path: root/tools/unitctl/README.md

# NGINX Unit Rust SDK and CLI

This project provides a Rust SDK interface to the
[NGINX Unit](https://unit.nginx.org/)
[control API](https://unit.nginx.org/howto/source/#source-startup)
and a CLI (`unitctl`) that exposes the functionality provided by the SDK.

## Installation and Use
In order to build and use `unitctl` one needs a working installation of
Cargo. It is recommended to procure Cargo with Rustup. Rustup is packaged
for use in many systems, but you can also find it at its
[Official Site](https://rustup.rs/). Additionally, Macintosh users will
need to install GNU core utilities using brew (see the following command)

```
$ brew install make gnu-sed grep gawk maven
```

After installing a modern distribution of Make, Macintosh users can invoke
the makefile commands using `gmake`. For example: `gmake clean` or `gmake all`.

Finally, in order to run the OpenAPI code generation tooling, Users will
need a working
[Java runtime](https://www.java.com/en/)
as well as Maven. Macintosh users can install Maven from Brew.

With a working installation of Cargo it is advised to build unitctl with the
provided makefile. The `list-targets` target will inform the user of what
platforms are available to be built. One or more of these can then be run as
their own makefile targets. Alternatively, all available binary targets can be
built with `make all`. See the below example for illustration:

```
$ make list-targets
x86_64-unknown-linux-gnu

$ make x86_64-unknown-linux-gnu
▶ building unitctl with flags [--quiet --release --bin unitctl --target x86_64-unknown-linux-gnu]

$ file ./target/x86_64-unknown-linux-gnu/release/unitctl
./target/x86_64-unknown-linux-gnu/release/unitctl: ELF 64-bit LSB pie executable,
x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2,
BuildID[sha1]=ef4b094ffd549b39a8cb27a7ba2cc0dbad87a3bc, for GNU/Linux 4.4.0,
with debug_info, not stripped
```

As demonstrated in the example above, compiled binaries may be found in the
targets folder, under the subdirectory corresponding to the build target
desired.


## Features (Current)

```
CLI interface to the NGINX Unit Control API

Usage: unitctl [OPTIONS] <COMMAND>

Commands:
  instances  List all running Unit processes
  edit       Open current Unit configuration in editor
  import     Import configuration from a directory
  execute    Sends raw JSON payload to Unit
  status     Get the current status of Unit
  listeners  List active listeners
  help       Print this message or the help of the given subcommand(s)

Options:
  -s, --control-socket-address <CONTROL_SOCKET_ADDRESS>
          Path (unix:/var/run/unit/control.sock), tcp address with port (127.0.0.1:80), or URL
  -w, --wait-timeout-seconds <WAIT_TIME_SECONDS>
          Number of seconds to wait for control socket to become available
  -t, --wait-max-tries <WAIT_MAX_TRIES>
          Number of times to try to access control socket when waiting [default: 3]
  -h, --help
          Print help
  -V, --version
          Print version
```

- Consumes alternative configuration formats Like YAML and converts them
- Can convert output to multiple different formats (YAML, plain JSON, highlighted JSON)
- Syntactic highlighting of JSON output
- Interpretation of Unit errors with (arguably more) useful error messages

### Lists all running Unit processes and provides details about each process.
Unitctl will detect and connect to running process of Unit on the host.
It will pull information about the running Unit configuration
(including how to access its control API) from the process information of
each detected Unit process.

```
$ unitctl instances
No socket path provided - attempting to detect from running instance
unitd instance [pid: 79489, version: 1.32.0]:
  Executable: /opt/unit/sbin/unitd
  API control unix socket: unix:/opt/unit/control.unit.sock
  Child processes ids: 79489, 79489
  Runtime flags: --no-daemon
  Configure options: --prefix=/opt/unit --user=elijah --group=elijah --openssl
```

### Start a new Unit process via docker
Unitctl can launch new containers of Unit.
These can be official Unit images or custom Unit images.
Any container that calls `unitd` in a CMD declaration will suffice.

The new containers will then be shown in a call to
`unitctl instances`

```
$ unitctl instances new /tmp/2 $(pwd) 'unit:wasm'
Pulling and starting a container from unit:wasm
Will mount /tmp/2 to /var/run for socket access
Will mount /home/user/repositories/nginx/unit/tools/unitctl to /www for application access
Note: Container will be on host network

```

To the subcommand `unitctl instances new` the user must provide three arguments:
1. **A means of showing the control API:**
   There are two possibilities for this argument.
   A filepath on which to open a unix socket,
   or a TCP address.
   - If a directory is specified the Unit container
     will mount this to `/var/run` internally.
     Thus, the control socket and pid file will be
     accessible from the host. For example: `/tmp/2`.
   - If a TCP endpoint is specified Unit will be configured
     to offer its control API on the given port and address.
     For example: `127.0.0.1:7171`.
2. **A path to an application:**
   In the example, `$(pwd)` is provided. The Unit container will mount
   this to `/www/`. This will allow the user to configure their
   Unit container to expose an application stored on the host.
3. **An image tag:**
   In the example, `unit:wasm` is used. This will be the image that unitctl
   will deploy. Custom repos and images can be deployed in this manner.

