nginx_stage 0.3.0

data/lib/nginx_stage/generators/app_clean_generator.rb

@@ -0,0 +1,38 @@
+module NginxStage
+  # This generator cleans up any staged app configs whose app root doesn't
+  # exist anymore. It will also print out the paths for the app configs it
+  # deleted.
+  class AppCleanGenerator < Generator
+    desc 'Clean up any staged app configs that point to deleted apps'
+
+    footer <<-EOF.gsub(/^ {4}/, '')
+    Examples:
+        To clean up all stale app configs:
+
+            nginx_stage app_clean
+
+        this displays the paths of the app configs it deleted.
+    EOF
+
+    # Delete staged app configs whose app doesn't exist anymore. Also display
+    # the app configs that are deleted.
+    add_hook :delete_stale_app_configs do
+      NginxStage.staged_apps.each do |env, apps|
+        apps.each do |h|
+          owner = h[:owner]
+          name  = h[:name]
+          app_config = NginxStage.app_config_path(env: env, owner: owner, name: name)
+          app_root   = NginxStage.app_root(env: env, owner: owner, name: name)
+          unless NginxStage.as_user(owner) { File.directory?(app_root) }
+            begin
+              File.delete app_config
+              puts app_config
+            rescue
+              $stderr.puts "#{$!.to_s}"
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/nginx_stage/generators/app_config_generator.rb

@@ -0,0 +1,101 @@
+module NginxStage
+  # This generator stages and generates the NGINX app config. It is also
+  # responsible for reloading the per-user NGINX process after updating the app
+  # config.
+  class AppConfigGenerator < Generator
+    desc 'Generate a new nginx app config and reload process'
+
+    footer <<-EOF.gsub(/^ {4}/, '')
+    Examples:
+        To generate an app config from a URI request and reload the nginx
+        process:
+
+            nginx_stage app --user=bob --sub-uri=/pun --sub-request=/usr/jimmy/fillsim/container/13
+
+        To generate ONLY the app config from a URI request:
+
+            nginx_stage app --user=bob --sub-uri=/pun --sub-request=/usr/jimmy/fillsim --skip-nginx
+
+        this will return the app config path and won't run nginx.
+    EOF
+
+    include AppConfigView
+
+    # The environment the app is run under (parsed from sub_request)
+    # @return [Symbol] environment app is run under
+    attr_accessor :env
+
+    # The owner of the app (parsed from sub_request or assume it is user)
+    # @return [String] owner of app
+    attr_accessor :owner
+
+    # The name of the app
+    # @return [String] name of app
+    attr_accessor :name
+
+    # Accepts `user` as an option and validates user
+    add_user_support
+
+    # Accepts `skip_nginx` as an option
+    add_skip_nginx_support
+
+    # Accepts `sub_uri` as an option
+    add_sub_uri_support
+
+    # @!method sub_request
+    #   The remainder of the request after the sub-uri used to determine the
+    #   environment and app
+    #   @example An app is requested through '/pun/usr/user/appname/...'
+    #     sub_request #=> "/usr/user/appname/..."
+    #   @return [String] the remainder of the request after sub-uri
+    #   @raise [MissingOption] if sub_request isn't supplied
+    add_option :sub_request do
+      {
+        opt_args: ["-r", "--sub-request=SUB_REQUEST", "# The SUB_REQUEST that requests the specified app"],
+        required: true
+        # sub-request is validated in `NginxStage::parse_app_request`
+      }
+    end
+
+    # Parse the sub_request for the environment, owner, and app name
+    add_hook :parse_sub_request do
+      info = NginxStage.parse_app_request(request: sub_request)
+      self.env   = info.fetch(:env)
+      self.owner = info.fetch(:owner, user)
+      self.name  = info.fetch(:name, nil)
+    end
+
+    # Validate that the path to the app exists on the local filesystem
+    add_hook :validate_app_root do
+      raise InvalidRequest, "invalid app root: #{app_root}" unless NginxStage.as_user(user) { File.directory?(app_root) }
+    end
+
+    # Generate the NGINX app config from the 'app.conf.erb' template
+    add_hook :create_config do
+      template "app.conf.erb", app_config_path
+    end
+
+    # Restart the per-user NGINX process (exit quietly on success)
+    add_hook :exec_nginx do
+      if !skip_nginx
+        if File.file? NginxStage.pun_pid_path(user: user)
+          o, s = Open3.capture2e([NginxStage.nginx_bin, "(#{user})"], *NginxStage.nginx_args(user: user, signal: :stop))
+          abort(o) unless s.success?
+        end
+        o, s = Open3.capture2e([NginxStage.nginx_bin, "(#{user})"], *NginxStage.nginx_args(user: user))
+        s.success? ? exit : abort(o)
+      end
+    end
+
+    # If we skip nginx, then output the path to the generated NGINX app config
+    add_hook :output_app_config_path do
+      puts app_config_path
+    end
+
+    private
+      # NGINX app config path
+      def app_config_path
+        NginxStage.app_config_path(env: env, owner: owner, name: name)
+      end
+  end
+end

