github
/
haproxy-wi
mirror of https://github.com/Aidaho12/haproxy-wi
1
0
Fork 0
Code Issues Releases Wiki Activity

v3.7 

ansible
pull/181/head
Pavel Loginov 2019-11-03 17:43:45 +03:00
parent 62ab7037fa
commit 0990588f52
22 changed files with 481 additions and 245 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/create_db.py
View File

@ -438,7 +438,7 @@ def update_db_v_3_5_3(**kwargs):
def update_ver(**kwargs):
con, cur = get_cur()
sql = """update version set version = '3.6.1'; """
sql = """update version set version = '3.7'; """
try:
cur.execute(sql)
con.commit()

53
app/funct.py
View File

@ -57,7 +57,8 @@ def logging(serv, action, **kwargs):
user_uuid = cookie.get('uuid')
login = sql.get_user_name_by_uuid(user_uuid.value)
except:
pass
IP = ''
login = kwargs.get('login')
if kwargs.get('alerting') == 1:
mess = get_data('date_in_log') + action + "\n"
@ -331,7 +332,6 @@ def rewrite_section(start_line, end_line, config, section):
def install_haproxy(serv, **kwargs):
import sql
script = "install_haproxy.sh"
tmp_config_path = sql.get_setting('tmp_config_path')
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
stats_port = sql.get_setting('stats_port')
server_state_file = sql.get_setting('server_state_file')
@ -339,44 +339,37 @@ def install_haproxy(serv, **kwargs):
stats_password = sql.get_setting('stats_password')
proxy = sql.get_setting('proxy')
hapver = kwargs.get('hapver')
fullpath = get_config_var('main', 'fullpath')
ssh_enable = ''
ssh_port = ''
ssh_user_name = ''
ssh_user_password = ''
for sshs in sql.select_ssh(serv=serv):
ssh_enable = sshs[3]
ssh_user_name = sshs[4]
ssh_user_password = sshs[5]
ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2]
os.system("cp scripts/%s ." % script)
proxy_serv = proxy if proxy is not None else ""
syn_flood_protect = '1' if kwargs.get('syn_flood') == "1" else ''
commands = [ "sudo chmod +x "+tmp_config_path+script+" && " +tmp_config_path+"/"+script +" PROXY=" + proxy_serv+
commands = [ "chmod +x "+script +" && ./"+script +" PROXY=" + proxy_serv+
" SOCK_PORT="+haproxy_sock_port+" STAT_PORT="+stats_port+" STAT_FILE="+server_state_file+
" STATS_USER="+stats_user+" STATS_PASS="+stats_password+" HAPVER="+hapver]
error = str(upload(serv, tmp_config_path, script))
" STATS_USER="+stats_user+" STATS_PASS="+stats_password+" HAPVER="+hapver +" SYN_FLOOD="+syn_flood_protect+" HOST="+serv+
" USER="+ssh_user_name+" PASS="+ssh_user_password+" KEY="+ssh_key_name ]
output, error = subprocess_execute(commands[0])
if error:
logging('localhost', error, haproxywi=1)
print('error: '+error)
os.system("rm -f %s" % script)
ssh_command(serv, commands, print_out="1")
if kwargs.get('syn_flood') == "1":
syn_flood_protect(serv)
def syn_flood_protect(serv, **kwargs):
import sql
script = "syn_flood_protect.sh"
tmp_config_path = sql.get_setting('tmp_config_path')
enable = "disable" if kwargs.get('enable') == "0" else "disable"
else:
print(output[0])
os.system("cp scripts/%s ." % script)
commands = [ "sudo chmod +x "+tmp_config_path+script, tmp_config_path+script+ " "+enable ]
error = str(upload(serv, tmp_config_path, script))
if error:
logging('localhost', error, haproxywi=1)
print('error: '+error)
os.system("rm -f %s" % script)
ssh_command(serv, commands, print_out="1")
def waf_install(serv, **kwargs):
import sql

