nginx_stage 0.3.0

data/lib/nginx_stage/views/app_config_view.rb

@@ -0,0 +1,42 @@
+module NginxStage
+  # A view used as context for the app config ERB template file
+  module AppConfigView
+    # The URI used to access the app from the browser
+    # @return [String] the app URI
+    def app_request_uri
+      "#{sub_uri}#{NginxStage.app_request_uri(env: env, owner: owner, name: name)}"
+    end
+
+    # Path to the app root on the local filesystem
+    # @return [String] path to app root
+    def app_root
+      NginxStage.app_root(env: env, owner: owner, name: name)
+    end
+
+    # The Passenger environment to run app under
+    # @return [String] Passenger app environment
+    def app_passenger_env
+      NginxStage.app_passenger_env(env: env, owner: owner, name: name)
+    end
+
+    # The token used to identify an app
+    # @return [String] unique app token
+    def app_token
+      NginxStage.app_token(env: env, owner: owner, name: name)
+    end
+
+    # Internal URI used to access filesystem from apps
+    # @return [String] the filesystem URI
+    def sendfile_uri
+      NginxStage.pun_sendfile_uri
+    end
+
+    # Path to the filesystem root where files are served from
+    # NB: Need to use a regular expression for user as this will be in a global
+    # app config that all users share
+    # @return [String] path to filesystem root
+    def sendfile_root
+      NginxStage.pun_sendfile_root(user: "[\w-]+")
+    end
+  end
+end

data/lib/nginx_stage/views/pun_config_view.rb

@@ -0,0 +1,144 @@
+module NginxStage
+  # A view used as context for the pun config ERB template file
+  module PunConfigView
+    # Primary group of the user
+    # @return [String] primary group of user
+    def group
+      user.group
+    end
+
+    # Path to the user's personal error.log
+    # @return [String] path to error log
+    def error_log_path
+      NginxStage.pun_error_log_path(user: user)
+    end
+
+    # Path to the user's personal access.log
+    # @return [String] path to access log
+    def access_log_path
+      NginxStage.pun_access_log_path(user: user)
+    end
+
+    # Path to the user's per-user NGINX pid file
+    # @return [String] path to pid file
+    def pid_path
+      NginxStage.pun_pid_path(user: user)
+    end
+
+    # Path to system-installed NGINX mime.types config file
+    # @return [String] path to system-installed NGINX mime.types config
+    def mime_types_path
+      NginxStage.mime_types_path
+    end
+
+    # Path to system-installed Passenger locations.ini file
+    # @return [String] path to Passenger locations.ini
+    def passenger_root
+      NginxStage.passenger_root
+    end
+
+    # Path to system-installed Ruby binary
+    # @return [String] the system-installed Ruby binary
+    def passenger_ruby
+      NginxStage.passenger_ruby
+    end
+
+    # Path to system-installed NodeJS binary
+    # @return [String] the system-installed NodeJS binary
+    def passenger_nodejs
+      NginxStage.passenger_nodejs
+    end
+
+    # Path to system-installed python binary
+    # @return [String] the system-installed python binary
+    def passenger_python
+      NginxStage.passenger_python
+    end
+
+    # Path to user's personal tmp root
+    # @return [String] path to tmp root
+    def tmp_root
+      NginxStage.pun_tmp_root(user: user)
+    end
+
+    # Path to the user's per-user NGINX socket file
+    # @return [String] path to socket file
+    def socket_path
+      NginxStage.pun_socket_path(user: user)
+    end
+
+    # Internal URI used to access filesystem from apps
+    # @return [String] the filesystem URI
+    def sendfile_uri
+      NginxStage.pun_sendfile_uri
+    end
+
+    # Path to the filesystem root where files are served from
+    # @return [String] path to filesystem root
+    def sendfile_root
+      NginxStage.pun_sendfile_root(user: user)
+    end
+
+    # Array of wildcard paths to app configs user has access to
+    # @return [Array<String>] list of wildcard app config paths
+    def app_configs
+      NginxStage.pun_app_configs(user: user).map do |envmt|
+        NginxStage.app_config_path envmt
+      end
+    end
+
+    # View used to confirm whether the user wants to restart the PUN to reload
+    # configuration changes
+    # @return [String] restart confirmation view
+    def restart_confirmation
+      <<-EOF.gsub("'", %q{\\\'})
+        <html>
+        <head>
+          <style>
+            body {
+              font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif;
+              font-size: 16px;
+              line-height: 1.4;
+              color: #333;
+              font-weight: 300;
+              padding: 15px;
+            }
+            h2 {
+              font-weight: 500;
+              font-size: 30px;
+            }
+            .text-danger {
+              color: #a94442;
+            }
+            .btn-danger {
+              text-decoration: none;
+              font-weight: 400;
+              padding: 10px 16px;
+              border-radius: 6px;
+              color: #fff;
+              background-color: #d9534f;
+            }
+          </style>
+        </head>
+        <body>
+          <h2>
+            App has not been initialized or does not exist
+          </h2>
+          <p class="text-danger">
+            This is the first time this app has been launched in your per-user
+            NGINX (PUN) server. This requires a configuration change followed
+            by a restart of your PUN server. Be sure you save all the work you
+            are doing in other apps that have active websocket connections
+            (i.e., Shell App) and you complete all file uploads/downloads.
+          </p>
+          <p>
+            Clicking the "Initialize App" button will apply the configuration
+            change and restart your per-user NGINX (PUN) server.
+          </p>
+          <a href="#{app_init_url}" class="btn-danger">Initialize App</a>
+        </body>
+        </html>
+      EOF
+    end
+  end
+end

