feat(cli) SSL auto-generation + dnsmasq for new CLI

kong-0.8.2-0.rockspec

@@ -58,6 +58,7 @@ build = {
     ["kong.cmd.compile"] = "kong/cmd/compile.lua",
     ["kong.cmd.init"] = "kong/cmd/init.lua",
     ["kong.cmd.migrations"] = "kong/cmd/migrations.lua",
+    ["kong.cmd.cluster"] = "kong/cmd/cluster.lua",
     ["kong.cmd.reload"] = "kong/cmd/reload.lua",
     ["kong.cmd.roar"] = "kong/cmd/roar.lua",
     ["kong.cmd.start"] = "kong/cmd/start.lua",
@@ -68,6 +69,8 @@ build = {
     ["kong.cmd.utils.nginx_conf_compiler"] = "kong/cmd/utils/nginx_conf_compiler.lua",
     ["kong.cmd.utils.nginx_signals"] = "kong/cmd/utils/nginx_signals.lua",
     ["kong.cmd.utils.serf_signals"] = "kong/cmd/utils/serf_signals.lua",
+    ["kong.cmd.utils.dnsmasq_signals"] = "kong/cmd/utils/dnsmasq_signals.lua",
+    ["kong.cmd.utils.ssl"] = "kong/cmd/utils/ssl.lua",
 
     ["kong.api.init"] = "kong/api/init.lua",
     ["kong.api.api_helpers"] = "kong/api/api_helpers.lua",

kong/cmd/cluster.lua

@@ -0,0 +1,54 @@
+local conf_loader = require "kong.conf_loader"
+local DAOFactory = require "kong.dao.factory"
+local Serf = require "kong.serf"
+local log = require "kong.cmd.utils.log"
+local fmt = string.format
+
+local function execute(args)
+  local conf = assert(conf_loader(args.conf, {
+    prefix = args.prefix
+  }))
+
+  local dao = DAOFactory(conf)
+  local serf = Serf.new(conf, conf.prefix, dao)
+
+  if args.command == "members" then
+    local members = assert(serf:members(true))
+    for _, v in ipairs(members) do
+      print(fmt("%s\t%s\t%s", v.name, v.addr, v.status))
+    end
+  elseif args.command == "keygen" then
+    print(assert(serf:keygen()))
+  elseif args.command == "reachability" then
+    log("Please wait..")
+    print(assert(serf:reachability()))
+  elseif args.command == "force-leave" then
+    local node_name = args[1]
+    if not node_name then
+      error("you need to specify the node name to leave")
+    end
+    log(fmt("Force-leaving %s", node_name))
+    assert(serf:force_leave(node_name))
+    log("Done")
+  end
+end
+
+local lapp = [[
+Usage: kong cluster COMMAND [OPTIONS]
+
+The available commands are:
+ members
+ force-leave <node_name>
+ keygen
+ reachability
+
+Options:
+ -c,--conf (optional string) configuration file
+ --prefix  (optional string) Nginx prefix path
+]]
+
+return {
+  lapp = lapp,
+  execute = execute,
+  sub_commands = {members = true, keygen = true, reachability = true, ["force-leave"] = true}
+}

kong/cmd/init.lua

@@ -29,6 +29,7 @@ local cmds = {
   check = "check",
   compile = "compile",
   migrations = "migrations",
+  cluster = "cluster",
   version = "version",
   roar = "roar"
 }

kong/cmd/reload.lua

@@ -1,6 +1,7 @@
 local nginx_conf_compiler = require "kong.cmd.utils.nginx_conf_compiler"
 local nginx_signals = require "kong.cmd.utils.nginx_signals"
 local serf_signals = require "kong.cmd.utils.serf_signals"
+local dnsmasq_signals = require "kong.cmd.utils.dnsmasq_signals"
 local conf_loader = require "kong.conf_loader"
 local DAOFactory = require "kong.dao.factory"
 local log = require "kong.cmd.utils.log"
@@ -11,6 +12,7 @@ local function execute(args)
   }))
 
   assert(nginx_conf_compiler.prepare_prefix(conf, conf.prefix))
+  assert(dnsmasq_signals.start(conf, conf.prefix))
   assert(serf_signals.start(conf, conf.prefix, DAOFactory(conf)))
   assert(nginx_signals.reload(conf.prefix))
   log("Reloaded")

