diff options
Diffstat (limited to 'tools')
-rw-r--r-- | tools/README.md | 22 | ||||
-rwxr-xr-x | tools/unitc | 104 |
2 files changed, 98 insertions, 28 deletions
diff --git a/tools/README.md b/tools/README.md index 1a631e10..883bc107 100644 --- a/tools/README.md +++ b/tools/README.md @@ -37,12 +37,16 @@ web page with NGINX Unit. | _HTTP method_ | It is usually not required to specify a HTTP method. `GET` is used to read the configuration. `PUT` is used when making configuration changes unless a specific method is provided. | `edit` | Opens **URI** in the default editor for interactive configuration. The [jq](https://stedolan.github.io/jq/) tool is required for this option. | `INSERT` | A _virtual_ HTTP method that prepends data when the URI specifies an existing array. The [jq](https://stedolan.github.io/jq/) tool is required for this option. +| `-f` \| `--format YAML` | Convert configuration data to/from YAML format. The [yq](https://github.com/mikefarah/yq) tool is required for this option. | `-q` \| `--quiet` | No output to stdout. Options are case insensitive and can appear in any order. For example, a redundant part of the configuration can be identified by its URI, and followed by `delete` in a subsequent command. +Options may be combined. For example, `edit -f yaml` will open the +configuration URI in a text editor, in YAML format. + ### Local Configuration For local instances of Unit, the control socket is automatically detected. The error log is monitored; when changes occur, new log entries are shown. @@ -51,10 +55,9 @@ The error log is monitored; when changes occur, new log entries are shown. |---------|-| | `-l` \| `--nolog` | Do not monitor the error log after configuration changes. -#### Examples +#### Local Examples ```shell unitc /config -unitc /control/applications/my_app/restart unitc /config < unitconf.json echo '{"*:8080": {"pass": "routes"}}' | unitc /config/listeners unitc /config/applications/my_app DELETE @@ -64,10 +67,12 @@ unitc /certificates/bundle cert.pem key.pem ### Remote Configuration For remote instances of NGINX Unit, the control socket on the remote host can be set with the `$UNIT_CTRL` environment variable. The remote control socket -can be accessed over TCP or SSH, depending on the type of control socket: +can be accessed over TCP, SSH, or Docker containers on the host, depending on +the type of control socket: * `ssh://[user@]remote_host[:ssh_port]/path/to/control.socket` * `http://remote_host:unit_control_port` + * `docker://container_ID[/path/to/control.socket]` > **Note:** SSH is recommended for remote confguration. Consider the > [security implications](https://unit.nginx.org/howto/security/#secure-socket-and-state) @@ -77,8 +82,9 @@ can be accessed over TCP or SSH, depending on the type of control socket: |---------|-| | `ssh://…` | Specify the remote Unix control socket on the command line. | `http://…`*URI* | For remote TCP control sockets, the URI may include the protocol, hostname, and port. +| `docker://…` | Specify the local container ID/name. The default Unix control socket can be overridden. -#### Examples +#### Remote Examples ```shell unitc http://192.168.0.1:8080/status UNIT_CTRL=http://192.168.0.1:8080 unitc /status @@ -89,4 +95,12 @@ cat catchall_route.json | unitc POST /config/routes echo '{"match":{"uri":"/wp-admin/*"},"action":{"return":403}}' | unitc INSERT /config/routes ``` +#### Docker Examples +```shell +unitc docker://d43251184c54 /config +echo '{"http": {"log_route": true}}' | unitc docker://d43251184c54 /settings +unitc docker://f4f3d9e918e6/root/unit.sock /control/applications/my_app/restart +UNIT_CTRL=docker://4d0431488982 unitc /status/requests/total +``` + --- diff --git a/tools/unitc b/tools/unitc index 877e11d4..4ab5f663 100755 --- a/tools/unitc +++ b/tools/unitc @@ -10,14 +10,39 @@ REMOTE=0 SHOW_LOG=1 NOLOG=0 QUIET=0 +CONVERT=0 URI="" -SSH_CMD="" +RPC_CMD="" METHOD=PUT CONF_FILES=() while [ $# -gt 0 ]; do OPTION=$(echo $1 | tr '[a-z]' '[A-Z]') case $OPTION in + "-F" | "--FORMAT") + case $(echo $2 | tr '[a-z]' '[A-Z]') in + "YAML") + CONVERT=1 + if hash yq 2> /dev/null; then + CONVERT_TO_JSON="yq eval -P --output-format=json" + CONVERT_FROM_JSON="yq eval -P --output-format=yaml" + else + echo "${0##*/}: ERROR: yq(1) is required to use YAML format; install at <https://github.com/mikefarah/yq#install>" + exit 1 + fi + ;; + "") + echo "${0##*/}: ERROR: Must specify configuration format" + exit 1 + ;; + *) + echo "${0##*/}: ERROR: Invalid format ($2)" + exit 1 + ;; + esac + shift; shift + ;; + "-H" | "--HELP") shift ;; @@ -45,15 +70,25 @@ while [ $# -gt 0 ]; do *) if [ -f $1 ] && [ -r $1 ]; then CONF_FILES+=($1) + if [ "${1##*.}" = "yaml" ]; then + echo "${0##*/}: INFO: converting $1 to JSON" + shift; set -- "--format" "yaml" "$@" # Apply the command line option + else + shift + fi elif [ "${1:0:1}" = "/" ] || [ "${1:0:4}" = "http" ] && [ "$URI" = "" ]; then URI=$1 + shift elif [ "${1:0:6}" = "ssh://" ]; then UNIT_CTRL=$1 + shift + elif [ "${1:0:9}" = "docker://" ]; then + UNIT_CTRL=$1 + shift else echo "${0##*/}: ERROR: Invalid option ($1)" exit 1 fi - shift ;; esac done @@ -67,23 +102,26 @@ USAGE: ${0##*/} [options] URI • URI is for Unit's control API target, e.g. /config • A local Unit control socket is detected unless a remote one is specified. • Configuration data is read from stdin. +• All options are case-insensitive (excluding filenames and URIs). General options - filename … # Read configuration data from files instead of stdin - HTTP method # Default=GET, or PUT with config data (case-insensitive) - EDIT # Opens the URI contents in \$EDITOR - INSERT # Virtual HTTP method to prepend data to an existing array - -q | --quiet # No output to stdout + filename … # Read configuration data from files instead of stdin + HTTP method # Default=GET, or PUT when config data is present + EDIT # Opens the URI contents in \$EDITOR + INSERT # Virtual HTTP method; prepend data to an array + -f | --format YAML # Convert configuration data to/from YAML format + -q | --quiet # No output to stdout Local options - -l | --nolog # Do not monitor the error log after applying config changes + -l | --nolog # Do not monitor the Unit log file after config changes Remote options ssh://[user@]remote_host[:port]/path/to/control.socket # Remote Unix socket http://remote_host:port/URI # Remote TCP socket + docker://container_ID[/non-default/control.socket] # Container on host - A remote Unit control socket may also be defined with the \$UNIT_CTRL - environment variable as http://remote_host:port -OR- ssh://… (as above) + A remote Unit instance may also be defined with the \$UNIT_CTRL environment + variable as http://remote_host:port or ssh://… or docker://… (as above). __EOF__ exit 1 @@ -99,8 +137,16 @@ if [ "$UNIT_CTRL" = "" ]; then fi elif [ "${UNIT_CTRL:0:6}" = "ssh://" ]; then REMOTE=1 - SSH_CMD="ssh $(echo $UNIT_CTRL | cut -f1-3 -d/)" + RPC_CMD="ssh $(echo $UNIT_CTRL | cut -f1-3 -d/)" UNIT_CTRL="--unix-socket /$(echo $UNIT_CTRL | cut -f4- -d/) _" +elif [ "${UNIT_CTRL:0:9}" = "docker://" ]; then + RPC_CMD="docker exec -i $(echo $UNIT_CTRL | cut -f3 -d/)" + DOCKSOCK=/$(echo "$UNIT_CTRL" | cut -f4- -d/) + if [ "$DOCKSOCK" = "/" ]; then + DOCKSOCK="/var/run/control.unit.sock" # Use default location if no path + fi + UNIT_CTRL="--unix-socket $DOCKSOCK _" + REMOTE=1 elif [ "${URI:0:1}" = "/" ]; then REMOTE=1 fi @@ -186,7 +232,9 @@ fi # Choose presentation style # if [ $QUIET -eq 1 ]; then - OUTPUT="head -c 0" # Equivalent to >/dev/null + OUTPUT="tail -c 0" # Equivalent to >/dev/null +elif [ $CONVERT -eq 1 ]; then + OUTPUT=$CONVERT_FROM_JSON elif hash jq 2> /dev/null; then OUTPUT="jq" else @@ -205,11 +253,11 @@ fi # if [ -t 0 ] && [ ${#CONF_FILES[@]} -eq 0 ]; then if [ "$METHOD" = "DELETE" ]; then - $SSH_CMD curl -X $METHOD $UNIT_CTRL$URI 2> /tmp/${0##*/}.