bundlewrap/bundles/nginx/metadata.py

178 lines
4.5 KiB
Python
Raw Normal View History

2021-03-21 09:30:04 +00:00
from bundlewrap.metadata import atomic
2020-08-18 13:27:55 +00:00
defaults = {
'apt': {
'repos': {
'nginx': {
'items': [
'deb http://nginx.org/packages/{os} {os_release} nginx',
2020-08-18 13:27:55 +00:00
],
2020-03-14 09:56:19 +00:00
},
2020-08-18 13:27:55 +00:00
},
'packages': {
'nginx': {},
2020-04-13 07:52:26 +00:00
},
2020-08-18 13:27:55 +00:00
},
2020-11-13 11:37:26 +00:00
'backups': {
'paths': {
'/var/www',
},
},
2020-11-10 09:57:04 +00:00
'icinga2_api': {
'nginx': {
'services': {
'NGINX PROCESS': {
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit nginx',
},
'NGINX STATUS': {
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_nginx_status',
},
},
},
},
2020-08-18 13:27:55 +00:00
'nginx': {
'worker_connections': 768,
2020-08-18 13:27:55 +00:00
},
}
2021-04-23 17:31:28 +00:00
if node.has_bundle('telegraf'):
defaults['telegraf'] = {
'input_plugins': {
'builtin': {
'nginx': [{
'urls': ['http://localhost:22999/server_status'],
}],
},
},
}
@metadata_reactor.provides(
'nginx/worker_processes',
)
def worker_processes(metadata):
return {
'nginx': {
'worker_processes': metadata.get('vm/cpu', 2),
},
}
@metadata_reactor.provides(
'letsencrypt/domains',
'letsencrypt/reload_after',
'nginx/vhosts',
)
def letsencrypt(metadata):
if not node.has_bundle('letsencrypt'):
2020-08-18 13:27:55 +00:00
raise DoNotRunAgain
domains = {}
vhosts = {}
for vhost, config in metadata.get('nginx/vhosts', {}).items():
domain = config.get('domain', vhost)
2020-11-11 10:41:06 +00:00
domains[domain] = config.get('domain_aliases', set())
vhosts[vhost] = {
'ssl': 'letsencrypt',
}
return {
'letsencrypt': {
'domains': domains,
'reload_after': {
'nginx',
},
},
'nginx': {
'vhosts': vhosts,
},
2020-08-18 13:27:55 +00:00
}
@metadata_reactor.provides(
'nginx/vhosts',
)
def index_files(metadata):
vhosts = {}
for vhost, config in metadata.get('nginx/vhosts', {}).items():
vhosts[vhost] = {
'index': [
'index.html',
'index.htm',
],
}
if config.get('php', False):
# If we're using PHP, make sure index.php is tried first
vhosts[vhost]['index'].insert(0, 'index.php')
return {
'nginx': {
'vhosts': vhosts,
},
}
2020-11-10 09:57:04 +00:00
@metadata_reactor.provides(
'icinga2_api/nginx/services',
)
2020-11-10 09:57:04 +00:00
def monitoring(metadata):
services = {}
for vname, vconfig in metadata.get('nginx/vhosts', {}).items():
domain = vconfig.get('domain', vname)
if vconfig['ssl']:
2020-11-21 09:30:05 +00:00
scheme = 'https'
else:
scheme = 'http'
2020-11-10 09:57:04 +00:00
if 'website_check_path' in vconfig and 'website_check_string' in vconfig:
services['NGINX VHOST {} CONTENT'.format(vname)] = {
'check_command': 'check_http_wget',
'vars.http_wget_contains': vconfig['website_check_string'],
2020-11-21 09:30:05 +00:00
'vars.http_wget_url': '{}://{}{}'.format(scheme, domain, vconfig['website_check_path']),
'vars.notification.sms': True,
2020-11-10 09:57:04 +00:00
}
if vconfig.get('check_ssl', vconfig['ssl']):
2020-11-10 09:57:04 +00:00
services['NGINX VHOST {} CERTIFICATE'.format(vname)] = {
2020-12-18 12:28:08 +00:00
'check_command': 'check_https_cert_at_url',
2020-11-10 09:57:04 +00:00
'vars.domain': domain,
'vars.notification.mail': True,
2020-11-10 09:57:04 +00:00
}
max_connections = metadata.get('nginx/worker_connections') * metadata.get('nginx/worker_processes')
connections_warn = int(max_connections * 0.8)
connections_crit = int(max_connections * 0.9)
services['NGINX STATUS'] = {
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_nginx_status --warn={},-1,-1 --critical={},-1,-1 -H 127.0.0.1:22999'.format(connections_warn, connections_crit),
}
return {
'icinga2_api': {
'nginx': {
'services': services,
},
},
}
2020-11-16 15:35:01 +00:00
@metadata_reactor.provides(
2021-03-21 09:30:04 +00:00
'iptables/port_rules/80',
'iptables/port_rules/443',
)
2020-11-16 15:35:01 +00:00
def iptables(metadata):
return {
'iptables': {
2021-03-21 09:30:04 +00:00
'port_rules': {
2021-04-04 08:34:55 +00:00
'80': atomic(metadata.get('nginx/restrict-to', {'*'})),
'443': atomic(metadata.get('nginx/restrict-to', {'*'})),
2020-11-16 15:35:01 +00:00
},
},
}