Added support for advanced metrics (#126)

fabriziofiorucci · web-flow · commit 1dd04ddf3165 · 2023-12-01T10:27:57.000-08:00
* Added API Connectivity Manager 1.5.0 support

* Ownership fix

* Startup script fix

* NGINX App Protect WAF updates

* Tested with NGINX Instance Manager 2.9.1

* Added docker-compose support

* Tested with NGINX Instance Manager 2.10.0 and Security Monitoring 1.4.0

* Tested with NGINX Instance Manager 2.10.0 and API Connectivity Manager 1.5.0

* Tested with API Connectivity Manager 1.6.0

* Tested with API Connectivity Manager 1.6.0

* README updated

* Added support for NGINX Instance Manager 2.10.1 and App Delivery Manager 4.0.0

* Fixed NGINX App Protect detection bug for NGINX Instance Manager 2.10.0+

* Fixed agent syslog receiver bug

* README updated

* Tested with NGINX Instance Manager 2.11.0 and Security Monitoring 1.5.0

* Tested with NGINX Instance Manager 2.11.0

* Tested with NGINX API Connectivity Manager 1.7.0

* Tested with NGINX Instance Manager 2.12.0 and Security Monitoring 1.6.0

* Tested with API Connectivity Manager 1.8.0

* Tested with API Connectivity Manager 1.8.0

* Tested with NGINX Instance Manager 2.12.0

* Dockerfile updated

* Support for NGINX Instance Manager 2.13

* Tested with NGINX Instance Manager 2.13

* Tested with NIM 2.14.0 and SM 1.7.0

* Tested with NIM 2.14.0 and SM 1.7.0

* Tested with NGINX Instance Manager 2.14.0

* Tested with NGINX Instance Manager 2.14.0

* Tested with NGINX App Protect compiler v4.583.0

* Start script updated

* Advanced metrics support added

* Advanced metrics support added

---------

Signed-off-by: 65397 &lt;fiorucci@oasi.asti.it&gt;
diff --git a/nginx-agent-docker/Dockerfile b/nginx-agent-docker/Dockerfile
@@ -6,7 +6,7 @@ ARG NAP_WAF=false
 
 # Initial packages setup
 RUN	apt-get -y update \
-	&& apt-get -y install apt-transport-https lsb-release ca-certificates wget gnupg2 curl debian-archive-keyring \
+	&& apt-get -y install apt-transport-https lsb-release ca-certificates wget gnupg2 curl debian-archive-keyring iproute2 \
 	&& mkdir -p /deployment /etc/ssl/nginx \
 	&& addgroup --system --gid 20983 nginx \
 	&& adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 20983 nginx
diff --git a/nginx-agent-docker/README.md b/nginx-agent-docker/README.md
@@ -8,7 +8,7 @@ This repository can be used to build a docker image with NGINX Plus and NGINX In
 
 This repository has been tested with NGINX agent for:
 
-- NGINX Instance Manager 2.4.0, 2.5.0, 2.5.1, 2.6.0, 2.7.0, 2.8.0, 2.9.0, 2.10.0, 2.10.1, 2.11.0, 2.12.0, 2.13.0, 2.13.1, 2.14.0
+- NGINX Instance Manager 2.4.0, 2.5.0, 2.5.1, 2.6.0, 2.7.0, 2.8.0, 2.9.0, 2.10.0, 2.10.1, 2.11.0, 2.12.0, 2.13.0, 2.13.1, 2.14.0, 2.14.1
 - API Connectivity Manager 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.9.0
 - NGINX App Protect WAF 4.100.1+
 
