diff --git a/src/main/java/com/ctrip/zeus/client/GroupClient.java b/src/main/java/com/ctrip/zeus/client/GroupClient.java index cf5c6faf..00421c24 100644 --- a/src/main/java/com/ctrip/zeus/client/GroupClient.java +++ b/src/main/java/com/ctrip/zeus/client/GroupClient.java @@ -40,6 +40,15 @@ public class GroupClient extends AbstractRestClient { } } + public List getGroupsByVsId(String vsId) { + String res = getTarget().path("/api/groups").queryParam("vsId", vsId).request().headers(getDefaultHeaders()).get(String.class); + try { + return DefaultJsonParser.parse(GroupList.class, res).getGroups(); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + public Response add(Group group) { return getTarget().path("/api/group/new").request().headers(getDefaultHeaders()) .post(Entity.entity( diff --git a/src/main/java/com/ctrip/zeus/client/VirtualServerClient.java b/src/main/java/com/ctrip/zeus/client/VirtualServerClient.java new file mode 100644 index 00000000..9de7980f --- /dev/null +++ b/src/main/java/com/ctrip/zeus/client/VirtualServerClient.java @@ -0,0 +1,26 @@ +package com.ctrip.zeus.client; + +import com.ctrip.zeus.model.entity.VirtualServer; +import com.ctrip.zeus.model.transform.DefaultJsonParser; + +import javax.ws.rs.core.MediaType; +import java.io.IOException; + +/** + * Created by lu.wang on 2016/4/15. + */ +public class VirtualServerClient extends AbstractRestClient { + public VirtualServerClient(String url) { + super(url); + } + + public VirtualServer get(String vsId) { + String res = getTarget().path("/api/vs").queryParam("vsId", vsId).request(MediaType.APPLICATION_JSON) + .headers(getDefaultHeaders()).get(String.class); + try { + return DefaultJsonParser.parse(VirtualServer.class, res); + } catch (IOException e) { + throw new RuntimeException(e); + } + } +} diff --git a/src/main/java/com/ctrip/zeus/service/build/conf/LocationConf.java b/src/main/java/com/ctrip/zeus/service/build/conf/LocationConf.java index a02199ab..e6311fef 100644 --- a/src/main/java/com/ctrip/zeus/service/build/conf/LocationConf.java +++ b/src/main/java/com/ctrip/zeus/service/build/conf/LocationConf.java @@ -6,6 +6,8 @@ import com.ctrip.zeus.model.entity.Slb; import com.ctrip.zeus.model.entity.VirtualServer; import com.ctrip.zeus.service.build.ConfService; import com.ctrip.zeus.service.model.PathRewriteParser; +import com.netflix.config.DynamicPropertyFactory; +import com.netflix.config.DynamicStringProperty; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Component; @@ -21,16 +23,8 @@ public class LocationConf { @Resource ConfService confService; - private Long slbId = null; - private Long vsId = null; - private Long groupId = null; private static final Logger LOGGER = LoggerFactory.getLogger(LocationConf.class); - private final String hcLuaScripts = new StringBuilder(512).append("'\n") - //TODO hardcode health check gif - .append("local res = ngx.decode_base64(\"").append("").append("\");\n") - .append("ngx.print(res);\n") - .append("return ngx.exit(200);'").toString(); private final String errLuaScripts = new StringBuilder(512).append("'\n") .append("local domain = \"domain=\"..ngx.var.host;\n") .append("local uri = \"&uri=\"..string.gsub(ngx.var.request_uri, \"?.*\", \"\");\n") @@ -44,9 +38,13 @@ public class LocationConf { .append(" else\n") .append(" ngx.req.set_header(\"X-Forwarded-For\", ngx.var.remote_addr )\n") .append(" end\n") - .append("end';\n").toString(); + .append("end'").toString(); public void write(ConfWriter confWriter, Slb slb, VirtualServer vs, Group group) throws Exception { + Long slbId = slb.getId(); + Long vsId = vs.getId(); + Long groupId = group.getId(); + for (GroupVirtualServer e : group.getGroupVirtualServers()) { if (e.getVirtualServer().getSlbId().longValue() == slb.getId()) { String upstreamName = "backend_" + group.getId(); @@ -61,7 +59,7 @@ public class LocationConf { confWriter.writeLocationStart(e.getPath()); if (confService.getEnable("location.client.max.body.size", slbId, vsId, groupId, false)) { - confWriter.writeCommand("client_max_body_size", confService.getStringValue("location.client.max.body.size", slbId, vsId, groupId, null) + "m"); + confWriter.writeCommand("client_max_body_size", confService.getStringValue("location.client.max.body.size", slbId, vsId, groupId, "") + "m"); } confWriter.writeCommand("proxy_request_buffering", "off"); @@ -84,7 +82,7 @@ public class LocationConf { confService.getStringValue("location.x-forwarded-for.white.list", slbId, vsId, groupId, "172\\..*|192\\.168.*|10\\..