data/lib/nginx_stage.rb

@@ -0,0 +1,133 @@
+require_relative "nginx_stage/version"
+require_relative "nginx_stage/configuration"
+require_relative "nginx_stage/errors"
+require_relative "nginx_stage/user"
+require_relative "nginx_stage/pid_file"
+require_relative "nginx_stage/socket_file"
+require_relative "nginx_stage/views/pun_config_view"
+require_relative "nginx_stage/views/app_config_view"
+require_relative "nginx_stage/generator"
+require_relative "nginx_stage/generators/pun_config_generator"
+require_relative "nginx_stage/generators/app_config_generator"
+require_relative "nginx_stage/generators/app_reset_generator"
+require_relative "nginx_stage/generators/app_list_generator"
+require_relative "nginx_stage/generators/app_clean_generator"
+require_relative "nginx_stage/generators/nginx_process_generator"
+require_relative "nginx_stage/generators/nginx_show_generator"
+require_relative "nginx_stage/generators/nginx_list_generator"
+require_relative "nginx_stage/generators/nginx_clean_generator"
+require_relative "nginx_stage/application"
+
+require 'etc'
+
+# The main namespace for NginxStage. Provides a global configuration.
+module NginxStage
+  # Root path of this library
+  # @return [String] root path of library
+  def self.root
+    File.dirname __dir__
+  end
+
+  # Path to the configuration file
+  # @return [String] path to config file
+  def self.config_file
+    ENV["NGINX_STAGE_CONFIG_FILE"] || '/etc/ood/config/nginx_stage.yml'
+  end
+
+  extend Configuration
+
+  # Regex used to parse an app request
+  # @example Dev app request
+  #   parse_app_request(request: '/dev/rails1/structure/1')
+  #   #=> {env: :dev, name: 'rails1'}
+  # @example User app request with owner Bob
+  #   parse_app_request(request: '/usr/bob/fillsim/containers')
+  #   #=> {env: :usr, owner: 'bob', name: 'fillsim'}
+  # @param request [String] the URI request used to access app
+  # @return [Hash] hash containing parsed information
+  # @raise [InvalidRequest] if the environment specified doesn't exist
+  def self.parse_app_request(request:)
+    app_info = {}
+    app_request_regex.each do |env, regex|
+      if matches = regex.match(request)
+        app_info[:env] = env
+        matches.names.each { |k| app_info[k.to_sym] = matches[k] }
+        break
+      end
+    end
+    raise InvalidRequest, "invalid request: #{request}" if app_info.empty?
+    app_info
+  end
+
+  # Arguments used during execution of nginx binary
+  # @example Start the per-user NGINX for user Bob
+  #   nginx_args(user: 'bob')
+  #   #=> ['-c', '/var/lib/nginx/config/puns/bob.conf']
+  # @example Stop the per-user NGINX for user Bob
+  #   nginx_args(user: 'bob', signal: :stop)
+  #   #=> ['-c', '/var/lib/nginx/config/puns/bob.conf', '-s', 'stop']
+  # @param user [String] the owner of the nginx process
+  # @param signal [Symbol] the signal sent to the nginx process
+  # @return [Array<String>] the shell arguments used to execute the nginx process
+  def self.nginx_args(user:, signal: nil)
+    args = ['-c', pun_config_path(user: user)]
+    args.push('-s', signal.to_s) if signal
+    args
+  end
+
+  # List of users with nginx processes running
+  # @return [Array<User>] the list of users with running nginx processes
+  def self.active_users
+    Dir[pun_pid_path(user: '*')].map{|v| User.new v[/#{pun_pid_path(user: '(.+)')}/, 1]}
+  end
+
+  # Get a hash of all the staged app configs
+  # @example List of all staged app configs
+  #   staged_apps
+  #   #=> {
+  #         dev: [
+  #           {owner: 'bob', name: 'rails1'},
+  #           {owner: 'dan', name: 'fillsim'}
+  #         ],
+  #         usr: [
+  #           {owner: 'bob', name: 'airsim'}
+  #         ]
+  #       }
+  # @return [Hash] the hash of app environments with list of corresponding apps
+  def self.staged_apps
+    staged_apps = {}
+    @app_config_path.each do |env, path|
+      staged_apps[env] = Dir[app_config_path(env: env, owner: '*', name: '*')].map do |v|
+        matches = /#{app_config_path(env: env, owner: '(?<owner>.+)', name: '(?<name>.+)')}/.match(v)
+        {
+          owner: matches.names.include?('owner') ? matches[:owner] : nil,
+          name:  matches.names.include?('name')  ? matches[:name]  : nil
+        }
+      end
+    end
+    staged_apps
+  end
+
+  # Run Ruby block as a different user if possible
+  # NB: Will forego user switching if current process is not root-owned
+  # @param user [String, Fixnum, nil] the user or user id to switch to
+  # @yield [] Block to run as given user
+  def self.as_user(user, &block)
+    (Process.uid == 0) && user ? sudo(user, &block) : block.call
+  end
+
+  private
+    # Switch user/group effective id's as well as secondary groups
+    def self.sudo(user, &block)
+      passwd = (user.is_a? Fixnum) ? Etc.getpwuid(user) : Etc.getpwnam(user)
+      name, uid, gid = passwd.name, passwd.uid, passwd.gid
+      Process.initgroups(name, gid)
+      Process::GID.grant_privilege(gid)
+      Process::UID.grant_privilege(uid)
+      block.call
+    ensure
+      Process::UID.grant_privilege(0)
+      Process::GID.grant_privilege(0)
+      Process.initgroups('root', 0)
+    end
+end

