github
/
haproxy-wi
mirror of https://github.com/Aidaho12/haproxy-wi
1
0
Fork 0
Code Issues Releases Wiki Activity

v5.2.5.0 

Changelog: https://haproxy-wi.org/changelog.py#5_2_5
pull/304/head
Pavel Loginov 2021-09-04 14:50:26 +06:00
parent 0dd4142945
commit 4113fe67be
4 changed files with 201 additions and 188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

175
app/funct.py
View File

@ -35,11 +35,14 @@ def get_config_var(sec, var):
except Exception:
print('Content-type: text/html\n')
print('<center><div class="alert alert-danger">Check the config file, whether it exists and the path. Must be: app/roxy-wi.cfg</div>')
return
try:
return config.get(sec, var)
except Exception:
print('Content-type: text/html\n')
print('<center><div class="alert alert-danger">Check the config file. Presence section %s and parameter %s</div>' % (sec, var))
return
def get_data(log_type, **kwargs):
@ -107,7 +110,7 @@ def get_user_group(**kwargs):
return user_group
def logging(serv, action, **kwargs):
def logging(server_ip, action, **kwargs):
import sql
import http.cookies
import distro
@ -115,7 +118,6 @@ def logging(serv, action, **kwargs):
log_path = get_config_var('main', 'log_path')
try:
user_group = get_user_group()
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
except:
user_group = ''
@ -128,6 +130,7 @@ def logging(serv, action, **kwargs):
ip = ''
try:
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_uuid = cookie.get('uuid')
login = sql.get_user_name_by_uuid(user_uuid.value)
except Exception:
@ -156,7 +159,7 @@ def logging(serv, action, **kwargs):
elif kwargs.get('haproxywi') == 1:
if kwargs.get('login'):
mess = get_data('date_in_log') + " from " + ip + " user: " + login + ", group: " + user_group + ", " + \
action + " for: " + serv + "\n"
action + " for: " + server_ip + "\n"
else:
mess = get_data('date_in_log') + " " + action + " from " + ip + "\n"
log = open(log_path + "/roxy-wi-"+get_data('logs')+".log", "a")
@ -166,7 +169,7 @@ def logging(serv, action, **kwargs):
log = open(log_path + "/provisioning-"+get_data('logs')+".log", "a")
else:
mess = get_data('date_in_log') + " from " + ip + " user: " + login + ", group: " + user_group + ", " + \
action + " for: " + serv + "\n"
action + " for: " + server_ip + "\n"
log = open(log_path + "/config_edit-"+get_data('logs')+".log", "a")
try:
@ -289,8 +292,7 @@ def is_admin(**kwargs):
try:
return True if role <= level else False
except Exception as e:
# print('error: '+str(e))
except Exception:
return False
@ -306,7 +308,7 @@ def page_for_admin(**kwargs):
sys.exit()
def return_ssh_keys_path(serv, **kwargs):
def return_ssh_keys_path(server_ip, **kwargs):
import sql
full_path = get_config_var('main', 'fullpath')
ssh_enable = ''
@ -321,7 +323,7 @@ def return_ssh_keys_path(serv, **kwargs):
ssh_user_password = sshs.password
ssh_key_name = full_path+'/keys/%s.pem' % sshs.name
else:
for sshs in sql.select_ssh(serv=serv):
for sshs in sql.select_ssh(serv=server_ip):
ssh_enable = sshs.enable
ssh_user_name = sshs.username
ssh_user_password = sshs.password
@ -330,13 +332,13 @@ def return_ssh_keys_path(serv, **kwargs):
return ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name
def ssh_connect(serv):
def ssh_connect(server_ip):
import paramiko
from paramiko import SSHClient
import sql
ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = return_ssh_keys_path(serv)
servers = sql.select_servers(server=serv)
ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = return_ssh_keys_path(server_ip)
servers = sql.select_servers(server=server_ip)
ssh_port = 22
for server in servers:
@ -353,9 +355,9 @@ def ssh_connect(serv):
# k = paramiko.pkey.load_private_key_file(ssh_key_name, password=cloud)
# else:
k = paramiko.pkey.load_private_key_file(ssh_key_name)
