central nginx manager

2025-09-29 19:24:26 +03:00 · 2025-01-13 13:25:05 +00:00
parent 6db87fc7fe
commit 493d9a6627
21 changed files with 2109 additions and 0 deletions
--- a/nodes/central_nginx_manager/CMakeLists.txt
+++ b/nodes/central_nginx_manager/CMakeLists.txt
@@ -0,0 +1,34 @@
+add_subdirectory(package)
+
+add_executable(cp-nano-central-nginx-manager main.cc)
+
+target_link_libraries(cp-nano-central-nginx-manager
+    -Wl,--start-group
+    ${COMMON_LIBRARIES}
+
+    generic_rulebase
+    generic_rulebase_evaluators
+    ip_utilities
+    version
+    signal_handler
+
+	central_nginx_manager
+    nginx_message_reader
+    rate_limit_comp
+    rate_limit_config
+    nginx_utils
+	http_transaction_data
+    -Wl,--end-group
+)
+
+add_dependencies(cp-nano-central-nginx-manager ngen_core)
+
+install(TARGETS cp-nano-central-nginx-manager DESTINATION bin)
+install(TARGETS cp-nano-central-nginx-manager DESTINATION central_nginx_manager/bin)
+
+gen_package(
+	install-cp-nano-central-nginx-manager.sh
+	central_nginx_manager
+	./install-cp-nano-central-nginx-manager.sh
+	Check Point Central NGINX Manager Nano Service Version ${PACKAGE_VERSION} Install Package
+)
--- a/nodes/central_nginx_manager/main.cc
+++ b/nodes/central_nginx_manager/main.cc
@@ -0,0 +1,31 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "central_nginx_manager.h"
+
+#include "components_list.h"
+#include "nginx_message_reader.h"
+
+using namespace std;
+
+int
+main(int argc, char **argv)
+{
+    NodeComponents<CentralNginxManager, NginxMessageReader> comps;
+
+    comps.registerGlobalValue<bool>("Is Rest primary routine", true);
+    comps.registerGlobalValue<uint>("Nano service API Port Primary", 7555);
+    comps.registerGlobalValue<uint>("Nano service API Port Alternative", 7556);
+
+    return comps.run("Central NGINX Manager", argc, argv);
+}
--- a/nodes/central_nginx_manager/package/CMakeLists.txt
+++ b/nodes/central_nginx_manager/package/CMakeLists.txt
@@ -0,0 +1,4 @@
+install(FILES install-cp-nano-central-nginx-manager.sh DESTINATION central_nginx_manager PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ)
+install(FILES cp-nano-central-nginx-manager.cfg  DESTINATION central_nginx_manager/conf PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ)
+install(FILES cp-nano-central-nginx-manager-conf.json  DESTINATION central_nginx_manager/conf PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ)
+install(FILES cp-nano-central-nginx-manager-debug-conf.json  DESTINATION central_nginx_manager/conf PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ)
--- a/nodes/central_nginx_manager/package/cp-nano-central-nginx-manager-conf.json
+++ b/nodes/central_nginx_manager/package/cp-nano-central-nginx-manager-conf.json
@@ -0,0 +1 @@
+{}
--- a/nodes/central_nginx_manager/package/cp-nano-central-nginx-manager-debug-conf.json
+++ b/nodes/central_nginx_manager/package/cp-nano-central-nginx-manager-debug-conf.json
@@ -0,0 +1,11 @@
+{
+  "Debug": [
+    {
+      "Streams": [
+        {
+          "Output": "/var/log/nano_agent/cp-nano-central-nginx-manager.dbg"
+        }
+      ]
+    }
+  ]
+}
--- a/nodes/central_nginx_manager/package/cp-nano-central-nginx-manager.cfg
