Added support for NGINX Instance Manager 2.13 and API Connectivity Manager 1.9 (#111)

fabriziofiorucci · web-flow · commit 6af5f33729d9 · 2023-10-19T05:45:09.000-08:00
* Added API Connectivity Manager 1.5.0 support

* Ownership fix

* Startup script fix

* NGINX App Protect WAF updates

* Tested with NGINX Instance Manager 2.9.1

* Added docker-compose support

* Tested with NGINX Instance Manager 2.10.0 and Security Monitoring 1.4.0

* Tested with NGINX Instance Manager 2.10.0 and API Connectivity Manager 1.5.0

* Tested with API Connectivity Manager 1.6.0

* Tested with API Connectivity Manager 1.6.0

* README updated

* Added support for NGINX Instance Manager 2.10.1 and App Delivery Manager 4.0.0

* Fixed NGINX App Protect detection bug for NGINX Instance Manager 2.10.0+

* Fixed agent syslog receiver bug

* README updated

* Tested with NGINX Instance Manager 2.11.0 and Security Monitoring 1.5.0

* Tested with NGINX Instance Manager 2.11.0

* Tested with NGINX API Connectivity Manager 1.7.0

* Tested with NGINX Instance Manager 2.12.0 and Security Monitoring 1.6.0

* Tested with API Connectivity Manager 1.8.0

* Tested with API Connectivity Manager 1.8.0

* Tested with NGINX Instance Manager 2.12.0

* Dockerfile updated

* Support for NGINX Instance Manager 2.13

---------

Signed-off-by: 65397 &lt;fiorucci@oasi.asti.it&gt;
diff --git a/nginx-agent-docker/README.md b/nginx-agent-docker/README.md
@@ -8,8 +8,8 @@ This repository can be used to build a docker image with NGINX Plus and NGINX In
 
 This repository has been tested with NGINX agent for:
 
-- NGINX Instance Manager 2.4.0, 2.5.0, 2.5.1, 2.6.0, 2.7.0, 2.8.0, 2.9.0, 2.10.0, 2.10.1, 2.11.0, 2.12.0
-- API Connectivity Manager 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.8.0
+- NGINX Instance Manager 2.4.0, 2.5.0, 2.5.1, 2.6.0, 2.7.0, 2.8.0, 2.9.0, 2.10.0, 2.10.1, 2.11.0, 2.12.0, 2.13.0, 2.13.1
+- API Connectivity Manager 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.9.0
 - NGINX App Protect WAF 4.100.1+
 
 ## Prerequisites
diff --git a/nginx-nms-docker/Dockerfile.automated b/nginx-nms-docker/Dockerfile.automated
@@ -39,7 +39,9 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
 	&& if [ ! -z "${ADD_ADM}" ] ; then \
 	apt-get -y install nms-app-delivery-manager; fi \
 	# Set permissions
-	&& chmod +x /etc/nms/scripts/*.sh
+	&& chmod +x /etc/nms/scripts/*.sh \
+	&& wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq \
+	&& chmod +x /usr/bin/yq
 
 # Optional Second Sight
 WORKDIR /deployment
diff --git a/nginx-nms-docker/README.md b/nginx-nms-docker/README.md
@@ -24,10 +24,10 @@ A bash script to quickly install NGINX Management Suite through the official Hel
 
 This repository has been tested with:
 
