github
/
haproxy-wi
mirror of https://github.com/Aidaho12/haproxy-wi
1
0
Fork 0
Code Issues Releases Wiki Activity

v7.0.0.0 

Changelog: https://roxy-wi.org/changelog#7.0.0
pull/364/head
Aidaho 2023-09-17 12:42:39 +03:00
parent 940ca0b96d
commit 4b168e8fa8
266 changed files with 9243 additions and 14802 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -14,7 +14,6 @@ Web interface(user-friendly web GUI, alerting, monitoring and secure) for managi
2. Installing and updating HAProxy and Nginx with Roxy-WI as a Docker service
3. Installing and updating Grafana, Prometheus servers with Roxy-WI
4. Installing and updating HAProxy, Nginx, Apache, Keepalived and Node exporters with Roxy-WI
5. Server provisioning on AWS, DigitalOcean and G-Core Labs
6. Downloading, updating and formatting GeoIP to the acceptable format for HAProxy with Roxy-WI
7. Dynamic change of Maxconn, Black/white lists and backend's IP address and port with saving changes to the config file
8. Configuring HAProxy, Nginx, Apache and Keepalived in a jiffy with Roxy-WI

56
app/__init__.py Normal file
View File

@ -0,0 +1,56 @@
from datetime import timedelta
from flask import Flask
from flask_caching import Cache
from flask_login import LoginManager
app = Flask(__name__)
app.secret_key = 'some secret salt'
app.jinja_env.add_extension('jinja2.ext.do')
app.jinja_env.add_extension('jinja2.ext.loopcontrols')
cache = Cache(config={'CACHE_TYPE': 'SimpleCache', "CACHE_DEFAULT_TIMEOUT": 3000})
cache.init_app(app)
login_manager = LoginManager(app)
app.config['SITEMAP_INCLUDE_RULES_WITHOUT_PARAMS'] = True
app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(days=3)
from app.routes.add import bp as add_bp
app.register_blueprint(add_bp, url_prefix='/add')
from app.routes.service import bp as service_bp
app.register_blueprint(service_bp, url_prefix='/service')
from app.routes.config import bp as config_bp
app.register_blueprint(config_bp, url_prefix='/config')
from app.routes.metric import bp as metric_bp
app.register_blueprint(metric_bp, url_prefix='/metrics')
from app.routes.waf import bp as waf_bp
app.register_blueprint(waf_bp, url_prefix='/waf')
from app.routes.runtime import bp as runtime_bp
app.register_blueprint(runtime_bp, url_prefix='/runtimeapi')
from app.routes.smon import bp as smon_bp
app.register_blueprint(smon_bp, url_prefix='/smon')
from app.routes.checker import bp as checker_bp
app.register_blueprint(checker_bp, url_prefix='/checker')
from app.routes.install import bp as install_bp
app.register_blueprint(install_bp, url_prefix='/install')
from app.routes.user import bp as user_bp
app.register_blueprint(user_bp, url_prefix='/user')
from app.routes.server import bp as server_bp
app.register_blueprint(server_bp, url_prefix='/server')
from app.routes.admin import bp as admin_bp
app.register_blueprint(admin_bp, url_prefix='/admin')
from app import views
from app import ajax_views

436
app/add.py
View File

@ -1,436 +0,0 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import os
import sys
import http.cookies
from jinja2 import Environment, FileSystemLoader
import modules.db.sql as sql
import modules.common.common as common
import modules.config.config as config_mod
import modules.roxy_wi_tools as roxy_wi_tools
import modules.roxywi.common as roxywi_common
import modules.roxywi.auth as roxywi_auth
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
get_config_var = roxy_wi_tools.GetConfigVar()
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('add.html')
form = common.form
serv = common.is_ip_or_dns(form.getvalue('serv'))
print('Content-type: text/html\n')
user_params = roxywi_common.get_users_params(haproxy=1)
try:
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1)
except Exception:
print('error: your session is expired')
sys.exit()
roxywi_auth.page_for_admin(level=3)
if all(v is None for v in [
form.getvalue('mode'), form.getvalue('new_userlist'),
form.getvalue('peers-name'), form.getvalue('generateconfig')
]):
try:
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
group = cookie.get('group')
user_group = group.value
except Exception as e:
print(str(e))
lib_path = get_config_var.get_config_var('main', 'lib_path')
dir = lib_path + "/lists"
white_dir = lib_path + "/lists/" + user_group + "/white"
black_dir = lib_path + "/lists/" + user_group + "/black"
if not os.path.exists(dir):
os.makedirs(dir)
if not os.path.exists(dir + "/" + user_group):
os.makedirs(dir + "/" + user_group)
if not os.path.exists(white_dir):
os.makedirs(white_dir)
if not os.path.exists(black_dir):
os.makedirs(black_dir)
white_lists = roxywi_common.get_files(folder=white_dir, file_format="lst")
black_lists = roxywi_common.get_files(folder=black_dir, file_format="lst")
maps = roxywi_common.get_files(folder=f'{lib_path}/maps/{user_group}', file_format="map")
template = template.render(
h2=1, role=user_params['role'], user=user_params['user'], selects=user_params['servers'], add=form.getvalue('add'),
conf_add=form.getvalue('conf'), group=user_group, options=sql.select_options(), saved_servers=sql.select_saved_servers(),
white_lists=white_lists, black_lists=black_lists, user_services=user_params['user_services'], token=user_params['token'],
lang=user_params['lang'], maps=maps
)
print(template)
elif form.getvalue('mode') is not None:
haproxy_dir = sql.get_setting('haproxy_dir')
port = form.getlist('port')
bind = ""
ip = ""
force_close = form.getvalue('force_close')
balance = ""
mode = f" mode {form.getvalue('mode')}\n"
maxconn = ""
options_split = ""
ssl = ""
ssl_check = ""
backend = ""
headers = ''
acl = ""
servers_split = ""
new_listener = form.getvalue('listener')
new_frontend = form.getvalue('frontend')
new_backend = form.getvalue('new_backend')
if form.getvalue('balance') is not None:
balance = " balance " + form.getvalue('balance') + "\n"
if form.getvalue('health_check') is not None:
health_check = form.getvalue('health_check')
if health_check == 'option httpchk' and form.getvalue('checks_http_domain') is not None:
health_check = health_check + ' GET ' + form.getvalue('checks_http_path') + ' "HTTP/1.0\\r\\nHost: ' + form.getvalue('checks_http_domain') + '"'
balance += f" {health_check}\n"
if form.getvalue('ip') is not None:
ip = form.getlist('ip')
if new_listener is not None:
name = f"listen {new_listener}"
end_name = new_listener
elif new_frontend is not None:
name = f"frontend {new_frontend}"
end_name = new_frontend
elif new_backend is not None:
name = f"backend {new_backend}"
end_name = new_backend
else:
print('error: The name cannot be empty')
sys.exit()
if form.getvalue('backends') is not None:
backend = f" default_backend { form.getvalue('backends')}\n"
if form.getvalue('maxconn'):
maxconn = f" maxconn {form.getvalue('maxconn')}\n"
if form.getvalue('ssl') == "https" and form.getvalue('mode') != "tcp":
cert_path = sql.get_setting('cert_path')
if form.getvalue('cert') is not None:
ssl = f"ssl crt {cert_path}{form.getvalue('cert')}"
if form.getvalue('ssl-dis-check') is None:
if form.getvalue('ssl-check') == "ssl-check":
ssl_check = " ssl verify none"
else:
ssl_check = " ssl verify"
if ip or port:
if type(port) is list:
i = 0
for p in port:
if ip[i] == 'IsEmptY':
if ip[i] == 'IsEmptY' and port[i] == 'IsEmptY':
i += 1
continue
else:
port_value = port[i]
bind += f" bind *:{port_value} {ssl}\n"
else:
if port[i] == 'IsEmptY':
print('error: IP cannot be bind without a port')
sys.exit()
else:
port_value = port[i]
bind += f" bind {ip[i]}:{port_value} {ssl}\n"
i += 1
if form.getvalue('default-check') == "1":
if form.getvalue('check-servers') == "1":
check = f" check inter {form.getvalue('inter')} rise {form.getvalue('rise')} fall {form.getvalue('fall')}{ssl_check}"
else:
check = ""
else:
if form.getvalue('check-servers') != "1":
check = ""
else:
check = f" check{ssl_check}"
if form.getvalue('option') is not None:
options = form.getvalue('option')
i = options.split("\n")
for j in i:
options_split += f" {j}\n"
if force_close == "1":
options_split += " option http-server-close\n"
elif force_close == "2":
options_split += " option forceclose\n"
elif force_close == "3":
options_split += " option http-pretend-keepalive\n"
if form.getvalue('whitelist') is not None:
options_split += " tcp-request connection accept if { src -f " + haproxy_dir + "/white/" + form.getvalue(
'whitelist') + " }\n"
if form.getvalue('blacklist') is not None:
options_split += " tcp-request connection reject if { src -f " + haproxy_dir + "/black/" + form.getvalue(
'blacklist') + " }\n"
if form.getvalue('cookie'):
cookie = f" cookie {form.getvalue('cookie_name')}"
if form.getvalue('cookie_domain'):
cookie += f" domain {form.getvalue('cookie_domain')}"
if form.getvalue('rewrite'):
rewrite = form.getvalue('rewrite')
else:
rewrite = ""
if form.getvalue('prefix'):
prefix = form.getvalue('prefix')
else:
prefix = ""
if form.getvalue('nocache'):
nocache = form.getvalue('nocache')
else:
nocache = ""
if form.getvalue('postonly'):
postonly = form.getvalue('postonly')
else:
postonly = ""
if form.getvalue('dynamic'):
dynamic = form.getvalue('dynamic')
else:
dynamic = ""
cookie += f" {rewrite} {prefix} {nocache} {postonly} {dynamic}\n"
options_split += cookie
if form.getvalue('dynamic'):
options_split += f" dynamic-cookie-key {form.getvalue('dynamic-cookie-key')}\n"
if form.getvalue('headers_res'):
headers_res = form.getlist('headers_res')
headers_method = form.getlist('headers_method')
header_name = form.getlist('header_name')
header_value = form.getlist('header_value')
i = 0
for h in headers_method:
if headers_method[i] != 'del-header':
headers += f' {headers_res[i]} {headers_method[i]} {header_name[i]} {header_value[i]}\n'
else:
headers += f' {headers_res[i]} {headers_method[i]} {header_name[i]}\n'
i += 1
if form.getvalue('acl_if'):
acl_if = form.getlist('acl_if')
acl_value = form.getlist('acl_value')
acl_then = form.getlist('acl_then')
acl_then_values = form.getlist('acl_then_value')
i = 0
for a in acl_if:
acl_then_value = '' if acl_then_values[i] == 'IsEmptY' else acl_then_values[i]
try:
if a == '1':
acl_if_word = 'hdr_beg(host) -i '
if form.getvalue('ssl') == "https" and form.getvalue('mode') != "tcp":
acl_if_word = 'ssl_fc_sni -i '
if form.getvalue('mode') == "tcp":
acl_if_word = 'req.ssl_sni -i '
elif a == '2':
acl_if_word = 'hdr_end(host) -i '
if form.getvalue('ssl') == "https" and form.getvalue('mode') != "tcp":
acl_if_word = 'ssl_fc_sni -i '
if form.getvalue('mode') == "tcp":
acl_if_word = 'req.ssl_sni -i '
elif a == '3':
acl_if_word = 'path_beg -i '
elif a == '4':
acl_if_word = 'path_end -i '
elif a == '6':
acl_if_word = 'src ip '
else:
acl_if_word = ''
if acl_then[i] == '5':
acl += ' use_backend '
elif acl_then[i] == '2':
acl += ' http-request redirect location '
elif acl_then[i] == '3':
acl += ' http-request allow'
acl_then_value = ''
elif acl_then[i] == '4':
acl += ' http-request deny'
acl_then_value = ''
elif acl_then[i] == '6':
acl += f' acl return_{acl_value[i]} {acl_if_word} {acl_value[i]}\n'
acl += f' http-request return if return_{acl_value[i]}\n'
elif acl_then[i] == '7':
acl += f' acl set_header_{acl_value[i]} {acl_if_word} {acl_value[i]}\n'
acl += f' http-request set-header if set_header_{acl_value[i]}\n'
if acl_then[i] in ('2', '3', '4', '5'):
acl += acl_then_value + ' if { ' + acl_if_word + acl_value[i] + ' } \n'
except Exception:
acl = ''
i += 1
if form.getvalue('circuit_breaking') == "1":
observe = 'observe ' + form.getvalue('circuit_breaking_observe')
error_limit = ' error-limit ' + form.getvalue('circuit_breaking_error_limit')
circuit_breaking_on_error = ' on-error ' + form.getvalue('circuit_breaking_on_error')
default_server = ' default-server ' + observe + error_limit + circuit_breaking_on_error + '\n'
servers_split += default_server
if form.getvalue('servers') is not None:
servers = form.getlist('servers')
server_port = form.getlist('server_port')
send_proxy = form.getlist('send_proxy')
backup = form.getlist('backup')
server_maxconn = form.getlist('server_maxconn')
port_check = form.getvalue('port_check')
i = 0
for server in servers:
if form.getvalue('template') is None:
try:
if send_proxy[i] == '1':
send_proxy_param = 'send-proxy'
else:
send_proxy_param = ''
except Exception:
send_proxy_param = ''
try:
if backup[i] == '1':
backup_param = 'backup'
else:
backup_param = ''
except Exception:
backup_param = ''
try:
maxconn_val = server_maxconn[i]
except Exception:
maxconn_val = '200'
try:
port_check_val = port_check[i]
except Exception:
port_check_val = server_port[i]
servers_split += " server {0} {0}:{1}{2} port {6} maxconn {5} {3} {4} \n".format(
server, server_port[i], check, send_proxy_param, backup_param, maxconn_val, port_check_val
)
else:
servers_split += " server-template {0} {1} {2}:{3} {4} \n".format(
form.getvalue('prefix'), form.getvalue('template-number'), server, server_port[i], check
)
i += 1
compression = form.getvalue("compression")
cache = form.getvalue("cache")
compression_s = ""
cache_s = ""
cache_set = ""
filter_com = ""
if compression == "1" or cache == "2":
filter_com = " filter compression\n"
if cache == "2":
cache_s = f" http-request cache-use {end_name}\n http-response cache-store {end_name}\n"
cache_set = f"cache {end_name}\n total-max-size 4\n max-age 240\n"
if compression == "1":
compression_s = " compression algo gzip\n compression type text/html text/plain text/css\n"
waf = ""
if form.getvalue('waf') is not None:
waf = f" filter spoe engine modsecurity config {haproxy_dir}/waf.conf\n"
waf += " http-request deny if { var(txn.modsec.code) -m int gt 0 }\n"
config_add = f"\n{name}\n{bind}{mode}{maxconn}{balance}{options_split}{cache_s}{filter_com}{compression_s}" \
f"{waf}{headers}{acl}{backend}{servers_split}\n{cache_set}\n"
if form.getvalue('new_userlist') is not None:
name = f"userlist {form.getvalue('new_userlist')}\n"
new_userlist_groups = ""
if form.getvalue('userlist-group') is not None:
groups = form.getlist('userlist-group')
for group in groups:
new_userlist_groups += f" group {group}\n"
new_users_list = ""
if form.getvalue('userlist-user') is not None:
users = form.getlist('userlist-user')
passwords = form.getlist('userlist-password')
userlist_user_group = form.getlist('userlist-user-group')
i = 0
for user in users:
try:
group = f' groups {userlist_user_group[i]}'
except Exception:
group = ''
new_users_list += f" user {user} insecure-password { passwords[i]} {group}\n"
i += 1
config_add = "\n" + name + new_userlist_groups + new_users_list
if form.getvalue('peers-name') is not None:
name = "peers " + form.getvalue('peers-name') + "\n"
servers_split = ''
if form.getvalue('servers') is not None:
servers = form.getlist('servers')
server_port = form.getlist('server_port')
servers_name = form.getlist('servers_name')
i = 0
for server in servers:
servers_split += " peer {0} {1}:{2} \n".format(servers_name[i], server, server_port[i])
i += 1
config_add = "\n" + name + servers_split
if form.getvalue('generateconfig') is None and serv is not None:
slave_output = ''
try:
server_name = sql.get_hostname_by_server_ip(serv)
except Exception:
server_name = serv
try:
roxywi_common.check_is_server_in_group(serv)
if config_add:
hap_configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')
cfg = hap_configs_dir + serv + "-" + get_date.return_date('config') + ".cfg"
config_mod.get_config(serv, cfg)
try:
with open(cfg, "a") as conf:
conf.write(config_add)
except IOError as e:
print(f"error: Can't read import config file {e}")
output = config_mod.master_slave_upload_and_restart(serv, cfg, just_save="save")
if output:
print(output)
else:
print(name)
try:
roxywi_common.logging(serv, f"add.py add new {name}")
except Exception:
pass
except Exception:
pass
else:
print(config_add)

118
app/add_nginx.py
View File

@ -1,118 +0,0 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import sys
from jinja2 import Environment, FileSystemLoader
import modules.db.sql as sql
import modules.common.common as common
import modules.config.config as config_mod
import modules.roxy_wi_tools as roxy_wi_tools
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
get_config_var = roxy_wi_tools.GetConfigVar()
form = common.form
serv = form.getvalue('serv')
print('Content-type: text/html\n')
user_params = roxywi_common.get_users_params(service='nginx')
try:
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=2)
except Exception as e:
print(f'error {e}')
sys.exit()
roxywi_auth.page_for_admin(level=3)
if all(v is None for v in [form.getvalue('upstream'), form.getvalue('generateconfig')]):
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('add_nginx.html')
template = template.render(
h2=1, role=user_params['role'], user=user_params['user'], selects=user_params['servers'], add=form.getvalue('add'),
conf_add=form.getvalue('conf'), user_services=user_params['user_services'], token=user_params['token'], lang=user_params['lang']
)
print(template)
elif form.getvalue('upstream') is not None:
nginx_dir = sql.get_setting('nginx_dir')
name = form.getlist('name')
new_upstream = form.getvalue('upstream')
balance = form.getvalue("balance")
ip = ''
port = ''
config_add = ''
servers_split = ''
if balance == 'round_robin':
balance = ''
else:
balance = f' {balance};\n'
if new_upstream is not None:
config_add = f'upstream {new_upstream} {{\n'
config_add += balance
config_name = f'upstream_{new_upstream}'
if form.getvalue('keepalive') is not None:
config_add += f' keepalive {form.getvalue("keepalive")};\n'
if form.getvalue('servers') is not None:
servers = form.getlist('servers')
server_port = form.getlist('server_port')
max_fails = form.getlist('max_fails')
fail_timeout = form.getlist('fail_timeout')
i = 0
for server in servers:
try:
max_fails_val = f'max_fails={max_fails[i]}'
except Exception:
max_fails_val = 'max_fails=1'
try:
fail_timeout_val = f'fail_timeout={fail_timeout[i]}'
except Exception:
fail_timeout_val = 'fail_timeout=1'
servers_split += f" server {server}:{server_port[i]} {max_fails_val} {fail_timeout_val}s; \n"
i += 1
config_add += f'{servers_split} }}\n'
if form.getvalue('generateconfig') is None and serv is not None:
slave_output = ''
try:
server_name = sql.get_hostname_by_server_ip(serv)
except Exception:
server_name = serv
try:
roxywi_common.check_is_server_in_group(serv)
if config_add:
sub_folder = 'conf.d' if 'upstream' in config_name else 'sites-enabled'
service_configs_dir = get_config_var.get_config_var('configs', 'nginx_save_configs_dir')
cfg = f'{service_configs_dir}{serv}-{config_name}.conf'
nginx_dir = common.return_nice_path(sql.get_setting('nginx_dir'))
config_file_name = f'{nginx_dir}{sub_folder}/{config_name}.conf'
try:
with open(cfg, "w") as conf:
conf.write(config_add)
except IOError:
print("error: Cannot save a new config")
roxywi_common.logging(serv, "add_nginx.py add new %s" % config_name)
output = config_mod.master_slave_upload_and_restart(serv, cfg, just_save="save", nginx=1, config_file_name=config_file_name)
if output:
print(output)
else:
print(config_name)
except Exception:
pass
else:
print(config_add)

192
app/ajax_views.py Normal file
View File

@ -0,0 +1,192 @@
import os
import sys
from flask import render_template, request
from flask_login import login_required
from app import app, login_manager, cache
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.server.server as server_mod
import modules.service.action as service_action
import modules.service.common as service_common
import modules.service.haproxy as service_haproxy
import modules.roxywi.roxy as roxy
import modules.roxywi.logs as roxy_logs
import modules.roxywi.nettools as nettools
import modules.roxywi.common as roxywi_common
import modules.roxywi.overview as roxy_overview
@app.route('/overview/services')
@login_required
def show_services_overview():
return roxy_overview.show_services_overview()
@app.route('/overview/server/<server_ip>')
@login_required
def overview_server(server_ip):
return roxy_overview.show_overview(server_ip)
@app.route('/overview/users')
@login_required
def overview_users():
return roxy_overview.user_owv()
@app.route('/overview/sub')
@login_required
@cache.cached()
def overview_sub():
return roxy_overview.show_sub_ovw()
@app.route('/logs/<service>/<serv>', methods=['GET', 'POST'])
@login_required
def show_remote_log_files(service, serv):
service = common.checkAjaxInput(service)
serv = common.checkAjaxInput(serv)
log_path = sql.get_setting(f'{service}_path_logs')
return_files = server_mod.get_remote_files(serv, log_path, 'log')
if 'error: ' in return_files:
return return_files
lang = roxywi_common.get_user_lang_for_flask()
return render_template(
'ajax/show_log_files.html', serv=serv, return_files=return_files, path_dir=log_path, lang=lang
)
@app.route('/logs/<service>/<serv>/<rows>', defaults={'waf': '0'}, methods=['GET', 'POST'])
@app.route('/logs/<service>/waf/<serv>/<rows>', defaults={'waf': '1'}, methods=['GET', 'POST'])
@login_required
def show_logs(service, serv, rows, waf):
if request.method == 'GET':
grep = request.args.get('grep')
exgrep = request.args.get('exgrep')
hour = request.args.get('hour')
minute = request.args.get('minute')
hour1 = request.args.get('hour1')
minute1 = request.args.get('minute1')
log_file = request.args.get('file')
else:
grep = request.form.get('grep')
exgrep = request.form.get('exgrep')
hour = request.form.get('hour')
minute = request.form.get('minute')
hour1 = request.form.get('hour1')
minute1 = request.form.get('minute1')
log_file = request.form.get('file')
if roxywi_common.check_user_group_for_flask():
try:
out = roxy_logs.show_roxy_log(serv=serv, rows=rows, waf=waf, grep=grep, exgrep=exgrep, hour=hour, minute=minute,
hour1=hour1, minute1=minute1, service=service, log_file=log_file)
except Exception as e:
return str(e)
else:
return out
@app.route('/internal/show_version')
@cache.cached()
def show_roxywi_version():
return render_template('ajax/check_version.html', versions=roxy.versions())
@app.route('/stats/view/<service>/<server_ip>')
def show_stats(service, server_ip):
server_ip = common.is_ip_or_dns(server_ip)
if service in ('nginx', 'apache'):
return service_common.get_stat_page(server_ip, service)
else:
return service_haproxy.stat_page_action(server_ip)
@app.route('/portscanner/history/<server_ip>')
@login_required
def portscanner_history(server_ip):
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
history = sql.select_port_scanner_history(server_ip)
user_subscription = roxywi_common.return_user_subscription()
return render_template(
'include/port_scan_history.html', h2=1, autorefresh=0, role=user_params['role'], user=user, servers=user_params['servers'],
history=history, user_services=user_params['user_services'], token=user_params['token'],
user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], lang=user_params['lang']
)
@app.post('/portscanner/settings')
def change_settings_portscanner():
server_id = common.checkAjaxInput(request.form.get('server_id'))
enabled = common.checkAjaxInput(request.form.get('enabled'))
notify = common.checkAjaxInput(request.form.get('notify'))
history = common.checkAjaxInput(request.form.get('history'))
user_group_id = [server[3] for server in sql.select_servers(id=server_id)]
try:
if sql.insert_port_scanner_settings(server_id, user_group_id[0], enabled, notify, history):
return 'ok'
else:
if sql.update_port_scanner_settings(server_id, user_group_id[0], enabled, notify, history):
return 'ok'
except Exception as e:
return f'error: Cannot save settings: {e}'
else:
return 'ok'
@app.route('/portscanner/scan/<int:server_id>')
def scan_port(server_id):
server = sql.select_servers(id=server_id)
ip = ''
for s in server:
ip = s[2]
cmd = f"sudo nmap -sS {ip} |grep -E '^[[:digit:]]'|sed 's/ */ /g'"
cmd1 = f"sudo nmap -sS {ip} |head -5|tail -2"
stdout, stderr = server_mod.subprocess_execute(cmd)
stdout1, stderr1 = server_mod.subprocess_execute(cmd1)
if stderr != '':
return f'error: {stderr}'
else:
lang = roxywi_common.get_user_lang_for_flask()
return render_template('ajax/scan_ports.html', ports=stdout, info=stdout1, lang=lang)
@app.post('/nettols/<check>')
def nettols_check(check):
server_from = common.checkAjaxInput(request.form.get('server_from'))
server_to = common.is_ip_or_dns(request.form.get('server_to'))
action = common.checkAjaxInput(request.form.get('nettools_action'))
port_to = common.checkAjaxInput(request.form.get('nettools_telnet_port_to'))
dns_name = common.checkAjaxInput(request.form.get('nettools_nslookup_name'))
dns_name = common.is_ip_or_dns(dns_name)
record_type = common.checkAjaxInput(request.form.get('nettools_nslookup_record_type'))
if check == 'icmp':
return nettools.ping_from_server(server_from, server_to, action)
elif check == 'tcp':
return nettools.telnet_from_server(server_from, server_to, port_to)
elif check == 'dns':
return nettools.nslookup_from_server(server_from, dns_name, record_type)
else:
return 'error: Wrong check'

4
app/app.wsgi Normal file
View File

@ -0,0 +1,4 @@
import sys
sys.path.insert(0,"/var/www/haproxy-wi/")
from app import app as application

158
app/config.py
View File

@ -1,158 +0,0 @@
#!/usr/bin/env python3
import os
import sys
from jinja2 import Environment, FileSystemLoader
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.config.config as config_mod
import modules.roxy_wi_tools as roxy_wi_tools
import modules.roxywi.common as roxywi_common
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
get_config_var = roxy_wi_tools.GetConfigVar()
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('config.html')
print('Content-type: text/html\n')
form = common.form
serv = common.is_ip_or_dns(form.getvalue('serv'))
try:
service = common.checkAjaxInput(form.getvalue('service'))
except Exception:
print('<meta http-equiv="refresh" content="0; url=/app/">')
is_serv_protected = False
try:
config_file_name = form.getvalue('config_file_name').replace('92', '/')
except Exception:
config_file_name = ''
config_read = ""
cfg = ""
stderr = ""
error = ""
aftersave = ""
is_restart = ''
service_desc = ''
user_params = roxywi_common.get_users_params(service='nginx')
if service in ('haproxy', 'nginx', 'keepalived', 'apache'):
service_desc = sql.select_service(service)
if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id):
if user_params['lang'] == 'ru':
title = f"Работа с конфигурационным файлом {service_desc.service}"
else:
title = f"Working with {service_desc.service} configuration files"
action = f"config.py?service={service_desc.slug}"
configs_dir = get_config_var.get_config_var('configs', 'kp_save_configs_dir')
file_format = 'conf'
servers = roxywi_common.get_dick_permit(service=service_desc.slug)
if service in ('haproxy', 'nginx', 'apache'):
configs_dir = get_config_var.get_config_var('configs', f'{service_desc.service}_save_configs_dir')
else:
configs_dir = get_config_var.get_config_var('configs', 'kp_save_configs_dir')
if service == 'haproxy':
file_format = 'cfg'
else:
print('<meta http-equiv="refresh" content="0; url=/app/overview.py">')
if serv is not None:
if service == 'nginx' or service == 'apache':
conf_file_name_short = config_file_name.split('/')[-1]
cfg = f"{configs_dir}{serv}-{conf_file_name_short}-{get_date.return_date('config')}.{file_format}"
else:
cfg = f"{configs_dir}{serv}-{get_date.return_date('config')}.{file_format}"
if serv is not None and form.getvalue('open') is not None and form.getvalue('new_config') is None:
roxywi_common.check_is_server_in_group(serv)
is_serv_protected = sql.is_serv_protected(serv)
server_id = sql.select_server_id_by_ip(serv)
is_restart = sql.select_service_setting(server_id, service, 'restart')
if service == 'keepalived':
error = config_mod.get_config(serv, cfg, keepalived=1)
try:
roxywi_common.logging(serv, " Keepalived config has been opened for ")
except Exception:
pass
elif service == 'nginx':
error = config_mod.get_config(serv, cfg, nginx=1, config_file_name=config_file_name)
try:
roxywi_common.logging(serv, " NGINX config has been opened ")
except Exception:
pass
elif service == 'apache':
error = config_mod.get_config(serv, cfg, apache=1, config_file_name=config_file_name)
try:
roxywi_common.logging(serv, " Apache config has been opened ")
except Exception:
pass
else:
error = config_mod.get_config(serv, cfg)
try:
roxywi_common.logging(serv, " HAProxy config has been opened ")
except Exception:
pass
try:
conf = open(cfg, "r")
config_read = conf.read()
conf.close()
except IOError:
error += '<br />Cannot read imported config file'
os.system("/bin/mv %s %s.old" % (cfg, cfg))
if form.getvalue('new_config') is not None:
config_read = ' '
if serv is not None and form.getvalue('config') is not None:
roxywi_common.check_is_server_in_group(serv)
config = form.getvalue('config')
oldcfg = form.getvalue('oldconfig')
save = form.getvalue('save')
try:
with open(cfg, "a") as conf:
conf.write(config)
except IOError:
print("error: Cannot read imported config file")
if service == 'keepalived':
stderr = config_mod.upload_and_restart(serv, cfg, just_save=save, keepalived=1, oldcfg=oldcfg)
elif service == 'nginx':
stderr = config_mod.master_slave_upload_and_restart(serv, cfg, just_save=save, nginx=1, oldcfg=oldcfg, config_file_name=config_file_name)
elif service == 'apache':
stderr = config_mod.master_slave_upload_and_restart(serv, cfg, just_save=save, apache=1, oldcfg=oldcfg, config_file_name=config_file_name)
else:
stderr = config_mod.master_slave_upload_and_restart(serv, cfg, just_save=save, oldcfg=oldcfg)
config_mod.diff_config(oldcfg, cfg)
try:
os.system("/bin/rm -f " + configs_dir + "*.old")
except Exception as e:
print('error: ' + str(e))
if stderr:
print(stderr)
sys.exit()
template = template.render(
h2=1, role=user_params['role'], action=action, user=user_params['user'], select_id="serv", serv=serv, aftersave=aftersave,
config=config_read, cfg=cfg, selects=servers, stderr=stderr, error=error, service=service, is_restart=is_restart,
user_services=user_params['user_services'], config_file_name=config_file_name, is_serv_protected=is_serv_protected,
token=user_params['token'], lang=user_params['lang'], service_desc=service_desc
)
print(template)

203
app/create_db.py
View File

@ -159,194 +159,6 @@ def default_values():
except Exception as e:
print(str(e))
data_source = [
{'param': 'aws', 'name': 'AWS', 'optgroup': 'aws', 'section': 'provider', 'provider': 'aws', 'image': '/inc/images/provisioning/providers/aws.svg'},
{'param': 'do', 'name': 'DigitalOcearn', 'optgroup': 'do', 'section': 'provider', 'provider': 'do', 'image': '/inc/images/provisioning/providers/do.svg'},
{'param': 'gcore', 'name': 'G-Core Labs', 'optgroup': 'gcore', 'section': 'provider', 'provider': 'gcore', 'image': '/inc/images/provisioning/providers/gcore.svg'},
{'param': 'us-east-1', 'name': 'N. Virginia', 'optgroup': 'US East', 'section': 'region', 'provider': 'aws',
'image': '/inc/images/provisioning/flags/us.svg'},
{'param': 'us-east-2', 'name': 'Ohio', 'optgroup': 'US East', 'section': 'region', 'provider': 'aws', 'image': '/inc/images/provisioning/flags/us.svg'},
{'param': 'us-west-1', 'name': 'N. California', 'optgroup': 'US West', 'section': 'region', 'provider': 'aws',
'image': '/inc/images/provisioning/flags/us.svg'},
{'param': 'us-west-2', 'name': 'Oregon', 'optgroup': 'US West', 'section': 'region', 'provider': 'aws',
'image': '/inc/images/provisioning/flags/us.svg'},
{'param': 'af-south-1', 'name': 'Cape Town', 'optgroup': 'Africa', 'section': 'region', 'provider': 'aws',
'image': '/inc/images/provisioning/flags/za.svg'},
{'param': 'ap-east-1', 'name': 'Hong Kong', 'optgroup': 'Asia Pacific', 'section': 'region', 'provider': 'aws',
'image': '/inc/images/provisioning/flags/hk.svg'},
{'param': 'ap-south-1', 'name': 'Mumbai', 'optgroup': 'Asia Pacific', 'section': 'region', 'provider': 'aws',
'image': '/inc/images/provisioning/flags/in.svg'},
{'param': 'ap-northeast-2', 'name': 'Seoul', 'optgroup': 'Asia Pacific', 'section': 'region', 'provider': 'aws',
'image': '/inc/images/provisioning/flags/kr.svg'},
{'param': 'ap-southeast-1', 'name': 'Singapore', 'optgroup': 'Asia Pacific', 'section': 'region', 'provider': 'aws',
'image': '/inc/images/provisioning/flags/sg.svg'},
{'param': 'ap-southeast-2', 'name': 'Sydney', 'optgroup': 'Asia Pacific', 'section': 'region', 'provider': 'aws',
'image': '/inc/images/provisioning/flags/au.svg'},
{'param': 'ap-northeast-1', 'name': 'Tokyo', 'optgroup': 'Asia Pacific', 'section': 'region', 'provider': 'aws',
'image': '/inc/images/provisioning/flags/jp.svg'},
{'param': 'ca-central-1', 'name': 'Central', 'optgroup': 'Canada', 'section': 'region', 'provider': 'aws',
'image': '/inc/images/provisioning/flags/ca.svg'},
{'param': 'eu-central-1', 'name': 'Frankfurt', 'optgroup': 'Europe', 'section': 'region', 'provider': 'aws',
'image': '/inc/images/provisioning/flags/de.svg'},
{'param': 'eu-west-1', 'name': 'Ireland', 'optgroup': 'Europe', 'section': 'region', 'provider': 'aws', 'image': '/inc/images/provisioning/flags/ie.svg'},
{'param': 'eu-west-2', 'name': 'London', 'optgroup': 'Europe', 'section': 'region', 'provider': 'aws', 'image': '/inc/images/provisioning/flags/gb.svg'},
{'param': 'eu-south-1', 'name': 'Milan', 'optgroup': 'Europe', 'section': 'region', 'provider': 'aws', 'image': '/inc/images/provisioning/flags/fr.svg'},
{'param': 'eu-west-3', 'name': 'Paris', 'optgroup': 'Europe', 'section': 'region', 'provider': 'aws', 'image': '/inc/images/provisioning/flags/fr.svg'},
{'param': 'eu-north-1', 'name': 'Stockholm', 'optgroup': 'Europe', 'section': 'region', 'provider': 'aws', 'image': '/inc/images/provisioning/flags/se.svg'},
{'param': 'me-south-1', 'name': 'Bahrain', 'optgroup': 'Middle East', 'section': 'region', 'provider': 'aws', 'image': '/inc/images/provisioning/flags/bh.svg'},
{'param': 'sa-east-1', 'name': 'São Paulo', 'optgroup': 'South America', 'section': 'region', 'provider': 'aws', 'image': '/inc/images/provisioning/flags/br.svg'},
{'param': 'nyc1', 'name': 'New York 1', 'optgroup': 'USA', 'section': 'region', 'provider': 'do', 'image': '/inc/images/provisioning/flags/us.svg'},
{'param': 'nyc2', 'name': 'New York 2', 'optgroup': 'USA', 'section': 'region', 'provider': 'do', 'image': '/inc/images/provisioning/flags/us.svg'},
{'param': 'nyc3', 'name': 'New York 3', 'optgroup': 'USA', 'section': 'region', 'provider': 'do', 'image': '/inc/images/provisioning/flags/us.svg'},
{'param': 'sfo1', 'name': 'San Francisco 1', 'optgroup': 'USA', 'section': 'region', 'provider': 'do', 'image': '/inc/images/provisioning/flags/us.svg'},
{'param': 'sfo2', 'name': 'San Francisco 2', 'optgroup': 'USA', 'section': 'region', 'provider': 'do', 'image': '/inc/images/provisioning/flags/us.svg'},
{'param': 'sfo3', 'name': 'San Francisco 3', 'optgroup': 'USA', 'section': 'region', 'provider': 'do', 'image': '/inc/images/provisioning/flags/us.svg'},
{'param': 'tor1', 'name': 'Toronto 1', 'optgroup': 'Canada', 'section': 'region', 'provider': 'do', 'image': '/inc/images/provisioning/flags/ca.svg'},
{'param': 'ams2', 'name': 'Amsterdam 2', 'optgroup': 'Europe', 'section': 'region', 'provider': 'do', 'image': '/inc/images/provisioning/flags/nl.svg'},
{'param': 'ams3', 'name': 'Amsterdam 3', 'optgroup': 'Europe', 'section': 'region', 'provider': 'do', 'image': '/inc/images/provisioning/flags/nl.svg'},
{'param': 'fra1', 'name': 'Frankfurt 1', 'optgroup': 'Europe', 'section': 'region', 'provider': 'do', 'image': '/inc/images/provisioning/flags/de.svg'},
{'param': 'lon1', 'name': 'London 1', 'optgroup': 'Europe', 'section': 'region', 'provider': 'do', 'image': '/inc/images/provisioning/flags/gb.svg'},
{'param': 'sgp1', 'name': 'Singapore 1', 'optgroup': 'Asia', 'section': 'region', 'provider': 'do', 'image': '/inc/images/provisioning/flags/sg.svg'},
{'param': 'blr1', 'name': 'Bangalore 1', 'optgroup': 'Asia', 'section': 'region', 'provider': 'do', 'image': '/inc/images/provisioning/flags/bh.svg'},
{'param': '68', 'name': 'Chicago', 'optgroup': 'Americas', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/us.svg'},
{'param': '14', 'name': 'Manassas', 'optgroup': 'Americas', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/us.svg'},
{'param': '35', 'name': 'Santa-Clara', 'optgroup': 'Americas', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/us.svg'},
{'param': '91', 'name': 'Sao Paulo', 'optgroup': 'Americas', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/br.svg'},
{'param': '64', 'name': 'Hong-Kong', 'optgroup': 'Asia-Pacific', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/hk.svg'},
{'param': '18', 'name': 'Singapore', 'optgroup': 'Asia-Pacific', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/sg.svg'},
{'param': '88', 'name': 'Sydney', 'optgroup': 'Asia-Pacific', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/au.svg'},
{'param': '29', 'name': 'Tokyo', 'optgroup': 'Asia-Pacific', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/jp.svg'},
{'param': '46', 'name': 'Almaty', 'optgroup': 'EMEA', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/kz.svg'},
{'param': '26', 'name': 'Amsterdam', 'optgroup': 'EMEA', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/nl.svg'},
{'param': '51', 'name': 'Amsterdam-2', 'optgroup': 'EMEA', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/nl.svg'},
{'param': '38', 'name': 'Frankfurt', 'optgroup': 'EMEA', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/de.svg'},
{'param': '120', 'name': 'Darmstadt', 'optgroup': 'EMEA', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/de.svg'},
{'param': '50', 'name': 'Istanbul', 'optgroup': 'EMEA', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/tr.svg'},
{'param': '84', 'name': 'Johannesburg', 'optgroup': 'EMEA', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/za.svg'},
{'param': '6', 'name': 'Luxembourg', 'optgroup': 'EMEA', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/lu.svg'},
{'param': '76', 'name': 'Luxembourg-2', 'optgroup': 'EMEA', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/lu.svg'},
{'param': '56', 'name': 'Paris', 'optgroup': 'EMEA', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/fr.svg'},
{'param': '100', 'name': 'Paris-2', 'optgroup': 'EMEA', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/fr.svg'},
{'param': '80', 'name': 'Warsaw', 'optgroup': 'EMEA', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/pl.svg'},
{'param': '116', 'name': 'Dubai', 'optgroup': 'EMEA', 'section': 'region', 'provider': 'gcore', 'image': '/inc/images/provisioning/flags/ae.svg'},
{'param': '22', 'name': 'Khabarovsk', 'optgroup': 'Russia and CIS', 'section': 'region', 'provider': 'edge', 'image': '/inc/images/provisioning/flags/ru.svg'},
{'param': '10', 'name': 'Moscow', 'optgroup': 'Russia and CIS', 'section': 'region', 'provider': 'edge', 'image': '/inc/images/provisioning/flags/ru.svg'},
{'param': '42', 'name': 'Saint Petersburg', 'optgroup': 'Russia and CIS', 'section': 'region', 'provider': 'edge', 'image': '/inc/images/provisioning/flags/ru.svg'},
{'param': '60', 'name': 'Yekaterinburg', 'optgroup': 'Russia and CIS', 'section': 'region', 'provider': 'edge', 'image': '/inc/images/provisioning/flags/ru.svg'},
{'param': '72', 'name': 'Novosibirsk', 'optgroup': 'Russia and CIS', 'section': 'region', 'provider': 'edge', 'image': '/inc/images/provisioning/flags/ru.svg'},
{'param': 'ubuntu-18-04', 'name': 'Ubuntu 18.04', 'optgroup': 'Ubuntu', 'section': 'image', 'provider': 'aws', 'image': '/inc/images/provisioning/oss/ubuntu.svg'},
{'param': 'ubuntu-20-04', 'name': 'Ubuntu 20.04', 'optgroup': 'Ubuntu', 'section': 'image', 'provider': 'aws', 'image': '/inc/images/provisioning/oss/ubuntu.svg'},
{'param': 'ubuntu-20-14', 'name': 'Ubuntu 20.14', 'optgroup': 'Ubuntu', 'section': 'image', 'provider': 'aws', 'image': '/inc/images/provisioning/oss/ubuntu.svg'},
{'param': 'ubuntu-22-04', 'name': 'Ubuntu 22.04', 'optgroup': 'Ubuntu', 'section': 'image', 'provider': 'aws', 'image': '/inc/images/provisioning/oss/ubuntu.svg'},
{'param': 'ubuntu-23-04', 'name': 'Ubuntu 23.04', 'optgroup': 'Ubuntu', 'section': 'image', 'provider': 'aws', 'image': '/inc/images/provisioning/oss/ubuntu.svg'},
{'param': 'centos-7', 'name': 'CentOS 7', 'optgroup': 'CentOS', 'section': 'image', 'provider': 'aws', 'image': '/inc/images/provisioning/oss/centos.svg'},
{'param': 'centos-8', 'name': 'CentOS 8', 'optgroup': 'CentOS', 'section': 'image', 'provider': 'aws', 'image': '/inc/images/provisioning/oss/centos.svg'},
{'param': 'centos-9', 'name': 'CentOS 9', 'optgroup': 'CentOS', 'section': 'image', 'provider': 'aws', 'image': '/inc/images/provisioning/oss/centos.svg'},
{'param': 'debian-9', 'name': 'Debian 9', 'optgroup': 'Debian', 'section': 'image', 'provider': 'aws', 'image': '/inc/images/provisioning/oss/debian.svg'},
{'param': 'debian-10', 'name': 'Debian 10', 'optgroup': 'Debian', 'section': 'image', 'provider': 'aws', 'image': '/inc/images/provisioning/oss/debian.svg'},
{'param': 'debian-11', 'name': 'Debian 11', 'optgroup': 'Debian', 'section': 'image', 'provider': 'aws', 'image': '/inc/images/provisioning/oss/debian.svg'},
{'param': 'amazon-2_lts', 'name': 'Amazon Linux 2', 'optgroup': 'Amazon Linux', 'section': 'image', 'provider': 'aws', 'image': '/inc/images/provisioning/providers/aws.svg'},
{'param': 'ubuntu-18-04-x64', 'name': 'Ubuntu 18.04', 'optgroup': 'Ubuntu', 'section': 'image', 'provider': 'do', 'image': '/inc/images/provisioning/oss/ubuntu.svg'},
{'param': 'ubuntu-20-04-x64', 'name': 'Ubuntu 20.04', 'optgroup': 'Ubuntu', 'section': 'image', 'provider': 'do', 'image': '/inc/images/provisioning/oss/ubuntu.svg'},
{'param': 'ubuntu-20-14-x64', 'name': 'Ubuntu 20.14', 'optgroup': 'Ubuntu', 'section': 'image', 'provider': 'do', 'image': '/inc/images/provisioning/oss/ubuntu.svg'},
{'param': 'ubuntu-22-04-x64', 'name': 'Ubuntu 22.04', 'optgroup': 'Ubuntu', 'section': 'image', 'provider': 'do', 'image': '/inc/images/provisioning/oss/ubuntu.svg'},
{'param': 'ubuntu-23-04-x64', 'name': 'Ubuntu 23.04', 'optgroup': 'Ubuntu', 'section': 'image', 'provider': 'do', 'image': '/inc/images/provisioning/oss/ubuntu.svg'},
{'param': 'centos-7-x64', 'name': 'CentOS 7', 'optgroup': 'CentOS', 'section': 'image', 'provider': 'do', 'image': '/inc/images/provisioning/oss/centos.svg'},
{'param': 'centos-stream-8-x64', 'name': 'CentOS 8 Stream', 'optgroup': 'CentOS', 'section': 'image', 'provider': 'do', 'image': '/inc/images/provisioning/oss/centos.svg'},
{'param': 'centos-stream-9-x64', 'name': 'CentOS 9 Stream', 'optgroup': 'CentOS', 'section': 'image', 'provider': 'do', 'image': '/inc/images/provisioning/oss/centos.svg'},
{'param': 'rockylinux-8-4-x64', 'name': 'RockyLinux 8.4', 'optgroup': 'RockyLinux', 'section': 'image', 'provider': 'do', 'image': '/inc/images/provisioning/oss/rocky-linux.svg'},
{'param': 'rockylinux-8-x64', 'name': 'RockyLinux 8.5', 'optgroup': 'RockyLinux', 'section': 'image', 'provider': 'do', 'image': '/inc/images/provisioning/oss/rocky-linux.svg'},
{'param': 'debian-9-x64', 'name': 'Debian 9', 'optgroup': 'Debian', 'section': 'image', 'provider': 'do', 'image': '/inc/images/provisioning/oss/debian.svg'},
{'param': 'debian-10-x64', 'name': 'Debian 10', 'optgroup': 'Debian', 'section': 'image', 'provider': 'do', 'image': '/inc/images/provisioning/oss/debian.svg'},
{'param': 'debian-11-x64', 'name': 'Debian 11', 'optgroup': 'Debian', 'section': 'image', 'provider': 'do', 'image': '/inc/images/provisioning/oss/debian.svg'},
{'param': 'ubuntu-18.04-x64', 'name': 'Ubuntu 18.04', 'optgroup': 'Ubuntu', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/ubuntu.svg'},
{'param': 'ubuntu-20.04-x64', 'name': 'Ubuntu 20.04', 'optgroup': 'Ubuntu', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/ubuntu.svg'},
{'param': 'ubuntu-20.10-x64', 'name': 'Ubuntu 20.10', 'optgroup': 'Ubuntu', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/ubuntu.svg'},
{'param': 'ubuntu-22.04-x64', 'name': 'Ubuntu 22.04', 'optgroup': 'Ubuntu', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/ubuntu.svg'},
{'param': 'ubuntu-22.10-x64', 'name': 'Ubuntu 22.10', 'optgroup': 'Ubuntu', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/ubuntu.svg'},
{'param': 'ubuntu-23.04-x64', 'name': 'Ubuntu 23.04', 'optgroup': 'Ubuntu', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/ubuntu.svg'},
{'param': 'centos-7-1811-x64-qcow2', 'name': 'CentOS 7.6', 'optgroup': 'CentOS', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/centos.svg'},
{'param': 'centos-7-2003-x64-qcow2', 'name': 'CentOS 7.8', 'optgroup': 'CentOS', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/centos.svg'},
{'param': 'centos8-stream-0210-x64', 'name': 'CentOS 8.4', 'optgroup': 'CentOS', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/centos.svg'},
{'param': 'centos9-stream-0330-x64', 'name': 'CentOS 9', 'optgroup': 'CentOS', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/centos.svg'},
{'param': 'fedora-33-x64-qcow2', 'name': 'Fedora 33', 'optgroup': 'Fedora', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/fedora.svg'},
{'param': 'fedora-34-x64-qcow2', 'name': 'Fedora 34', 'optgroup': 'Fedora', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/fedora.svg'},
{'param': 'fedora-35-x64-qcow2', 'name': 'Fedora 35', 'optgroup': 'Fedora', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/fedora.svg'},
{'param': 'debian-9.7-x64-qcow2', 'name': 'Debian 9.7', 'optgroup': 'Debian', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/debian.svg'},
{'param': 'debian-10.1-x64-qcow2', 'name': 'Debian 10.1', 'optgroup': 'Debian', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/debian.svg'},
{'param': 'debian-10.3-x64-qcow2', 'name': 'Debian 10.3', 'optgroup': 'Debian', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/debian.svg'},
{'param': 'debian-11.generic-x64-qcow2', 'name': 'Debian 11', 'optgroup': 'Debian', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/debian.svg'},
{'param': 'windows-server-2019', 'name': 'Windows 2019', 'optgroup': 'Windows', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/windows.svg'},
{'param': 'windows-server-2022', 'name': 'Windows 2022', 'optgroup': 'Windows', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/windows.svg'},
{'param': 'sles15-SP2', 'name': 'SLES 15-SP2', 'optgroup': 'SUSE', 'section': 'image', 'provider': 'gcore', 'image': '/inc/images/provisioning/oss/suse.svg'},
{'param': 's-1vcpu-1gb', 'name': 's-1vcpu-1gb', 'optgroup': 'Base', 'section': 'size', 'provider': 'do'},
{'param': 's-2vcpu-2gb', 'name': 's-2vcpu-2gb', 'optgroup': 'Base', 'section': 'size', 'provider': 'do'},
{'param': 's-2vcpu-4gb', 'name': 's-2vcpu-4gb', 'optgroup': 'Base', 'section': 'size', 'provider': 'do'},
{'param': 's-4vcpu-8gb', 'name': 's-4vcpu-8gb', 'optgroup': 'Base', 'section': 'size', 'provider': 'do'},
{'param': 's-8vcpu-16gb', 'name': 's-8vcpu-16gb', 'optgroup': 'Base', 'section': 'size', 'provider': 'do'},
{'param': 's-1vcpu-1gb-intel', 'name': 's-1vcpu-1gb-intel', 'optgroup': 'Premium Intel', 'section': 'size', 'provider': 'do'},
{'param': 's-2vcpu-2gb-intel', 'name': 's-2vcpu-2gb-intel', 'optgroup': 'Premium Intel', 'section': 'size', 'provider': 'do'},
{'param': 's-2vcpu-4gb-intel', 'name': 's-2vcpu-4gb-intel', 'optgroup': 'Premium Intel', 'section': 'size', 'provider': 'do'},
{'param': 's-4vcpu-8gb-intel', 'name': 's-4vcpu-8gb-intel', 'optgroup': 'Premium Intel', 'section': 'size', 'provider': 'do'},
{'param': 's-8vcpu-16gb-intel', 'name': 's-8vcpu-16gb-intel', 'optgroup': 'Premium Intel', 'section': 'size', 'provider': 'do'},
{'param': 's-1vcpu-1gb-amd', 'name': 's-1vcpu-1gb-amd', 'optgroup': 'Premium AMD', 'section': 'size', 'provider': 'do'},
{'param': 's-2vcpu-2gb-amd', 'name': 's-2vcpu-2gb-amd', 'optgroup': 'Premium AMD', 'section': 'size', 'provider': 'do'},
{'param': 's-2vcpu-4gb-amd', 'name': 's-2vcpu-4gb-amd', 'optgroup': 'Premium AMD', 'section': 'size', 'provider': 'do'},
{'param': 's-4vcpu-8gb-amd', 'name': 's-4vcpu-8gb-amd', 'optgroup': 'Premium AMD', 'section': 'size', 'provider': 'do'},
{'param': 's-8vcpu-16gb-amd', 'name': 's-8vcpu-16gb-amd', 'optgroup': 'Premium AMD', 'section': 'size', 'provider': 'do'},
{'param': 'g-2vcpu-8gb', 'name': 'g-2vcpu-8gb', 'optgroup': 'General Purpose', 'section': 'size', 'provider': 'do'},
{'param': 'g-4vcpu-16gb', 'name': 'g-4vcpu-16gb', 'optgroup': 'General Purpose', 'section': 'size', 'provider': 'do'},
{'param': 'g-8vcpu-32gb', 'name': 'g-8vcpu-32gb', 'optgroup': 'General Purpose', 'section': 'size', 'provider': 'do'},
{'param': 'g-32vcpu-128gb', 'name': 'g-32vcpu-128gb', 'optgroup': 'General Purpose', 'section': 'size', 'provider': 'do'},
{'param': 'g-40vcpu-160gb', 'name': 'g-40vcpu-160gb', 'optgroup': 'General Purpose', 'section': 'size', 'provider': 'do'},
{'param': 'c-4-8gib', 'name': 'c-4-8gib', 'optgroup': 'CPU-Optimized', 'section': 'size', 'provider': 'do'},
{'param': 'c-8-16gib', 'name': 'c-8-16gib', 'optgroup': 'CPU-Optimized', 'section': 'size', 'provider': 'do'},
{'param': 'c-16-32gib', 'name': 'c-16-32gib', 'optgroup': 'CPU-Optimized', 'section': 'size', 'provider': 'do'},
{'param': 'c-32-64gib', 'name': 'c-32-64gib', 'optgroup': 'CPU-Optimized', 'section': 'size', 'provider': 'do'},
{'param': 'm-2vcpu-16gb', 'name': 'm-2vcpu-16gb', 'optgroup': 'Memory-Optimized', 'section': 'size', 'provider': 'do'},
{'param': 'm-4vcpu-32gb', 'name': 'm-4vcpu-32gb', 'optgroup': 'Memory-Optimized', 'section': 'size', 'provider': 'do'},
{'param': 'm-8vcpu-64gb', 'name': 'm-8vcpu-64gb', 'optgroup': 'Memory-Optimized', 'section': 'size', 'provider': 'do'},
{'param': 'm-16vcpu-128gb', 'name': 'm-16vcpu-128gb', 'optgroup': 'Memory-Optimized', 'section': 'size', 'provider': 'do'},
{'param': 'm-24vcpu-192gb', 'name': 'm-24vcpu-192gb', 'optgroup': 'Memory-Optimized', 'section': 'size', 'provider': 'do'},
{'param': 'm-32vcpu-256gb', 'name': 'm-32vcpu-256gb', 'optgroup': 'Memory-Optimized', 'section': 'size', 'provider': 'do'},
{'param': 'm-32vcpu-256gb', 'name': 'm-32vcpu-256gb', 'optgroup': 'Memory-Optimized', 'section': 'size', 'provider': 'do'},
{'param': 'g1-standard-1-2', 'name': 'g1-standard-1-2', 'optgroup': 'Standard', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-standard-2-4', 'name': 'g1-standard-2-4', 'optgroup': 'Standard', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-standard-2-8', 'name': 'g1-standard-2-8', 'optgroup': 'Standard', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-standard-4-8', 'name': 'g1-standard-4-8', 'optgroup': 'Standard', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-standard-4-16', 'name': 'g1-standard-4-16', 'optgroup': 'Standard', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-standard-8-16', 'name': 'g1-standard-8-16', 'optgroup': 'Standard', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-standard-8-32', 'name': 'g1-standard-8-32', 'optgroup': 'Standard', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-standard-16-32', 'name': 'g1-standard-16-32', 'optgroup': 'Standard', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-standard-16-64', 'name': 'g1-standard-16-64', 'optgroup': 'Standard', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-standard-32-64', 'name': 'g1-standard-32-64', 'optgroup': 'Standard', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-standard-32-128', 'name': 'g1-standard-32-128', 'optgroup': 'Standard', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-cpu-2-2', 'name': 'g1-cpu-2-2', 'optgroup': 'vCPU', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-cpu-4-4', 'name': 'g1-cpu-4-4', 'optgroup': 'vCPU', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-cpu-8-8', 'name': 'g1-cpu-8-8', 'optgroup': 'vCPU', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-cpu-16-16', 'name': 'g1-cpu-16-16', 'optgroup': 'vCPU', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-cpu-32-32', 'name': 'g1-cpu-32-32', 'optgroup': 'vCPU', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-memory-4-32', 'name': 'g1-memory-4-32', 'optgroup': 'Memory', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-memory-8-64', 'name': 'g1-memory-8-64', 'optgroup': 'Memory', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-memory-16-128', 'name': 'g1-memory-16-128', 'optgroup': 'Memory', 'section': 'size', 'provider': 'gcore'},
{'param': 'g1-memory-32-256', 'name': 'g1-memory-32-256', 'optgroup': 'Memory', 'section': 'size', 'provider': 'gcore'},
{'param': 'gp2', 'name': 'gp2', 'optgroup': 'General Purpose SSD', 'section': 'volume_type', 'provider': 'aws'},
{'param': 'gp3', 'name': 'gp3', 'optgroup': 'General Purpose SSD', 'section': 'volume_type', 'provider': 'aws'},
{'param': 'standard', 'name': 'standard', 'optgroup': 'Magnetic', 'section': 'volume_type', 'provider': 'aws'},
{'param': 'io1', 'name': 'io1', 'optgroup': 'Provisioned IOPS SSD', 'section': 'volume_type', 'provider': 'aws'},
{'param': 'io2', 'name': 'io2', 'optgroup': 'Provisioned IOPS SSD', 'section': 'volume_type', 'provider': 'aws'},
{'param': 'sc1', 'name': 'sc1', 'optgroup': 'Cold HDD', 'section': 'volume_type', 'provider': 'aws'},
{'param': 'st1', 'name': 'st1', 'optgroup': 'Throughput Optimized HDD', 'section': 'volume_type', 'provider': 'aws'},
{'param': 'standard', 'name': 'standard', 'optgroup': 'Standard network SSD', 'section': 'volume_type', 'provider': 'gcore'},
{'param': 'ssd_hiiops', 'name': 'ssd_hiiops', 'optgroup': 'High IOPS SSD', 'section': 'volume_type', 'provider': 'gcore'},
{'param': 'cold', 'name': 'cold', 'optgroup': 'HDD disk', 'section': 'volume_type', 'provider': 'gcore'},
]
try:
ProvisionParam.insert_many(data_source).on_conflict_ignore().execute()
except Exception as e:
print(str(e))
data_source = [
{'code': 'RW', 'name': 'Rwanda'},
{'code': 'SO', 'name': 'Somalia'},
@ -731,18 +543,6 @@ def update_db_v_6_3_11():
print("Updating... DB has been updated to version 6.3.11")
def update_db_v_6_3_12():
try:
ProvisionParam.delete().where(
(ProvisionParam.provider == 'gcore') &
(ProvisionParam.optgroup == 'Russia and CIS')
).execute()
except Exception as e:
print("An error occurred:", e)
else:
print("Updating... DB has been updated to version 6.3.12")
def update_db_v_6_3_13():
cursor = conn.cursor()
sql = """
@ -849,7 +649,7 @@ def update_db_v_6_3_18():
def update_ver():
try:
Version.update(version='6.3.18.0').execute()
Version.update(version='7.0.0.0').execute()
except Exception:
print('Cannot update version')
@ -874,7 +674,6 @@ def update_all():
update_db_v_6_3_8()
update_db_v_6_3_9()
update_db_v_6_3_11()
update_db_v_6_3_12()
update_db_v_6_3_13()
update_db_v_6_3_13_1()
update_db_v_6_3_13_2()