+++ b/nodes/central_nginx_manager/package/cp-nano-central-nginx-manager.cfg
@@ -0,0 +1,2 @@
+srv_debug_file=/var/log/nano_agent/cp-nano-central-nginx-manager.dbg
+srv_log_file=/var/log/nano_agent/cp-nano-central-nginx-manager.log
--- a/nodes/central_nginx_manager/package/install-cp-nano-central-nginx-manager.sh
+++ b/nodes/central_nginx_manager/package/install-cp-nano-central-nginx-manager.sh
@@ -0,0 +1,171 @@
+#!/bin/sh
+
+FORCE_STDOUT=true
+INSTALLATION_LOG_FILE="/var/log/nano_agent/install-cp-nano-central-nginx-manager.log"
+INSTALLATION_TIME=$(date)
+CONF_PATH=/etc/cp/conf
+SERVICE_PATH=/etc/cp/centralNginxManager
+WATCHDOG_PATH=/etc/cp/watchdog/cp-nano-watchdog
+NGINX_CONF_PATH="/etc/nginx/nginx.conf"
+CENTRAL_NGINX_CONF_PATH="/tmp/central_nginx.conf"
+
+export INSTALL_COMMAND
+is_install="$(command -v install)"
+if [ -z ${is_install} ]; then
+    INSTALL_COMMAND="cp -f"
+    cp_print "[WARNING]: install command not found - using cp instead" ${FORCE_STDOUT}
+else
+    INSTALL_COMMAND=install
+fi
+
+mkdir -p /var/log/nano_agent
+mkdir -p /tmp/
+
+cp_print()
+{
+    var_text=${1}
+    var_std_out=${2}
+    touch ${INSTALLATION_LOG_FILE}
+    if [ -n "${var_std_out}" ]; then
+        if [ "${var_std_out}" = "true" ]; then
+            printf "%b\n" "${var_text}"
+        fi
+    fi
+    printf "%b\n" "${var_text}" >> ${INSTALLATION_LOG_FILE}
+}
+
+cp_exec()
+{
+    var_cmd=${1}
+    var_std_out=${2}
+    # Send exec output to RES
+    RES=$(${var_cmd} 2>&1)
+    if [ -n "${RES}" ]; then
+        cp_print "${RES}" "${var_std_out}"
+    fi
+}
+
+is_nginx_installed()
+{
+    if [ -x "$(command -v nginx)" ]; then
+        return 0
+    fi
+
+    return 1
+}
+
+get_nginx_conf_path()
+{
+    if ! is_nginx_installed; then
+        return
+    fi
+
+    NGINX_CONF_PATH=$(nginx -V 2>&1 | grep -o '\--conf-path=[^ ]*' | cut -d= -f2)
+    if [ -z "${NGINX_CONF_PATH}" ]; then
+        NGINX_CONF_PATH="/etc/nginx/nginx.conf"
+    fi
+}
+
+run_installation()
+{
+    cp_print "Starting installation of Check Point Central NGINX Manager [${INSTALLATION_TIME}]\n" ${FORCE_STDOUT}
+    cp_exec "${WATCHDOG_PATH} --un-register ${SERVICE_PATH}/cp-nano-central-nginx-manager"
+    cp_exec "mkdir -p ${SERVICE_PATH}"
+    cp_exec "mkdir -p ${CONF_PATH}/centralNginxManager/shared"
+
+    cp_exec "touch ${CONF_PATH}/centralNginxManager/shared/central_nginx_shared.conf"
+    cp_exec "${INSTALL_COMMAND} bin/cp-nano-central-nginx-manager ${SERVICE_PATH}/cp-nano-central-nginx-manager"
+    cp_exec "${INSTALL_COMMAND} bin/cp-nano-nginx-conf-collector ${SERVICE_PATH}/cp-nano-nginx-conf-collector"
+    cp_exec "${INSTALL_COMMAND} conf/cp-nano-central-nginx-manager.cfg ${CONF_PATH}/cp-nano-central-nginx-manager.cfg"
+    cp_exec "${INSTALL_COMMAND} conf/cp-nano-central-nginx-manager-conf.json ${CONF_PATH}/cp-nano-central-nginx-manager-conf.json"
+    cp_exec "${INSTALL_COMMAND} conf/cp-nano-central-nginx-manager-debug-conf.json ${CONF_PATH}/cp-nano-central-nginx-manager-debug-conf.json"
+    cp_exec "chmod +x ${SERVICE_PATH}/cp-nano-central-nginx-manager"
+    cp_exec "chmod +x ${SERVICE_PATH}/cp-nano-nginx-conf-collector"