66
app/options.py
View File

@ -65,6 +65,13 @@ if form.getvalue('ssh_cert'):
print('<div class="alert alert-danger">Can\'t save ssh keys file. Check ssh keys path in config</div>')
else:
print('<div class="alert alert-success">Ssh key was save into: %s </div>' % ssh_keys)
try:
cmd = 'chmod 600 %s' % ssh_keys
funct.subprocess_execute(cmd)
except IOError as e:
funct.logging('localhost', e.args[0], haproxywi=1)
try:
funct.logging("local", "users.py#ssh upload new ssh cert %s" % ssh_keys)
except:
@ -590,31 +597,56 @@ if serv is not None and act == "configShow":
if form.getvalue('master'):
master = form.getvalue('master')
slave = form.getvalue('slave')
interface = form.getvalue('interface')
vrrpip = form.getvalue('vrrpip')
tmp_config_path = sql.get_setting('tmp_config_path')
ETH = form.getvalue('interface')
IP = form.getvalue('vrrpip')
syn_flood = form.getvalue('syn_flood')
script = "install_keepalived.sh"
fullpath = funct.get_config_var('main', 'fullpath')
proxy = sql.get_setting('proxy')
ssh_enable = ''
ssh_port = ''
ssh_user_name = ''
ssh_user_password = ''
proxy_serv = proxy if proxy is not None else ""
for sshs in sql.select_ssh(serv=master):
ssh_enable = sshs[3]
ssh_user_name = sshs[4]
ssh_user_password = sshs[5]
ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2]
os.system("cp scripts/%s ." % script)
if form.getvalue('hap') == "1":
funct.install_haproxy(master)
funct.install_haproxy(slave)
funct.install_haproxy(master, syn_flood='1')
funct.install_haproxy(slave, syn_flood='1')
if form.getvalue('syn_flood') == "1":
funct.syn_flood_protect(master)
funct.syn_flood_protect(slave)
commands = [ "chmod +x "+script +" && ./"+script +" PROXY=" + proxy_serv+
" ETH="+ETH+" IP="+str(IP)+" MASTER=MASTER"+" HOST="+str(master)+
" USER="+str(ssh_user_name)+" PASS="+str(ssh_user_password)+" KEY="+str(ssh_key_name) ]
output, error = funct.subprocess_execute(commands[0])
os.system("cp scripts/%s ." % script)
error = str(funct.upload(master, tmp_config_path, script))
if error:
logging('localhost', error, haproxywi=1)
print('error: '+error)
sys.exit()
funct.upload(slave, tmp_config_path, script)
funct.ssh_command(master, ["sudo chmod +x "+tmp_config_path+script, tmp_config_path+script+" MASTER "+interface+" "+vrrpip])
funct.ssh_command(slave, ["sudo chmod +x "+tmp_config_path+script, tmp_config_path+script+" BACKUP "+interface+" "+vrrpip])
else:
print(output[0])
commands = [ "chmod +x "+script +" && ./"+script +" PROXY=" +proxy_serv+
" ETH="+ETH+" IP="+IP+" MASTER=BACKUP"+" HOST="+str(slave)+
" USER="+str(ssh_user_name)+" PASS="+str(ssh_user_password)+" KEY="+str(ssh_key_name) ]
output, error = funct.subprocess_execute(commands[0])
if error:
logging('localhost', error, haproxywi=1)
print('error: '+error)
else:
print(output[0])
os.system("rm -f %s" % script)
#os.system("rm -f %s" % script)
sql.update_server_master(master, slave)

6
app/scripts/ansible/roles/haproxy.yml Normal file
View File

@ -0,0 +1,6 @@
- hosts: "{{ variable_host }}"
become: yes
become_method: sudo
gather_facts: yes
roles:
- { role: haproxy }

5
app/scripts/ansible/roles/haproxy/defaults/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
haproxy_socket: /var/run/haproxy.sock
haproxy_chroot: /var/lib/haproxy
haproxy_user: haproxy
haproxy_group: haproxy