ssh.connect(hostname=serv, port=ssh_port, username=ssh_user_name, pkey=k, timeout=11, banner_timeout=200)
ssh.connect(hostname=server_ip, port=ssh_port, username=ssh_user_name, pkey=k, timeout=11, banner_timeout=200)
else:
ssh.connect(hostname=serv, port=ssh_port, username=ssh_user_name, password=ssh_user_password, timeout=11, banner_timeout=200)
ssh.connect(hostname=server_ip, port=ssh_port, username=ssh_user_name, password=ssh_user_password, timeout=11, banner_timeout=200)
return ssh
except paramiko.AuthenticationException as e:
logging('localhost', ' ' + str(e), haproxywi=1)
@ -379,7 +381,7 @@ def ssh_connect(serv):
print(str(e))
def get_config(serv, cfg, **kwargs):
def get_config(server_ip, cfg, **kwargs):
import sql
if kwargs.get("keepalived"):
@ -389,22 +391,23 @@ def get_config(serv, cfg, **kwargs):
else:
config_path = sql.get_setting('haproxy_config_path')
ssh = ssh_connect(serv)
ssh = ssh_connect(server_ip)
try:
sftp = ssh.open_sftp()
except Exception as e:
logging('localhost', str(e), haproxywi=1)
return
try:
sftp.get(config_path, cfg)
except Exception as e:
logging('localhost', str(e), haproxywi=1)
return
try:
sftp.close()
ssh.close()
except Exception as e:
ssh = str(e)
logging('localhost', ssh, haproxywi=1)
return ssh
logging('localhost', str(e), haproxywi=1)
return
def diff_config(oldcfg, cfg):
@ -549,7 +552,7 @@ def get_userlists(config):
return return_config
def get_backends_from_config(serv, backends=''):
def get_backends_from_config(server_ip, backends=''):
configs_dir = get_config_var('configs', 'haproxy_save_configs_dir')
format_cfg = 'cfg'
@ -558,11 +561,12 @@ def get_backends_from_config(serv, backends=''):
except Exception as e:
logging('localhost', str(e), haproxywi=1)
try:
cfg = configs_dir + serv + "-" + get_data('config') + '.'+format_cfg
cfg = configs_dir + server_ip + "-" + get_data('config') + '.'+format_cfg
except Exception:
logging('localhost', ' Cannot generate cfg path', haproxywi=1)
return
try:
error = get_config(serv, cfg)
get_config(server_ip, cfg)
except Exception:
logging('localhost', ' Cannot download config', haproxywi=1)
print('error: Cannot get backends')
@ -613,7 +617,6 @@ def show_installation_output(error, output, service):
try:
print(l)
break
return False
except Exception:
print(output)
break
@ -622,7 +625,7 @@ def show_installation_output(error, output, service):
return True
def install_haproxy(serv, **kwargs):
def install_haproxy(server_ip, **kwargs):
import sql
script = "install_haproxy.sh"
hap_sock_p = str(sql.get_setting('haproxy_sock_port'))
@ -634,12 +637,12 @@ def install_haproxy(serv, **kwargs):
haproxy_ver = kwargs.get('hapver')
server_for_installing = kwargs.get('server')
ssh_port = 22
ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = return_ssh_keys_path(serv)
ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = return_ssh_keys_path(server_ip)
if ssh_enable == 0:
ssh_key_name = ''
servers = sql.select_servers(server=serv)
servers = sql.select_servers(server=server_ip)
for server in servers:
ssh_port = str(server[10])
@ -659,7 +662,7 @@ def install_haproxy(serv, **kwargs):
" SOCK_PORT=" + hap_sock_p + " STAT_PORT=" + stats_port + " STAT_FILE="+server_state_file +
" SSH_PORT=" + ssh_port + " STATS_USER=" + stats_user +
" STATS_PASS='" + stats_password + "' HAPVER=" + haproxy_ver + " SYN_FLOOD=" + syn_flood_protect +
" HOST=" + serv + " USER=" + ssh_user_name + " PASS='" + ssh_user_password + "' KEY=" + ssh_key_name]
" HOST=" + server_ip + " USER=" + ssh_user_name + " PASS='" + ssh_user_password + "' KEY=" + ssh_key_name]
output, error = subprocess_execute(commands[0])
if server_for_installing:
@ -668,18 +671,18 @@ def install_haproxy(serv, **kwargs):