+    cp_exec "chmod 600 ${CONF_PATH}/cp-nano-central-nginx-manager.cfg"
+    cp_exec "chmod 600 ${CONF_PATH}/cp-nano-central-nginx-manager-conf.json"
+
+    cp_exec "${WATCHDOG_PATH} --register ${SERVICE_PATH}/cp-nano-central-nginx-manager"
+    cp_print "Installation completed successfully." ${FORCE_STDOUT}
+}
+
+usage()
+{
+    echo "Check Point: available flags are"
+    echo "--install           : install central nginx manager"
+    echo "--uninstall         : remove central nginx manager"
+    echo "--pre_install_test  : run Pre-installation test for central nginx manager install package"
+    echo "--post_install_test : run Post-installation test for central nginx manager install package"
+    exit 255
+}
+
+run_uninstall()
+{
+    cp_print "Starting uninstall of Check Point Central NGINX Manager service [${INSTALLATION_TIME}]\n" ${FORCE_STDOUT}
+
+    cp_exec "${WATCHDOG_PATH} --un-register ${SERVICE_PATH}/cp-nano-central-nginx-manager"
+    cp_exec "rm -rf ${SERVICE_PATH}/"
+    cp_exec "rm -f ${CONF_PATH}/cp-nano-central-nginx-manager.cfg"
+    cp_exec "rm -f ${CONF_PATH}/cp-nano-central-nginx-manager-conf.json"
+
+    if [ -f "${CENTRAL_NGINX_CONF_PATH}.base" ]; then
+        cp_print "Restoring central NGINX configuration file" ${FORCE_STDOUT}
+        cp_exec "${INSTALL_COMMAND} ${CENTRAL_NGINX_CONF_PATH}.base ${NGINX_CONF_PATH}"
+        if is_nginx_installed; then
+            if nginx -t > /dev/null 2>&1; then
+                cp_exec "nginx -s reload"
+            else
+                cp_print "Could not reload central NGINX configuration, run 'nginx -t' for more details." ${FORCE_STDOUT}
+            fi
+        fi
+    fi
+
+    if [ -f "${NGINX_CONF_PATH}.orig" ]; then
+        cp_print "Original (pre Check Point Nano Agent deployment) NGINX configuration file can be found at: ${NGINX_CONF_PATH}.orig" ${FORCE_STDOUT}
+    fi
+    cp_print "Check Point Central NGINX Manager service was removed successfully\n" ${FORCE_STDOUT}
+}
+
+run_pre_install_test()
+{
+    cp_print "Successfully finished pre-installation test for Check Point Central NGINX Manager service installation package [${INSTALLATION_TIME}]\n" ${FORCE_STDOUT}
+    exit 0
+}
+
+run_post_install_test()
+{
+    if [ ! -d ${SERVICE_PATH} ]; then
+        cp_print "Failed post-installation test for Check Point Central NGINX Manager service installation package [${INSTALLATION_TIME}]\n" ${FORCE_STDOUT}
+        exit 1
+    fi
+
+    cp_print "Successfully finished post-installation test for Check Point Central NGINX Manager service installation package [${INSTALLATION_TIME}]\n" ${FORCE_STDOUT}
+    exit 0
+}
+
+
+run()
+{
+    get_nginx_conf_path
+    if [ '--install' = "${1}" ]; then
+        run_installation "${@}"
+    elif [ '--uninstall' = "${1}" ]; then
+        run_uninstall
+    elif [ '--pre_install_test' = "${1}" ]; then
+        run_pre_install_test
+    elif [ '--post_install_test' = "${1}" ]; then
+        run_post_install_test
+    else
+        usage
+        exit 1
+    fi
+}
+
+if [ "$(id -u)" != "0" ]; then
+    echo "Administrative privileges required for this Package (use su or sudo)"
+    exit 1
+fi
+
+shift
+run "${@}"
+
+exit 0