mkit 0.4.3 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fb997b1bc61151dde6209eeaefdf4f669df9255b7e69735eb0c5c56e346222f1
-  data.tar.gz: 3819a29d9335a2d4831051d133d9e0056b93d54803701a27ed596a750f907d7b
+  metadata.gz: ca554f25f295a7403d5f0d654663d466430a361c8aa2629961f1710579e62506
+  data.tar.gz: d670fcc4523810439d73244276766a8e5ff70f2b8a052b292941014a11e7ca3b
 SHA512:
-  metadata.gz: c95a967e4a016554700b9e844de87481fd8f4b1f71e2cb4cdae16509104b177485f6cdcc3aa114f3d4ab8680e8d39fb05c125fca4dd81edbb089800d08ec275e
-  data.tar.gz: f62ac16133370c7bc41f901fe148b708c046f4598331848daefd4bb108419f7b2fc510a9176bff771fbff3afa4e38d5ce000d70d8cad1feeb41b8f339956d802
+  metadata.gz: 825f5736fe72ce3bec3aab11f5edfa75b286a6e08ff4e6dc44be37c6d11a034e84a0910fca6ce78cb05ead4483ec228c368a749a301793396ddfc55043fc5bf9
+  data.tar.gz: 5b0c25f145e1c5ec19d8242d8e613c6746fc3ea25f4f1df0f39dc434ee43e56d480b399075230154d547abad466555f884077f1a1fff08590005645a762b3279

data/README.md

@@ -2,6 +2,8 @@
 
 This is micro kubernetes(tm) on Ruby(tm), a simple tool to deploy containers to mimic a (very) minimalistic k8 cluster with a nice REST API.
 
+It's also a frontend for `docker`, providing an easier way for your services to be locally available, without the need to care about local `ports` availability.
+
 It contains an internal DNS and uses HAProxy for routing/balancing/fail-over for Pods access.
 The database is a simple sqlite3 db and the server is a Sinatra based application.
 
@@ -16,86 +18,57 @@ The daemon is responsible for HAProxy pods routing configuration. It also provid
 * Docker
 * Linux (iproute2 package)
 
+**Note:** in order to have **ssl support**, you must install `openssl-dev` package (e.g. `libssl-dev` on Ubuntu) prior to install MKIt gem.
+
 ## Install
 
-This is a simple ruby gem, so to install run
+This is a simple ruby gem, so to install execute:
 ```
 # gem install mkit
 ```
 
-## Running
-
-The `daemon` requires `root` user (due to `ip` and `haproxy`), you can run it directly on the repository root...
-
-```
-# ./mkitd  --help
-Usage: mkitd [options]
-    -c config-dir                    set the config dir (default is /etc/mkit)
-    -p port                          set the port (default is 4567)
-    -b bind                          specify bind address (e.g. /tmp/app.sock)
-    -s server                        specify rack server/handler
-    -q                               turn on quiet mode (default is off)
-    -x                               turn on the mutex lock (default is off)
-    -e env                           set the environment (default is development)
-    -o addr                          set the host (default is (env == 'development' ? 'localhost' : '0.0.0.0'))
-   
-```
-
-or after the `gem install mkit-<version>.gem`. The server and client will be installed on host.
-
-```
-# mkitd
-...
- 0.65s     info: MKIt is up and running! [ec=0xbe0] [pid=45804] [2023-12-29 15:46:04 +0000]
-```
+## Configuration
 
-There's also samples on the samples dir, for daemontools and systemd.
+### Server configuration
 
-### Accessing the API
+On startup, [the server configuration](config) will be created on `/etc/mkit`.
 
-A client is provided to interact with mkit server.
+The server will available by default on `https://localhost:4567` but you can configure server startup parameters on `/etc/mkit/mkitd_config.sh`
 
-Run `mkitc help` to list current supported commands.
+Please check [systemd](samples/systemd) or [daemontools](samples/daemontools) directories for more details.
 
 ```
-Usage: mkitc <command> [options]
-
-Micro k8s on Ruby - a simple tool to mimic a (very) minimalistic k8 cluster
-
-Commands:
-
-ps         show services status (alias for status)
-status     show services status
-logs       prints service logs
-start      start service
-stop       stop service
-restart    restart service
-create     create new service
-update     update service
-rm         remove service
-version    prints mkit server version
-proxy      haproxy status and control
-
-Run 'mkitc help <command>' for specific command information.
+# /etc/mkit/mkitd_config.sh
+#
+# mkitd server options (for systemd unit | daemontools)
+#
+OPTIONS=""
+# e.g. OPTIONS="-b 0.0.0.0"
 ```
-
-Example:
+HAProxy config directory and control commands are defined on [mkit_config.yml](config/mkit_config.yml)
 
 ```
-$ mkitc ps postgres
-+----+----------+---------------+----------+--------------+---------+
-| id |   name   |     addr      |  ports   |     pods     | status  |
-+----+----------+---------------+----------+--------------+---------+
-| 2  | postgres | 10.210.198.10 | tcp/4532 | 49b5e4c8f247 | RUNNING |
-+----+----------+---------------+----------+--------------+---------+
+# /etc/mkit/mkit_config.yml - mkit server configuration file. 
+mkit:
+  my_network:
+    ip: 10.210.198.1
+  haproxy:
+    config_dir: /etc/haproxy/haproxy.d
+    ctrl:
+      start:   systemctl start   haproxy
+      stop:    systemctl stop    haproxy
+      reload:  systemctl reload  haproxy
+      restart: systemctl restart haproxy
+      status:  systemctl status  haproxy
+  database:
+    env: development
+  clients:
+    - id: client_1_id
+    - id: client_2_id
+    - ...
 ```
-The service `postgres` is available on IP `10.210.198.10:5432`
-
-## Configuration
-
-On startup, configuration files on `config` directory will be copied to `/etc/mkit`. HAProxy config directory and control commands are defined on `mkit_config.yml`
 