*") + "\"") .writeCommand("set", "$inWhite \"true\"") .writeIfEnd() - .write("rewrite_by_lua ").write(setHeaderLuaScripts); + .writeCommand("rewrite_by_lua", setHeaderLuaScripts); }else { confWriter.writeCommand("proxy_set_header", "X-Forwarded-For $proxy_add_x_forwarded_for"); } @@ -94,7 +92,7 @@ public class LocationConf { } confWriter.writeCommand("set", "$upstream " + upstreamName); - addBastionCommand(confWriter,upstreamName); + addBastionCommand(confWriter, upstreamName, slbId, vsId, groupId); //rewrite should after set $upstream addRewriteCommand(confWriter, slb, vs, group); @@ -144,7 +142,7 @@ public class LocationConf { } } - private void addBastionCommand(ConfWriter confWriter,String upstreamName) throws Exception { + private void addBastionCommand(ConfWriter confWriter, String upstreamName, Long slbId, Long vsId, Long groupId) throws Exception { String whiteList = confService.getStringValue("location.bastion.white.list", slbId, vsId, groupId, "denyAll"); confWriter.writeIfStart("$remote_addr ~* \"" + whiteList + "\"") @@ -158,29 +156,52 @@ public class LocationConf { .writeIfEnd(); } - public void writeHealthCheckLocation(ConfWriter confWriter) { + public void writeHealthCheckLocation(ConfWriter confWriter, Long slbId, Long vsId) throws Exception { confWriter.writeLocationStart("~* ^/do_not_delete/noc.gif$"); confWriter.writeCommand("add_header", "Accept-Ranges bytes"); - confWriter.writeCommand("content_by_lua", hcLuaScripts); + confWriter.writeCommand("content_by_lua", getHcLuaScripts(slbId, vsId)); confWriter.writeLocationEnd(); } - public void writeErrorPageLocation(ConfWriter confWriter, int statusCode) throws Exception { + private String getHcLuaScripts(Long slbId, Long vsId) throws Exception { + return new StringBuilder(512).append("'\n") + //TODO hardcode health check gif + .append("local res = ngx.decode_base64(\"").append(confService.getStringValue("location.vs.health.check.gif.base64", slbId, vsId, null, "")).append("\");\n") + .append("ngx.print(res);\n") + .append("return ngx.exit(200);'").toString(); + } + + public void writeErrorPageLocation(ConfWriter confWriter, int statusCode, Long slbId, Long vsId) throws Exception { String url = confService.getStringValue("location.errorPage.host.url", slbId, vsId, null, null); if (url == null || url.isEmpty()) { LOGGER.error("Error page url is not configured. Skip writing error page locations."); return; } - String path = "/" + statusCode + "page"; - confWriter.writeCommand("error_page", statusCode + " " + path); - confWriter.writeLocationStart("= " + path); - confWriter.writeLine("internal;"); - confWriter.writeCommand("proxy_set_header", "Accept text/html"); - confWriter.writeCommand("rewrite_by_lua", errLuaScripts); - confWriter.writeCommand("rewrite", "\"" + path + "\" \"/errorpage/" + statusCode + "\" break"); - confWriter.writeCommand("proxy_pass", url); - confWriter.writeLocationEnd(); + boolean errorPageUseNew = confService.getEnable("location.errorPage.use.new", slbId, vsId, null, true); + String errorPageAccept = confService.getStringValue("location.errorPage.accept", slbId, vsId, null, "text/html"); + if (errorPageUseNew) { + String path = "/" + statusCode + "page"; + confWriter.writeCommand("error_page", statusCode + " " + path); + confWriter.writeLocationStart("= " + path); + confWriter.writeLine("internal;"); + confWriter.writeCommand("proxy_set_header Accept", errorPageAccept); + confWriter.writeCommand("rewrite_by_lua", errLuaScripts); + confWriter.writeCommand("rewrite", "\"" + path + "\" \"/errorpage/" + statusCode + "\" break"); + confWriter.writeCommand("proxy_pass", url); + confWriter.writeLocationEnd(); + } else { + String errorPageConfig = confService.getStringValue("location.errorPage." + statusCode + ".url", slbId, vsId, null, null); + if (null != errorPageConfig) { + String path = "/" + statusCode + "page"; + confWriter.writeCommand("error_page", statusCode + " " + path); + confWriter.writeLocationStart("= " + path); + confWriter.writeLine("internal;"); + confWriter.writeCommand("proxy_set_header Accept", errorPageAccept); + confWriter.writeCommand("proxy_pass", errorPageConfig); + confWriter.writeLocationEnd(); + } + } } public void writeDyupsLocation(ConfWriter confWriter) { diff --git a/src/main/java/com/ctrip/zeus/service/build/conf/NginxConf.java b/src/main/java/com/ctrip/zeus/service/build/conf/NginxConf.java index 0ec91f71..dcfecb98 100644 --- a/src/main/java/com/ctrip/zeus/service/build/conf/NginxConf.java +++ b/src/main/java/com/ctrip/zeus/service/build/conf/NginxConf.java @@ -39,7 +39,7 @@ public class NginxConf { confWriter.writeHttpStart(); confWriter.writeCommand("include", "mime.types"); confWriter.writeCommand("default_type", "application/octet-stream"); - confWriter.writeCommand("keepalive_timeout", "65"); + confWriter.writeCommand("keepalive_timeout", confService.getStringValue("keepAlive.timeout", slbId, null, null, "65")); confWriter.writeCommand("log_format", "main " + LogFormat.getMain()); confWriter.writeCommand("access_log", "/opt/logs/nginx/access.log main"); confWriter.writeCommand("server_names_hash_max_size", confService.getStringValue("serverNames.maxSize", slbId, null, null, "10000")); @@ -50,8 +50,8 @@ public class NginxConf { confWriter.writeCommand("req_status_zone", ShmZoneName + " \"$hostname/$proxy_host\" 20M"); - serverConf.writeCheckStatusServer(confWriter, ShmZoneName); - serverConf.writeDyupsServer(confWriter); + serverConf.writeCheckStatusServer(confWriter, ShmZoneName, slbId); + serverConf.writeDyupsServer(confWriter, slbId); serverConf.writeDefaultServers(confWriter); confWriter.writeCommand("include", "upstreams/*.conf"); diff --git a/src/main/java/com/ctrip/zeus/service/build/conf/ServerConf.java b/src/main/java/com/ctrip/zeus/service/build/conf/ServerConf.java index 