func setup() error {
// Resolve bind address
saddr, err := net.ResolveUDPAddr("udp", env.GetDefault("COLLECTD_PROXY_BIND", "127.0.0.1:25827"))
if err != nil {
return err
}
// Listen udp socket
proxy, err = net.ListenUDP("udp", saddr)
if err != nil {
return err
}
// Resolve target address
taddr, err := net.ResolveUDPAddr("udp", env.GetDefault("COLLECTD_PROXY_TARGET", "127.0.0.1:25826"))
if err != nil {
return err
}
target, err = net.DialUDP("udp", nil, taddr)
if err != nil {
return err
}
return nil
}
/**
* 1 - Show a deployment
*/
func (ctl *DeploymentController) getDeploymentAction(c *gin.Context) {
appId := c.Param("app_id")
deployId := c.Param("deploy_id")
application := ctl.getApplication(c, appId)
if application == nil {
return
}
deployment := ctl.getDeployment(c, application, deployId)
if deployment == nil {
return
}
karhuURL, _ := url.Parse(env.GetDefault("PUBLIC_HOST", "http://127.0.0.1:8080"))
webSocketProto := "ws"
if karhuURL.Scheme == "https" {
webSocketProto = "wss"
}
c.HTML(http.StatusOK, "deployment_show.html", map[string]interface{}{
"application": application,
"deployment": deployment,
"public_host": karhuURL.Host,
"websocket_proto": webSocketProto,
})
}
func init() {
hosts := env.GetDefault("MGO_HOSTS", "127.0.0.1")
db := env.GetDefault("MGO_DB", "karhu")
log.Println("Connecting to mgo:", hosts)
session, err := mgo.Dial(hosts)
if err != nil {
panic(err)
}
session.SetMode(mgo.Eventual, true)
mongo = &Mongo{
s: session,
db: db,
}
}
func init() {
switch env.GetDefault("STORAGE_DRIVER", "fs") {
case "fs":
driver = newFSDriver()
default:
panic("Invalid storage driver")
}
}
func LogstashRefreshApplicationsFilters() error {
// Get all node
apps, err := ApplicationMapper.FetchAll()
if err != nil {
return err
}
filters := logstash.NewTagFilters()
for _, app := range apps {
// Fetch logfiles
logfiles, err := LogfileMapper.FetchAllEnabled(app)
if err != nil {
return err
}
if len(logfiles) == 0 {
continue
}
var filePaths []string
for _, lf := range logfiles {
filePaths = append(filePaths, strconv.Quote(lf.Path))
}
// Forge application tags
var conds []string
if len(filePaths) > 1 {
conds = append(conds, fmt.Sprintf("[source] in [ %s ]", strings.Join(filePaths, ", ")))
} else {
conds = append(conds, fmt.Sprintf("[source] == %s", filePaths[0]))
}
for _, t := range app.Tags {
conds = append(conds, fmt.Sprintf("%s in [karhu_tags]", strconv.Quote(t)))
}
filters.AddFilter(
logstash.NewFilter(strings.Join(conds, " and ")).
Mutate(logstash.NewMutate("karhu_app", strconv.Quote(app.Name))))
}
data, err := filters.Marshal()
if err != nil {
return err
}
log.Println(string(data))
if err := ioutil.WriteFile(env.GetDefault("LOGSTASH_APPS_FILTERS", "./logstash/conf.d/11-apps-filters.conf"), data, 0644); err != nil {
return err
}
return nil
}
func keyDir() string {
dir := env.GetDefault("STORAGE_PATH", "data")
if !path.IsAbs(dir) {
cwd, _ := os.Getwd()
dir = path.Join(cwd, dir)
}
return path.Clean(fmt.Sprintf("%s/%s", dir, SSH_KEYS_DIR))
}
func main() {
rand.Seed(time.Now().UnixNano())
s := web.NewServer()
controllers.NewFrontController(s)
controllers.NewAPIController(s)
go alerts.Run()
s.Run(env.GetDefault("LISTEN_ADDR", ":8080")) // listen and serve
}
func main() {
r := gin.Default()
r.Use(AuthMiddleware())
// Setup seed
rand.Seed(time.Now().UnixNano())
// Register actions
r.POST("/job", postJobAction)
r.GET("/job/:id", getJobAction)
r.Run(env.GetDefault("BIND_ADDRESS", ":8080"))
}
func ReadAuthfile() (string, string, error) {
data, err := ioutil.ReadFile(env.GetDefault("LOGSTASH_AUTHFILE", "./logstash/certs/authfile"))
if err != nil {