-You must configure `haproxy` to use config directory. e.g. on Ubuntu
+You must configure `haproxy` to use config directory. for example on Ubuntu:
 
 ```
 # /etc/default/haproxy
@@ -112,6 +85,41 @@ CONFIG="/etc/haproxy/haproxy.d"
 #EXTRAOPTS="-de -m 16"
 ```
 
+#### Authorization
+
+To access MKIt server API, you must add each client `id` to server configuration:
+
+```
+# /etc/mkit/mkit_config.yml - mkit server configuration file. 
+mkit:
+  my_network:
+...
+  clients:
+    - id: client_1_id
+    - id: client_2_id
+    - ...
+```
+
+### Client configuration
+
+On `mkitc` first call, default configuration will be copied to `$HOME/.mkit` with `local`default profile set.
+
+You must call `mkitc init` to initialize client configuration.
+
+Client identification key (`my_id`) will be generated, printed out to console and saved to the client's configuration file.
+
+You may edit the local configuration file to add more servers and change active profile with `$mkitc profile set <profile_name>`, e.g. `$mkitc profile set server_2`
+
+```
+# ~/.mkit/mkitc_config.yml
+mkit:
+  local: 
+    server.uri: https://localhost:4567
+  server_2:  # you can add more servers. change the client active profile with mkitc profile command
+    server.uri: https://192.168.29.232:4567
+my_id: unique_id # this id is generated running mkitc init
+```
+
 ### Service
 
 ```
@@ -123,7 +131,12 @@ service:
           #   <external_port>:[internal_port]:<tcp|http>:[round_robin (default)|leastconn]
           # to define a range on `external_port`, leave `internal_port` blank
           #   - 5000-5100::tcp:round_robin
-          # range on `internal_port` is not supported 
+          #   range on `internal_port` is not supported
+          # ssl suport
+          #   <external_port>:[internal_port]:<tcp|http>:round_robin|leastconn[:ssl[,<cert.pem>(mkit.pem default)>]]
+          #   e.g.
+          #  - 443:80:http:round_robin:ssl # uses mkitd default crt file (mkit.pem)
+          #  - 443:80:http:round_robin:ssl,/etc/pki/foo.pem # custom crt file full path
     - 5672:5672:tcp:round_robin
     - 80:15672:http:round_robin
   resources:
@@ -138,6 +151,72 @@ service:
     RABBITMQ_DEFAULT_VHOST: mkit
 ```
 
+## Running
+
+The `mkitd server daemon` requires `root` user (due to `ip` and `haproxy`).
+After installing the gem, server and client will be available on host.
+```
+# mkitd  --help
+Usage: mkitd [options]
+    -c config-dir                    set the config dir (default is /etc/mkit)
+    -p port                          set the port (default is 4567)
+    -b bind                          specify bind address (e.g. 0.0.0.0)
+    -e env                           set the environment (default is development)
+    -o addr                          alias for '-b' option
+        --no-ssl                     disable ssl - use http for local server. (default is https)
+        --ssl-key-file PATH          Path to private key (default mkit internal)
+        --ssl-cert-file PATH         Path to certificate (default mkit internal)
+```
+
+There's also samples for [systemd](samples/systemd) and [daemontools](samples/daemontools) as well for some miscellaneous [spps](samples/apps).
+
+### Accessing the API
+
+A client is provided to interact with MKIt server.
+
+Run `mkitc help` for a list of current supported commands.
+
+```
+Usage: mkitc <command> [options]
+
+Micro k8s on Ruby - a simple tool to mimic a (very) minimalistic k8 cluster
+
+Commands:
+
+init       init mkit client
+ps         show services status (alias for status)
+status     show services status
+logs       prints service logs
+start      start service
+stop       stop service
+restart    restart service
+create     create new service
+update     update service
+rm         remove service
+version    prints mkit server version
+proxy      haproxy status and control
+profile    mkit client configuration profile
+
+Run 'mkitc help <command>' for specific command information.
+```
+
+Example:
+
+```
+$ mkitc ps
++----+-------+---------------+-------------------+--------------+---------+
+| id | name  |     addr      |       ports       |     pods     | status  |
++----+-------+---------------+-------------------+--------------+---------+
+| 1  | mongo | 10.210.198.10 | tcp/27017         | 106e2b59cb11 | RUNNING |
+| 2  | nexus | 10.210.198.11 | http/80,https/443 | 68e239e5102a | RUNNING |
++----+-------+---------------+-------------------+--------------+---------+
+```
+The service `mongo` is available on IP `10.210.198.10:27017`
+The service `nexus` is available on IP `10.210.198.11:80` and on port `443` with ssl.
+
+**Note:** Don't forget to call `mkitc init` to initialize client configuration and to add the `client-id`
+to the server authorized clients list.
+
 ## Development
 
