From f9e662675eecbcb69590daf14f705ff378041cb0 Mon Sep 17 00:00:00 2001 From: Fabrizio Fiorucci Date: Fri, 7 Feb 2025 16:50:04 +0000 Subject: [PATCH] Renamed demo, updated and tested with NIM 2.19.0 --- README.md | 2 +- .../Dockerfile.automated | 23 +--------------- .../Dockerfile.manual | 19 +------------ .../README.md | 6 ++-- .../container/startNIM.sh | 0 .../contrib/docker-compose/.env | 0 .../contrib/docker-compose/README.md | 0 .../docker-compose/docker-compose.yaml | 0 ...GINX_NIM2_Telemetry_Grafana_Dashboard.json | 0 .../contrib/grafana/README.md | 0 .../contrib/grafana/clickhouse-datasource.png | Bin .../contrib/grafana/grafana-dashboard.png | Bin .../helm-installer/NGINX-NMS-Installer.sh | 0 .../contrib/helm-installer/README.md | 0 .../contrib/pvc-provisioner/README.md | 0 .../pvc-provisioner/dynamic-nfs-storage.yaml | 0 .../contrib/pvc-provisioner/test-delete.yaml | 0 .../contrib/pvc-provisioner/test-retain.yaml | 0 .../manifests/0.clickhouse.yaml | 0 .../manifests/1.nginx-nim.yaml | 0 .../manifests/2.grafana.yaml | 0 .../manifests/3.vs.yaml | 0 .../manifests/certs/cert-install.sh | 0 .../manifests/certs/nim2.f5.ff.lan.cnf | 0 .../manifests/configmaps/config.xml | 0 .../manifests/configmaps/users.xml | 0 .../nim-files/.placeholder | 0 .../scripts/buildNIM.sh | 26 +++++------------- .../scripts/nimDockerStart.sh | 0 29 files changed, 13 insertions(+), 63 deletions(-) rename {nginx-nms-docker => nginx-nim-docker}/Dockerfile.automated (62%) rename {nginx-nms-docker => nginx-nim-docker}/Dockerfile.manual (65%) rename {nginx-nms-docker => nginx-nim-docker}/README.md (95%) rename {nginx-nms-docker => nginx-nim-docker}/container/startNIM.sh (100%) rename {nginx-nms-docker => nginx-nim-docker}/contrib/docker-compose/.env (100%) rename {nginx-nms-docker => nginx-nim-docker}/contrib/docker-compose/README.md (100%) rename {nginx-nms-docker => nginx-nim-docker}/contrib/docker-compose/docker-compose.yaml (100%) rename {nginx-nms-docker => nginx-nim-docker}/contrib/grafana/NGINX_NIM2_Telemetry_Grafana_Dashboard.json (100%) rename {nginx-nms-docker => nginx-nim-docker}/contrib/grafana/README.md (100%) rename {nginx-nms-docker => nginx-nim-docker}/contrib/grafana/clickhouse-datasource.png (100%) rename {nginx-nms-docker => nginx-nim-docker}/contrib/grafana/grafana-dashboard.png (100%) rename {nginx-nms-docker => nginx-nim-docker}/contrib/helm-installer/NGINX-NMS-Installer.sh (100%) rename {nginx-nms-docker => nginx-nim-docker}/contrib/helm-installer/README.md (100%) rename {nginx-nms-docker => nginx-nim-docker}/contrib/pvc-provisioner/README.md (100%) rename {nginx-nms-docker => nginx-nim-docker}/contrib/pvc-provisioner/dynamic-nfs-storage.yaml (100%) rename {nginx-nms-docker => nginx-nim-docker}/contrib/pvc-provisioner/test-delete.yaml (100%) rename {nginx-nms-docker => nginx-nim-docker}/contrib/pvc-provisioner/test-retain.yaml (100%) rename {nginx-nms-docker => nginx-nim-docker}/manifests/0.clickhouse.yaml (100%) rename {nginx-nms-docker => nginx-nim-docker}/manifests/1.nginx-nim.yaml (100%) rename {nginx-nms-docker => nginx-nim-docker}/manifests/2.grafana.yaml (100%) rename {nginx-nms-docker => nginx-nim-docker}/manifests/3.vs.yaml (100%) rename {nginx-nms-docker => nginx-nim-docker}/manifests/certs/cert-install.sh (100%) rename {nginx-nms-docker => nginx-nim-docker}/manifests/certs/nim2.f5.ff.lan.cnf (100%) rename {nginx-nms-docker => nginx-nim-docker}/manifests/configmaps/config.xml (100%) rename {nginx-nms-docker => nginx-nim-docker}/manifests/configmaps/users.xml (100%) rename {nginx-nms-docker => nginx-nim-docker}/nim-files/.placeholder (100%) rename {nginx-nms-docker => nginx-nim-docker}/scripts/buildNIM.sh (78%) rename {nginx-nms-docker => nginx-nim-docker}/scripts/nimDockerStart.sh (100%) diff --git a/README.md b/README.md index 34a77d88..0734397d 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ utilizing *fleet* and *etcd*. * **nginx-hello-nonroot**: NGINX running as webserver with non root privilege in a docker container that serves a simple page containing the container's hostname, IP address and port -* **nginx-nms-docker**: This demo helps building a docker image to deploy NGINX Management Suite on containers without Helm. A helper script is provided for Helm deployments +* **nginx-nim-docker**: This demo helps building a docker image for NGINX Instance Manager * **nginx-openstack-heat**: Shows how to deploy and configure NGINX Plus to load balance a simple web application in OpenStack using Heat. Also the demo shows how NGINX Plus can be reconfigured so that diff --git a/nginx-nms-docker/Dockerfile.automated b/nginx-nim-docker/Dockerfile.automated similarity index 62% rename from nginx-nms-docker/Dockerfile.automated rename to nginx-nim-docker/Dockerfile.automated index 82b0d6bd..d5daba19 100644 --- a/nginx-nms-docker/Dockerfile.automated +++ b/nginx-nim-docker/Dockerfile.automated @@ -1,7 +1,5 @@ -FROM ubuntu:24.04 +FROM ubuntu:20.04 -ARG BUILD_WITH_SECONDSIGHT=false -ARG ADD_SM ARG ADD_PUM # Initial setup @@ -23,9 +21,6 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && apt-get update \ && apt-get install -y nms-instance-manager \ && curl -s http://hg.nginx.org/nginx.org/raw-file/tip/xml/en/security_advisories.xml > /usr/share/nms/cve.xml \ - # Optional Security Monitoring - && if [ "${ADD_SM}" = "true" ] ; then \ - apt-get -y install nms-sm; fi \ # Optional WAF Policy Compiler && if [ ! -z "${ADD_PUM}" ] ; then \ apt-get -y install nms-nap-compiler-$ADD_PUM; fi \ @@ -34,21 +29,5 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_`dpkg --print-architecture` -O /usr/bin/yq \ && chmod +x /usr/bin/yq -# Optional Second Sight -WORKDIR /deployment -RUN if [ "$BUILD_WITH_SECONDSIGHT" = "true" ] ; then \ - apt-get install -y -q build-essential python3-pip python3-dev python3-simplejson git nano curl && \ - pip3 install fastapi uvicorn requests clickhouse-driver python-dateutil flask && \ - touch /deployment/counter.enabled && \ - git clone https://github.com/F5Networks/SecondSight && \ - cp SecondSight/f5tt/app.py . && \ - cp SecondSight/f5tt/bigiq.py . && \ - cp SecondSight/f5tt/cveDB.py . && \ - cp SecondSight/f5tt/f5ttCH.py . && \ - cp SecondSight/f5tt/f5ttfs.py . && \ - cp SecondSight/f5tt/nms.py . && \ - cp SecondSight/f5tt/utils.py . && \ - rm -rf SecondSight; fi - WORKDIR /deployment CMD /deployment/startNIM.sh diff --git a/nginx-nms-docker/Dockerfile.manual b/nginx-nim-docker/Dockerfile.manual similarity index 65% rename from nginx-nms-docker/Dockerfile.manual rename to nginx-nim-docker/Dockerfile.manual index afb6dac1..b09700ac 100644 --- a/nginx-nms-docker/Dockerfile.manual +++ b/nginx-nim-docker/Dockerfile.manual @@ -1,7 +1,6 @@ -FROM ubuntu:24.04 +FROM ubuntu:20.04 ARG NIM_DEBFILE -ARG BUILD_WITH_SECONDSIGHT=false ARG SM_IMAGE=nim-files/.placeholder ARG PUM_IMAGE=nim-files/.placeholder @@ -37,21 +36,5 @@ RUN apt-get -y install /deployment/setup/nim.deb && \ && chmod +x /usr/bin/yq \ && rm -r /deployment/setup -# Optional Second Sight -WORKDIR /deployment -RUN if [ "$BUILD_WITH_SECONDSIGHT" = "true" ] ; then \ - apt-get install -y -q build-essential python3-pip python3-dev python3-simplejson git nano curl && \ - pip3 install fastapi uvicorn requests clickhouse-driver python-dateutil flask && \ - touch /deployment/counter.enabled && \ - git clone https://github.com/F5Networks/SecondSight && \ - cp SecondSight/f5tt/app.py . && \ - cp SecondSight/f5tt/bigiq.py . && \ - cp SecondSight/f5tt/cveDB.py . && \ - cp SecondSight/f5tt/f5ttCH.py . && \ - cp SecondSight/f5tt/f5ttfs.py . && \ - cp SecondSight/f5tt/nms.py . && \ - cp SecondSight/f5tt/utils.py . && \ - rm -rf SecondSight; fi - WORKDIR /deployment CMD /deployment/startNIM.sh diff --git a/nginx-nms-docker/README.md b/nginx-nim-docker/README.md similarity index 95% rename from nginx-nms-docker/README.md rename to nginx-nim-docker/README.md index 207f7c5c..801d57d4 100644 --- a/nginx-nms-docker/README.md +++ b/nginx-nim-docker/README.md @@ -16,9 +16,9 @@ The image can optionally be built with [Second Sight](https://github.com/F5Netwo This repository has been tested on `amd64` and `arm64` architectures with: -- NGINX Instance Manager 2.4.0, 2.5.0, 2.5.1, 2.6.0, 2.7.0, 2.8.0, 2.9.0, 2.9.1, 2.10.0, 2.10.1, 2.11.0, 2.12.0, 2.13.0, 2.13.1, 2.14.0, 2.14.1, 2.15.0, 2.15.1, 2.16.0, 2.17.0, 2.17.1, 2.17.2, 2.17.3, 2.18.0 -- Security Monitoring 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.7.1 -- NGINX App Protect WAF compiler v3.1088.2, v4.100.1, v4.2.0, v4.218.0, v4.279.0, v4.402.0, v4.457.0, v4.583.0, v4.641.0, v4.762.0, v4.815.0, v5.17.0, v5.48.0 +- NGINX Instance Manager 2.4.0+ +- Security Monitoring 1.0.0+ +- NGINX App Protect WAF compiler v3.1088.2+ ## Prerequisites diff --git a/nginx-nms-docker/container/startNIM.sh b/nginx-nim-docker/container/startNIM.sh similarity index 100% rename from nginx-nms-docker/container/startNIM.sh rename to nginx-nim-docker/container/startNIM.sh diff --git a/nginx-nms-docker/contrib/docker-compose/.env b/nginx-nim-docker/contrib/docker-compose/.env similarity index 100% rename from nginx-nms-docker/contrib/docker-compose/.env rename to nginx-nim-docker/contrib/docker-compose/.env diff --git a/nginx-nms-docker/contrib/docker-compose/README.md b/nginx-nim-docker/contrib/docker-compose/README.md similarity index 100% rename from nginx-nms-docker/contrib/docker-compose/README.md rename to nginx-nim-docker/contrib/docker-compose/README.md diff --git a/nginx-nms-docker/contrib/docker-compose/docker-compose.yaml b/nginx-nim-docker/contrib/docker-compose/docker-compose.yaml similarity index 100% rename from nginx-nms-docker/contrib/docker-compose/docker-compose.yaml rename to nginx-nim-docker/contrib/docker-compose/docker-compose.yaml diff --git a/nginx-nms-docker/contrib/grafana/NGINX_NIM2_Telemetry_Grafana_Dashboard.json b/nginx-nim-docker/contrib/grafana/NGINX_NIM2_Telemetry_Grafana_Dashboard.json similarity index 100% rename from nginx-nms-docker/contrib/grafana/NGINX_NIM2_Telemetry_Grafana_Dashboard.json rename to nginx-nim-docker/contrib/grafana/NGINX_NIM2_Telemetry_Grafana_Dashboard.json diff --git a/nginx-nms-docker/contrib/grafana/README.md b/nginx-nim-docker/contrib/grafana/README.md similarity index 100% rename from nginx-nms-docker/contrib/grafana/README.md rename to nginx-nim-docker/contrib/grafana/README.md diff --git a/nginx-nms-docker/contrib/grafana/clickhouse-datasource.png b/nginx-nim-docker/contrib/grafana/clickhouse-datasource.png similarity index 100% rename from nginx-nms-docker/contrib/grafana/clickhouse-datasource.png rename to nginx-nim-docker/contrib/grafana/clickhouse-datasource.png diff --git a/nginx-nms-docker/contrib/grafana/grafana-dashboard.png b/nginx-nim-docker/contrib/grafana/grafana-dashboard.png similarity index 