3
app/scripts/ansible/roles/haproxy/handlers/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
- name: restart haproxy
service: name=haproxy state=restarted

28
app/scripts/ansible/roles/haproxy/meta/main.yml Normal file
View File

@ -0,0 +1,28 @@
---
dependencies: []
galaxy_info:
author: Pavel Loginov
description: HAProxy installation and configuration.
company: "HAProxy-WI"
license: "license (BSD, MIT)"
min_ansible_version: 2.2
platforms:
- name: EL
versions:
- 6
- 7
- 8
- name: Ubuntu
versions:
- precise
- trusty
- xenial
- name: Debian
galaxy_tags:
- web
- networking
- cloud
- haproxy
- loadbalancer
- http

128
app/scripts/ansible/roles/haproxy/tasks/main.yml Normal file
View File

@ -0,0 +1,128 @@
---
- name: install HAProxy {{HAPVER}}
yum:
name:
- http://repo.haproxy-wi.org/haproxy-{{HAPVER}}.el6.x86_64.rpm
- socat
state: present
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and ansible_facts['distribution_major_version']|int == 6
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
- name: install HAProxy {{HAPVER}}
yum:
name:
- http://repo.haproxy-wi.org/haproxy-{{HAPVER}}.el7.x86_64.rpm
- socat
state: present
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and ansible_facts['distribution_major_version']|int == 7
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
- name: set_fact from wi`
set_fact:
haproxy_from_wi: "yes"
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and ansible_facts['distribution_major_version']|int == 7
- name: install the latest version of HAProxy
yum:
name:
- haproxy
- socat
state: latest
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and ansible_facts['distribution_major_version']|int != 7
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
- name: Install HAProxy
apt:
name:
- haproxy
- socat
state: present
when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu'
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
- name: Get HAProxy version.
command: haproxy -v
register: haproxy_version_result
changed_when: false
check_mode: false
- name: Set HAProxy version.
set_fact:
haproxy_version: "{{ '1.5' if '1.5.' in haproxy_version_result.stdout else '1.6' }}"
- name: Copy HAProxy configuration in place.
template:
src: haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
mode: 0644
validate: haproxy -f %s -c -q
notify: restart haproxy
- name: Change wrong HAProxy service file
template:
src: haproxy.service.j2
dest: /usr/lib/systemd/system/haproxy.service
mode: 0644
when: haproxy_from_wi is defined
- name: Enable and start service HAProxy
service:
name: haproxy
daemon_reload: yes
state: started
enabled: yes
ignore_errors: yes
- name: Enable net.ipv4.tcp_syncookies
sysctl:
name: net.ipv4.tcp_syncookies
value: '1'
sysctl_set: yes
state: present
reload: yes
when: (SYN_FLOOD is defined) and (SYN_FLOOD|length > 0)
- name: net.ipv4.conf.all.rp_filter
sysctl:
name: net.ipv4.conf.all.rp_filter
value: '1'
sysctl_set: yes
state: present
reload: yes
when: (SYN_FLOOD is defined) and (SYN_FLOOD|length > 0)
- name: Enable net.ipv4.tcp_max_syn_backlog
sysctl:
name: net.ipv4.tcp_max_syn_backlog
value: '1024'
sysctl_set: yes
state: present
reload: yes
when: (SYN_FLOOD is defined) and (SYN_FLOOD|length > 0)
- name: Enable net.ipv4.tcp_synack_retries
sysctl:
name: net.ipv4.tcp_synack_retries
value: '3'
sysctl_set: yes
state: present
reload: yes
when: (SYN_FLOOD is defined) and (SYN_FLOOD|length > 0)

40
app/scripts/ansible/roles/haproxy/templates/haproxy.cfg.j2 Normal file
View File