 * build the gem

data/bin/mkitc

@@ -9,25 +9,29 @@ require 'json'
 require 'net_http_unix'
 require 'securerandom'
 require 'erb'
+require 'uri'
+require 'fileutils'
 
-class InvalidParametersException < RuntimeError
+class InvalidParametersException < Exception
   attr_reader :command
+
   def initialize(cause, command = nil)
     super(cause)
     @command = command
   end
 end
 
-class MKItClient
-  def initialize
-    @client = NetX::HTTPUnix.new('localhost', 4567)
-  end
-
-  def dict
+class CommandPalette
+  def schema
     global_args = [
       { short: '-v', long: '--verbose', help: 'verbose', mandatory: false, value: nil }
     ]
-    command_dict = [
+    [
+      {
+        cmd: 'init',
+        help: 'init mkit client',
+        request: { }
+      },
       {
         cmd: 'ps',
         args: [
@@ -140,69 +144,96 @@ class MKItClient
         ],
         help: 'haproxy status and control',
         usage: ['<start|stop|restart|status>']
+      },
+      {
+        cmd: 'profile',
+        options: [
+          {
+            cmd: 'set',
+            request: { verb: 'set' },
+            args: [
+              { name: 'profile_name', mandatory: true }
+            ],
+            help: 'set mkit client configuration profile'
+          },
+          {
+            cmd: 'show',
+            request: { verb: 'show' },
+            help: 'show mkit client current profile'
+          }
+        ],
+        help: 'mkit client configuration profile',
+        usage: ['<[set <profile_name>]|[show]>']
       }
     ]
-    command_dict
   end
+end
 
-  def help(cause: nil, cmd: nil)
-    msg = ''
-    if cause.nil?
-      my_cmd = cmd
-    else
-      msg += "MKItc: #{cause.message}\n"
-      my_cmd = cause.command
-    end
-    if my_cmd.nil?
-      msg += "\nUsage: mkitc <command> [options]\n\n"
-      msg += "Micro k8s on Ruby - a simple tool to mimic a (very) minimalistic k8 cluster\n\n"
-      msg += "Commands:\n\n"
-      dict.each do |c|
-        msg += format("%-10s %s\n", c[:cmd], c[:help])
-      end
-      msg += "\n"
-      msg += "Run 'mkitc help <command>' for specific command information.\n\n"
-    else
-      msg += format("\nUsage: mkitc %s %s\n\n", my_cmd[:cmd], my_cmd[:usage].nil? ? '' : my_cmd[:usage].join(' '))
-      msg += format("%s\n", my_cmd[:help])
-      unless my_cmd[:options].nil?
-        msg += "\nOptions:\n"
-        my_cmd[:options].each  do |c|
-          msg += format("%-10s %s\n", c[:cmd], c[:help])
-        end
-      end
-      msg += "\n"
+class MKItClient
+  def initialize
+    @root = File.expand_path('..', __dir__)
+    @config_dir = "#{ENV['HOME']}/.mkit"
+    @profile_file = "#{@config_dir}/current"
+    @commands = CommandPalette.new
+    @config_file = "#{@config_dir}/mkitc_config.yml"
+    create_default_config
+  end
+
+  def create_default_config
+    unless File.exist?(@config_dir)
+      puts "Creating config directory on '#{@config_dir}'..."
+      FileUtils.mkdir_p(@config_dir)
     end
-    puts msg
-    exit 1
+    FileUtils.cp("#{@root}/config/mkitc_config.yml", @config_dir) unless File.exist?(@config_file)
+    profile({ verb: 'set' }, { profile_name: 'local' }) unless File.exist?(@profile_file)
   end
 
-  def create(request, request_hash = nil)
-    unless File.file?(request_hash[:file])
-      raise InvalidParametersException.new('File not found.', c = dict.select { |k| k[:cmd] == 'create' }.first)
+  def read_configuration(init_call = false)
+    current_profile = File.read(@profile_file)
+    if current_profile.nil? || current_profile.empty?
+      # force set default
+      profile({ verb: 'set' }, { profile_name: 'local' })
+      current_profile = 'local'
     end
+    cfg = YAML.load_file(@config_file)
 
-    yaml = YAML.load_file(request_hash[:file])
-    if yaml['service'].nil?
-      raise InvalidParametersException.new('Invalid configuration file', c = dict.select { |k| k[:cmd] == 'create' }.first)
-    else
-      request(request, request_hash)
+    if cfg['mkit'].nil? || cfg['mkit'][current_profile.lstrip].nil?
+      raise InvalidParametersException, "invalid configuration found on '~/.mkit' or profile not found"
     end
-  end
 