service = ' HAProxy'
if show_installation_output(error, output, service):
sql.update_haproxy(serv)
sql.update_haproxy(server_ip)
os.system("rm -f %s" % script)
def waf_install(serv):
def waf_install(server_ip):
import sql
script = "waf.sh"
tmp_config_path = sql.get_setting('tmp_config_path')
proxy = sql.get_setting('proxy')
haproxy_dir = sql.get_setting('haproxy_dir')
ver = check_haproxy_version(serv)
ver = check_haproxy_version(server_ip)
os.system("cp scripts/%s ." % script)
@ -691,19 +694,21 @@ def waf_install(serv):
commands = ["sudo chmod +x " + tmp_config_path+script + " && " + tmp_config_path+script + " PROXY=" + proxy_serv +
" HAPROXY_PATH=" + haproxy_dir + " VERSION=" + ver]
error = str(upload(serv, tmp_config_path, script))
error = str(upload(server_ip, tmp_config_path, script))
if error:
print('error: '+error)
logging('localhost', error, haproxywi=1)
os.system("rm -f %s" % script)
stderr = ssh_command(serv, commands, print_out="1")
ssh_command(server_ip, commands, print_out="1")
sql.insert_waf_metrics_enable(serv, "0")
sql.insert_waf_rules(serv)
sql.insert_waf_metrics_enable(server_ip, "0")
sql.insert_waf_rules(server_ip)
def install_nginx(serv, **kwargs):
def install_nginx(server_ip, **kwargs):
import sql
script = "install_nginx.sh"
stats_user = sql.get_setting('nginx_stats_user')
@ -713,7 +718,8 @@ def install_nginx(serv, **kwargs):
config_path = sql.get_setting('nginx_config_path')
server_for_installing = kwargs.get('server')
proxy = sql.get_setting('proxy')
ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = return_ssh_keys_path(serv)
ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = return_ssh_keys_path(server_ip)
ssh_port = '22'
if ssh_enable == 0:
ssh_key_name = ''
@ -725,7 +731,7 @@ def install_nginx(serv, **kwargs):
else:
proxy_serv = ''
servers = sql.select_servers(server=serv)
servers = sql.select_servers(server=server_ip)
for server in servers:
ssh_port = str(server[10])
@ -734,7 +740,7 @@ def install_nginx(serv, **kwargs):
commands = ["chmod +x " + script + " && ./" + script + " PROXY=" + proxy_serv + " STATS_USER=" + stats_user +
" STATS_PASS='" + stats_password + "' SSH_PORT=" + ssh_port + " CONFIG_PATH=" + config_path +
" STAT_PORT=" + stats_port + " STAT_PAGE=" + stats_page+" SYN_FLOOD=" + syn_flood_protect +
" HOST=" + serv + " USER=" + ssh_user_name + " PASS='" + ssh_user_password + "' KEY=" + ssh_key_name]
" HOST=" + server_ip + " USER=" + ssh_user_name + " PASS='" + ssh_user_password + "' KEY=" + ssh_key_name]
output, error = subprocess_execute(commands[0])
if server_for_installing:
@ -742,7 +748,7 @@ def install_nginx(serv, **kwargs):
else:
service = ' Nginx'
if show_installation_output(error, output, service):
sql.update_nginx(serv)
sql.update_nginx(server_ip)
os.system("rm -f %s" % script)
@ -763,11 +769,11 @@ def update_haproxy_wi(service):
print(stderr)
def check_haproxy_version(serv):
def check_haproxy_version(server_ip):
import sql
hap_sock_p = sql.get_setting('haproxy_sock_port')
ver = ""
cmd = "echo 'show info' |nc %s %s |grep Version |awk '{print $2}'" % (serv, hap_sock_p)
cmd = "echo 'show info' |nc %s %s |grep Version |awk '{print $2}'" % (server_ip, hap_sock_p)
output, stderr = subprocess_execute(cmd)
for line in output:
ver = line
@ -775,45 +781,48 @@ def check_haproxy_version(serv):
return ver
def upload(serv, path, file, **kwargs):
def upload(server_ip, path, file, **kwargs):
error = ""
full_path = path + file
if kwargs.get('dir') == "fullpath":
full_path = path
try:
ssh = ssh_connect(serv)
ssh = ssh_connect(server_ip)
except Exception as e:
error = e.args
logging('localhost', str(e.args[0]), haproxywi=1)
print(' Cannot upload '+file+' to '+full_path+' to server: '+serv+' error: '+str(e.args))