@ -0,0 +1,40 @@
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
stats socket *:{{SOCK_PORT}} level admin
stats socket /var/run/haproxy.sock mode 600 level admin
{% if haproxy_version == '1.6' %}
server-state-file {{STAT_FILE}}
{% endif %}
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen stats
bind *:{{STAT_PORT}}
stats enable
stats uri /stats
stats realm HAProxy-04\ Statistics
stats auth {{STATS_USER}}:{{STATS_PASS}}
stats admin if TRUE

37
app/scripts/ansible/roles/haproxy/templates/haproxy.service.j2 Normal file
View File

@ -0,0 +1,37 @@
[Unit]
Description=HAProxy Load Balancer
After=network.target
[Service]
EnvironmentFile=-/etc/default/haproxy
EnvironmentFile=-/etc/sysconfig/haproxy
Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock"
ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS
ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS
ExecReload=/usr/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed
Restart=always
SuccessExitStatus=143
Type=notify
# The following lines leverage SystemD's sandboxing options to provide
# defense in depth protection at the expense of restricting some flexibility
# in your setup (e.g. placement of your configuration files) or possibly
# reduced performance. See systemd.service(5) and systemd.exec(5) for further
# information.
# NoNewPrivileges=true
# ProtectHome=true
# If you want to use 'ProtectSystem=strict' you should whitelist the PIDFILE,
# any state files and any other files written using 'ReadWritePaths' or
# 'RuntimeDirectory'.
# ProtectSystem=true
# ProtectKernelTunables=true
# ProtectKernelModules=true
# ProtectControlGroups=true
# If your SystemD version supports them, you can add: @reboot, @swap, @sync
# SystemCallFilter=~@cpu-emulation @keyring @module @obsolete @raw-io
[Install]
WantedBy=multi-user.target

6
app/scripts/ansible/roles/keepalived.yml Normal file
View File

@ -0,0 +1,6 @@
- hosts: "{{ variable_host }}"
become: yes
become_method: sudo
gather_facts: yes
roles:
- { role: keepalived }

2
app/scripts/ansible/roles/keepalived/defaults/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
MASTER: MASTER

3
app/scripts/ansible/roles/keepalived/handlers/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
- name: restart keepalived
service: name=keepalived state=restarted

28
app/scripts/ansible/roles/keepalived/meta/main.yml Normal file
View File

@ -0,0 +1,28 @@
---
dependencies: []
galaxy_info:
author: Pavel Loginov
description: Keepalived installation and configuration.
company: "HAProxy-WI"
license: "Apache 2"
min_ansible_version: 2.2
platforms:
- name: EL
versions:
- 6
- 7
- 8
- name: Ubuntu
versions:
- precise
- trusty
- xenial
- name: Debian
galaxy_tags:
- web
- networking
- cloud
- haproxy
- loadbalancer
- http

39
app/scripts/ansible/roles/keepalived/tasks/main.yml Normal file
View File

@ -0,0 +1,39 @@
---
- name: install the latest version of Keepalived
yum:
name:
- keepalived
state: latest
when: ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
- name: Install keepalived
apt:
name:
- keepalived
state: present
when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu'
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
- name: Copy keepalived configuration in place.
template:
src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
mode: 0644
notify: restart keepalived
- name: Enable and start service keepalived
service:
name: keepalived
daemon_reload: yes
state: started
enabled: yes
ignore_errors: yes

29
app/scripts/ansible/roles/keepalived/templates/keepalived.conf.j2 Normal file
View File

@ -0,0 +1,29 @@
global_defs {
router_id LVS_DEVEL
}
#health-check for keepalive
vrrp_script chk_haproxy {
script "pidof haproxy"
interval 2
weight 3
}
vrrp_instance VI_1 {
state {{MASTER}}
interface {{ETH}}
virtual_router_id 100
priority 102
#check if we are still running
track_script {
chk_haproxy
}
advert_int 1
authentication {
auth_type PASS
auth_pass VerySecretPass
}
virtual_ipaddress {
{{IP}}
}
}