-  def update(request, request_hash = nil)
-    unless File.file?(request_hash[:file])
-      raise InvalidParametersException.new('File not found.', c = dict.select { |k| k[:cmd] == 'update' }.first)
+    @configuration = cfg['mkit'][current_profile.lstrip]
+    if !init_call && cfg['my_id'].nil?
+      raise InvalidParametersException.new("Please run 'mkitc init' to initialize mkit client.", find_command('init'))
     end
+    @my_id = cfg['my_id']
+    cfg
+  end
 
-    yaml = YAML.load_file(request_hash[:file])
-    if yaml['service'].nil?
-      raise InvalidParametersException.new('Invalid configuration file', c = dict.select { |k| k[:cmd] == 'update' }.first)
+  def client(req)
+    read_configuration
+    req['X-API-KEY'] = @my_id
+    uri = URI(@configuration['server.uri'])
+    case uri.scheme
+    when 'https'
+      @client = NetX::HTTPUnix.new(uri.host, uri.port)
+      @client.use_ssl = true
+      @client.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    when 'http'
+      @client = NetX::HTTPUnix.new(uri.host, uri.port)
+    when 'sock'
+      @client = NetX::HTTPUnix.new("unix://#{uri.path}")
     else
-      id = yaml['service']['name']
-      request_hash[:id] = id
-      request(request, request_hash)
+      raise InvalidParametersException, 'Invalid mkit server uri. Please check configuration'
     end
+    @client.request(req)
+  end
+
+  def dict
+    @commands.schema
+  end
+
+  def find_command(cmd)
+    dict.select { |k| k[:cmd] == cmd }.first
   end
 
   def parse_args(args)
@@ -211,55 +242,35 @@ class MKItClient
     # short circuit for help
     if cmd == 'help' || args.empty?
       if args.size > 1
-        c = dict.select { |k| k[:cmd] == args[1] }.first
+        c = find_command(args[1])
         raise InvalidParametersException, "'#{args[1]}' is not a valid help topic." if c.nil?
       end
       return help(cmd: c)
     else
-      c = dict.select { |k| k[:cmd] == cmd }.first
+      c = find_command(cmd)
     end
     raise InvalidParametersException, 'Command not found' if c.nil?
 
+    command = c
     myargs = args.dup
     myargs.delete(cmd)
 
-    max_args_size = c[:args].nil? ? 0 : c[:args].size
-    max_options_size = c[:options].nil? ? 0 : 1
-    max_args_size += max_options_size
-
-    min_args_size = c[:args].nil? ? 0 : c[:args].select { |a| a[:mandatory] == true }.size
-    min_options_size = c[:options].nil? ? 0 : 1
-    min_args_size += min_options_size
-
-    if myargs.size > max_args_size || myargs.size < min_args_size
-      raise InvalidParametersException.new('Invalid parameters found.', c)
-    end
-
     request_hash = {}
-    request = c[:request]
+    request = command[:request]
     unless myargs.empty?
-      unless c[:args].nil?
-        idx = 0
-        c[:args].each do |a|
-          request_hash[a[:name].to_sym] = myargs[idx]
-          request[:uri] = request[:uri] + a[:uri] unless a[:uri].nil?
-          idx += 1
-        end
-      end
       # options
       unless c[:options].nil?
-        option = nil
-        myargs.each do |s|
-          option = c[:options].select { |o| o[:cmd] == s }.first
-          raise InvalidParametersException.new('Invalid parameters found.', c) if option.nil? || option.empty?
-        end
-        raise InvalidParametersException.new('Invalid parameters found.', c) if option.nil? || option.empty?
+        command = c[:options].select { |o| o[:cmd] == myargs[0] }.first
+        raise InvalidParametersException.new('Invalid parameters found.', c) if command.nil? || command.empty?
 
-        request = option[:request]
+        myargs.delete_at(0)
+        request = command[:request]
       end
+      fill_cmd_args(command[:args], myargs, request, request_hash)
     end
-    raise InvalidParametersException, "Can't find request." if request.nil?
+    raise InvalidParametersException.new('Invalid command or parameters.', c) if request.nil?
 
+    validate_command(command, request_hash)
     if respond_to? c[:cmd]
       send(c[:cmd], request, request_hash)
     else
@@ -267,11 +278,25 @@ class MKItClient
     end
   end
 
-  def doIt(args)
-    result = parse_args(args)
-    puts result
-  rescue InvalidParametersException => e
-    help(cause: e)
+  def fill_cmd_args(args, myargs, request, request_hash)
+    return if args.nil?
+
+    idx = 0
+    args.each do |a|
+      request_hash[a[:name].to_sym] = myargs[idx]
+      request[:uri] = request[:uri] + a[:uri] unless a[:uri].nil?
+      idx += 1
+    end
+  end
+
+  def validate_command(command, request_hash)
+    return if command[:args].nil?
+
+    command[:args].select { |a| a[:mandatory] == true }.each do |a|
+      if request_hash[a[:name].to_sym].nil?
+        raise InvalidParametersException.new("Missing mandatory parameter: #{a[:name]}", command)
+      end
+    end
   end
 
   def request(request, request_args = nil)
@@ -304,7 +329,7 @@ class MKItClient
     when :delete
       req = Net::HTTP::Delete.new(uri)
     end
-    @client.request(req).body
+    client(req).body
   end
 