kong/cmd/start.lua

@@ -1,6 +1,7 @@
 local nginx_conf_compiler = require "kong.cmd.utils.nginx_conf_compiler"
 local nginx_signals = require "kong.cmd.utils.nginx_signals"
 local serf_signals = require "kong.cmd.utils.serf_signals"
+local dnsmasq_signals = require "kong.cmd.utils.dnsmasq_signals"
 local conf_loader = require "kong.conf_loader"
 local DAOFactory = require "kong.dao.factory"
 local log = require "kong.cmd.utils.log"
@@ -20,6 +21,7 @@ local function execute(args)
   local dao = DAOFactory(conf)
   assert(dao:run_migrations())
   assert(nginx_conf_compiler.prepare_prefix(conf, conf.prefix))
+  assert(dnsmasq_signals.start(conf, conf.prefix))
   assert(serf_signals.start(conf, conf.prefix, dao))
   assert(nginx_signals.start(conf.prefix))
   log("Started")

kong/cmd/stop.lua

@@ -1,24 +1,28 @@
 local nginx_signals = require "kong.cmd.utils.nginx_signals"
 local serf_signals = require "kong.cmd.utils.serf_signals"
+local dnsmasq_signals = require "kong.cmd.utils.dnsmasq_signals"
 local conf_loader = require "kong.conf_loader"
+local DAOFactory = require "kong.dao.factory"
 local log = require "kong.cmd.utils.log"
 
 local function execute(args)
-  -- no conf file loaded, we just want the prefix,
-  -- potentially overriden by the argument
-  local conf = assert(conf_loader(nil, {
+  local conf = assert(conf_loader(args.conf, {
     prefix = args.prefix
   }))
 
+  local dao = DAOFactory(conf)
+
   assert(nginx_signals.stop(conf.prefix))
-  assert(serf_signals.stop(conf.prefix))
+  assert(serf_signals.stop(conf, conf.prefix, dao))
+  assert(dnsmasq_signals.stop(conf.prefix))
   log("Stopped")
 end
 
 local lapp = [[
 Usage: kong stop [OPTIONS]
 
 Options:
+ -c,--conf (optional string) configuration file
  --prefix (optional string) Nginx prefix path
 ]]
 

kong/cmd/utils/dnsmasq_signals.lua

@@ -0,0 +1,85 @@
+local pl_utils = require "pl.utils"
+local pl_path = require "pl.path"
+local pl_file = require "pl.file"
+local log = require "kong.cmd.utils.log"
+local kill = require "kong.cmd.utils.kill"
+local fmt = string.format
+
+local _M = {}
+
+local dnsmasq_bin_name = "dnsmasq"
+local dnsmasq_pid_name = "dnsmasq.pid"
+local dnsmasq_search_paths = {
+  "/usr/local/sbin",
+  "/usr/local/bin",
+  "/usr/sbin",
+  "/usr/bin",
+  "/bin",
+  ""
+}
+
+function _M.find_bin()
+  log.verbose("searching for 'dnsmasq' executable...")
+
+  local found
+  for _, path in ipairs(dnsmasq_search_paths) do
+    local path_to_check = pl_path.join(path, dnsmasq_bin_name)
+    local cmd = fmt("%s -v", path_to_check)
+    local ok = pl_utils.executeex(cmd)
+    if ok then
+      found = path_to_check
+      break
+    end
+  end
+
+  if not found then
+    return nil, "could not find 'dnsmasq' executable"
+  end
+
+  log.verbose("found 'dnsmasq' executable at %s", found)
+
+  return found
+end
+
+local function is_running(pid_path)
+  if not pl_path.exists(pid_path) then return nil end
+  local code = kill(pid_path, "-0")
+  return code == 0
+end
+
+function _M.start(kong_config, nginx_prefix)
+  if kong_config.dnsmasq then
+    -- is dnsmasq already running in this prefix?
+    local pid_path = pl_path.join(nginx_prefix, "pids", dnsmasq_pid_name)
+    if is_running(pid_path) then
+      log.verbose("dnsmasq already running at %s", pid_path)
+      return true
+    else
+      log.verbose("dnsmasq not running, deleting %s", pid_path)
+      pl_file.delete(pid_path)
+    end
+
+    local dnsmasq_bin, err = _M.find_bin()
+    if not dnsmasq_bin then return nil, err end
+
+    local cmd = fmt("%s -p %d --pid-file=%s -N -o --listen-address=127.0.0.1", dnsmasq_bin, kong_config.dnsmasq_port, pid_path)
+
+    log.debug("starting dnsmasq: %s", cmd)
+
+    local ok, _, _, stderr = pl_utils.executeex(cmd)
+    if not ok then return nil, stderr end
+  end
+
+  return true
+end
+
+function _M.stop(nginx_prefix)
+  local pid_path = pl_path.join(nginx_prefix, "pids", dnsmasq_pid_name)
+  if pl_path.exists(pid_path) then
+    log.verbose("stopping dnsmasq at %s", pid_path)
+    return kill(pid_path, "-9")
+  end
+  return true
+end
+
+return _M