11ffbb7a..ec8bb5b0 100644 --- a/src/main/java/com/ctrip/zeus/service/build/conf/ServerConf.java +++ b/src/main/java/com/ctrip/zeus/service/build/conf/ServerConf.java @@ -20,18 +20,14 @@ public class ServerConf { @Resource ConfService confService; @Resource - UpstreamsConf upstreamsConf; - @Resource LocationConf locationConf; - private Long slbId = null; - private Long vsId = null; public static final String SSL_PATH = "/data/nginx/ssl/"; private static final String ZONENAME = "proxy_zone"; public String generate(Slb slb, VirtualServer vs, List groups) throws Exception { - slbId = slb.getId(); - vsId = vs.getId(); + Long slbId = slb.getId(); + Long vsId = vs.getId(); ConfWriter confWriter = new ConfWriter(1024, true); try { @@ -59,7 +55,7 @@ public class ServerConf { } if (confService.getEnable("server.vs.health.check", slbId, vsId, null, false)) { - locationConf.writeHealthCheckLocation(confWriter); + locationConf.writeHealthCheckLocation(confWriter, slbId, vsId); } confWriter.writeCommand(" req_status", ZONENAME); @@ -71,10 +67,10 @@ public class ServerConf { if (confService.getEnable("server.errorPage", slbId, vsId, null, false)) { for (int sc = 400; sc <= 425; sc++) { - locationConf.writeErrorPageLocation(confWriter, sc); + locationConf.writeErrorPageLocation(confWriter, sc, slbId, vsId); } for (int sc = 500; sc <= 510; sc++) { - locationConf.writeErrorPageLocation(confWriter, sc); + locationConf.writeErrorPageLocation(confWriter, sc, slbId, vsId); } } @@ -93,19 +89,19 @@ public class ServerConf { return res; } - public void writeDyupsServer(ConfWriter confWriter) throws Exception { + public void writeDyupsServer(ConfWriter confWriter, Long slbId) throws Exception { confWriter.writeCommand("dyups_upstream_conf", "conf/dyupstream.conf"); confWriter.writeServerStart(); - confWriter.writeCommand("listen", confService.getStringValue("server.dyups.port", slbId, vsId, null, "8081")); + confWriter.writeCommand("listen", confService.getStringValue("server.dyups.port", slbId, null, null, "8081")); locationConf.writeDyupsLocation(confWriter); confWriter.writeServerEnd(); } - public void writeCheckStatusServer(ConfWriter confWriter, String shmZoneName) throws Exception { + public void writeCheckStatusServer(ConfWriter confWriter, String shmZoneName, Long slbId) throws Exception { confWriter.writeServerStart(); - confWriter.writeCommand("listen", confService.getStringValue("server.status.port", slbId, vsId, null, "10001")); + confWriter.writeCommand("listen", confService.getStringValue("server.status.port", slbId, null, null, "10001")); confWriter.writeCommand("req_status", shmZoneName); locationConf.writeCheckStatusLocations(confWriter); confWriter.writeServerEnd(); diff --git a/src/main/java/com/ctrip/zeus/service/build/conf/UpstreamsConf.java b/src/main/java/com/ctrip/zeus/service/build/conf/UpstreamsConf.java index 6a28fa26..01d3cf89 100644 --- a/src/main/java/com/ctrip/zeus/service/build/conf/UpstreamsConf.java +++ b/src/main/java/com/ctrip/zeus/service/build/conf/UpstreamsConf.java @@ -24,8 +24,6 @@ public class UpstreamsConf { @Resource HealthCheckConf healthCheckConf; - private Long slbId = null; - private Long vsId = null; public static final String UpstreamPrefix = "backend_"; public List generate(Set vsCandidates, VirtualServer vs, List groups, @@ -85,7 +83,8 @@ public class UpstreamsConf { return stringBuilder.toString(); } - public void writeUpstream(ConfWriter confWriter, VirtualServer vs, Group group, Set allDownServers, Set allUpGroupServers) throws Exception { + public void writeUpstream(ConfWriter confWriter, Long slbId, VirtualServer vs, Group group, Set allDownServers, Set allUpGroupServers) throws Exception { + Long vsId = vs.getId(); Long groupId = group.getId(); List groupServers = group.getGroupServers(); if (groupServers == null || groupServers.size() == 0) { diff --git a/src/main/java/com/ctrip/zeus/service/build/impl/BuildServiceImpl.java b/src/main/java/com/ctrip/zeus/service/build/impl/BuildServiceImpl.java index 6229837b..1154d442 100644 --- a/src/main/java/com/ctrip/zeus/service/build/impl/BuildServiceImpl.java +++ b/src/main/java/com/ctrip/zeus/service/build/impl/BuildServiceImpl.java @@ -129,7 +129,7 @@ public class BuildServiceImpl implements BuildService { Set allUpGroupServers, Group group) throws Exception { ConfWriter confWriter = new ConfWriter(); - upstreamsConf.writeUpstream(confWriter, virtualServer, group, allDownServers, allUpGroupServers); + upstreamsConf.writeUpstream(confWriter, slbId, virtualServer, group, allDownServers, allUpGroupServers); String upstreamBody = confWriter.getValue(); return new DyUpstreamOpsData().setUpstreamCommands(upstreamBody).setUpstreamName(UpstreamsConf.getUpstreamName(group.getId())); } diff --git a/src/main/resources/slb-admin-unittest.properties b/src/main/resources/slb-admin-unittest.properties index d9298f10..7f505338 100644 --- a/src/main/resources/slb-admin-unittest.properties +++ b/src/main/resources/slb-admin-unittest.properties @@ -1,103 +1,105 @@ -##################### -### nginxConf ####### -##################### -#"slb.nginx.status-port" (int, default=10001) -#nginx.status.port.ip.127.0.0.1 = -#nginx.status.port.group.999999 = -#nginx.status.port.vs.123 = -#nginx.status.port.slb.3 = -#nginx.status.port.default = 10001 +#bastion.white.list=10.32.