39
app/ha.py
View File

@ -1,39 +0,0 @@
#!/usr/bin/env python3
import sys
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('ha.html')
print('Content-type: text/html\n')
form = common.form
serv = form.getvalue('serv')
user_params = roxywi_common.get_users_params()
try:
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=3)
except Exception as e:
print(f'error {e}')
sys.exit()
roxywi_auth.page_for_admin(level=2)
is_needed_tool = common.is_tool('ansible')
try:
user_subscription = roxywi_common.return_user_status()
except Exception as e:
user_subscription = roxywi_common.return_unsubscribed_user_status()
roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
parsed_template = template.render(
h2=1, role=user_params['role'], user=user_params['user'], serv=serv, selects=user_params['servers'],
user_services=user_params['user_services'], user_status=user_subscription['user_status'], lang=user_params['lang'],
user_plan=user_subscription['user_plan'], is_needed_tool=is_needed_tool, token=user_params['token']
)
print(parsed_template)

188
app/hapservers.py
View File

@ -1,188 +0,0 @@
#!/usr/bin/env python3
import sys
import distro
from jinja2 import Environment, FileSystemLoader
import modules.db.sql as sql
import modules.common.common as common
import modules.server.server as server_mod
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('hapservers.html')
print('Content-type: text/html\n')
user_params = roxywi_common.get_users_params()
services = []
servers: object
form = common.form
serv = common.is_ip_or_dns(form.getvalue('serv'))
service = common.checkAjaxInput(form.getvalue('service'))
autorefresh = 0
servers_waf = ()
title = ''
cmd = "ps ax |grep -e 'keep_alive.py' |grep -v grep |wc -l"
keep_alive, stderr = server_mod.subprocess_execute(cmd)
is_restart = ''
service_desc = ''
restart_settings = ''
if service in ('haproxy', 'nginx', 'keepalived', 'apache'):
service_desc = sql.select_service(service)
if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id):
if serv:
if roxywi_common.check_is_server_in_group(serv):
servers = sql.select_servers(server=serv)
autorefresh = 1
server_id = sql.select_server_id_by_ip(serv)
docker_settings = sql.select_docker_service_settings(server_id, service_desc.slug)
restart_settings = sql.select_restart_service_settings(server_id, service_desc.slug)
else:
servers = roxywi_common.get_dick_permit(virt=1, service=service_desc.slug)
docker_settings = sql.select_docker_services_settings(service_desc.slug)
restart_settings = sql.select_restart_services_settings(service_desc.slug)
else:
print('<meta http-equiv="refresh" content="0; url=/app/overview.py">')
sys.exit()
services_name = {'roxy-wi-checker': 'Master backends checker service',
'roxy-wi-keep_alive': 'Auto start service',
'roxy-wi-metrics': 'Master metrics service'}
for s, v in services_name.items():
if distro.id() == 'ubuntu':
if s == 'roxy-wi-keep_alive':
s = 'roxy-wi-keep-alive'
cmd = "apt list --installed 2>&1 |grep " + s
else:
cmd = "rpm --query " + s + "-* |awk -F\"" + s + "\" '{print $2}' |awk -F\".noa\" '{print $1}' |sed 's/-//1' |sed 's/-/./'"
service_ver, stderr = server_mod.subprocess_execute(cmd)
try:
services.append([s, service_ver[0]])
except Exception:
services.append([s, ''])
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
servers_with_status1 = []
out1 = ''
if len(servers) == 1:
serv = servers[0][2]
for s in servers:
servers_with_status = list()
servers_with_status.append(s[0])
servers_with_status.append(s[1])
servers_with_status.append(s[2])
servers_with_status.append(s[11])
if service == 'nginx':
h = (['', ''],)
cmd = [
"/usr/sbin/nginx -v 2>&1|awk '{print $3}' && systemctl status nginx |grep -e 'Active' |awk "
"'{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l"]
for service_set in docker_settings:
if service_set.server_id == s[0] and service_set.setting == 'dockerized' and service_set.value == '1':
container_name = sql.get_setting('nginx_container_name')
cmd = [
"docker exec -it " + container_name + " /usr/sbin/nginx -v 2>&1|awk '{print $3}' && "
"docker ps -a -f name=" + container_name + " --format '{{.Status}}'|tail -1 && ps ax |grep nginx:"
"|grep -v grep |wc -l"
]
try:
out = server_mod.ssh_command(s[2], cmd)
h = ()
out1 = []
for k in out.split():
out1.append(k)
h = (out1,)
servers_with_status.append(h)
servers_with_status.append(h)
servers_with_status.append(s[17])
except Exception:
servers_with_status.append(h)
servers_with_status.append(h)
servers_with_status.append(s[17])
elif service == 'keepalived':
h = (['', ''],)
cmd = [
"/usr/sbin/keepalived -v 2>&1|head -1|awk '{print $2}' && systemctl status keepalived |"
"grep -e 'Active' |awk '{print $2, $9$10$11$12$13}' && ps ax |grep keepalived|grep -v grep |wc -l"
]
try:
out = server_mod.ssh_command(s[2], cmd)
out1 = []
for k in out.split():
out1.append(k)
h = (out1,)
servers_with_status.append(h)
servers_with_status.append(h)
servers_with_status.append(s[22])
except Exception:
servers_with_status.append(h)
servers_with_status.append(h)
servers_with_status.append(s[22])
elif service == 'apache':
h = (['', ''],)
apache_stats_user = sql.get_setting('apache_stats_user')
apache_stats_password = sql.get_setting('apache_stats_password')
apache_stats_port = sql.get_setting('apache_stats_port')
apache_stats_page = sql.get_setting('apache_stats_page')
cmd = "curl -s -u %s:%s http://%s:%s/%s?auto |grep 'ServerVersion\|Processes\|ServerUptime:'" % (
apache_stats_user, apache_stats_password, s[2], apache_stats_port, apache_stats_page
)
try:
out = server_mod.subprocess_execute(cmd)
if out != '':
for k in out:
servers_with_status.append(k)
servers_with_status.append(s[22])
except Exception:
servers_with_status.append(h)
servers_with_status.append(h)
servers_with_status.append(s[22])
else:
cmd = 'echo "show info" |nc %s %s -w 1 -v|grep -e "Ver\|Uptime:\|Process_num"' % (s[2], haproxy_sock_port)
out = server_mod.subprocess_execute(cmd)
for k in out:
if "Connection refused" not in k:
out1 = out
else:
out1 = False
servers_with_status.append(out1)
servers_with_status.append(s[12])
servers_with_status.append(sql.is_master(s[2]))
servers_with_status.append(sql.select_servers(server=s[2]))
is_keepalived = sql.select_keepalived(s[2])
if is_keepalived:
try:
cmd = ['sudo kill -USR1 `cat /var/run/keepalived.pid` && sudo grep State /tmp/keepalived.data -m 1 |'
'awk -F"=" \'{print $2}\'|tr -d \'[:space:]\' && sudo rm -f /tmp/keepalived.data']
out = server_mod.ssh_command(s[2], cmd)
out1 = ('1', out)
servers_with_status.append(out1)
except Exception as e:
servers_with_status.append(str(e))
else:
servers_with_status.append('')
servers_with_status1.append(servers_with_status)
try:
user_subscription = roxywi_common.return_user_status()
except Exception as e:
user_subscription = roxywi_common.return_unsubscribed_user_status()
roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
template = template.render(
h2=1, autorefresh=autorefresh, role=user_params['role'], user=user_params['user'], servers=servers_with_status1,
keep_alive=''.join(keep_alive), serv=serv, service=service, services=services, user_services=user_params['user_services'],
docker_settings=docker_settings, user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'],
servers_waf=servers_waf, restart_settings=restart_settings, service_desc=service_desc, token=user_params['token'],
lang=user_params['lang']
)
print(template)

53
app/history.py
View File

@ -1,53 +0,0 @@
#!/usr/bin/env python3
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('history.html')
print('Content-type: text/html\n')
user_params = roxywi_common.get_users_params(service='keepalived')
form = common.form
serv = common.is_ip_or_dns(form.getvalue('serv'))
service = form.getvalue('service')
user_id_history = form.getvalue('user_id')
if service in ('haproxy', 'nginx', 'keepalived', 'apache'):
service_desc = sql.select_service(service)
if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id):
server_id = sql.select_server_id_by_ip(serv)
history = sql.select_action_history_by_server_id_and_service(server_id, service_desc.service)
elif service == 'server':
if serv:
if roxywi_common.check_is_server_in_group(serv):
server_id = sql.select_server_id_by_ip(serv)
history = sql.select_action_history_by_server_id(server_id)
elif service == 'user':
if user_id_history:
history = sql.select_action_history_by_user_id(user_id_history)
users = sql.select_users()
try:
user_subscription = roxywi_common.return_user_status()
except Exception as e:
user_subscription = roxywi_common.return_unsubscribed_user_status()
roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
try:
sql.delete_action_history_for_period()
except Exception as e:
print(e)
rendered_template = template.render(
h2=1, autorefresh=0, role=user_params['role'], user=user_params['user'], users=users, serv=serv,
service=service, history=history, user_services=user_params['user_services'], token=user_params['token'],
user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], lang=user_params['lang']
)
print(rendered_template)

238
app/login.py
View File

@ -1,238 +0,0 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import os
import sys
import http.cookies
import datetime
import uuid
import distro
import modules.db.sql as sql
import modules.common.common as common
import modules.server.server as server_mod
import modules.roxy_wi_tools as roxy_wi_tools
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('login.html')
form = common.form
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_id = cookie.get('uuid')
try:
ref = form.getvalue('ref')
login = form.getvalue('login')
password = form.getvalue('pass')
except Exception:
ref = ''
login = ''
password = ''
error_log = ""
error = ""
def send_cookie(login):
session_ttl = int(sql.get_setting('session_ttl'))
expires = datetime.datetime.utcnow() + datetime.timedelta(days=session_ttl)
user_group = ''
user_uuid = str(uuid.uuid4())
user_token = str(uuid.uuid4())
sql.write_user_uuid(login, user_uuid)
sql.write_user_token(login, user_token)
user_id = sql.get_user_id_by_uuid(user_uuid)
try:
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_group_id = cookie.get('group')
user_group_id = user_group_id.value
if sql.check_user_group(user_id, user_group_id):
user_groups = user_group_id
else:
user_groups = sql.select_user_groups(user_id, limit=1)
except Exception:
user_groups = sql.select_user_groups(user_id, limit=1)
c = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
c["uuid"] = user_uuid
c["uuid"]["path"] = "/app"
# c["uuid"]["samesite"] = "Strict"
c["uuid"]["Secure"] = "True"
c["uuid"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT")
c["group"] = user_groups
c["group"]["path"] = "/app"
# c["group"]["samesite"] = "Strict"
c["group"]["Secure"] = "True"
c["group"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT")
print(c.output())
try:
groups = sql.select_groups(id=user_groups)
for g in groups:
if g[0] == int(user_groups):
user_group = g[1]
except Exception:
user_group = ''
try:
user_name = sql.get_user_name_by_uuid(user_uuid)
roxywi_common.logging('Roxy-WI server', f' user: {user_name}, group: {user_group} login', roxywi=1)
except Exception:
pass
print("Content-type: text/html\n")
print('ok')
try:
if distro.id() == 'ubuntu':
if os.path.exists('/etc/apt/auth.conf.d/roxy-wi.conf'):
cmd = "grep login /etc/apt/auth.conf.d/roxy-wi.conf |awk '{print $2}'"
get_user_name, stderr = server_mod.subprocess_execute(cmd)
user_name = get_user_name[0]
else:
user_name = 'git'
else:
if os.path.exists('/etc/yum.repos.d/roxy-wi.repo'):
cmd = "grep base /etc/yum.repos.d/roxy-wi.repo |awk -F\":\" '{print $2}'|awk -F\"/\" '{print $3}'"
get_user_name, stderr = server_mod.subprocess_execute(cmd)
user_name = get_user_name[0]
else:
user_name = 'git'
if sql.select_user_name():
sql.update_user_name(user_name)
else:
sql.insert_user_name(user_name)
except Exception as e:
roxywi_common.logging('Cannot update subscription: ', str(e), roxywi=1)
sys.exit()
def ban():
c = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
expires = datetime.datetime.utcnow() + datetime.timedelta(seconds=10)
c["ban"] = "1"
c["ban"]["path"] = "/"
# c["ban"]["samesite"] = "Strict"
c["ban"]["Secure"] = "True"
c["ban"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT")
try:
roxywi_common.logging('Roxy-WI server', f'{login} failed log in', roxywi=1, login=1)
except Exception:
roxywi_common.logging('Roxy-WI server', ' Failed log in. Wrong username', roxywi=1)
print(c.output())
print("Content-type: text/html\n")
print('ban')
sys.exit()
def check_in_ldap(user, password):
import ldap
server = sql.get_setting('ldap_server')
port = sql.get_setting('ldap_port')
ldap_class_search = sql.get_setting('ldap_class_search')
root_user = sql.get_setting('ldap_user')
root_password = sql.get_setting('ldap_password')
ldap_base = sql.get_setting('ldap_base')
ldap_search_field = sql.get_setting('ldap_search_field')
ldap_user_attribute = sql.get_setting('ldap_user_attribute')
ldap_type = sql.get_setting('ldap_type')
ldap_proto = 'ldap' if ldap_type == "0" else 'ldaps'
ldap_bind = ldap.initialize('{}://{}:{}/'.format(ldap_proto, server, port))
try:
ldap_bind.protocol_version = ldap.VERSION3
ldap_bind.set_option(ldap.OPT_REFERRALS, 0)
bind = ldap_bind.simple_bind_s(root_user, root_password)
criteria = "(&(objectClass=" + ldap_class_search + ")(" + ldap_user_attribute + "=" + user + "))"
attributes = [ldap_search_field]
result = ldap_bind.search_s(ldap_base, ldap.SCOPE_SUBTREE, criteria, attributes)
bind = ldap_bind.simple_bind_s(result[0][0], password)
except ldap.INVALID_CREDENTIALS:
ban()
except ldap.SERVER_DOWN:
print("Content-type: text/html\n")
print('error: LDAP server is down')
sys.exit()
except ldap.LDAPError as e:
if type(e.message) == dict and 'desc' in e.message:
print("Content-type: text/html\n")
print(f'error: {e.message["desc"]}')
sys.exit()
else:
print("Content-type: text/html\n")
print(f'error: {e}')
sys.exit()
else:
send_cookie(user)
if ref is None:
ref = "/index.html"
if form.getvalue('error'):
error_log = 'Something wrong. Try again'
try:
if sql.get_setting('session_ttl'):
session_ttl = sql.get_setting('session_ttl')
except Exception as e:
error = f'error: {e}'
try:
role = sql.get_user_role_by_uuid(user_id.value, user_group_id)
user = sql.get_user_name_by_uuid(user_id.value)
except Exception:
role = ""
user = ""
if form.getvalue('logout'):
try:
sql.delete_uuid(user_id.value)
except Exception:
pass
print("Set-cookie: uuid=; expires=Wed, May 18 03:33:20 2003; path=/app; httponly")
print("Content-type: text/html\n")
print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
sys.exit()
if login is not None and password is not None:
USERS = sql.select_users(user=login)
for users in USERS:
if users.activeuser == 0:
print("Content-type: text/html\n")
print('Your login is disabled')
sys.exit()
if users.ldap_user == 1:
if login in users.username:
check_in_ldap(login, password)
else:
passwordHashed = roxy_wi_tools.Tools.get_hash(password)
if login in users.username and passwordHashed == users.password:
send_cookie(login)
break
else:
ban()
else:
ban()
print("Content-type: text/html\n")
if login is None:
print("Content-type: text/html\n")
try:
lang = roxywi_common.get_user_lang()
except Exception:
lang = 'en'
parsed_template = template.render(
h2=0, title="Login page", role=role, user=user, error_log=error_log, error=error, ref=ref, lang=lang
)
print(parsed_template)

57
app/logs.py
View File

@ -1,57 +0,0 @@
#!/usr/bin/env python3
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('logs.html')
form = common.form
print('Content-type: text/html\n')
user_params = roxywi_common.get_users_params()
if form.getvalue('grep') is None:
grep = ""
else:
grep = form.getvalue('grep')
exgrep = form.getvalue('exgrep') if form.getvalue('exgrep') else ''
if form.getvalue('rows') is None:
rows = 10
else:
if form.getvalue('rows1') is not None:
rows = form.getvalue('rows1')
else:
rows = form.getvalue('rows')
hour = form.getvalue('hour')
hour1 = form.getvalue('hour1')
minut = form.getvalue('minut')
minut1 = form.getvalue('minut1')
waf = form.getvalue('waf')
service = common.checkAjaxInput(form.getvalue('service'))
remote_file = form.getvalue('file')
service_name = ''
if service in ('haproxy', 'nginx', 'keepalived', 'apache') and waf != '1':
service_desc = sql.select_service(service)
service_name = service_desc.service
if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id):
servers = roxywi_common.get_dick_permit(service=service_desc.slug)
elif waf == '1':
service_name = 'WAF'
if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1):
servers = roxywi_common.get_dick_permit(haproxy=1)
else:
print('<meta http-equiv="refresh" content="0; url=/app/overview.py">')
template = template.render(
h2=1, autorefresh=1, role=user_params['role'], user=user_params['user'], select_id="serv",
selects=servers, serv=form.getvalue('serv'), rows=rows, grep=grep, exgrep=exgrep, hour=hour, hour1=hour1,
minut=minut, minut1=minut1, waf=waf, service=service, user_services=user_params['user_services'],
token=user_params['token'], remote_file=remote_file, lang=user_params['lang'], service_name=service_name
)
print(template)

63
app/metrics.py
View File

@ -1,63 +0,0 @@
#!/usr/bin/env python3
import distro
import modules.db.sql as sql
import modules.common.common as common
import modules.server.server as server_mod
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('metrics.html')
form = common.form
service = form.getvalue('service')
service_desc = ''
print('Content-type: text/html\n')
user_params = roxywi_common.get_users_params()
roxywi_common.check_user_group()
try:
if distro.id() == 'ubuntu':
cmd = "apt list --installed 2>&1 |grep roxy-wi-metrics"
else:
cmd = "rpm -q roxy-wi-metrics-* |awk -F\"metrics\" '{print $2}' |awk -F\".noa\" '{print $1}' |sed 's/-//1' |sed 's/-/./'"
service_ver, stderr = server_mod.subprocess_execute(cmd)
services = '0'
if not stderr:
if service_ver[0] == ' is not installed' or service_ver == '':
servers = ''
else:
service_desc = sql.select_service(service)
if service == 'nginx':
if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=2):
user_params['servers'] = sql.select_nginx_servers_metrics_for_master()
elif service == 'apache':
if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=4):
user_params['servers'] = sql.select_apache_servers_metrics_for_master()
else:
if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1):
group_id = roxywi_common.get_user_group(id=1)
user_params['servers'] = sql.select_servers_metrics(group_id)
service = 'haproxy'
services = '1'
except Exception:
pass
try:
user_subscription = roxywi_common.return_user_status()
except Exception as e:
user_subscription = roxywi_common.return_unsubscribed_user_status()
roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
template = template.render(
h2=1, autorefresh=1, role=user_params['role'], user=user_params['user'], servers=user_params['servers'],
services=services, user_services=user_params['user_services'], service=service, user_status=user_subscription['user_status'],
user_plan=user_subscription['user_plan'], token=user_params['token'], lang=user_params['lang'], service_desc=service_desc
)
print(template)

1
app/modules/alerting/__init__.py
View File

@ -1 +0,0 @@
NAME = 'roxy-wi-alerting-module'

1
app/modules/common/common.py
View File

@ -1,5 +1,6 @@
import re
import cgi
import cgitb
form = cgi.FieldStorage()
error_mess = 'error: All fields must be completed'

306
app/modules/config/add.py
View File

@ -1,5 +1,6 @@
import os
import json
from flask import render_template, request
import modules.db.sql as sql
import modules.server.ssh as ssh_mod
@ -14,6 +15,69 @@ get_date = roxy_wi_tools.GetDate(time_zone)
get_config = roxy_wi_tools.GetConfigVar()
def save_to_haproxy_config(config: str, server_ip) -> str:
roxywi_common.check_is_server_in_group(server_ip)
hap_configs_dir = get_config.get_config_var('configs', 'haproxy_save_configs_dir')
cfg = hap_configs_dir + server_ip + "-" + get_date.return_date('config') + ".cfg"
config_mod.get_config(server_ip, cfg)
try:
with open(cfg, "a") as conf:
conf.write(config)
except IOError as e:
raise Exception(f"error: Cannot read import config file {e}")
try:
output = config_mod.master_slave_upload_and_restart(server_ip, cfg, "save", 'haproxy')
except Exception as e:
raise Exception(e)
try:
roxywi_common.logging(server_ip, f"Add has been added a new {name}")
except Exception:
pass
if output:
return output
else:
return name
def save_nginx_config(config_add: str, server_ip: str, config_name: str) -> str:
try:
server_name = sql.get_hostname_by_server_ip(server_ip)
except Exception:
server_name = server_ip
roxywi_common.check_is_server_in_group(server_ip)
sub_folder = 'conf.d' if 'upstream' in config_name else 'sites-enabled'
service_configs_dir = get_config.get_config_var('configs', 'nginx_save_configs_dir')
cfg = f'{service_configs_dir}{server_ip}-{config_name}.conf'
nginx_dir = common.return_nice_path(sql.get_setting('nginx_dir'))
config_file_name = f'{nginx_dir}{sub_folder}/{config_name}.conf'
try:
with open(cfg, "w") as conf:
conf.write(config_add)
except IOError:
return "error: Cannot save a new config"
try:
roxywi_common.logging(server_ip, "add/nginx add new %s" % config_name)
except Exception:
pass
output = config_mod.master_slave_upload_and_restart(server_ip, cfg, "save", 'nginx', config_file_name=config_file_name)
if output:
return output
else:
return config_name
def get_userlists(config):
return_config = ''
with open(config, 'r') as f:
@ -25,7 +89,7 @@ def get_userlists(config):
return return_config
def show_userlist(server_ip: str) -> None:
def show_userlist(server_ip: str) -> str:
configs_dir = get_config.get_config_var('configs', 'haproxy_save_configs_dir')
format_file = 'cfg'
@ -47,55 +111,100 @@ def show_userlist(server_ip: str) -> None:
roxywi_common.logging('Roxy-WI server', f' Cannot get Userlists from the config file {e}', roxywi=1)
sections = 'error: Cannot get Userlists'
print(sections)
return sections
def get_bwlist(color: str, group: str, list_name: str) -> None:
def add_userlist() -> str:
generate = request.form.get('generateconfig')
server_ip = request.form.get('serv')
name = f"userlist {request.form.get('new_userlist')}\n"
new_userlist_groups = ""
if request.form.get('userlist-group') is not None:
groups = request.form.getlist('userlist-group')
for group in groups:
if group == '':
continue
new_userlist_groups += f" group {group}\n"
new_users_list = ""
if request.form.get('userlist-user') is not None:
users = request.form.getlist('userlist-user')
passwords = request.form.getlist('userlist-password')
userlist_user_group = request.form.getlist('userlist-user-group')
i = 0
for user in users:
if user == '':
continue
try:
group = f' groups {userlist_user_group[i]}'
except Exception:
group = ''
new_users_list += f" user {user} insecure-password {passwords[i]} {group}\n"
i += 1
config_add = "\n" + name + new_userlist_groups + new_users_list
if generate:
return config_add
else:
try:
return save_to_haproxy_config(config_add, server_ip)
except Exception as e:
return str(e)
def get_bwlist(color: str, group: str, list_name: str) -> str:
lib_path = get_config.get_config_var('main', 'lib_path')
list_path = f"{lib_path}/lists/{group}/{color}/{list_name}"
try:
with open(list_path, 'r') as f:
print(f.read())
return f.read()
except IOError as e:
print(f"error: Cannot read {color} list: {e}")
return f"error: Cannot read {color} list: {e}"
def get_bwlists_for_autocomplete(color: str, group: str) -> None:
def get_bwlists_for_autocomplete(color: str, group: str) -> str:
lib_path = get_config.get_config_var('main', 'lib_path')
list_path = f"{lib_path}/lists/{group}/{color}"
lists = roxywi_common.get_files(list_path, "lst")
lines = ''
for line in lists:
print(line)
lines += line + ' '
return lines
def create_bwlist(server_ip: str, list_name: str, color: str, group: str) -> None:
def create_bwlist(server_ip: str, list_name: str, color: str, group: str) -> str:
lib_path = get_config.get_config_var('main', 'lib_path')
list_name = f"{list_name.split('.')[0]}.lst"
list_path = f"{lib_path}/lists/{group}/{color}/{list_name}"
try:
open(list_path, 'a').close()
print('success: ')
try:
roxywi_common.logging(server_ip, f'A new list {color} {list_name} has been created', roxywi=1, login=1)
except Exception:
pass
return 'success: '
except IOError as e:
print(f'error: Cannot create a new {color} list. {e}, ')
return f'error: Cannot create a new {color} list. {e}, '
def save_bwlist(list_name: str, list_con: str, color: str, group: str, server_ip: str, action: str) -> None:
def save_bwlist(list_name: str, list_con: str, color: str, group: str, server_ip: str, action: str) -> str:
lib_path = get_config.get_config_var('main', 'lib_path')
list_path = f"{lib_path}/lists/{group}/{color}/{list_name}"
path = sql.get_setting('haproxy_dir') + "/" + color
servers = []
output = ''
try:
with open(list_path, "w") as file:
file.write(list_con)
except IOError as e:
print(f'error: Cannot save {color} list. {e}')
path = sql.get_setting('haproxy_dir') + "/" + color
servers = []
return f'error: Cannot save {color} list. {e}'
if server_ip != 'all':
servers.append(server_ip)
@ -112,12 +221,12 @@ def save_bwlist(list_name: str, list_con: str, color: str, group: str, server_ip
for serv in servers:
server_mod.ssh_command(serv, [f"sudo mkdir {path}"])
server_mod.ssh_command(serv, [f"sudo chown $(whoami) {path}"])
error = config_mod.upload(serv, f'{path}/{list_name}', list_path, dir='fullpath')
error = config_mod.upload(serv, f'{path}/{list_name}', list_path)
if error:
print(f'error: Upload fail: {error} , ')
output += f'error: Upload fail: {error} , '
else:
print(f'success: Edited {color} list was uploaded to {serv} , ')
output += f'success: Edited {color} list was uploaded to {serv} , '
try:
roxywi_common.logging(serv, f'Has been edited the {color} list {list_name}', roxywi=1, login=1)
except Exception:
@ -135,17 +244,20 @@ def save_bwlist(list_name: str, list_con: str, color: str, group: str, server_ip
elif action == 'reload':
server_mod.ssh_command(serv, [f"sudo systemctl reload {haproxy_service_name}"])
return output
def delete_bwlist(list_name: str, color: str, group: str, server_ip: str) -> None:
def delete_bwlist(list_name: str, color: str, group: str, server_ip: str) -> str:
servers = []
lib_path = get_config.get_config_var('main', 'lib_path')
list_path = f"{lib_path}/lists/{group}/{color}/{list_name}"
path = f"{sql.get_setting('haproxy_dir')}/{color}"
output = ''
try:
os.remove(list_path)
except IOError as e:
print(f'error: Cannot delete {color} list from Roxy-WI server. {e} , ')
return f'error: Cannot delete {color} list from Roxy-WI server. {e} , '
if server_ip != 'all':
servers.append(server_ip)
@ -163,27 +275,30 @@ def delete_bwlist(list_name: str, color: str, group: str, server_ip: str) -> Non
error = server_mod.ssh_command(serv, [f"sudo rm {path}/{list_name}"], return_err=1)
if error:
print(f'error: Deleting fail: {error} , ')
return f'error: Deleting fail: {error} , '
else:
print(f'success: the {color} list has been deleted on {serv} , ')
output += f'success: the {color} list has been deleted on {serv} , '
try:
roxywi_common.logging(serv, f'has been deleted the {color} list {list_name}', roxywi=1, login=1)
except Exception:
pass
return output
def edit_map(map_name: str, group: str) -> None:
def edit_map(map_name: str, group: str) -> str:
lib_path = get_config.get_config_var('main', 'lib_path')
list_path = f"{lib_path}/maps/{group}/{map_name}"
try:
with open(list_path, 'r') as f:
print(f.read())
read_map = f.read()
except IOError as e:
print(f"error: Cannot read {map_name} list: {e}")
return f"error: Cannot read {map_name} list: {e}"
else:
return read_map
def create_map(server_ip: str, map_name: str, group: str) -> None:
def create_map(server_ip: str, map_name: str, group: str) -> str:
lib_path = get_config.get_config_var('main', 'lib_path')
map_name = f"{map_name.split('.')[0]}.map"
map_path = f'{lib_path}/maps/{group}/'
@ -195,23 +310,26 @@ def create_map(server_ip: str, map_name: str, group: str) -> None:
assert Exception(f'error: cannot create a local folder for maps: {e}')
try:
open(full_path, 'a').close()
print('success: ')
try:
roxywi_common.logging(server_ip, f'A new map {map_name} has been created', roxywi=1, login=1)
except Exception:
pass
except IOError as e:
assert Exception(f'error: Cannot create a new {map_name} map. {e}, ')
else:
return 'success: '
def save_map(map_name: str, list_con: str, group: str, server_ip: str, action: str) -> None:
def save_map(map_name: str, list_con: str, group: str, server_ip: str, action: str) -> str:
lib_path = get_config.get_config_var('main', 'lib_path')
map_path = f"{lib_path}/maps/{group}/{map_name}"
output = ''
try:
with open(map_path, "w") as file:
file.write(list_con)
except IOError as e:
print(f'error: Cannot save {map_name} list. {e}')
return f'error: Cannot save {map_name} list. {e}'
path = sql.get_setting('haproxy_dir') + "/maps"
servers = []
@ -231,12 +349,11 @@ def save_map(map_name: str, list_con: str, group: str, server_ip: str, action: s
for serv in servers:
server_mod.ssh_command(serv, [f"sudo mkdir {path}"])
server_mod.ssh_command(serv, [f"sudo chown $(whoami) {path}"])
error = config_mod.upload(serv, f'{path}/{map_name}', map_path, dir='fullpath')
error = config_mod.upload(serv, f'{path}/{map_name}', map_path)
if error:
print(f'error: Upload fail: {error} , ')
return f'error: Upload fail: {error} , '
else:
print(f'success: Edited {map_name} map was uploaded to {serv} , ')
try:
roxywi_common.logging(serv, f'Has been edited the map {map_name}', roxywi=1, login=1)
except Exception:
@ -254,17 +371,22 @@ def save_map(map_name: str, list_con: str, group: str, server_ip: str, action: s
elif action == 'reload':
server_mod.ssh_command(serv, [f"sudo systemctl reload {haproxy_service_name}"])
output += f'success: Edited {map_name} map was uploaded to {serv} , '
def delete_map(map_name: str, group: str, server_ip: str) -> None:
return output
def delete_map(map_name: str, group: str, server_ip: str) -> str:
servers = []
lib_path = get_config.get_config_var('main', 'lib_path')
list_path = f"{lib_path}/maps/{group}/{map_name}"
path = f"{sql.get_setting('haproxy_dir')}/maps"
output = ''
try:
os.remove(list_path)
except IOError as e:
print(f'error: Cannot delete {map_name} map from Roxy-WI server. {e} , ')
return f'error: Cannot delete {map_name} map from Roxy-WI server. {e} , '
if server_ip != 'all':
servers.append(server_ip)
@ -282,47 +404,49 @@ def delete_map(map_name: str, group: str, server_ip: str) -> None:
error = server_mod.ssh_command(serv, [f"sudo rm {path}/{map_name}"], return_err=1)
if error:
print(f'error: Deleting fail: {error} , ')
return f'error: Deleting fail: {error} , '
else:
print(f'success: the {map_name} map has been deleted on {serv} , ')
try:
roxywi_common.logging(serv, f'has been deleted the {map_name} map', roxywi=1, login=1)
except Exception:
pass
output += f'success: the {map_name} map has been deleted on {serv} , '
return output
def create_saved_option(option: str, group: int) -> None:
def create_saved_option(option: str, group: int) -> str:
if sql.insert_new_option(option, group):
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True)
template = env.get_template('/new_option.html')
template = template.render(options=sql.select_options(option=option))
print(template)
return render_template('ajax/new_option.html', options=sql.select_options(option=option))
def get_saved_option(group: str, term: str) -> None:
def get_saved_option(group: str, term: str) -> dict:
options = sql.select_options(group=group, term=term)
a = {}
v = 0
for i in options:
a[v] = i.options
v = v + 1
print(json.dumps(a))
return a
def create_saved_server(server: str, group: str, desc: str) -> None:
def update_saved_option(option, option_id) -> bool:
try:
sql.update_options(option, option_id)
except Exception as e:
raise Exception(e)
else:
return True
def create_saved_server(server: str, group: str, desc: str) -> str:
if sql.insert_new_savedserver(server, desc, group):
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True)
template = env.get_template('/new_saved_servers.html')
template = template.render(server=sql.select_saved_servers(server=server))
print(template)
return render_template('ajax/new_saved_servers.html', server=sql.select_saved_servers(server=server))
def get_saved_servers(group: str, term: str) -> None:
def get_saved_servers(group: str, term: str) -> str:
servers = sql.select_saved_servers(group=group, term=term)
a = {}
@ -335,10 +459,10 @@ def get_saved_servers(group: str, term: str) -> None:
a[v]['desc'] = i.description
v = v + 1
print(json.dumps(a))
return a
def get_le_cert(server_ip: str, lets_domain: str, lets_email: str) -> None:
def get_le_cert(server_ip: str, lets_domain: str, lets_email: str) -> str:
proxy = sql.get_setting('proxy')
ssl_path = common.return_nice_path(sql.get_setting('cert_path'), is_service=0)
haproxy_dir = sql.get_setting('haproxy_dir')
@ -361,94 +485,90 @@ def get_le_cert(server_ip: str, lets_domain: str, lets_email: str) -> None:
if error:
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
print(error)
return error
else:
for line in output:
if any(s in line for s in ("msg", "FAILED")):
try:
line = line.split(':')[1]
line = line.split('"')[1]
print(line + "<br>")
break
return line + "<br>"
except Exception:
print(output)
break
return output
else:
print('success: Certificate has been created')
os.remove(script)
os.remove(script)
return 'success: Certificate has been created'
def get_ssl_cert(server_ip: str, cert_id: int) -> None:
def get_ssl_cert(server_ip: str, cert_id: int) -> str:
cert_path = sql.get_setting('cert_path')
commands = [f"openssl x509 -in {cert_path}/{cert_id} -text"]
try:
server_mod.ssh_command(server_ip, commands, ip="1")
return server_mod.ssh_command(server_ip, commands)
except Exception as e:
print(f'error: Cannot connect to the server {e.args[0]}')
return f'error: Cannot connect to the server {e.args[0]}'
def get_ssl_raw_cert(server_ip: str, cert_id: int) -> None:
def get_ssl_raw_cert(server_ip: str, cert_id: int) -> str:
cert_path = sql.get_setting('cert_path')
commands = [f"cat {cert_path}/{cert_id}"]
try:
server_mod.ssh_command(server_ip, commands, ip="1")
return server_mod.ssh_command(server_ip, commands)
except Exception as e:
print(f'error: Cannot connect to the server {e.args[0]}')
return f'error: Cannot connect to the server {e.args[0]}'
def get_ssl_certs(server_ip: str) -> None:
def get_ssl_certs(server_ip: str) -> str:
cert_path = sql.get_setting('cert_path')
commands = [f"sudo ls -1t {cert_path} |grep -E 'pem|crt|key'"]
try:
server_mod.ssh_command(server_ip, commands, ip="1")
return server_mod.ssh_command(server_ip, commands)
except Exception as e:
print(f'error: Cannot connect to the server: {e.args[0]}')
return f'error: Cannot connect to the server: {e.args[0]}'
def del_ssl_cert(server_ip: str, cert_id: str) -> None:
def del_ssl_cert(server_ip: str, cert_id: str) -> str:
cert_path = sql.get_setting('cert_path')
commands = [f"sudo rm -f {cert_path}/{cert_id}"]
try:
server_mod.ssh_command(server_ip, commands, ip="1")
return server_mod.ssh_command(server_ip, commands)
except Exception as e:
print(f'error: Cannot delete the certificate {e.args[0]}')
return f'error: Cannot delete the certificate {e.args[0]}'
def upload_ssl_cert(server_ip: str, ssl_name: str, ssl_cont: str) -> None:
def upload_ssl_cert(server_ip: str, ssl_name: str, ssl_cont: str) -> str:
cert_path = sql.get_setting('cert_path')
name = ''
tmp_path = sql.get_setting('tmp_config_path')
slave_output = ''
if ssl_name is None:
print('error: Please enter a desired name')
return 'error: Please enter a desired name'
else:
name = f"{ssl_name}.pem"
path_to_file = f"{tmp_path}/{ssl_name}.pem"
try:
with open(name, "w") as ssl_cert:
with open(path_to_file, "w") as ssl_cert:
ssl_cert.write(ssl_cont)
except IOError as e:
print(f'error: Cannot save the SSL key file: {e.args[0]}')
return
return f'error: Cannot save the SSL key file: {e}'
masters = sql.is_master(server_ip)
for master in masters:
if master[0] is not None:
error = config_mod.upload(master[0], cert_path, name)
error = config_mod.upload(master[0], f'{cert_path}/{name}', path_to_file)
if not error:
print(f'success: the SSL file has been uploaded to {master[0]} into: {cert_path}/{name} <br/>')
slave_output += f'success: the SSL file has been uploaded to {master[0]} into: {cert_path}/{name} \n'
try:
error = config_mod.upload(server_ip, cert_path, name)
if not error:
print(f'success: the SSL file has been uploaded to {server_ip} into: {cert_path}/{name}')
error = config_mod.upload(server_ip, f'{cert_path}/{name}', path_to_file)
except Exception as e:
roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1)
# try:
# os.rename(name, cert_local_dir)
# except OSError as e:
# roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1)
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
return f'error: cannot upload SSL cert: {e}'
roxywi_common.logging(server_ip, f"add.py#ssl uploaded a new SSL cert {name}", roxywi=1, login=1)
roxywi_common.logging(server_ip, f"add#ssl uploaded a new SSL cert {name}", roxywi=1, login=1)
if not error:
return f'success: the SSL file has been uploaded to {server_ip} into: {cert_path}/{name} \n {slave_output}'