   def attach(file)
@@ -318,6 +343,118 @@ class MKItClient
     body << "\r\n--#{boundary}--\r\n"
     [body.join, boundary]
   end
+
+  def doIt(args)
+    result = parse_args(args)
+    puts result
+  rescue InvalidParametersException => e
+    help(cause: e)
+  end
+
+  def help(cause: nil, cmd: nil)
+    msg = ''
+    if cause.nil?
+      my_cmd = cmd
+    else
+      msg += "MKItc: #{cause.message}\n"
+      my_cmd = cause.command
+    end
+    if my_cmd.nil?
+      msg += "\nUsage: mkitc <command> [options]\n\n"
+      msg += "Micro k8s on Ruby - a simple tool to mimic a (very) minimalistic k8 cluster\n\n"
+      msg += "Commands:\n\n"
+      dict.each do |c|
+        msg += format("%-10s %s\n", c[:cmd], c[:help])
+      end
+      msg += "\n"
+      msg += "Run 'mkitc help <command>' for specific command information.\n\n"
+    else
+      msg += format("\nUsage: mkitc %s %s\n\n", my_cmd[:cmd], my_cmd[:usage].nil? ? '' : my_cmd[:usage].join(' '))
+      msg += format("%s\n", my_cmd[:help])
+      unless my_cmd[:options].nil?
+        msg += "\nOptions:\n"
+        my_cmd[:options].each  do |c|
+          msg += format("%-10s %s\n", c[:cmd], c[:help])
+        end
+      end
+      msg += "\n"
+    end
+    puts msg
+    exit 1
+  end
+
+  def init(request, request_hash = nil)
+    cfg = read_configuration(true)
+    if cfg['my_id'].nil?
+      my_id = SecureRandom.uuid.gsub('-','')
+      cfg['my_id'] = my_id
+      File.write(@config_file, cfg.to_yaml)
+      puts "Please check if your api-key is on mkitd server allowed keys"
+    else
+      my_id = cfg['my_id']
+    end
+    puts "Your api-key is #{my_id}"
+  end
+  def create(request, request_hash = nil)
+    unless File.file?(request_hash[:file])
+      raise InvalidParametersException.new('File not found.', find_command('create'))
+    end
+
+    yaml = YAML.load_file(request_hash[:file])
+    if yaml['service'].nil?
+      raise InvalidParametersException.new('Invalid configuration file', find_command('create'))
+    else
+      request(request, request_hash)
+    end
+  end
+
+  def update(request, request_hash = nil)
+    unless File.file?(request_hash[:file])
+      raise InvalidParametersException.new('File not found.', find_command('update'))
+    end
+
+    yaml = YAML.load_file(request_hash[:file])
+    if yaml['service'].nil?
+      raise InvalidParametersException.new('Invalid configuration file', find_command('update'))
+    else
+      id = yaml['service']['name']
+      request_hash[:id] = id
+      request(request, request_hash)
+    end
+  end
+
+  def profile(request, request_hash = {})
+    cfg = YAML.load_file("#{@config_dir}/mkitc_config.yml")
+    cmd = find_command('profile')
+    if cfg['mkit'].nil?
+      raise InvalidParametersException.new(
+        "Invalid configuration on '~/.mkit'\nPlease fix or clean up for defaults apply", cmd
+      )
+    end
+
+    case request[:verb]
+    when 'set'
+      profile = request_hash[:profile_name]
+      if cfg['mkit'][profile.lstrip].nil?
+        raise InvalidParametersException.new("Profile not found on '~/.mkit' configuration", cmd)
+      end
+
+      puts "Setting current profile to #{profile}."
+      File.write(@profile_file, request_hash[:profile_name])
+      ''
+    when 'show'
+      active = File.read("#{@config_dir}/current")
+      cfg['mkit'].map do |k, _v|
+        if k == active
+          "*#{k}"
+        else
+          k
+        end
+      end.join(' ')
+    else
+      raise InvalidParametersException.new("Invalid 'profile' operation", cmd)
+    end
+  end
 end
 
 #

data/bin/mkitd

@@ -9,9 +9,7 @@ def up
   require 'sinatra'
   require 'sinatra/base'
   require 'mkit'
-  # defaults
-  PARAMS_CONFIG[:bind] ||= 'localhost'
-  PARAMS_CONFIG[:port] ||= 4567
+
   MKIt.startup(options: PARAMS_CONFIG)
 
   use Rack::MethodOverride
@@ -21,26 +19,27 @@ def up
 
   # sinatra::base ignores in parameters
   # set it here or via configure...
-  Sinatra::Application.run!({ port: PARAMS_CONFIG[:port], bind: PARAMS_CONFIG[:bind] })
-  # MKIt::Server.run
+  # Sinatra::Application.run!({ port: PARAMS_CONFIG[:port], bind: PARAMS_CONFIG[:bind] })
+  Sinatra::Application.run! do |server|
+    MKIt.options(server)
+  end
+
 end
 