110
app/scripts/install_haproxy.sh
View File

@ -12,108 +12,30 @@ do
STAT_FILE) STAT_FILE=${VALUE} ;;
STATS_USER) STATS_USER=${VALUE} ;;
STATS_PASS) STATS_PASS=${VALUE} ;;
STAT_FILE) STAT_FILE=${VALUE} ;;
HAPVER) HAPVER=${VALUE} ;;
HOST) HOST=${VALUE} ;;
USER) USER=${VALUE} ;;
PASS) PASS=${VALUE} ;;
KEY) KEY=${VALUE} ;;
SYN_FLOOD) SYN_FLOOD=${VALUE} ;;
*)
esac
done
export ANSIBLE_HOST_KEY_CHECKING=False
PWD=`pwd`
PWD=$PWD/scripts/ansible/
echo $HOST > $PWD/$HOST
if [[ $PROXY != "" ]]
then
export http_proxy="$PROXY"
export https_proxy="$PROXY"
fi
if [ $? -eq 1 ]
then
sudo yum install wget socat -y > /dev/null
sudo wget https://repo.haproxy-wi.org/haproxy-$HAPVER.el7.x86_64.rpm --no-check-certificate
fi
if [ -f /etc/haproxy/haproxy.cfg ];then
echo -e 'Info: Haproxy already installed. You can edit config<a href="/app/config.py" title="Edit HAProxy config">here</a> <br /><br />'
exit 1
fi
set +x
if hash apt-get 2>/dev/null; then
sudo apt-get install haproxy socat -y
else
sudo wget https://repo.haproxy-wi.org/haproxy-$HAPVER.el7.x86_64.rpm --no-check-certificate
sudo yum install haproxy-$HAPVER.el7.x86_64.rpm -y
if [[ $KEY == "" ]]; then
ansible-playbook $PWD/roles/haproxy.yml -e "ansible_user=$USER ansible_ssh_pass=$PASS variable_host=$HOST PROXY=$PROXY HAPVER=$HAPVER SOCK_PORT=$SOCK_PORT STAT_PORT=$STAT_PORT STATS_USER=$STATS_USER STATS_PASS=$STATS_PASS $STAT_FILE=$STAT_FILE SYN_FLOOD=$SYN_FLOOD" -i $PWD/$HOST > /tmp/install_haproxy.log
else
ansible-playbook $PWD/roles/haproxy.yml --key-file $KEY -e "ansible_user=$USER variable_host=$HOST PROXY=$PROXY HAPVER=$HAPVER SOCK_PORT=$SOCK_PORT STAT_PORT=$STAT_PORT STATS_USER=$STATS_USER STATS_PASS=$STATS_PASS STAT_FILE=$STAT_FILE SYN_FLOOD=$SYN_FLOOD" -i $PWD/$HOST > /tmp/install_haproxy.log
fi
if [ $? -eq 1 ]
then
sudo yum install wget socat -y > /dev/null
sudo wget https://repo.haproxy-wi.org/haproxy-$HAPVER.el7.x86_64.rpm --no-check-certificate
sudo yum install haproxy-$HAPVER.el7.x86_64.rpm -y
fi
if [ $? -eq 1 ]
then
if hash apt-get 2>/dev/null; then
sudo apt-get install socat -y
else
sudo yum install haproxy socat -y > /dev/null
fi
fi
sudo bash -c 'echo "" > /tmp/haproxy.cfg'
sudo bash -c cat << EOF > /tmp/haproxy.cfg
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
stats socket *:$SOCK_PORT level admin
stats socket /var/run/haproxy.sock mode 600 level admin
server-state-file $STAT_FILE
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen stats
bind *:$STAT_PORT
stats enable
stats uri /stats
stats realm HAProxy-04\ Statistics
stats auth $STATS_USER:$STATS_PASS
stats admin if TRUE
EOF
sudo cp /tmp/haproxy.cfg /etc/haproxy/haproxy.cfg
sudo bash -c 'cat << EOF > /etc/rsyslog.d/haproxy.conf
local2.* /var/log/haproxy.log
EOF'
sudo sed -i 's/#$UDPServerRun 514/$UDPServerRun 514/g' /etc/rsyslog.conf
sudo sed -i 's/#$ModLoad imudp/$ModLoad imudp/g' /etc/rsyslog.conf
sudo firewall-cmd --zone=public --add-port=8085/tcp --permanent
sudo firewall-cmd --reload
sudo setenforce 0
sudo sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
sudo systemctl enable haproxy
sudo systemctl restart haproxy
if [ $? -eq 1 ]
then
echo "error: Can't start Haproxy service <br /><br />"
echo "error: Can't install Haproxy service. Look log in the /tmp/install_haproxy.log<br /><br />"
exit 1
fi
echo "success"
echo "success"
rm -f $PWD/$HOST