data/lib/nginx_stage/generators/app_list_generator.rb

@@ -0,0 +1,24 @@
+module NginxStage
+  # This generator lists all staged apps with app configs.
+  class AppListGenerator < Generator
+    desc 'List all staged app configs'
+
+    footer <<-EOF.gsub(/^ {4}/, '')
+    Examples:
+        To list all staged app configs:
+
+            nginx_stage app_list
+
+        this will return the paths to all the staged app configs.
+    EOF
+
+    # Displays a list of all staged app configs
+    add_hook :print_staged_app_configs do
+      NginxStage.staged_apps.each do |env, apps|
+        apps.each do |h|
+          puts NginxStage.app_config_path(env: env, owner: h[:owner], name: h[:name])
+        end
+      end
+    end
+  end
+end

data/lib/nginx_stage/generators/app_reset_generator.rb

@@ -0,0 +1,54 @@
+module NginxStage
+  # This generator resets all app configs with the most current app config
+  # template.
+  class AppResetGenerator < Generator
+    desc 'Reset all staged app configs with the current template'
+
+    footer <<-EOF.gsub(/^ {4}/, '')
+    Examples:
+        To reset all staged app configs using the currently available app
+        config template:
+
+            nginx_stage app_reset --sub-uri=/pun
+
+        this will return the paths to the newly updated app configs.
+    EOF
+
+    include AppConfigView
+
+    # The environment the app is run under (parsed from sub_request)
+    # @return [Symbol] environment app is run under
+    attr_accessor :env
+
+    # The owner of the app (parsed from sub_request or assume it is user)
+    # @return [String] owner of app
+    attr_accessor :owner
+
+    # The name of the app
+    # @return [String] name of app
+    attr_accessor :name
+
+    # Accepts `sub_uri` as an option
+    add_sub_uri_support
+
+    # Updates all staged app configs with current template and displays paths
+    # to user
+    add_hook :update_app_configs do
+      NginxStage.staged_apps.each do |env, apps|
+        apps.each do |h|
+          self.env = env
+          self.owner = h[:owner]
+          self.name = h[:name]
+          template "app.conf.erb", app_config_path
+          puts app_config_path
+        end
+      end
+    end
+
+    private
+      # NGINX app config path
+      def app_config_path
+        NginxStage.app_config_path(env: env, owner: owner, name: name)
+      end
+  end
+end

data/lib/nginx_stage/generators/nginx_clean_generator.rb

@@ -0,0 +1,61 @@
+module NginxStage
+  # This generator cleans all running per-user NGINX processes that are
+  # inactive (i.e., not active connections).
+  class NginxCleanGenerator < Generator
+    desc 'Clean all user running PUNs with no active connections'
+
+    footer <<-EOF.gsub(/^ {4}/, '')
+    Examples:
+        To clean up any running per-user nginx process with no active
+        connections:
+
+            nginx_stage nginx_clean
+
+        this displays the users who had their PUNs shutdown.
+
+        To clean up ALL running per-user nginx processes whether it has an
+        active connection or not:
+
+            nginx_stage nginx_clean --force
+
+        this also displays the users who had their PUNs shutdown.
+
+        To ONLY display the users with inactive PUNs:
+
+            nginx_stage nginx_clean --skip-nginx
+
+        this won't terminate their per-user nginx process.
+    EOF
+
+    # Whether we forcefully kill all PUNs even if they have connections
+    add_option :force do
+      {
+        opt_args: ["-f", "--[no-]force", "# Force clean ALL per-user nginx processes", "# Default: false"],
+        default: false
+      }
+    end
+
+    # Accepts `skip_nginx` as an option
+    add_skip_nginx_support
+
+    # Find users with PUNs that have no active sessions and kill the process
+    add_hook :delete_puns_of_users_with_no_sessions do
+      NginxStage.active_users.each do |u|
+        begin
+          pid_path = PidFile.new NginxStage.pun_pid_path(user: u)
+          raise StalePidFile, "stale pid file: #{pid_path}" unless pid_path.running_process?
+          socket = SocketFile.new NginxStage.pun_socket_path(user: u)
+          if socket.sessions.zero? || force
+            puts u
+            if !skip_nginx
+              o, s = Open3.capture2e(NginxStage.nginx_bin, *NginxStage.nginx_args(user: u, signal: :stop))
+              $stderr.puts o unless s.success?
+            end
+          end
+        rescue
+          $stderr.puts "#{$!.to_s}"
+        end
+      end
+    end
+  end
+end