378
app/modules/config/config.py
View File

@ -1,8 +1,7 @@
import os
import re
import http.cookies
from jinja2 import Environment, FileSystemLoader
from flask import render_template, request
import modules.db.sql as sql
import modules.server.ssh as mod_ssh
@ -12,7 +11,6 @@ import modules.roxywi.common as roxywi_common
import modules.roxy_wi_tools as roxy_wi_tools
import modules.service.common as service_common
form = common.form
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
get_config_var = roxy_wi_tools.GetConfigVar()
@ -28,6 +26,7 @@ def get_config(server_ip, cfg, **kwargs):
or kwargs.get("apache") or kwargs.get("service") == 'apache'
):
config_path = common.checkAjaxInput(kwargs.get('config_file_name'))
config_path = config_path.replace('92', '/')
elif kwargs.get("waf") or kwargs.get("service") == 'waf':
if kwargs.get("waf") == 'haproxy':
config_path = f'{sql.get_setting("haproxy_dir")}/waf/rules/{kwargs.get("waf_rule_file")}'
@ -44,51 +43,42 @@ def get_config(server_ip, cfg, **kwargs):
ssh.get_sftp(config_path, cfg)
except Exception as e:
roxywi_common.logging('Roxy-WI server', f'error: cannot get config: {e}', roxywi=1)
raise Exception(f'error: cannot get config: {e}')
def upload(server_ip, path, file, **kwargs):
full_path = path + file
if kwargs.get('dir') == "fullpath":
full_path = path
def upload(server_ip, path, file):
try:
with mod_ssh.ssh_connect(server_ip) as ssh:
ssh.put_sftp(file, full_path)
ssh.put_sftp(file, path)
except Exception as e:
error = str(e.args)
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
print(f' Cannot upload {file} to {full_path} to server: {server_ip} error: {error}')
return error
roxywi_common.logging('Roxy-WI server', f'error: Cannot upload {file} to {path} to server: {server_ip}: {error}', roxywi=1)
print(f'error: Cannot upload {file} to {path} to server: {server_ip}: {error}')
raise Exception(error)
def upload_and_restart(server_ip: str, cfg: str, **kwargs):
error = ''
def upload_and_restart(server_ip: str, cfg: str, just_save: str, service: str, **kwargs):
file_format = 'conf'
config_path = kwargs.get('config_file_name')
service_name = ''
container_name = ''
reload_or_restart_command = ''
file_format = 'conf'
config_path = kwargs.get('config_file_name')
config_date = get_date.return_date('config')
server_id = sql.select_server_id_by_ip(server_ip=server_ip)
if kwargs.get("nginx"):
service = 'nginx'
elif kwargs.get("apache"):
service = 'apache'
elif kwargs.get("keepalived"):
service = 'keepalived'
config_path = sql.get_setting('keepalived_config_path')
file_format = 'cfg'
elif kwargs.get('waf'):
service = 'waf'
else:
service = 'haproxy'
if config_path and config_path != 'undefined':
config_path = kwargs.get('config_file_name').replace('92', '/')
if service == 'haproxy':
config_path = sql.get_setting('haproxy_config_path')
file_format = 'cfg'
if service == 'keepalived':
config_path = sql.get_setting('keepalived_config_path')
file_format = 'cfg'
if '..' in config_path:
print('error: nice try')
return None
raise Exception('error: nice try')
tmp_file = f"{sql.get_setting('tmp_config_path')}/{config_date}.{file_format}"
is_dockerized = sql.select_service_setting(server_id, service, 'dockerized')
@ -105,20 +95,22 @@ def upload_and_restart(server_ip: str, cfg: str, **kwargs):
if haproxy_enterprise == '1':
service_name = "hapee-2.0-lb"
if service == 'apache':
service_name = service_common.get_correct_apache_service_name(server_ip, 0)
service_name = service_common.get_correct_apache_service_name(0, server_id)
reload_command = f" && sudo systemctl reload {service_name}"
restart_command = f" && sudo systemctl restart {service_name}"
if kwargs.get("just_save") == 'save':
action = 'save'
elif kwargs.get("just_save") == 'test':
action = 'test'
elif kwargs.get("just_save") == 'reload':
if just_save in ('save', 'test'):
action = just_save
elif just_save == 'reload':
action = 'reload'
reload_or_restart_command = reload_command
else:
service_common.is_not_allowed_to_restart(server_id, service)
try:
service_common.is_not_allowed_to_restart(server_id, service)
except Exception as e:
return str(e)
action = 'restart'
reload_or_restart_command = restart_command
@ -130,7 +122,7 @@ def upload_and_restart(server_ip: str, cfg: str, **kwargs):
try:
os.system(f"dos2unix -q {cfg}")
except OSError:
return 'error: there is no dos2unix'
raise Exception('error: there is no dos2unix')
if service == "keepalived":
move_config = f"sudo mv -f {tmp_file} {config_path}"
@ -189,62 +181,68 @@ def upload_and_restart(server_ip: str, cfg: str, **kwargs):
commands[0] += open_port_firewalld(cfg, server_ip=server_ip)
try:
upload(server_ip, tmp_file, cfg, dir='fullpath')
upload(server_ip, tmp_file, cfg)
except Exception as e:
roxywi_common.logging('Roxy-WI server', f'error: Cannot upload config: {e}', roxywi=1)
raise Exception(f'error: Cannot upload config: {e}')
try:
if action != 'test':
roxywi_common.logging(server_ip, 'A new config file has been uploaded', login=login, keep_history=1, service=service)
except Exception as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
# If master then save version of config in a new way
if not kwargs.get('slave') and service != 'waf':
from pathlib import Path
diff = ''
try:
if action != 'test':
roxywi_common.logging(server_ip, 'A new config file has been uploaded', login=login, keep_history=1, service=service)
old_cfg = kwargs.get('oldcfg')
path = Path(old_cfg)
except Exception:
old_cfg = ''
path = Path(old_cfg)
if not path.is_file():
old_cfg = f'{tmp_file}.old'
try:
get_config(server_ip, old_cfg, service=service, config_file_name=config_path)
except Exception:
roxywi_common.logging('Roxy-WI server', 'Cannot download config for diff', roxywi=1)
try:
diff = diff_config(old_cfg, cfg, return_diff=1)
except Exception as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
# If master then save version of config in a new way
if not kwargs.get('slave') and service != 'waf':
from pathlib import Path
diff = ''
try:
old_cfg = kwargs.get('oldcfg')
path = Path(old_cfg)
except Exception:
old_cfg = ''
path = Path(old_cfg)
if not path.is_file():
old_cfg = f'{tmp_file}.old'
try:
get_config(server_ip, old_cfg, service=service, config_file_name=config_path)
except Exception:
roxywi_common.logging('Roxy-WI server', 'Cannot download config for diff', roxywi=1)
try:
diff = diff_config(old_cfg, cfg, return_diff=1)
except Exception as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
try:
user_id = roxywi_common.get_user_id(login=kwargs.get('login'))
sql.insert_config_version(server_id, user_id, service, cfg, config_path, diff)
except Exception as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
except Exception as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
return error
try:
user_id = roxywi_common.get_user_id(login=kwargs.get('login'))
sql.insert_config_version(server_id, user_id, service, cfg, config_path, diff)
except Exception as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
try:
error = server_mod.ssh_command(server_ip, commands)
try:
if action == 'reload' or action == 'restart':
roxywi_common.logging(server_ip, f'Service has been {action}ed', login=login, keep_history=1, service=service)
except Exception as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
except Exception as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
return e
raise Exception(f'{e}')
try:
if action == 'reload' or action == 'restart':
roxywi_common.logging(server_ip, f'Service has been {action}ed', login=login, keep_history=1, service=service)
except Exception as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
if error.strip() != 'haproxy' and error.strip() != 'nginx':
return error.strip()
def master_slave_upload_and_restart(server_ip, cfg, just_save, **kwargs):
def master_slave_upload_and_restart(server_ip, cfg, just_save, service, **kwargs):
slave_output = ''
masters = sql.is_master(server_ip)
config_file_name = kwargs.get('config_file_name')
oldcfg = kwargs.get('oldcfg')
waf = kwargs.get('waf')
try:
server_name = sql.get_hostname_by_server_ip(server_ip)
@ -256,25 +254,25 @@ def master_slave_upload_and_restart(server_ip, cfg, just_save, **kwargs):
else:
login = ''
masters = sql.is_master(server_ip)
for master in masters:
if master[0] is not None:
slv_output = upload_and_restart(
master[0], cfg, just_save=just_save, nginx=kwargs.get('nginx'),
apache=kwargs.get('apache'), config_file_name=kwargs.get('config_file_name'), slave=1
)
slave_output += f'<br>slave_server:\n{slv_output}'
output = upload_and_restart(
server_ip, cfg, just_save=just_save, nginx=kwargs.get('nginx'), waf=kwargs.get('waf'),
apache=kwargs.get('apache'), config_file_name=kwargs.get('config_file_name'),
oldcfg=kwargs.get('oldcfg'), login=login
)
try:
slv_output = upload_and_restart(
master[0], cfg, just_save, service, waf=waf, config_file_name=config_file_name, slave=1
)
slave_output += f'<br>slave_server:\n{slv_output}'
except Exception as e:
return f'{e}'
try:
output = upload_and_restart(
server_ip, cfg, just_save, service, waf=waf, config_file_name=config_file_name, oldcfg=oldcfg, login=login
)
except Exception as e:
return f'{e}'
output = server_name + ':\n' + output
output = output + slave_output
return output
@ -325,7 +323,6 @@ def open_port_firewalld(cfg, server_ip, **kwargs):
def diff_config(oldcfg, cfg, **kwargs):
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
log_path = get_config_var.get_config_var('main', 'log_path')
user_group = roxywi_common.get_user_group()
diff = ""
@ -334,8 +331,8 @@ def diff_config(oldcfg, cfg, **kwargs):
cmd = "/bin/diff -ub %s %s" % (oldcfg, cfg)
try:
user_uuid = cookie.get('uuid')
login = sql.get_user_name_by_uuid(user_uuid.value)
user_uuid = request.cookies.get('uuid')
login = sql.get_user_name_by_uuid(user_uuid)
except Exception:
login = ''
@ -377,164 +374,149 @@ def show_finding_in_config(stdout: str, **kwargs) -> str:
return out
def show_compare_config(server_ip: str) -> None:
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('ajax/show_compare_configs.html')
left = form.getvalue('left')
right = form.getvalue('right')
service = form.getvalue('service')
lang = roxywi_common.get_user_lang()
def show_compare_config(server_ip: str, service: str) -> str:
lang = roxywi_common.get_user_lang_for_flask()
config_dir = get_config_var.get_config_var('configs', f'{service}_save_configs_dir')
if service == 'nginx':
return_files = roxywi_common.get_files(get_config_var.get_config_var('configs', 'nginx_save_configs_dir'), 'conf')
elif service == 'apache':
return_files = roxywi_common.get_files(get_config_var.get_config_var('configs', 'apache_save_configs_dir'), 'conf')
elif service == 'keepalived':
return_files = roxywi_common.get_files(get_config_var.get_config_var('configs', 'kp_save_configs_dir'), 'conf')
if service in ('nginx', 'apache', 'keepalived'):
return_files = roxywi_common.get_files(config_dir, 'conf', server_ip=server_ip)
elif service == 'haproxy':
return_files = roxywi_common.get_files(config_dir, 'cfg', server_ip=server_ip)
else:
return_files = roxywi_common.get_files()
return 'error: Wrong service'
template = template.render(serv=server_ip, right=right, left=left, return_files=return_files, lang=lang)
print(template)
return render_template('ajax/show_compare_configs.html', serv=server_ip, return_files=return_files, lang=lang)
def compare_config() -> None:
left = common.checkAjaxInput(form.getvalue('left'))
right = common.checkAjaxInput(form.getvalue('right'))
lang = roxywi_common.get_user_lang()
def compare_config(service: str, left: str, right: str) -> str:
lang = roxywi_common.get_user_lang_for_flask()
if form.getvalue('service') == 'nginx':
configs_dir = get_config_var.get_config_var('configs', 'nginx_save_configs_dir')
elif form.getvalue('service') == 'apache':
configs_dir = get_config_var.get_config_var('configs', 'apache_save_configs_dir')
elif form.getvalue('service') == 'keepalived':
configs_dir = get_config_var.get_config_var('configs', 'kp_save_configs_dir')
if service in ('haproxy', 'nginx', 'apache', 'keepalived'):
configs_dir = get_config_var.get_config_var('configs', f'{service}_save_configs_dir')
else:
configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')
return 'error: Wrong service'
cmd = f'diff -pub {configs_dir}{left} {configs_dir}{right}'
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True,
extensions=["jinja2.ext.loopcontrols", "jinja2.ext.do"])
template = env.get_template('ajax/compare.html')
output, stderr = server_mod.subprocess_execute(cmd)
template = template.render(stdout=output, lang=lang)
print(template)
print(stderr)
return render_template('ajax/compare.html', stdout=output, lang=lang)
def show_config(server_ip: str) -> None:
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_uuid = cookie.get('uuid')
group_id = cookie.get('group')
group_id = int(group_id.value)
role_id = sql.get_user_role_by_uuid(user_uuid.value, group_id)
service = form.getvalue('service')
def show_config(server_ip: str, service: str, config_file_name: str, configver: str) -> str:
user_uuid = request.cookies.get('uuid')
group_id = int(request.cookies.get('group'))
role_id = sql.get_user_role_by_uuid(user_uuid, group_id)
try:
config_file_name = form.getvalue('config_file_name').replace('/', '92')
config_file_name = config_file_name.replace('/', '92')
except Exception:
config_file_name = ''
if service == 'keepalived':
configs_dir = get_config_var.get_config_var('configs', 'kp_save_configs_dir')
cfg = '.conf'
elif service == 'nginx':
configs_dir = get_config_var.get_config_var('configs', 'nginx_save_configs_dir')
cfg = '.conf'
elif service == 'apache':
configs_dir = get_config_var.get_config_var('configs', 'apache_save_configs_dir')
if service in ('nginx', 'apache', 'keepalived'):
configs_dir = get_config_var.get_config_var('configs', f'{service}_save_configs_dir')
cfg = '.conf'
else:
configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')
cfg = '.cfg'
if '..' in configs_dir:
print('error: nice try')
return None
raise Exception('error: nice try')
if form.getvalue('configver') is None:
if configver is None:
cfg = f"{configs_dir}{server_ip}-{get_date.return_date('config')}{cfg}"
try:
get_config(server_ip, cfg, service=service, config_file_name=form.getvalue('config_file_name'))
get_config(server_ip, cfg, service=service, config_file_name=config_file_name)
except Exception as e:
print(e)
return
raise Exception(e)
else:
cfg = configs_dir + form.getvalue('configver')
cfg = configs_dir + configver
try:
conf = open(cfg, "r")
except IOError:
print('<div class="alert alert-danger">Cannot read config file</div>')
with open(cfg, 'r') as file:
conf = file.readlines()
except Exception as e:
raise Exception(f'error: Cannot read config file: {e}')
if configver is None:
os.remove(cfg)
is_serv_protected = sql.is_serv_protected(server_ip)
server_id = sql.select_server_id_by_ip(server_ip)
hostname = sql.get_hostname_by_server_ip(server_ip)
is_restart = sql.select_service_setting(server_id, service, 'restart')
lang = roxywi_common.get_user_lang()
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True, trim_blocks=True, lstrip_blocks=True,
extensions=["jinja2.ext.loopcontrols", "jinja2.ext.do"])
template = env.get_template('ajax/config_show.html')
lang = roxywi_common.get_user_lang_for_flask()
template = template.render(conf=conf, serv=server_ip, configver=form.getvalue('configver'), role=role_id,
service=service, config_file_name=config_file_name, is_serv_protected=is_serv_protected,
is_restart=is_restart, lang=lang, hostname=hostname)
print(template)
conf.close()
if form.getvalue('configver') is None:
os.remove(cfg)
return render_template(
'ajax/config_show.html', conf=conf, serv=server_ip, configver=configver, role=role_id, service=service,
config_file_name=config_file_name, is_serv_protected=is_serv_protected, is_restart=is_restart, lang=lang,
hostname=hostname
)
def show_config_files(server_ip: str) -> None:
service = form.getvalue('service')
def show_config_files(server_ip: str, service: str, config_file_name: str) -> str:
service_config_dir = sql.get_setting(f'{service}_dir')
return_files = server_mod.get_remote_files(server_ip, service_config_dir, 'conf')
if 'error: ' in return_files:
print(return_files)
return
raise Exception(return_files)
try:
config_file_name = form.getvalue('config_file_name').replace('92', '/')
config_file_name = config_file_name.replace('92', '/')
except Exception:
config_file_name = ''
return_files += ' ' + sql.get_setting(f'{service}_config_path')
lang = roxywi_common.get_user_lang()
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('ajax/show_configs_files.html')
template = template.render(serv=server_ip, service=service, return_files=return_files, lang=lang,
config_file_name=config_file_name, path_dir=service_config_dir)
print(template)
lang = roxywi_common.get_user_lang_for_flask()
return render_template(
'ajax/show_configs_files.html', serv=server_ip, service=service, return_files=return_files, lang=lang,
config_file_name=config_file_name, path_dir=service_config_dir
)
def list_of_versions(server_ip: str, service: str) -> None:
def list_of_versions(server_ip: str, service: str, configver: str, for_delver: int) -> str:
if service not in ('haproxy', 'nginx', 'keepalived', 'apache'):
print('error: wrong service')
return None
raise Exception('error: wrong service')
configver = common.checkAjaxInput(form.getvalue('configver'))
for_delver = common.checkAjaxInput(form.getvalue('for_delver'))
users = sql.select_users()
service_desc = sql.select_service(service)
configs = sql.select_config_version(server_ip, service_desc.slug)
lang = roxywi_common.get_user_lang()
action = f'versions.py?service={service_desc.slug}'
if service in ('haproxy', 'nginx', 'apache'):
configs_dir = get_config_var.get_config_var('configs', f'{service_desc.service}_save_configs_dir')
else:
configs_dir = get_config_var.get_config_var('configs', 'kp_save_configs_dir')
lang = roxywi_common.get_user_lang_for_flask()
action = f'/app/config/versions/{service_desc.slug}/{server_ip}'
configs_dir = get_config_var.get_config_var('configs', f'{service_desc.service}_save_configs_dir')
if service == 'haproxy':
files = roxywi_common.get_files()
files = roxywi_common.get_files(configs_dir, 'cfg', server_ip)
else:
files = roxywi_common.get_files(configs_dir, 'conf')
files = roxywi_common.get_files(configs_dir, 'conf', server_ip)
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True, extensions=["jinja2.ext.loopcontrols", "jinja2.ext.do"])
template = env.get_template('ajax/show_list_version.html')
return render_template(
'ajax/show_list_version.html', server_ip=server_ip, service=service, action=action, return_files=files,
configver=configver, for_delver=for_delver, configs=configs, users=users, lang=lang
)
template = template.render(serv=server_ip, service=service, action=action, return_files=files, configver=configver,
for_delver=for_delver, configs=configs, users=users, lang=lang)
print(template)
def return_cfg(service: str, server_ip: str, config_file_name: str) -> str:
if service == 'haproxy':
file_format = 'cfg'
else:
file_format = 'conf'
if service in ('haproxy', 'nginx', 'apache', 'keepalived'):
configs_dir = get_config_var.get_config_var('configs', f'{service}_save_configs_dir')
else:
raise Exception('error: Wrong service')
if service in ('nginx', 'apache'):
config_file_name = config_file_name.replace('92', '/')
conf_file_name_short = config_file_name.split('/')[-1]
cfg = f"{configs_dir}{server_ip}-{conf_file_name_short}-{get_date.return_date('config')}.{file_format}"
else:
cfg = f"{configs_dir}{server_ip}-{get_date.return_date('config')}.{file_format}"
try:
os.system(f"/bin/rm -f {configs_dir}*.old")
except Exception:
pass
return cfg

298
app/modules/config/runtime.py
View File

@ -1,49 +1,47 @@
import json
from flask import render_template
import modules.db.sql as sql
import modules.common.common as common
import modules.config.config as config_mod
import modules.server.server as server_mod
import modules.roxywi.common as roxywi_common
import modules.roxy_wi_tools as roxy_wi_tools
form = common.form
serv = common.is_ip_or_dns(form.getvalue('serv'))
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
get_config_var = roxy_wi_tools.GetConfigVar()
def show_frontend_backend() -> None:
def show_frontend_backend(serv: str, backend: str) -> str:
haproxy_sock_port = int(sql.get_setting('haproxy_sock_port'))
backend = common.checkAjaxInput(form.getvalue('ipbackend'))
cmd = 'echo "show servers state"|nc %s %s |grep "%s" |awk \'{print $4}\'' % (serv, haproxy_sock_port, backend)
output, stderr = server_mod.subprocess_execute(cmd)
lines = ''
for i in output:
if i == ' ':
continue
i = i.strip()
print(i + '<br>')
lines += i + '<br>'
return lines
def show_server() -> None:
def show_server(serv: str, backend: str, backend_server: str) -> str:
haproxy_sock_port = int(sql.get_setting('haproxy_sock_port'))
backend = common.checkAjaxInput(form.getvalue('ipbackend'))
backend_server = common.checkAjaxInput(form.getvalue('backend_server'))
cmd = 'echo "show servers state"|nc %s %s |grep "%s" |grep "%s" |awk \'{print $5":"$19}\' |head -1' % (
serv, haproxy_sock_port, backend, backend_server)
output, stderr = server_mod.subprocess_execute(cmd)
print(output[0])
return output[0]
def get_all_stick_table():
def get_all_stick_table(serv: str):
hap_sock_p = sql.get_setting('haproxy_sock_port')
cmd = 'echo "show table"|nc %s %s |awk \'{print $3}\' | tr -d \'\n\' | tr -d \'[:space:]\'' % (serv, hap_sock_p)
output, stderr = server_mod.subprocess_execute(cmd)
return output[0]
def get_stick_table(table):
def get_stick_table(serv: str, table: str):
hap_sock_p = sql.get_setting('haproxy_sock_port')
cmd = 'echo "show table %s"|nc %s %s |awk -F"#" \'{print $2}\' |head -1 | tr -d \'\n\'' % (table, serv, hap_sock_p)
output, stderr = server_mod.subprocess_execute(cmd)
@ -62,6 +60,7 @@ def show_backends(server_ip, **kwargs):
hap_sock_p = sql.get_setting('haproxy_sock_port')
cmd = f'echo "show backend" |nc {server_ip} {hap_sock_p}'
output, stderr = server_mod.subprocess_execute(cmd)
lines = ''
if stderr:
roxywi_common.logging('Roxy-WI server', ' ' + stderr, roxywi=1)
if kwargs.get('ret'):
@ -76,16 +75,19 @@ def show_backends(server_ip, **kwargs):
if kwargs.get('ret'):
ret.append(back[1])
else:
print(back[1], end="<br>")
lines += back[1] + "<br>"
if kwargs.get('ret'):
return ret
return lines
def get_backends_from_config(server_ip: str, backends='') -> None:
def get_backends_from_config(server_ip: str, backends='') -> str:
config_date = get_date.return_date('config')
configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')
format_cfg = 'cfg'
lines = ''
try:
cfg = configs_dir + roxywi_common.get_files(configs_dir, format_cfg)[0]
@ -93,39 +95,34 @@ def get_backends_from_config(server_ip: str, backends='') -> None:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
try:
cfg = f'{configs_dir}{server_ip}-{config_date}.{format_cfg}'
except Exception:
roxywi_common.logging('Roxy-WI server', ' Cannot generate cfg path', roxywi=1)
return
except Exception as e:
roxywi_common.logging('Roxy-WI server', f'error: Cannot generate cfg path: {e}', roxywi=1)
return f'error: Cannot generate cfg path: {e}'
try:
config_mod.get_config(server_ip, cfg)
except Exception:
roxywi_common.logging('Roxy-WI server', ' Cannot download config', roxywi=1)
print('error: Cannot get backends')
return
except Exception as e:
roxywi_common.logging('Roxy-WI server', f'error: Cannot download config: {e}', roxywi=1)
return f'error: Cannot download config: {e}'
with open(cfg, 'r') as f:
for line in f:
if backends == 'frontend':
if (line.startswith('listen') or line.startswith('frontend')) and 'stats' not in line:
line = line.strip()
print(line.split(' ')[1], end="<br>")
lines += line.split(' ')[1] + '<br>'
return lines
def change_ip_and_port() -> None:
backend_backend = common.checkAjaxInput(form.getvalue('backend_backend'))
backend_server = common.checkAjaxInput(form.getvalue('backend_server'))
backend_ip = common.checkAjaxInput(form.getvalue('backend_ip'))
backend_port = common.checkAjaxInput(form.getvalue('backend_port'))
def change_ip_and_port(serv, backend_backend, backend_server, backend_ip, backend_port) -> str:
if backend_ip is None:
return 'error: Backend IP must be IP and not 0'
if form.getvalue('backend_ip') is None:
print('error: Backend IP must be IP and not 0')
return
if form.getvalue('backend_port') is None:
print('error: The backend port must be integer and not 0')
return
if backend_port is None:
return 'error: The backend port must be integer and not 0'
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
lines = ''
masters = sql.is_master(serv)
for master in masters:
@ -133,7 +130,7 @@ def change_ip_and_port() -> None:
cmd = 'echo "set server %s/%s addr %s port %s check-port %s" |nc %s %s' % (
backend_backend, backend_server, backend_ip, backend_port, backend_port, master[0], haproxy_sock_port)
output, stderr = server_mod.subprocess_execute(cmd)
print(output[0])
lines += output[0]
roxywi_common.logging(
master[0], 'IP address and port have been changed. On: {}/{} to {}:{}'.format(
backend_backend, backend_server, backend_ip, backend_port
@ -151,9 +148,9 @@ def change_ip_and_port() -> None:
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
print('error: ' + stderr[0])
lines += 'error: ' + stderr[0]
else:
print(output[0])
lines += output[0]
configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')
cfg = f"{configs_dir}{serv}-{get_date.return_date('config')}.cfg"
@ -162,15 +159,16 @@ def change_ip_and_port() -> None:
'&& sed -Ei "$( echo $string)s/((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5]):[0-9]+/%s:%s/g" %s' % \
(backend_backend, cfg, backend_server, backend_ip, backend_port, cfg)
server_mod.subprocess_execute(cmd)
config_mod.master_slave_upload_and_restart(serv, cfg, just_save='save')
config_mod.master_slave_upload_and_restart(serv, cfg, 'save', 'haproxy')
return lines
def change_maxconn_global() -> None:
if form.getvalue('maxconn_global') is None:
print('error: Maxconn must be integer and not 0')
return
def change_maxconn_global(serv: str, maxconn: int) -> str:
if maxconn is None:
return 'error: Maxconn must be integer and not 0'
maxconn = common.checkAjaxInput(form.getvalue('maxconn_global'))
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
masters = sql.is_master(serv)
@ -181,12 +179,11 @@ def change_maxconn_global() -> None:
roxywi_common.logging(master[0], f'Maxconn has been changed. Globally to {maxconn}', login=1, keep_history=1, service='haproxy')
cmd = f'echo "set maxconn global {maxconn}" |nc {serv} {haproxy_sock_port}'
print(cmd)
roxywi_common.logging(serv, f'Maxconn has been changed. Globally to {maxconn}', login=1, keep_history=1, service='haproxy')
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
print(stderr[0])
return stderr[0]
elif output[0] == '':
configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')
cfg = f"{configs_dir}{serv}-{get_date.return_date('config')}.cfg"
@ -195,19 +192,16 @@ def change_maxconn_global() -> None:
cmd = 'string=`grep global %s -n -A5 |grep maxcon -n |awk -F":" \'{print $2}\'|awk -F"-" \'{print $1}\'` ' \
'&& sed -Ei "$( echo $string)s/[0-9]+/%s/g" %s' % (cfg, maxconn, cfg)
server_mod.subprocess_execute(cmd)
config_mod.master_slave_upload_and_restart(serv, cfg, just_save='save')
print(f'success: Maxconn globally has been set to {maxconn} ')
config_mod.master_slave_upload_and_restart(serv, cfg, 'save', 'haproxy')
return f'success: Maxconn globally has been set to {maxconn} '
else:
print(f'error: {output[0]}')
return f'error: {output[0]}'
def change_maxconn_frontend() -> None:
if form.getvalue('maxconn_int') is None:
print('error: Maxconn must be integer and not 0')
return
def change_maxconn_frontend(serv, maxconn, frontend) -> str:
if maxconn is None:
return 'error: Maxconn must be integer and not 0'
frontend = common.checkAjaxInput(form.getvalue('maxconn_frontend'))
maxconn = common.checkAjaxInput(form.getvalue('maxconn_int'))
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
masters = sql.is_master(serv)
@ -222,7 +216,7 @@ def change_maxconn_frontend() -> None:
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
print(stderr[0])
return stderr[0]
elif output[0] == '':
configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')
cfg = f"{configs_dir}{serv}-{get_date.return_date('config')}.cfg"
@ -231,20 +225,16 @@ def change_maxconn_frontend() -> None:
cmd = 'string=`grep %s %s -n -A5 |grep maxcon -n |awk -F":" \'{print $2}\'|awk -F"-" \'{print $1}\'` ' \
'&& sed -Ei "$( echo $string)s/[0-9]+/%s/g" %s' % (frontend, cfg, maxconn, cfg)
server_mod.subprocess_execute(cmd)
config_mod.master_slave_upload_and_restart(serv, cfg, just_save='save')
print(f'success: Maxconn for {frontend} has been set to {maxconn} ')
config_mod.master_slave_upload_and_restart(serv, cfg, 'save', 'haproxy')
return f'success: Maxconn for {frontend} has been set to {maxconn} '
else:
print(f'error: {output[0]}')
return f'error: {output[0]}'
def change_maxconn_backend() -> None:
if form.getvalue('maxconn_int') is None:
print('error: Maxconn must be integer and not 0')
return
def change_maxconn_backend(serv, backend, backend_server, maxconn) -> str:
if maxconn is None:
return 'error: Maxconn must be integer and not 0'
backend = common.checkAjaxInput(form.getvalue('maxconn_backend'))
backend_server = common.checkAjaxInput(form.getvalue('maxconn_backend_server'))
maxconn = common.checkAjaxInput(form.getvalue('maxconn_int'))
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
masters = sql.is_master(serv)
@ -255,12 +245,11 @@ def change_maxconn_backend() -> None:
roxywi_common.logging(master[0], f'Maxconn has been changed. On: {backend}/{backend_server} to {maxconn}', login=1, keep_history=1, service='haproxy')
cmd = f'echo "set maxconn server {backend}/{backend_server} {maxconn}" |nc {serv} {haproxy_sock_port}'
print(cmd)
roxywi_common.logging(serv, f'Maxconn has been changed. On: {backend} to {maxconn}', login=1, keep_history=1, service='haproxy')
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
print(stderr[0])
return stderr[0]
elif output[0] == '':
configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')
cfg = f"{configs_dir}{serv}-{get_date.return_date('config')}.cfg"
@ -269,180 +258,169 @@ def change_maxconn_backend() -> None:
cmd = 'string=`grep %s %s -n -A10 |grep maxcon -n|grep %s |awk -F":" \'{print $2}\'|awk -F"-" \'{print $1}\'` ' \
'&& sed -Ei "$( echo $string)s/maxconn [0-9]+/maxconn %s/g" %s' % (backend, cfg, backend_server, maxconn, cfg)
server_mod.subprocess_execute(cmd)
config_mod.master_slave_upload_and_restart(serv, cfg, just_save='save')
print(f'success: Maxconn for {backend}/{backend_server} has been set to {maxconn} ')
config_mod.master_slave_upload_and_restart(serv, cfg, 'save', 'haproxy')
return f'success: Maxconn for {backend}/{backend_server} has been set to {maxconn} '
else:
print(f'error: {output[0]}')
return f'error: {output[0]}'
def table_select():
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates'), autoescape=True,
extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'], trim_blocks=True, lstrip_blocks=True)
table = form.getvalue('table_select')
lang = roxywi_common.get_user_lang()
def table_select(serv: str, table: str):
lang = roxywi_common.get_user_lang_for_flask()
if table == 'All':
template = env.get_template('ajax/stick_tables.html')
tables = get_all_stick_table()
tables = get_all_stick_table(serv)
table = []
for t in tables.split(','):
if t != '':
table_id = []
tables_head1, table1 = get_stick_table(t)
tables_head1, table1 = get_stick_table(serv, t)
table_id.append(tables_head1)
table_id.append(table1)
table.append(table_id)
template = template.render(table=table, lang=lang)
return render_template('ajax/stick_tables.html', table=table, lang=lang)
else:
template = env.get_template('ajax/stick_table.html')
tables_head, table = get_stick_table(table)
template = template.render(tables_head=tables_head, table=table, lang=lang)
print(template)
tables_head, table = get_stick_table(serv, table)
return render_template('ajax/stick_table.html', tables_head=tables_head, table=table, lang=lang)
def delete_ip_from_stick_table() -> None:
def delete_ip_from_stick_table(serv, ip, table) -> str:
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
ip = common.checkAjaxInput(form.getvalue('ip_for_delete'))
table = common.checkAjaxInput(form.getvalue('table_for_delete'))
cmd = f'echo "clear table {table} key {ip}" |nc {serv} {haproxy_sock_port}'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr[0] != '':
print(f'error: {stderr[0]}')
try:
if stderr[0] != '':
return f'error: {stderr[0]}'
except Exception:
return 'ok'
def clear_stick_table() -> None:
def clear_stick_table(serv, table) -> str:
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
table = common.checkAjaxInput(form.getvalue('table_for_clear'))
cmd = f'echo "clear table {table} " |nc {serv} {haproxy_sock_port}'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr[0] != '':
print(f'error: {stderr[0]}')
try:
if stderr[0] != '':
return f'error: {stderr[0]}'
except Exception:
return 'ok'
def list_of_lists() -> None:
def list_of_lists(serv) -> str:
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
cmd = f'echo "show acl"|nc {serv} {haproxy_sock_port} |grep "loaded from" |awk \'{{print $1,$2}}\''
output, stderr = server_mod.subprocess_execute(cmd)
print(output)
try:
return output[0]
except Exception:
return '------'
def show_lists() -> None:
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True,
extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'], trim_blocks=True, lstrip_blocks=True)
template = env.get_template('ajax/list.html')
list_id = common.checkAjaxInput(form.getvalue('list_select_id'))
list_name = common.checkAjaxInput(form.getvalue('list_select_name'))
def show_lists(serv, list_id, list_name) -> None:
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
cmd = f'echo "show acl #{list_id}"|nc {serv} {haproxy_sock_port}'
output, stderr = server_mod.subprocess_execute(cmd)
template = template.render(list=output, list_id=list_id, list_name=list_name)
print(template)
return render_template('ajax/list.html', list=output, list_id=list_id, list_name=list_name)
def delete_ip_from_list() -> None:
def delete_ip_from_list(serv, ip_id, ip, list_id, list_name) -> str:
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
lib_path = get_config_var.get_config_var('main', 'lib_path')
ip_id = common.checkAjaxInput(form.getvalue('list_ip_id_for_delete'))
ip = common.is_ip_or_dns(form.getvalue('list_ip_for_delete'))
list_id = common.checkAjaxInput(form.getvalue('list_id_for_delete'))
list_name = common.checkAjaxInput(form.getvalue('list_name'))
user_group = roxywi_common.get_user_group(id=1)
cmd = f"sed -i 's!{ip}$!!' {lib_path}/lists/{user_group}/{list_name}"
cmd1 = f"sed -i '/^$/d' {lib_path}/lists/{user_group}/{list_name}"
output, stderr = server_mod.subprocess_execute(cmd)
output1, stderr1 = server_mod.subprocess_execute(cmd1)
if output:
print(f'error: {output}')
return f'error: {output}'
if stderr:
print(f'error: {stderr}')
return f'error: {stderr}'
if output1:
print(f'error: {output1}')
return f'error: {output1}'
if stderr1:
print(f'error: {stderr}')
return f'error: {stderr}'
cmd = f'echo "del acl #{list_id} #{ip_id}" |nc {serv} {haproxy_sock_port}'
output, stderr = server_mod.subprocess_execute(cmd)
if output[0] != '':
print(f'error: {output[0]}')
if stderr != '':
print(f'error: {stderr[0]}')
roxywi_common.logging(serv, f'{ip_id} has been delete from list {list_id}', login=1, keep_history=1, service='haproxy')
try:
if output[0] != '':
return f'error: {output[0]}'
except Exception:
pass
try:
if stderr != '':
return f'error: {stderr[0]}'
except Exception:
pass
def add_ip_to_list() -> None:
def add_ip_to_list(serv, ip, list_id, list_name) -> str:
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
lib_path = get_config_var.get_config_var('main', 'lib_path')
ip = form.getvalue('list_ip_for_add')
ip = ip.strip()
ip = common.is_ip_or_dns(ip)
list_id = common.checkAjaxInput(form.getvalue('list_id_for_add'))
list_name = common.checkAjaxInput(form.getvalue('list_name'))
user_group = roxywi_common.get_user_group(id=1)
cmd = f'echo "add acl #{list_id} {ip}" |nc {serv} {haproxy_sock_port}'
output, stderr = server_mod.subprocess_execute(cmd)
if output[0]:
print(f'error: {output[0]}')
if stderr:
print(f'error: {stderr[0]}')
try:
if output[0]:
return f'error: {output[0]}'
except Exception:
pass
try:
if stderr:
print(f'error: {stderr[0]}')
except Exception:
pass
if 'is not a valid IPv4 or IPv6 address' not in output[0]:
cmd = f'echo "{ip}" >> {lib_path}/lists/{user_group}/{list_name}'
output, stderr = server_mod.subprocess_execute(cmd)
roxywi_common.logging(serv, f'{ip} has been added to list {list_id}', login=1, keep_history=1, service='haproxy')
if output:
print(f'error: {output}')
return f'error: {output}'
if stderr:
print(f'error: {stderr}')
roxywi_common.logging(serv, f'{ip} has been added to list {list_id}', login=1, keep_history=1, service='haproxy')
return f'error: {stderr}'
def select_session() -> None:
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates'), autoescape=True,
extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'], trim_blocks=True, lstrip_blocks=True)
session = common.checkAjaxInput(form.getvalue('sessions_select'))
lang = roxywi_common.get_user_lang()
def select_session(server_ip: str) -> str:
lang = roxywi_common.get_user_lang_for_flask()
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
cmd = f'echo "show sess" |nc {session} {haproxy_sock_port}'
cmd = f'echo "show sess" |nc {server_ip} {haproxy_sock_port}'
output, stderr = server_mod.subprocess_execute(cmd)
template = env.get_template('ajax/sessions_table.html')
template = template.render(sessions=output, lang=lang)
print(template)
return render_template('ajax/sessions_table.html', sessions=output, lang=lang)
def show_session() -> None:
session = common.checkAjaxInput(form.getvalue('sessions_select_show'))
sess_id = common.checkAjaxInput(form.getvalue('sessions_select_id'))
def show_session(server_ip, sess_id) -> str:
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
cmd = f'echo "show sess {sess_id}" |nc {session} {haproxy_sock_port}'
cmd = f'echo "show sess {sess_id}" |nc {server_ip} {haproxy_sock_port}'
output, stderr = server_mod.subprocess_execute(cmd)
lines = ''
if stderr:
print('error: ' + stderr[0])
return 'error: ' + stderr[0]
else:
for o in output:
print(f'{o}<br />')
lines += f'{o}<br />'
return lines
def delete_session() -> None:
def delete_session(server_ip, sess_id) -> str:
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
sess_id = common.checkAjaxInput(form.getvalue('session_delete_id'))
cmd = 'echo "shutdown session %s" |nc %s %s' % (sess_id, serv, haproxy_sock_port)
cmd = f'echo "shutdown session {sess_id}" |nc {server_ip} {haproxy_sock_port}'
output, stderr = server_mod.subprocess_execute(cmd)
if output[0] != '':
print('error: ' + output[0])
if stderr[0] != '':
print('error: ' + stderr[0])
try:
if output[0] != '':
return 'error: ' + output[0]
except Exception:
pass
try:
if stderr[0] != '':
return 'error: ' + stderr[0]
except Exception:
pass
return 'ok'

72
app/modules/db/db_model.py
View File

@ -1,6 +1,7 @@
from peewee import *
from playhouse.migrate import *
from datetime import datetime
from flask_login import UserMixin
import modules.roxy_wi_tools as roxy_wi_tools
@ -26,7 +27,7 @@ class BaseModel(Model):
database = conn
class User(BaseModel):
class User(BaseModel, UserMixin):
user_id = AutoField(column_name='id')
username = CharField(constraints=[SQL('UNIQUE')])
email = CharField(constraints=[SQL('UNIQUE')])
@ -354,66 +355,6 @@ class PortScannerHistory(BaseModel):
primary_key = False
class ProvidersCreds(BaseModel):
id = AutoField()
name = CharField()
type = CharField()
group = CharField()
key = CharField()
secret = CharField(null=True)
create_date = DateTimeField(default=datetime.now)
edit_date = DateTimeField(default=datetime.now)
class Meta:
table_name = 'providers_creds'
class ProvisionParam(BaseModel):
id = AutoField()
param = CharField()
name = CharField()
optgroup = CharField()
section = CharField()
provider = CharField()
image = CharField(null=True)
class Meta:
table_name = 'provision_param'
constraints = [SQL('UNIQUE (param, section, provider)')]
class ProvisionedServers(BaseModel):
id = AutoField()
region = CharField()
instance_type = CharField()
public_ip = IntegerField(null=True)
floating_ip = IntegerField(null=True)
volume_size = IntegerField(null=True)
backup = IntegerField(null=True)
monitoring = IntegerField(null=True)
private_networking = IntegerField(null=True)
ssh_key_name = CharField(null=True)
ssh_ids = CharField(null=True)
name = CharField()
os = CharField()
firewall = IntegerField()
provider_id = IntegerField()
type = CharField()
status = CharField()
group_id = IntegerField()
date = DateTimeField(default=datetime.now)
IP = CharField(null=True)
last_error = CharField(null=True)
delete_on_termination = IntegerField(null=True)
project = CharField(null=True)
network_name = CharField(null=True)
volume_type = CharField(null=True)
name_template = CharField(null=True)
class Meta:
table_name = 'provisioned_servers'
class MetricsHttpStatus(BaseModel):
serv = CharField()
ok_ans = IntegerField(column_name='2xx')
@ -679,8 +620,7 @@ def create_tables():
with conn:
conn.create_tables([User, Server, Role, Telegram, Slack, UUID, Token, ApiToken, Groups, UserGroups, ConfigVersion,
Setting, Cred, Backup, Metrics, WafMetrics, Version, Option, SavedServer, Waf, ActionHistory,
PortScannerSettings, PortScannerPorts, PortScannerHistory, ProvidersCreds, ServiceSetting,
ProvisionedServers, MetricsHttpStatus, SMON, WafRules, Alerts, GeoipCodes, NginxMetrics,
SystemInfo, Services, UserName, GitSetting, CheckerSetting, ApacheMetrics, ProvisionParam,
WafNginx, ServiceStatus, KeepaliveRestart, PD, SmonHistory, SmonTcpCheck, SmonHttpCheck,
SmonPingCheck, SmonDnsCheck, S3Backup])
PortScannerSettings, PortScannerPorts, PortScannerHistory, ServiceSetting, MetricsHttpStatus,
SMON, WafRules, Alerts, GeoipCodes, NginxMetrics, SystemInfo, Services, UserName, GitSetting,
CheckerSetting, ApacheMetrics, WafNginx, ServiceStatus, KeepaliveRestart, PD, SmonHistory,
SmonTcpCheck, SmonHttpCheck, SmonPingCheck, SmonDnsCheck, S3Backup])