@@ -75,8 +75,9 @@ the build script will push the image to your private registry once build is comp
 1. Edit `manifests/1.nginx-nim.yaml` and specify the correct image by modifying the `image:` line, and set the following environment variables. Default values for `NIM_HOST` and `NIM_GRPC_PORT` can be used if NGINX Instance Manager is deployed using https://github.com/nginxinc/NGINX-Demos/tree/master/nginx-nms-docker
   - `NIM_HOST` - NGINX Instance Manager hostname/IP address
   - `NIM_GRPC_PORT` - NGINX Instance Manager gRPC port.
-  - `NIM_INSTANCEGROUP` - instance group for the NGINX Kubernetes Deployment
-  - `NIM_TAGS` - comma separated list of tags for the NGINX Kubernetes Deployment
+  - `NIM_INSTANCEGROUP` - instance group for the NGINX instance
+  - `NIM_TAGS` - comma separated list of tags for the NGINX instance
+  - `NIM_ADVANCED_METRICS` - set to `"true"` to enable advanced metrics collection
   - `NAP_WAF` - set to `"true"` to enable NGINX App Protect WAF (docker image built using `-w`)
   - `NAP_WAF_PRECOMPILED_POLICIES` - set to `"true"` to enable NGINX App Protect WAF precompiled policies (docker image built using `-w`)
   - `ACM_DEVPORTAL` - set to `"true"` to enable API Connectivity Manager Developer Portal (docker image built using `-d`)
diff --git a/nginx-agent-docker/container/start.sh b/nginx-agent-docker/container/start.sh
@@ -27,18 +27,35 @@ if [[ ! -z "$NIM_TAGS" ]]; then
    PARM="${PARM} --tags $NIM_TAGS"
 fi
 
+if [[ "$NIM_ADVANCED_METRICS" == "true" ]]; then
+   if [ $OLD_AGENT == "false" ]
+   then
+      EXTRA_EXTENSIONS="- advanced-metrics"
+
+      cat - << __EOT__ >> /etc/nginx-agent/nginx-agent.conf
+
+# Advanced metrics
+advanced_metrics:
+  socket_path: /var/run/nginx-agent/advanced-metrics.sock
+  aggregation_period: 1s
+  publishing_period: 3s
+  table_sizes_limits:
+    staging_table_max_size: 1000
+    staging_table_threshold: 1000
+    priority_table_max_size: 1000
+    priority_table_threshold: 1000
+__EOT__
+   fi
+fi
+
 if [[ "$NAP_WAF" == "true" ]]; then
    if [ $OLD_AGENT == "true" ]
    then
       PARM="${PARM} --nginx-app-protect-report-interval 15s --nap-monitoring-collector-buffer-size 50000 --nap-monitoring-processor-buffer-size 50000 --nap-monitoring-syslog-ip 127.0.0.1 --nap-monitoring-syslog-port 514"
    else
-      cat - << __EOT__ >> /etc/nginx-agent/nginx-agent.conf
+      EXTRA_EXTENSIONS=$EXTRA_EXTENSIONS"\n- nginx-app-protect\n- nap-monitoring"
 
-# Enable NAP and Advanced Metrics
-extensions:
-  - advanced-metrics
-  - nginx-app-protect
-  - nap-monitoring
+      cat - << __EOT__ >> /etc/nginx-agent/nginx-agent.conf
 
 # NGINX App Protect Monitoring config
 nap_monitoring:
@@ -62,7 +79,6 @@ __EOT__
    done
 
    chown nginx:nginx /opt/app_protect/pipe/*
-fi
 
 if [[ "$NAP_WAF_PRECOMPILED_POLICIES" == "true" ]]; then
    if [ $OLD_AGENT == "true" ]
@@ -78,6 +94,17 @@ __EOT__
    fi
 fi
 
+fi
+
+if [[ "$EXTRA_EXTENSIONS" != "" ]]; then
+  cat - << __EOT__ >> /etc/nginx-agent/nginx-agent.conf
+
+# Enable extensions
+extensions:
+`echo -e $EXTRA_EXTENSIONS | sed "s/^/\ \ /g"`
+__EOT__
+fi
+
 if [[ "$ACM_DEVPORTAL" == "true" ]]; then
    nginx-devportal server &
 fi