-- NGINX Instance Manager 2.4.0, 2.5.0, 2.5.1, 2.6.0, 2.7.0, 2.8.0, 2.9.0, 2.9.1, 2.10.0, 2.10.1, 2.11.0, 2.12.0
-- NGINX API Connectivity Manager 1.0.0, 1.1.0, 1.1.1, 1.2.0, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.5.0, 1.6.0, 1.7.0, 1.8.0
-- Security Monitoring 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0
-- NGINX App Protect WAF compiler 3.1088.2, 4.2.0, 4.100.1, 4.218.0
+- NGINX Instance Manager 2.4.0, 2.5.0, 2.5.1, 2.6.0, 2.7.0, 2.8.0, 2.9.0, 2.9.1, 2.10.0, 2.10.1, 2.11.0, 2.12.0, 2.13.0, 2.13.1, 2.14.0
+- NGINX API Connectivity Manager 1.0.0, 1.1.0, 1.1.1, 1.2.0, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.9.0, 1.9.1
+- Security Monitoring 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.7.0
+- NGINX App Protect WAF compiler v3.1088.2, v4.100.1, v4.2.0, v4.218.0, v4.279.0, v4.402.0, v4.457.0
 - NGINX App Delivery Manager 4.0.0
 
 ## Prerequisites
@@ -74,7 +74,7 @@ NGINX Management Suite Docker image builder
  -K [file.key]          - Key file to pull packages from the official NGINX repository
  -A                     - Enable API Connectivity Manager - optional
  -W                     - Enable Security Monitoring - optional
- -P [version]           - Enable WAF policy compiler, version can be [v3.1088.2|v4.2.0|v4.100.1|v4.218.0|v4.279.0|v4.402.0] - optional
+ -P [version]           - Enable WAF policy compiler, version can be any [v3.1088.2|v4.100.1|v4.2.0|v4.218.0|v4.279.0|v4.402.0|v4.457.0] - optional
  -D                     - Enable App Delivery Manager - optional
 