* +nginx.location.bastion.white.list.default=10.32.* -#"slb.nginx.serverNames-maxSize" (int, default=10000) -#nginx.serverNames.maxSize.ip.127.0.0.1 = -#nginx.serverNames.maxSize.group.999999 = -#nginx.serverNames.maxSize.vs.123 = -#nginx.serverNames.maxSize.slb.3 = -#nginx.serverNames.maxSize.default = 10000 - -#"slb.nginx.serverNames-bucketSize" (int, default=128) -#nginx.serverNames.bucketSize.ip.127.0.0.1 = -#nginx.serverNames.bucketSize.group.999999 = -#nginx.serverNames.bucketSize.vs.123 = -#nginx.serverNames.bucketSize.slb.3 = -#nginx.serverNames.bucketSize.default = 128 - -#"slb.nginx.checkShmSize" (int, default=32) -#nginx.checkShmSize.ip.127.0.0.1 = -#nginx.checkShmSize.group.999999 = -#nginx.checkShmSize.vs.123 = -#nginx.checkShmSize.slb.3 = -#nginx.checkShmSize.default = 32 - -#"slb.nginx.logLevel" (String, default="") -#nginx.logLevel.ip.127.0.0.1 = -#nginx.logLevel.group.999999 = -#nginx.logLevel.vs.123 = -#nginx.logLevel.slb.3 = -#nginx.logLevel.default = "" - -#"dyups.port" (int, default=8081) -#nginx.dyups.port.ip.127.0.0.1 = -#nginx.dyups.port.group.999999 = -#nginx.dyups.port.vs.123 = -#nginx.dyups.port.slb.3 = -#nginx.dyups.port.default = 8081 +#client.max.body.size.list=5426=15;5532=15;6153=20;5787=10;6405=30 +nginx.location.client.max.body.size.enable.group.5426=true +nginx.location.client.max.body.size.group.5426=15 +nginx.location.client.max.body.size.enable.group.5532=true +nginx.location.client.max.body.size.group.5532=15 +nginx.location.client.max.body.size.enable.group.6153=true +nginx.location.client.max.body.size.group.6153=20 +nginx.location.client.max.body.size.enable.group.5787=true +nginx.location.client.max.body.size.group.5787=10 +nginx.location.client.max.body.size.enable.group.6405=true +nginx.location.client.max.body.size.group.6405=30 -##################### -### serverConf ###### -##################### -#"errorPage.enable" (boolean, default=false) -nginx.server.errorPage.enable.default = false +#errorPage.404.url=http://slberrorpages.ctripcorp.com/slberrorpages/404.htm +#errorPage.500.url=http://slberrorpages.ctripcorp.com/slberrorpages/500.htm +#errorPage.enable=false +#errorPage.enable-all=false +#errorPage.white.list=5356;734;7044 -#"errorPage.use.new" (boolean, default=true) -nginx.server.errorPage.use.new.enable.slb.3 = false -nginx.server.errorPage.use.new.enable.default = true +nginx.location.errorPage.enable.group.5356=true +nginx.location.errorPage.enable.group.734=true +nginx.location.errorPage.enable.group.7044=true -#"proxy.buffer.size.enable" (boolean, default=false) -nginx.server.proxy.buffer.size.enable.slb.3 = true +nginx.location.errorPage.enable.default=false +nginx.server.errorPage.enable.default=false -#"proxy.buffer.size" (String, default=8k) -nginx.server.proxy.buffer.size.slb.3 = 10k -nginx.server.proxy.buffer.size.default = 15k +#errorPage.use.new=false +#errorPage.host.url=http://10.2.40.251:8080/ +nginx.location.errorPage.host.url.default=http://10.2.40.251:8080/ +nginx.location.errorPage.use.new.enable.default=false -#"proxy.buffers" (String, default=8 8k) +#proxy.read-timeout.default=180 +#proxy.read-timeout.list=734=30;5356=45 +nginx.location.proxy.readTimeout.group.734=30 +nginx.location.proxy.readTimeout.group.5356=45 -#"proxy.busy.buffers.size" (String, default=8k) +nginx.location.proxy.readTimeout.enable.default=true +nginx.location.proxy.readTimeout.default=180 -#"errorPage.accept" (String, default=text/html) -nginx.server.errorPage.accept.default = text/html;application/xml +#upstream.keep-alive=All +nginx.location.upstream.keepAlive.enable.default=true +nginx.upstream.keepAlive.enable.default=true -#"vs.health.check.enable" (boolean, default=false) -nginx.server.vs.health.check.enable.slb.3 = true +#upstream.keep-alive.timeout.enableAll=true +#upstream.keep-alive.timeout.whitelist=330 +nginx.upstream.keepAlive.timeout.enable.default=true +nginx.upstream.keepAlive.timeout.enable.group.330=true -#"vs.health.check.gif.base64" (String, default=null) +#vs.health.check.enable=true +#vs.health.check.enable.all=true +#vs.health.check.gif.base64=R0lGODlhEAAQAJEBAABVmZmqzMz///+AMyH5BAEAAAEALAAAAAAQABAAAAI0jI+pAd1rnHzJKRpxBmHky3nDoDHUOEpb2HUcxR3i+DEy2kY6gnpfbJhVXgnfcAJBlJLLAgA7 +nginx.server.vs.health.check.enable.default=true +nginx.location.vs.health.check.gif.base64.default=R0lGODlhEAAQAJEBAABVmZmqzMz///+AMyH5BAEAAAEALAAAAAAQABAAAAI0jI+pAd1rnHzJKRpxBmHky3nDoDHUOEpb2HUcxR3i+DEy2kY6gnpfbJhVXgnfcAJBlJLLAgA7 -#"errorPage.host.url" (String, default=null) -nginx.server.errorPage.host.url.default = http://test.test -##################### -### upstreamsConf ### -##################### -#"upstream.keep-alive.enable" (String, default=null) -nginx.upstream.keepAlive.enable.group.111111 = false -nginx.upstream.keepAlive.enable.default = true +############################################################################################## +reporter.10.2.25.93.metrics=true +reporter.10.2.25.94.metrics=true +reporter.75.cms=false -#"upstream.keep-alive" (int, default=100) -nginx.upstream.keepAlive.group.999999 = 300 -nginx.upstream.keepAlive.default = 200 +config.save.count=9000 +health.check.status.always.update=false +ip.authentication=10.32.51.139,192.168.18.215,10.2.20.220,192.168.18.81,192.168.18.82,192.168.18.187,10.32.21.25,10.32.21.14,10.32.21.6,10.32.21.32,192.168.18.81,192.168.18.82,172.16.0.211,192.168.96.45,10.38.121.212,10.38.121.182,192.168.93.82,10.32.106.122,10.32.6.143,10.32.6.129,10.32.21.124,192.168.18.219,192.168.18.220,10.32.6.128,10.15.113.57,10.15.113.58,10.2.10.131,10.32.6.9,10.32.6.16,10.32.6.4,10.2.24.51,10.32.21.11,10.2.25.214,10.2.25.215=opsSystem#10.18.5.39,10.18.5.26,172.16.226.137,172.16.226.8,172.16.226.167,172.16.140.184,172.16.140.148,10.2.25.93,10.2.25.94,10.2.25.95,10.38.121.182,10.32.21.148,10.18.5.39,10.9.113.50,10.9.113.51,10.9.113.52,10.32.64.12,10.32.64.125,10.32.64.228,10.32.21.150,10.9.113.6,10.9.113.7,10.32.0.1,10.2.33.176,10.9.80.77,10.9.80.78=releaseSys#10.32.20.131=sdong#10.32.64.14,10.32.64.22,10.32.64.37=lsqiu#10.2.56.116=cmpSys +nginx.client.future.timeout=15000 +offset.status.default=0=true;1=false;2=false +port.whitelist=80,443,81,82 +server.authentication.enable=true +server.authorization.enable=true -#"upstream.keep-alive.timeout.enable" (boolean) -nginx.upstream.keepAlive.timeout.enable.group.111111 = false -nginx.upstream.keepAlive.timeout.enable.vs.456 = false -nginx.upstream.keepAlive.timeout.enable.slb.3 = true -nginx.upstream.keepAlive.timeout.enable.default = false +slb.nginx.waf.enable=true +slb.nginx.waf.enableAll=false +slb.nginx.waf.whiteList=73=10.2.25.93,10.2.25.94;76=10.2.43.162,10.2.43.161;75=10.2.27.21,10.2.25.96 -#"upstream.keep-alive.timeout" (int, default=) -nginx.upstream.keepAlive.timeout.vs.123 = 100 -nginx.upstream.keepAlive.timeout.slb.3 = 120 -nginx.upstream.keepAlive.timeout.default = 150 +virtual-server-id.ssl=632;1807;1808;1809 + +waf.proxy.port=10002 +waf.reload.uri=/update +waf.role.dir=/opt/app/nginx/conf/waf/conf/ + + + + +######################################## +#########boolean######## +nginx.server.testKey1.enable.group.1=true +nginx.server.testKey2.enable.vs.1=true +nginx.server.testKey3.enable.slb.1=true +nginx.server.testKey4.enable.default=true + +#########String######### +nginx.upstream.testKey1.group.1=testKey1_group1_value +nginx.upstream.testKey1.vs.1=testKey1_vs1_value +nginx.upstream.testKey1.slb.1=testKey1_slb1_value + +nginx.upstream.testKey2.default=testKey2_default_value + +#########Int########### +nginx.location.testKey1.default=1 +nginx.location.testKey1.slb.1=2 +nginx.location.testKey1.vs.1=3 +nginx.location.testKey1.group.1=4 -##################### -### locationConf #### -##################### \ No newline at end of file diff --git a/src/test/java/com/ctrip/zeus/service/ConfServiceTest.java b/src/test/java/com/ctrip/zeus/service/ConfServiceTest.java index 835abf3a..b124a727 100644 --- a/src/test/java/com/ctrip/zeus/service/ConfServiceTest.java +++ b/src/test/java/com/ctrip/zeus/service/ConfServiceTest.java @@ -1,8 +1,20 @@ package com.ctrip.zeus.service; import com.ctrip.zeus.AbstractServerTest; +import com.ctrip.zeus.client.GroupClient; +import com.ctrip.zeus.client.SlbClient; +import com.ctrip.zeus.client.VirtualServerClient; +import com.ctrip.zeus.model.entity.Group; +import com.ctrip.zeus.model.entity.GroupServer; +import com.ctrip.zeus.model.entity.Slb; +import com.ctrip.zeus.model.entity.VirtualServer; import com.ctrip.zeus.service.build.ConfService; +import com.ctrip.zeus.service.build.conf.LocationConf; +import com.ctrip.zeus.service.build.conf.NginxConf; +import com.ctrip.zeus.service.build.conf.ServerConf; +import com.ctrip.zeus.service.build.conf.UpstreamsConf; import com.ctrip.zeus.util.S; +import com.netflix.config.ConfigurationManager; import com.netflix.config.DynamicProperty; import com.netflix.config.DynamicPropertyFactory; import com.netflix.config.DynamicStringProperty; @@ -16,7 +28,14 @@ import support.AbstractSpringTest; import support.MysqlDbServer; import javax.annotation.Resource; +import java.io.ByteArrayOutputStream; import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Set; /** * Created by lu.wang on 2016/4/20. @@ -25,41 +44,48 @@ public class ConfServiceTest extends AbstractServerTest { @Resource ConfService confService; + @Resource + NginxConf nginxConf; + @Resource + ServerConf serverConf; + @Resource + UpstreamsConf upstreamsConf; + @Resource + LocationConf locationConf; - @Test - public void test1() { - DynamicStringProperty stringProperty = - DynamicPropertyFactory.getInstance().getStringProperty("nginx.server.proxy.buffer.size.default", "aa"); - System.out.println(stringProperty.get()); + @BeforeClass + public static void beforeClass() { + String appName = ConfigurationManager.getDeploymentContext().getApplicationId(); + try { + ConfigurationManager.loadCascadedPropertiesFromResources(appName); + } catch (IOException e) { + Assert.fail("Fail to load properties."); + } + } + + @Test + public void testLoad() { + DynamicStringProperty stringProperty = + DynamicPropertyFactory.getInstance().getStringProperty("nginx.location.bastion.white.list.default", "aa"); + Assert.assertEquals("10.32.