103
app/scripts/install_keepalived.sh
View File

@ -1,81 +1,38 @@
#!/bin/bash
CONF=/etc/keepalived/keepalived.conf
if [ -f $CONF ];then
echo -e 'info: Keepalived already installed. You can edit config <a href="/app/keepalivedconfig.py" title="Edit Keepalived config">here</a><br /><br />'
exit 1
for ARGUMENT in "$@"
do
KEY=$(echo $ARGUMENT | cut -f1 -d=)
VALUE=$(echo $ARGUMENT | cut -f2 -d=)
case "$KEY" in
PROXY) PROXY=${VALUE} ;;
MASTER) MASTER=${VALUE} ;;
ETH) ETH=${VALUE} ;;
IP) IP=${VALUE} ;;
HOST) HOST=${VALUE} ;;
USER) USER=${VALUE} ;;
PASS) PASS=${VALUE} ;;
KEY) KEY=${VALUE} ;;
*)
esac
done
export ANSIBLE_HOST_KEY_CHECKING=False
PWD=`pwd`
PWD=$PWD/scripts/ansible/
echo $HOST > $PWD/$HOST
if [[ $KEY == "" ]]; then
ansible-playbook $PWD/roles/keepalived.yml -e "ansible_user=$USER ansible_ssh_pass=$PASS variable_host=$HOST PROXY=$PROXY MASTER=$MASTER ETH=$ETH IP=$IP" -i $PWD/$HOST > /tmp/install_keepalived.log
else
ansible-playbook $PWD/roles/keepalived.yml --key-file $KEY -e "ansible_user=$USER variable_host=$HOST PROXY=$PROXY MASTER=$MASTER ETH=$ETH IP=$IP" -i $PWD/$HOST > /tmp/install_keepalived.log
fi
if hash apt-get 2>/dev/null; then
sudo apt-get install keepalived -y
else
sudo yum install keepalived -y > /dev/null
fi
if [ $? -eq 1 ]
then
echo "error: Can't install keepalived <br /><br />"
exit 1
fi
sudo echo "" > $CONF
sudo bash -c cat << EOF > $CONF
global_defs {
router_id LVS_DEVEL
}
#health-check for keepalive
vrrp_script chk_haproxy { # Requires keepalived-1.1.13
script "pidof haproxy"
interval 2 # check every 2 seconds
weight 3 # addA 3 points of prio if OK
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 102
#check if we are still running
track_script {
chk_haproxy
}
advert_int 1
authentication {
auth_type PASS
auth_pass VerySecretPass
}
virtual_ipaddress {
0.0.0.0
}
}
EOF
if [ $? -eq 1 ]
then
echo "error: Can't read keepalived config <br /><br />"
exit 1
fi
sudo sed -i "s/MASTER/$1/g" $CONF
sudo sed -i "s/eth0/$2/g" $CONF
sudo sed -i "s/0.0.0.0/$3/g" $CONF
if [[ $1 == "BACKUP" ]];then
sudo sed -i "s/102/103/g" $CONF
fi
sudo systemctl enable keepalived
sudo systemctl restart keepalived
sudo echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sudo sysctl -p
sudo firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface enp0s8 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
sudo firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 --out-interface enp0s8 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
sudo firewall-cmd --reload
if [ $? -eq 1 ]
then
echo "error: Can't start keepalived <br /><br />"
echo "error: Can't install keepalived service. Look log in the /tmp/install_keepalived.log<br /><br />"
exit 1
fi
echo "success"
echo "success"
rm -f $PWD/$HOST

