From b8a990e264a34f3d47c3365bcdf67efd6f974132 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Kn=C3=B6ppler?= <6317548+theCalcaholic@users.noreply.github.com> Date: Mon, 2 Aug 2021 23:12:56 +0200 Subject: Add ncp-app for prometheus (system) metrics * metrics.{sh,cfg}: Implement ncp-app for prometheus (system) metrics letsencrypts.sh, nc-nextcloud.sh, nextcloud.conf.sh: Introduce templating/generator concept to allow multiple ncp apps to edit the same file without conflicts library.sh: Add convenience function find_app_param Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * letsencrypt.sh: Remove commented code Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * metrics.cfg: Deactivate by default - Add title, description and remove TODO entries Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * metrics.sh: Restart apache after enabling proxy_http Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * update.sh: Update ncp-templates directory during updates Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * update.sh: Copy ncp-templates directory, not just its content Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * metrics.sh,update.sh: Disable metrics in docker for now Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * metrics.sh: Disable prometheus-node-exporter via systemctl Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * metrics.sh: Move apache mod configuration to updates Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * metrics.cfg: Remove invalid parameter type Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * metrics.sh: Create /etc/default/prometheus-node-exporter via heredoc Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * nextcloud.conf.sh: Prevent template parsing error if metrics.sh is disabled (i.e. on docker) Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * metrics.cfg: Add info directing users to my preconfigured ncp dashboard Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * Various fixes - metrics.sh: Fix is_active function always returning 1 - metrics.sh: Fix apache2 reload potentially interrupting web ui - nc-nextcloud.sh: exit if nextcloud.conf templating fails - various readability and code style improvements Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * letsencrypt.sh: Use consistent return codes in tmpl_letsencrypt_domain Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * nextcloud.conf.sh: Remove obsolete return code escape Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * nextcloud.conf.sh: Ensure that the snakeoil self-signed cert exists before enabling it Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> * updates/1.36.4.sh: Reload apache in the background instead of restarting it blockingly Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> --- bin/ncp/CONFIG/nc-nextcloud.sh | 31 ++++------------ bin/ncp/NETWORKING/letsencrypt.sh | 21 ++++++----- bin/ncp/SYSTEM/metrics.sh | 78 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 97 insertions(+), 33 deletions(-) create mode 100644 bin/ncp/SYSTEM/metrics.sh (limited to 'bin') diff --git a/bin/ncp/CONFIG/nc-nextcloud.sh b/bin/ncp/CONFIG/nc-nextcloud.sh index 7f354b31..fa522a57 100644 --- a/bin/ncp/CONFIG/nc-nextcloud.sh +++ b/bin/ncp/CONFIG/nc-nextcloud.sh @@ -175,30 +175,13 @@ EOF ## SET APACHE VHOST echo "Setting up Apache..." - cat > /etc/apache2/sites-available/nextcloud.conf <<'EOF' - - - DocumentRoot /var/www/nextcloud - CustomLog /var/log/apache2/nc-access.log combined - ErrorLog /var/log/apache2/nc-error.log - SSLEngine on - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - - - Options +FollowSymlinks - AllowOverride All - - Dav off - - LimitRequestBody 0 - SSLRenegBufferSize 10486000 - - - Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains" - - -EOF + bash /usr/local/etc/nextcloud.conf.sh > /etc/apache2/sites-available/nextcloud.conf || { + echo "ERROR: An error occured while generating the nextcloud apache2 config. Attempting safe mode..." + bash /usr/local/etc/nextcloud.conf.sh --defaults > /etc/apache2/sites-available/nextcloud.conf || { + echo "ERROR: Safe mode templating failed as well. Nextcloud will not work." + exit 1 + } + } a2ensite nextcloud cat > /etc/apache2/sites-available/000-default.conf <<'EOF' diff --git a/bin/ncp/NETWORKING/letsencrypt.sh b/bin/ncp/NETWORKING/letsencrypt.sh index 415567b0..9b5df324 100644 --- a/bin/ncp/NETWORKING/letsencrypt.sh +++ b/bin/ncp/NETWORKING/letsencrypt.sh @@ -9,7 +9,7 @@ ncdir=/var/www/nextcloud -vhostcfg=/etc/apache2/sites-available/nextcloud.conf +nc_vhostcfg=/etc/apache2/sites-available/nextcloud.conf vhostcfg2=/etc/apache2/sites-available/ncp.conf letsencrypt=/usr/bin/letsencrypt @@ -18,6 +18,16 @@ is_active() [[ $( find /etc/letsencrypt/live/ -maxdepth 0 -empty | wc -l ) == 0 ]] } +tmpl_letsencrypt_domain() { + ( + . /usr/local/etc/library.sh + if is_active + then + find_app_param letsencrypt DOMAIN + fi + ) +} + install() { cd /etc || return 1 @@ -48,11 +58,6 @@ configure() [[ "$DOMAIN" == "" ]] && { echo "empty domain"; return 1; } - # Configure Apache - grep -q ServerName $vhostcfg && \ - sed -i "s|ServerName .*|ServerName $DOMAIN|" $vhostcfg || \ - sed -i "/DocumentRoot/aServerName $DOMAIN" $vhostcfg - # Do it local domain_string="" for domain in $DOMAIN $OTHER_DOMAIN; do @@ -94,9 +99,7 @@ EOF chmod +x /etc/letsencrypt/renewal-hooks/deploy/ncp # Configure Apache - sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/fullchain.pem|" $vhostcfg - sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" $vhostcfg - + bash /usr/local/etc/ncp-templates/nextcloud.conf.sh > ${nc_vhostcfg} sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/fullchain.pem|" $vhostcfg2 sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" $vhostcfg2 diff --git a/bin/ncp/SYSTEM/metrics.sh b/bin/ncp/SYSTEM/metrics.sh new file mode 100644 index 00000000..bd13de28 --- /dev/null +++ b/bin/ncp/SYSTEM/metrics.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +is_active() { + systemctl is-active -q prometheus-node-exporter || return 0 + return 1 +} + +tmpl_metrics_enabled() { + ( + . /usr/local/etc/library.sh + local param_active="$(find_app_param metrics.sh ACTIVE)" + [[ "$param_active" == yes ]] || exit 1 + ) +} + +install() { + + # Subshell to return on failure instead of exiting (due to set -e) + ( + + set -e + cat > /etc/default/prometheus-node-exporter <<'EOF' +ARGS="--collector.filesystem.ignored-mount-points=\"^/(dev|proc|run|sys|mnt|var/log|var/lib/docker)($|/)\"" +EOF + apt_install prometheus-node-exporter + + # TODO: Docker support? + systemctl disable prometheus-node-exporter + service prometheus-node-exporter stop + + ) +} + +configure() { + + if [[ "$ACTIVE" != yes ]] + then + bash /usr/local/etc/ncp-templates/nextcloud.conf.sh --defaults > /etc/apache2/sites-available/nextcloud.conf + + systemctl disable prometheus-node-exporter + service prometheus-node-exporter stop + else + [[ -n "$USER" ]] || { + echo "ERROR: User can not be empty!" >&2 + return 1 + } + + [[ -n "$PASSWORD" ]] || { + echo "ERROR: Password can not be empty!" >&2 + return 1 + } + + [[ ${#PASSWORD} -ge 10 ]] || { + echo "ERROR: Password must be at least 10 characters long!" >&2 + return 1 + } + + local htpasswd_file="/usr/local/etc/metrics.htpasswd" + rm -f "${htpasswd_file}" + echo "$PASSWORD" | htpasswd -ciB "${htpasswd_file}" metrics + + bash /usr/local/etc/ncp-templates/nextcloud.conf.sh > /etc/apache2/sites-available/nextcloud.conf || { + echo "An unexpected error occurred while configuring apache. Rolling back..." >&2 + bash /usr/local/etc/ncp-templates/nextcloud.conf.sh --defaults > /etc/apache2/sites-available/nextcloud.conf + return 1 + } + + systemctl enable prometheus-node-exporter + service prometheus-node-exporter start + + echo "Metric endpoint enabled. You can test it at https://nextcloudpi.local/metrics/system (or under your NC domain under the same path)" + fi + echo "Apache Test:" + apache2ctl -t + bash -c "sleep 2 && service apache2 reload" &>/dev/null & + + +} -- cgit v1.2.3