In addition to the above arguments, the user may add the `-r` flag. This flag will
set the Docker volume mount for the application directory to be read only. Do note
that this flag will break compatibility with WordPress, and other applications
which store state on the file system.

After deployment the user will have one Unit container running on the host network.

### Lists active applications and provides means to restart them
Unitctl can list running applications by accessing the specified control API.
Unitctl can also request from the API that an application be restarted.

Listing applications:
```
$ unitctl app list
{
  "wasm": {
    "type": "wasm-wasi-component",
    "component": "/www/wasmapp-proxy-component.wasm"
  }
}
```

Restarting an application:
```
$ unitctl app reload wasm
{
  "success": "Ok"
}
```

*Note:* Both of the above commands support operating on multiple instances
of Unit at once. To do this, pass multiple values for the `-s` flag as
shown below:

```
$ unitctl -s '127.0.0.1:8001' -s /run/nginx-unit.control.sock app list
```

### Lists active listeners from running Unit processes
Unitctl can query a given control API to fetch all configured
listeners.

```
unitctl listeners
No socket path provided - attempting to detect from running instance
{
  "127.0.0.1:8080": {
    "pass": "routes"
  }
}
```

*Note:* This command supports operating on multiple instances of Unit at once.
To do this, pass multiple values for the `-s` flag as shown below:

```
$ unitctl -s '127.0.0.1:8001' -s /run/nginx-unit.control.sock listeners
```

### Get the current status of NGINX Unit processes
Unitctl can query the control API to provide the status of the running
Unit daemon.

```
$ unitctl status -t yaml
No socket path provided - attempting to detect from running instance
connections:
  accepted: 0
  active: 0
  idle: 0
  closed: 0
requests:
  total: 0
applications: {}
```

*Note:* This command supports operating on multiple instances of Unit at once.
To do this, pass multiple values for the `-s` flag as shown below:

```
$ unitctl -s '127.0.0.1:8001' -s /run/nginx-unit.control.sock status
```

### Send arbitrary configuration payloads to Unit
Unitctl can accept custom request payloads and query given API endpoints with them.
The request payload must be passed in using the `-f` flag either as a filename or
using the `-` filename to denote the use of stdin as shown in the example below.

```
$ echo '{
    "listeners": {
        "127.0.0.1:8080": {
            "pass": "routes"
        }
    },

    "routes": [
        {
            "action": {
                "share": "/www/data$uri"
            }
        }
    ]
}' | unitctl execute --http-method PUT --path /config -f -
{
  "success": "Reconfiguration done."
}
```

*Note:* This command supports operating on multiple instances of Unit at once.
To do this, pass multiple values for the `-s` flag as shown below:

```
$ unitctl -s '127.0.0.1:8001' -s /run/nginx-unit.control.sock execute ...
```

### Edit current configuration in your favorite editor
Unitctl can fetch the configuration from a running instance of Unit and
load it in any number of preconfigured editors on your command line.

Unitctl will try to use whatever editor is configured with the `EDITOR`
environment variable, but will default to vim, emacs, nano, vi, or pico.

```
$ unitctl edit
[[EDITOR LOADS SHOWING CURRENT CONFIGURATION - USER EDITS AND SAVES]]

{
  "success": "Reconfiguration done."
}
```

*Note:* This command does not support operating on multiple instances of Unit at once.

### Import configuration, certificates, and NJS modules from directory
Unitctl will parse existing configuration, certificates, and NJS modules
stored in a directory and convert them into a payload to reconfigure a
given Unit daemon.

```
$ unitctl import /opt/unit/config
Imported /opt/unit/config/certificates/snake.pem -> /certificates/snake.pem
Imported /opt/unit/config/hello.js -> /js_modules/hello.js
Imported /opt/unit/config/put.json -> /config
Imported 3 files
```

### Export configuration from a running Unit instance
Unitctl will query a control API to fetch running configuration
and NJS modules from a Unit process. Due to a technical limitation
this output will not contain currently stored certificate bundles.
The output is saved as a tarball at the filename given with the `-f`
argument. Standard out may be used with `-f -` as shown in the
following examples.

```
$ unitctl export -f config.tar
$ unitctl export -f -
$ unitctl export -f - | tar xf - config.json
$ unitctl export -f - > config.tar
```

*Note:* The exported configuration omits certificates.

*Note:* This command does not support operating on multiple instances of Unit at once.

### Wait for socket to become available
All commands support waiting on unix sockets for availability.

```
$ unitctl --wait-timeout-seconds=3 --wait-max-tries=4 import /opt/unit/config`
Waiting for 3s control socket to be available try 2/4...
Waiting for 3s control socket to be available try 3/4...
Waiting for 3s control socket to be available try 4/4...
Timeout waiting for unit to start has been exceeded
```