error = str(e.args)
logging('localhost', error, haproxywi=1)
print(' Cannot upload '+file+' to '+full_path+' to server: '+server_ip+' error: ' + error)
return error
try:
sftp = ssh.open_sftp()
except Exception as e:
error = e.args
logging('localhost', str(e.args[0]), haproxywi=1)
print('Cannot upload '+file+' to '+full_path+' to server: '+serv+' error: '+str(e.args))
error = str(e.args)
logging('localhost', error, haproxywi=1)
print('Cannot upload '+file+' to '+full_path+' to server: '+server_ip+' error: ' + error)
return error
try:
file = sftp.put(file, full_path)
except Exception as e:
error = e.args
print('Cannot upload '+file+' to '+full_path+' to server: '+serv+' error: '+str(e.args))
logging('localhost', ' Cannot upload '+file+' to '+full_path+' to server: '+serv+' Error: '+str(e.args), haproxywi=1)
error = str(e.args)
print('Cannot upload '+file+' to '+full_path+' to server: '+server_ip+' error: '+ error)
logging('localhost', ' Cannot upload '+file+' to '+full_path+' to server: '+server_ip+' Error: '+ error, haproxywi=1)
return error
try:
sftp.close()
ssh.close()
except Exception as e:
error = e.args
logging('localhost', str(error[0]), haproxywi=1)
print('Cannot upload '+file+' to '+full_path+' to server: '+serv+' error: '+str(e.args))
error = str(e.args)
logging('localhost', error, haproxywi=1)
print('Cannot upload '+file+' to '+full_path+' to server: '+server_ip+' error: '+ error)
return str(error)
def upload_and_restart(serv, cfg, **kwargs):
def upload_and_restart(server_ip, cfg, **kwargs):
import sql
error = ""
@ -845,8 +854,8 @@ def upload_and_restart(serv, cfg, **kwargs):
commands = [check_and_move + " && sudo systemctl reload nginx"]
else:
commands = [check_and_move + " && sudo systemctl restart nginx"]
if sql.return_firewall(serv):
commands[0] += open_port_firewalld(cfg, serv=serv, service='nginx')
if sql.return_firewall(server_ip):
commands[0] += open_port_firewalld(cfg, serv=server_ip, service='nginx')
else:
haproxy_enterprise = sql.get_setting('haproxy_enterprise')
@ -866,12 +875,12 @@ def upload_and_restart(serv, cfg, **kwargs):
commands = [check_config + move_config + " && sudo systemctl reload "+haproxy_service_name+""]
else:
commands = [check_config + move_config + " && sudo systemctl restart "+haproxy_service_name+""]
if sql.return_firewall(serv):
commands[0] += open_port_firewalld(cfg, serv=serv)
error += str(upload(serv, tmp_file, cfg, dir='fullpath'))
if sql.return_firewall(server_ip):
commands[0] += open_port_firewalld(cfg, serv=server_ip)
error += str(upload(server_ip, tmp_file, cfg, dir='fullpath'))
try:
error += ssh_command(serv, commands)
error += ssh_command(server_ip, commands)
except Exception as e:
error += e
if error:
@ -880,24 +889,25 @@ def upload_and_restart(serv, cfg, **kwargs):
return error
def master_slave_upload_and_restart(serv, cfg, just_save, **kwargs):
def master_slave_upload_and_restart(server_ip, cfg, just_save, **kwargs):
import sql
masters = sql.is_master(serv)
masters = sql.is_master(server_ip)
error = ""
for master in masters:
if master[0] is not None:
error += upload_and_restart(master[0], cfg, just_save=just_save, nginx=kwargs.get('nginx'))
error += upload_and_restart(serv, cfg, just_save=just_save, nginx=kwargs.get('nginx'))
error += upload_and_restart(server_ip, cfg, just_save=just_save, nginx=kwargs.get('nginx'))
return error
def open_port_firewalld(cfg, serv, **kwargs):
def open_port_firewalld(cfg, server_ip, **kwargs):
try:
conf = open(cfg, "r")
except IOError:
print('<div class="alert alert-danger">Cannot read exported config file</div>')
return
firewalld_commands = ' &&'
ports = ''
@ -934,14 +944,14 @@ def open_port_firewalld(cfg, serv, **kwargs):