100% rename from nginx-nms-docker/contrib/grafana/grafana-dashboard.png rename to nginx-nim-docker/contrib/grafana/grafana-dashboard.png diff --git a/nginx-nms-docker/contrib/helm-installer/NGINX-NMS-Installer.sh b/nginx-nim-docker/contrib/helm-installer/NGINX-NMS-Installer.sh similarity index 100% rename from nginx-nms-docker/contrib/helm-installer/NGINX-NMS-Installer.sh rename to nginx-nim-docker/contrib/helm-installer/NGINX-NMS-Installer.sh diff --git a/nginx-nms-docker/contrib/helm-installer/README.md b/nginx-nim-docker/contrib/helm-installer/README.md similarity index 100% rename from nginx-nms-docker/contrib/helm-installer/README.md rename to nginx-nim-docker/contrib/helm-installer/README.md diff --git a/nginx-nms-docker/contrib/pvc-provisioner/README.md b/nginx-nim-docker/contrib/pvc-provisioner/README.md similarity index 100% rename from nginx-nms-docker/contrib/pvc-provisioner/README.md rename to nginx-nim-docker/contrib/pvc-provisioner/README.md diff --git a/nginx-nms-docker/contrib/pvc-provisioner/dynamic-nfs-storage.yaml b/nginx-nim-docker/contrib/pvc-provisioner/dynamic-nfs-storage.yaml similarity index 100% rename from nginx-nms-docker/contrib/pvc-provisioner/dynamic-nfs-storage.yaml rename to nginx-nim-docker/contrib/pvc-provisioner/dynamic-nfs-storage.yaml diff --git a/nginx-nms-docker/contrib/pvc-provisioner/test-delete.yaml b/nginx-nim-docker/contrib/pvc-provisioner/test-delete.yaml similarity index 100% rename from nginx-nms-docker/contrib/pvc-provisioner/test-delete.yaml rename to nginx-nim-docker/contrib/pvc-provisioner/test-delete.yaml diff --git a/nginx-nms-docker/contrib/pvc-provisioner/test-retain.yaml b/nginx-nim-docker/contrib/pvc-provisioner/test-retain.yaml similarity index 100% rename from nginx-nms-docker/contrib/pvc-provisioner/test-retain.yaml rename to nginx-nim-docker/contrib/pvc-provisioner/test-retain.yaml diff --git a/nginx-nms-docker/manifests/0.clickhouse.yaml b/nginx-nim-docker/manifests/0.clickhouse.yaml similarity index 100% rename from nginx-nms-docker/manifests/0.clickhouse.yaml rename to nginx-nim-docker/manifests/0.clickhouse.yaml diff --git a/nginx-nms-docker/manifests/1.nginx-nim.yaml b/nginx-nim-docker/manifests/1.nginx-nim.yaml similarity index 100% rename from nginx-nms-docker/manifests/1.nginx-nim.yaml rename to nginx-nim-docker/manifests/1.nginx-nim.yaml diff --git a/nginx-nms-docker/manifests/2.grafana.yaml b/nginx-nim-docker/manifests/2.grafana.yaml similarity index 100% rename from nginx-nms-docker/manifests/2.grafana.yaml rename to nginx-nim-docker/manifests/2.grafana.yaml diff --git a/nginx-nms-docker/manifests/3.vs.yaml b/nginx-nim-docker/manifests/3.vs.yaml similarity index 100% rename from nginx-nms-docker/manifests/3.vs.yaml rename to nginx-nim-docker/manifests/3.vs.yaml diff --git a/nginx-nms-docker/manifests/certs/cert-install.sh b/nginx-nim-docker/manifests/certs/cert-install.sh similarity index 100% rename from nginx-nms-docker/manifests/certs/cert-install.sh rename to nginx-nim-docker/manifests/certs/cert-install.sh diff --git a/nginx-nms-docker/manifests/certs/nim2.f5.ff.lan.cnf b/nginx-nim-docker/manifests/certs/nim2.f5.ff.lan.cnf similarity index 100% rename from nginx-nms-docker/manifests/certs/nim2.f5.ff.lan.cnf rename to nginx-nim-docker/manifests/certs/nim2.f5.ff.lan.cnf diff --git a/nginx-nms-docker/manifests/configmaps/config.xml b/nginx-nim-docker/manifests/configmaps/config.xml similarity index 100% rename from nginx-nms-docker/manifests/configmaps/config.xml rename to nginx-nim-docker/manifests/configmaps/config.xml diff --git