$$ | $OUTPUT + $RPC_CMD curl -X $METHOD $UNIT_CTRL$URI 2> /tmp/${0##*/}.$$ | $OUTPUT elif [ "$METHOD" = "EDIT" ]; then EDITOR=$(test "$EDITOR" && printf '%s' "$EDITOR" || command -v editor || command -v vim || echo vi) EDIT_FILENAME=/tmp/${0##*/}.$$${URI//\//_} - $SSH_CMD curl -fsS $UNIT_CTRL$URI > $EDIT_FILENAME || exit 2 + $RPC_CMD curl -fsS $UNIT_CTRL$URI > $EDIT_FILENAME || exit 2 if [ "${URI:0:12}" = "/js_modules/" ]; then if ! hash jq 2> /dev/null; then echo "${0##*/}: ERROR: jq(1) is required to edit JavaScript modules; install at <https://stedolan.github.io/jq/>" @@ -219,19 +267,23 @@ if [ -t 0 ] && [ ${#CONF_FILES[@]} -eq 0 ]; then EDIT_FILE=$EDIT_FILENAME.js $EDITOR $EDIT_FILENAME.js || exit 2 # Remove the references, delete old config, push new config+reference - $SSH_CMD curl -fsS $UNIT_CTRL/config/settings/js_module > /tmp/${0##*/}.$$_js_module && \ - $SSH_CMD curl -X DELETE $UNIT_CTRL/config/settings/js_module && \ - $SSH_CMD curl -fsSX DELETE $UNIT_CTRL$URI 2> /tmp/${0##*/}.$$ && \ - printf "%s" "$(< $EDIT_FILENAME.js)" | $SSH_CMD curl -fX PUT --data-binary @- $UNIT_CTRL$URI 2> /tmp/${0##*/}.$$ && \ - $SSH_CMD curl -X PUT --data-binary @/tmp/${0##*/}.$$_js_module $UNIT_CTRL/config/settings/js_module 2> /tmp/${0##*/}.$$ + $RPC_CMD curl -fsS $UNIT_CTRL/config/settings/js_module > /tmp/${0##*/}.$$_js_module && \ + $RPC_CMD curl -X DELETE $UNIT_CTRL/config/settings/js_module && \ + $RPC_CMD curl -fsSX DELETE $UNIT_CTRL$URI 2> /tmp/${0##*/}.$$ && \ + printf "%s" "$(< $EDIT_FILENAME.js)" | $RPC_CMD curl -fX PUT --data-binary @- $UNIT_CTRL$URI 2> /tmp/${0##*/}.$$ && \ + cat /tmp/${0##*/}.$$_js_module | $RPC_CMD curl -X PUT --data-binary @- $UNIT_CTRL/config/settings/js_module 2> /tmp/${0##*/}.$$ + elif [ $CONVERT -eq 1 ]; then + $CONVERT_FROM_JSON < $EDIT_FILENAME > $EDIT_FILENAME.yaml + $EDITOR $EDIT_FILENAME.yaml || exit 2 + $CONVERT_TO_JSON < $EDIT_FILENAME.yaml | $RPC_CMD curl -X PUT --data-binary @- $UNIT_CTRL$URI 2> /tmp/${0##*/}.$$ | $OUTPUT else tr -d '\r' < $EDIT_FILENAME > $EDIT_FILENAME.json # Remove carriage-return from newlines $EDITOR $EDIT_FILENAME.json || exit 2 - $SSH_CMD curl -X PUT --data-binary @$EDIT_FILENAME.json $UNIT_CTRL$URI 2> /tmp/${0##*/}.$$ | $OUTPUT + cat $EDIT_FILENAME.json | $RPC_CMD curl -X PUT --data-binary @- $UNIT_CTRL$URI 2> /tmp/${0##*/}.$$ | $OUTPUT fi else SHOW_LOG=$(echo $URI | grep -c ^/control/) - $SSH_CMD curl $UNIT_CTRL$URI 2> /tmp/${0##*/}.$$ | $OUTPUT + $RPC_CMD curl $UNIT_CTRL$URI 2> /tmp/${0##*/}.$$ | $OUTPUT fi else if [ "$METHOD" = "INSERT" ]; then @@ -241,15 +293,19 @@ else fi NEW_ELEMENT=$(cat ${CONF_FILES[@]}) echo $NEW_ELEMENT | jq > /dev/null || exit $? # Test the input is valid JSON before proceeding - OLD_ARRAY=$($SSH_CMD curl -s $UNIT_CTRL$URI) + OLD_ARRAY=$($RPC_CMD curl -s $UNIT_CTRL$URI) if [ "$(echo $OLD_ARRAY | jq -r type)" = "array" ]; then - echo $OLD_ARRAY | jq ". |= [$NEW_ELEMENT] + ." | $SSH_CMD curl -X PUT --data-binary @- $UNIT_CTRL$URI 2> /tmp/${0##*/}.$$ | $OUTPUT + echo $OLD_ARRAY | jq ". |= [$NEW_ELEMENT] + ." | $RPC_CMD curl -X PUT --data-binary @- $UNIT_CTRL$URI 2> /tmp/${0##*/}.$$ | $OUTPUT else echo "${0##*/}: ERROR: the INSERT method expects an array" exit 3 fi else - cat ${CONF_FILES[@]} | $SSH_CMD curl -X $METHOD --data-binary @- $UNIT_CTRL$URI 2> /tmp/${0##*/}.$$ | $OUTPUT + if [ $CONVERT -eq 1 ]; then + cat ${CONF_FILES[@]} | $CONVERT_TO_JSON > /tmp/${0##*/}.$$_json + CONF_FILES=(/tmp/${0##*/}.$$_json) + fi + cat ${CONF_FILES[@]} | $RPC_CMD curl -X $METHOD --data-binary @- $UNIT_CTRL$URI 2> /tmp/${0##*/}.$$ | $OUTPUT fi fi |