pass
firewalld_commands += 'sudo firewall-cmd --reload -q'
logging(serv, ' Next ports have been opened: ' + ports)
logging(server_ip, ' Next ports have been opened: ' + ports)
return firewalld_commands
def check_haproxy_config(serv):
def check_haproxy_config(server_ip):
import sql
commands = ["haproxy -q -c -f %s" % sql.get_setting('haproxy_config_path')]
ssh = ssh_connect(serv)
ssh = ssh_connect(server_ip)
for command in commands:
stdin, stdout, stderr = ssh.exec_command(command, get_pty=True)
if not stderr.read():
@ -1105,14 +1115,15 @@ def server_status(stdout):
return proc_count
def ssh_command(serv, commands, **kwargs):
ssh = ssh_connect(serv)
def ssh_command(server_ip, commands, **kwargs):
ssh = ssh_connect(server_ip)
for command in commands:
try:
stdin, stdout, stderr = ssh.exec_command(command, get_pty=True)
except Exception as e:
logging('localhost', ' ' + str(e), haproxywi=1)
return str(e)
if kwargs.get("ip") == "1":
show_ip(stdout)
@ -1151,11 +1162,11 @@ def subprocess_execute(cmd):
return output, stderr
def show_backends(serv, **kwargs):
def show_backends(server_ip, **kwargs):
import json
import sql
hap_sock_p = sql.get_setting('haproxy_sock_port')
cmd = 'echo "show backend" |nc %s %s' % (serv, hap_sock_p)
cmd = 'echo "show backend" |nc %s %s' % (server_ip, hap_sock_p)
output, stderr = subprocess_execute(cmd)
if stderr:
logging('localhost', ' '+stderr, haproxywi=1)
@ -1177,7 +1188,7 @@ def show_backends(serv, **kwargs):
return ret
def get_files(dir=get_config_var('configs', 'haproxy_save_configs_dir'), format='cfg', **kwargs):
def get_files(dir=get_config_var('configs', 'haproxy_save_configs_dir'), format='cfg'):
import glob
if format == 'log':
file = []
@ -1321,12 +1332,12 @@ def check_user_group(**kwargs):
sys.exit()
def check_is_server_in_group(serv):
def check_is_server_in_group(server_ip):
import sql
group_id = get_user_group(id=1)
servers = sql.select_servers(server=serv)
servers = sql.select_servers(server=server_ip)
for s in servers:
if (s[2] == serv and int(s[3]) == int(group_id)) or group_id == 1:
if (s[2] == server_ip and int(s[3]) == int(group_id)) or group_id == 1:
return True
else:
logging('localhost', ' has tried to actions in not his group server ', haproxywi=1, login=1)
@ -1334,9 +1345,9 @@ def check_is_server_in_group(serv):
sys.exit()
def check_service(serv, service_name):
def check_service(server_ip, service_name):
commands = ["systemctl is-active "+service_name]
return ssh_command(serv, commands)
return ssh_command(server_ip, commands)
def get_services_status():
@ -1385,15 +1396,15 @@ def get_services_status():
return services
def is_file_exists(serv: str, file: str):
def is_file_exists(server_ip: str, file: str):
cmd = ['[ -f ' + file + ' ] && echo yes || echo no']
out = ssh_command(serv, cmd)
out = ssh_command(server_ip, cmd)
return True if 'yes' in out else False
def is_service_active(serv: str, service_name: str):
def is_service_active(server_ip: str, service_name: str):
cmd = ['systemctl is-active ' + service_name]
out = ssh_command(serv, cmd)
out = ssh_command(server_ip, cmd)
return True if 'active' in out else False

2
app/overview.py
View File

@ -49,7 +49,7 @@ try:
prometheus = ''
host = ''
else:
users = sql.select_users(online=1)
users = sql.select_users()
cmd = "ps ax |grep 'metrics_worker\|metrics_waf_worker.py\|metrics_nginx_worker.py' |grep -v grep |wc -l"
metrics_worker, stderr = funct.subprocess_execute(cmd)
cmd = "ps ax |grep 'checker_worker\|checker_nginx' |grep -v grep |wc -l"

30
app/sql.py
View File

@ -309,21 +309,22 @@ def select_users(**kwargs):
query = User.select().where(User.user_id == kwargs.get("id"))
elif kwargs.get("group") is not None:
query = (User.