return "", "", err
}
buf := bytes.NewBuffer(data)
line, err := buf.ReadString('\n')
if err != nil {
return "", "", err
}
auth := strings.SplitN(string(line), ":", 2)
return strings.TrimSpace(auth[0]), strings.TrimSpace(auth[1]), nil
}
func validateAuth(username, password string) bool {
// Password sha1
password = fmt.Sprintf("%x", sha1.Sum([]byte(password)))
// Re-open auth file each time, to avoid reloading it
file, err := os.Open(env.GetDefault("AUTH_FILE", "access"))
if err != nil {
panic(err)
}
defer file.Close()
// Scan line by line
scanner := bufio.NewScanner(file)
for scanner.Scan() {
line := scanner.Text()
if line[0] == '#' {
continue
}
// Split format: username:sha1_password
splited := strings.SplitN(line, `:`, 2)
if len(splited) != 2 {
continue
}
log.Println(splited, username, password)
// Check credentials
if splited[0] == username && splited[1] == password {
return true
}
}
if err := scanner.Err(); err != nil {
panic(err)
}
log.Println("Bad password")
return false
}
func LogstashRefreshTagsFilters() error {
// Get all node
nodes, err := NodeMapper.FetchAll()
if err != nil {
return err
}
filters := logstash.NewTagFilters()
for _, n := range nodes {
if len(n.Tags) == 0 {
continue
}
var tags = []string{`"karhu"`}
for _, t := range n.Tags {
tags = append(tags, strconv.Quote(t))
}
log.Println("tags:", tags)
filters.AddFilter(
logstash.NewFilter("[host] == " + strconv.Quote(n.Hostname)).
Mutate(logstash.NewMutate("karhu_tags", fmt.Sprintf("[ %s ]", strings.Join(tags, ", ")))))
}
data, err := filters.Marshal()
if err != nil {
return err
}
log.Println(string(data))
if err := ioutil.WriteFile(env.GetDefault("LOGSTASH_TAGS_FILTERS", "./logstash/conf.d/10-tags-filters.conf"), data, 0644); err != nil {
return err
}
return nil
}
func newFSDriver() storageDriver {
return &fsDriver{
BaseDir: env.GetDefault("STORAGE_PATH", "./data"),
}
}
package alerts
import (
"errors"
// "fmt"
"github.com/gotoolz/env"
"github.com/karhuteam/karhu/models"
"log"
"os/exec"
"path"
)
var nagiosPluginsPath = env.GetDefault("NAGIOS_PLUGINS_DIR", "/usr/lib/nagios/plugins")
type CheckNagios struct {
Policy *models.AlertPolicy
Plugin string
Params string
}
func NewCheckNagios(policy *models.AlertPolicy) (*CheckNagios, error) {
return &CheckNagios{
Policy: policy,
Plugin: policy.NagiosPlugin,
Params: policy.NagiosParams,
}, nil
}
func (c *CheckNagios) command() string {
func (pc *NodeController) getRegisterSH(c *gin.Context) {
publicKey, err := ssh.GetPublicKey()
if err != nil {
panic(err)
}
karhuHost := env.GetDefault("PUBLIC_HOST", "http://127.0.0.1:8080")
logstashIP := env.GetDefault("LOGSTASH_IP", "127.0.0.1")
collectdUser, collectdPassword, err := logstash.ReadAuthfile()
if err != nil {
panic(err)
}
log.Println("URL:", c.Request.URL)
clientIP := c.ClientIP()
basicAuth := ""
if auth := env.Get("BASIC_AUTH"); auth != "" {
basicAuth = `"-u ` + auth + `"`
}
c.String(http.StatusOK, fmt.Sprintf(`
#!/bin/bash
echo "Registering host on Karhu..."; echo
KARHU_HOST=%s
LOGSTASH_IP=%s
PUBLIC_KEY='%s'
LOGSTASH_CRT_URL=$KARHU_HOST/api/nodes/config/logstash.crt
LOGSTASH_CRT_PATH=/etc/filebeat/certs/logstash.crt
FILEBEAT_CONFIG_URL=$KARHU_HOST/api/nodes/config/filebeat.yml
FILEBEAT_CONFIG_PATH=/etc/filebeat/filebeat.yml
AUTHORIZED_KEYS_DIR=%s
AUTHORIZED_KEYS_FILE=%s
CLIENT_IP=%s
SSH_PORT=%s
SSH_USER=$(whoami)
BASIC_AUTH=%s
SETUP_MONITORING=%s
INFLUXDB_COLLECTD_HOST=%s
INFLUXDB_COLLECTD_PORT=%s
COLLECTD_USERNAME=%s
COLLECTD_PASSWORD=%s
COLLECTD_CONFIG_PATH=/etc/collectd/collectd.conf.d/karhu.conf
NO_REGISTER=%s
SUDO=
if [ "$SSH_USER" != "root" ]; then
echo "Check sudo..."