data/nginx_stage.gemspec

@@ -0,0 +1,24 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'nginx_stage/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "nginx_stage"
+  spec.version       = NginxStage::VERSION
+  spec.authors       = ["Jeremy Nicklas"]
+  spec.email         = ["jnicklas@osc.edu"]
+  spec.summary       = %q{Stage and control per-user NGINX processes.}
+  spec.description   = %q{Command line interface to generating per-user NGINX configurations as well as launching and controlling the nginx process.}
+  spec.homepage      = "https://www.osc.edu"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "minitest"
+end

data/sbin/nginx_stage

@@ -0,0 +1,7 @@
+#!/opt/ood/nginx_stage/bin/ood_ruby
+$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+
+require 'nginx_stage'
+
+# Start up the nginx_stage application
+NginxStage::Application.start

data/share/nginx_stage_example.yml

@@ -0,0 +1,166 @@
+#
+# This is an example NginxStage CLI configuration file. It contains the
+# configuration options that can be specified to meet your system requirements.
+# See https://github.com/OSC/nginx_stage for detailed information about
+# NginxStage. In particular see
+# https://github.com/OSC/nginx_stage/blob/master/lib/nginx_stage/configuration.rb
+# for a detailed list of all possible configuration options and their default
+# settings.
+#
+# Below you can find the default values for each configuration option commented
+# out. Feel free to uncomment it and make modifications or write your
+# modifications directly below the commented defaults.
+#
+
+---
+
+# Location of the ERB templates used in the generation of the NGINX configs
+#
+#template_root: '/opt/ood/nginx_stage/templates'
+
+# The reverse proxy daemon user used to access the Unix domain sockets
+#
+#proxy_user: 'apache'
+
+# Path to system-installed NGINX binary
+#
+#nginx_bin: '/opt/rh/nginx16/root/usr/sbin/nginx'
+
+# White-list of signals that can be sent to the NGINX process
+#
+#nginx_signals:
+#  - 'stop'
+#  - 'quit'
+#  - 'reopen'
+#  - 'reload'
+
+# Path to system-installed NGINX 'mime.types' file
+#
+#mime_types_path: '/opt/rh/nginx16/root/etc/nginx/mime.types'
+
+# Path to system-installed Passenger 'locations.ini' file
+#
+#passenger_root: '/opt/rh/rh-passenger40/root/usr/share/passenger/phusion_passenger/locations.ini'
+
+# Path to system-installed Ruby binary
+#
+#passenger_ruby: '/opt/ood/nginx_stage/bin/ruby'
+
+# Path to system-installed Node.js binary
+# Set to `false` if you don't want this specified in nginx config
+#
+#passenger_nodejs: '/opt/ood/nginx_stage/bin/node'
+
+# Path to system-installed Python binary
+# Set to `false` if you don't want this specified in nginx config
+#
+#passenger_python: '/opt/ood/nginx_stage/bin/python'
+
+# Root location of per-user NGINX configs
+#
+#pun_config_path: '/var/lib/nginx/config/puns/%{user}.conf'
+
+# Root location of per-user NGINX tmp dirs
+#
+#pun_tmp_root: '/var/lib/nginx/tmp/%{user}'