*", stringProperty.get()); } @Test - @Ignore public void testGetStringValue() { try { String value; - //nginxConf - value = confService.getStringValue("logLevel", null, null, null, ""); - Assert.assertEquals("", value); + //testKey1 + value = confService.getStringValue("upstream.testKey1", null, 1L, 1L, ""); + Assert.assertEquals("testKey1_group1_value", value); + value = confService.getStringValue("upstream.testKey1", null, 1L, 2L, ""); + Assert.assertEquals("testKey1_vs1_value", value); + value = confService.getStringValue("upstream.testKey1", 1L, 2L, 2L, ""); + Assert.assertEquals("testKey1_slb1_value", value); + value = confService.getStringValue("upstream.testKey1", 2L, 2L, 2L, "code_value"); + Assert.assertEquals("code_value", value); - //serverConf - value = confService.getStringValue("server.proxy.buffer.size", 2L, null, null, "8k"); - Assert.assertEquals("15k", value); - - value = confService.getStringValue("server.proxy.buffers", 3L, null, null, "8 8k"); - Assert.assertEquals("8 8k", value); - - value = confService.getStringValue("server.proxy.busy.buffers.size", null, null, null, "8k"); - Assert.assertEquals("8k", value); - - value = confService.getStringValue("server.errorPage.accept", 3L, null, null, "text/html"); - Assert.assertEquals("text/html;application/xml", value); - - value = confService.getStringValue("server.vs.health.check.gif.base64", null, null, null, null); - Assert.assertNull(value); - - value = confService.getStringValue("server.errorPage.host.url", null, null, null, null); - Assert.assertEquals("http://test.test", value); + value = confService.getStringValue("upstream.testKey2", 1L, 1L, 1L, "code_value"); + Assert.assertEquals("testKey2_default_value", value); } catch (Exception e) { Assert.fail("Catch exception when testGetStringValue method." + e.getMessage()); @@ -67,33 +93,19 @@ public class ConfServiceTest extends AbstractServerTest { } @Test - @Ignore public void testGetIntValue() { try { - int value; - //nginxConf - value = confService.getIntValue("statusPort", null, null, null, 10001); - Assert.assertEquals(10001, value); - - value = confService.getIntValue("serverNames.maxSize", null, null, null, 10000); - Assert.assertEquals(10000, value); - - value = confService.getIntValue("serverNames.bucketSize", null, null, null, 128); - Assert.assertEquals(128, value); - - value = confService.getIntValue("checkShmSize", null, null, null, 32); - Assert.assertEquals(32, value); - - value = confService.getIntValue("dyups.port", null, null, null, 8081); - Assert.assertEquals(8081, value); - - //upstreamConf - value = confService.getIntValue("upstream.keepAlive", 3L, 123L, 999999L, 100); - Assert.assertEquals(300, value); - - value = confService.getIntValue("upstream.keepAlive.timeout", 3L, 123L, 999999L, 110); - Assert.assertEquals(100, value); + value = confService.getIntValue("location.testKey1", 1L, 1L, 1L, 10); + Assert.assertEquals(4, value); + value = confService.getIntValue("location.testKey1", 1L, 1L, 2L, 10); + Assert.assertEquals(3, value); + value = confService.getIntValue("location.testKey1", 1L, 2L, 2L, 10); + Assert.assertEquals(2, value); + value = confService.getIntValue("location.testKey1", 2L, 2L, 2L, 10); + Assert.assertEquals(1, value); + value = confService.getIntValue("location.testKey1", 3L, 3L, 3L, 10); + Assert.assertEquals(1, value); } catch (Exception e) { Assert.fail("Catch exception when testGetIntValue method." + e.getMessage()); @@ -101,40 +113,123 @@ public class ConfServiceTest extends AbstractServerTest { } @Test - @Ignore public void testGetEnable() { try { boolean value; - //serverConf - value = confService.getEnable("server.errorPage", 3L, null, null, true); + //testKey1 + value = confService.getEnable("server.testKey1", null, null, 1L, false); + Assert.assertTrue(value); + value = confService.getEnable("server.testKey1", null, null, 2L, false); Assert.assertFalse(value); - - value = confService.getEnable("server.errorPage.use.new", 3L, null, null, true); + value = confService.getEnable("server.testKey1", null, null, null, false); Assert.assertFalse(value); - - value = confService.getEnable("server.proxy.buffer.size", 3L, null, null, false); + value = confService.getEnable("server.testKey1", null, null, null, true); Assert.assertTrue(value); - value = confService.getEnable("server.vs.health.check", 2L, null, null, false); + //testKey2 + value = confService.getEnable("server.testKey2", null, 1L, null, false); + Assert.assertTrue(value); + value = confService.getEnable("server.testKey2", null, 1L, 1L, false); + Assert.assertTrue(value); + value = confService.getEnable("server.testKey2", null, 1L, 10L, false); + Assert.assertTrue(value); + value = confService.getEnable("server.testKey2", null, 2L, null, false); + Assert.assertFalse(value); + value = confService.getEnable("server.testKey2", 1L, 2L, 1L, false); Assert.assertFalse(value); - //upstreamConf - value = confService.getEnable("upstream.keepAlive", 3L, 123L, 999999L, false); + //testKey3 + value = confService.getEnable("server.testKey3", 1L, null, null, false); + Assert.assertTrue(value); + value = confService.getEnable("server.testKey3", 