data/lib/nginx_stage/generators/nginx_list_generator.rb

@@ -0,0 +1,22 @@
+module NginxStage
+  # This generator lists all running per-user NGINX processes.
+  class NginxListGenerator < Generator
+    desc 'List all user running PUNs'
+
+    footer <<-EOF.gsub(/^ {4}/, '')
+    Examples:
+        To list all active per-user nginx processes:
+
+            nginx_stage nginx_list
+
+        this lists all users who have actively running PUNs.
+    EOF
+
+    # Display active users
+    add_hook :display_active_users do
+      NginxStage.active_users.each do |u|
+        puts u
+      end
+    end
+  end
+end

data/lib/nginx_stage/generators/nginx_process_generator.rb

@@ -0,0 +1,47 @@
+module NginxStage
+  # This generator generates/controls the per-user NGINX process.
+  class NginxProcessGenerator < Generator
+    desc 'Generate/control a per-user nginx process'
+
+    footer <<-EOF.gsub(/^ {4}/, '')
+    Examples:
+        To stop Bob's nginx process:
+
+            nginx_stage nginx --user=bob --signal=stop
+
+        which sends a `stop` signal to Bob's per-user NGINX process.
+
+        If `--skip-nginx` is supplied it returns the system-level command
+        that would have been called.
+    EOF
+
+    # Accepts `user` as an option and validates user
+    add_user_support
+
+    # Accepts `skip_nginx` as an option
+    add_skip_nginx_support
+
+    # @!method signal
+    #   The signal to send to the per-user NGINX process
+    #   @return [String] nginx signal
+    add_option :signal do
+      {
+        opt_args: ["-s", "--signal=SIGNAL", NginxStage.nginx_signals, "# Send SIGNAL to per-user nginx process: #{NginxStage.nginx_signals.join('/')}"],
+        default: nil
+      }
+    end
+
+    # Run the per-user NGINX process (exit quietly on success)
+    add_hook :exec_nginx do
+      if !skip_nginx
+        o, s = Open3.capture2e([NginxStage.nginx_bin, "(#{user})"], *NginxStage.nginx_args(user: user, signal: signal))
+        s.success? ? exit : abort(o)
+      end
+    end
+
+    # If skip nginx, then output nginx command
+    add_hook :output_nginx_cmd do
+      puts "#{NginxStage.nginx_bin} #{NginxStage.nginx_args(user: user, signal: signal).join(' ')}"
+    end
+  end
+end

data/lib/nginx_stage/generators/nginx_show_generator.rb

@@ -0,0 +1,48 @@
+module NginxStage
+  # This generator shows the state of the running per-user NGINX process.
+  class NginxShowGenerator < Generator
+    desc 'Show the details for a given per-user nginx process'
+
+    footer <<-EOF.gsub(/^ {4}/, '')
+    Examples:
+        To display the details of a running per-user nginx process:
+
+            nginx_stage nginx_show --user=bob
+
+        this also displays the number of active sessions connected to this PUN.
+    EOF
+
+    # Accepts 'user' as an option and validates user
+    add_user_support
+
+    # Display the chosen user
+    add_hook :display_user do
+      puts "User: #{user}"
+    end
+
+    # Check that pid is valid & clean up any stale files
+    add_hook :check_pid_is_process do
+      pid_file = PidFile.new pid_path
+      raise StalePidFile, "stale pid file: #{pid_path}" unless pid_file.running_process?
+      puts "Instance: #{pid_file.pid}"
+    end
+
+    # Check for active sessions on Unix domain socket
+    add_hook :check_socket_for_active_sessions do
+      socket = SocketFile.new socket_path
+      puts "Socket: #{socket}"
+      puts "Sessions: #{socket.sessions}"
+    end
+
+    private
+      # Path to the user's per-user NGINX pid file
+      def pid_path
+        NginxStage.pun_pid_path(user: user)
+      end
+
+      # Path to the user's per-user NGINX socket file
+      def socket_path
+        NginxStage.pun_socket_path(user: user)
+      end
+  end
+end