382
app/modules/db/sql.py
View File

@ -1,13 +1,23 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import traceback
import sys
import os
import sys
import traceback
from modules.db.db_model import *
import modules.roxy_wi_tools as roxy_wi_tools
def out_error(error):
error = str(error)
exc_type, exc_obj, exc_tb = sys.exc_info()
file_name = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
stk = traceback.extract_tb(exc_tb, 1)
function_name = stk[0][2]
error = f'{error} in function: {function_name} in file: {file_name}'
raise Exception(f'error: {error}')
def get_setting(param, **kwargs):
import http.cookies
@ -59,16 +69,6 @@ time_zone = get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
def out_error(error):
error = str(error)
exc_type, exc_obj, exc_tb = sys.exc_info()
file_name = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
stk = traceback.extract_tb(exc_tb, 1)
function_name = stk[0][2]
error = f'{error} in function: {function_name} in file: {file_name}'
raise Exception(f'error: {error}')
def add_user(user, email, password, role, activeuser, group):
if password != 'aduser':
try:
@ -702,21 +702,13 @@ def delete_old_uuid():
out_error(e)
def update_last_act_user(uuid, token):
def update_last_act_user(uuid: str, token: str, ip: str) -> None:
session_ttl = int(get_setting('session_ttl'))
token_ttl = int(get_setting('token_ttl'))
cur_date_session = get_date.return_date('regular', timedelta=session_ttl)
cur_date_token = get_date.return_date('regular', timedelta=token_ttl)
cur_date = get_date.return_date('regular')
user_id = get_user_id_by_uuid(uuid)
try:
import cgi
import os
ip = cgi.escape(os.environ["REMOTE_ADDR"])
except Exception:
ip = ''
query = UUID.update(exp=cur_date_session).where(UUID.uuid == uuid)
query1 = Token.update(exp=cur_date_token).where(Token.token == token)
query2 = User.update(last_login_date=cur_date, last_login_ip=ip).where(User.user_id == user_id)
@ -767,6 +759,7 @@ def get_user_role_by_uuid(uuid, group_id):
(UserGroups.user_group_id == group_id)
)
)
try:
query_res = query.execute()
except Exception as e:
@ -866,19 +859,7 @@ def get_pd_by_id(pd_id):
return query_res
def get_dick_permit(**kwargs):
if kwargs.get('username'):
grp = kwargs.get('group_id')
else:
try:
import http.cookies
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
group = cookie.get('group')
grp = group.value
except Exception:
print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
return
def get_dick_permit(group_id, **kwargs):
only_group = kwargs.get('only_group')
disable = 'enable = 1'
haproxy = ''
@ -907,21 +888,15 @@ def get_dick_permit(**kwargs):
cursor = conn.cursor()
try:
if mysql_enable == '1':
if grp == '1' and not only_group:
sql = """ select * from `servers` where {} {} {} {} {} {} {} order by `pos` asc""".format(
disable, type_ip, nginx, haproxy, keepalived, apache, ip
)
if group_id == '1' and not only_group:
sql = f" select * from `servers` where {disable} {type_ip} {nginx} {haproxy} {keepalived} {apache} {ip} order by `pos` asc"
else:
sql = """ select * from `servers` where `groups` = {group} and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by `pos` asc
""".format(
group=grp, disable=disable, type_ip=type_ip, ip=ip, haproxy=haproxy, nginx=nginx, keepalived=keepalived, apache=apache
)
sql = f" select * from `servers` where `groups` = {group_id} and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by `pos` asc"
else:
if grp == '1' and not only_group:
sql = """ select * from servers where {} {} {} {} {} {} {} order by pos""".format(disable, type_ip, nginx, haproxy, keepalived, apache, ip)
if group_id == '1' and not only_group:
sql = f" select * from servers where {disable} {type_ip} {nginx} {haproxy} {keepalived} {apache} {ip} order by pos"
else:
sql = """ select * from servers where groups = '{group}' and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by pos
""".format(group=grp, disable=disable, type_ip=type_ip, ip=ip, haproxy=haproxy, nginx=nginx, keepalived=keepalived, apache=apache)
sql = f" select * from servers where groups = '{group_id}' and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by pos"
except Exception as e:
raise Exception(f'error: {e}')
@ -1737,6 +1712,8 @@ def update_waf_metrics_enable(name, enable):
Waf.update(metrics=enable).where(Waf.server_id == server_id).execute()
except Exception as e:
out_error(e)
else:
return 'ok'
def delete_metrics():
@ -2492,14 +2469,14 @@ def update_firewall(serv):
return False
def update_server_pos(pos, server_id):
def update_server_pos(pos, server_id) -> str:
query = Server.update(pos=pos).where(Server.server_id == server_id)
try:
query.execute()
return True
return 'ok'
except Exception as e:
out_error(e)
return False
return 'not_ok'
def check_token_exists(token):
@ -2915,6 +2892,7 @@ def select_one_smon(smon_id: int, check_id: int) -> object:
query = SmonDnsCheck.select(SmonDnsCheck, SMON).join_from(SmonDnsCheck, SMON).where(SMON.id == smon_id)
else:
query = SmonPingCheck.select(SmonPingCheck, SMON).join_from(SmonPingCheck, SMON).where(SMON.id == smon_id)
try:
query_res = query.execute()
except Exception as e:
@ -3345,300 +3323,6 @@ def delete_provider(provider_id):
return False
def add_server_aws(
region, instance_type, public_ip, floating_ip, volume_size, ssh_key_name, name, os, firewall,
provider_id, group_id, status, delete_on_termination, volume_type
):
cur_date = get_date.return_date('regular')
try:
ProvisionedServers.insert(
region=region, instance_type=instance_type, public_ip=public_ip, floating_ip=floating_ip,
volume_size=volume_size, volume_type=volume_type, ssh_key_name=ssh_key_name, name=name, os=os,
firewall=firewall, provider_id=provider_id, group_id=group_id, delete_on_termination=delete_on_termination,
type='aws', status=status, date=cur_date
).execute()
return True
except Exception as e:
out_error(e)
return False
def add_server_gcore(
project, region, instance_type, network_type, network_name, volume_size, ssh_key_name, name, os,
firewall, provider_id, group_id, status, delete_on_termination, volume_type
):
cur_date = get_date.return_date('regular')
try:
ProvisionedServers.insert(
region=region, instance_type=instance_type, public_ip=network_type, network_name=network_name,
volume_size=volume_size, volume_type=volume_type, ssh_key_name=ssh_key_name, name=name,
os=os, firewall=firewall, provider_id=provider_id, group_id=group_id, type='gcore',
delete_on_termination=delete_on_termination, project=project, status=status, date=cur_date
).execute()
return True
except Exception as e:
out_error(e)
return False
def add_server_do(
region, size, privet_net, floating_ip, ssh_ids, ssh_key_name, name, oss, firewall, monitoring, backup,
provider_id, group_id, status
):
cur_date = get_date.return_date('regular')
try:
ProvisionedServers.insert(
region=region, instance_type=size, private_networking=privet_net, floating_ip=floating_ip,
ssh_ids=ssh_ids, ssh_key_name=ssh_key_name, name=name, os=oss, firewall=firewall,
monitoring=monitoring, backup=backup, provider_id=provider_id, group_id=group_id,
type='do', status=status, date=cur_date
).execute()
return True
except Exception as e:
out_error(e)
return False
def select_aws_server(server_id):
prov_serv = ProvisionedServers.alias()
query = (
prov_serv.select(
prov_serv.region, prov_serv.instance_type, prov_serv.public_ip, prov_serv.floating_ip, prov_serv.volume_size,
prov_serv.ssh_key_name, prov_serv.name, prov_serv.os, prov_serv.firewall, prov_serv.provider_id,
prov_serv.group_id, prov_serv.id, prov_serv.delete_on_termination, prov_serv.volume_type
).where(prov_serv.id == server_id))
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_gcore_server(server_id):
prov_serv = ProvisionedServers.alias()
query = (
prov_serv.select(
prov_serv.region, prov_serv.instance_type, prov_serv.public_ip, prov_serv.floating_ip, prov_serv.volume_size,
prov_serv.ssh_key_name, prov_serv.name, prov_serv.os, prov_serv.firewall, prov_serv.provider_id,
prov_serv.group_id, prov_serv.id, prov_serv.delete_on_termination, prov_serv.project, prov_serv.network_name,
prov_serv.volume_type, prov_serv.name_template
).where(prov_serv.id == server_id))
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_do_server(server_id):
prov_serv = ProvisionedServers.alias()
query = (
prov_serv.select(
prov_serv.region, prov_serv.instance_type, prov_serv.private_networking, prov_serv.floating_ip,
prov_serv.ssh_ids, prov_serv.ssh_key_name, prov_serv.name, prov_serv.os, prov_serv.firewall, prov_serv.backup,
prov_serv.monitoring, prov_serv.provider_id, prov_serv.group_id, prov_serv.id
).where(prov_serv.id == server_id))
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def update_provisioning_server_status(status, user_group_id, name, provider_id, **kwargs):
if kwargs.get('update_ip'):
query = ProvisionedServers.update(status=status, IP=kwargs.get('update_ip')).where(
(ProvisionedServers.name == name) & (ProvisionedServers.group_id == user_group_id) & (ProvisionedServers.provider_id == provider_id)
)
else:
query = ProvisionedServers.update(status=status).where(
(ProvisionedServers.name == name)
& (ProvisionedServers.group_id == user_group_id)
& (ProvisionedServers.provider_id == provider_id)
)
try:
query.execute()
except Exception as e:
out_error(e)
def update_provisioning_server_gcore_name(name, template_name, user_group_id, provider_id):
query = ProvisionedServers.update(name_template=template_name).where(
(ProvisionedServers.name == name)
& (ProvisionedServers.group_id == user_group_id)
& (ProvisionedServers.provider_id == provider_id)
)
try:
query.execute()
except Exception as e:
out_error(e)
def update_provisioning_server_error(status, user_group_id, name, provider_id):
query = ProvisionedServers.update(last_error=status).where(
(ProvisionedServers.name == name)
& (ProvisionedServers.group_id == user_group_id)
& (ProvisionedServers.provider_id == provider_id)
)
try:
query.execute()
except Exception as e:
out_error(e)
def update_server_aws(
region, size, public_ip, floating_ip, volume_size, ssh_name, workspace, oss, firewall, provider,
group, status, server_id, delete_on_termination, volume_type
):
query = ProvisionedServers.update(
region=region, instance_type=size, public_ip=public_ip, floating_ip=floating_ip, volume_size=volume_size,
ssh_key_name=ssh_name, name=workspace, os=oss, firewall=firewall, provider_id=provider, group_id=group,
status=status, delete_on_termination=delete_on_termination, volume_type=volume_type
).where(ProvisionedServers.id == server_id)
try:
query.execute()
return True
except Exception as e:
out_error(e)
return False
def update_server_gcore(
region, size, network_type, network_name, volume_size, ssh_name, workspace, oss, firewall,
provider, group, status, server_id, delete_on_termination, volume_type, project
):
query = ProvisionedServers.update(
region=region, instance_type=size, public_ip=network_type, network_name=network_name, volume_size=volume_size,
ssh_key_name=ssh_name, name=workspace, os=oss, firewall=firewall, provider_id=provider, group_id=group,
status=status, delete_on_termination=delete_on_termination, volume_type=volume_type, project=project
).where(ProvisionedServers.id == server_id)
try:
query.execute()
return True
except Exception as e:
out_error(e)
return False
def update_server_do(
size, privet_net, floating_ip, ssh_ids, ssh_name, oss, firewall, monitoring, backup, provider, group,
status, server_id
):
query = ProvisionedServers.update(
instance_type=size, private_networking=privet_net, floating_ip=floating_ip, ssh_ids=ssh_ids,
ssh_key_name=ssh_name, os=oss, firewall=firewall, monitoring=monitoring, backup=backup, provider_id=provider,
group_id=group, status=status
).where(ProvisionedServers.id == server_id)
try:
query.execute()
return True
except Exception as e:
out_error(e)
return False
def delete_provisioned_servers(server_id):
query = ProvisionedServers.delete().where(ProvisionedServers.id == server_id)
try:
query.execute()
except Exception as e:
out_error(e)
def select_provisioned_servers(**kwargs):
prov_serv = ProvisionedServers.alias()
if kwargs.get('new'):
query = (
prov_serv.select(
prov_serv.id, prov_serv.name, prov_serv.provider_id, prov_serv.type, prov_serv.group_id,
prov_serv.instance_type, prov_serv.status, prov_serv.date, prov_serv.region, prov_serv.os,
prov_serv.IP, prov_serv.last_error, prov_serv.name_template
).where(
(prov_serv.name == kwargs.get('new'))
& (prov_serv.group_id == kwargs.get('group'))
& (prov_serv.type == kwargs.get('type'))
)
)
else:
query = prov_serv.select(
prov_serv.id, prov_serv.name, prov_serv.provider_id, prov_serv.type, prov_serv.group_id,
prov_serv.instance_type, prov_serv.status, prov_serv.date, prov_serv.region, prov_serv.os,
prov_serv.IP, prov_serv.last_error, prov_serv.name_template
)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_aws_provider(provider_id):
try:
query_res = ProvidersCreds.get(ProvidersCreds.id == provider_id)
except Exception:
return ""
else:
return query_res.key, query_res.secret
def select_gcore_provider(provider_id):
try:
query_res = ProvidersCreds.get(ProvidersCreds.id == provider_id)
except Exception:
return ""
else:
return query_res.key, query_res.secret
def select_do_provider(provider_id):
try:
query_res = ProvidersCreds.get(ProvidersCreds.id == provider_id)
except Exception:
return ""
else:
return query_res.key
def update_do_provider(new_name, new_token, provider_id):
cur_date = get_date.return_date('regular')
try:
ProvidersCreds.update(
name=new_name, key=new_token, edit_date=cur_date
).where(ProvidersCreds.id == provider_id).execute()
return True
except Exception as e:
out_error(e)
return False
def update_gcore_provider(new_name, new_user, new_pass, provider_id):
cur_date = get_date.return_date('regular')
try:
ProvidersCreds.update(
name=new_name, key=new_user, secret=new_pass, edit_date=cur_date
).where(ProvidersCreds.id == provider_id).execute()
return True
except Exception as e:
out_error(e)
return False
def update_aws_provider(new_name, new_key, new_secret, provider_id):
cur_date = get_date.return_date('regular')
try:
ProvidersCreds.update(
name=new_name, key=new_key, secret=new_secret, edit_date=cur_date
).where(ProvidersCreds.id == provider_id).execute()
return True
except Exception as e:
out_error(e)
return False
def is_serv_protected(serv):
try:
query_res = Server.get(Server.ip == serv)
@ -4219,18 +3903,6 @@ def update_service_checker_settings(
return True
def select_provisioning_params():
query = ProvisionParam.select()
try:
query_res = query.execute()
except Exception as e:
out_error(e)
return
else:
return query_res
def select_service(slug: str) -> str:
try:
query_res = Services.get(Services.slug == slug)

1
app/modules/provisioning/__init__.py
View File

@ -1 +0,0 @@
NAME = 'roxy-wi-provisioning-modules'

133
app/modules/provisioning/aws.py
View File

@ -1,133 +0,0 @@
import modules.db.sql as sql
import modules.common.common as common
import modules.server.server as server_mod
import modules.provisioning.common as prov_common
form = common.form
def validate() -> None:
if form.getvalue('awsvalidate'):
workspace = form.getvalue('awsvalidate')
group = form.getvalue('aws_create_group')
else:
workspace = form.getvalue('awseditvalidate')
group = form.getvalue('aws_edit_group')
cmd = f'cd scripts/terraform/ && sudo terraform plan -no-color -input=false -target=module.aws_module -var-file vars/{workspace}_{group}_aws.tfvars'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
print('error: ' + stderr)
else:
print('ok')
def new_workspace() -> None:
workspace = form.getvalue('awsworkspace')
group = form.getvalue('aws_create_group')
provider = form.getvalue('aws_create_provider')
region = form.getvalue('aws_create_regions')
size = form.getvalue('aws_create_size')
oss = form.getvalue('aws_create_oss')
ssh_name = form.getvalue('aws_create_ssh_name')
volume_size = form.getvalue('aws_create_volume_size')
volume_type = form.getvalue('aws_create_volume_type')
delete_on_termination = form.getvalue('aws_create_delete_on_termination')
floating_ip = form.getvalue('aws_create_floating_net')
firewall = form.getvalue('aws_create_firewall')
public_ip = form.getvalue('aws_create_public_ip')
cmd = f'cd scripts/terraform/ && sudo terraform workspace new {workspace}_{group}_aws'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
prov_common.show_error(stderr, group, workspace, provider)
else:
try:
if sql.add_server_aws(
region, size, public_ip, floating_ip, volume_size, ssh_name, workspace, oss, firewall,
provider, group, 'Creating', delete_on_termination, volume_type
):
prov_common.show_new_server(workspace, group, 'aws')
except Exception as e:
print(e)
def edit_workspace() -> None:
workspace = form.getvalue('awseditworkspace')
group = form.getvalue('aws_editing_group')
provider = form.getvalue('aws_editing_provider')
region = form.getvalue('aws_editing_regions')
size = form.getvalue('aws_editing_size')
oss = form.getvalue('aws_editing_oss')
ssh_name = form.getvalue('aws_editing_ssh_name')
volume_size = form.getvalue('aws_editing_volume_size')
volume_type = form.getvalue('aws_editing_volume_type')
delete_on_termination = form.getvalue('aws_editing_delete_on_termination')
floating_ip = form.getvalue('aws_editing_floating_net')
firewall = form.getvalue('aws_editing_firewall')
public_ip = form.getvalue('aws_editing_public_ip')
server_id = form.getvalue('server_id')
try:
if sql.update_server_aws(
region, size, public_ip, floating_ip, volume_size, ssh_name, workspace, oss, firewall,
provider, group, 'Editing', server_id, delete_on_termination, volume_type
):
try:
cmd = f'cd scripts/terraform/ && sudo terraform workspace select {workspace}_{group}_aws'
output, stderr = server_mod.subprocess_execute(cmd)
except Exception as e:
print(f'error: {e}')
if stderr != '':
prov_common.show_error(stderr, group, workspace, provider)
else:
print('ok')
except Exception as e:
print(e)
def create_vars() -> None:
if form.getvalue('awsvars'):
awsvars = common.checkAjaxInput(form.getvalue('awsvars'))
group = common.checkAjaxInput(form.getvalue('aws_create_group'))
provider = common.checkAjaxInput(form.getvalue('aws_create_provider'))
region = common.checkAjaxInput(form.getvalue('aws_create_regions'))
size = common.checkAjaxInput(form.getvalue('aws_create_size'))
oss = common.checkAjaxInput(form.getvalue('aws_create_oss'))
ssh_name = common.checkAjaxInput(form.getvalue('aws_create_ssh_name'))
volume_size = common.checkAjaxInput(form.getvalue('aws_create_volume_size'))
volume_type = common.checkAjaxInput(form.getvalue('aws_create_volume_type'))
delete_on_termination = common.checkAjaxInput(form.getvalue('aws_create_delete_on_termination'))
floating_ip = common.checkAjaxInput(form.getvalue('aws_create_floating_net'))
firewall = common.checkAjaxInput(form.getvalue('aws_create_firewall'))
public_ip = common.checkAjaxInput(form.getvalue('aws_create_public_ip'))
else:
awsvars = common.checkAjaxInput(form.getvalue('awseditvars'))
group = common.checkAjaxInput(form.getvalue('aws_editing_group'))
provider = common.checkAjaxInput(form.getvalue('aws_editing_provider'))
region = common.checkAjaxInput(form.getvalue('aws_editing_regions'))
size = common.checkAjaxInput(form.getvalue('aws_editing_size'))
oss = common.checkAjaxInput(form.getvalue('aws_editing_oss'))
ssh_name = common.checkAjaxInput(form.getvalue('aws_editing_ssh_name'))
volume_size = common.checkAjaxInput(form.getvalue('aws_editing_volume_size'))
volume_type = common.checkAjaxInput(form.getvalue('aws_editing_volume_type'))
delete_on_termination = common.checkAjaxInput(form.getvalue('aws_editing_delete_on_termination'))
floating_ip = common.checkAjaxInput(form.getvalue('aws_editing_floating_net'))
firewall = common.checkAjaxInput(form.getvalue('aws_editing_firewall'))
public_ip = common.checkAjaxInput(form.getvalue('aws_editing_public_ip'))
aws_key, aws_secret = sql.select_aws_provider(provider)
cmd = f'cd scripts/terraform/ && sudo ansible-playbook var_generator.yml -i inventory -e "region={region} ' \
f'group={group} size={size} os={oss} floating_ip={floating_ip} volume_size={volume_size} server_name={awsvars} ' \
f'AWS_ACCESS_KEY={aws_key} AWS_SECRET_KEY={aws_secret} firewall={firewall} public_ip={public_ip} ' \
f'ssh_name={ssh_name} delete_on_termination={delete_on_termination} volume_type={volume_type} cloud=aws"'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
print(f'error: {stderr}')
else:
print('ok')

31
app/modules/provisioning/common.py
View File

@ -1,31 +0,0 @@
from jinja2 import Environment, FileSystemLoader
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.common as roxywi_common
form = common.form
def show_error(stderr: str, group: str, workspace: str, provider: str) -> None:
stderr = stderr.strip()
stderr = repr(stderr)
stderr = stderr.replace("'", "")
stderr = stderr.replace("\'", "")
sql.update_provisioning_server_status('Error', group, workspace, provider)
sql.update_provisioning_server_error(stderr, group, workspace, provider)
print('error: ' + stderr)
def show_new_server(workspace: str, group: str, cloud: str) -> None:
user_params = roxywi_common.get_users_params()
new_server = sql.select_provisioned_servers(new=workspace, group=group, type=cloud)
params = sql.select_provisioning_params()
lang = roxywi_common.get_user_lang()
providers = sql.select_providers(group)
env = Environment(extensions=["jinja2.ext.do"], loader=FileSystemLoader('templates'))
template = env.get_template('ajax/provisioning/provisioned_servers.html')
template = template.render(servers=new_server, groups=sql.select_groups(), user_group=group, providers=providers,
role=user_params['role'], adding=1, params=params, lang=lang)
print(template)

124
app/modules/provisioning/do.py
View File

@ -1,124 +0,0 @@
import modules.db.sql as sql
import modules.common.common as common
import modules.server.server as server_mod
import modules.provisioning.common as prov_common
form = common.form
def validate() -> None:
if form.getvalue('dovalidate'):
workspace = form.getvalue('dovalidate')
group = form.getvalue('do_create_group')
else:
workspace = form.getvalue('doeditvalidate')
group = form.getvalue('do_edit_group')
cmd = f'cd scripts/terraform/ && sudo terraform plan -no-color -input=false -target=module.do_module -var-file vars/{workspace}_{group}_do.tfvars'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
print(f'error: {stderr}')
else:
print('ok')
def new_workspace() -> None:
workspace = form.getvalue('doworkspace')
group = form.getvalue('do_create_group')
provider = form.getvalue('do_create_provider')
region = form.getvalue('do_create_regions')
size = form.getvalue('do_create_size')
oss = form.getvalue('do_create_oss')
ssh_name = form.getvalue('do_create_ssh_name')
ssh_ids = form.getvalue('do_create_ssh_ids')
backup = form.getvalue('do_create_backup')
privet_net = form.getvalue('do_create_private_net')
floating_ip = form.getvalue('do_create_floating_net')
monitoring = form.getvalue('do_create_monitoring')
firewall = form.getvalue('do_create_firewall')
cmd = f'cd scripts/terraform/ && sudo terraform workspace new {workspace}_{group}_do'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
prov_common.show_error(stderr, group, workspace, provider)
else:
if sql.add_server_do(
region, size, privet_net, floating_ip, ssh_ids, ssh_name, workspace, oss, firewall, monitoring,
backup, provider, group, 'Creating'
):
prov_common.show_new_server(workspace, group, 'do')
def edit_workspace() -> None:
workspace = form.getvalue('doeditworkspace')
group = form.getvalue('do_edit_group')
provider = form.getvalue('do_edit_provider')
size = form.getvalue('do_edit_size')
oss = form.getvalue('do_edit_oss')
ssh_name = form.getvalue('do_edit_ssh_name')
ssh_ids = form.getvalue('do_edit_ssh_ids')
backup = form.getvalue('do_edit_backup')
privet_net = form.getvalue('do_edit_private_net')
floating_ip = form.getvalue('do_edit_floating_net')
monitoring = form.getvalue('do_edit_monitoring')
firewall = form.getvalue('do_edit_firewall')
server_id = form.getvalue('server_id')
try:
if sql.update_server_do(
size, privet_net, floating_ip, ssh_ids, ssh_name, oss, firewall, monitoring, backup, provider,
group, 'Creating', server_id
):
cmd = f'cd scripts/terraform/ && sudo terraform workspace select {workspace}_{group}_do'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
prov_common.show_error(stderr, group, workspace, provider)
else:
print('ok')
except Exception as e:
print(e)
def create_vars() -> None:
if form.getvalue('dovars'):
dovars = form.getvalue('dovars')
group = form.getvalue('do_create_group')
provider = form.getvalue('do_create_provider')
region = form.getvalue('do_create_regions')
size = form.getvalue('do_create_size')
oss = form.getvalue('do_create_oss')
ssh_name = form.getvalue('do_create_ssh_name')
ssh_ids = form.getvalue('do_create_ssh_ids')
backup = form.getvalue('do_create_backup')
privet_net = form.getvalue('do_create_private_net')
floating_ip = form.getvalue('do_create_floating_net')
monitoring = form.getvalue('do_create_monitoring')
firewall = form.getvalue('do_create_firewall')
else:
dovars = form.getvalue('doeditvars')
group = form.getvalue('do_edit_group')
provider = form.getvalue('do_edit_provider')
region = form.getvalue('do_edit_regions')
size = form.getvalue('do_edit_size')
oss = form.getvalue('do_edit_oss')
ssh_name = form.getvalue('do_edit_ssh_name')
ssh_ids = form.getvalue('do_edit_ssh_ids')
backup = form.getvalue('do_edit_backup')
privet_net = form.getvalue('do_edit_private_net')
floating_ip = form.getvalue('do_edit_floating_net')
monitoring = form.getvalue('do_edit_monitoring')
firewall = form.getvalue('do_edit_firewall')
token = sql.select_do_provider(provider)
cmd = f'cd scripts/terraform/ && sudo ansible-playbook var_generator.yml -i inventory -e "region={region} ' \
f'group={group} size={size} os={oss} floating_ip={floating_ip} ssh_ids={ssh_ids} server_name={dovars} ' \
f'token={token} backup={backup} monitoring={monitoring} privet_net={privet_net} firewall={firewall} ' \
f'floating_ip={floating_ip} ssh_name={ssh_name} cloud=do"'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
print(f'error: {stderr}')
else:
print('ok')

141
app/modules/provisioning/gcore.py
View File

@ -1,141 +0,0 @@
import modules.db.sql as sql
import modules.common.common as common
import modules.server.server as server_mod
import modules.provisioning.common as prov_common
form = common.form
def create_vars() -> None:
if form.getvalue('gcorevars'):
gcorevars = form.getvalue('gcorevars')
group = form.getvalue('gcore_create_group')
provider = form.getvalue('gcore_create_provider')
region = form.getvalue('gcore_create_regions')
project = form.getvalue('gcore_create_project')
size = form.getvalue('gcore_create_size')
oss = form.getvalue('gcore_create_oss')
ssh_name = form.getvalue('gcore_create_ssh_name')
volume_size = form.getvalue('gcore_create_volume_size')
volume_type = form.getvalue('gcore_create_volume_type')
delete_on_termination = form.getvalue('gcore_create_delete_on_termination')
network_name = form.getvalue('gcore_create_network_name')
firewall = form.getvalue('gcore_create_firewall')
network_type = form.getvalue('gcore_create_network_type')
elif form.getvalue('gcoreeditvars'):
gcorevars = form.getvalue('gcoreeditvars')
group = form.getvalue('gcore_edit_group')
provider = form.getvalue('gcore_edit_provider')
region = form.getvalue('gcore_edit_regions')
project = form.getvalue('gcore_edit_project')
size = form.getvalue('gcore_edit_size')
oss = form.getvalue('gcore_edit_oss')
ssh_name = form.getvalue('gcore_edit_ssh_name')
volume_size = form.getvalue('gcore_edit_volume_size')
volume_type = form.getvalue('gcore_edit_volume_type')
delete_on_termination = form.getvalue('gcore_edit_delete_on_termination')
network_name = form.getvalue('gcore_edit_network_name')
firewall = form.getvalue('gcore_edit_firewall')
network_type = form.getvalue('gcore_edit_network_type')
try:
gcore_user, gcore_pass = sql.select_gcore_provider(provider)
except Exception as e:
print(e)
cmd = 'cd scripts/terraform/ && sudo ansible-playbook var_generator.yml -i inventory -e "region={} ' \
'group={} size={} os={} network_name={} volume_size={} server_name={} username={} ' \
'pass={} firewall={} network_type={} ssh_name={} delete_on_termination={} project={} volume_type={} ' \
'cloud=gcore"'.format(region, group, size, oss, network_name, volume_size, gcorevars, gcore_user, gcore_pass,
firewall, network_type, ssh_name, delete_on_termination, project, volume_type)
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
print(f'error: {stderr}')
else:
print('ok')
def validate() -> None:
if form.getvalue('gcorevalidate'):
workspace = form.getvalue('gcorevalidate')
group = form.getvalue('gcore_create_group')
else:
workspace = form.getvalue('gcoreeditvalidate')
group = form.getvalue('gcore_edit_group')
cmd = f'cd scripts/terraform/ && sudo terraform plan -no-color -input=false -target=module.gcore_module -var-file vars/{workspace}_{group}_gcore.tfvars'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
print(f'error: {stderr}')
else:
print('ok')
def new_workspace() -> None:
workspace = form.getvalue('gcoreworkspace')
group = form.getvalue('gcore_create_group')
provider = form.getvalue('gcore_create_provider')
region = form.getvalue('gcore_create_regions')
project = form.getvalue('gcore_create_project')
size = form.getvalue('gcore_create_size')
oss = form.getvalue('gcore_create_oss')
ssh_name = form.getvalue('gcore_create_ssh_name')
volume_size = form.getvalue('gcore_create_volume_size')
volume_type = form.getvalue('gcore_create_volume_type')
delete_on_termination = form.getvalue('gcore_create_delete_on_termination')
network_type = form.getvalue('gcore_create_network_type')
firewall = form.getvalue('gcore_create_firewall')
network_name = form.getvalue('gcore_create_network_name')
cmd = f'cd scripts/terraform/ && sudo terraform workspace new {workspace}_{group}_gcore'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
prov_common.show_error(stderr, group, workspace, provider)
else:
try:
if sql.add_server_gcore(
project, region, size, network_type, network_name, volume_size, ssh_name, workspace, oss, firewall,
provider, group, 'Creating', delete_on_termination, volume_type
):
prov_common.show_new_server(workspace, group, 'gcore')
except Exception as e:
print(e)
def edit_workspace() -> None:
workspace = form.getvalue('gcoreeditworkspace')
group = form.getvalue('gcore_edit_group')
provider = form.getvalue('gcore_edit_provider')
region = form.getvalue('gcore_edit_regions')
project = form.getvalue('gcore_edit_project')
size = form.getvalue('gcore_edit_size')
oss = form.getvalue('gcore_edit_oss')
ssh_name = form.getvalue('gcore_edit_ssh_name')
volume_size = form.getvalue('gcore_edit_volume_size')
volume_type = form.getvalue('gcore_edit_volume_type')
delete_on_termination = form.getvalue('gcore_edit_delete_on_termination')
network_type = form.getvalue('gcore_edit_network_type')
firewall = form.getvalue('gcore_edit_firewall')
network_name = form.getvalue('gcore_edit_network_name')
server_id = form.getvalue('server_id')
try:
if sql.update_server_gcore(
region, size, network_type, network_name, volume_size, ssh_name, workspace, oss, firewall,
provider, group, 'Editing', server_id, delete_on_termination, volume_type, project
):
try:
cmd = f'cd scripts/terraform/ && sudo terraform workspace select {workspace}_{group}_gcore'
output, stderr = server_mod.subprocess_execute(cmd)
except Exception as e:
print('error: ' + str(e))
if stderr != '':
prov_common.show_error(stderr, group, workspace, provider)
else:
print('ok')
except Exception as e:
print(e)

106
app/modules/provisioning/provider.py
View File

@ -1,106 +0,0 @@
import os
import http.cookies
from jinja2 import Environment, FileSystemLoader
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.common as roxywi_common
form = common.form
def create_provider() -> None:
roxywi_common.check_user_group()
is_add = False
provider_name = common.checkAjaxInput(form.getvalue('new_provider_name'))
provider_group = common.checkAjaxInput(form.getvalue('new_provider_group'))
provider_token = common.checkAjaxInput(form.getvalue('new_provider_token'))
cloud = common.checkAjaxInput(form.getvalue('new_provider_cloud'))
if cloud == 'do':
if sql.add_provider_do(provider_name, provider_group, provider_token):
is_add = True
elif cloud == 'aws':
provider_secret = common.checkAjaxInput(form.getvalue('aws_new_secret'))
if sql.add_provider_aws(provider_name, provider_group, provider_token, provider_secret):
is_add = True
elif cloud == 'gcore':
provider_pass = common.checkAjaxInput(form.getvalue('gcore_new_pass'))
if sql.add_provider_gcore(provider_name, provider_group, provider_token, provider_pass):
is_add = True
if is_add:
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_uuid = cookie.get('uuid')
group_id = roxywi_common.get_user_group(id=1)
role_id = sql.get_user_role_by_uuid(user_uuid.value, group_id)
params = sql.select_provisioning_params()
providers = sql.select_providers(provider_group, key=provider_token)
if role_id == 1:
groups = sql.select_groups()
else:
groups = ''
lang = roxywi_common.get_user_lang()
env = Environment(loader=FileSystemLoader('templates'), autoescape=True)
template = env.get_template('ajax/provisioning/providers.html')
template = template.render(providers=providers, role=role_id, groups=groups, user_group=provider_group,
adding=1, params=params, lang=lang)
print(template)
def delete_provider() -> None:
roxywi_common.check_user_group()
try:
if sql.delete_provider(common.checkAjaxInput(form.getvalue('providerdel'))):
print('Ok')
roxywi_common.logging('Roxy-WI server', 'Provider has been deleted', provisioning=1)
except Exception as e:
print(e)
def edit_DO_provider(provider_id: int) -> None:
roxywi_common.check_user_group()
new_name = form.getvalue('edit_do_provider_name')
new_token = form.getvalue('edit_do_provider_token')
try:
if sql.update_do_provider(new_name, new_token, provider_id):
print('ok')
roxywi_common.logging('Roxy-WI server', f'Provider has been edited. New name is {new_name}', provisioning=1)
except Exception as e:
print(e)
def edit_gcore_provider(provider_id: int) -> None:
roxywi_common.check_user_group()
new_name = form.getvalue('edit_gcore_provider_name')
new_user = form.getvalue('edit_gcore_provider_user')
new_pass = form.getvalue('edit_gcore_provider_pass')
try:
if sql.update_gcore_provider(new_name, new_user, new_pass, provider_id):
print('ok')
roxywi_common.logging('Roxy-WI server', f'Provider has been edited. New name is {new_name}', provisioning=1)
except Exception as e:
print(e)
def edit_aws_provider(provider_id: int) -> None:
roxywi_common.check_user_group()
new_name = form.getvalue('edit_aws_provider_name')
new_key = form.getvalue('edit_aws_provider_key')
new_secret = form.getvalue('edit_aws_provider_secret')
try:
if sql.update_aws_provider(new_name, new_key, new_secret, provider_id):
print('ok')
roxywi_common.logging('Roxy-WI server', f'Provider has been edited. New name is {new_name}', provisioning=1)
except Exception as e:
print(e)

133
app/modules/provisioning/server.py
View File

@ -1,133 +0,0 @@
from jinja2 import Environment, FileSystemLoader
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.common as roxywi_common
import modules.server.server as server_mod
import modules.provisioning.common as prov_common
form = common.form
def init_server() -> None:
roxywi_common.check_user_group()
cmd = 'cd scripts/terraform/ && sudo terraform init -upgrade -no-color'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
print(f'error: {stderr}')
else:
if "Terraform initialized in an empty directory" in output[0]:
print('error: There is not need module')
elif "mkdir .terraform: permission denied" in output[0]:
print('error: Cannot init. Check permission to folder')
print(output[0])
def edit_server() -> None:
roxywi_common.check_user_group()
server_id = form.getvalue('editServerId')
user_group = form.getvalue('editGroup')
provider_name = form.getvalue('editProviderName')
params = sql.select_provisioning_params()
providers = sql.select_providers(int(user_group))
lang = roxywi_common.get_user_lang()
show_editing_server = {
'aws': sql.select_aws_server,
'do': sql.select_do_server,
'gcore': sql.select_gcore_server,
}
server = show_editing_server[provider_name](server_id=server_id)
env = Environment(extensions=["jinja2.ext.do"], loader=FileSystemLoader('templates'))
template = env.get_template(f'ajax/provisioning/{provider_name}_edit_dialog.html')
template = template.render(server=server, providers=providers, params=params, lang=lang)
print(template)
def create_server() -> None:
roxywi_common.check_user_group()
workspace = form.getvalue('provisioning_workspace')
group = form.getvalue('provisioning_group')
provider_id = form.getvalue('provisioning_provider_id')
action = form.getvalue('provisioning_action')
cloud = form.getvalue('provisioning_cloud')
state_name = ''
if cloud == 'aws':
state_name = 'aws_instance'
elif cloud == 'do':
state_name = 'digitalocean_droplet'
elif cloud == 'gcore':
state_name = 'gcore_instance'
tfvars = f'{workspace}_{group}_{cloud}.tfvars'
cmd = f'cd scripts/terraform/ && sudo terraform apply -auto-approve -no-color -input=false -target=module.{cloud}_module -var-file vars/{tfvars}'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
prov_common.show_error(stderr, group, workspace, provider_id)
else:
if cloud == 'aws':
cmd = 'cd scripts/terraform/ && sudo terraform state show module.aws_module.aws_eip.floating_ip[0]|grep -Eo "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
cmd = 'cd scripts/terraform/ && sudo terraform state show module.' + cloud + '_module.' + state_name + '.hapwi|grep -Eo "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"'
else:
cmd = 'cd scripts/terraform/ && sudo terraform state show module.' + cloud + '_module.' + state_name + '.hapwi|grep -Eo "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"'
output, stderr = server_mod.subprocess_execute(cmd)
ips = ''
for ip in output:
ips += ip
ips += ' '
if cloud == 'gcore':
ips = ips.split(' ')[0]
print(ips)
try:
sql.update_provisioning_server_status('Created', group, workspace, provider_id, update_ip=ips)
except Exception as e:
print(e)
if cloud == 'gcore':
cmd = 'cd scripts/terraform/ && sudo terraform state show module.gcore_module.gcore_instance.hapwi|grep "name"|grep -v -e "_name\|name_" |head -1 |awk -F"\\\"" \'{print $2}\''
output, stderr = server_mod.subprocess_execute(cmd)
print(':' + output[0])
try:
sql.update_provisioning_server_gcore_name(workspace, output[0], group, provider_id)
except Exception as e:
print(e)
roxywi_common.logging('Roxy-WI server', f'Server {workspace} has been {action}', provisioning=1)
def destroy_server() -> None:
roxywi_common.check_user_group()
server_id = form.getvalue('provisiningdestroyserver')
workspace = form.getvalue('servername')
group = form.getvalue('group')
cloud_type = form.getvalue('type')
provider_id = form.getvalue('provider_id')
tf_workspace = f'{workspace}_{group}_{cloud_type}'
cmd = f'cd scripts/terraform/ && sudo terraform init -upgrade -no-color && sudo terraform workspace select {tf_workspace}'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
prov_common.show_error(stderr, group, workspace, provider_id)
else:
cmd = f'cd scripts/terraform/ && sudo terraform destroy -auto-approve -no-color -target=module.{cloud_type}_module -var-file vars/{tf_workspace}.tfvars'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
print(f'error: {stderr}')
else:
cmd = f'cd scripts/terraform/ && sudo terraform workspace select default && sudo terraform workspace delete -force {tf_workspace}'
output, stderr = server_mod.subprocess_execute(cmd)
print('ok')
roxywi_common.logging('Roxy-WI server', 'Server has been destroyed', provisioning=1)
try:
sql.delete_provisioned_servers(server_id)
except Exception as e:
print(e)

85
app/modules/roxywi/auth.py
View File

@ -1,14 +1,14 @@
import os
import http.cookies
from flask import request, redirect, make_response, url_for
import modules.db.sql as sql
def check_login(user_uuid, token, **kwargs):
def check_login(user_uuid, token, **kwargs) -> str:
if user_uuid is None:
print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
ref = os.environ.get("REQUEST_URI")
return 'login_page'
try:
sql.delete_old_uuid()
@ -16,48 +16,85 @@ def check_login(user_uuid, token, **kwargs):
raise Exception(f'error: cannot connect to DB {e}')
if user_uuid is not None:
if sql.get_user_name_by_uuid(user_uuid.value) is None:
print(f'<meta http-equiv="refresh" content="0; url=login.py?ref={ref}">')
return False
if sql.get_user_name_by_uuid(user_uuid) is None:
return 'login_page'
if kwargs.get('service'):
required_service = str(kwargs.get('service'))
user_id = sql.get_user_id_by_uuid(user_uuid.value)
user_id = sql.get_user_id_by_uuid(user_uuid)
user_services = sql.select_user_services(user_id)
if required_service in user_services:
return True
return 'ok'
else:
print('<meta http-equiv="refresh" content="0; url=overview.py">')
return False
return 'index'
sql.update_last_act_user(user_uuid.value, token)
else:
print(f'<meta http-equiv="refresh" content="0; url=login.py?ref={ref}">')
return False
try:
ip = request.remote_addr
except Exception:
ip = ''
sql.update_last_act_user(user_uuid, token, ip)
return 'login_page'
def is_admin(level=1, **kwargs):
if kwargs.get('role_id'):
role = kwargs.get('role_id')
else:
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_id = cookie.get('uuid')
user_id = user_id.value
group_id = cookie.get('group')
group_id = int(group_id.value)
user_id = request.cookies.get('uuid')
group_id = request.cookies.get('group')
try:
role = sql.get_user_role_by_uuid(user_id, group_id)
except Exception:
role = 4
pass
try:
return True if role <= level else False
return True if int(role) <= int(level) else False
except Exception:
return False
def page_for_admin(level=1) -> None:
if not is_admin(level=level):
print('<meta http-equiv="refresh" content="0; url=/">')
return
return redirect(url_for('index'))
def check_in_ldap(user, password):
import ldap
server = sql.get_setting('ldap_server')
port = sql.get_setting('ldap_port')
ldap_class_search = sql.get_setting('ldap_class_search')
root_user = sql.get_setting('ldap_user')
root_password = sql.get_setting('ldap_password')
ldap_base = sql.get_setting('ldap_base')
ldap_search_field = sql.get_setting('ldap_search_field')
ldap_user_attribute = sql.get_setting('ldap_user_attribute')
ldap_type = sql.get_setting('ldap_type')
ldap_proto = 'ldap' if ldap_type == "0" else 'ldaps'
ldap_bind = ldap.initialize('{}://{}:{}/'.format(ldap_proto, server, port))
try:
ldap_bind.protocol_version = ldap.VERSION3
ldap_bind.set_option(ldap.OPT_REFERRALS, 0)
bind = ldap_bind.simple_bind_s(root_user, root_password)
criteria = "(&(objectClass=" + ldap_class_search + ")(" + ldap_user_attribute + "=" + user + "))"
attributes = [ldap_search_field]
result = ldap_bind.search_s(ldap_base, ldap.SCOPE_SUBTREE, criteria, attributes)
bind = ldap_bind.simple_bind_s(result[0][0], password)
except ldap.INVALID_CREDENTIALS:
return False
except ldap.SERVER_DOWN:
raise Exception('error: LDAP server is down')
except ldap.LDAPError as e:
if type(e.message) == dict and 'desc' in e.message:
raise Exception(f'error: {e.message["desc"]}')
else:
raise Exception (f'error: {e}')
else:
return True

131
app/modules/roxywi/common.py
View File

@ -4,6 +4,7 @@ import glob
import http.cookies
import distro
from flask import request, redirect, make_response, url_for
import modules.db.sql as sql
import modules.common.common as common
@ -24,18 +25,16 @@ def get_user_group(**kwargs) -> str:
user_group = ''
try:
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_group_id = cookie.get('group')
user_group_id1 = user_group_id.value
groups = sql.select_groups(id=user_group_id1)
user_group_id = request.cookies.get('group')
groups = sql.select_groups(id=user_group_id)
for g in groups:
if g.group_id == int(user_group_id1):
if g.group_id == int(user_group_id):
if kwargs.get('id'):
user_group = g.group_id
else:
user_group = g.name
except Exception:
check_user_group()
except Exception as e:
raise Exception(f'error: {e}')
return user_group
@ -44,27 +43,41 @@ def check_user_group(**kwargs):
if kwargs.get('token') is not None:
return True
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
if kwargs.get('user_uuid'):
group_id = kwargs.get('user_group_id')
user_uuid = kwargs.get('user_uuid')
user_id = sql.get_user_id_by_uuid(user_uuid)
else:
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_uuid = cookie.get('uuid')
group = cookie.get('group')
group_id = group.value
user_id = sql.get_user_id_by_uuid(user_uuid.value)
group_id = cookie.get('group')
user_id = sql.get_user_id_by_uuid(user_uuid)
if sql.check_user_group(user_id, group_id):
return True
else:
logging('Roxy-WI server', ' has tried to actions in not his group ', roxywi=1, login=1)
return False
def check_user_group_for_flask(**kwargs):
if kwargs.get('token') is not None:
return True
if kwargs.get('user_uuid'):
group_id = kwargs.get('user_group_id')
user_uuid = kwargs.get('user_uuid')
user_id = sql.get_user_id_by_uuid(user_uuid)
else:
user_uuid = request.cookies.get('uuid')
group_id = request.cookies.get('group')
user_id = sql.get_user_id_by_uuid(user_uuid)
if sql.check_user_group(user_id, group_id):
return True
else:
logging('Roxy-WI server', ' has tried to actions in not his group ', roxywi=1, login=1)
try:
ref = os.environ.get("REQUEST_URI").split('&')[0]
except Exception:
ref = os.environ.get("REQUEST_URI")
ref = common.checkAjaxInput(ref)
print(f'<meta http-equiv="refresh" content="0; url={ref}">')
return False
@ -72,11 +85,10 @@ def get_user_id(**kwargs):
if kwargs.get('login'):
return sql.get_user_id_by_username(kwargs.get('login'))
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_uuid = cookie.get('uuid')
user_uuid = request.cookies.get('uuid')
if user_uuid is not None:
user_id = sql.get_user_id_by_uuid(user_uuid.value)
user_id = sql.get_user_id_by_uuid(user_uuid)
return user_id
@ -89,18 +101,10 @@ def check_is_server_in_group(server_ip: str) -> bool:
return True
else:
logging('Roxy-WI server', ' has tried to actions in not his group server ', roxywi=1, login=1)
try:
ref = os.environ.get("REQUEST_URI").split('&')[0]
except Exception:
ref = os.environ.get("REQUEST_URI")
ref = common.checkAjaxInput(ref)
print(f'<meta http-equiv="refresh" content="0; url={ref}">')
return False
def get_files(folder=None, file_format='cfg') -> list:
if folder is None:
folder = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')
def get_files(folder, file_format, server_ip=None) -> list:
if file_format == 'log':
file = []
else:
@ -120,7 +124,7 @@ def get_files(folder=None, file_format='cfg') -> list:
if file_format == 'cfg' or file_format == 'conf':
for file in files:
ip = file.split("-")
if serv == ip[0]:
if server_ip == ip[0]:
return_files.add(file)
return sorted(return_files, reverse=True)
else:
@ -147,9 +151,8 @@ def logging(server_ip: str, action: str, **kwargs) -> None:
ip = ''
try:
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_uuid = cookie.get('uuid')
login = sql.get_user_name_by_uuid(user_uuid.value)
user_uuid = request.cookies.get('uuid')
login = sql.get_user_name_by_uuid(user_uuid)
except Exception:
login_name = kwargs.get('login')
try:
@ -219,9 +222,17 @@ def get_dick_permit(**kwargs):
else:
token = ''
if check_user_group(token=token):
if not kwargs.get('group_id'):
try:
servers = sql.get_dick_permit(**kwargs)
group_id = get_user_group(id=1)
except Exception as e:
return str(e)
else:
group_id = kwargs.get('group_id')
if check_user_group_for_flask(token=token):
try:
servers = sql.get_dick_permit(group_id, **kwargs)
except Exception as e:
raise Exception(e)
else:
@ -231,33 +242,30 @@ def get_dick_permit(**kwargs):
def get_users_params(**kwargs):
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
try:
user_uuid = cookie.get('uuid')
user = sql.get_user_name_by_uuid(user_uuid.value)
user_uuid = request.cookies.get('uuid')
user = sql.get_user_name_by_uuid(user_uuid)
except Exception:
print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
make_response(redirect(url_for('login_page')))
return
try:
group_id = cookie.get('group')
group_id = int(group_id.value)
group_id = int(request.cookies.get('group'))
except Exception:
print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
make_response(redirect(url_for('login_page')))
return
try:
role = sql.get_user_role_by_uuid(user_uuid.value, group_id)
role = sql.get_user_role_by_uuid(user_uuid, group_id)
except Exception:
print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
make_response(redirect(url_for('login_page')))
return
try:
user_id = sql.get_user_id_by_uuid(user_uuid.value)
user_id = sql.get_user_id_by_uuid(user_uuid)
user_services = sql.select_user_services(user_id)
token = sql.get_token(user_uuid.value)
token = sql.get_token(user_uuid)
except Exception:
print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
make_response(redirect(url_for('login_page')))
return
if kwargs.get('virt') and kwargs.get('haproxy'):
@ -273,7 +281,7 @@ def get_users_params(**kwargs):
else:
servers = get_dick_permit()
user_lang = get_user_lang()
user_lang = get_user_lang_for_flask()
user_params = {
'user': user,
@ -297,6 +305,21 @@ def get_user_lang() -> str:
except Exception:
return 'en'
if user_lang is None:
user_lang = 'en'
return user_lang
def get_user_lang_for_flask() -> str:
try:
user_lang = request.cookies.get('lang')
except Exception:
return 'en'
if user_lang is None:
user_lang = 'en'
return user_lang
@ -312,3 +335,13 @@ def return_unsubscribed_user_status() -> dict:
user_subscription = {'user_status': 0, 'user_plan': 0}
return user_subscription
def return_user_subscription():
try:
user_subscription = return_user_status()
except Exception as e:
user_subscription = return_unsubscribed_user_status()
roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
return user_subscription