a/nginx-nms-docker/manifests/configmaps/users.xml b/nginx-nim-docker/manifests/configmaps/users.xml similarity index 100% rename from nginx-nms-docker/manifests/configmaps/users.xml rename to nginx-nim-docker/manifests/configmaps/users.xml diff --git a/nginx-nms-docker/nim-files/.placeholder b/nginx-nim-docker/nim-files/.placeholder similarity index 100% rename from nginx-nms-docker/nim-files/.placeholder rename to nginx-nim-docker/nim-files/.placeholder diff --git a/nginx-nms-docker/scripts/buildNIM.sh b/nginx-nim-docker/scripts/buildNIM.sh similarity index 78% rename from nginx-nms-docker/scripts/buildNIM.sh rename to nginx-nim-docker/scripts/buildNIM.sh index 25307f8b..080a1e2d 100755 --- a/nginx-nms-docker/scripts/buildNIM.sh +++ b/nginx-nim-docker/scripts/buildNIM.sh @@ -1,13 +1,12 @@ #!/bin/bash -BANNER="NGINX Management Suite Docker image builder\n\n -This tool builds a Docker image to run NGINX Management Suite\n\n +BANNER="NGINX Instance Manager Docker image builder\n\n +This tool builds a Docker image to run NGINX Instance Manager\n\n === Usage:\n\n $0 [options]\n\n === Options:\n\n -h\t\t\t- This help\n --t [target image]\t- Docker image name to be created\n --s\t\t\t- Enable Second Sight (https://github.com/F5Networks/SecondSight/) - optional\n\n +-t [target image]\t- Docker image name to be created\n\n Manual build:\n\n -n [filename]\t\t- NGINX Instance Manager .deb package filename\n -w [filename]\t\t- Security Monitoring .deb package filename - optional\n @@ -16,7 +15,6 @@ Automated build:\n\n -i\t\t\t- Automated build - requires cert & key\n -C [file.crt]\t\t- Certificate file to pull packages from the official NGINX repository\n -K [file.key]\t\t- Key file to pull packages from the official NGINX repository\n --W\t\t\t- Enable Security Monitoring - optional\n -P [version]\t\t- Enable WAF policy compiler, version can be any [v3.1088.2|v4.100.1|v4.2.0|v4.218.0|v4.279.0|v4.402.0|v4.457.0|v4.583.0|v4.641|v4.762|v4.815.0|v5.17.0|v5.48.0|v5.144.0] - optional\n\n === Examples:\n\n Manual build:\n @@ -26,13 +24,10 @@ Manual build:\n \t\t-p nim-files/nms-nap-compiler-v4.815.0_4.815.0-1~focal_amd64.deb\n\n Automated build:\n \t$0 -i -C nginx-repo.crt -K nginx-repo.key \\\\\n -\t\t-W -P v5.144.0 -t my.registry.tld/nginx-nms:latest\n +\t\t-P v5.144.0 -t my.registry.tld/nginx-nms:latest\n " -# Defaults -COUNTER=false - -while getopts 'hn:w:p:t:siC:K:AWP:' OPTION +while getopts 'hn:w:p:t:siC:K:AP:' OPTION do case "$OPTION" in h) @@ -51,9 +46,6 @@ do t) IMGNAME=$OPTARG ;; - s) - COUNTER=true - ;; i) AUTOMATED_INSTALL=true ;; @@ -63,9 +55,6 @@ do K) NGINX_KEY=$OPTARG ;; - W) - ADD_SM=true - ;; P) ADD_PUM=$OPTARG ;; @@ -100,12 +89,11 @@ echo "==> Building NGINX Management Suite docker image" if [ -z "${AUTOMATED_INSTALL}" ] then - docker build --no-cache -f Dockerfile.manual --build-arg NIM_DEBFILE=$DEBFILE --build-arg BUILD_WITH_SECONDSIGHT=$COUNTER \ + docker build --no-cache -f Dockerfile.manual --build-arg NIM_DEBFILE=$DEBFILE \ --build-arg SM_IMAGE=$SM_IMAGE --build-arg PUM_IMAGE=$PUM_IMAGE -t $IMGNAME . else DOCKER_BUILDKIT=1 docker build --no-cache -f Dockerfile.automated --secret id=nginx-key,src=$NGINX_KEY --secret id=nginx-crt,src=$NGINX_CERT \ - --build-arg ADD_SM=$ADD_SM --build-arg ADD_PUM=$ADD_PUM \ - --build-arg BUILD_WITH_SECONDSIGHT=$COUNTER \ + --build-arg ADD_PUM=$ADD_PUM \ -t $IMGNAME . fi diff --git a/nginx-nms-docker/scripts/nimDockerStart.sh b/nginx-nim-docker/scripts/nimDockerStart.sh similarity index 100% rename from nginx-nms-docker/scripts/nimDockerStart.sh rename to nginx-nim-docker/scripts/nimDockerStart.sh