data/lib/nginx_stage/generators/pun_config_generator.rb

@@ -0,0 +1,102 @@
+module NginxStage
+  # This generator stages and generates the per-user NGINX environment.
+  class PunConfigGenerator < Generator
+    desc 'Generate a new per-user nginx config and process'
+
+    footer <<-EOF.gsub(/^ {4}/, '')
+    Examples:
+        To generate a per-user nginx environment & launch nginx:
+
+            nginx_stage pun --user=bob --app-init-url='http://www.ood.com/nginx/init?redir=$http_x_forwarded_escaped_uri'
+
+        this will add a URI redirect if the user accesses an app that doesn't exist.
+
+        To generate ONLY the per-user nginx environment:
+
+            nginx_stage pun --user=bob --skip-nginx
+
+        this will return the per-user nginx config path and won't run nginx. In addition
+        it will remove the URI redirect from the config unless we specify `--app-init-url`.
+    EOF
+
+    include PunConfigView
+
+    # Accepts `user` as an option and validates user
+    add_user_support
+
+    # Block starting up PUNs for users with disabled shells
+    add_hook :block_user_with_disabled_shell do
+      raise InvalidUser, "user has disabled shell: #{user}" if user.shell == NginxStage.disabled_shell
+    end
+
+    # Accepts `skip_nginx` as an option
+    add_skip_nginx_support
+
+    # @!method app_init_url
+    #   The app initialization URL the user is redirected to if can't find the
+    #   app in the per-user NGINX config
+    #   @return [String] app init redirect url
+    add_option :app_init_url do
+      {
+        opt_args: ["-a", "--app-init-url=APP_INIT_URL", "# The user is redirected to the APP_INIT_URL if app doesn't exist"],
+        default: nil,
+        before_init: -> (uri) do
+          raise InvalidAppInitUri, "invalid app-init-url syntax: #{uri}" if uri =~ /[^-\w\/?$=&.:]/
+          uri
+        end
+      }
+    end
+
+    # Create the user's personal per-user NGINX `/tmp` location for the various
+    # nginx cache directories
+    add_hook :create_user_tmp_root do
+      empty_directory tmp_root
+    end
+
+    # Create the user's personal per-user NGINX `/log` location for the various
+    # nginx log files (e.g., 'error.log' & 'access.log')
+    add_hook :create_user_log_roots do
+      empty_directory File.dirname(error_log_path)
+      empty_directory File.dirname(access_log_path)
+    end
+
+    # Create per-user NGINX pid root
+    add_hook :create_pid_root do
+      empty_directory File.dirname(pid_path)
+    end
+
+    # Create and secure the nginx socket root. The socket file needs to be only
+    # accessible by the reverse proxy user.
+    add_hook :create_and_secure_socket_root do
+      socket_root = File.dirname(socket_path)
+      empty_directory socket_root
+      FileUtils.chmod 0700, socket_root
+      FileUtils.chown NginxStage.proxy_user, nil, socket_root if Process.uid == 0
+    end
+
+    # Generate the per-user NGINX config from the 'pun.conf.erb' template
+    add_hook :create_config do
+      template "pun.conf.erb", config_path
+    end
+
+    # Run the per-user NGINX process (exit quietly on success)
+    add_hook :exec_nginx do
+      if !skip_nginx
+        o, s = Open3.capture2e([NginxStage.nginx_bin, "(#{user})"], *NginxStage.nginx_args(user: user))
+        s.success? ? exit : abort(o)
+      end
+    end
+
+    # If skip nginx, then output path to the generated per-user NGINX config
+    add_hook :output_pun_config_path do
+      puts config_path
+    end
+
+
+    private
+      # per-user NGINX config path
+      def config_path
+        NginxStage.pun_config_path(user: user)
+      end
+  end
+end

data/lib/nginx_stage/pid_file.rb

@@ -0,0 +1,37 @@
+module NginxStage
+  # A class to handle a PID file
+  class PidFile
+    # Path of the PID file
+    # @return [String] the path of the pid file
+    attr_reader :pid_path
+
+    # Process id that describes this object
+    # @return [Fixnum] the pid object was initialized with
+    attr_reader :pid
+
+    # @param pid [Fixnum] the pid describing a process
+    # @raise [MissingPidFile] if pid file doesn't exist in file system
+    # @raise [InvalidPidFile] if it is an invalid pid file
+    def initialize(pid_path)
+      @pid_path = pid_path
+      raise MissingPidFile, "missing PID file: #{pid_path}" unless File.exist?(pid_path)
+      raise InvalidPidFile, "invalid PID file: #{pid_path}" unless File.file?(pid_path)
+      @pid = File.read(pid_path).to_i
+    end
+
+    # Whether the corresponding pid is a running process
+    # @return [Boolean] whether it is a running process
+    def running_process?
+      Process.getpgid @pid
+      true
+    rescue Errno::ESRCH
+      false
+    end
+
+    # Convert object to string
+    # @return [String] the pid path
+    def to_s
+      pid_path.to_s
+    end
+  end
+end