12
app/modules/roxywi/group.py
View File

@ -2,19 +2,19 @@ import modules.db.sql as sql
import modules.roxywi.common as roxywi_common
def update_group(group_id: int, group_name: str, desc: str) -> None:
print(group_name)
def update_group(group_id: int, group_name: str, desc: str) -> str:
if group_name == '':
print(roxywi_common.return_error_message())
return roxywi_common.return_error_message()
else:
try:
sql.update_group(group_name, desc, group_id)
roxywi_common.logging('Roxy-WI server', f'The {group_name} has been updated', roxywi=1, login=1)
return 'ok'
except Exception as e:
print(f'error: {e}')
return f'error: {e}'
def delete_group(group_id: int) -> None:
def delete_group(group_id: int) -> str:
group = sql.select_groups(id=group_id)
group_name = ''
@ -22,5 +22,5 @@ def delete_group(group_id: int) -> None:
group_name = g.name
if sql.delete_group(group_id):
print("Ok")
roxywi_common.logging('Roxy-WI server', f'The {group_name} has been deleted', roxywi=1, login=1)
return 'ok'

24
app/modules/roxywi/logs.py
View File

@ -54,33 +54,29 @@ def show_log(stdout, **kwargs):
def show_roxy_log(
serv, rows='10', waf='0', grep=None, hour='00',
minute='00', hour1='24', minute1='00', service='haproxy', **kwargs
serv, rows='10', waf='0', grep=None, exgrep=None, hour='00',
minute='00', hour1='24', minute1='00', service='haproxy', log_file='123', **kwargs
) -> str:
exgrep = form.getvalue('exgrep')
log_file = form.getvalue('file')
date = checkAjaxInput(hour) + ':' + checkAjaxInput(minute)
date1 = checkAjaxInput(hour1) + ':' + checkAjaxInput(minute1)
rows = checkAjaxInput(rows)
waf = checkAjaxInput(waf)
cmd = ''
awk_column = 3
grep_act = ''
exgrep_act = ''
if grep is not None:
if grep:
grep_act = '|egrep "%s"' % checkAjaxInput(grep)
else:
grep_act = ''
if exgrep is not None:
if exgrep:
exgrep_act = '|egrep -v "%s"' % checkAjaxInput(exgrep)
else:
exgrep_act = ''
if log_file is not None:
log_file = checkAjaxInput(log_file)
if '..' in log_file: return 'error: nice try'
if '..' in log_file: raise Exception('error: nice try')
else:
if '..' in serv: return 'error: nice try'
if '..' in serv: raise Exception('error: nice try')
if service in ('nginx', 'haproxy', 'apache', 'keepalived'):
syslog_server_enable = sql.get_setting('syslog_server_enable')
@ -102,9 +98,10 @@ def show_roxy_log(
else:
local_path_logs = sql.get_setting('haproxy_path_logs')
commands = ["sudo cat %s/%s| awk '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act)]
syslog_server = serv
else:
if '..' in serv: return 'error: nice try'
if '..' in serv: raise Exception('error: nice try')
commands = ["sudo cat /var/log/%s/syslog.log | sed '/ %s:00/,/ %s:00/! d' |tail -%s %s %s %s" % (serv, date, date1, rows, grep_act, grep, exgrep_act)]
syslog_server = sql.get_setting('syslog_server')
@ -112,6 +109,7 @@ def show_roxy_log(
if waf == "1":
local_path_logs = '/var/log/waf.log'
commands = ["sudo cat %s |tail -%s %s %s" % (local_path_logs, rows, grep_act, exgrep_act)]
if kwargs.get('html') == 0:
a = server_mod.ssh_command(syslog_server, commands)
return show_log(a, html=0, grep=grep)

22
app/modules/roxywi/metrics.py
View File

@ -1,12 +1,10 @@
import json
import psutil
import modules.db.sql as sql
import modules.server.server as server_mod
def show_ram_metrics(metrics_type: str) -> None:
def show_ram_metrics(metrics_type: str) -> dict:
metrics = {'chartData': {}}
rams = ''
@ -27,10 +25,10 @@ def show_ram_metrics(metrics_type: str) -> None:
metrics['chartData']['rams'] = rams
print(json.dumps(metrics))
return metrics
def show_cpu_metrics(metrics_type: str) -> None:
def show_cpu_metrics(metrics_type: str) -> dict:
metrics = {'chartData': {}}
cpus = ''
@ -54,10 +52,10 @@ def show_cpu_metrics(metrics_type: str) -> None:
metrics['chartData']['cpus'] = cpus
print(json.dumps(metrics))
return metrics
def haproxy_metrics(server_ip: str, hostname: str, time_range: str) -> None:
def haproxy_metrics(server_ip: str, hostname: str, time_range: str) -> dict:
metric = sql.select_metrics(server_ip, 'haproxy', time_range=time_range)
metrics = {'chartData': {}}
metrics['chartData']['labels'] = {}
@ -82,10 +80,10 @@ def haproxy_metrics(server_ip: str, hostname: str, time_range: str) -> None:
metrics['chartData']['sess_rate'] = sess_rate
metrics['chartData']['server'] = hostname + ' (' + server + ')'
print(json.dumps(metrics))
return metrics
def haproxy_http_metrics(server_ip: str, hostname: str, time_range: str) -> None:
def haproxy_http_metrics(server_ip: str, hostname: str, time_range: str) -> dict:
metric = sql.select_metrics(server_ip, 'http_metrics', time_range=time_range)
metrics = {'chartData': {}}
metrics['chartData']['labels'] = {}
@ -113,10 +111,10 @@ def haproxy_http_metrics(server_ip: str, hostname: str, time_range: str) -> None
metrics['chartData']['http_5xx'] = http_5xx
metrics['chartData']['server'] = f'{hostname} ({server})'
print(json.dumps(metrics))
return metrics
def service_metrics(server_ip: str, hostname: str, service: str, time_range: str) -> None:
def service_metrics(server_ip: str, hostname: str, service: str, time_range: str) -> dict:
metric = sql.select_metrics(server_ip, service, time_range=time_range)
metrics = {'chartData': {}}
@ -134,4 +132,4 @@ def service_metrics(server_ip: str, hostname: str, service: str, time_range: str
metrics['chartData']['curr_con'] = curr_con
metrics['chartData']['server'] = f'{hostname} ({server_ip})'
print(json.dumps(metrics))
return metrics

76
app/modules/roxywi/nettools.py
View File

@ -1,20 +1,13 @@
import modules.common.common as common
import modules.server.server as server_mod
form = common.form
def ping_from_server() -> None:
server_from = common.checkAjaxInput(form.getvalue('nettools_icmp_server_from'))
server_to = common.checkAjaxInput(form.getvalue('nettools_icmp_server_to'))
server_to = common.is_ip_or_dns(server_to)
action = common.checkAjaxInput(form.getvalue('nettools_action'))
def ping_from_server(server_from: str, server_to: str, action: str) -> str:
stderr = ''
action_for_sending = ''
output1 = ''
if server_to == '':
print('warning: enter a correct IP or DNS name')
return
return 'warning: enter a correct IP or DNS name'
if action == 'nettools_ping':
action_for_sending = 'ping -c 4 -W 1 -s 56 -O '
@ -30,35 +23,32 @@ def ping_from_server() -> None:
output = server_mod.ssh_command(server_from, action_for_sending, raw=1, timeout=15)
if stderr != '':
print(f'error: {stderr}')
return
return f'error: {stderr}'
for i in output:
if i == ' ' or i == '':
continue
i = i.strip()
if 'PING' in i:
print('<span style="color: var(--link-dark-blue); display: block; margin-top: -20px;">')
output1 += '<span style="color: var(--link-dark-blue); display: block; margin-top: -5px;">'
elif 'no reply' in i or 'no answer yet' in i or 'Too many hops' in i or '100% packet loss' in i:
print('<span style="color: var(--red-color);">')
output1 += '<span style="color: var(--red-color);">'
elif 'ms' in i and '100% packet loss' not in i:
print('<span style="color: var(--green-color);">')
output1 += '<span style="color: var(--green-color);">'
else:
print('<span>')
output1 += '<span>'
print(i + '</span><br />')
output1 += i + '</span><br />'
return output1
def telnet_from_server() -> None:
server_from = common.checkAjaxInput(form.getvalue('nettools_telnet_server_from'))
server_to = common.checkAjaxInput(form.getvalue('nettools_telnet_server_to'))
server_to = common.is_ip_or_dns(server_to)
port_to = common.checkAjaxInput(form.getvalue('nettools_telnet_port_to'))
def telnet_from_server(server_from: str, server_to: str, port_to: str) -> str:
count_string = 0
stderr = ''
output1 = ''
if server_to == '':
print('warning: enter a correct IP or DNS name')
return
return 'warning: enter a correct IP or DNS name'
if server_from == 'localhost':
action_for_sending = f'echo "exit"|nc {server_to} {port_to} -t -w 1s'
@ -68,33 +58,27 @@ def telnet_from_server() -> None:
output = server_mod.ssh_command(server_from, action_for_sending, raw=1)
if stderr != '':
print(f'error: <b>{stderr[5:]}</b>')
return
return f'error: <b>{stderr[5:]}</b>'
for i in output:
if i == ' ':
continue
i = i.strip()
if i == 'Ncat: Connection timed out.':
print(f'error: <b>{i[5:]}</b>')
break
print(i + '<br>')
return f'error: <b>{i[5:]}</b>'
output1 += i + '<br>'
count_string += 1
if count_string > 1:
break
return output1
def nslookup_from_server() -> None:
server_from = common.checkAjaxInput(form.getvalue('nettools_nslookup_server_from'))
dns_name = common.checkAjaxInput(form.getvalue('nettools_nslookup_name'))
dns_name = common.is_ip_or_dns(dns_name)
record_type = common.checkAjaxInput(form.getvalue('nettools_nslookup_record_type'))
def nslookup_from_server(server_from: str, dns_name: str, record_type: str) -> str:
count_string = 0
stderr = ''
output1 = ''
if dns_name == '':
print('warning: enter a correct DNS name')
return
return 'warning: enter a correct DNS name'
action_for_sending = f'dig {dns_name} {record_type} |grep -e "SERVER\|{dns_name}"'
@ -105,23 +89,21 @@ def nslookup_from_server() -> None:
output = server_mod.ssh_command(server_from, action_for_sending, raw=1)
if stderr != '':
print('error: ' + stderr[5:-1])
return
return 'error: ' + stderr[5:-1]
print(
f'<b style="display: block; margin-top:10px;">The <i style="color: var(--blue-color)">{dns_name}</i> domain has the following records:</b>')
output1 += f'<b style="display: block; margin-top:10px;">The <i style="color: var(--blue-color)">{dns_name}</i> domain has the following records:</b>'
for i in output:
if 'dig: command not found.' in i:
print('error: Install bind-utils before using NSLookup')
break
return 'error: Install bind-utils before using NSLookup'
if ';' in i and ';; SERVER:' not in i:
continue
if 'SOA' in i and record_type != 'SOA':
print('<b style="color: red">There are not any records for this type')
break
return '<b style="color: red">There are not any records for this type'
if ';; SERVER:' in i:
i = i[10:]
print('<br><b>From NS server:</b><br>')
output1 += '<br><b>From NS server:</b><br>'
i = i.strip()
print('<i>' + i + '</i><br>')
output1 += '<i>' + i + '</i><br>'
count_string += 1
return output1

204
app/modules/roxywi/overview.py
View File

@ -1,7 +1,8 @@
import os
import http.cookies
import psutil
import requests
from flask import render_template, request
from jinja2 import Environment, FileSystemLoader
import modules.db.sql as sql
@ -12,11 +13,8 @@ import modules.server.server as server_mod
import modules.service.common as service_common
def user_ovw() -> None:
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('ajax/show_users_ovw.html')
lang = roxywi_common.get_user_lang()
def user_owv():
lang = roxywi_common.get_user_lang_for_flask()
roles = sql.select_roles()
user_params = roxywi_common.get_users_params()
users_groups = sql.select_user_groups_with_names(1, all=1)
@ -27,109 +25,77 @@ def user_ovw() -> None:
else:
users = sql.select_users()
template = template.render(users=users, users_groups=users_groups, lang=lang, roles=roles)
print(template)
return render_template('ajax/show_users_ovw.html', users=users, users_groups=users_groups, lang=lang, roles=roles)
def show_sub_ovw() -> None:
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
lang = roxywi_common.get_user_lang()
template = env.get_template('ajax/show_sub_ovw.html')
template = template.render(sub=sql.select_user_all(), lang=lang)
print(template)
lang = roxywi_common.get_user_lang_for_flask()
return render_template('ajax/show_sub_ovw.html', sub=sql.select_user_all(), lang=lang)
def show_overview(serv) -> None:
import asyncio
servers = []
user_uuid = request.cookies.get('uuid')
group_id = request.cookies.get('group')
lang = roxywi_common.get_user_lang_for_flask()
role = sql.get_user_role_by_uuid(user_uuid, group_id)
server = [server for server in sql.select_servers(server=serv)]
user_id = sql.get_user_id_by_uuid(user_uuid)
user_services = sql.select_user_services(user_id)
async def async_get_overview(serv1, serv2, user_uuid, server_id):
user_id = sql.get_user_id_by_uuid(user_uuid)
user_services = sql.select_user_services(user_id)
haproxy = sql.select_haproxy(serv) if '1' in user_services else 0
nginx = sql.select_nginx(serv) if '2' in user_services else 0
keepalived = sql.select_keepalived(serv) if '3' in user_services else 0
apache = sql.select_apache(serv) if '4' in user_services else 0
haproxy = sql.select_haproxy(serv) if '1' in user_services else 0
nginx = sql.select_nginx(serv) if '2' in user_services else 0
keepalived = sql.select_keepalived(serv) if '3' in user_services else 0
apache = sql.select_apache(serv) if '4' in user_services else 0
waf = sql.select_waf_servers(server[0][2])
haproxy_process = ''
keepalived_process = ''
nginx_process = ''
apache_process = ''
waf_process = ''
waf = sql.select_waf_servers(serv2)
haproxy_process = ''
keepalived_process = ''
nginx_process = ''
apache_process = ''
waf_process = ''
try:
waf_len = len(waf)
except Exception:
waf_len = 0
if haproxy:
cmd = f'echo "show info" |nc {server[0][2]} {sql.get_setting("haproxy_sock_port")} -w 1|grep -e "Process_num"'
haproxy_process = service_common.server_status(server_mod.subprocess_execute(cmd))
if nginx:
nginx_cmd = f'echo "something" |nc {server[0][2]} {sql.get_setting("nginx_stats_port")} -w 1'
nginx_process = service_common.server_status(server_mod.subprocess_execute(nginx_cmd))
if apache:
apache_cmd = f'echo "something" |nc {server[0][2]} {sql.get_setting("apache_stats_port")} -w 1'
apache_process = service_common.server_status(server_mod.subprocess_execute(apache_cmd))
if keepalived:
command = ["ps ax |grep keepalived|grep -v grep|wc -l|tr -d '\n'"]
try:
waf_len = len(waf)
except Exception:
waf_len = 0
keepalived_process = server_mod.ssh_command(server[0][2], command)
except Exception as e:
raise Exception(f'error: {e} for server {server[0][2]}')
if haproxy:
cmd = f'echo "show info" |nc {serv2} {sql.get_setting("haproxy_sock_port")} -w 1|grep -e "Process_num"'
haproxy_process = service_common.server_status(server_mod.subprocess_execute(cmd))
if waf_len >= 1:
command = ["ps ax |grep waf/bin/modsecurity |grep -v grep |wc -l"]
try:
waf_process = server_mod.ssh_command(server[0][2], command)
except Exception as e:
raise Exception(f'error: {e} for server {server[0][2]}')
if nginx:
nginx_cmd = f'echo "something" |nc {serv2} {sql.get_setting("nginx_stats_port")} -w 1'
nginx_process = service_common.server_status(server_mod.subprocess_execute(nginx_cmd))
server_status = (
server[0][1], server[0][2], haproxy, haproxy_process, waf_process, waf, keepalived, keepalived_process, nginx,
nginx_process, server[0][0], apache, apache_process
)
if apache:
apache_cmd = f'echo "something" |nc {serv2} {sql.get_setting("apache_stats_port")} -w 1'
apache_process = service_common.server_status(server_mod.subprocess_execute(apache_cmd))
servers.append(server_status)
servers_sorted = sorted(servers, key=common.get_key)
if keepalived:
command = ["ps ax |grep keepalived|grep -v grep|wc -l|tr -d '\n'"]
try:
keepalived_process = server_mod.ssh_command(serv2, command)
except Exception as e:
print(f'error: {e} for server {serv2}')
return
if waf_len >= 1:
command = ["ps ax |grep waf/bin/modsecurity |grep -v grep |wc -l"]
try:
waf_process = server_mod.ssh_command(serv2, command)
except Exception as e:
print(f'error: {e} for server {serv2}')
return
server_status = (serv1,
serv2,
haproxy,
haproxy_process,
waf_process,
waf,
keepalived,
keepalived_process,
nginx,
nginx_process,
server_id,
apache,
apache_process)
return server_status
async def get_runner_overview():
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True,
extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'])
servers = []
template = env.get_template('ajax/overview.html')
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_uuid = cookie.get('uuid')
group_id = cookie.get('group')
group_id = int(group_id.value)
lang = roxywi_common.get_user_lang()
role = sql.get_user_role_by_uuid(user_uuid.value, group_id)
futures = [async_get_overview(server[1], server[2], user_uuid.value, server[0]) for server in
sql.select_servers(server=serv)]
for i, future in enumerate(asyncio.as_completed(futures)):
result = await future
servers.append(result)
servers_sorted = sorted(servers, key=common.get_key)
template = template.render(service_status=servers_sorted, role=role, lang=lang)
print(template)
ioloop = asyncio.get_event_loop()
ioloop.run_until_complete(get_runner_overview())
ioloop.close()
return render_template('ajax/overview.html', service_status=servers_sorted, role=role, lang=lang)
def show_haproxy_binout(server_ip: str) -> None:
@ -151,14 +117,12 @@ def show_haproxy_binout(server_ip: str) -> None:
server_ip, port)
cout, stderr3 = server_mod.subprocess_execute(cmd)
bin_bout.append(cout[0])
lang = roxywi_common.get_user_lang()
env = Environment(loader=FileSystemLoader('templates'), autoescape=True)
template = env.get_template('ajax/bin_bout.html')
template = template.render(bin_bout=bin_bout, serv=server_ip, service='haproxy', lang=lang)
print(template)
lang = roxywi_common.get_user_lang_for_flask()
return render_template('ajax/bin_bout.html', bin_bout=bin_bout, serv=server_ip, service='haproxy', lang=lang)
def show_nginx_connections(server_ip: str) -> None:
def show_nginx_connections(server_ip: str) -> str:
port = sql.get_setting('nginx_stats_port')
user = sql.get_setting('nginx_stats_user')
password = sql.get_setting('nginx_stats_password')
@ -175,13 +139,10 @@ def show_nginx_connections(server_ip: str) -> None:
if num == 2:
bin_bout.append(line.split(' ')[3])
lang = roxywi_common.get_user_lang()
env = Environment(loader=FileSystemLoader('templates'))
template = env.get_template('ajax/bin_bout.html')
template = template.render(bin_bout=bin_bout, serv=server_ip, service='nginx', lang=lang)
print(template)
lang = roxywi_common.get_user_lang_for_flask()
return render_template('ajax/bin_bout.html', bin_bout=bin_bout, serv=server_ip, service='nginx', lang=lang)
else:
print('error: cannot connect to NGINX stat page')
return 'error: cannot connect to NGINX stat page'
def show_apache_bytes(server_ip: str) -> None:
@ -199,21 +160,13 @@ def show_apache_bytes(server_ip: str) -> None:
if 'ReqPerSec' in line or 'BytesPerSec' in line:
bin_bout.append(line.split(' ')[1])
lang = roxywi_common.get_user_lang()
env = Environment(loader=FileSystemLoader('templates'))
template = env.get_template('ajax/bin_bout.html')
template = template.render(bin_bout=bin_bout, serv=server_ip, service='apache', lang=lang)
print(template)
lang = roxywi_common.get_user_lang_for_flask()
return render_template('ajax/bin_bout.html', bin_bout=bin_bout, serv=server_ip, service='apache', lang=lang)
else:
print('error: cannot connect to Apache stat page')
return 'error: cannot connect to Apache stat page'
def show_services_overview() -> None:
import psutil
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('ajax/show_services_ovw.html')
def show_services_overview():
user_params = roxywi_common.get_users_params()
grafana = 0
metrics_worker = 0
@ -221,7 +174,7 @@ def show_services_overview() -> None:
servers_group = []
host = os.environ.get('HTTP_HOST', '')
user_group = roxywi_common.get_user_group(id=1)
lang = roxywi_common.get_user_lang()
lang = roxywi_common.get_user_lang_for_flask()
if (user_params['role'] == 2 or user_params['role'] == 3) and int(user_group) != 1:
for s in user_params['servers']:
@ -268,7 +221,8 @@ def show_services_overview() -> None:
cmd = "systemctl is-active roxy-wi-socket"
socket, stderr = server_mod.subprocess_execute(cmd)
rendered_template = template.render(
return render_template(
'ajax/show_services_ovw.html',
role=user_params['role'], metrics_master=''.join(metrics_master), metrics_worker=metrics_worker,
checker_master=''.join(checker_master), checker_worker=checker_worker, keep_alive=''.join(keep_alive),
smon=''.join(smon), port_scanner=''.join(port_scanner), grafana=grafana, socket=''.join(socket),
@ -279,14 +233,10 @@ def show_services_overview() -> None:
keep_alive_log_id=roxy_logs.roxy_wi_log(log_id=1, file="keep_alive"),
socket_log_id=roxy_logs.roxy_wi_log(log_id=1, file="socket"), error=stderr, lang=lang
)
print(rendered_template)
def keepalived_became_master(server_ip) -> None:
commands = ["sudo kill -USR2 $(cat /var/run/keepalived.pid) && sudo grep 'Became master' /tmp/keepalived.stats |awk '{print $3}'"]
became_master = server_mod.ssh_command(server_ip, commands)
lang = roxywi_common.get_user_lang()
env = Environment(loader=FileSystemLoader('templates'))
template = env.get_template('ajax/bin_bout.html')
template = template.render(bin_bout=became_master, serv=server_ip, service='keepalived', lang=lang)
print(template)
lang = roxywi_common.get_user_lang_for_flask()
return render_template('ajax/bin_bout.html', bin_bout=became_master, serv=server_ip, service='keepalived', lang=lang)

21
app/modules/roxywi/roxy.py
View File

@ -50,8 +50,8 @@ def update_roxy_wi(service):
cmd = f'sudo -S yum -y install {service} {restart_service}'
output, stderr = server_mod.subprocess_execute(cmd)
print(output)
print(stderr)
return output
# print(stderr)
def check_ver():
@ -68,6 +68,8 @@ def versions():
current_ver_without_dots += '00'
if len(current_ver_without_dots) == 3:
current_ver_without_dots += '0'
if len(current_ver_without_dots) == 7:
current_ver_without_dots += '0'
current_ver_without_dots = int(current_ver_without_dots)
except Exception:
current_ver = "Sorry cannot get current version"
@ -82,6 +84,8 @@ def versions():
new_ver_without_dots += '00'
if len(new_ver_without_dots) == 3:
new_ver_without_dots += '0'
if len(new_ver_without_dots) == 7:
new_ver_without_dots += '0'
new_ver_without_dots = int(new_ver_without_dots)
except Exception as e:
new_ver = "Cannot get a new version"
@ -192,21 +196,16 @@ def check_new_version(service):
return res
def action_service(action: str, service: str) -> None:
if action not in ('start', 'stop', 'restart'):
print('error: wrong action')
return
def action_service(action: str, service: str) -> str:
is_in_docker = is_docker()
cmd = f"sudo systemctl disable {service} --now"
if action in ("start", "restart"):
cmd = f"sudo systemctl {action} {service} --now"
if not sql.select_user_status():
print(
'warning: The service is disabled because you are not subscribed. Read <a href="https://roxy-wi.org/pricing" '
'title="Roxy-WI pricing" target="_blank">here</a> about subscriptions')
return
return 'warning: The service is disabled because you are not subscribed. Read <a href="https://roxy-wi.org/pricing" ' \
'title="Roxy-WI pricing" target="_blank">here</a> about subscriptions'
if is_in_docker:
cmd = f"sudo supervisorctl {action} {service}"
os.system(cmd)
roxywi_common.logging('Roxy-WI server', f' The service {service} has been {action}ed', roxywi=1, login=1)
return 'ok'

193
app/modules/roxywi/user.py
View File

@ -1,128 +1,89 @@
import os
from jinja2 import Environment, FileSystemLoader
from flask import render_template, request
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.alerting.alerting as alerting
form = common.form
import modules.tools.alerting as alerting
def create_user(new_user: str, email: str, password: str, role: str, activeuser: int, group: int, **kwargs) -> bool:
if roxywi_common.check_user_group(token=kwargs.get('token')):
if roxywi_auth.is_admin(level=2, role_id=kwargs.get('role_id')):
try:
user_id = sql.add_user(new_user, email, password, role, activeuser, group)
sql.update_user_role(user_id, group, role)
roxywi_common.logging(f'a new user {new_user}', ' has been created ', roxywi=1, login=1)
try:
sql.update_user_role(user_id, group, role)
except Exception as e:
print(f'error: cannot update user role {e}')
try:
if password == 'aduser':
password = 'your domain password'
message = f"A user has been created for you on Roxy-WI portal!\n\n" \
f"Now you can login to https://{os.environ.get('HTTP_HOST', '')}\n\n" \
f"Your credentials are:\n" \
f"Login: {new_user}\n" \
f"Password: {password}"
alerting.send_email(email, 'A user has been created for you', message)
except Exception as e:
roxywi_common.logging('error: Cannot send email for a new user', e, roxywi=1, login=1)
except Exception as e:
print(f'error: Cannot create a new user: {e}')
roxywi_common.logging('error: Cannot create a new user', e, roxywi=1, login=1)
return False
else:
print('error: dalsdm')
roxywi_common.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1)
return False
return True
def create_user(new_user: str, email: str, password: str, role: str, activeuser: int, group: int) -> bool:
try:
user_id = sql.add_user(new_user, email, password, role, activeuser, group)
sql.update_user_role(user_id, group, role)
roxywi_common.logging(f'a new user {new_user}', ' has been created ', roxywi=1, login=1)
try:
sql.update_user_role(user_id, group, role)
except Exception as e:
raise Exception(f'error: cannot update user role {e}')
try:
if password == 'aduser':
password = 'your domain password'
message = f"A user has been created for you on Roxy-WI portal!\n\n" \
f"Now you can login to https://{os.environ.get('HTTP_HOST', '')}\n\n" \
f"Your credentials are:\n" \
f"Login: {new_user}\n" \
f"Password: {password}"
alerting.send_email(email, 'A user has been created for you', message)
except Exception as e:
roxywi_common.logging('error: Cannot send email for a new user', e, roxywi=1, login=1)
except Exception as e:
roxywi_common.logging('error: Cannot create a new user', e, roxywi=1, login=1)
raise Exception(f'error: Cannot create a new user: {e}')
else:
return True
def delete_user():
userdel = int(form.getvalue('userdel'))
if sql.is_user_super_admin(userdel):
def delete_user(user_id: int) -> str:
if sql.is_user_super_admin(user_id):
count_super_admin_users = sql.get_super_admin_count()
if count_super_admin_users < 2:
raise Exception('error: you cannot delete a last user with superAdmin role')
user = sql.select_users(id=userdel)
user = sql.select_users(id=user_id)
username = ''
for u in user:
username = u.username
if sql.delete_user(userdel):
sql.delete_user_groups(userdel)
if sql.delete_user(user_id):
sql.delete_user_groups(user_id)
roxywi_common.logging(username, ' has been deleted user ', roxywi=1, login=1)
print("Ok")
return "ok"
def update_user():
email = form.getvalue('email')
new_user = form.getvalue('updateuser')
user_id = form.getvalue('id')
activeuser = form.getvalue('activeuser')
group_id = int(form.getvalue('usergroup'))
if roxywi_common.check_user_group():
if form.getvalue('role'):
role_id = int(form.getvalue('role'))
if roxywi_auth.is_admin(level=role_id):
try:
sql.update_user(new_user, email, role_id, user_id, activeuser)
except Exception as e:
print(e)
sql.update_user_role(user_id, group_id, role_id)
roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1)
else:
roxywi_common.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1)
else:
try:
sql.update_user_from_admin_area(new_user, email, user_id, activeuser)
except Exception as e:
print(e)
roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1)
def update_user(email, new_user, user_id, enabled, group_id, role_id):
try:
sql.update_user(new_user, email, role_id, user_id, enabled)
except Exception as e:
print(e)
sql.update_user_role(user_id, group_id, role_id)
roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1)
def update_user_password():
password = form.getvalue('updatepassowrd')
def update_user_password(password, uuid, user_id_from_get):
username = ''
if form.getvalue('uuid'):
user_id = sql.get_user_id_by_uuid(form.getvalue('uuid'))
if uuid:
user_id = sql.get_user_id_by_uuid(uuid)
else:
user_id = form.getvalue('id')
user_id = user_id_from_get
user = sql.select_users(id=user_id)
for u in user:
username = u.username
sql.update_user_password(password, user_id)
roxywi_common.logging('user ' + username, ' has changed password ', roxywi=1, login=1)
print("Ok")
roxywi_common.logging(f'user {username}', ' has changed password ', roxywi=1, login=1)
return 'ok'
def get_user_services() -> None:
user_id = common.checkAjaxInput(form.getvalue('getuserservices'))
lang = roxywi_common.get_user_lang()
def get_user_services(user_id: int) -> None:
lang = roxywi_common.get_user_lang_for_flask()
services = sql.select_services()
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('ajax/show_user_services.html')
template = template.render(user_services=sql.select_user_services(user_id), id=user_id, services=services, lang=lang)
print(template)
return render_template(
'ajax/user_services.html', user_services=sql.select_user_services(user_id), id=user_id, services=services, lang=lang
)
def change_user_services() -> None:
import json
user_id = common.checkAjaxInput(form.getvalue('changeUserServicesId'))
user = common.checkAjaxInput(form.getvalue('changeUserServicesUser'))
def change_user_services(user: str, user_id: int, user_services: str) -> str:
services = ''
user_services = json.loads(form.getvalue('jsonDatas'))
for k, v in user_services.items():
for k2, v2 in v.items():
@ -131,55 +92,42 @@ def change_user_services() -> None:
try:
if sql.update_user_services(services=services, user_id=user_id):
roxywi_common.logging('Roxy-WI server', f'Access to the services has been updated for user: {user}', roxywi=1, login=1)
return 'ok'
except Exception as e:
print(e)
return f'error: Cannot save: {e}'
def change_user_active_group() -> None:
group_id = common.checkAjaxInput(form.getvalue('changeUserCurrentGroupId'))
user_uuid = common.checkAjaxInput(form.getvalue('changeUserGroupsUser'))
def change_user_active_group(group_id: int, user_uuid: str) -> str:
try:
if sql.update_user_current_groups(group_id, user_uuid):
print('Ok')
return 'Ok'
else:
print('error: Cannot change group')
return 'error: Cannot change group'
except Exception as e:
print(e)
return f'error: Cannot change the group: {e}'
def get_user_active_group(user_id: str, group: str) -> None:
group_id = sql.get_user_id_by_uuid(user_id.value)
def get_user_active_group(uuid: str, group: str) -> str:
group_id = sql.get_user_id_by_uuid(uuid)
groups = sql.select_user_groups_with_names(group_id)
lang = roxywi_common.get_user_lang()
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('ajax/show_user_current_group.html')
template = template.render(groups=groups, group=group.value, id=group_id, lang=lang)
print(template)
lang = roxywi_common.get_user_lang_for_flask()
return render_template('ajax/user_current_group.html', groups=groups, group=group, id=group_id, lang=lang)
def show_user_groups_and_roles() -> None:
user_id = common.checkAjaxInput(form.getvalue('user_id'))
def show_user_groups_and_roles(user_id: int, lang: str) -> None:
groups = sql.select_user_groups_with_names(user_id, user_not_in_group=1)
roles = sql.select_roles()
lang = roxywi_common.get_user_lang()
user_groups = sql.select_user_groups_with_names(user_id)
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('ajax/show_user_groups_and_roles.html')
template = template.render(groups=groups, user_groups=user_groups, roles=roles, lang=lang)
print(template)
return render_template('ajax/user_groups_and_roles.html', groups=groups, user_groups=user_groups, roles=roles, lang=lang)
def save_user_group_and_role() -> None:
def save_user_group_and_role(user: str, groups_and_roles: str) -> str:
import json
user = common.checkAjaxInput(form.getvalue('changeUserGroupsUser'))
groups_and_roles = json.loads(form.getvalue('jsonDatas'))
for k, v in groups_and_roles.items():
user_id = int(k)
if not sql.delete_user_groups(user_id):
print('error: cannot delete old groups')
return 'error: Cannot delete old groups'
for k2, v2 in v.items():
group_id = int(k2)
role_id = int(v2['role_id'])
@ -190,13 +138,12 @@ def save_user_group_and_role() -> None:
break
else:
roxywi_common.logging('Roxy-WI server', f'Groups and roles have been updated for user: {user}', roxywi=1, login=1)
print('ok')
return 'ok'
def get_ldap_email() -> None:
def get_ldap_email(username) -> str:
import ldap
username = common.checkAjaxInput(form.getvalue('get_ldap_email'))
server = sql.get_setting('ldap_server')
port = sql.get_setting('ldap_port')
user = sql.get_setting('ldap_user')
@ -224,8 +171,8 @@ def get_ldap_email() -> None:
results = [entry for dn, entry in result if isinstance(entry, dict)]
try:
print('["' + results[0][ldap_search_field][0].decode("utf-8") + '","' + domain + '"]')
return '["' + results[0][ldap_search_field][0].decode("utf-8") + '","' + domain + '"]'
except Exception:
print('error: user not found')
return 'error: user not found'
finally:
ldap_bind.unbind()

62
app/modules/roxywi/waf.py
View File

@ -1,7 +1,4 @@
import os
import http.cookies
from jinja2 import Environment, FileSystemLoader
from flask import render_template, request
import modules.db.sql as sql
import modules.common.common as common
@ -12,19 +9,10 @@ form = common.form
def waf_overview(serv, waf_service) -> None:
env = Environment(
loader=FileSystemLoader('templates/'), autoescape=True,
extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do']
)
template = env.get_template('ajax/overivewWaf.html')
servers = sql.select_servers(server=serv)
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_id = cookie.get('uuid')
group_id = cookie.get('group')
group_id = int(group_id.value)
config_path = ''
user_id = request.cookies.get('uuid')
group_id = int(request.cookies.get('group'))
role = sql.get_user_role_by_uuid(user_id, group_id)
returned_servers = []
waf = ''
metrics_en = 0
@ -77,17 +65,13 @@ def waf_overview(serv, waf_service) -> None:
returned_servers.append(server_status)
lang = roxywi_common.get_user_lang()
lang = roxywi_common.get_user_lang_for_flask()
servers_sorted = sorted(returned_servers, key=common.get_key)
template = template.render(service_status=servers_sorted, role=sql.get_user_role_by_uuid(user_id.value, group_id),
waf_service=waf_service, lang=lang)
print(template)
return render_template('ajax/overivewWaf.html', service_status=servers_sorted, role=role, waf_service=waf_service, lang=lang)
def change_waf_mode() -> None:
waf_mode = common.checkAjaxInput(form.getvalue('change_waf_mode'))
server_hostname = form.getvalue('server_hostname')
service = common.checkAjaxInput(form.getvalue('service'))
def change_waf_mode(waf_mode: str, server_hostname: str, service: str) -> str:
serv = sql.select_server_by_name(server_hostname)
if service == 'haproxy':
@ -96,19 +80,22 @@ def change_waf_mode() -> None:
config_dir = sql.get_setting('nginx_dir')
commands = [f"sudo sed -i 's/^SecRuleEngine.*/SecRuleEngine {waf_mode}/' {config_dir}/waf/modsecurity.conf"]
server_mod.ssh_command(serv, commands)
try:
server_mod.ssh_command(serv, commands)
except Exception as e:
return str(e)
roxywi_common.logging(serv, f'Has been changed WAF mod to {waf_mode}', roxywi=1, login=1)
return 'ok'
def switch_waf_rule(serv) -> None:
enable = common.checkAjaxInput(form.getvalue('waf_en'))
rule_id = common.checkAjaxInput(form.getvalue('waf_rule_id'))
def switch_waf_rule(serv: str, enable: int, rule_id: int) -> str:
haproxy_path = sql.get_setting('haproxy_dir')
rule_file = sql.select_waf_rule_by_id(rule_id)
conf_file_path = haproxy_path + '/waf/modsecurity.conf'
rule_file_path = f'Include {haproxy_path}/waf/rules/{rule_file}'
print(rule_file_path)
if enable == '0':
cmd = ["sudo sed -i 's!" + rule_file_path + "!#" + rule_file_path + "!' " + conf_file_path]
@ -123,15 +110,14 @@ def switch_waf_rule(serv) -> None:
except Exception:
pass
print(server_mod.ssh_command(serv, cmd))
sql.update_enable_waf_rules(rule_id, serv, enable)
return server_mod.ssh_command(serv, cmd)
def create_waf_rule(serv) -> None:
service = common.checkAjaxInput(form.getvalue('service'))
new_waf_rule = common.checkAjaxInput(form.getvalue('new_waf_rule'))
new_rule_desc = common.checkAjaxInput(form.getvalue('new_rule_description'))
rule_file = common.checkAjaxInput(form.getvalue('new_rule_file'))
def create_waf_rule(serv, service) -> str:
new_waf_rule = common.checkAjaxInput(request.form.get('new_waf_rule'))
new_rule_desc = common.checkAjaxInput(request.form.get('new_rule_description'))
rule_file = common.checkAjaxInput(request.form.get('new_rule_file'))
rule_file = f'{rule_file}.conf'
waf_path = ''
@ -144,11 +130,13 @@ def create_waf_rule(serv) -> None:
rule_file_path = f'{waf_path}waf/rules/{rule_file}'
cmd = [f"sudo echo Include {rule_file_path} >> {conf_file_path} && sudo touch {rule_file_path}"]
print(server_mod.ssh_command(serv, cmd))
print(sql.insert_new_waf_rule(new_waf_rule, rule_file, new_rule_desc, service, serv))
server_mod.ssh_command(serv, cmd)
sql.insert_new_waf_rule(new_waf_rule, rule_file, new_rule_desc, service, serv)
try:
roxywi_common.logging('WAF', f' A new rule has been created {rule_file} on the server {serv}',
roxywi=1, login=1)
except Exception:
pass
return 'ok'

2
app/modules/server/__init__.py
View File

@ -1 +1 @@
NAME = 'roxy-wi-server-modules'
NAME = 'roxy-wi-server-module'

121
app/modules/server/server.py
View File

@ -1,6 +1,6 @@
import json
from jinja2 import Environment, FileSystemLoader
from flask import render_template, request
import modules.db.sql as sql
import modules.server.ssh as mod_ssh
@ -38,8 +38,6 @@ def ssh_command(server_ip: str, commands: list, **kwargs):
try:
if kwargs.get('raw'):
return stdout.readlines()
if kwargs.get("ip") == "1":
show_ip(stdout)
elif kwargs.get("show_log") == "1":
import modules.roxywi.logs as roxywi_logs
@ -103,14 +101,6 @@ def get_remote_files(server_ip: str, config_dir: str, file_format: str):
return config_files
def show_ip(stdout):
for line in stdout:
if "Permission denied" in line:
print(f'error: {line}')
else:
print(line)
def get_system_info(server_ip: str) -> str:
server_ip = common.is_ip_or_dns(server_ip)
if server_ip == '':
@ -123,7 +113,7 @@ def get_system_info(server_ip: str) -> str:
try:
sys_info_returned = ssh_command(server_ip, command, timeout=5)
except Exception as e:
raise e
raise Exception(e)
if 'not found' in sys_info_returned:
raise Exception(f'You should install lshw on the server {server_ip}. Update System info after installation.')
@ -131,7 +121,7 @@ def get_system_info(server_ip: str) -> str:
try:
os_info = ssh_command(server_ip, command1)
except Exception as e:
raise e
raise Exception(e)
os_info = os_info.strip()
system_info = json.loads(sys_info_returned)
@ -346,85 +336,54 @@ def get_system_info(server_ip: str) -> str:
raise e
def show_system_info() -> None:
server_ip = form.getvalue('server_ip')
server_ip = common.is_ip_or_dns(server_ip)
server_id = form.getvalue('server_id')
if server_ip == '':
print('error: IP or DNS name is not valid')
return
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True,
extensions=["jinja2.ext.loopcontrols", "jinja2.ext.do"])
env.globals['string_to_dict'] = common.string_to_dict
template = env.get_template('ajax/show_system_info.html')
def show_system_info(server_ip: str, server_id: int) -> str:
if sql.is_system_info(server_id):
try:
get_system_info(server_ip)
except Exception as e:
return f'123 {e}'
try:
system_info = sql.select_one_system_info(server_id)
template = template.render(system_info=system_info, server_ip=server_ip, server_id=server_id)
print(template)
return render_template('ajax/show_system_info.html', system_info=system_info, server_ip=server_ip, server_id=server_id)
except Exception as e:
print(f'Cannot update server info: {e}')
return f'Cannot update server info: {e}'
else:
system_info = sql.select_one_system_info(server_id)
template = template.render(system_info=system_info, server_ip=server_ip, server_id=server_id)
print(template)
return render_template('ajax/show_system_info.html', system_info=system_info, server_ip=server_ip, server_id=server_id)
def update_system_info() -> None:
server_ip = form.getvalue('server_ip')
server_ip = common.is_ip_or_dns(server_ip)
server_id = form.getvalue('server_id')
if server_ip == '':
print('error: IP or DNS name is not valid')
return
def update_system_info(server_ip: str, server_id: int) -> str:
sql.delete_system_info(server_id)
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True,
extensions=["jinja2.ext.loopcontrols", "jinja2.ext.do"])
env.globals['string_to_dict'] = common.string_to_dict
template = env.get_template('ajax/show_system_info.html')
try:
get_system_info(server_ip)
system_info = sql.select_one_system_info(server_id)
template = template.render(system_info=system_info, server_ip=server_ip, server_id=server_id)
print(template)
return render_template('ajax/show_system_info.html', system_info=system_info, server_ip=server_ip, server_id=server_id)
except Exception as e:
print(f'error: Cannot update server info: {e}')
return f'error: Cannot update server info: {e}'
def show_firewalld_rules() -> None:
serv = common.checkAjaxInput(form.getvalue('viewFirewallRules'))
def show_firewalld_rules(server_ip) -> str:
input_chain2 = []
cmd = ["sudo iptables -L INPUT -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'"]
cmd1 = ["sudo iptables -L IN_public_allow -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'"]
cmd2 = ["sudo iptables -L OUTPUT -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'"]
input_chain = ssh_command(serv, cmd, raw=1)
input_chain = ssh_command(server_ip, cmd, raw=1)
input_chain2 = []
for each_line in input_chain:
input_chain2.append(each_line.strip('\n'))
if 'error:' in input_chain:
print(input_chain)
return
return input_chain
in_public_allow = ssh_command(serv, cmd1, raw=1)
output_chain = ssh_command(serv, cmd2, raw=1)
lang = roxywi_common.get_user_lang()
env = Environment(loader=FileSystemLoader('templates'))
template = env.get_template('ajax/firewall_rules.html')
template = template.render(input_chain=input_chain2, IN_public_allow=in_public_allow, output_chain=output_chain, lang=lang)
print(template)
in_public_allow = ssh_command(server_ip, cmd1, raw=1)
output_chain = ssh_command(server_ip, cmd2, raw=1)
lang = roxywi_common.get_user_lang_for_flask()
return render_template('ajax/firewall_rules.html', input_chain=input_chain2, IN_public_allow=in_public_allow, output_chain=output_chain, lang=lang)
def create_server(hostname, ip, group, typeip, enable, master, cred, port, desc, haproxy, nginx, apache, firewall, **kwargs) -> bool:
@ -437,7 +396,7 @@ def create_server(hostname, ip, group, typeip, enable, master, cred, port, desc,
return False
def update_server_after_creating(hostname: str, ip: str, scan_server: int) -> None:
def update_server_after_creating(hostname: str, ip: str, scan_server: int) -> str:
try:
try:
sql.insert_new_checker_setting_for_server(ip)
@ -481,8 +440,10 @@ def update_server_after_creating(hostname: str, ip: str, scan_server: int) -> No
roxywi_common.logging(f'Cannot get information from {hostname}', str(e), roxywi=1, login=1)
raise Exception(f'error: Cannot get information from {hostname} {e}')
return 'ok'
def delete_server(server_id: int) -> None:
def delete_server(server_id: int) -> str:
server = sql.select_servers(id=server_id)
server_ip = ''
hostname = ''
@ -492,11 +453,9 @@ def delete_server(server_id: int) -> None:
server_ip = s[2]
if sql.check_exists_backup(server_ip):
print('warning: Delete the backup first')
return
return 'warning: Delete the backup first'
if sql.check_exists_s3_backup(server_ip):
print('warning: Delete the S3 backup first')
return
return 'warning: Delete the S3 backup first'
if sql.delete_server(server_id):
sql.delete_waf_server(server_id)
sql.delete_port_scanner_settings(server_id)
@ -504,34 +463,25 @@ def delete_server(server_id: int) -> None:
sql.delete_action_history(server_id)
sql.delete_system_info(server_id)
sql.delete_service_settings(server_id)
print("Ok")
roxywi_common.logging(server_ip, f'The server {hostname} has been deleted', roxywi=1, login=1)
return 'Ok'
def server_is_up(server_ip: str) -> None:
def server_is_up(server_ip: str) -> str:
cmd = [f'if ping -c 1 -W 1 {server_ip} >> /dev/null; then echo up; else echo down; fi']
server_status, stderr = subprocess_execute(cmd)
print(server_status)
return server_status[0]
def show_server_services() -> None:
server_id = common.checkAjaxInput(form.getvalue('server_id'))
def show_server_services(server_id: int) -> None:
server = sql.select_servers(id=server_id)
env = Environment(loader=FileSystemLoader('templates'))
template = env.get_template('ajax/show_server_services.html')
lang = roxywi_common.get_user_lang()
template = template.render(server=server, lang=lang)
print(template)
lang = roxywi_common.get_user_lang_for_flask()
return render_template('ajax/show_server_services.html', server=server, lang=lang)
def change_server_services() -> None:
import json
server_id = common.checkAjaxInput(form.getvalue('changeServerServicesId'))
server_name = common.checkAjaxInput(form.getvalue('changeServerServicesServer'))
def change_server_services(server_id: int, server_name: str, server_services: str) -> str:
services = sql.select_services()
services_status = {}
server_services = json.loads(form.getvalue('jsonDatas'))
for k, v in server_services.items():
for service in services:
@ -541,5 +491,6 @@ def change_server_services() -> None:
try:
if sql.update_server_services(server_id, services_status[1], services_status[2], services_status[4], services_status[3]):
roxywi_common.logging('Roxy-WI server', f'Active services have been updated for {server_name}', roxywi=1, login=1)
return 'ok'
except Exception as e:
print(e)
return f'error: {e}'