1L, 1L, 1L, false); Assert.assertTrue(value); - value = confService.getEnable("upstream.keepAlive.timeout", 3L, 123L, 999999L, false); + //testKey4 + value = confService.getEnable("server.testKey4", 1L, 1L, 1L, false); Assert.assertTrue(value); } catch (Exception e) { Assert.fail("Catch exception when testGetEnable method." + e.getMessage()); } - - } @Test - public void test() { - + public void testConf() { + try { + String slbUrl = "http://10.2.25.93:8099/"; + + SlbClient slbClient = new SlbClient(slbUrl); + Slb slb = slbClient.get("VS_Slb.uat_80"); //slbId=73 + + /*nginxConf.generate*/ + String result = nginxConf.generate(slb); + String actualContext = deleteCRLFOnce(result); + + InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream("com.ctrip.zeus.service/conf/nginx.conf"); + ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); + int i = inputStream.read(); + while(i != -1){ + byteArrayOutputStream.write(i); + i = inputStream.read(); + } + String exceptContext = byteArrayOutputStream.toString(); + exceptContext = deleteCRLFOnce(exceptContext); + Assert.assertEquals(exceptContext, actualContext); + + /*serverConf.generate*/ + VirtualServerClient vsClient = new VirtualServerClient(slbUrl); + VirtualServer vs = vsClient.get("632"); + + GroupClient groupClient = new GroupClient(slbUrl); + List groupList = groupClient.getGroupsByVsId("632"); + + result = serverConf.generate(slb, vs, groupList); //slbId=3; virtualServerId=632; + actualContext = deleteCRLFOnce(result); + + inputStream = this.getClass().getClassLoader().getResourceAsStream("com.ctrip.zeus.service/conf/vhosts_632.conf"); + byteArrayOutputStream = new ByteArrayOutputStream(); + i = inputStream.read(); + while(i != -1){ + byteArrayOutputStream.write(i); + i = inputStream.read(); + } + exceptContext = deleteCRLFOnce(byteArrayOutputStream.toString()); + + Assert.assertEquals(exceptContext, actualContext); + + + /*upstreamConf.generate*/ + Set allDownServers = new HashSet<>(); + Set allUpServers = new HashSet<>(); + + for (Group group : groupList) { + List groupServerList = group.getGroupServers(); + for (GroupServer groupServer : groupServerList) { + allUpServers.add(vs.getId() + "_" + group.getId() + "_" + groupServer.getIp()); + } + } + + result = upstreamsConf.generate(slb, vs, groupList, allDownServers, allUpServers); + actualContext = deleteCRLFOnce(result); + + inputStream = this.getClass().getClassLoader().getResourceAsStream("com.ctrip.zeus.service/conf/upstreams_632.conf"); + byteArrayOutputStream = new ByteArrayOutputStream(); + i = inputStream.read(); + while(i != -1){ + byteArrayOutputStream.write(i); + i = inputStream.read(); + } + exceptContext = deleteCRLFOnce(byteArrayOutputStream.toString()); + Assert.assertEquals(exceptContext, actualContext); + + } catch (Exception e) { + Assert.fail("Catch exception when testConf method."); + } } + private String deleteCRLFOnce(String input) { + return input.replaceAll("\\r\\n", "\n"); + } + + } diff --git a/src/test/resources/com.ctrip.zeus.service/conf/nginx.conf b/src/test/resources/com.ctrip.zeus.service/conf/nginx.conf new file mode 100644 index 00000000..70cdc94e --- /dev/null +++ b/src/test/resources/com.ctrip.zeus.service/conf/nginx.conf @@ -0,0 +1,77 @@ +worker_processes auto; +user nobody; +error_log /opt/logs/nginx/error.log; +worker_rlimit_nofile 65535; +pid logs/nginx.pid; +events { + worker_connections 30720; + multi_accept on; + use epoll; +} +http { + include mime.types; + default_type application/octet-stream; + keepalive_timeout 65; + log_format main '[$time_local] $host $hostname $server_addr $request_method $request_uri ' + '$server_port $remote_user $remote_addr $http_x_forwarded_for ' + '$server_protocol "$http_user_agent" "$http_cookie" "$http_referer" ' + '$status $request_length $bytes_sent $request_time $upstream_response_time ' + '$upstream_addr $upstream_status $proxy_host'; + access_log /opt/logs/nginx/access.log main; + server_names_hash_max_size 10000; + server_names_hash_bucket_size 128; + check_shm_size 32M; + client_max_body_size 2m; + ignore_invalid_headers off; + req_status_zone proxy_zone "$hostname/$proxy_host" 20M; + server { + listen 10001; + req_status proxy_zone; + location =/status.json { + add_header Access-Control-Allow-Origin *; + check_status json; + } + location / { + add_header Access-Control-Allow-Origin *; + check_status; + } + location /req_status { + req_status_show; + } + location /stub_status { + stub_status on; + } + } + dyups_upstream_conf conf/dyupstream.conf; + server { + listen 8081; + location / { + dyups_interface; + } + } + server { + listen *:80 default_server; + location = /domaininfo/OnService.html { + add_header Content-Type text/html; + return 200 "4008206666"; + } + location / { + return 404 "Not Found!"; + } + } + server { + listen *:443 default_server; + ssl on; + ssl_certificate /data/nginx/ssl/default/ssl.crt; + ssl_certificate_key /data/nginx/ssl/default/ssl.key; + location = /domaininfo/OnService.html { + add_header Content-Type text/html; + return 200 "4008206666"; + } + location / { + return 404 "Not Found!"; + } + } + include upstreams/*.conf; + include vhosts/*.conf; +} diff --git a/src/test/resources/com.ctrip.zeus.service/conf/upstreams_632.conf b/src/test/resources/com.ctrip.zeus.service/conf/upstreams_632.conf new file mode 100644 index 00000000..b93412d6 --- /dev/null +++ b/src/test/resources/com.ctrip.zeus.service/conf/upstreams_632.conf @@ -0,0 +1,27 @@ +upstream backend_331 { + server 10.2.25.174:443 weight=1 max_fails=10 fail_timeout=10; + keepalive 100; + keepalive_timeout 110s; + check interval=2000 rise=1 fall=1 timeout=2000 port=80 type=http default_down=false; + check_keepalive_requests 100; + check_http_send "GET /api-webapp/slbhealthcheck.html HTTP/1.1\r\nConnection:keep-alive\r\nHost:ws.security.pay.uat.qa.nt.ctripcorp.com\r\nUserAgent:SLB_HealthCheck\r\n\r\n"; + check_http_expect_alive http_2xx http_3xx; +} +upstream backend_332 { + server 10.2.25.174:443 weight=1 max_fails=10 fail_timeout=10; + keepalive 100; + keepalive_timeout 110s; + check interval=2000 rise=1 fall=1 timeout=2000 port=80 type=http default_down=false; + check_keepalive_requests 100; + check_http_send "GET /api-merchant/slbhealthcheck.html HTTP/1.1\r\nConnection:keep-alive\r\nHost:ws.security.pay.uat.qa.nt.ctripcorp.com\r\nUserAgent:SLB_HealthCheck\r\n\r\n"; + check_http_expect_alive http_2xx http_3xx; +} +upstream backend_333 { + server 10.2.25.174:443 weight=1 max_fails=10 fail_timeout=10; + keepalive 100; + keepalive_timeout 110s; + check interval=2000 rise=1 fall=1 timeout=2000 port=80 type=http default_down=false; + check_keepalive_requests 100; + check_http_send "GET /api-web/slbhealthcheck.html HTTP/1.1\r\nConnection:keep-alive\r\nHost:ws.security.pay.uat.qa.nt.ctripcorp.com\r\nUserAgent:SLB_HealthCheck\r\n\r\n"; + check_http_expect_alive http_2xx http_3xx; +} diff --git a/src/test/resources/com.ctrip.zeus.service/conf/vhosts_632.conf b/src/test/resources/com.ctrip.zeus.service/conf/vhosts_632.conf new file mode 100644 index 00000000..0b58c8fb --- /dev/null +++ b/src/test/resources/com.ctrip.zeus.service/conf/vhosts_632.conf @@ -0,0 +1,110 @@ +server { + listen 443; + server_name ws.security.pay.uat.qa.nt.ctripcorp.com; + ignore_invalid_headers off; + proxy_http_version 1.1; + ssl on; + ssl_certificate /data/nginx/ssl/632/ssl.crt; + ssl_certificate_key /data/nginx/ssl/632/ssl.key; + location ~* ^/do_not_delete/noc.gif$ { + add_header Accept-Ranges bytes; + content_by_lua ' + local res = ngx.decode_base64("R0lGODlhEAAQAJEBAABVmZmqzMz///+AMyH5BAEAAAEALAAAAAAQABAAAAI0jI+pAd1rnHzJKRpxBmHky3nDoDHUOEpb2HUcxR3i+DEy2kY6gnpfbJhVXgnfcAJBlJLLAgA7"); + ngx.print(res); + return ngx.exit(200);'; + } + req_status proxy_zone; + location ~*/api-webapp { + proxy_request_buffering off; + proxy_next_upstream off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Connection ""; + proxy_read_timeout 180s; + if ($remote_addr ~* "172\..*|192\.168.*|10\..*") { + set $inWhite "true"; + } + rewrite_by_lua ' + local headers = ngx.req.get_headers(); + if ngx.var.inWhite ~= "true" or headers["X-Forwarded-For"] == nil then + if (headers["True-Client-Ip"] ~= nil) then + ngx.req.set_header("X-Forwarded-For", headers["True-Client-IP"]) + else + ngx.req.set_header("X-Forwarded-For", ngx.var.remote_addr ) + end + end'; + set $upstream backend_331; + if ($remote_addr ~* "10.32.*") { + set $upstream $cookie_bastion; + } + if ($upstream = "") { + set $upstream backend_331; + } + if ($upstream != backend_331) { + add_header Bastion $cookie_bastion; + } + proxy_pass https://$upstream; + } + location ~*/api-merchant { + proxy_request_buffering off; + proxy_next_upstream off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Connection ""; + proxy_read_timeout 180s; + if ($remote_addr ~* "172\..*|192\.168.*|10\..*") { + set $inWhite "true"; + } + rewrite_by_lua ' + local headers = ngx.req.get_headers(); + if ngx.var.inWhite ~= "true" or headers["X-Forwarded-For"] == nil then + if (headers["True-Client-Ip"] ~= nil) then + ngx.req.set_header("X-Forwarded-For", headers["True-Client-IP"]) + else + ngx.req.set_header("X-Forwarded-For", ngx.var.remote_addr ) + end + end'; + set $upstream backend_332; + if ($remote_addr ~* "10.32.*") { + set $upstream $cookie_bastion; + } + if ($upstream = "") { + set $upstream backend_332; + } + if ($upstream != backend_332) { + add_header Bastion $cookie_bastion; + } + proxy_pass https://$upstream; + } + location ~*/api-web { + proxy_request_buffering off; + proxy_next_upstream off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Connection ""; + proxy_read_timeout 180s; + if ($remote_addr ~* "172\..*|192\.168.*|10\..*") { + set $inWhite "true"; + } + rewrite_by_lua ' + local headers = ngx.req.get_headers(); + if ngx.var.inWhite ~= "true" or headers["X-Forwarded-For"] == nil then + if (headers["True-Client-Ip"] ~= nil) then + ngx.req.set_header("X-Forwarded-For", headers["True-Client-IP"]) + else + ngx.req.set_header("X-Forwarded-For", ngx.var.remote_addr ) + end + end'; + set $upstream backend_333; + if ($remote_addr ~* "10.32.*") { + set $upstream $cookie_bastion; + } + if ($upstream = "") { + set $upstream backend_333; + } + if ($upstream != backend_333) { + add_header Bastion $cookie_bastion; + } + proxy_pass https://$upstream; + } +}