kong/cmd/utils/nginx_conf_compiler.lua

@@ -1,4 +1,5 @@
 local NGINX_VARS = {
+  prefix = true,
   plugins = true,
   cluster_listen = true,
   cluster_listen_rpc = true,
@@ -29,7 +30,9 @@ local pl_utils = require "pl.utils"
 local pl_file = require "pl.file"
 local pl_path = require "pl.path"
 local pl_dir = require "pl.dir"
+local ssl = require "kong.cmd.utils.ssl"
 local log = require "kong.cmd.utils.log"
+local fmt = string.format
 
 local function gather_system_infos(compile_env)
   local infos = {}
@@ -63,10 +66,20 @@ local function compile_conf(kong_config, conf_template)
     compile_env.nginx_vars[k] = v
   end
 
+  local ssl_data, err = ssl.get_ssl_cert_and_key(kong_config, kong_config.prefix)
+  if not ssl_data then return nil, err end
+
   if kong_config.cassandra_ssl and kong_config.cassandra_ssl_trusted_cert then
     compile_env["lua_ssl_trusted_certificate"] = kong_config.cassandra_ssl_trusted_cert
-    --compile_env["ssl_certificate"] =
-    --compile_env["ssl_certificate_key"] =
+  end
+
+  if kong_config.ssl then
+    compile_env["ssl_cert"] = ssl_data.ssl_cert
+    compile_env["ssl_cert_key"] = ssl_data.ssl_cert_key
+  end
+
+  if kong_config.dnsmasq then
+    compile_env["dns_resolver"] = "127.0.0.1:"..kong_config.dnsmasq_port
   end
 
   if kong_config.nginx_optimizations then
@@ -97,10 +110,12 @@ local function touch(file_path)
 end
 
 local function prepare_prefix(kong_config, nginx_prefix)
-  log.verbose("preparing nginx prefix directory at %s", nginx_prefix)
+  log.verbose("preparing prefix directory at %s", nginx_prefix)
 
   if not pl_path.exists(nginx_prefix) then
-    return nil, nginx_prefix.." does not exist"
+    log.verbose(fmt("prefix directory %s not found, trying to create it", nginx_prefix))
+    local ok, err = pl_dir.makepath(nginx_prefix)
+    if not ok then return nil, err end
   elseif not pl_path.isdir(nginx_prefix) then
     return nil, nginx_prefix.." is not a directory"
   end
@@ -118,17 +133,30 @@ local function prepare_prefix(kong_config, nginx_prefix)
   if not ok then return nil, stderr end
   local ok, _, _, stderr = touch(acc_logs_path)
   if not ok then return nil, stderr end
+
+  -- pids folder
+  local pids_path = pl_path.join(nginx_prefix, "pids")
+  local ok, err = pl_dir.makepath(pids_path)
+  if not ok then return nil, err end
+
+  -- auto-generate default SSL certificate
+  local ok, err = ssl.prepare_ssl_cert_and_key(nginx_prefix)
+  if not ok then return nil, err end
 
   local nginx_config_path = pl_path.join(nginx_prefix, "nginx.conf")
   local kong_nginx_conf_path = pl_path.join(nginx_prefix, "nginx-kong.conf")
 
   -- write NGINX conf
-  local nginx_conf = compile_nginx_conf(kong_config)
-  pl_file.write(nginx_config_path, nginx_conf)
+  local nginx_conf, err = compile_nginx_conf(kong_config)
+  if not nginx_conf then return nil, err end
+  local ok, err = pl_file.write(nginx_config_path, nginx_conf)
+  if not ok then return nil, err end
 
   -- write Kong's NGINX conf
-  local kong_nginx_conf = compile_kong_conf(kong_config)
-  pl_file.write(kong_nginx_conf_path, kong_nginx_conf)
+  local kong_nginx_conf, err = compile_kong_conf(kong_config)
+  if not kong_nginx_conf then return nil, err end
+  local ok, err = pl_file.write(kong_nginx_conf_path, kong_nginx_conf)
+  if not ok then return nil, err end
 
   return true
 end

kong/cmd/utils/nginx_signals.lua

@@ -21,7 +21,7 @@ local function is_openresty(bin_path)
 end
 
 local function get_pid_path(nginx_prefix)
-  local pid_path = pl_path.join(nginx_prefix, "logs", "nginx.pid")
+  local pid_path = pl_path.join(nginx_prefix, "pids", "nginx.pid")
   if pl_path.exists(pid_path) then
     return pid_path
   end