78
app/modules/server/ssh.py
View File

@ -1,6 +1,7 @@
import os
import paramiko
from flask import render_template, request
import modules.db.sql as sql
import modules.common.common as common
@ -16,7 +17,6 @@ get_config = roxy_wi_tools.GetConfigVar()
def return_ssh_keys_path(server_ip: str, **kwargs) -> dict:
lib_path = get_config.get_config_var('main', 'lib_path')
ssh_settings = {}
if kwargs.get('id'):
sshs = sql.select_ssh(id=kwargs.get('id'))
else:
@ -29,8 +29,11 @@ def return_ssh_keys_path(server_ip: str, **kwargs) -> dict:
ssh_key = f'{lib_path}/keys/{ssh.name}.pem' if ssh.enable == 1 else ''
ssh_settings.setdefault('key', ssh_key)
ssh_port = [str(server[10]) for server in sql.select_servers(server=server_ip)]
ssh_settings.setdefault('port', ssh_port[0])
try:
ssh_port = [str(server[10]) for server in sql.select_servers(server=server_ip)]
ssh_settings.setdefault('port', ssh_port[0])
except Exception as e:
raise Exception(f'error: Cannot get SSH settings: {e}')
return ssh_settings
@ -48,29 +51,24 @@ def ssh_connect(server_ip):
return ssh
def create_ssh_cred() -> None:
from jinja2 import Environment, FileSystemLoader
name = common.checkAjaxInput(form.getvalue('new_ssh'))
enable = common.checkAjaxInput(form.getvalue('ssh_enable'))
group = common.checkAjaxInput(form.getvalue('new_group'))
def create_ssh_cred() -> str:
name = common.checkAjaxInput(request.form.get('new_ssh'))
enable = common.checkAjaxInput(request.form.get('ssh_enable'))
group = common.checkAjaxInput(request.form.get('new_group'))
group_name = sql.get_group_name_by_id(group)
username = common.checkAjaxInput(form.getvalue('ssh_user'))
password = common.checkAjaxInput(form.getvalue('ssh_pass'))
page = common.checkAjaxInput(form.getvalue('page'))
username = common.checkAjaxInput(request.form.get('ssh_user'))
password = common.checkAjaxInput(request.form.get('ssh_pass'))
page = common.checkAjaxInput(request.form.get('page'))
page = page.split("#")[0]
lang = roxywi_common.get_user_lang()
lang = roxywi_common.get_user_lang_for_flask()
name = f'{name}_{group_name}'
if username is None or name is None:
print(error_mess)
return error_mess
else:
if sql.insert_new_ssh(name, enable, group, username, password):
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('ajax/new_ssh.html')
output_from_parsed_template = template.render(groups=sql.select_groups(), sshs=sql.select_ssh(name=name), page=page, lang=lang)
print(output_from_parsed_template)
roxywi_common.logging('Roxy-WI server', f'New SSH credentials {name} has been created', roxywi=1, login=1)
return render_template('ajax/new_ssh.html', groups=sql.select_groups(), sshs=sql.select_ssh(name=name), page=page, lang=lang)
def create_ssh_cread_api(name: str, enable: str, group: str, username: str, password: str) -> bool:
@ -90,7 +88,7 @@ def create_ssh_cread_api(name: str, enable: str, group: str, username: str, pass
return True
def upload_ssh_key(name: str, user_group: str, key: str) -> bool:
def upload_ssh_key(name: str, user_group: str, key: str) -> str:
if '..' in name:
raise Exception('error: nice try')
@ -125,28 +123,27 @@ def upload_ssh_key(name: str, user_group: str, key: str) -> bool:
except Exception as e:
raise Exception(f'error: Cannot save SSH key file: {e}')
else:
print(f'success: SSH key has been saved into: {ssh_keys}')
try:
os.chmod(ssh_keys, 0o600)
except IOError as e:
roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1)
raise Exception(f'error: something went wrong: {e}')
try:
os.chmod(ssh_keys, 0o600)
except IOError as e:
roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1)
raise Exception(f'error: something went wrong: {e}')
roxywi_common.logging("Roxy-WI server", f"A new SSH cert has been uploaded {ssh_keys}", roxywi=1, login=1)
roxywi_common.logging("Roxy-WI server", f"A new SSH cert has been uploaded {ssh_keys}", roxywi=1, login=1)
return f'success: SSH key has been saved into: {ssh_keys}'
def update_ssh_key() -> None:
ssh_id = common.checkAjaxInput(form.getvalue('id'))
name = common.checkAjaxInput(form.getvalue('name'))
enable = common.checkAjaxInput(form.getvalue('ssh_enable'))
group = common.checkAjaxInput(form.getvalue('group'))
username = common.checkAjaxInput(form.getvalue('ssh_user'))
password = common.checkAjaxInput(form.getvalue('ssh_pass'))
def update_ssh_key() -> str:
ssh_id = common.checkAjaxInput(request.form.get('id'))
name = common.checkAjaxInput(request.form.get('name'))
enable = common.checkAjaxInput(request.form.get('ssh_enable'))
group = common.checkAjaxInput(request.form.get('group'))
username = common.checkAjaxInput(request.form.get('ssh_user'))
password = common.checkAjaxInput(request.form.get('ssh_pass'))
new_ssh_key_name = ''
if username is None:
print(error_mess)
return error_mess
else:
lib_path = get_config.get_config_var('main', 'lib_path')
@ -162,15 +159,16 @@ def update_ssh_key() -> None:
sql.update_ssh(ssh_id, name, enable, group, username, password)
roxywi_common.logging('Roxy-WI server', f'The SSH credentials {name} has been updated ', roxywi=1, login=1)
return 'ok'
def delete_ssh_key() -> None:
def delete_ssh_key(ssh_id) -> str:
lib_path = get_config.get_config_var('main', 'lib_path')
sshdel = common.checkAjaxInput(form.getvalue('sshdel'))
name = ''
ssh_enable = 0
ssh_key_name = ''
for sshs in sql.select_ssh(id=sshdel):
for sshs in sql.select_ssh(id=ssh_id):
ssh_enable = sshs.enable
name = sshs.name
ssh_key_name = f'{lib_path}/keys/{sshs.name}.pem'
@ -180,6 +178,6 @@ def delete_ssh_key() -> None:
os.remove(ssh_key_name)
except Exception:
pass
if sql.delete_ssh(sshdel):
print("Ok")
if sql.delete_ssh(ssh_id):
roxywi_common.logging('Roxy-WI server', f'The SSH credentials {name} has deleted', roxywi=1, login=1)
return 'ok'

87
app/modules/service/action.py
View File

@ -5,12 +5,21 @@ import modules.roxywi.common as roxywi_common
import modules.service.common as service_common
def action_haproxy(server_ip: str, action: str) -> None:
haproxy_service_name = "haproxy"
def common_action(server_ip: str, action: str, service: str) -> str:
action_functions = {
'haproxy': action_haproxy,
'nginx': action_nginx,
'keepalived': action_keepalived,
'apache': action_apache,
'waf_haproxy': action_haproxy_waf,
'waf_nginx': action_nginx_waf
}
if action not in ('start', 'stop', 'reload', 'restart'):
print('error: wrong action')
return
return action_functions[service](server_ip, action)
def action_haproxy(server_ip: str, action: str) -> str:
haproxy_service_name = "haproxy"
service_common.is_restarted(server_ip, action)
@ -31,16 +40,12 @@ def action_haproxy(server_ip: str, action: str) -> None:
commands = [f"sudo systemctl {action} {haproxy_service_name}"]
server_mod.ssh_command(server_ip, commands, timeout=5)
roxywi_common.logging(server_ip, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, service='haproxy')
print(f"success: HAProxy has been {action}")
return f"success: HAProxy has been {action}"
else:
print("error: Bad config, check please")
return "error: Bad config, check please"
def action_nginx(server_ip: str, action: str) -> None:
if action not in ('start', 'stop', 'reload', 'restart'):
print('error: wrong action')
return
def action_nginx(server_ip: str, action: str) -> str:
service_common.is_restarted(server_ip, action)
if service_common.check_nginx_config(server_ip):
@ -57,29 +62,21 @@ def action_nginx(server_ip: str, action: str) -> None:
commands = [f"sudo systemctl {action} nginx"]
server_mod.ssh_command(server_ip, commands, timeout=5)
roxywi_common.logging(server_ip, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, service='nginx')
print(f"success: NGINX has been {action}")
return f"success: NGINX has been {action}"
else:
print("error: Bad config, check please")
return "error: Bad config, check please"
def action_keepalived(server_ip: str, action: str) -> None:
if action not in ('start', 'stop', 'reload', 'restart'):
print('error: wrong action')
return
def action_keepalived(server_ip: str, action: str) -> str:
service_common.is_restarted(server_ip, action)
commands = [f"sudo systemctl {action} keepalived"]
server_mod.ssh_command(server_ip, commands)
roxywi_common.logging(server_ip, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, service='keepalived')
print(f"success: Keepalived has been {action}")
return f"success: Keepalived has been {action}"
def action_apache(server_ip: str, action: str) -> None:
if action not in ('start', 'stop', 'reload', 'restart'):
print('error: wrong action')
return
def action_apache(server_ip: str, action: str) -> str:
service_common.is_restarted(server_ip, action)
server_id = sql.select_server_id_by_ip(server_ip)
@ -97,29 +94,22 @@ def action_apache(server_ip: str, action: str) -> None:
commands = [f"sudo systemctl {action} {service_apache_name}"]
server_mod.ssh_command(server_ip, commands, timeout=5)
roxywi_common.logging(server_ip, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, service='apache')
print(f"success: Apache has been {action}")
return f"success: Apache has been {action}"
def action_haproxy_waf(server_ip: str, action: str) -> None:
if action not in ('start', 'stop', 'reload', 'restart'):
print('error: wrong action')
return
def action_haproxy_waf(server_ip: str, action: str) -> str:
service_common.is_restarted(server_ip, action)
roxywi_common.logging(server_ip, f'HAProxy WAF service has been {action}ed', roxywi=1, login=1, keep_history=1,
service='haproxy')
commands = [f"sudo systemctl {action} waf"]
server_mod.ssh_command(server_ip, commands)
return f"success: WAF has been {action}"
def action_nginx_waf(server_ip: str, action: str) -> None:
def action_nginx_waf(server_ip: str, action: str) -> str:
config_dir = common.return_nice_path(sql.get_setting('nginx_dir'))
if action not in ('start', 'stop'):
print('error: wrong action')
return
service_common.is_restarted(server_ip, action)
waf_new_state = 'on' if action == 'start' else 'off'
@ -131,12 +121,14 @@ def action_nginx_waf(server_ip: str, action: str) -> None:
f" && sudo systemctl reload nginx"]
server_mod.ssh_command(server_ip, commands)
return f"success: Apache has been {action}"
def check_service(server_ip: str, user_uuid: str, service: str) -> None:
def check_service(server_ip: str, user_uuid: str, service: str) -> str:
import socket
from contextlib import closing
user_id = sql.get_user_id_by_uuid(user_uuid.value)
user_id = sql.get_user_id_by_uuid(user_uuid)
user_services = sql.select_user_services(user_id)
if '1' in user_services:
@ -146,10 +138,9 @@ def check_service(server_ip: str, user_uuid: str, service: str) -> None:
out = server_mod.subprocess_execute(cmd)
for k in out[0]:
if "Name" in k:
print('up')
break
return 'up'
else:
print('down')
return 'down'
if '2' in user_services:
if service == 'nginx':
nginx_stats_port = sql.get_setting('nginx_stats_port')
@ -159,11 +150,11 @@ def check_service(server_ip: str, user_uuid: str, service: str) -> None:
try:
if sock.connect_ex((server_ip, nginx_stats_port)) == 0:
print('up')
return 'up'
else:
print('down')
except Exception:
print('down')
return 'down'
except Exception as e:
return 'down' + str(e)
if '4' in user_services:
if service == 'apache':
apache_stats_port = sql.get_setting('apache_stats_port')
@ -173,8 +164,8 @@ def check_service(server_ip: str, user_uuid: str, service: str) -> None:
try:
if sock.connect_ex((server_ip, apache_stats_port)) == 0:
print('up')
return 'up'
else:
print('down')
return 'down'
except Exception as e:
print('down' + str(e))
return 'down' + str(e)

102
app/modules/service/backup.py
View File

@ -1,6 +1,6 @@
import os
from jinja2 import Environment, FileSystemLoader
from flask import render_template
import modules.db.sql as sql
import modules.server.ssh as ssh_mod
@ -9,9 +9,10 @@ import modules.roxywi.common as roxywi_common
import modules.service.installation as installation_mod
def backup(serv, rpath, time, backup_type, rserver, cred, deljob, update, description) -> None:
def backup(serv, rpath, time, backup_type, rserver, cred, deljob, update, description) -> str:
script = 'backup.sh'
ssh_settings = ssh_mod.return_ssh_keys_path('localhost', id=cred)
ssh_settings = ssh_mod.return_ssh_keys_path(rserver, id=cred)
full_path = '/var/www/haproxy-wi/app'
if deljob:
time = ''
@ -22,54 +23,53 @@ def backup(serv, rpath, time, backup_type, rserver, cred, deljob, update, descri
else:
deljob = ''
if sql.check_exists_backup(serv):
print(f'warning: Backup job for {serv} already exists')
return None
return f'warning: Backup job for {serv} already exists'
os.system(f"cp scripts/{script} .")
os.system(f"cp {full_path}/scripts/{script} {full_path}/{script}")
commands = [
f"chmod +x {script} && ./{script} HOST={rserver} SERVER={serv} TYPE={backup_type} SSH_PORT={ssh_settings['port']} "
f"chmod +x {full_path}/{script} && {full_path}/{script} HOST={rserver} SERVER={serv} TYPE={backup_type} SSH_PORT={ssh_settings['port']} "
f"TIME={time} RPATH={rpath} DELJOB={deljob} USER={ssh_settings['user']} KEY={ssh_settings['key']}"
]
output, error = server_mod.subprocess_execute(commands[0])
try:
os.remove(f'{full_path}/{script}')
except Exception:
pass
for line in output:
if any(s in line for s in ("Traceback", "FAILED")):
try:
print(f'error: {line}')
break
return f'error: {line}'
except Exception:
print(f'error: {output}')
break
return f'error: {output}'
else:
if not deljob and not update:
if sql.insert_backup_job(serv, rserver, rpath, backup_type, time, cred, description):
env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True)
template = env.get_template('new_backup.html')
template = template.render(
backups=sql.select_backups(server=serv, rserver=rserver), sshs=sql.select_ssh()
roxywi_common.logging('backup ', f' a new backup job for server {serv} has been created', roxywi=1,
login=1)
return render_template(
'ajax/new_backup.html',backups=sql.select_backups(server=serv, rserver=rserver), sshs=sql.select_ssh()
)
print(template)
print('success: Backup job has been created')
roxywi_common.logging('backup ', f' a new backup job for server {serv} has been created', roxywi=1, login=1)
else:
print('error: Cannot add the job into DB')
raise Exception('error: Cannot add the job into DB')
elif deljob:
sql.delete_backups(deljob)
print('Ok')
roxywi_common.logging('backup ', f' a backup job for server {serv} has been deleted', roxywi=1, login=1)
return 'ok'
elif update:
sql.update_backup(serv, rserver, rpath, backup_type, time, cred, description, update)
print('Ok')
roxywi_common.logging('backup ', f' a backup job for server {serv} has been updated', roxywi=1, login=1)
os.remove(script)
return 'ok'
def s3_backup(server, s3_server, bucket, secret_key, access_key, time, deljob, description) -> None:
def s3_backup(server, s3_server, bucket, secret_key, access_key, time, deljob, description) -> str:
script = 's3_backup.sh'
tag = 'add'
full_path = '/var/www/haproxy-wi/app'
if deljob:
time = ''
@ -80,36 +80,38 @@ def s3_backup(server, s3_server, bucket, secret_key, access_key, time, deljob, d
if sql.check_exists_s3_backup(server):
raise Exception(f'error: Backup job for {server} already exists')
os.system(f"cp scripts/{script} .")
os.system(f"cp {full_path}/scripts/{script} {full_path}/{script}")
commands = [
f"chmod +x {script} && ./{script} SERVER={server} S3_SERVER={s3_server} BUCKET={bucket} SECRET_KEY={secret_key} ACCESS_KEY={access_key} TIME={time} TAG={tag}"
f"chmod +x {full_path}/{script} && {full_path}/{script} SERVER={server} S3_SERVER={s3_server} BUCKET={bucket} "
f"SECRET_KEY={secret_key} ACCESS_KEY={access_key} TIME={time} TAG={tag}"
]
return_out = server_mod.subprocess_execute_with_rc(commands[0])
if not deljob and not update:
try:
os.remove(f'{full_path}/{script}')
except Exception:
pass
if not deljob:
try:
if installation_mod.show_installation_output(return_out['error'], return_out['output'], 'S3 backup', rc=return_out['rc'], api=1):
if installation_mod.show_installation_output(return_out['error'], return_out['output'], 'S3 backup', rc=return_out['rc']):
try:
sql.insert_s3_backup_job(server, s3_server, bucket, secret_key, access_key, time, description)
except Exception as e:
raise Exception(f'error: {e}')
except Exception as e:
raise Exception(e)
env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True)
template = env.get_template('new_s3_backup.html')
template = template.render(backups=sql.select_s3_backups(server=server, s3_server=s3_server, bucket=bucket))
print(template)
print('success: Backup job has been created')
roxywi_common.logging('backup ', f' a new S3 backup job for server {server} has been created', roxywi=1, login=1)
return render_template('ajax/new_s3_backup.html', backups=sql.select_s3_backups(server=server, s3_server=s3_server, bucket=bucket))
elif deljob:
sql.delete_s3_backups(deljob)
print('Ok')
roxywi_common.logging('backup ', f' a S3 backup job for server {server} has been deleted', roxywi=1, login=1)
return 'ok'
def git_backup(server_id, service_id, git_init, repo, branch, period, cred, deljob, description) -> None:
def git_backup(server_id, service_id, git_init, repo, branch, period, cred, deljob, description) -> str:
servers = roxywi_common.get_dick_permit()
proxy = sql.get_setting('proxy')
services = sql.select_services()
@ -119,8 +121,9 @@ def git_backup(server_id, service_id, git_init, repo, branch, period, cred, delj
script = 'git_backup.sh'
proxy_serv = ''
ssh_settings = ssh_mod.return_ssh_keys_path('localhost', id=int(cred))
full_path = '/var/www/haproxy-wi/app'
os.system(f"cp scripts/{script} .")
os.system(f"cp {full_path}/scripts/{script} {full_path}/{script}")
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
@ -131,21 +134,24 @@ def git_backup(server_id, service_id, git_init, repo, branch, period, cred, delj
branch = 'main'
commands = [
f"chmod +x {script} && ./{script} HOST={server_ip} DELJOB={deljob} SERVICE={service_name} INIT={git_init} "
f"chmod +x {full_path}/{script} && {full_path}/{script} HOST={server_ip} DELJOB={deljob} SERVICE={service_name} INIT={git_init} "
f"SSH_PORT={ssh_settings['port']} PERIOD={period} REPO={repo} BRANCH={branch} CONFIG_DIR={service_config_dir} "
f"PROXY={proxy_serv} USER={ssh_settings['user']} KEY={ssh_settings['key']}"
]
output, error = server_mod.subprocess_execute(commands[0])
try:
os.remove(f'{full_path}/{script}')
except Exception:
pass
for line in output:
if any(s in line for s in ("Traceback", "FAILED")):
try:
print('error: ' + line)
break
return 'error: ' + line
except Exception:
print('error: ' + output)
break
return 'error: ' + output
else:
if deljob == '0':
if sql.insert_new_git(
@ -155,16 +161,12 @@ def git_backup(server_id, service_id, git_init, repo, branch, period, cred, delj
gits = sql.select_gits(server_id=server_id, service_id=service_id)
sshs = sql.select_ssh()
lang = roxywi_common.get_user_lang()
env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True)
template = env.get_template('new_git.html')
template = template.render(gits=gits, sshs=sshs, servers=servers, services=services, new_add=1, lang=lang)
print(template)
print('success: Git job has been created')
lang = roxywi_common.get_user_lang_for_flask()
roxywi_common.logging(
server_ip, ' A new git job has been created', roxywi=1, login=1, keep_history=1, service=service_name
server_ip, ' A new git job has been created', roxywi=1, login=1, keep_history=1,
service=service_name
)
return render_template('ajax/new_git.html', gits=gits, sshs=sshs, servers=servers, services=services, new_add=1, lang=lang)
else:
if sql.delete_git(form.getvalue('git_backup')):
print('Ok')
os.remove(script)
return 'ok'

138
app/modules/service/common.py
View File

@ -1,5 +1,7 @@
import os
import http.cookies
import requests
from flask import render_template, request
import modules.db.sql as sql
import modules.server.ssh as mod_ssh
@ -7,6 +9,7 @@ import modules.common.common as common
import modules.server.server as server_mod
import modules.roxywi.common as roxywi_common
import modules.roxy_wi_tools as roxy_wi_tools
import modules.config.section as section_mod
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
@ -25,11 +28,10 @@ def check_haproxy_version(server_ip):
def is_restarted(server_ip: str, action: str) -> None:
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_uuid = cookie.get('uuid')
group_id = cookie.get('group')
group_id = int(group_id.value)
user_role = sql.get_user_role_by_uuid(user_uuid.value, group_id)
user_uuid = request.cookies.get('uuid')
group_id = request.cookies.get('group')
group_id = int(group_id)
user_role = sql.get_user_role_by_uuid(user_uuid, group_id)
if sql.is_serv_protected(server_ip) and int(user_role) > 2:
print(f'error: This server is protected. You cannot {action} it')
@ -42,26 +44,22 @@ def is_not_allowed_to_restart(server_id: int, service: str) -> None:
else:
is_restart = 0
try:
if int(is_restart) == 1:
print('warning: this service is not allowed to be restarted')
return
except Exception:
pass
if int(is_restart) == 1:
raise Exception('warning: This service is not allowed to be restarted')
def get_exp_version(server_ip: str, service_name: str) -> str:
server_ip = common.is_ip_or_dns(server_ip)
if service_name == 'haproxy_exporter':
if service_name == 'haproxy':
commands = ["/opt/prometheus/exporters/haproxy_exporter --version 2>&1 |head -1|awk '{print $3}'"]
elif service_name == 'nginx_exporter':
elif service_name == 'nginx':
commands = ["/opt/prometheus/exporters/nginx_exporter 2>&1 |head -1 |awk -F\"=\" '{print $2}'|awk '{print $1}'"]
elif service_name == 'node_exporter':
elif service_name == 'node':
commands = ["node_exporter --version 2>&1 |head -1|awk '{print $3}'"]
elif service_name == 'apache_exporter':
elif service_name == 'apache':
commands = ["/opt/prometheus/exporters/apache_exporter --version 2>&1 |head -1|awk '{print $3}'"]
elif service_name == 'keepalived_exporter':
commands = ["systemctl list-units --full -all |grep keepalived_exporter"]
elif service_name == 'keepalived':
commands = ["keepalived_exporter --version 2>&1 |head -1|awk '{print $2}'"]
ver = server_mod.ssh_command(server_ip, commands)
@ -137,21 +135,16 @@ def check_nginx_config(server_ip):
def overview_backends(server_ip: str, service: str) -> None:
from jinja2 import Environment, FileSystemLoader
import modules.config.config as config_mod
import modules.config.section as section_mod
import modules.roxywi.common as roxywi_common
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('ajax/haproxyservers_backends.html')
lang = roxywi_common.get_user_lang_for_flask()
format_file = 'cfg'
if service == 'haproxy':
configs_dir = get_config.get_config_var('configs', 'haproxy_save_configs_dir')
format_file = 'cfg'
elif service == 'keepalived':
configs_dir = get_config.get_config_var('configs', 'kp_save_configs_dir')
configs_dir = get_config.get_config_var('configs', 'keepalived_save_configs_dir')
format_file = 'conf'
if service != 'nginx' and service != 'apache':
@ -180,11 +173,10 @@ def overview_backends(server_ip: str, service: str) -> None:
else:
sections = section_mod.get_remote_sections(server_ip, service)
template = template.render(backends=sections, serv=server_ip, service=service)
print(template)
return render_template('ajax/haproxyservers_backends.html', backends=sections, serv=server_ip, service=service, lang=lang)
def get_overview_last_edit(server_ip: str, service: str) -> None:
def get_overview_last_edit(server_ip: str, service: str) -> str:
if service == 'nginx':
config_path = sql.get_setting('nginx_config_path')
elif service == 'keepalived':
@ -193,65 +185,12 @@ def get_overview_last_edit(server_ip: str, service: str) -> None:
config_path = sql.get_setting('haproxy_config_path')
commands = ["ls -l %s |awk '{ print $6\" \"$7\" \"$8}'" % config_path]
try:
print(server_mod.ssh_command(server_ip, commands))
return server_mod.ssh_command(server_ip, commands)
except Exception as e:
print(f'error: Cannot get last date {e} for server {server_ip}')
return f'error: Cannot get last date {e} for server {server_ip}'
def overview_service(server_ip: str, server_id: int, name: str, service: str) -> None:
import asyncio
from jinja2 import Environment, FileSystemLoader
user_params = roxywi_common.get_users_params()
async def async_get_overviewServers(serv1, serv2, service):
if service == 'haproxy':
cmd = 'echo "show info" |nc %s %s -w 1|grep -e "node\|Nbproc\|Maxco\|MB\|Nbthread"' % (
serv2, sql.get_setting('haproxy_sock_port'))
out = server_mod.subprocess_execute(cmd)
return_out = ""
for k in out:
if "Ncat:" not in k:
for r in k:
return_out += r
return_out += "<br />"
else:
return_out = "Cannot connect to HAProxy"
else:
return_out = ''
server_status = (serv1, serv2, return_out)
return server_status
async def get_runner_overviewServers(**kwargs):
env = Environment(loader=FileSystemLoader('templates/'), extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'])
template = env.get_template('ajax/overviewServers.html')
servers = []
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_id = cookie.get('uuid')
group_id = cookie.get('group')
group_id = int(group_id.value)
role = sql.get_user_role_by_uuid(user_id.value, group_id)
futures = [async_get_overviewServers(kwargs.get('server1'), kwargs.get('server2'), kwargs.get('service'))]
for i, future in enumerate(asyncio.as_completed(futures)):
result = await future
servers.append(result)
servers_sorted = sorted(servers, key=common.get_key)
template = template.render(service_status=servers_sorted, role=role, id=kwargs.get('id'), service_page=service, lang=user_params['lang'])
print(template)
ioloop = asyncio.get_event_loop()
ioloop.run_until_complete(get_runner_overviewServers(server1=name, server2=server_ip, id=server_id, service=service))
ioloop.close()
def get_stat_page(server_ip: str, service: str) -> None:
import requests
from jinja2 import Environment, FileSystemLoader
def get_stat_page(server_ip: str, service: str) -> str:
if service in ('nginx', 'apache'):
stats_user = sql.get_setting(f'{service}_stats_user')
stats_pass = sql.get_setting(f'{service}_stats_password')
@ -265,24 +204,21 @@ def get_stat_page(server_ip: str, service: str) -> None:
try:
response = requests.get(f'http://{server_ip}:{stats_port}/{stats_page}', auth=(stats_user, stats_pass))
except requests.exceptions.ConnectTimeout:
print('error: Oops. Connection timeout occurred!')
return 'error: Oops. Connection timeout occurred!'
except requests.exceptions.ReadTimeout:
print('error: Oops. Read timeout occurred')
return 'error: Oops. Read timeout occurred'
except requests.exceptions.HTTPError as errh:
print("error: Http Error:", errh)
return f'error: Http Error: {errh}'
except requests.exceptions.ConnectionError as errc:
print('error: Error Connecting: %s' % errc)
return f'error: Error Connecting: {errc}'
except requests.exceptions.Timeout as errt:
print("error: Timeout Error:", errt)
return f'error: Timeout Error: {errt}'
except requests.exceptions.RequestException as err:
print("error: OOps: Something Else", err)
return f'error: OOps: Something Else {err}'
data = response.content
if service == 'nginx':
lang = roxywi_common.get_user_lang()
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('ajax/nginx_stats.html')
lang = roxywi_common.get_user_lang_for_flask()
servers_with_status = list()
h = ()
out1 = []
@ -291,20 +227,14 @@ def get_stat_page(server_ip: str, service: str) -> None:
h = (out1,)
servers_with_status.append(h)
template = template.render(out=servers_with_status, lang=lang)
print(template)
return render_template('ajax/nginx_stats.html', out=servers_with_status, lang=lang)
else:
print(data.decode('utf-8'))
return data.decode('utf-8')
def show_service_version(server_ip: str, service: str) -> None:
if service not in ('nginx', 'apache', 'haproxy'):
print('warning: wrong service')
return None
if service == 'haproxy':
print(check_haproxy_version(server_ip))
return None
return check_haproxy_version(server_ip)
server_id = sql.select_server_id_by_ip(server_ip)
service_name = service
@ -321,4 +251,4 @@ def show_service_version(server_ip: str, service: str) -> None:
cmd = [f'docker exec -it {container_name} /usr/sbin/{service_name} -v 2>&1|head -1|awk -F":" \'{{print $2}}\'']
else:
cmd = [f'sudo /usr/sbin/{service_name} -v|head -1|awk -F":" \'{{print $2}}\'']
print(server_mod.ssh_command(server_ip, cmd))
return server_mod.ssh_command(server_ip, cmd)

91
app/modules/service/exporter_installation.py
View File

@ -1,18 +1,12 @@
import os
import modules.db.sql as sql
import modules.common.common as common
import modules.server.server as server_mod
from modules.service.installation import show_installation_output
from modules.service.installation import show_installation_output, show_success_installation
from modules.server.ssh import return_ssh_keys_path
form = common.form
def haproxy_exp_installation():
serv = form.getvalue('haproxy_exp_install')
ver = form.getvalue('exporter_v')
ext_prom = form.getvalue('ext_prom')
def haproxy_exp_installation(serv, ver, ext_prom):
script = "install_haproxy_exporter.sh"
stats_port = sql.get_setting('stats_port')
server_state_file = sql.get_setting('server_state_file')
@ -21,8 +15,13 @@ def haproxy_exp_installation():
stat_page = sql.get_setting('stats_page')
proxy = sql.get_setting('proxy')
ssh_settings = return_ssh_keys_path(serv)
full_path = '/var/www/haproxy-wi/app'
service = 'HAProxy exporter'
os.system(f"cp scripts/{script} .")
try:
os.system(f"cp {full_path}/scripts/{script} {full_path}/{script}")
except Exception as e:
raise Exception(f'error: {e}')
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
@ -30,26 +29,27 @@ def haproxy_exp_installation():
proxy_serv = ''
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} STAT_PORT={stats_port} STAT_FILE={server_state_file}"
f"chmod +x {full_path}/{script} && {full_path}/{script} PROXY={proxy_serv} STAT_PORT={stats_port} STAT_FILE={server_state_file}"
f" SSH_PORT={ssh_settings['port']} STAT_PAGE={stat_page} VER={ver} EXP_PROM={ext_prom} STATS_USER={stats_user}"
f" STATS_PASS='{stats_password}' HOST={serv} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}"
]
return_out = server_mod.subprocess_execute_with_rc(commands[0])
show_installation_output(return_out['error'], return_out['output'], 'HAProxy exporter', rc=return_out['rc'])
os.remove(script)
try:
show_installation_output(return_out['error'], return_out['output'], service, rc=return_out['rc'])
except Exception as e:
raise Exception(f'error: read output: {e}')
try:
os.remove(f'{full_path}/{script}')
except Exception:
pass
return show_success_installation(service)
def nginx_apache_exp_installation():
if form.getvalue('nginx_exp_install'):
service = 'nginx'
elif form.getvalue('apache_exp_install'):
service = 'apache'
serv = common.is_ip_or_dns(form.getvalue('serv'))
ver = common.checkAjaxInput(form.getvalue('exporter_v'))
ext_prom = common.checkAjaxInput(form.getvalue('ext_prom'))
def nginx_apache_exp_installation(serv, service, ver, ext_prom):
script = f"install_{service}_exporter.sh"
stats_user = sql.get_setting(f'{service}_stats_user')
stats_password = sql.get_setting(f'{service}_stats_password')
@ -58,44 +58,69 @@ def nginx_apache_exp_installation():
proxy = sql.get_setting('proxy')
proxy_serv = ''
ssh_settings = return_ssh_keys_path(serv)
full_path = '/var/www/haproxy-wi/app'
service = f'{service.title()} exporter'
os.system(f"cp scripts/{script} .")
try:
os.system(f"cp {full_path}/scripts/{script} {full_path}/{script}")
except Exception as e:
raise Exception(f'error: {e}')
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} STAT_PORT={stats_port} SSH_PORT={ssh_settings['port']} STAT_PAGE={stats_page}"
f"chmod +x {full_path}/{script} && {full_path}/{script} PROXY={proxy_serv} STAT_PORT={stats_port} SSH_PORT={ssh_settings['port']} STAT_PAGE={stats_page}"
f" STATS_USER={stats_user} STATS_PASS='{stats_password}' HOST={serv} VER={ver} EXP_PROM={ext_prom} USER={ssh_settings['user']} "
f" PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}"
]
return_out = server_mod.subprocess_execute_with_rc(commands[0])
show_installation_output(return_out['error'], return_out['output'], f'{service.title()} exporter', rc=return_out['rc'])
os.remove(script)
try:
show_installation_output(return_out['error'], return_out['output'], service, rc=return_out['rc'])
except Exception as e:
raise Exception(f'error: read output: {e}')
try:
os.remove(f'{full_path}/{script}')
except Exception:
pass
return show_success_installation(service)
def node_keepalived_exp_installation(service: str) -> None:
serv = common.is_ip_or_dns(form.getvalue(f'{service}_exp_install'))
ver = common.checkAjaxInput(form.getvalue('exporter_v'))
ext_prom = common.checkAjaxInput(form.getvalue('ext_prom'))
def node_keepalived_exp_installation(service: str, serv: str, ver: str, ext_prom: int) -> None:
script = f"install_{service}_exporter.sh"
proxy = sql.get_setting('proxy')
proxy_serv = ''
ssh_settings = return_ssh_keys_path(serv)
full_path = '/var/www/haproxy-wi/app'
service = 'Node exporter'
os.system(f"cp scripts/{script} .")
try:
os.system(f"cp {full_path}/scripts/{script} {full_path}/{script}")
except Exception as e:
raise Exception(f'error: {e}')
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} VER={ver} EXP_PROM={ext_prom} "
f"chmod +x {full_path}/{script} && {full_path}/{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} VER={ver} EXP_PROM={ext_prom} "
f"HOST={serv} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}"
]
return_out = server_mod.subprocess_execute_with_rc(commands[0])
show_installation_output(return_out['error'], return_out['output'], 'Node exporter', rc=return_out['rc'])
os.remove(script)
try:
show_installation_output(return_out['error'], return_out['output'], service, rc=return_out['rc'])
except Exception as e:
raise Exception(f'error: read output: {e}')
try:
os.remove(f'{full_path}/{script}')
except Exception:
pass
return show_success_installation(service)

49
app/modules/service/haproxy.py
View File

@ -1,6 +1,8 @@
import os
import requests
from flask import request
import modules.db.sql as sql
import modules.common.common as common
import modules.server.server as server_mod
@ -11,7 +13,6 @@ import modules.roxy_wi_tools as roxy_wi_tools
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
get_config = roxy_wi_tools.GetConfigVar()
form = common.form
def stat_page_action(serv: str) -> None:
@ -21,9 +22,9 @@ def stat_page_action(serv: str) -> None:
stats_page = sql.get_setting('stats_page')
postdata = {
'action': form.getvalue('action'),
's': form.getvalue('s'),
'b': form.getvalue('b')
'action': request.form.get('action'),
's': request.form.get('s'),
'b': request.form.get('b')
}
headers = {
@ -33,10 +34,11 @@ def stat_page_action(serv: str) -> None:
'Accept-Encoding': 'gzip, deflate'
}
requests.post(f'http://{serv}:{stats_port}/{stats_page}', headers=headers, data=postdata, auth=(haproxy_user, haproxy_pass))
data = requests.post(f'http://{serv}:{stats_port}/{stats_page}', headers=headers, data=postdata, auth=(haproxy_user, haproxy_pass))
return data.content
def show_map(serv: str) -> None:
def show_map(serv: str) -> str:
import networkx as nx
import matplotlib
@ -47,17 +49,16 @@ def show_map(serv: str) -> None:
hap_configs_dir = get_config.get_config_var('configs', 'haproxy_save_configs_dir')
date = get_date.return_date('config')
cfg = f'{hap_configs_dir}{serv}-{date}.cfg'
print(f'<center><h4 style="margin-bottom: 0;">Map from {serv}</h4>')
output = f'<center><h4 style="margin-bottom: 0;">Map from {serv}</h4>'
error = config_mod.get_config(serv, cfg)
if error:
print(error)
return f'error: Cannot read import config file {error}'
try:
conf = open(cfg, "r")
except IOError:
print('error: Cannot read import config file')
return
except IOError as e:
return f'error: Cannot read import config file {e}'
G = nx.DiGraph()
node = ""
@ -239,25 +240,22 @@ def show_map(serv: str) -> None:
nx.draw_networkx_edge_labels(G, pos, alpha=0.4, label_pos=0.5, font_color="#5d9ceb", edge_labels=edge_labels,
font_size=8)
plt.savefig("map.png")
plt.savefig(f"/var/www/haproxy-wi/app/map.png")
plt.show()
except Exception as e:
print(str(e))
return f'error: Cannot create a map: {e}'
os.system(
f"rm -f {os.path.dirname(os.getcwd())}/map*.png && mv map.png {os.path.dirname(os.getcwd())}/map{date}.png")
print(f'<img src="/map{date}.png" alt="map"></center>')
output += f'<img src="/map.png" alt="map"></center>'
return output
def runtime_command(serv: str) -> None:
def runtime_command(serv: str, enable: str, backend: str, save: str) -> str:
server_state_file = sql.get_setting('server_state_file')
haproxy_sock = sql.get_setting('haproxy_sock')
enable = common.checkAjaxInput(form.getvalue('servaction'))
backend = common.checkAjaxInput(form.getvalue('servbackend'))
cmd = f'echo "{enable} {backend}" |sudo socat stdio {haproxy_sock}'
if form.getvalue('save') == "on":
if save == "on":
save_command = f'echo "show servers state" | sudo socat {haproxy_sock} stdio > {server_state_file}'
command = [cmd + ';' + save_command]
else:
@ -266,10 +264,11 @@ def runtime_command(serv: str) -> None:
if enable != "show":
roxywi_common.logging(serv, f'Has been {enable}ed {backend}', login=1, keep_history=1, service='haproxy')
print(
f'<center><h3>You {enable} {backend} on HAProxy {serv}. <a href="statsview.py?serv={serv}" '
f'title="View stat" target="_blank">Look it</a> or <a href="runtimeapi.py" '
f'<center><h3>You {enable} {backend} on HAProxy {serv}. <a href="/app/stats/haproxy/{serv}" '
f'title="View stat" target="_blank">Look it</a> or <a href="/app/runtimeapi" '
f'title="Runtime API">Edit something else</a></h3><br />')
print(server_mod.ssh_command(serv, command, show_log="1"))
action = f'runtimeapi.py {enable} {backend}'
action = f'runtimeapi {enable} {backend}'
roxywi_common.logging(serv, action)
return server_mod.ssh_command(serv, command, show_log="1")

272
app/modules/service/installation.py
View File

@ -1,6 +1,8 @@
import os
import json
from flask import render_template
import modules.db.sql as sql
import modules.service.common as service_common
import modules.common.common as common
@ -8,10 +10,8 @@ import modules.server.server as server_mod
import modules.roxywi.common as roxywi_common
from modules.server.ssh import return_ssh_keys_path
form = common.form
def show_installation_output(error: str, output: str, service: str, rc=0, api=0):
def show_installation_output(error: str, output: str, service: str, rc=0):
if error and "WARNING" not in error:
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
raise Exception('error: ' + error)
@ -22,18 +22,16 @@ def show_installation_output(error: str, output: str, service: str, rc=0, api=0)
try:
correct_out = line.split('=>')
correct_out = json.loads(correct_out[1])
raise Exception(f'error: {correct_out["msg"]} for {service}')
except Exception:
raise Exception(f'error: {output} for {service}')
else:
if not api:
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('include/show_success_installation.html')
lang = roxywi_common.get_user_lang()
rendered_template = template.render(service=service, lang=lang)
print(rendered_template)
return True
else:
raise Exception(f'error: {correct_out["msg"]} for {service}')
return True
def show_success_installation(service):
lang = roxywi_common.get_user_lang_for_flask()
return render_template('include/show_success_installation.html', service=service, lang=lang)
def install_haproxy(server_ip: str, api=0, **kwargs):
@ -81,11 +79,15 @@ def install_haproxy(server_ip: str, api=0, **kwargs):
return_out = server_mod.subprocess_execute_with_rc(commands[0])
if show_installation_output(return_out['error'], return_out['output'], service, rc=return_out['rc'], api=api):
try:
sql.update_haproxy(server_ip)
except Exception as e:
print(e)
try:
show_installation_output(return_out['error'], return_out['output'], service, rc=return_out['rc'])
except Exception as e:
raise Exception(e)
try:
sql.update_haproxy(server_ip)
except Exception as e:
return str(e)
if docker == '1':
server_id = sql.select_server_id_by_ip(server_ip)
@ -97,6 +99,9 @@ def install_haproxy(server_ip: str, api=0, **kwargs):
except Exception:
pass
if not api:
return show_success_installation(service)
def waf_install(server_ip: str):
script = "waf.sh"
@ -106,28 +111,35 @@ def waf_install(server_ip: str):
service = ' WAF'
proxy_serv = ''
ssh_settings = return_ssh_keys_path(server_ip)
full_path = '/var/www/haproxy-wi/app'
os.system(f"cp scripts/{script} .")
os.system(f"cp {full_path}/scripts/{script} {full_path}/{script}")
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} HAPROXY_PATH={haproxy_dir} VERSION='{ver}' "
f"chmod +x {full_path}/{script} && {full_path}/{script} PROXY={proxy_serv} HAPROXY_PATH={haproxy_dir} VERSION='{ver}' "
f"SSH_PORT={ssh_settings['port']} HOST={server_ip} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' "
f"KEY={ssh_settings['key']}"
]
return_out = server_mod.subprocess_execute_with_rc(commands[0])
if show_installation_output(return_out['error'], return_out['output'], service, rc=return_out['rc']):
try:
sql.insert_waf_metrics_enable(server_ip, "0")
sql.insert_waf_rules(server_ip)
except Exception as e:
print(e)
try:
show_installation_output(return_out['error'], return_out['output'], service, rc=return_out['rc'])
except Exception as e:
raise Exception(e)
os.remove(script)
try:
sql.insert_waf_metrics_enable(server_ip, "0")
sql.insert_waf_rules(server_ip)
except Exception as e:
return str(e)
os.remove(f'{full_path}/{script}')
return show_success_installation(service)
def waf_nginx_install(server_ip: str):
@ -137,30 +149,37 @@ def waf_nginx_install(server_ip: str):
service = ' WAF'
proxy_serv = ''
ssh_settings = return_ssh_keys_path(server_ip)
full_path = '/var/www/haproxy-wi/app'
os.system(f"cp scripts/{script} .")
os.system(f"cp {full_path}/scripts/{script} {full_path}/{script}")
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} NGINX_PATH={nginx_dir} SSH_PORT={ssh_settings['port']} "
f"chmod +x {full_path}/{script} && {full_path}/{script} PROXY={proxy_serv} NGINX_PATH={nginx_dir} SSH_PORT={ssh_settings['port']} "
f"HOST={server_ip} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}"
]
return_out = server_mod.subprocess_execute_with_rc(commands[0])
if show_installation_output(return_out['error'], return_out['output'], service, rc=return_out['rc']):
try:
sql.insert_nginx_waf_rules(server_ip)
sql.insert_waf_nginx_server(server_ip)
except Exception as e:
print(e)
try:
show_installation_output(return_out['error'], return_out['output'], service, rc=return_out['rc'])
except Exception as e:
raise Exception(e)
os.remove(script)
try:
sql.insert_nginx_waf_rules(server_ip)
sql.insert_waf_nginx_server(server_ip)
except Exception as e:
return str(e)
os.remove(f'{full_path}/{script}')
return show_success_installation(service)
def install_service(server_ip: str, service: str, docker: str, api=0, **kwargs) -> None:
def install_service(server_ip: str, service: str, docker: str, syn_flood_protect: int, api=0, **kwargs) -> str:
script = f"install_{service}.sh"
stats_user = sql.get_setting(f'{service}_stats_user')
stats_password = sql.get_setting(f'{service}_stats_password')
@ -183,8 +202,6 @@ def install_service(server_ip: str, service: str, docker: str, api=0, **kwargs)
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
syn_flood_protect = '1' if form.getvalue('syn_flood') == "1" else ''
if service == 'apache':
correct_service_name = service_common.get_correct_apache_service_name(server_ip=server_ip, server_id=None)
if service_dir == '/etc/httpd' and correct_service_name == 'apache2':
@ -206,17 +223,21 @@ def install_service(server_ip: str, service: str, docker: str, api=0, **kwargs)
return_out = server_mod.subprocess_execute_with_rc(commands[0])
if show_installation_output(return_out['error'], return_out['output'], service_name, rc=return_out['rc'], api=api):
if service == 'nginx':
try:
sql.update_nginx(server_ip)
except Exception as e:
print(e)
elif service == 'apache':
try:
sql.update_apache(server_ip)
except Exception as e:
print(e)
try:
show_installation_output(return_out['error'], return_out['output'], service_name, rc=return_out['rc'])
except Exception as e:
raise Exception(e)
if service == 'nginx':
try:
sql.update_nginx(server_ip)
except Exception as e:
return str(e)
elif service == 'apache':
try:
sql.update_apache(server_ip)
except Exception as e:
return str(e)
if docker == '1':
server_id = sql.select_server_id_by_ip(server_ip)
@ -225,38 +246,47 @@ def install_service(server_ip: str, service: str, docker: str, api=0, **kwargs)
os.remove(f'{full_path}/{script}')
if not api:
return show_success_installation(service)
def geoip_installation():
serv = common.is_ip_or_dns(form.getvalue('geoip_install'))
geoip_update = common.checkAjaxInput(form.getvalue('geoip_update'))
service = form.getvalue('geoip_service')
def geoip_installation(serv, geoip_update, service):
proxy = sql.get_setting('proxy')
maxmind_key = sql.get_setting('maxmind_key')
proxy_serv = ''
ssh_settings = return_ssh_keys_path(serv)
full_path = '/var/www/haproxy-wi/app'
if service in ('haproxy', 'nginx'):
service_dir = common.return_nice_path(sql.get_setting(f'{service}_dir'))
script = f'install_{service}_geoip.sh'
else:
print('warning: select a server and service first')
return
raise Exception('warning: select a server and service first')
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
os.system(f"cp scripts/{script} .")
try:
os.system(f"cp {full_path}/scripts/{script} {full_path}/{script}")
except Exception as e:
raise Exception(f'error: {e}')
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} UPDATE={geoip_update} "
f"chmod +x {full_path}/{script} && {full_path}/{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} UPDATE={geoip_update} "
f"maxmind_key={maxmind_key} service_dir={service_dir} HOST={serv} USER={ssh_settings['user']} "
f"PASS={ssh_settings['password']} KEY={ssh_settings['key']}"
]
return_out = server_mod.subprocess_execute_with_rc(commands[0])
show_installation_output(return_out['error'], return_out['output'], 'GeoLite2 Database', rc=return_out['rc'])
os.remove(script)
try:
show_installation_output(return_out['error'], return_out['output'], 'GeoLite2 Database', rc=return_out['rc'])
except Exception as e:
raise Exception(e)
os.remove(f'{full_path}/{script}')
return show_success_installation('GeoLite2 Database')
def grafana_install():
@ -264,44 +294,43 @@ def grafana_install():
proxy = sql.get_setting('proxy')
proxy_serv = ''
host = os.environ.get('HTTP_HOST', '')
full_path = '/var/www/haproxy-wi/app'
os.system(f"cp scripts/{script} .")
try:
os.system(f"cp {full_path}/scripts/{script} {full_path}/{script}")
except Exception as e:
raise Exception(f'error: {e}')
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
cmd = f"chmod +x {script} && ./{script} PROXY={proxy_serv}"
cmd = f"chmod +x {full_path}/{script} && {full_path}/{script} PROXY={proxy_serv}"
output, error = server_mod.subprocess_execute(cmd)
if error:
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
print(
f'success: Grafana and Prometheus servers were installed. You can find Grafana on http://{host}:3000<br>')
else:
for line in output:
if any(s in line for s in ("Traceback", "FAILED")):
try:
print(line)
break
return line
except Exception:
print(output)
break
else:
print(
f'success: Grafana and Prometheus servers were installed. You can find Grafana on http://{host}:3000<br>')
return output
os.remove(script)
os.remove(f'{full_path}/{script}')
return f'success: Grafana and Prometheus servers were installed. You can find Grafana on http://{host}:3000<br>'
def keepalived_master_install(master: str, eth: str, eth_slave: str, vrrp_ip: str, virt_server: int, syn_flood: int,
return_to_master: int, haproxy: int, nginx: int, router_id: int, api=0) -> None:
return_to_master: int, haproxy: int, nginx: int, router_id: int, api=0) -> str:
script = "install_keepalived.sh"
proxy = sql.get_setting('proxy')
keepalived_path_logs = sql.get_setting('keepalived_path_logs')
proxy_serv = ''
ssh_settings = return_ssh_keys_path(master)
full_path = '/var/www/haproxy-wi/app'
service = 'master Keepalived'
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
@ -320,36 +349,44 @@ def keepalived_master_install(master: str, eth: str, eth_slave: str, vrrp_ip: st
return_out = server_mod.subprocess_execute_with_rc(commands[0])
if show_installation_output(return_out['error'], return_out['output'], 'master Keepalived', rc=return_out['rc'], api=api):
try:
sql.update_keepalived(master)
except Exception as e:
raise Exception(e)
try:
show_installation_output(return_out['error'], return_out['output'], service, rc=return_out['rc'])
except Exception as e:
raise Exception(f'error: read output: {e}')
if virt_server:
group_id = sql.get_group_id_by_server_ip(master)
cred_id = sql.get_cred_id_by_server_ip(master)
hostname = sql.get_hostname_by_server_ip(master)
firewall = 1 if server_mod.is_service_active(master, 'firewalld') else 0
sql.add_server(
hostname + '-VIP', vrrp_ip, group_id, '1', '1', '0', cred_id, ssh_settings['port'], f'VRRP IP for {master}',
haproxy, nginx, '0', firewall
)
try:
sql.update_keepalived(master)
except Exception as e:
raise Exception(e)
if virt_server:
group_id = sql.get_group_id_by_server_ip(master)
cred_id = sql.get_cred_id_by_server_ip(master)
hostname = sql.get_hostname_by_server_ip(master)
firewall = 1 if server_mod.is_service_active(master, 'firewalld') else 0
sql.add_server(
hostname + '-VIP', vrrp_ip, group_id, '1', '1', '0', cred_id, ssh_settings['port'], f'VRRP IP for {master}',
haproxy, nginx, '0', firewall
)
try:
os.remove(f'{full_path}/{script}')
except Exception:
pass
if not api:
return show_success_installation(service)
def keepalived_slave_install(master: str, slave: str, eth: str, eth_slave: str, vrrp_ip: str, syn_flood: int,
haproxy: int, nginx: int, router_id: int, api=0) -> None:
haproxy: int, nginx: int, router_id: int, api=0) -> str:
script = "install_keepalived.sh"
proxy = sql.get_setting('proxy')
keepalived_path_logs = sql.get_setting('keepalived_path_logs')
proxy_serv = ''
ssh_settings = return_ssh_keys_path(slave)
full_path = '/var/www/haproxy-wi/app'
service = 'slave Keepalived'
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
@ -371,43 +408,40 @@ def keepalived_slave_install(master: str, slave: str, eth: str, eth_slave: str,
raise Exception(f'error: {e}')
try:
show_installation_output(return_out['error'], return_out['output'], 'slave Keepalived', rc=return_out['rc'], api=api)
show_installation_output(return_out['error'], return_out['output'], service, rc=return_out['rc'])
except Exception as e:
raise Exception(f'{e}')
raise Exception(f'error: read output: {e}')
try:
sql.update_server_master(master, slave)
sql.update_keepalived(slave)
except Exception as e:
print(e)
raise Exception(f'{e}')
try:
os.remove(f'{full_path}/{script}')
except Exception:
pass
if not api:
return show_success_installation(service)
def keepalived_masteradd():
master = form.getvalue('masteradd')
eth = form.getvalue('interfaceadd')
slave_eth = form.getvalue('slave_interfaceadd')
vrrp_ip = form.getvalue('vrrpipadd')
router_id = form.getvalue('router_id')
kp = form.getvalue('kp')
return_to_master = form.getvalue('return_to_master')
def keepalived_masteradd(master, eth, slave_eth, vrrp_ip, router_id, return_to_master, kp):
script = "install_keepalived.sh"
proxy = sql.get_setting('proxy')
keepalived_path_logs = sql.get_setting('keepalived_path_logs')
proxy_serv = ''
ssh_settings = return_ssh_keys_path(master)
full_path = '/var/www/haproxy-wi/app'
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
os.system(f"cp scripts/{script} .")
os.system(f"cp {full_path}/scripts/{script} {full_path}/{script}")
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} ETH={eth} ETH_SLAVE={slave_eth} "
f"chmod +x {full_path}/{script} && {full_path}/{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} ETH={eth} ETH_SLAVE={slave_eth} "
f"keepalived_path_logs={keepalived_path_logs} RETURN_TO_MASTER={return_to_master} IP={vrrp_ip} MASTER=MASTER "
f"RESTART={kp} ADD_VRRP=1 HOST={master} router_id={router_id} USER={ssh_settings['user']} "
f"PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}"
@ -415,34 +449,42 @@ def keepalived_masteradd():
return_out = server_mod.subprocess_execute_with_rc(commands[0])
show_installation_output(return_out['error'], return_out['output'], 'master VRRP address', rc=return_out['rc'])
os.remove(script)
try:
show_installation_output(return_out['error'], return_out['output'], 'master VRRP address', rc=return_out['rc'])
except Exception as e:
raise Exception(e)
os.remove(f'{full_path}/{script}')
return show_success_installation('slave VRRP address')
def keepalived_slaveadd():
slave = form.getvalue('slaveadd')
eth = form.getvalue('interfaceadd')
slave_eth = form.getvalue('slave_interfaceadd')
vrrp_ip = form.getvalue('vrrpipadd')
router_id = form.getvalue('router_id')
kp = form.getvalue('kp')
def keepalived_slaveadd(slave, eth, slave_eth, vrrp_ip, router_id, kp):
script = "install_keepalived.sh"
proxy = sql.get_setting('proxy')
keepalived_path_logs = sql.get_setting('keepalived_path_logs')
proxy_serv = ''
ssh_settings = return_ssh_keys_path(slave)
full_path = '/var/www/haproxy-wi/app'
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
os.system(f"cp scripts/{script} .")
os.system(f"cp {full_path}/scripts/{script} {full_path}/{script}")
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} ETH={eth} ETH_SLAVE={slave_eth} "
f"chmod +x {full_path}/{script} && {full_path}/{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} ETH={eth} ETH_SLAVE={slave_eth} "
f"keepalived_path_logs={keepalived_path_logs} IP={vrrp_ip} MASTER=BACKUP RESTART={kp} ADD_VRRP=1 HOST={slave} "
f"router_id={router_id} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}"
]
return_out = server_mod.subprocess_execute_with_rc(commands[0])
show_installation_output(return_out['error'], return_out['output'], 'slave VRRP address', rc=return_out['rc'])
os.remove(script)
try:
show_installation_output(return_out['error'], return_out['output'], 'slave VRRP address', rc=return_out['rc'])
except Exception as e:
raise Exception(e)
os.remove(f'{full_path}/{script}')
return show_success_installation('slave VRRP address')