 if ARGV.any?
   require 'optparse'
   parser = OptionParser.new do |op|
     op.on('-c config-dir', 'set the config dir (default is /etc/mkit)') { |val| PARAMS_CONFIG[:config_dir] = val }
-    op.on('-p port',   'set the port (default is 4567)')               { |val| PARAMS_CONFIG[:port] = Integer(val) }
-    op.on('-b bind  ', 'specify bind address (e.g. /tmp/app.sock)')    { |val| PARAMS_CONFIG[:bind] = val }
-    op.on('-s server', 'specify rack server/handler')                  { |val| PARAMS_CONFIG[:server] = val }
-    op.on('-q',        'turn on quiet mode (default is off)')          {       PARAMS_CONFIG[:quiet] = true }
-    op.on('-x',        'turn on the mutex lock (default is off)')      {       PARAMS_CONFIG[:lock] = true }
-    op.on('-e env',    'set the environment (default is development)') do |val|
+    op.on('-p port', 'set the port (default is 4567)')                  { |val| PARAMS_CONFIG[:port] = Integer(val) }
+    op.on('-b bind', 'specify bind address (e.g. 0.0.0.0)')             { |val| PARAMS_CONFIG[:bind] = val }
+    op.on('-o addr', 'alias for bind option') { |val| PARAMS_CONFIG[:bind] = val } 
+    op.on('-e env',  'set the environment (default is development)') do |val|
       ENV['RACK_ENV'] = val
       PARAMS_CONFIG[:environment] = val.to_sym
     end
-    op.on('-o addr', "set the host (default is (env == 'development' ? 'localhost' : '0.0.0.0'))") do |val|
-      PARAMS_CONFIG[:bind] = val
-    end
+    op.on('--no-ssl', 'disable ssl - use http for local server. (default is https)') { PARAMS_CONFIG[:ssl] = false }
+    op.on('--ssl-key-file PATH', 'Path to private key (default mkit internal)')    { |val| PARAMS_CONFIG[:private_key_file] = val }
+    op.on('--ssl-cert-file PATH', 'Path to certificate (default mkit internal)')   { |val| PARAMS_CONFIG[:cert_chain_file] = val }
   end
   begin
     parser.parse!(ARGV.dup)

data/config/mkit_config.yml

@@ -1,3 +1,4 @@
+---
 mkit:
   my_network:
     ip: 10.210.198.1
@@ -12,4 +13,5 @@ mkit:
       bin: /usr/sbin/haproxy
   database:
     env: development
-
+  clients:
+    - add_client_id: add client's id to allow access to this server

data/config/mkitc_config.yml

@@ -0,0 +1,3 @@
+mkit:
+  local:
+    server.uri: https://localhost:4567

data/config/mkitd_config.sh

@@ -1,5 +1,5 @@
 #
-# kidsd server options (for systemd unit | daemontools)
+# mkitd server options (for systemd unit | daemontools)
 #
 OPTIONS=""
 

data/db/migrate/003_service_ports_ssl.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+class ServicePortsSsl< ActiveRecord::Migration[5.1]
+  def up
+    add_column :service_ports, :ssl, :string
+    add_column :service_ports, :crt, :string
+  end
+end

data/lib/mkit/app/helpers/services_helper.rb

@@ -24,9 +24,28 @@ module MKIt
     end
 
     def build_table_row(data)
-      ports = data.service_port&.each.map { |p| "#{p.mode}/#{p.external_port}" }.join(',')
+      ports = data.service_port&.each.map { |p| build_port(p) }.join(',')
       pods = data.pod.each.map { |p| p.name.to_s }.join(' ')
       [data.id, data.name, data.lease&.ip, ports, pods, data.status]
     end
+
+    def build_port(p)
+      case p.mode
+      when 'http'
+        if p.ssl?
+          "#{p.mode}s/#{p.external_port}"
+        else
+          "#{p.mode}/#{p.external_port}"
+        end
+      when 'tcp'
+        if p.ssl?
+          "s#{p.mode}/#{p.external_port}"
+        else
+          "#{p.mode}/#{p.external_port}"
+        end
+      else
+        "#{p.mode}/#{p.external_port}"
+      end
+    end
   end
 end

data/lib/mkit/app/mkit_server.rb

@@ -9,6 +9,14 @@ module MKIt
     set :show_exceptions, false
     set :raise_errors, false
 
+    before do
+      api_key = request.env['HTTP_X_API_KEY']
+      cfg = YAML.load_file(MKIt::Config.config_file)
+      if cfg.nil? || cfg['mkit'].nil? || cfg['mkit']['clients'].nil? || !cfg['mkit']['clients'].map{|h| h['id']}.include?(api_key)
+        error 401, 'Unauthorized - please add your client-id to authorized clients list'
+      end
+    end
+
     error MKIt::BaseException do |e|
       MKItLogger.debug e
       error e.error_code, e.message

data/lib/mkit/app/model/service_port.rb

@@ -4,7 +4,7 @@ require 'mkit/exceptions'
 class ServicePort < ActiveRecord::Base
   belongs_to :service
 