select().
select(
User,
UserGroups,
Case(0, [((
User.last_login_date >= funct.get_data('regular', timedelta_minutes_minus=15)
), 0)], 1).alias('last_login')).
join(UserGroups, on=(User.user_id == UserGroups.user_id)).
where(UserGroups.user_group_id == kwargs.get("group"))
)
elif kwargs.get('online') is not None:
query = (User.
select(
else:
query = User.select(
User,
Case(0, [((
User.last_login_date >= funct.get_data('regular', timedelta_minutes_minus=15)
), 0)], 1).alias('last_login')
)
)
else:
query = User.select().order_by(User.user_id)
).order_by(User.user_id)
try:
query_res = query.execute()
@ -500,13 +501,15 @@ def write_user_uuid(login, user_uuid):
def write_user_token(login, user_token):
token_ttl = int(get_setting('token_ttl'))
try:
user_id = User.get(User.username == login)
except Exception as e:
out_error(e)
try:
Token.insert(user_id=user_id, token=user_token, exp=funct.get_data('regular')).execute()
Token.insert(user_id=user_id, token=user_token, exp=funct.get_data('regular', timedelta=token_ttl)).execute()
except Exception as e:
out_error(e)
@ -556,8 +559,8 @@ def get_username_groupid_from_api_token(token):
def get_token(uuid):
try:
query = Token.select().join(UUID, on=(Token.user_id == UUID.user_id)).where(UUID.uuid == uuid).limit(1)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
@ -578,9 +581,8 @@ def delete_uuid(uuid):
def delete_old_uuid():
token_ttl = int(get_setting('token_ttl'))
query = UUID.delete().where((UUID.exp < funct.get_data('regular')) | (UUID.exp.is_null(True)) )
query1 = Token.delete().where((Token.exp > funct.get_data('regular', timedelta=token_ttl)) | (Token.exp.is_null(True)) )
query = UUID.delete().where((UUID.exp < funct.get_data('regular')) | (UUID.exp.is_null(True)))
query1 = Token.delete().where((Token.exp < funct.get_data('regular')) | (Token.exp.is_null(True)))
try:
query.execute()
query1.execute()
@ -1473,7 +1475,7 @@ def select_metrics_http(serv, **kwargs):
def select_servers_metrics_for_master(**kwargs):
if kwargs.get('group') is not None:
query = Server.select(Server.ip).where((Server.metrics == 1) & (Server.groups == kwargs.get(group)))
query = Server.select(Server.ip).where((Server.metrics == 1) & (Server.groups == kwargs.get('group')))
else:
query = Server.select(Server.ip).where(Server.metrics == 1)
try:

4
app/templates/hapservers.html
View File

@ -164,9 +164,9 @@
{% if s.6|int() >= 1 and service != 'keepalived' %}
<span
{% if keep_alive|int() >= 1 %}
class="shield green" title="Auto start enabled">
class="shield green" title="Auto start is enabled">
{% else %}
class="shield red" title="Auto start enabled, but keep alive service does not work">
class="shield red" title="Auto start is enabled, but Keep alive service does not work">
{% endif %}
</span>
{% endif %}