27
app/scripts/syn_flood_protect.sh
View File

@ -1,27 +0,0 @@
#!/bin/bash
if [[ $1 == "enable" ]]; then
if sudo grep -q "net.ipv4.tcp_syncookies = 1" /etc/sysctl.conf; then
echo "SYN flood protect has already enabled"
exit 1
else
sudo bash -c cat <<EOF >> /etc/sysctl.conf
# Protection SYN flood
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_max_syn_backlog = 1024
EOF
sudo sysctl -w net.ipv4.tcp_syncookies=1
sudo sysctl -w net.ipv4.conf.all.rp_filter=1
sudo sysctl -w net.ipv4.tcp_max_syn_backlog=1024
sudo sysctl -w net.ipv4.tcp_synack_retries=3
fi
fi
if [[ $1 == "disable" ]]; then
sudo sed -i 's/net.ipv4.tcp_max_syn_backlog = 1024/net.ipv4.tcp_max_syn_backlog = 256/' /etc/sysctl.conf
sudo sed -i 's/net.ipv4.tcp_synack_retries = 3/net.ipv4.tcp_synack_retries = 5/' /etc/sysctl.conf
sudo sysctl -w net.ipv4.tcp_max_syn_backlog=256
sudo sysctl -w net.ipv4.tcp_synack_retries=5
fi

7
app/sql.py
View File

@ -492,7 +492,10 @@ def get_dick_permit(**kwargs):
ip = ''
con, cur = create_db.get_cur()
sql = """ select * from user where username = '%s' """ % get_user_name_by_uuid(user_id.value)
if kwargs.get('username'):
sql = """ select * from user where username = '%s' """ % kwargs.get('username')
else:
sql = """ select * from user where username = '%s' """ % get_user_name_by_uuid(user_id.value)
if kwargs.get('virt'):
type_ip = ""
else:
@ -1607,8 +1610,10 @@ if form.getvalue('updatessh'):
if ssh_enable == 1:
cmd = 'mv %s %s' % (ssh_key_name, new_ssh_key_name)
cmd1 = 'chmod 600 %s' % new_ssh_key_name
try:
funct.subprocess_execute(cmd)
funct.subprocess_execute(cmd1)
except:
pass
update_ssh(id, name, enable, group, username, password)

2
app/templates/ha.html
View File

@ -33,7 +33,7 @@
<td>{{ input('interface') }}</td>
<td>{{ input('vrrp-ip') }}</td>
<td>{{ checkbox('hap') }}</td>
<td>{{ checkbox('syn_flood', checked='checked') }}</td>
<td>{{ checkbox('syn_flood') }}</td>
<td>
<a class="ui-button ui-widget ui-corner-all" id="create" title="Create HA configuration">Create</a>
</td>

2
app/templates/servers.html
View File

@ -281,7 +281,7 @@
<tr>
<td class="padding10 first-collumn" style="width: 20%;">
{% set values = dict() %}
{% set values = {'2.0.4-1':'2.0.4-1','2.0.6-1':'2.0.6-1', '2.0.7-1':'2.0.7-1'} %}
{% set values = {'2.0.5-1':'2.0.5-1','2.0.6-1':'2.0.6-1', '2.0.7-1':'2.0.7-1'} %}
{{ select('hapver', values=values, selected='2.0.7-1', required='required') }}
</td>
<td class="padding10 first-collumn">