-  CONFIG_EXPRESSION=/^(.*?):(.*?):(tcp|http):(.*?)$/
+  CONFIG_EXPRESSION=/^(.*?):(.*?):(tcp|http):(.*?)($|:ssl$|:ssl,(.+))$/
 
   def self.create(service:, config:)
     sp = ServicePort.new(service: service, version: service.version)
@@ -18,22 +18,34 @@ class ServicePort < ActiveRecord::Base
   #     # src:dest:tcp|http:round_robin|leastconn
   #     - 5532:5432:tcp:round_robin
   #     - 5532-6000::tcp:round_robin
+  #     # ssl support:
+  #     # src:dest:tcp|http:round_robin|leastconn[:ssl[,<cert.pem>(mkit.pem default)>]]
+  #     - 443:80:tcp:round_robin:ssl # crt file is mkit.pem
+  #     - 443:80:tcp:round_robin:ssl,/etc/pki/foo.pem # crt file full path
   # model:
   #  service_ports:
   #     - external: 5432
   #       internal: 5432
   #       mode: tcp|http
   #       load_bal: round_robin
+  #       ssl: true|false
+  #       crt: full path
   def parse_config(config)
     ports = config.match(CONFIG_EXPRESSION)
     raise MKIt::InvalidPortsConfiguration.new("no match with config expression $#{CONFIG_EXPRESSION}") if ports.nil?
 
+    puts ports
     self.external_port = ports[1]
     self.internal_port = ports[2]
     self.mode = ports[3]
     self.load_bal = ports[4]
+    self.ssl = !ports[5].nil? && ports[5].start_with?(':ssl') ? 'true':'false'
+    self.crt = ports[7].nil? ? MKIt::Utils.proxy_cert : ports[7]
   end
 
+  def ssl?
+    self.ssl == 'true'
+  end
   def load_balance
     case self.load_bal
     when /^round_robin$/

data/lib/mkit/app/templates/haproxy/xapp_haproxy.cfg.erb

@@ -6,7 +6,7 @@
 # start <%=name%>-<%=port.external_port%>
 #
 frontend <%=name%>-<%=port.external_port%>-front
-  bind <%=lease.ip%>:<%=port.external_port%>
+  bind <%=lease.ip%>:<%=port.external_port%> <%=if port.ssl? then "ssl crt #{port.crt}" end%>
   mode <%=port.mode%>
   #
   use_backend <%=name%>-<%=port.external_port%>-back

data/lib/mkit/config/config.rb

@@ -6,13 +6,18 @@ require 'yaml'
 module MKIt
   module Config
     extend self
+
     def load_yml!(path)
+      @config_file = path
       @config = YAML.load(File.new(path).read).to_o
     end
+
+    def config_file
+      @config_file
+    end
     # 
     def method_missing(name,*args)
       return @config.send(name,*args)
-      super.method_missing name
     end
   end
 end

data/lib/mkit/ssl/easy_ssl.rb

@@ -0,0 +1,28 @@
+require 'openssl'
+
+module MKIt
+  class EasySSL
+    def self.create_self_certificate(cert_dir)
+      unless File.exist?("#{cert_dir}/#{MKIt::Utils::MKIT_CRT}")
+        key = OpenSSL::PKey::RSA.new 4096
+        name = OpenSSL::X509::Name.parse '/CN=MKIt/DC=server'
+        cert = OpenSSL::X509::Certificate.new
+        cert.version = 2
+        cert.serial = 0
+        cert.not_before = Time.now
+        cert.not_after = Time.now + 20 * 365 * 24 * 60 * 60
+        cert.public_key = key.public_key
+        cert.subject = name
+        cert.issuer = name
+        cert.sign key, OpenSSL::Digest.new('SHA256')
+        # my cert and key files
+        open "#{cert_dir}/#{MKIt::Utils::MKIT_CRT}", 'w' do |io| io.write cert.to_pem end
+        open "#{cert_dir}/#{MKIt::Utils::MKIT_KEY}", 'w' do |io| io.write key.to_pem end
+        # haproxy default ssl cert
+        open "#{cert_dir}/#{MKIt::Utils::MKIT_PEM}", 'w' do |io| io.write cert.to_pem end
+        open "#{cert_dir}/#{MKIt::Utils::MKIT_PEM}", 'a' do |io| io.write key.to_pem end
+      end
+    end
+  end
+end
+

data/lib/mkit/utils.rb

@@ -4,6 +4,10 @@ module MKIt
   module Utils
     module_function
 
+    MKIT_CRT = 'mkit.crt'
+    MKIT_KEY = 'mkit.key'
+    MKIT_PEM = 'mkit.pem'
+
     def me
       'mkit'
     end
@@ -24,6 +28,10 @@ module MKIt
       @config_dir.nil? ? "#{self.root}/config" : @config_dir
     end
 
+    def proxy_cert
+      "#{config_dir}/#{MKIT_PEM}"
+    end
+
     def load_db_config(db_config_dir = self.config_dir)
       self.log.info "loading database configurations from '#{config_dir}'..."
       YAML::load(ERB.new(IO.read("#{db_config_dir}/database.yml")).result)

data/lib/mkit/version.rb

@@ -1,4 +1,4 @@
 module MKIt
-  VERSION = "0.4.3"
+  VERSION = "0.6.0"
 end
 

data/lib/mkit.rb

@@ -29,6 +29,7 @@ require 'mkit/docker_listener'
 require 'mkit/app/helpers/haproxy'
 require 'active_record/tasks/database_tasks'
 require 'mkit/utils'
+require 'mkit/ssl/easy_ssl'
 