  === Examples:
@@ -88,7 +88,7 @@ NGINX Management Suite Docker image builder
 
  Automated build:
         ./scripts/buildNIM.sh -i -C nginx-repo.crt -K nginx-repo.key
-                -A -W -P v4.218.0 -D -t my.registry.tld/nginx-nms:2.9.0
+                -A -W -P v4.457.0 -D -t my.registry.tld/nginx-nms:2.13.1
 ```
 
 ### Automated build
diff --git a/nginx-nms-docker/container/startNIM.sh b/nginx-nms-docker/container/startNIM.sh
@@ -50,8 +50,8 @@ clickhouse_username = '$NIM_CLICKHOUSE_USERNAME'
 clickhouse_password = '$NIM_CLICKHOUSE_PASSWORD'
 " >> /etc/nms/nms.conf
 	;;
-	*)
-		echo "YAML nms.conf"
+	2.7.0|2.8.0|2.9.0|2.9.1|2.10.0|2.10.1|2.11.0|2.12.0)
+		echo "YAML nms.conf <= 2.12"
 # Clickhouse configuration - dedicated pod
 echo -e "
 
@@ -62,6 +62,20 @@ clickhouse:
   password: '$NIM_CLICKHOUSE_PASSWORD'
 " >> /etc/nms/nms.conf
 	;;
+	*)
+		echo "YAML nms.conf >= 2.13"
+# Clickhouse configuration - dedicated pod
+export NIM_CLICKHOUSE_ADDRESSPORT=$NIM_CLICKHOUSE_ADDRESS:$NIM_CLICKHOUSE_PORT
+yq '.clickhouse.address=strenv(NIM_CLICKHOUSE_ADDRESSPORT)|.clickhouse.username=strenv(NIM_CLICKHOUSE_USERNAME)|.clickhouse.password=strenv(NIM_CLICKHOUSE_PASSWORD)' /etc/nms/nms.conf > /etc/nms/nms.conf-updated
+mv /etc/nms/nms.conf-updated /etc/nms/nms.conf
+chown nms:nms /etc/nms/nms.conf
+chmod 644 /etc/nms/nms.conf
+
+yq '.clickhouse.address="tcp://"+strenv(NIM_CLICKHOUSE_ADDRESSPORT)|.clickhouse.username=strenv(NIM_CLICKHOUSE_USERNAME)|.clickhouse.password=strenv(NIM_CLICKHOUSE_PASSWORD)' /etc/nms/nms-sm-conf.yaml > /etc/nms/nms-sm-conf.yaml-updated
+cp /etc/nms/nms-sm-conf.yaml-updated /etc/nms/nms-sm-conf.yaml
+chown nms:nms /etc/nms/nms-sm-conf.yaml
+chmod 644 /etc/nms/nms-sm-conf.yaml
+	;;
 esac
 
 # Start nms core - from /lib/systemd/system/nms-core.service
@@ -128,6 +142,12 @@ fi
 
 sleep 5
 
+# Start Security Monitoring
+if [ -f /usr/bin/nms-sm ]
+then
+	su - nms -c "/usr/bin/nms-sm start &" -s /bin/bash
+fi
+
 chmod 666 /var/run/nms/*.sock
 
 /etc/init.d/nginx start
diff --git a/nginx-nms-docker/scripts/buildNIM.sh b/nginx-nms-docker/scripts/buildNIM.sh
@@ -19,7 +19,8 @@ Automated build:\n\n
 -K [file.key]\t\t- Key file to pull packages from the official NGINX repository\n
 -A\t\t\t- Enable API Connectivity Manager - optional\n
 -W\t\t\t- Enable Security Monitoring - optional\n
--P [version]\t\t- Enable WAF policy compiler, version can be [v3.1088.2|v4.2.0|v4.100.1|v4.218.0|v4.279.0|v4.402.0] - optional\n\n
+-P [version]\t\t- Enable WAF policy compiler, version can be any [v3.1088.2|v4.100.1|v4.2.0|v4.218.0|v4.279.0|v4.402.0|v4.457.0] - optional\n
+-D\t\t\t- Enable App Delivery Manager - optional\n\n
 === Examples:\n\n
 Manual build:\n
 \t$0 -n nim-files/nms-instance-manager_2.6.0-698150575~focal_amd64.deb \\\\\n
@@ -29,13 +30,13 @@ Manual build:\n
 \t\t-t my.registry.tld/nginx-nms:2.6.0\n\n
 Automated build:\n
 \t$0 -i -C nginx-repo.crt -K nginx-repo.key\n
-\t\t-A -W -P v4.218.0 -D -t my.registry.tld/nginx-nms:2.9.0\n
+\t\t-A -W -P v4.457.0 -D -t my.registry.tld/nginx-nms:2.13.1\n
 "
 
 # Defaults
 COUNTER=false
 
-while getopts 'hn:a:w:p:t:siC:K:AWP:' OPTION
+while getopts 'hn:a:w:p:t:siC:K:AWP:D' OPTION
 do
 	case "$OPTION" in
 		h)
@@ -78,6 +79,9 @@ do
                 P)
                         ADD_PUM=$OPTARG
                 ;;
+		D)
+			ADD_ADM=true
+		;;
 	esac
 done
 
@@ -113,7 +117,8 @@ then
                 --build-arg ACM_IMAGE=$ACM_IMAGE --build-arg SM_IMAGE=$SM_IMAGE --build-arg PUM_IMAGE=$PUM_IMAGE -t $IMGNAME .
 else
 	DOCKER_BUILDKIT=1 docker build --no-cache -f Dockerfile.automated --secret id=nginx-key,src=$NGINX_KEY --secret id=nginx-crt,src=$NGINX_CERT \
-                --build-arg ADD_ACM=$ADD_ACM --build-arg ADD_SM=$ADD_SM --build-arg ADD_PUM=$ADD_PUM --build-arg BUILD_WITH_SECONDSIGHT=$COUNTER \
+                --build-arg ADD_ACM=$ADD_ACM --build-arg ADD_SM=$ADD_SM --build-arg ADD_PUM=$ADD_PUM --build-arg ADD_ADM=$ADD_ADM \
+		--build-arg BUILD_WITH_SECONDSIGHT=$COUNTER \
                 -t $IMGNAME .
 fi
 