+
+# Path to the per-user NGINX access log
+#
+#pun_access_log_path: '/var/log/nginx/%{user}/access.log'
+
+# Path to the per-user NGINX error log
+#
+#pun_error_log_path: '/var/log/nginx/%{user}/error.log'
+
+# Path to the per-user NGINX pid file
+#
+#pun_pid_path: '/var/run/nginx/%{user}/passenger.pid'
+
+# Path to the per-user NGINX socket file
+#
+#pun_socket_path: '/var/run/nginx/%{user}/passenger.sock'
+
+# Path to the local filesystem root where the per-user NGINX process serves
+# files from for the user making use of the sendfile feature in NGINX
+#
+#pun_sendfile_root: '/'
+
+# The internal URI used to access the local filesystem for downloading files
+# from the apps (not accessible directly by client browser)
+#
+#pun_sendfile_uri: '/sendfile'
+
+# List of hashes helping define wildcard app config locations. These are the
+# arguments for {#app_config_path}.
+#
+#pun_app_configs:
+#  - env: 'dev'
+#    owner: '%{user}'
+#    name: '*'
+#  - env: 'usr'
+#    owner: '*'
+#    name: '*'
+#  - env: 'sys'
+#    owner: ''
+#    name: '*'
+
+# A hash detailing the path to the per-user NGINX app configs
+#
+#app_config_path:
+#  dev: '/var/lib/nginx/config/apps/dev/%{owner}/%{name}.conf'
+#  usr: '/var/lib/nginx/config/apps/usr/%{owner}/%{name}.conf'
+#  sys: '/var/lib/nginx/config/apps/sys/%{name}.conf'
+
+# A hash detailing the locations on the file system where apps reside for the
+# corresponding environment
+#
+#app_root:
+#  dev: '~%{owner}/ondemand/dev/%{name}'
+#  usr: '/var/www/ood/apps/usr/%{owner}/gateway/%{name}'
+#  sys: '/var/www/ood/apps/sys/%{name}'
+
+# A hash detailing the app's request URI not including the base-URI
+#
+#app_request_uri:
+#  dev: '/dev/%{name}'
+#  usr: '/usr/%{owner}/%{name}'
+#  sys: '/sys/%{name}'
+
+# A hash detailing the regular expressions used to define the app namespace
+# from a given URI request. Should match {#app_request_uri}.
+#
+#app_request_regex:
+#  dev: '^/dev/(?<name>[-\w.]+)'
+#  usr: '^/usr/(?<owner>[\w]+)\/(?<name>[-\w.]+)'
+#  sys: '^/sys/(?<name>[-\w.]+)'
+
+# A hash detailing the tokens used to identify individual apps
+#
+#app_token:
+#  dev: 'dev/%{owner}/%{name}'
+#  usr: 'usr/%{owner}/%{name}'
+#  sys: 'sys/%{name}'
+
+# A hash detailing the Passenger environment to run the app under within the
+# PUN
+#
+#app_passenger_env:
+#  dev: 'development'
+#  usr: 'production'
+#  sys: 'production'
+
+# Regular expression used to validate a given user name. The user name supplied
+# must match the regular expression to be considered valid.
+#
+#user_regex: '[\w@\.\-]+'
+
+# Minimum user id required to generate per-user NGINX server as the requested
+# user
+#
+#min_uid: 1000
+
+# Restrict starting up per-user NGINX process as user with this shell.
+# NB: This only affects the `pun` command, you are still able to start or stop
+#     the PUN using other commands (e.g., `nginx`, `nginx_clean`, ...)
+#
+#disabled_shell: '/access/denied'

