parsed, read from %s' % config.filename,
)
for error in config.parser_errors:
self.object.eventd.event(level=WARNING, message=error)
# run ssl checks
if self.object.upload_ssl:
config.run_ssl_analysis()
else:
context.log.info('ssl analysis skipped due to users settings')
# run upload
checksum = config.checksum()
if self.object.upload_config:
self.upload(config, checksum)
if self.previous_checksum:
# config changed, so we need to restart the object
self.object.need_restart = True
else:
# otherwise run test
if self.object.run_config_test and config.total_size() < 20*1024*1024: # 20 MB
run_time = config.run_test()
# send event for testing nginx config
if config.test_errors:
self.object.eventd.event(level=WARNING, message='nginx config test failed')
else:
self.object.eventd.event(level=INFO, message='nginx config tested ok')
for error in config.test_errors:
self.object.eventd.event(level=CRITICAL, message=error)
# stop -t if it took too long
if run_time > context.app_config['containers']['nginx']['max_test_duration']:
context.app_config['containers']['nginx']['run_test'] = False
context.app_config.mark_unchangeable('run_test')
self.object.eventd.event(
level=WARNING,
message='%s -t -c %s took %s seconds, disabled until agent restart' % (
config.binary, config.filename, run_time
)
)
self.object.run_config_test = False
self.previous_checksum = checksum
self.previous_files = copy.copy(config_files)
self.previous_directories = copy.copy(config_dirs)
except Exception as e:
exception_name = e.__class__.__name__
context.log.error('failed to collect due to %s' % exception_name)
context.log.debug('additional info:', exc_info=True)
self.object.eventd.event(
level=INFO,
message='nginx config parser failed, path %s' % self.object.conf_path,
onetime=True
)
def collect(self):
try:
config = NginxConfig(self.object.conf_path,
binary=self.object.bin_path,
prefix=self.object.prefix)
# check if config is changed (changes are: new files/certs, new mtimes)
all_config_files = config.get_all_files(
include_ssl_certs=self.object.upload_ssl)
if all_config_files == self.previous_files:
return
# parse config tree
config.full_parse()
# Send event for parsing nginx config.
# Use config.parser.filename to account for default value defined in NginxConfigParser.
self.object.eventd.event(
level=INFO,
message='nginx config parsed, read from %s' % config.filename,
)
for error in config.parser_errors:
self.object.eventd.event(level=WARNING, message=error)
# run ssl checks
if self.object.upload_ssl:
config.run_ssl_analysis()
else:
context.log.info('ssl analysis skipped due to users settings')
# run upload
checksum = config.checksum()
if self.object.upload_config:
self.upload(config, checksum)
# config changed, so we need to restart the object
if self.previous_checksum:
self.object.need_restart = True
# otherwise run test
else:
# run test
if self.object.run_config_test and config.total_size(
) < 20 * 1024 * 1024: # 20 MB
run_time = config.run_test()
# send event for testing nginx config
if config.test_errors:
self.object.eventd.event(
level=WARNING, message='nginx config test failed')
else:
self.object.eventd.event(
level=INFO, message='nginx config tested ok')
for error in config.test_errors:
self.object.eventd.event(level=CRITICAL, message=error)
# stop -t if it took too long
if run_time > context.app_config['containers']['nginx'][
'max_test_duration']:
context.app_config['containers']['nginx'][
'run_test'] = False
context.app_config.mark_unchangeable('run_test')
self.object.eventd.event(
level=WARNING,
message=
'%s -t -c %s took %s seconds, disabled until agent restart'
% (config.binary, config.filename, run_time))
self.object.run_config_test = False
self.previous_checksum = checksum
self.previous_files = copy.copy(all_config_files)
except Exception as e:
exception_name = e.__class__.__name__
context.log.error('failed to collect due to %s' % exception_name)
context.log.debug('additional info:', exc_info=True)
self.object.eventd.event(
level=INFO,
message='nginx config parser failed, path %s' %
self.object.conf_path,
onetime=True)
def main():
args = parse_args()
def dump(heading, *payloads):
if heading:
print '\033[32m{} for {}\033[0m'.format(heading, args.config)
for x in payloads:
if isinstance(x, dict) and args.pretty:
print json.dumps(x, indent=4, sort_keys=True)
elif isinstance(x, dict):
print json.dumps(x, separators=(',', ':'), sort_keys=True)
else:
print json.dumps(x) # never prettify print lists
print
start = time.time()
cfg = NginxConfig(filename=args.config)
if args.light:
structure = cfg.collect_structure(include_ssl_certs=True)
else:
cfg.full_parse()
runtime = time.time() - start
if args.quiet:
print 'Parsed in %s seconds' % runtime
return
if args.light:
dump(None, *structure)
elif args.simple:
dump(None, cfg.subtree)
elif args.dirmap:
dump('Config files', cfg.files)
dump('Config directories', cfg.directories)
dump('Config directory map', cfg.directory_map)
dump('Config errors', cfg.parser_errors)
elif args.payload:
cfg.run_ssl_analysis()
payload = {
'tree': cfg.tree,
'directory_map': cfg.directory_map,
'files': cfg.files,
'directories': cfg.directories,
'ssl_certificates': cfg.ssl_certificates,
'access_logs': cfg.access_logs,
'error_logs': cfg.error_logs,
'errors': {
'parser': len(cfg.parser_errors),
'test': len(cfg.test_errors)
}
}
dump(None, payload)
else:
cfg.run_ssl_analysis()
dump('Config tree', cfg.tree)
dump('Config files', cfg.files)
dump('Config directory map', cfg.directory_map)
dump('SSL certificates', cfg.ssl_certificates)
dump('Stub status/plus status/api urls', cfg.stub_status_urls,
cfg.plus_status_external_urls, cfg.plus_status_internal_urls,
cfg.api_external_urls, cfg.api_internal_urls)
dump('Access logs', cfg.access_logs)
dump('Error logs', cfg.error_logs)
dump('Log formats', cfg.log_formats)
dump('Config errors', cfg.parser_errors)
print '\033[32mParsed in %s seconds\033[0m' % runtime