100
app/modules/alerting/alerting.py → app/modules/tools/alerting.py
View File

@ -3,7 +3,7 @@ import json
import http.cookies
import pika
from jinja2 import Environment, FileSystemLoader
from flask import render_template
import modules.db.sql as sql
import modules.common.common as common
@ -257,23 +257,25 @@ def pd_send_mess(mess, level, server_ip=None, service_id=None, alert_type=None,
raise Exception(f'error: {e}')
def check_rabbit_alert() -> None:
def check_rabbit_alert() -> str:
try:
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_group_id = cookie.get('group')
user_group_id1 = user_group_id.value
except Exception as e:
print(f'error: Cannot send a message {e}')
return
return f'error: Cannot send a message {e}'
try:
json_for_sending = {"user_group": user_group_id1, "message": 'info: Test message'}
send_message_to_rabbit(json.dumps(json_for_sending))
except Exception as e:
print(f'error: Cannot send a message {e}')
return f'error: Cannot send a message {e}'
else:
return 'ok'
def check_email_alert() -> None:
def check_email_alert() -> str:
subject = 'test message'
message = 'Test message from Roxy-WI'
@ -282,108 +284,104 @@ def check_email_alert() -> None:
user_uuid = cookie.get('uuid')
user_uuid_value = user_uuid.value
except Exception as e:
print(f'error: Cannot send a message {e}')
return
return f'error: Cannot send a message {e}'
try:
user_email = sql.select_user_email_by_uuid(user_uuid_value)
except Exception as e:
print(f'error: Cannot get a user email: {e}')
return
return f'error: Cannot get a user email: {e}'
try:
send_email(user_email, subject, message)
except Exception as e:
print(f'error: Cannot send a message {e}')
return
return f'error: Cannot send a message {e}'
return 'ok'
def add_telegram_channel(token: str, channel: str, group: str, page: str) -> None:
def add_telegram_channel(token: str, channel: str, group: str, page: str) -> str:
if token is None or channel is None or group is None:
print(error_mess)
return error_mess
else:
if sql.insert_new_telegram(token, channel, group):
lang = roxywi_common.get_user_lang()
lang = roxywi_common.get_user_lang_for_flask()
channels = sql.select_telegram(token=token)
groups = sql.select_groups()
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('ajax/new_receiver.html')
parsed_template = template.render(groups=groups, lang=lang, channels=channels, page=page, receiver='telegram')
print(parsed_template)
roxywi_common.logging('Roxy-WI server', f'A new Telegram channel {channel} has been created ', roxywi=1, login=1)
return render_template('ajax/new_receiver.html', groups=groups, lang=lang, channels=channels, page=page, receiver='telegram')
def add_slack_channel(token: str, channel: str, group: str, page: str) -> None:
def add_slack_channel(token: str, channel: str, group: str, page: str) -> str:
if token is None or channel is None or group is None:
print(error_mess)
return error_mess
else:
if sql.insert_new_slack(token, channel, group):
lang = roxywi_common.get_user_lang()
lang = roxywi_common.get_user_lang_for_flask()
channels = sql.select_slack(token=token)
groups = sql.select_groups()
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('ajax/new_receiver.html')
parsed_template = template.render(groups=groups, lang=lang, channels=channels, page=page, receiver='slack')
print(parsed_template)
roxywi_common.logging('Roxy-WI server', f'A new Slack channel {channel} has been created ', roxywi=1, login=1)
return render_template('ajax/new_receiver.html', groups=groups, lang=lang, channels=channels, page=page, receiver='slack')
def add_pd_channel(token: str, channel: str, group: str, page: str) -> None:
def add_pd_channel(token: str, channel: str, group: str, page: str) -> str:
if token is None or channel is None or group is None:
print(error_mess)
return error_mess
else:
if sql.insert_new_pd(token, channel, group):
lang = roxywi_common.get_user_lang()
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('ajax/new_receiver.html')
parsed_template = template.render(groups=sql.select_groups(), lang=lang, channels=sql.select_pd(token=token), page=page, receiver='pd')
print(parsed_template)
lang = roxywi_common.get_user_lang_for_flask()
channels = sql.select_slack(token=token)
groups = sql.select_groups()
roxywi_common.logging('Roxy-WI server', f'A new PagerDuty channel {channel} has been created ', roxywi=1, login=1)
return render_template('ajax/new_receiver.html', groups=groups, lang=lang, channels=channels, page=page, receiver='pd')
def delete_telegram_channel(channel_id) -> None:
def delete_telegram_channel(channel_id) -> str:
telegram = sql.select_telegram(id=channel_id)
channel_name = ''
for t in telegram:
channel_name = t.token
if sql.delete_telegram(channel_id):
print("Ok")
roxywi_common.logging('Roxy-WI server', f'The Telegram channel {channel_name} has been deleted ', roxywi=1, login=1)
return 'ok'
def delete_slack_channel(channel_id) -> None:
def delete_slack_channel(channel_id) -> str:
slack = sql.select_slack(id=channel_id)
channel_name = ''
for t in slack:
channel_name = t.chanel_name
if sql.delete_slack(channel_id):
print("Ok")
roxywi_common.logging('Roxy-WI server', f'The Slack channel {channel_name} has been deleted ', roxywi=1, login=1)
return 'ok'
def delete_pd_channel(channel_id) -> None:
def delete_pd_channel(channel_id) -> str:
pd = sql.select_pd(id=channel_id)
channel_name = ''
for t in pd:
channel_name = t.chanel_name
if sql.delete_pd(channel_id):
print("Ok")
roxywi_common.logging('Roxy-WI server', f'The PageDuty channel {channel_name} has been deleted ', roxywi=1, login=1)
return 'ok'
def update_telegram(token: str, channel: str, group: str, user_id: int) -> None:
def update_telegram(token: str, channel: str, group: str, user_id: int) -> str:
sql.update_telegram(token, channel, group, user_id)
roxywi_common.logging('group ' + group, f'The Telegram token has been updated for channel: {channel}', roxywi=1, login=1)
return 'ok'
def update_slack(token: str, channel: str, group: str, user_id: int) -> None:
def update_slack(token: str, channel: str, group: str, user_id: int) -> str:
sql.update_slack(token, channel, group, user_id)
roxywi_common.logging(f'group {group}', f'The Slack token has been updated for channel: {channel}', roxywi=1, login=1)
return 'ok'
def update_pd(token: str, channel: str, group: str, user_id: int) -> None:
def update_pd(token: str, channel: str, group: str, user_id: int) -> str:
sql.update_pd(token, channel, group, user_id)
roxywi_common.logging(f'group {group}', f'The PagerDuty token has been updated for channel: {channel}', roxywi=1, login=1)
return 'ok'
def delete_receiver_channel(channel_id: int, receiver_name: str) -> None:
@ -392,16 +390,20 @@ def delete_receiver_channel(channel_id: int, receiver_name: str) -> None:
"slack": delete_slack_channel,
"pd": delete_pd_channel,
}
delete_functions[receiver_name](channel_id)
return delete_functions[receiver_name](channel_id)
def add_receiver_channel(receiver_name: str, token: str, channel: str, group: id, page: str) -> None:
def add_receiver_channel(receiver_name: str, token: str, channel: str, group: id, page: str) -> str:
add_functions = {
"telegram": add_telegram_channel,
"slack": add_slack_channel,
"pd": add_pd_channel,
}
add_functions[receiver_name](token, channel, group, page)
try:
return add_functions[receiver_name](token, channel, group, page)
except Exception as e:
return f'error: Cannot add new receiver: {e}'
def update_receiver_channel(receiver_name: str, token: str, channel: str, group: id, user_id: int) -> None:
@ -410,10 +412,10 @@ def update_receiver_channel(receiver_name: str, token: str, channel: str, group:
"slack": update_slack,
"pd": update_pd,
}
update_functions[receiver_name](token, channel, group, user_id)
return update_functions[receiver_name](token, channel, group, user_id)
def check_receiver(channel_id: int, receiver_name: str) -> None:
def check_receiver(channel_id: int, receiver_name: str) -> str:
functions = {
"telegram": telegram_send_mess,
"slack": slack_send_mess,
@ -427,6 +429,6 @@ def check_receiver(channel_id: int, receiver_name: str) -> None:
level = 'info'
try:
functions[receiver_name](mess, level, channel_id=channel_id)
return functions[receiver_name](mess, level, channel_id=channel_id)
except Exception as e:
print(e)
return f'error: Cannot send message: {e}'

79
app/modules/tools/checker.py
View File

@ -1,4 +1,4 @@
from jinja2 import Environment, FileSystemLoader
from flask import render_template
import modules.db.sql as sql
import modules.common.common as common
@ -9,12 +9,9 @@ form = common.form
def load_checker() -> None:
page = form.getvalue('page')
groups = sql.select_groups()
services = roxywi_mod.get_services_status()
lang = roxywi_common.get_user_lang()
env = Environment(loader=FileSystemLoader('templates'), autoescape=True)
template = env.get_template('ajax/load_telegram.html')
keepalived_settings = ''
haproxy_settings = ''
apache_settings = ''
@ -33,47 +30,36 @@ def load_checker() -> None:
user_subscription = roxywi_common.return_unsubscribed_user_status()
roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
if user_subscription['user_status']:
haproxy_settings = sql.select_checker_settings(1)
nginx_settings = sql.select_checker_settings(2)
keepalived_settings = sql.select_checker_settings(3)
apache_settings = sql.select_checker_settings(4)
if page == 'servers.py':
user_group = roxywi_common.get_user_group(id=1)
telegrams = sql.get_user_telegram_by_group(user_group)
slacks = sql.get_user_slack_by_group(user_group)
pds = sql.get_user_pd_by_group(user_group)
haproxy_servers = roxywi_common.get_dick_permit(haproxy=1, only_group=1)
nginx_servers = roxywi_common.get_dick_permit(nginx=1, only_group=1)
apache_servers = roxywi_common.get_dick_permit(apache=1, only_group=1)
keepalived_servers = roxywi_common.get_dick_permit(keepalived=1, only_group=1)
else:
telegrams = sql.select_telegram()
slacks = sql.select_slack()
pds = sql.select_pd()
haproxy_servers = roxywi_common.get_dick_permit(haproxy=1)
nginx_servers = roxywi_common.get_dick_permit(nginx=1)
apache_servers = roxywi_common.get_dick_permit(apache=1)
keepalived_servers = roxywi_common.get_dick_permit(keepalived=1)
user_group = roxywi_common.get_user_group(id=1)
telegrams = sql.get_user_telegram_by_group(user_group)
slacks = sql.get_user_slack_by_group(user_group)
pds = sql.get_user_pd_by_group(user_group)
haproxy_servers = roxywi_common.get_dick_permit(haproxy=1, only_group=1)
nginx_servers = roxywi_common.get_dick_permit(nginx=1, only_group=1)
apache_servers = roxywi_common.get_dick_permit(apache=1, only_group=1)
keepalived_servers = roxywi_common.get_dick_permit(keepalived=1, only_group=1)
template = template.render(services=services, telegrams=telegrams, pds=pds, groups=groups, slacks=slacks,
user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'],
haproxy_servers=haproxy_servers, nginx_servers=nginx_servers, apache_servers=apache_servers,
keepalived_servers=keepalived_servers, haproxy_settings=haproxy_settings, nginx_settings=nginx_settings,
keepalived_settings=keepalived_settings, apache_settings=apache_settings, page=page, lang=lang)
print(template)
return render_template(
'ajax/load_telegram.html', services=services, telegrams=telegrams, pds=pds, groups=groups, slacks=slacks,
user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], haproxy_servers=haproxy_servers,
nginx_servers=nginx_servers, apache_servers=apache_servers, keepalived_servers=keepalived_servers, haproxy_settings=haproxy_settings,
nginx_settings=nginx_settings, keepalived_settings=keepalived_settings, apache_settings=apache_settings,
role=user_params['role'], lang=user_params['lang']
)
def update_haproxy_settings() -> None:
setting_id = int(form.getvalue('updateHaproxyCheckerSettings'))
email = int(form.getvalue('email'))
service_alert = int(form.getvalue('server'))
backend_alert = int(form.getvalue('backend'))
maxconn_alert = int(form.getvalue('maxconn'))
telegram_id = int(form.getvalue('telegram_id'))
slack_id = int(form.getvalue('slack_id'))
pd_id = int(form.getvalue('pd_id'))
def update_haproxy_settings(setting_id, email, service_alert, backend_alert, maxconn_alert, telegram_id, slack_id, pd_id) -> None:
if sql.update_haproxy_checker_settings(email, telegram_id, slack_id, pd_id, service_alert, backend_alert,
maxconn_alert, setting_id):
print('ok')
@ -81,15 +67,7 @@ def update_haproxy_settings() -> None:
print('error: Cannot update Checker settings')
def update_keepalived_settings() -> None:
setting_id = int(form.getvalue('updateKeepalivedCheckerSettings'))
email = int(form.getvalue('email'))
service_alert = int(form.getvalue('server'))
backend_alert = int(form.getvalue('backend'))
telegram_id = int(form.getvalue('telegram_id'))
slack_id = int(form.getvalue('slack_id'))
pd_id = int(form.getvalue('pd_id'))
def update_keepalived_settings(setting_id, email, service_alert, backend_alert, telegram_id, slack_id, pd_id) -> None:
if sql.update_keepalived_checker_settings(email, telegram_id, slack_id, pd_id, service_alert, backend_alert,
setting_id):
print('ok')
@ -97,14 +75,7 @@ def update_keepalived_settings() -> None:
print('error: Cannot update Checker settings')
def update_service_settings() -> None:
setting_id = int(form.getvalue('updateServiceCheckerSettings'))
email = int(form.getvalue('email'))
service_alert = int(form.getvalue('server'))
telegram_id = int(form.getvalue('telegram_id'))
slack_id = int(form.getvalue('slack_id'))
pd_id = int(form.getvalue('pd_id'))
def update_service_settings(setting_id, email, service_alert, telegram_id, slack_id, pd_id) -> None:
if sql.update_service_checker_settings(email, telegram_id, slack_id, pd_id, service_alert, setting_id):
print('ok')
else:

121
app/modules/tools/smon.py
View File

@ -1,31 +1,24 @@
import json
from jinja2 import Environment, FileSystemLoader
from flask import render_template
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.common as roxywi_common
form = common.form
import modules.server.server as server_mod
def create_smon(name: str, hostname: str, port: int, enable: int, url: str, body: str, group: int, desc: str, telegram: int,
slack: int, pd: int, packet_size: int, check_type: int, resolver: str, record_type: str, user_group: int,
http_method: str, show_new=1) -> None:
http_method: str, show_new=1) -> bool:
if check_type == 'tcp':
try:
port = int(port)
except Exception:
print('SMON error: port must be a number')
return None
raise Exception('SMON error: port must be a number')
if port > 65535 or port < 0:
print('SMON error: port must be 0-65535')
return None
raise Exception('SMON error: port must be 0-65535')
if check_type == 'ping':
if int(packet_size) < 16:
print('SMON error: a packet size cannot be less than 16')
return None
raise Exception('SMON error: a packet size cannot be less than 16')
last_id = sql.insert_smon(name, enable, group, desc, telegram, slack, pd, user_group, check_type)
@ -38,59 +31,31 @@ def create_smon(name: str, hostname: str, port: int, enable: int, url: str, body
elif check_type == 'dns':
sql.insert_smon_dns(last_id, hostname, port, resolver, record_type)
if last_id and show_new:
lang = roxywi_common.get_user_lang()
smon = sql.select_smon_by_id(last_id)
pds = sql.get_user_pd_by_group(user_group)
slacks = sql.get_user_slack_by_group(user_group)
telegrams = sql.get_user_telegram_by_group(user_group)
smon_service = sql.select_smon_check_by_id(last_id, check_type)
env = Environment(loader=FileSystemLoader('templates'), autoescape=True)
template = env.get_template('ajax/smon/show_new_smon.html')
template = template.render(smon=smon, telegrams=telegrams, slacks=slacks, pds=pds, lang=lang, check_type=check_type,
smon_service=smon_service)
print(template)
if last_id:
roxywi_common.logging('SMON', f' A new server {name} to SMON has been add ', roxywi=1, login=1)
if last_id and show_new:
return last_id
else:
return False
def update_smon() -> None:
smon_id = common.checkAjaxInput(form.getvalue('id'))
name = common.checkAjaxInput(form.getvalue('updateSmonName'))
ip = common.checkAjaxInput(form.getvalue('updateSmonIp'))
port = common.checkAjaxInput(form.getvalue('updateSmonPort'))
en = common.checkAjaxInput(form.getvalue('updateSmonEn'))
url = common.checkAjaxInput(form.getvalue('updateSmonUrl'))
body = common.checkAjaxInput(form.getvalue('updateSmonBody'))
telegram = common.checkAjaxInput(form.getvalue('updateSmonTelegram'))
slack = common.checkAjaxInput(form.getvalue('updateSmonSlack'))
pd = common.checkAjaxInput(form.getvalue('updateSmonPD'))
group = common.checkAjaxInput(form.getvalue('updateSmonGroup'))
desc = common.checkAjaxInput(form.getvalue('updateSmonDesc'))
check_type = common.checkAjaxInput(form.getvalue('check_type'))
resolver = common.checkAjaxInput(form.getvalue('updateSmonResServer'))
record_type = common.checkAjaxInput(form.getvalue('updateSmonRecordType'))
packet_size = common.checkAjaxInput(form.getvalue('updateSmonPacket_size'))
http_method = common.checkAjaxInput(form.getvalue('updateSmon_http_method'))
def update_smon(smon_id, name, ip, port, en, url, body, telegram, slack, pd, group, desc, check_type,
resolver, record_type, packet_size, http_method) -> str:
is_edited = False
if check_type == 'tcp':
try:
port = int(port)
except Exception:
print('SMON error: port must number')
return None
raise Exception('SMON error: port must number')
if port > 65535 or port < 0:
print('SMON error: port must be 0-65535')
return None
raise Exception('SMON error: port must be 0-65535')
if check_type == 'ping':
if int(packet_size) < 16:
print('SMON error: a packet size cannot be less than 16')
return None
raise Exception('SMON error: a packet size cannot be less than 16')
roxywi_common.check_user_group()
try:
if sql.update_smon(smon_id, name, telegram, slack, pd, group, desc, en):
if check_type == 'http':
@ -103,36 +68,29 @@ def update_smon() -> None:
is_edited = sql.update_smonDns(smon_id, ip, port, resolver, record_type)
if is_edited:
print("Ok")
roxywi_common.logging('SMON', f' The SMON server {name} has been update ', roxywi=1, login=1)
return "Ok"
except Exception as e:
print(e)
raise Exception(f'error: Cannot update the server: {e}')
def show_smon() -> None:
def show_smon(sort: str) -> str:
user_group = roxywi_common.get_user_group(id=1)
lang = roxywi_common.get_user_lang()
sort = common.checkAjaxInput(form.getvalue('sort'))
env = Environment(loader=FileSystemLoader('templates'), autoescape=True)
template = env.get_template('ajax/smon/smon_dashboard.html')
template = template.render(smon=sql.smon_list(user_group), sort=sort, lang=lang, update=1)
print(template)
lang = roxywi_common.get_user_lang_for_flask()
return render_template('ajax/smon/smon_dashboard.html', smon=sql.smon_list(user_group), sort=sort, lang=lang, update=1)
def delete_smon() -> None:
user_group = roxywi_common.get_user_group(id=1)
smon_id = common.checkAjaxInput(form.getvalue('smondel'))
if roxywi_common.check_user_group():
try:
if sql.delete_smon(smon_id, user_group):
print('Ok')
roxywi_common.logging('SMON', ' The server from SMON has been delete ', roxywi=1, login=1)
except Exception as e:
print(e)
def delete_smon(smon_id, user_group) -> str:
try:
if sql.delete_smon(smon_id, user_group):
roxywi_common.logging('SMON', ' The server from SMON has been delete ', roxywi=1, login=1)
return 'Ok'
except Exception as e:
raise Exception(f'error: Cannot delete the server {e}')
def history_metrics(server_id: int, check_id: int) -> None:
def history_metrics(server_id: int, check_id: int) -> dict:
metric = sql.select_smon_history(server_id, check_id)
metrics = {'chartData': {}}
@ -147,23 +105,24 @@ def history_metrics(server_id: int, check_id: int) -> None:
metrics['chartData']['labels'] = labels
metrics['chartData']['curr_con'] = curr_con
print(json.dumps(metrics))
return metrics
def history_statuses(dashboard_id: int, check_id: int) -> None:
env = Environment(loader=FileSystemLoader('templates'), autoescape=True)
template = env.get_template('ajax/smon/history_status.html')
smon_statuses = sql.select_smon_history(dashboard_id, check_id)
rendered_template = template.render(smon_statuses=smon_statuses)
print(rendered_template)
return render_template('ajax/smon/history_status.html', smon_statuses=smon_statuses)
def history_cur_status(dashboard_id: int, check_id: int) -> None:
env = Environment(loader=FileSystemLoader('templates'), autoescape=True)
template = env.get_template('ajax/smon/cur_status.html')
cur_status = sql.get_last_smon_status_by_check(dashboard_id, check_id)
smon = sql.select_one_smon(dashboard_id, check_id)
rendered_template = template.render(cur_status=cur_status, smon=smon)
print(rendered_template)
return render_template('ajax/smon/cur_status.html', cur_status=cur_status, smon=smon)
def return_smon_status():
cmd = "systemctl is-active roxy-wi-smon"
smon_status, stderr = server_mod.subprocess_execute(cmd)
return smon_status, stderr

32
app/nettools.py
View File

@ -1,32 +0,0 @@
#!/usr/bin/env python3
import sys
import modules.common.common as common
import modules.roxywi.roxy as roxywi_mod
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('nettools.html')
form = common.form
print('Content-type: text/html\n')
user_params = roxywi_common.get_users_params(virt=1)
try:
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'])
except Exception as e:
print(f'error {e}')
sys.exit()
output_from_parsed_template = template.render(h2=1, autorefresh=0,
role=user_params['role'],
user=user_params['user'],
servers=user_params['servers'],
versions=roxywi_mod.versions(),
user_services=user_params['user_services'],
token=user_params['token'],
lang=user_params['lang'])
print(output_from_parsed_template)

1567
app/options.py
View File

File diff suppressed because it is too large Load Diff

36
app/overview.py
View File

@ -1,36 +0,0 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import sys
from jinja2 import Environment, FileSystemLoader
import modules.db.sql as sql
import modules.roxywi.logs as roxy_logs
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
env = Environment(extensions=["jinja2.ext.do"], loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('ovw.html')
print('Content-type: text/html\n')
user_params = roxywi_common.get_users_params()
try:
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'])
except Exception:
print('error: your session is expired')
sys.exit()
try:
groups = sql.select_groups()
except Exception as e:
groups = ''
print(e)
rendered_template = template.render(
h2=1, autorefresh=1, role=user_params['role'], user=user_params['user'], groups=groups,
roles=sql.select_roles(), servers=user_params['servers'], user_services=user_params['user_services'],
roxy_wi_log=roxy_logs.roxy_wi_log(), token=user_params['token'], guide_me=1, lang=user_params['lang']
)
print(rendered_template)

75
app/portscanner.py
View File

@ -1,75 +0,0 @@
#!/usr/bin/env python3
import sys
from jinja2 import Environment, FileSystemLoader
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.server.server as server_mod
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('portscanner.html')
form = common.form
serv = form.getvalue('history')
print('Content-type: text/html\n')
user_params = roxywi_common.get_users_params(virt=1)
lang = user_params['lang']
try:
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'])
except Exception as e:
print(f'error {e}')
sys.exit()
if serv:
if lang == 'ru':
title = f'История Port scanner для {serv}'
elif lang == 'fr':
title = f'Historique du scanner de ports pour {serv}'
else:
title = f'Port scanner history for {serv}'
port_scanner_settings = sql.select_port_scanner_history(serv)
history = '1'
port_scanner = ''
port_scanner_stderr = ''
count_ports = ''
else:
history = ''
if lang == 'ru':
title = 'Дашборд Port scanner'
elif lang == 'fr':
title = 'Tableau de bord du scanner de ports'
else:
title = 'Port scanner dashboard'
user_group = roxywi_common.get_user_group(id=1)
port_scanner_settings = sql.select_port_scanner_settings(user_group)
if not port_scanner_settings:
port_scanner_settings = ''
count_ports = ''
else:
count_ports = list()
for s in user_params['servers']:
count_ports_from_sql = sql.select_count_opened_ports(s[2])
i = (s[2], count_ports_from_sql)
count_ports.append(i)
cmd = "systemctl is-active roxy-wi-portscanner"
port_scanner, port_scanner_stderr = server_mod.subprocess_execute(cmd)
try:
user_subscription = roxywi_common.return_user_status()
except Exception as e:
user_subscription = roxywi_common.return_unsubscribed_user_status()
roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
rendered_template = template.render(
h2=1, autorefresh=0, title=title, role=user_params['role'], user=user_params['user'], servers=user_params['servers'],
port_scanner_settings=port_scanner_settings, count_ports=count_ports, history=history, port_scanner=''.join(port_scanner),
port_scanner_stderr=port_scanner_stderr, user_services=user_params['user_services'], user_status=user_subscription['user_status'],
user_plan=user_subscription['user_plan'], token=user_params['token'], lang=lang
)
print(rendered_template)

49
app/provisioning.py
View File

@ -1,49 +0,0 @@
#!/usr/bin/env python3
import sys
from jinja2 import Environment, FileSystemLoader
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
env = Environment(extensions=["jinja2.ext.do"], loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('provisioning.html')
form = common.form
print('Content-type: text/html\n')
user_params = roxywi_common.get_users_params()
try:
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'])
except Exception as e:
print(f'error {e}')
sys.exit()
roxywi_auth.page_for_admin(level=2)
try:
if user_params['role'] == 1:
groups = sql.select_groups()
else:
groups = roxywi_common.get_user_group(id=1)
user_group = roxywi_common.get_user_group(id=1)
is_needed_tool = common.is_tool('terraform')
params = sql.select_provisioning_params()
except Exception as e:
print(str(e))
if user_params['lang'] == 'ru':
title = 'Предоставление серверов'
else:
title = 'Servers provisioning'
rendered_template = template.render(
title=title, role=user_params['role'], user=user_params['user'], groups=groups, lang=user_params['lang'],
user_group=user_group, servers=sql.select_provisioned_servers(), providers=sql.select_providers(user_group),
is_needed_tool=is_needed_tool, user_services=user_params['user_services'], token=user_params['token'], params=params
)
print(rendered_template)

5
app/routes/add/__init__.py Normal file
View File

@ -0,0 +1,5 @@
from flask import Blueprint
bp = Blueprint('add', __name__)
from app.routes.add import routes

689
app/routes/add/routes.py Normal file
View File

@ -0,0 +1,689 @@
import os
import sys
from functools import wraps
from flask import render_template, request, jsonify, redirect, url_for
from flask_login import login_required
from app import app, login_manager
from app.routes.add import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.config.add as add_mod
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.roxy_wi_tools as roxy_wi_tools
import app.modules.server.server as server_mod
get_config = roxy_wi_tools.GetConfigVar()
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
@bp.before_request
@login_required
def before_request():
""" Protect all of the admin endpoints. """
pass
@bp.route('/<service>')
def add(service):
roxywi_auth.page_for_admin(level=3)
if service not in ('haproxy', 'nginx'):
raise Exception('error: wrong service')
try:
user_params = roxywi_common.get_users_params(service=service)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
add = request.form.get('add')
conf_add = request.form.get('conf')
if service == 'haproxy':
user_group = request.cookies.get('group')
lib_path = get_config.get_config_var('main', 'lib_path')
list_dir = lib_path + "/lists"
white_dir = lib_path + "/lists/" + user_group + "/white"
black_dir = lib_path + "/lists/" + user_group + "/black"
if not os.path.exists(list_dir):
os.makedirs(list_dir)
if not os.path.exists(list_dir + "/" + user_group):
os.makedirs(list_dir + "/" + user_group)
if not os.path.exists(white_dir):
os.makedirs(white_dir)
if not os.path.exists(black_dir):
os.makedirs(black_dir)
white_lists = roxywi_common.get_files(folder=white_dir, file_format="lst")
black_lists = roxywi_common.get_files(folder=black_dir, file_format="lst")
maps = roxywi_common.get_files(folder=f'{lib_path}/maps/{user_group}', file_format="map")
return render_template(
'add.html', h2=1, role=user_params['role'], user=user, selects=user_params['servers'], add=add,
conf_add=conf_add, group=user_group, options=sql.select_options(), saved_servers=sql.select_saved_servers(),
white_lists=white_lists, black_lists=black_lists, user_services=user_params['user_services'],
token=user_params['token'], lang=user_params['lang'], maps=maps
)
elif service == 'nginx':
return render_template(
'add_nginx.html', h2=1, role=user_params['role'], user=user, selects=user_params['servers'], add=add,
conf_add=conf_add, user_services=user_params['user_services'], token=user_params['token'], lang=user_params['lang']
)
else:
return redirect(url_for('index'))
@bp.route('/haproxy/add', methods=['POST'])
def add_haproxy():
roxywi_auth.page_for_admin(level=3)
haproxy_dir = sql.get_setting('haproxy_dir')
generate = request.form.get('generateconfig')
server_ip = request.form.get('serv')
port = request.form.getlist('port')
bind = ""
ip = ""
force_close = request.form.get('force_close')
balance = ""
mode = f" mode {request.form.get('mode')}\n"
maxconn = ""
options_split = ""
ssl = ""
ssl_check = ""
backend = ""
headers = ''
acl = ""
servers_split = ""
new_listener = request.form.get('listener')
new_frontend = request.form.get('frontend')
new_backend = request.form.get('new_backend')
if request.form.get('balance') is not None:
balance = " balance " + request.form.get('balance') + "\n"
if request.form.get('health_check') is not None:
health_check = request.form.get('health_check')
if health_check == 'option httpchk' and request.form.get('checks_http_domain') is not None:
health_check = health_check + ' GET ' + request.form.get(
'checks_http_path') + ' "HTTP/1.0\\r\\nHost: ' + request.form.get('checks_http_domain') + '"'
balance += f" {health_check}\n"
if request.form.get('ip') is not None:
ip = request.form.getlist('ip')
if new_listener is not None:
name = f"listen {new_listener}"
end_name = new_listener
elif new_frontend is not None:
name = f"frontend {new_frontend}"
end_name = new_frontend
elif new_backend is not None:
name = f"backend {new_backend}"
end_name = new_backend
else:
return 'error: The name cannot be empty'
if request.form.get('backends') is not None:
backend = f" default_backend {request.form.get('backends')}\n"
if request.form.get('maxconn'):
maxconn = f" maxconn {request.form.get('maxconn')}\n"
if request.form.get('ssl') == "https" and request.form.get('mode') != "tcp":
cert_path = sql.get_setting('cert_path')
if request.form.get('cert') is not None:
ssl = f"ssl crt {cert_path}{request.form.get('cert')}"
if request.form.get('ssl-dis-check') is None:
if request.form.get('ssl-check') == "ssl-check":
ssl_check = " ssl verify none"
else:
ssl_check = " ssl verify"
if ip or port:
if type(port) is list:
i = 0
for _p in port:
if ip[i] == 'IsEmptY':
if ip[i] == 'IsEmptY' and port[i] == 'IsEmptY':
i += 1
continue
else:
port_value = port[i]
bind += f" bind *:{port_value} {ssl}\n"
else:
if port[i] == 'IsEmptY':
return 'error: IP cannot be bind without a port'
else:
port_value = port[i]
bind += f" bind {ip[i]}:{port_value} {ssl}\n"
i += 1
if request.form.get('default-check') == "1":
if request.form.get('check-servers') == "1":
check = f" check inter {request.form.get('inter')} rise {request.form.get('rise')} fall {request.form.get('fall')}{ssl_check}"
else:
check = ""
else:
if request.form.get('check-servers') != "1":
check = ""
else:
check = f" check{ssl_check}"
if request.form.get('option') is not None:
options = request.form.get('option')
i = options.split("\n")
for j in i:
options_split += f" {j}\n"
if force_close == "1":
options_split += " option http-server-close\n"
elif force_close == "2":
options_split += " option forceclose\n"
elif force_close == "3":
options_split += " option http-pretend-keepalive\n"
if request.form.get('whitelist'):
options_split += " tcp-request connection accept if { src -f " + haproxy_dir + "/white/" + request.form.get(
'whitelist') + " }\n"
if request.form.get('blacklist'):
options_split += " tcp-request connection reject if { src -f " + haproxy_dir + "/black/" + request.form.get(
'blacklist') + " }\n"
if request.form.get('cookie'):
cookie = f" cookie {request.form.get('cookie_name')}"
if request.form.get('cookie_domain'):
cookie += f" domain {request.form.get('cookie_domain')}"
if request.form.get('rewrite'):
rewrite = request.form.get('rewrite')
else:
rewrite = ""
if request.form.get('prefix'):
prefix = request.form.get('prefix')
else:
prefix = ""
if request.form.get('nocache'):
nocache = request.form.get('nocache')
else:
nocache = ""
if request.form.get('postonly'):
postonly = request.form.get('postonly')
else:
postonly = ""
if request.form.get('dynamic'):
dynamic = request.form.get('dynamic')
else:
dynamic = ""
cookie += f" {rewrite} {prefix} {nocache} {postonly} {dynamic}\n"
options_split += cookie
if request.form.get('dynamic'):
options_split += f" dynamic-cookie-key {request.form.get('dynamic-cookie-key')}\n"
if request.form.get('headers_res'):
headers_res = request.form.getlist('headers_res')
headers_method = request.form.getlist('headers_method')
header_name = request.form.getlist('header_name')
header_value = request.form.getlist('header_value')
i = 0
for _h in headers_method:
if headers_method[i] != 'del-header':
headers += f' {headers_res[i]} {headers_method[i]} {header_name[i]} {header_value[i]}\n'
else:
headers += f' {headers_res[i]} {headers_method[i]} {header_name[i]}\n'
i += 1
if request.form.get('acl_if'):
acl_if = request.form.getlist('acl_if')
acl_value = request.form.getlist('acl_value')
acl_then = request.form.getlist('acl_then')
acl_then_values = request.form.getlist('acl_then_value')
i = 0
for a in acl_if:
acl_then_value = '' if acl_then_values[i] == 'IsEmptY' else acl_then_values[i]
try:
if a == '1':
acl_if_word = 'hdr_beg(host) -i '
if request.form.get('ssl') == "https" and request.form.get('mode') != "tcp":
acl_if_word = 'ssl_fc_sni -i '
if request.form.get('mode') == "tcp":
acl_if_word = 'req.ssl_sni -i '
elif a == '2':
acl_if_word = 'hdr_end(host) -i '
if request.form.get('ssl') == "https" and request.form.get('mode') != "tcp":
acl_if_word = 'ssl_fc_sni -i '
if request.form.get('mode') == "tcp":
acl_if_word = 'req.ssl_sni -i '
elif a == '3':
acl_if_word = 'path_beg -i '
elif a == '4':
acl_if_word = 'path_end -i '
elif a == '6':
acl_if_word = 'src ip '
else:
acl_if_word = ''
if acl_then[i] == '5':
acl += ' use_backend '
elif acl_then[i] == '2':
acl += ' http-request redirect location '
elif acl_then[i] == '3':
acl += ' http-request allow'
acl_then_value = ''
elif acl_then[i] == '4':
acl += ' http-request deny'
acl_then_value = ''
elif acl_then[i] == '6':
acl += f' acl return_{acl_value[i]} {acl_if_word} {acl_value[i]}\n'
acl += f' http-request return if return_{acl_value[i]}\n'
elif acl_then[i] == '7':
acl += f' acl set_header_{acl_value[i]} {acl_if_word} {acl_value[i]}\n'
acl += f' http-request set-header if set_header_{acl_value[i]}\n'
if acl_then[i] in ('2', '3', '4', '5'):
acl += acl_then_value + ' if { ' + acl_if_word + acl_value[i] + ' } \n'
except Exception:
acl = ''
i += 1
if request.form.get('circuit_breaking') == "1":
observe = 'observe ' + request.form.get('circuit_breaking_observe')
error_limit = ' error-limit ' + request.form.get('circuit_breaking_error_limit')
circuit_breaking_on_error = ' on-error ' + request.form.get('circuit_breaking_on_error')
default_server = ' default-server ' + observe + error_limit + circuit_breaking_on_error + '\n'
servers_split += default_server
if request.form.get('servers'):
servers = request.form.getlist('servers')
server_port = request.form.getlist('server_port')
send_proxy = request.form.getlist('send_proxy')
backup = request.form.getlist('backup')
server_maxconn = request.form.getlist('server_maxconn')
port_check = request.form.getlist('port_check')
i = 0
for server in servers:
if server == '':
continue
if request.form.get('template') is None:
try:
if send_proxy[i] == '1':
send_proxy_param = 'send-proxy'
else:
send_proxy_param = ''
except Exception:
send_proxy_param = ''
try:
if backup[i] == '1':
backup_param = 'backup'
else:
backup_param = ''
except Exception:
backup_param = ''
try:
maxconn_val = server_maxconn[i]
except Exception:
maxconn_val = '200'
try:
port_check_val = port_check[i]
except Exception:
port_check_val = server_port[i]
servers_split += " server {0} {0}:{1}{2} port {6} maxconn {5} {3} {4} \n".format(
server, server_port[i], check, send_proxy_param, backup_param, maxconn_val, port_check_val
)
else:
servers_split += " server-template {0} {1} {2}:{3} {4} \n".format(
request.form.get('prefix'), request.form.get('template-number'), server, server_port[i], check
)
i += 1
compression = request.form.get("compression")
cache = request.form.get("cache")
compression_s = ""
cache_s = ""
cache_set = ""
filter_com = ""
if compression == "1" or cache == "2":
filter_com = " filter compression\n"
if cache == "2":
cache_s = f" http-request cache-use {end_name}\n http-response cache-store {end_name}\n"
cache_set = f"cache {end_name}\n total-max-size 4\n max-age 240\n"
if compression == "1":
compression_s = " compression algo gzip\n compression type text/html text/plain text/css\n"
waf = ""
if request.form.get('waf'):
waf = f" filter spoe engine modsecurity config {haproxy_dir}/waf.conf\n"
waf += " http-request deny if { var(txn.modsec.code) -m int gt 0 }\n"
config_add = f"\n{name}\n{bind}{mode}{maxconn}{balance}{options_split}{cache_s}{filter_com}{compression_s}" \
f"{waf}{headers}{acl}{backend}{servers_split}\n{cache_set}\n"
if generate:
return config_add
else:
try:
return add_mod.save_to_haproxy_config(config_add, server_ip)
except Exception as e:
return str(e)
@bp.post('/haproxy/userlist')
def add_userlist():
roxywi_auth.page_for_admin(level=3)
return add_mod.add_userlist()
@bp.post('/haproxy/bwlist/create')
def create_bwlist():
server_ip = common.is_ip_or_dns(request.form.get('serv'))
color = common.checkAjaxInput(request.form.get('color'))
group = common.checkAjaxInput(request.form.get('group'))
list_name = common.checkAjaxInput(request.form.get('bwlists_create'))
return add_mod.create_bwlist(server_ip, list_name, color, group)
@bp.post('/haproxy/bwlist/save')
@login_required
def save_bwlist():
server_ip = common.is_ip_or_dns(request.form.get('serv'))
color = common.checkAjaxInput(request.form.get('color'))
group = common.checkAjaxInput(request.form.get('group'))
bwlists_save = common.checkAjaxInput(request.form.get('bwlists_save'))
list_con = request.form.get('bwlists_content')
action = common.checkAjaxInput(request.form.get('bwlists_restart'))
return add_mod.save_bwlist(bwlists_save, list_con, color, group, server_ip, action)
@bp.route('/haproxy/bwlist/delete/<server_ip>/<color>/<name>/<int:group>')
def delete_bwlist(server_ip, color, name, group):
server_ip = common.is_ip_or_dns(server_ip)
color = common.checkAjaxInput(color)
list_name = common.checkAjaxInput(name)
return add_mod.delete_bwlist(list_name, color, group, server_ip)
@bp.route('/haproxy/bwlist/<bwlists>/<color>/<int:group>')
def get_bwlist(bwlists, color, group):
color = common.checkAjaxInput(color)
bwlists = common.checkAjaxInput(bwlists)
return add_mod.get_bwlist(color, group, bwlists)
@bp.route('/haproxy/bwlists/<color>/<int:group>')
def get_bwlists(color, group):
color = common.checkAjaxInput(color)
return add_mod.get_bwlists_for_autocomplete(color, group)
@bp.route('/haproxy/userlist/<server_ip>')
def show_userlist(server_ip):
server_ip = common.is_ip_or_dns(server_ip)
return add_mod.show_userlist(server_ip)
@bp.post('/haproxy/peers')
def add_peers():
roxywi_auth.page_for_admin(level=3)
generate = request.form.get('generateconfig')
server_ip = request.form.get('serv')
servers_split = ''
name = "peers " + request.form.get('peers-name') + "\n"
servers = request.form.getlist('servers')
server_port = request.form.getlist('server_port')
servers_name = request.form.getlist('servers_name')
i = 0
for server in servers:
if server == '':
continue
servers_split += " peer {0} {1}:{2} \n".format(servers_name[i], server, server_port[i])
i += 1
config_add = "\n" + name + servers_split
if generate:
return config_add, 200
else:
try:
return add_mod.save_to_haproxy_config(config_add, server_ip)
except Exception as e:
return (str(e)), 200
@bp.route('/option/get/<group>')
def get_option(group):
term = request.args.get('term')
return jsonify(add_mod.get_saved_option(group, term))
@bp.post('/option/save')
def save_option():
option = common.checkAjaxInput(request.form.get('option'))
group = int(request.form.get('option_group'))
return add_mod.create_saved_option(option, group)
@bp.post('/option/update')
def update_option():
option = common.checkAjaxInput(request.form.get('option'))
option_id = int(request.form.get('id'))
try:
sql.update_options(option, option_id)
except Exception as e:
return str(e)
else:
return 'ok'
@bp.route('/option/delete/<int:option_id>')
def delete_option(option_id):
try:
sql.delete_option(option_id)
except Exception as e:
return str(e)
else:
return 'ok'
@bp.route('/server/get/<group>')
def get_saved_server(group):
term = request.args.get('term')
return jsonify(add_mod.get_saved_servers(group, term))
@bp.post('/server/save')
def save_saved_server():
server = common.checkAjaxInput(request.form.get('server'))
group = int(request.form.get('group'))
desc = common.checkAjaxInput(request.form.get('desc'))
return add_mod.create_saved_server(server, group, desc)
@bp.post('/server/update')
def update_saved_server():
server = common.checkAjaxInput(request.form.get('server'))
server_id = int(request.form.get('id'))
desc = common.checkAjaxInput(request.form.get('desc'))
try:
sql.update_savedserver(server, desc, server_id)
except Exception as e:
return str(e)
else:
return 'ok'
@bp.route('/server/delete/<int:server_id>')
def delete_saved_server(server_id):
try:
sql.delete_savedserver(server_id)
except Exception as e:
return str(e)
else:
return 'ok'
@bp.route('/certs/<server_ip>')
def get_certs(server_ip):
return add_mod.get_ssl_certs(server_ip)
@bp.route('/cert/<server_ip>/<cert_id>', methods=['DELETE', 'GET'])
def get_cert(server_ip, cert_id):
if request.method == 'DELETE':
return add_mod.del_ssl_cert(server_ip, cert_id)
elif request.method == 'GET':
return add_mod.get_ssl_cert(server_ip, cert_id)
@bp.post('/cert/add')
def upload_cert():
server_ip = common.is_ip_or_dns(request.form.get('serv'))
ssl_name = request.form.get('ssl_name')
ssl_cont = request.form.get('ssl_cert')
return add_mod.upload_ssl_cert(server_ip, ssl_name, ssl_cont)
@bp.route('/cert/get/raw/<server_ip>/<cert_id>')
def get_cert_raw(server_ip, cert_id):
return add_mod.get_ssl_raw_cert(server_ip, cert_id)
@bp.post('/map/create')
def create_map():
server_ip = common.checkAjaxInput(request.form.get('serv'))
map_name = common.checkAjaxInput(request.form.get('map_create'))
group = common.checkAjaxInput(request.form.get('group'))
try:
return add_mod.create_map(server_ip, map_name, group)
except Exception as e:
return str(e)
@bp.post('/map/save')
def save_map():
server_ip = common.checkAjaxInput(request.form.get('serv'))
group = common.checkAjaxInput(request.form.get('group'))
map_save = common.checkAjaxInput(request.form.get('map_save'))
content = request.form.get('content')
action = common.checkAjaxInput(request.form.get('map_restart'))
return add_mod.save_map(map_save, content, group, server_ip, action)
@bp.post('/map/edit')
def edit_map():
group = common.checkAjaxInput(request.form.get('group'))
map_name = common.checkAjaxInput(request.form.get('edit_map'))
return add_mod.edit_map(map_name, group)
@bp.post('/map/delete')
def delete_map():
map_name = common.checkAjaxInput(request.form.get('map_delete'))
group = common.checkAjaxInput(request.form.get('group'))
server_id = common.checkAjaxInput(request.form.get('serv'))
return add_mod.delete_map(map_name, group, server_id)
@bp.post('lets')
def lets():
server_ip = common.checkAjaxInput(request.form.get('serv'))
lets_domain = common.checkAjaxInput(request.form.get('lets_domain'))
lets_email = common.checkAjaxInput(request.form.get('lets_email'))
return add_mod.get_le_cert(server_ip, lets_domain, lets_email)
@bp.post('/nginx/upstream')
def add_nginx_upstream():
roxywi_auth.page_for_admin(level=3)
server_ip = common.is_ip_or_dns(request.form.get('serv'))
new_upstream = request.form.get('upstream')
balance = request.form.get("balance")
config_add = ''
servers_split = ''
generate = request.form.get('generateconfig')
if balance == 'round_robin':
balance = ''
else:
balance = f' {balance};\n'
if new_upstream != '':
config_add = f'upstream {new_upstream} {{\n'
config_add += balance
config_name = f'upstream_{new_upstream}'
if request.form.get('keepalive') != '':
config_add += f' keepalive {request.form.get("keepalive")};\n'
if request.form.get('servers') is not None:
servers = request.form.getlist('servers')
server_port = request.form.getlist('server_port')
max_fails = request.form.getlist('max_fails')
fail_timeout = request.form.getlist('fail_timeout')
i = 0
for server in servers:
if server == '':
continue
try:
max_fails_val = f'max_fails={max_fails[i]}'
except Exception:
max_fails_val = 'max_fails=1'
try:
fail_timeout_val = f'fail_timeout={fail_timeout[i]}'
except Exception:
fail_timeout_val = 'fail_timeout=1'
servers_split += f" server {server}:{server_port[i]} {max_fails_val} {fail_timeout_val}s; \n"
i += 1
config_add += f'{servers_split} }}\n'
if generate:
return config_add
else:
try:
return add_mod.save_nginx_config(config_add, server_ip, config_name)
except Exception as e:
return str(e)
@bp.route('/show/ip/<server_ip>')
def show_ip(server_ip):
server_ip = common.is_ip_or_dns(server_ip)
commands = ['sudo hostname -I | tr " " "\\n"|sed "/^$/d"']
return server_mod.ssh_command(server_ip, commands, ip="1")