sudo -n true
if [ "$?" != "0" ]; then
echo "You need root access or sudo without password..."
exit 1
fi
SUDO=sudo
fi
if [ "$NO_REGISTER" != "1" ]; then
if [ ! -d "$AUTHORIZED_KEYS_DIR" ]; then
mkdir -p $AUTHORIZED_KEYS_DIR || exit 1
fi
if [ ! -f "$AUTHORIZED_KEYS_FILE" ]; then
touch $AUTHORIZED_KEYS_FILE || exit 1
fi
echo "Setting up ssh keys..."
grep -q -F "$(echo $PUBLIC_KEY)" $AUTHORIZED_KEYS_FILE || echo $PUBLIC_KEY >> $AUTHORIZED_KEYS_FILE
echo "Registering node..."
curl --fail $BASIC_AUTH -X POST $KARHU_HOST/api/nodes -d hostname=$(hostname) -d ip=$CLIENT_IP -d ssh_port=$SSH_PORT -d ssh_user=$SSH_USER || exit 1
echo
fi
if [ "$SETUP_MONITORING" = "1" ]; then
echo "Setup logstash host"
$SUDO sed '/ karhu$/{h;s/.*/'$LOGSTASH_IP' karhu/};${x;/^$/{s//'$LOGSTASH_IP' karhu/;H};x}' -i /etc/hosts
echo "Setup monitoring..."
if [ ! -f "$(which collectd)" ]; then
$SUDO apt-get update || exit 1
$SUDO apt-get install -y --no-install-recommends collectd || exit 1
fi
echo "LoadPlugin network
<Plugin "network">
<Server \"karhu\" \"$INFLUXDB_COLLECTD_PORT\">
SecurityLevel "Encrypt"
Username "$COLLECTD_USERNAME"
Password "$COLLECTD_PASSWORD"
</Server>
</Plugin>" | $SUDO tee $COLLECTD_CONFIG_PATH || exit 1
echo "Restard collectd"
$SUDO service collectd restart || exit 1
# Setup filebeat
if [ ! -f "$(which filebeat)" ]; then
echo "deb https://packages.elastic.co/beats/apt stable main" | $SUDO tee /etc/apt/sources.list.d/beats.list || exit 1
curl -L https://packages.elastic.co/GPG-KEY-elasticsearch | $SUDO apt-key add - || exit 1
$SUDO apt-get update || exit 1
$SUDO apt-get install -y filebeat || exit 1
fi
if [ ! -d "$(dirname $LOGSTASH_CRT_PATH)" ]; then
$SUDO mkdir -p $(dirname $LOGSTASH_CRT_PATH) || exit 1
fi
# setup crt
$SUDO curl $BASIC_AUTH -o $LOGSTASH_CRT_PATH $LOGSTASH_CRT_URL || exit 1
# setup config
$SUDO curl $BASIC_AUTH -o $FILEBEAT_CONFIG_PATH $FILEBEAT_CONFIG_URL || exit 1
$SUDO service filebeat restart || exit 1
fi
# Alerts
$SUDO apt-get install -y nagios-plugins
echo "Done."`, karhuHost, logstashIP, publicKey, ssh.SSH_AUTHORIZED_KEYS_DIR, ssh.AuthorizedKeysPath(), clientIP, c.DefaultQuery("ssh_port", "22") /*, c.DefaultQuery("ssh_user", "root") */, basicAuth, c.DefaultQuery("monit", "1"), env.Get("INFLUXDB_COLLECTD_HOST"), env.Get("INFLUXDB_COLLECTD_PORT"), collectdUser, collectdPassword, c.DefaultQuery("noreg", "0")))
}
package models
import (
"encoding/json"
"errors"
"fmt"
"github.com/gotoolz/env"
"io"
"io/ioutil"
// "log"
"net/http"
"strings"
)
var esHost = env.GetDefault("ES_HOST", "http://127.0.0.1:9200")
type Hits struct {
Total int64 `json:"total"`
MaxScore float32 `json:"max_score"`
Hits []Hit `json:"hits"`
}
type Hit struct {
Index string `json:"_index"`
Type string `json:"_type"`
Id string `json:"_id"`
Score float32 `json:"_score"`
Source *json.RawMessage `json:"_source"`
}
type SearchResult struct {
Took int `json:"took"`