 MKItLogger = Console.logger
 
@@ -40,15 +41,24 @@ module MKIt
 
   def self.configure(options:)
     @root = MKIt::Utils.root
+    @options = options
     MKItLogger.debug!
     #
     # config dir
     @config_dir = if ENV['RACK_ENV'] != 'development'
-                    options[:config_dir].nil? ? '/etc/mkit' : options[:config_dir]
+                    @options[:config_dir].nil? ? '/etc/mkit' : @options[:config_dir]
                   else
-                    options[:config_dir].nil? ? "#{@root}/config" : options[:config_dir]
+                    @options[:config_dir].nil? ? "#{@root}/config" : @options[:config_dir]
                   end
     MKIt::Utils.set_config_dir(@config_dir)
+    # defaults
+    @bind = options[:bind] ||= 'localhost'
+    @port = options[:port] ||= 4567
+    @ssl = options[:ssl].nil? ? true : options[:ssl] && true
+    @verify_peer = options[:verify_peer].nil? ? false : options[:verify_peer] && true
+    @cert_chain_file = options[:cert_chain_file] ||= "#{@config_dir}/#{MKIt::Utils::MKIT_CRT}"
+    @private_key_file = options[:private_key_file] ||= "#{@config_dir}/#{MKIt::Utils::MKIT_KEY}"
+
     # create dirs
     if ENV['RACK_ENV'] != 'development' || !options[:config_dir].nil?
       check_config_files = false
@@ -65,9 +75,11 @@ module MKIt
         exit
       end
     end
-    #
+
     # load configuration
     MKIt::Initializers.load_my_configuration
+    # cert
+    MKIt::EasySSL.create_self_certificate(@config_dir)
     #
     # run config based tasks
     FileUtils.mkdir_p(MKIt::Config.mkit.haproxy.config_dir)
@@ -92,6 +104,20 @@ module MKIt
     DatabaseTasks.root = @root
   end
 
+  def self.options(server)
+    if @ssl
+      ssl_options = {
+        private_key_file:  @private_key_file,
+        cert_chain_file: @cert_chain_file,
+        verify_peer: @verify_peer
+      }
+      server.ssl = true
+      server.ssl_options = ssl_options
+    end
+    server.backend.port = @port
+    server.backend.host = @bind
+  end
+
   def self.establish_db_connection
     ActiveRecord::Base.establish_connection(DatabaseTasks.database_configuration[DatabaseTasks.env])
     ActiveRecord::Base.connection.migration_context.migrations_paths.clear

data/samples/apps/nexus.yml

@@ -5,6 +5,7 @@ service:
   network: bridge
   ports:
     - 80:8081:http:round_robin
+    - 443:8081:http:round_robin:ssl
   resources:
     max_replicas: 1
     min_replicas: 1

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mkit
 version: !ruby/object:Gem::Version
-  version: 0.4.3
+  version: 0.6.0
 platform: ruby
 authors:
 - Vasco Santos
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-02-12 00:00:00.000000000 Z
+date: 2024-02-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: async-dns
@@ -311,9 +311,11 @@ files:
 - bin/mkitd
 - config/database.yml
 - config/mkit_config.yml
+- config/mkitc_config.yml
 - config/mkitd_config.sh
 - db/migrate/001_setup.rb
 - db/migrate/002_mkit_jobs.rb
+- db/migrate/003_service_ports_ssl.rb
 - db/schema.rb
 - lib/mkit.rb
 - lib/mkit/app/controllers/mkit_controller.rb
@@ -349,13 +351,13 @@ files:
 - lib/mkit/ctypes.rb
 - lib/mkit/docker_listener.rb
 - lib/mkit/exceptions.rb
-- lib/mkit/haproxy.rb
 - lib/mkit/job_manager.rb
 - lib/mkit/mkit_dns.rb
 - lib/mkit/mkit_interface.rb
 - lib/mkit/sagas/asaga.rb
 - lib/mkit/sagas/create_pod_saga.rb
 - lib/mkit/sagas/saga_manager.rb
+- lib/mkit/ssl/easy_ssl.rb
 - lib/mkit/status.rb
 - lib/mkit/utils.rb
 - lib/mkit/version.rb

data/lib/mkit/haproxy.rb

@@ -1,48 +0,0 @@
-require 'pty'
-#
-# 
-#
-module MKIt
-  class HAProxy
-
-    def initialize
-      # configs
-      # run standalone | daemon
-      @running = false
-    end
-
-    def start
-      @thread ||= Thread.new {
-        while (@running) do
-        cmd = "/usr/sbin/haproxy -f /etc/haproxy/haproxy.d"
-        %x{#{cmd}}
-        sleep 1
-        end
-      }
-      @thread.run
-      puts "haproxy started"
-    end
-
-    def start
-      @running = true
-      @thread ||= Thread.new {
-        while (@running) do
-          %{/usr/sbin/haproxy -f /etc/haproxy/haproxy.d/}
-          sleep(1)
-        end
-      }
-      puts "proxy started"
-    end
-
-    def stop
-      puts "proxy stopped"
-    end
-
-    def status
-    end
-
-    def reload
-    end
-  end
-end
-