data/lib/nginx_stage/socket_file.rb

@@ -0,0 +1,51 @@
+module NginxStage
+  # A class describing a Unix domain socket
+  class SocketFile
+    # Path to Unix domain socket file
+    # @return [String] path to unix domain socket file
+    attr_reader :socket
+
+    # @param socket [String] path to unix domain socket file
+    # @raise [MissingSocketFile] if socket file doesn't exist in file system
+    # @raise [InvalidSocketFile] if supplied file isn't a valid socket file
+    def initialize(socket)
+      @socket = socket
+      raise MissingSocketFile, "missing socket file: #{socket}" unless File.exist?(socket)
+      raise InvalidSocketFile, "invalid socket file: #{socket}" unless File.socket?(socket)
+      @processes = get_processes
+    end
+
+    # The number of active sessions connected to this socket
+    # @return [Fixnum] number of active connections
+    def sessions
+      # generate array of inodes
+      ary_inodes = @processes.map{|h| h[:inode]}.reduce([], :+)
+
+      # count number of inodes without partner (assuming these are connected to
+      # apache proxy instead of root nginx process)
+      ary_inodes.group_by{|e| e}.select{|k,v| v.size == 1}.map(&:first).count
+    end
+
+    # Convert object to string
+    # @return [String] path to socket file
+    def to_s
+      socket
+    end
+
+    private
+      def get_processes
+        str = `lsof -F piu #{socket}`
+        ary = []
+        str.split(/\n/).each do |l|
+          if /^p(?<pid>\d+)$/ =~ l
+            ary << {pid: pid, uid: nil, inode: []}
+          elsif /^u(?<uid>\d+)$/ =~ l
+            ary.last[:uid] = uid
+          elsif /^i(?<inode>\d+)$/ =~ l
+            ary.last[:inode] << inode
+          end
+        end
+        ary
+      end
+  end
+end

data/lib/nginx_stage/user.rb

@@ -0,0 +1,75 @@
+require 'forwardable'
+
+module NginxStage
+  # A String-like Class that includes helper methods to better describe the
+  # user on the local system.
+  class User
+    extend Forwardable
+
+    # @!method name
+    #   The user name
+    #   @return [String] the user name
+    # @!method uid
+    #   The user's id
+    #   @return [Integer] the user id
+    # @!method gid
+    #   The user's group id
+    #   @return [Integer] the group id
+    # @!method gecos
+    #   The user's real name
+    #   @return [String] the real name
+    # @!method dir
+    #   The user's home directory
+    #   @return [String] the home path
+    # @!method shell
+    #   The user's shell
+    #   @return [String] the shell
+    delegate [:name, :uid, :gid, :gecos, :dir, :shell] => :@passwd
+
+    # List of all groups that user belongs to
+    # @return [Array<String>] list of groups user is in
+    attr_reader :groups
+
+    # @param user [String] the user name defining this object
+    # @raise [InvalidUser] if user doesn't exist on local system
+    def initialize(user)
+      @passwd = Etc.getpwnam user.to_s
+      @group = Etc.getgrgid gid
+      @groups = get_groups
+    rescue ArgumentError
+      raise InvalidUser, "user doesn't exist: #{user}"
+    end
+
+    # User's primary group name
+    # @return [String] the primary group name
+    def group
+      @group.name
+    end
+
+    # Members of user's primary group
+    # @return [Array<String>] list of users in primary group
+    def group_mem
+      @group.mem
+    end
+
+    # Convert object to string using user name as string value
+    # @return [String] the user name
+    def to_s
+      @passwd.name
+    end
+
+    # This object is string-like and returns the user name when treated as a
+    # string
+    # @return [String] the user name
+    def to_str
+      @passwd.name
+    end
+
+    private
+      # Use `id` to get list of groups as the /etc/group file can give
+      # erroneous results
+      def get_groups
+        `id -nG #{name}`.split(' ')
+      end
+  end
+end

data/lib/nginx_stage/version.rb

@@ -0,0 +1,4 @@
+module NginxStage
+  # The current version of NginxStage
+  VERSION = "0.3.0"
+end