data/templates/app.conf.erb

@@ -0,0 +1,14 @@
+location ~ ^<%= app_request_uri %>(/.*|$) {
+  alias <%= app_root %>/public$1;
+  passenger_base_uri <%= app_request_uri %>;
+  passenger_app_root <%= app_root %>;
+  passenger_document_root <%= app_root %>/public;
+  passenger_enabled on;
+
+  passenger_app_env <%= app_passenger_env %>;
+
+  # Give apps the ability to download files from filesystem
+  passenger_set_cgi_param HTTP_X_SENDFILE_TYPE X-Accel-Redirect;
+  passenger_set_cgi_param HTTP_X_ACCEL_MAPPING "<%= sendfile_root %>=<%= sendfile_uri %>"; # Passenger 4
+  # passenger_set_header X-Accel-Mapping "<%= sendfile_root %>=<%= sendfile_uri %>"; # Passenger 5
+}

data/templates/pun.conf.erb

@@ -0,0 +1,79 @@
+# Setup environment
+env USER=<%= user %>;
+
+user        <%= user %> <%= group %>;  ## Default: nobody
+error_log   <%= error_log_path %>;
+pid         <%= pid_path %>;
+worker_processes 1;  ## Default: 1
+
+events {
+  worker_connections 1024;  ## Default: 1024
+}
+
+http {
+  include     <%= mime_types_path %>;
+
+  # Define passenger environment
+  passenger_root <%= passenger_root %>;
+  passenger_ruby <%= passenger_ruby %>;
+  <%- if passenger_nodejs -%>
+  passenger_nodejs <%= passenger_nodejs %>;
+  <%- end -%>
+  <%- if passenger_python -%>
+  passenger_python <%= passenger_python %>;
+  <%- end -%>
+
+  # Set passenger security measures
+  passenger_user_switching off;
+  passenger_default_user <%= user %>;
+  passenger_load_shell_envvars off;
+
+  # Kill all apps after they idle timeout
+  passenger_min_instances 0;
+
+  # Take advantage of Ruby preloader
+  #passenger_spawn_method smart;
+  #passenger_max_preloader_idle_time 0;
+
+  # Load all apps directly
+  passenger_spawn_method direct;
+
+  # Set an array of temp and cache file options for the per-user environment
+  client_body_temp_path   <%= tmp_root %>/client_body;
+  proxy_temp_path         <%= tmp_root %>/proxy_temp;
+  fastcgi_temp_path       <%= tmp_root %>/fastcgi_temp;
+  uwsgi_temp_path         <%= tmp_root %>/uwsgi_temp;
+  scgi_temp_path          <%= tmp_root %>/scgi_temp;
+
+  default_type application/octet-stream;
+  log_format   main '$remote_addr - $remote_user [$time_local] "$request" '
+    '$status $body_bytes_sent "$http_referer" '
+    '"$http_user_agent" "$http_x_forwarded_for"';
+  access_log   <%= access_log_path %> main;
+  sendfile     on;
+  tcp_nopush   on;
+  client_max_body_size 10G;
+
+  server {
+    listen      unix:<%= socket_path %>;
+    server_name localhost;
+
+    <%- if app_init_url -%>
+    location / {
+      default_type text/html;
+      return 404 '<%= restart_confirmation %>';
+    }
+    <%- end -%>
+
+    # Give apps the ability to download files from filesystem
+    location <%= sendfile_uri %> {
+      internal;
+      alias "<%= sendfile_root %>";
+    }
+
+    # Include all app configs user has access to
+    <%- app_configs.each do |app_config| -%>
+    include <%= app_config %>;
+    <%- end -%>
+  }
+}

data/test/minitest_helper.rb

@@ -0,0 +1,4 @@
+$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+require 'nginx_stage'
+
+require 'minitest/autorun'

data/test/test_nginx_stage.rb

@@ -0,0 +1,11 @@
+require 'minitest_helper'
+
+class TestNginxStage < MiniTest::Unit::TestCase
+  def test_that_it_has_a_version_number
+    refute_nil ::NginxStage::VERSION
+  end
+
+  def test_it_does_something_useful
+    assert false
+  end
+end