5
app/routes/admin/__init__.py Normal file
View File

@ -0,0 +1,5 @@
from flask import Blueprint
bp = Blueprint('admin', __name__)
from app.routes.admin import routes

220
app/routes/admin/routes.py Normal file
View File

@ -0,0 +1,220 @@
import os
import sys
import pytz
import distro
from flask import render_template, request, redirect, url_for
from flask_login import login_required
from app import app, login_manager
from app.routes.admin import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.roxy as roxy
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.server.server as server_mod
@bp.before_request
@login_required
def before_request():
""" Protect all of the admin endpoints. """
pass
@bp.route('')
def admin():
roxywi_auth.page_for_admin()
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
users = sql.select_users()
settings = sql.get_setting('', all=1)
ldap_enable = sql.get_setting('ldap_enable')
services = sql.select_services()
gits = sql.select_gits()
masters = sql.select_servers(get_master_servers=1)
is_needed_tool = common.is_tool('ansible')
grafana = 0
backups = sql.select_backups()
s3_backups = sql.select_s3_backups()
user_subscription = roxywi_common.return_user_subscription()
if not roxy.is_docker():
grafana, stderr = server_mod.subprocess_execute("systemctl is-active grafana-server")
grafana = grafana[0]
return render_template(
'admin.html', h2=1, role=user_params['role'], user=user, users=users, groups=sql.select_groups(),
servers=sql.select_servers(full=1), masters=masters, sshs=sql.select_ssh(), roles=sql.select_roles(),
settings=settings, backups=backups, s3_backups=s3_backups, services=services, timezones=pytz.all_timezones,
page="users.py", user_services=user_params['user_services'], ldap_enable=ldap_enable, gits=gits, guide_me=1,
user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'],
token=user_params['token'], is_needed_tool=is_needed_tool, lang=user_params['lang'], grafana=grafana
)
@bp.route('/tools')
def show_tools():
roxywi_auth.page_for_admin()
lang = roxywi_common.get_user_lang_for_flask()
try:
services = roxy.get_services_status()
except Exception as e:
return str(e)
return render_template('ajax/load_services.html', services=services, lang=lang)
@bp.route('/tools/update/<service>')
def update_tools(service):
roxywi_auth.page_for_admin()
try:
return roxy.update_roxy_wi(service)
except Exception as e:
return f'error: {e}'
@bp.route('/tools/action/<service>/<action>')
def action_tools(service, action):
roxywi_auth.page_for_admin()
if action not in ('start', 'stop', 'restart'):
return 'error: wrong action'
return roxy.action_service(action, service)
@bp.route('/update')
def update_roxywi():
roxywi_auth.page_for_admin()
versions = roxy.versions()
checker_ver = roxy.check_new_version('checker')
smon_ver = roxy.check_new_version('smon')
metrics_ver = roxy.check_new_version('metrics')
keep_ver = roxy.check_new_version('keep_alive')
portscanner_ver = roxy.check_new_version('portscanner')
socket_ver = roxy.check_new_version('socket')
prometheus_exp_ver = roxy.check_new_version('prometheus-exporter')
services = roxy.get_services_status()
lang = roxywi_common.get_user_lang_for_flask()
return render_template(
'ajax/load_updateroxywi.html', services=services, versions=versions, checker_ver=checker_ver, smon_ver=smon_ver,
metrics_ver=metrics_ver, portscanner_ver=portscanner_ver, socket_ver=socket_ver, prometheus_exp_ver=prometheus_exp_ver,
keep_ver=keep_ver, lang=lang
)
@bp.route('/openvpn')
def load_openvpn():
roxywi_auth.page_for_admin()
openvpn_configs = ''
openvpn_sess = ''
openvpn = ''
if distro.id() == 'ubuntu':
stdout, stderr = server_mod.subprocess_execute("apt show openvpn3 2>&1|grep E:")
elif distro.id() == 'centos' or distro.id() == 'rhel':
stdout, stderr = server_mod.subprocess_execute("rpm --query openvpn3-client")
if (
(stdout[0] != 'package openvpn3-client is not installed' and stderr != '/bin/sh: rpm: command not found')
and stdout[0] != 'E: No packages found'
):
cmd = "sudo openvpn3 configs-list |grep -E 'ovpn|(^|[^0-9])[0-9]{4}($|[^0-9])' |grep -v net|awk -F\" \" '{print $1}'|awk 'ORS=NR%2?\" \":\"\\n\"'"
openvpn_configs, stderr = server_mod.subprocess_execute(cmd)
cmd = "sudo openvpn3 sessions-list|grep -E 'Config|Status'|awk -F\":\" '{print $2}'|awk 'ORS=NR%2?\" \":\"\\n\"'| sed 's/^ //g'"
openvpn_sess, stderr = server_mod.subprocess_execute(cmd)
openvpn = stdout[0]
return render_template('ajax/load_openvpn.html', openvpn=openvpn, openvpn_sess=openvpn_sess, openvpn_configs=openvpn_configs)
@bp.post('/openvpn/upload')
def upload_openvpn():
name = common.checkAjaxInput(request.form.get('ovpnname'))
ovpn_file = f"{os.path.dirname('/tmp/')}/{name}.ovpn"
try:
with open(ovpn_file, "w") as conf:
conf.write(request.form.get('uploadovpn'))
except IOError as e:
error = f'error: Cannot save ovpn file {e}'
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
return error
try:
cmd = 'sudo openvpn3 config-import --config %s --persistent' % ovpn_file
server_mod.subprocess_execute(cmd)
except IOError as e:
error = f'error: Cannot import OpenVPN file: {e}'
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
return error
try:
cmd = 'sudo cp %s /etc/openvpn3/%s.conf' % (ovpn_file, name)
server_mod.subprocess_execute(cmd)
except IOError as e:
error = f'error: Cannot save OpenVPN file: {e}'
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
return error
roxywi_common.logging("Roxy-WI server", f" has been uploaded a new ovpn file {ovpn_file}", roxywi=1, login=1)
return 'success: ovpn file has been saved </div>'
@bp.post('/openvpn/delete')
def delete_openvpn():
openvpndel = common.checkAjaxInput(request.form.get('openvpndel'))
cmd = f'sudo openvpn3 config-remove --config /tmp/{openvpndel}.ovpn --force'
try:
server_mod.subprocess_execute(cmd)
roxywi_common.logging(openvpndel, ' has deleted the ovpn file ', roxywi=1, login=1)
except IOError as e:
error = f'error: Cannot delete OpenVPN file: {e}'
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
return error
else:
return 'ok'
@bp.route('/openvpn/action/<action>/<openvpn>')
def action_openvpn(action, openvpn):
openvpn = common.checkAjaxInput(openvpn)
if action == 'start':
cmd = f'sudo openvpn3 session-start --config /tmp/{openvpn}.ovpn'
elif action == 'restart':
cmd = f'sudo openvpn3 session-manage --config /tmp/{openvpn}.ovpn --restart'
elif action == 'disconnect':
cmd = f'sudo openvpn3 session-manage --config /tmp/{openvpn}.ovpn --disconnect'
else:
return 'error: wrong action'
try:
server_mod.subprocess_execute(cmd)
roxywi_common.logging(openvpn, f' The ovpn session has been {action}ed ', roxywi=1, login=1)
return f"success: The {openvpn} has been {action}ed"
except IOError as e:
roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1)
return f'error: Cannot {action} OpenVPN: {e}'
@app.route('/setting/<param>/<val>', methods=['POST'])
def update_settings(param, val):
user_group = roxywi_common.get_user_group(id=1)
if sql.update_setting(param, val, user_group):
roxywi_common.logging('Roxy-WI server', f'The {param} setting has been changed to: {val}', roxywi=1, login=1)
return 'Ok'

5
app/routes/checker/__init__.py Normal file
View File

@ -0,0 +1,5 @@
from flask import Blueprint
bp = Blueprint('checker', __name__)
from app.routes.checker import routes

130
app/routes/checker/routes.py Normal file
View File

@ -0,0 +1,130 @@
import os
import sys
from flask import render_template, request, redirect, url_for
from flask_login import login_required
from app import app, login_manager
from app.routes.checker import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.common as roxywi_common
import modules.tools.alerting as alerting
import modules.tools.checker as checker_mod
@bp.before_request
@login_required
def before_request():
""" Protect all of the admin endpoints. """
pass
@bp.route('/settings')
def checker_settings():
roxywi_common.check_user_group_for_flask()
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
return render_template(
'checker.html', h2=1, role=user_params['role'], user=user, lang=user_params['lang'],
token=user_params['token'], user_services=user_params['user_services']
)
@bp.post('/settings/update')
def update_settings():
service = request.form.get('service')
setting_id = int(request.form.get('setting_id'))
email = int(request.form.get('email'))
service_alert = int(request.form.get('server'))
backend_alert = int(request.form.get('backend'))
maxconn_alert = int(request.form.get('maxconn'))
telegram_id = int(request.form.get('telegram_id'))
slack_id = int(request.form.get('slack_id'))
pd_id = int(request.form.get('pd_id'))
if service == 'haproxy':
return checker_mod.update_haproxy_settings(
setting_id, email, service_alert, backend_alert, maxconn_alert, telegram_id, slack_id, pd_id
)
elif service in ('nginx', 'apache'):
return checker_mod.update_service_settings(setting_id, email, service_alert, telegram_id, slack_id, pd_id)
else:
return checker_mod.update_keepalived_settings(setting_id, email, service_alert, backend_alert, telegram_id, slack_id, pd_id)
@bp.route('/settings/load')
def load_checker():
return checker_mod.load_checker()
@bp.route('/history')
def checker_history():
roxywi_common.check_user_group_for_flask()
user_group = roxywi_common.get_user_group(id=1)
smon_status, stderr = smon_mod.return_smon_status()
smon = sql.alerts_history('Checker', user_group)
user_subscription = roxywi_common.return_user_subscription()
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
return render_template(
'smon/checker_history.html', h2=1, autorefresh=0, role=user_params['role'], user=user, smon=smon,
lang=user_params['lang'], user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'],
token=user_params['token'], smon_status=smon_status, smon_error=stderr, user_services=user_params['user_services']
)
@bp.route('/check/<channel_id>/<receiver_name>')
def check_receiver(channel_id, receiver_name):
channel_id = common.checkAjaxInput(channel_id)
receiver_name = common.checkAjaxInput(receiver_name)
return alerting.check_receiver(channel_id, receiver_name)
@bp.route('/check/rabbit')
def check_rabbit():
return alerting.check_rabbit_alert()
@bp.route('/check/email')
def check_email():
return alerting.check_email_alert()
@bp.route('/receiver/<receiver_name>', methods=['PUT', 'POST', 'DELETE'])
def receiver(receiver_name):
if request.method == 'POST':
token = common.checkAjaxInput(request.form.get('receiver'))
channel = common.checkAjaxInput(request.form.get('channel'))
group = common.checkAjaxInput(request.form.get('group'))
page = common.checkAjaxInput(request.form.get('page'))
page = page.split("#")[0]
return alerting.add_receiver_channel(receiver_name, token, channel, group, page)
elif request.method == 'PUT':
token = common.checkAjaxInput(request.form.get('receiver_token'))
channel = common.checkAjaxInput(request.form.get('channel'))
group = common.checkAjaxInput(request.form.get('group'))
user_id = common.checkAjaxInput(request.form.get('id'))
return alerting.update_receiver_channel(receiver_name, token, channel, group, user_id)
elif request.method == 'DELETE':
channel_id = common.checkAjaxInput(request.form.get('channel_id'))
return alerting.delete_receiver_channel(channel_id, receiver_name)

5
app/routes/config/__init__.py Normal file
View File

@ -0,0 +1,5 @@
from flask import Blueprint
bp = Blueprint('config', __name__)
from app.routes.config import routes

461
app/routes/config/routes.py Normal file
View File

@ -0,0 +1,461 @@
import os
import sys
from flask import render_template, request, redirect, url_for, abort
from flask_login import login_required
from app import app, login_manager, cache
from app.routes.config import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.roxy_wi_tools as roxy_wi_tools
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.config.config as config_mod
import modules.config.section as section_mod
import modules.service.haproxy as service_haproxy
import modules.server.server as server_mod
get_config = roxy_wi_tools.GetConfigVar()
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
@bp.before_request
@login_required
def before_request():
""" Protect all of the admin endpoints. """
pass
@bp.route('/<service>/show', methods=['POST'])
def show_config(service):
config_file_name = request.form.get('config_file_name')
configver = request.form.get('configver')
server_ip = request.form.get('serv')
return config_mod.show_config(server_ip, service, config_file_name, configver)
@bp.route('/<service>/show-files', methods=['POST'])
def show_config_files(service):
server_ip = request.form.get('serv')
config_file_name = request.form.get('config_file_name')
return config_mod.show_config_files(server_ip, service, config_file_name)
@bp.route('/<service>/find-in-config', methods=['POST'])
def find_in_config(service):
server_ip = common.is_ip_or_dns(request.form.get('serv'))
finding_words = request.form.get('words')
log_path = sql.get_setting(service + '_dir')
log_path = common.return_nice_path(log_path)
commands = [f'sudo grep "{finding_words}" {log_path}*/*.conf -C 2 -Rn']
try:
return_find = server_mod.ssh_command(server_ip, commands, raw=1)
return_find = config_mod.show_finding_in_config(return_find, grep=finding_words)
except Exception as e:
return str(e)
if 'error: ' in return_find:
return return_find
return return_find
@bp.route('/<service>/', defaults={'serv': None, 'edit': None, 'config_file_name': None, 'new': None}, methods=['GET', 'POST'])
@bp.route('/<service>/<serv>/<edit>/', defaults={'config_file_name': None, 'new': None}, methods=['GET', 'POST'])
@bp.route('/<service>/<serv>/show', defaults={'edit': None, 'config_file_name': None, 'new': None}, methods=['GET', 'POST'])
@bp.route('/<service>/<serv>/show/<config_file_name>', defaults={'edit': None, 'new': None}, methods=['GET', 'POST'])
@bp.route('/<service>/<serv>/show-files', defaults={'edit': None, 'config_file_name': None, 'new': None}, methods=['GET', 'POST'])
@bp.route('/<service>/<serv>/<edit>/<config_file_name>', defaults={'new': None}, methods=['GET', 'POST'])
@bp.route('/<service>/<serv>/<edit>/<config_file_name>/<new>', methods=['GET', 'POST'])
def config(service, serv, edit, config_file_name, new):
config_read = ""
cfg = ""
stderr = ""
error = ""
aftersave = ""
is_restart = ''
is_serv_protected = ''
new_config = new
try:
user_params = roxywi_common.get_users_params(service=service)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
if service in ('haproxy', 'nginx', 'keepalived', 'apache'):
service_desc = sql.select_service(service)
is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id)
if is_redirect != 'ok':
return redirect(url_for(f'{is_redirect}'))
else:
return redirect(url_for('index'))
if serv and config_file_name:
cfg = config_mod.return_cfg(service, serv, config_file_name)
if serv and edit and new_config is None:
roxywi_common.check_is_server_in_group(serv)
is_serv_protected = sql.is_serv_protected(serv)
server_id = sql.select_server_id_by_ip(serv)
is_restart = sql.select_service_setting(server_id, service, 'restart')
try:
error = config_mod.get_config(serv, cfg, service=service, config_file_name=config_file_name)
except Exception as e:
return str(e), 200
try:
roxywi_common.logging(serv, f" {service.title()} config has been opened")
except Exception:
pass
try:
conf = open(cfg, "r")
config_read = conf.read()
conf.close()
except IOError as e:
return f'Cannot read imported config file {e}', 200
os.system("/bin/mv %s %s.old" % (cfg, cfg))
if new_config is not None:
config_read = ' '
return render_template(
'config.html', h2=1, role=user_params['role'], user=user, select_id="serv", serv=serv, aftersave=aftersave,
config=config_read, cfg=cfg, selects=user_params['servers'], stderr=stderr, error=error, service=service,
is_restart=is_restart, user_services=user_params['user_services'], config_file_name=config_file_name,
is_serv_protected=is_serv_protected, token=user_params['token'], lang=user_params['lang'], service_desc=service_desc
)
@bp.route('/<service>/<server_ip>/save', methods=['POST'])
def save_config(service, server_ip):
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
roxywi_common.check_is_server_in_group(server_ip)
service_desc = sql.select_service(service)
is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'],
service=service_desc.service_id)
if is_redirect != 'ok':
return redirect(url_for(f'{is_redirect}'))
config = request.form.get('config')
oldcfg = request.form.get('oldconfig')
save = request.form.get('save')
config_file_name = request.form.get('config_file_name')
try:
cfg = config_mod.return_cfg(service, server_ip, config_file_name)
except Exception as e:
return f'error: {e}', 200
try:
with open(cfg, "a") as conf:
conf.write(config)
except IOError as e:
return f"error: Cannot read imported config file: {e}", 200
try:
if service == 'keepalived':
stderr = config_mod.upload_and_restart(server_ip, cfg, save, service, oldcfg=oldcfg)
else:
stderr = config_mod.master_slave_upload_and_restart(server_ip, cfg, save, service, oldcfg=oldcfg,
config_file_name=config_file_name)
except Exception as e:
return f'error: {e}', 200
if save != 'test':
config_mod.diff_config(oldcfg, cfg)
if stderr:
return stderr, 200
return
@bp.route('/versions/<service>', defaults={'server_ip': None}, methods=['GET', 'POST'])
@bp.route('/versions/<service>/<server_ip>', methods=['GET', 'POST'])
def versions(service, server_ip):
roxywi_auth.page_for_admin(level=3)
aftersave = ''
file = set()
stderr = ''
try:
user_params = roxywi_common.get_users_params(disable=1)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
if service not in ('haproxy', 'nginx', 'keepalived', 'apache'):
return redirect(url_for('index'))
if service in ('haproxy', 'keepalived'):
conf_format = 'cfg'
else:
conf_format = 'conf'
if request.form.get('del'):
aftersave = 1
for get in request.form.getlist('do_delete'):
if conf_format in get and server_ip in get:
try:
if sql.delete_config_version(service, get):
try:
os.remove(get)
except OSError as e:
if 'No such file or directory' in str(e):
pass
else:
os.remove(os.path.join(configs_dir, get))
try:
file.add(get + "\n")
roxywi_common.logging(
server_ip, f"Version of config has been deleted: {get}", login=1, keep_history=1,
service=service
)
except Exception:
pass
except OSError as e:
stderr = "Error: %s - %s." % (e.filename, e.strerror)
return render_template(
'delver.html', h2=1, role=user_params['role'], user=user, select_id="serv", serv=server_ip, aftersave=aftersave,
selects=user_params['servers'], file=file, service=service, user_services=user_params['user_services'],
token=user_params['token'], lang=user_params['lang'], stderr=stderr
)
@bp.route('/version/<service>/list', methods=['POST'])
def list_of_version(service):
server_ip = common.is_ip_or_dns(request.form.get('serv'))
configver = common.checkAjaxInput(request.form.get('configver'))
for_delver = common.checkAjaxInput(request.form.get('for_delver'))
return config_mod.list_of_versions(server_ip, service, configver, for_delver)
@bp.route('/versions/<service>/<server_ip>/<configver>', defaults={'save': None}, methods=['GET', 'POST'])
@bp.route('/versions/<service>/<server_ip>/<configver>/save', defaults={'save': 1}, methods=['GET', 'POST'])
def show_version(service, server_ip, configver, save):
roxywi_auth.page_for_admin(level=3)
try:
user_params = roxywi_common.get_users_params(disable=1)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
if service not in ('haproxy', 'nginx', 'keepalived', 'apache'):
return redirect(url_for('index'))
service_desc = sql.select_service(service)
if not roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id):
return redirect(url_for('index'))
configs_dir = get_config.get_config_var('configs', f'{service_desc.service}_save_configs_dir')
configver = configs_dir + configver
servers = roxywi_common.get_dick_permit(service=service_desc.slug)
aftersave = 0
stderr = ''
if save:
aftersave = 1
save_action = request.form.get('save')
try:
roxywi_common.logging(
server_ip, f"Version of config has been uploaded {configver}", login=1, keep_history=1, service=service
)
except Exception:
pass
if service == 'keepalived':
stderr = config_mod.upload_and_restart(serv, configver, save_action, service)
elif service in ('nginx', 'apache'):
config_file_name = sql.select_remote_path_from_version(server_ip=server_ip, service=service,
local_path=configver)
stderr = config_mod.master_slave_upload_and_restart(server_ip, configver, save_action, service_desc.slug,
config_file_name=config_file_name)
else:
stderr = config_mod.master_slave_upload_and_restart(server_ip, configver, save_action, service)
return render_template(
'configver.html',
h2=1, role=user_params['role'], user=user, select_id="serv", serv=server_ip, aftersave=aftersave,
selects=servers, stderr=stderr, save=save, configver=configver, service=service,
user_services=user_params['user_services'], token=user_params['token'], lang=user_params['lang']
)
@bp.route('/section/haproxy/<server_ip>')
def haproxy_section(server_ip):
try:
user_params = roxywi_common.get_users_params(service=1)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1)
if is_redirect != 'ok':
return redirect(url_for(f'{is_redirect}'))
is_restart = 0
hap_configs_dir = get_config.get_config_var('configs', 'haproxy_save_configs_dir')
cfg = f"{hap_configs_dir}{server_ip}-{get_date.return_date('config')}.cfg"
error = config_mod.get_config(server_ip, cfg)
sections = section_mod.get_sections(cfg)
return render_template(
'sections.html', h2=1, role=user_params['role'], user=user, serv=server_ip, selects=user_params['servers'],
sections=sections, error=error, token=user_params['token'], lang=user_params['lang'], is_restart=is_restart, config='',
user_services=user_params['user_services']
)
@bp.route('/section/haproxy/<server_ip>/<section>')
def haproxy_section_show(server_ip, section):
try:
user_params = roxywi_common.get_users_params(service=1)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1)
if is_redirect != 'ok':
return redirect(url_for(f'{is_redirect}'))
try:
roxywi_common.logging(server_ip, f"A section {section} has been opened")
except Exception:
pass
hap_configs_dir = get_config.get_config_var('configs', 'haproxy_save_configs_dir')
cfg = f"{hap_configs_dir}{server_ip}-{get_date.return_date('config')}.cfg"
error = config_mod.get_config(server_ip, cfg)
sections = section_mod.get_sections(cfg)
start_line, end_line, config_read = section_mod.get_section_from_config(cfg, section)
server_id = sql.select_server_id_by_ip(server_ip)
is_restart = sql.select_service_setting(server_id, 'haproxy', 'restart')
os.system(f"/bin/mv {cfg} {cfg}.old")
return render_template(
'sections.html', h2=1, role=user_params['role'], user=user,
serv=server_ip, selects=user_params['servers'], error=error, sections=sections, cfg=cfg,
token=user_params['token'], lang=user_params['lang'], is_restart=is_restart, config=config_read,
start_line=start_line, end_line=end_line, section=section, user_services=user_params['user_services']
)
@bp.route('/section/haproxy/<server_ip>/save', methods=['POST'])
def haproxy_section_save(server_ip):
try:
user_params = roxywi_common.get_users_params(service=1)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1)
if is_redirect != 'ok':
return redirect(url_for(f'{is_redirect}'))
hap_configs_dir = get_config.get_config_var('configs', 'haproxy_save_configs_dir')
cfg = f"{hap_configs_dir}{server_ip}-{get_date.return_date('config')}.cfg"
config = request.form.get('config')
oldcfg = request.form.get('oldconfig')
save = request.form.get('save')
start_line = request.form.get('start_line')
end_line = request.form.get('end_line')
if save == 'delete':
config = ''
save = 'reload'
config = section_mod.rewrite_section(start_line, end_line, oldcfg, config)
try:
with open(cfg, "w") as conf:
conf.write(config)
except IOError as e:
return f"error: Cannot read import config file: {e}"
stderr = config_mod.master_slave_upload_and_restart(server_ip, cfg, save, 'haproxy', oldcfg=oldcfg)
config_mod.diff_config(oldcfg, cfg)
os.system(f"/bin/rm -f {hap_configs_dir}*.old")
return stderr
@bp.route('/compare/<service>/<serv>')
@bp.route('/map/<service>/<serv>')
def show_compare_config(service, serv):
config_read = ""
cfg = ""
stderr = ""
error = ""
aftersave = ""
is_restart = ''
is_serv_protected = ''
config_file_name = ''
try:
user_params = roxywi_common.get_users_params(service=service)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
if service in ('haproxy', 'nginx', 'keepalived', 'apache'):
service_desc = sql.select_service(service)
is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id)
if is_redirect != 'ok':
return redirect(url_for(f'{is_redirect}'))
else:
return redirect(url_for('index'))
return render_template(
'config.html', h2=1, role=user_params['role'], user=user, select_id="serv", serv=serv, aftersave=aftersave,
config=config_read, cfg=cfg, selects=user_params['servers'], stderr=stderr, error=error, service=service,
is_restart=is_restart, user_services=user_params['user_services'], config_file_name=config_file_name,
is_serv_protected=is_serv_protected, token=user_params['token'], lang=user_params['lang'],
service_desc=service_desc
)
@bp.route('/compare/<service>/<server_ip>/files')
def show_configs_for_compare(service, server_ip):
return config_mod.show_compare_config(server_ip, service)
@bp.route('/compare/<service>/<server_ip>/show', methods=['POST'])
def show_compare(service, server_ip):
left = common.checkAjaxInput(request.form.get('left'))
right = common.checkAjaxInput(request.form.get('right'))
return config_mod.compare_config(service, left, right)
@bp.route('/map/haproxy/<server_ip>/show')
def show_map(server_ip):
return service_haproxy.show_map(server_ip)

5
app/routes/install/__init__.py Normal file
View File

@ -0,0 +1,5 @@
from flask import Blueprint
bp = Blueprint('install', __name__)
from app.routes.install import routes

268
app/routes/install/routes.py Normal file
View File

@ -0,0 +1,268 @@
import os
import sys
from functools import wraps
from flask import render_template, request, redirect, url_for
from flask_login import login_required
from app import app, login_manager
from app.routes.install import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.roxy_wi_tools as roxy_wi_tools
import modules.server.server as server_mod
import modules.service.common as service_common
import modules.service.installation as service_mod
import modules.service.exporter_installation as exp_installation
@bp.before_request
@login_required
def before_request():
""" Protect all of the admin endpoints. """
pass
@bp.route('')
def install_monitoring():
roxywi_auth.page_for_admin(level=2)
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
is_needed_tool = common.is_tool('ansible')
geoip_country_codes = sql.select_geoip_country_codes()
return render_template(
'install.html', h2=1, role=user_params['role'], user=user, servers=user_params['servers'],
user_services=user_params['user_services'], lang=user_params['lang'], geoip_country_codes=geoip_country_codes,
is_needed_tool=is_needed_tool, token=user_params['token']
)
@bp.route('/ha')
def ha():
roxywi_auth.page_for_admin(level=2)
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
is_needed_tool = common.is_tool('ansible')
user_subscription = roxywi_common.return_user_subscription()
is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=3)
if is_redirect != 'ok':
return redirect(url_for(f'{is_redirect}'))
return render_template(
'ha.html', h2=1, role=user_params['role'], user=user, selects=user_params['servers'],
user_services=user_params['user_services'], user_status=user_subscription['user_status'], lang=user_params['lang'],
user_plan=user_subscription['user_plan'], is_needed_tool=is_needed_tool, token=user_params['token']
)
@bp.post('/keepalived', defaults={'slave_kp': None})
@bp.post('/keepalived/<slave_kp>')
def install_keepalived(slave_kp):
master = request.form.get('master')
slave = request.form.get('slave')
eth = request.form.get('interface')
eth_slave = request.form.get('slave_interface')
vrrp_ip = request.form.get('vrrpip')
syn_flood = request.form.get('syn_flood')
return_to_master = request.form.get('return_to_master')
haproxy = request.form.get('hap')
nginx = request.form.get('nginx')
router_id = request.form.get('router_id')
virt_server = request.form.get('virt_server')
try:
virt_server = int(virt_server)
except Exception:
pass
if not slave_kp:
try:
return service_mod.keepalived_master_install(
master, eth, eth_slave, vrrp_ip, virt_server, syn_flood, return_to_master, haproxy, nginx, router_id
)
except Exception as e:
return f'{e}'
else:
try:
return service_mod.keepalived_slave_install(
master, slave, eth, eth_slave, vrrp_ip, syn_flood, haproxy, nginx, router_id
)
except Exception as e:
return f'{e}'
@bp.post('/keepalived/add', defaults={'slave_kp': None})
@bp.post('/keepalived/add/<slave_kp>')
def add_extra_vrrp(slave_kp):
master = request.form.get('master')
slave = request.form.get('slave')
eth = request.form.get('interface')
slave_eth = request.form.get('slave_interface')
vrrp_ip = request.form.get('vrrpip')
router_id = request.form.get('router_id')
return_to_master = request.form.get('return_to_master')
kp = request.form.get('kp')
if not slave_kp:
try:
return service_mod.keepalived_masteradd(master, eth, slave_eth, vrrp_ip, router_id, return_to_master, kp)
except Exception as e:
return f'{e}'
else:
try:
return service_mod.keepalived_slaveadd(slave, eth, slave_eth, vrrp_ip, router_id, kp)
except Exception as e:
return f'{e}'
@bp.post('/<service>/<server_ip>')
def install_service(service, server_ip):
server_ip = common.is_ip_or_dns(server_ip)
docker = common.checkAjaxInput(request.form.get('docker'))
syn_flood = request.form.get('syn_flood')
hapver = request.form.get('hapver')
if service in ('nginx', 'apache'):
try:
return service_mod.install_service(server_ip, service, docker, syn_flood)
except Exception as e:
return str(e)
elif service == 'haproxy':
try:
return service_mod.install_haproxy(server_ip, syn_flood=syn_flood, hapver=hapver, docker=docker)
except Exception as e:
return str(e)
else:
return 'warning: Wrong service'
@bp.post('/<service>/master-slave')
def master_slave(service):
master = request.form.get('master')
slave = request.form.get('slave')
server = request.form.get('server')
docker = request.form.get('docker')
if service == 'haproxy':
if server == 'master':
try:
return service_mod.install_haproxy(master, server=server, docker=docker, m_or_s='master', master=master, slave=slave)
except Exception as e:
return f'{e}'
elif server == 'slave':
try:
return service_mod.install_haproxy(slave, server=server, docker=docker, m_or_s='slave', master=master, slave=slave)
except Exception as e:
return f'{e}'
elif service == 'nginx':
syn_flood_protect = '1' if request.form.get('syn_flood') == "1" else ''
if server == 'master':
try:
return service_mod.install_service(master, 'nginx', docker, syn_flood_protect, server=server)
except Exception as e:
return f'{e}'
elif server == 'slave':
try:
return service_mod.install_service(slave, 'nginx', docker, syn_flood_protect, server=server)
except Exception as e:
return f'{e}'
@bp.route('/<service>/version/<server_ip>')
def get_service_version(service, server_ip):
if service in ('haproxy', 'nginx', 'apache'):
return service_common.show_service_version(server_ip, service)
elif service == 'keepalived':
cmd = ["sudo /usr/sbin/keepalived -v 2>&1|head -1|awk '{print $2}'"]
return server_mod.ssh_command(server_ip, cmd)
else:
return 'error: Wrong service'
@bp.post('/exporter/<exporter>')
def install_exporter(exporter):
server_ip = common.is_ip_or_dns(request.form.get('server_ip'))
ver = common.checkAjaxInput(request.form.get('exporter_v'))
ext_prom = common.checkAjaxInput(request.form.get('ext_prom'))
if exporter == 'haproxy':
return exp_installation.haproxy_exp_installation(server_ip, ver, ext_prom)
elif exporter in ('nginx', 'apache'):
return exp_installation.nginx_apache_exp_installation(server_ip, exporter, ver, ext_prom)
elif exporter in ('keepalived', 'node'):
return exp_installation.node_keepalived_exp_installation(exporter, server_ip, ver, ext_prom)
else:
return 'error: Wrong exporter'
@bp.route('/exporter/<exporter>/version/<server_ip>')
def get_exporter_version(exporter, server_ip):
server_ip = common.is_ip_or_dns(server_ip)
return service_common.get_exp_version(server_ip, exporter)
@bp.route('/grafana')
def install_grafana():
try:
return service_mod.grafana_install()
except Exception as e:
return f'{e}'
@bp.route('/waf/<service>/<server_ip>')
def install_waf(service, server_ip):
server_ip = common.is_ip_or_dns(server_ip)
if service == 'haproxy':
try:
return service_mod.waf_install(server_ip)
except Exception as e:
return str(e)
elif service == 'nginx':
try:
return service_mod.waf_nginx_install(server_ip)
except Exception as e:
return str(e)
else:
return 'error: Wrong service'
@bp.post('/geoip')
def install_geoip():
server_ip = common.is_ip_or_dns(server_ip)
geoip_update = common.checkAjaxInput(request.form.get('update'))
service = request.form.get('service')
try:
return service_mod.geoip_installation(server_ip, geoip_update, service)
except Exception as e:
return str(e)
@bp.route('/geoip/<service>/<server_ip>')
def check_geoip(service, server_ip):
server_ip = common.is_ip_or_dns(server_ip)
if service not in ('haproxy', 'nginx'):
return 'error: Wrong service'
service_dir = common.return_nice_path(sql.get_setting(f'{service}_dir'))
cmd = [f"ls {service_dir}geoip/"]
return server_mod.ssh_command(server_ip, cmd)

5
app/routes/metric/__init__.py Normal file
View File

@ -0,0 +1,5 @@
from flask import Blueprint
bp = Blueprint('metric', __name__)
from app.routes.metric import routes

128
app/routes/metric/routes.py Normal file
View File

@ -0,0 +1,128 @@
import os
import sys
import distro
from flask import render_template, request, jsonify, redirect, url_for
from flask_login import login_required
from app import app, login_manager
from app.routes.metric import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.server.server as server_mod
import modules.roxywi.metrics as metric
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
@bp.before_request
@login_required
def before_request():
""" Protect all of the admin endpoints. """
pass
@bp.route('/<service>')
def metrics(service):
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
service_desc = sql.select_service(service)
roxywi_common.check_user_group_for_flask()
is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id)
if is_redirect != 'ok':
return redirect(url_for(f'{is_redirect}'))
try:
if distro.id() == 'ubuntu':
cmd = "apt list --installed 2>&1 |grep roxy-wi-metrics"
else:
cmd = "rpm -q roxy-wi-metrics-* |awk -F\"metrics\" '{print $2}' |awk -F\".noa\" '{print $1}' |sed 's/-//1' |sed 's/-/./'"
service_ver, stderr = server_mod.subprocess_execute(cmd)
services = '0'
if not stderr:
if service_ver[0] == ' is not installed' or service_ver == '':
servers = ''
else:
services = '1'
if service == 'nginx':
user_params['servers'] = sql.select_nginx_servers_metrics_for_master()
elif service == 'apache':
user_params['servers'] = sql.select_apache_servers_metrics_for_master()
else:
group_id = roxywi_common.get_user_group(id=1)
user_params['servers'] = sql.select_servers_metrics(group_id)
except Exception as e:
return f'error: on Metrics page: {e}', 500
user_subscription = roxywi_common.return_user_subscription()
return render_template(
'metrics.html', h2=1, autorefresh=1, role=user_params['role'], user=user, servers=user_params['servers'],
services=services, user_services=user_params['user_services'], service=service,
user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'],
token=user_params['token'], lang=user_params['lang'], service_desc=service_desc
)
@bp.route('/cpu', methods=['POST'])
def metrics_cpu():
metrics_type = common.checkAjaxInput(request.form.get('ip'))
return jsonify(metric.show_cpu_metrics(metrics_type))
@bp.route('/ram', methods=['POST'])
def metrics_ram():
metrics_type = common.checkAjaxInput(request.form.get('ip'))
return jsonify(metric.show_ram_metrics(metrics_type))
@bp.route('/<service>/table-metrics')
def table_metrics(service):
roxywi_common.check_user_group_for_flask()
lang = roxywi_common.get_user_lang()
group_id = roxywi_common.get_user_group(id=1)
if service in ('nginx', 'apache'):
metrics = sql.select_service_table_metrics(service, group_id)
else:
metrics = sql.select_table_metrics(group_id)
return render_template('ajax/table_metrics.html', table_stat=metrics, service=service, lang=lang)
@bp.route('/<service>/<server_ip>', methods=['POST'])
def show_metric(service, server_ip):
server_ip = common.is_ip_or_dns(server_ip)
hostname = sql.get_hostname_by_server_ip(server_ip)
time_range = common.checkAjaxInput(request.form.get('time_range'))
if service in ('nginx', 'apache', 'waf'):
return jsonify(metric.service_metrics(server_ip, hostname, service, time_range))
elif service == 'haproxy':
return jsonify(metric.haproxy_metrics(server_ip, hostname, time_range))
return 'error: Wrong service'
@bp.route('/<service>/<server_ip>/http', methods=['POST'])
def show_http_metric(service, server_ip):
server_ip = common.is_ip_or_dns(server_ip)
hostname = sql.get_hostname_by_server_ip(server_ip)
time_range = common.checkAjaxInput(request.form.get('time_range'))
if service == 'haproxy':
return jsonify(metric.haproxy_http_metrics(server_ip, hostname, time_range))
return 'error: Wrong service'

5
app/routes/runtime/__init__.py Normal file
View File

@ -0,0 +1,5 @@
from flask import Blueprint
bp = Blueprint('runtime', __name__)
from app.routes.runtime import routes

203
app/routes/runtime/routes.py Normal file
View File

@ -0,0 +1,203 @@
import os
import sys
from flask import render_template, request, redirect, url_for
from flask_login import login_required
from app import app, login_manager
from app.routes.runtime import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.common as roxywi_common
import modules.config.runtime as runtime
import modules.service.haproxy as service_haproxy
@bp.before_request
@login_required
def before_request():
""" Protect all of the admin endpoints. """
pass
@bp.route('/')
def runtimeapi():
try:
user_params = roxywi_common.get_users_params(haproxy=1)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
servbackend = ""
return render_template(
'runtimeapi.html', h2=1, title="RunTime API", role=user_params['role'], user=user, select_id="serv",
selects=user_params['servers'], token=user_params['token'], user_services=user_params['user_services'],
servbackend=servbackend, lang=user_params['lang']
)
@bp.route('/backends/<server_ip>')
def show_backends(server_ip):
server_ip = common.is_ip_or_dns(server_ip)
return runtime.show_backends(server_ip)
@bp.route('/backend/servers/<server_ip>/<backend>')
def show_backend_servers(server_ip, backend):
server_ip = common.is_ip_or_dns(server_ip)
backend = common.checkAjaxInput(backend)
return runtime.show_frontend_backend(server_ip, backend)
@bp.route('/backend/server/<server_ip>/<backend>/<backend_server>')
def show_backend_server(server_ip, backend, backend_server):
server_ip = common.is_ip_or_dns(server_ip)
backend = common.checkAjaxInput(backend)
backend_server = common.checkAjaxInput(backend_server)
return runtime.show_server(server_ip, backend, backend_server)
@bp.route('/change/ip', methods=['POST'])
def change_ip_port():
server_ip = common.is_ip_or_dns(request.form.get('serv'))
backend_backend = common.checkAjaxInput(request.form.get('backend_backend'))
backend_server = common.checkAjaxInput(request.form.get('backend_server'))
backend_ip = common.checkAjaxInput(request.form.get('backend_ip'))
backend_port = common.checkAjaxInput(request.form.get('backend_port'))
return runtime.change_ip_and_port(server_ip, backend_backend, backend_server, backend_ip, backend_port)
@bp.route('/maxconn/<server_ip>')
def maxconn_select(server_ip):
server_ip = common.is_ip_or_dns(server_ip)
return runtime.get_backends_from_config(server_ip, backends='frontend')
@bp.route('/maxconn/<type_maxconn>/<server_ip>', methods=['POST'])
def change_maxconn(type_maxconn, server_ip):
server_ip = common.is_ip_or_dns(server_ip)
maxconn = common.checkAjaxInput(request.form.get('maxconn'))
if type_maxconn == 'global':
return runtime.change_maxconn_global(server_ip, maxconn)
elif type_maxconn == 'frontend':
frontend = common.checkAjaxInput(request.form.get('maxconn_frontend'))
return runtime.change_maxconn_frontend(server_ip, maxconn, frontend)
elif type_maxconn == 'backend':
backend = common.checkAjaxInput(request.form.get('maxconn_backend'))
backend_server = common.checkAjaxInput(request.form.get('maxconn_backend_server'))
return runtime.change_maxconn_backend(server_ip, backend, backend_server, maxconn)
else:
return 'error: Wrong backend'
@bp.route('/action/<server_ip>', methods=['POST'])
def action(server_ip):
server_ip = common.is_ip_or_dns(server_ip)
enable = common.checkAjaxInput(request.form.get('servaction'))
backend = common.checkAjaxInput(request.form.get('servbackend'))
save = request.form.get('save')
return service_haproxy.runtime_command(server_ip, enable, backend, save)
@bp.route('/tables/<server_ip>')
def get_all_tables(server_ip):
server_ip = common.is_ip_or_dns(server_ip)
return runtime.get_all_stick_table(server_ip)
@bp.route('/table/<server_ip>/<table>')
def get_table(server_ip, table):
server_ip = common.is_ip_or_dns(server_ip)
table = common.checkAjaxInput(table)
return runtime.table_select(server_ip, table)
@bp.route('/table/delete/<server_ip>/<table>/<ip_for_delete>')
def delete_ip(server_ip, table, ip_for_delete):
server_ip = common.is_ip_or_dns(server_ip)
table = common.checkAjaxInput(table)
ip_for_delete = common.is_ip_or_dns(ip_for_delete)
return runtime.delete_ip_from_stick_table(server_ip, ip_for_delete, table)
@bp.route('/table/clear/<server_ip>/<table>')
def clear_table(server_ip, table):
server_ip = common.is_ip_or_dns(server_ip)
table = common.checkAjaxInput(table)
return runtime.clear_stick_table(server_ip, table)
@bp.route('/session/<server_ip>')
def select_sessions(server_ip):
server_ip = common.is_ip_or_dns(server_ip)
return runtime.select_session(server_ip)
@bp.route('/session/<server_ip>/<sess_id>')
def show_sessions(server_ip, sess_id):
server_ip = common.is_ip_or_dns(server_ip)
sess_id = common.checkAjaxInput(sess_id)
return runtime.show_session(server_ip, sess_id)
@bp.route('/session/delete/<server_ip>/<sess_id>')
def delete_session(server_ip, sess_id):
server_ip = common.is_ip_or_dns(server_ip)
sess_id = common.checkAjaxInput(sess_id)
return runtime.delete_session(server_ip, sess_id)
@bp.route('/list/<server_ip>')
def get_lists(server_ip):
server_ip = common.is_ip_or_dns(server_ip)
return runtime.list_of_lists(server_ip)
@bp.route('/list/<server_ip>/<int:list_id>/<list_name>')
def get_list(server_ip, list_id, list_name):
server_ip = common.is_ip_or_dns(server_ip)
list_name = common.checkAjaxInput(list_name)
return runtime.show_lists(server_ip, list_id, list_name)
@bp.route('/list/delete', methods=['POST'])
def delete_ip_from_list():
ip_id = common.checkAjaxInput(request.form.get('list_ip_id_for_delete'))
ip = common.is_ip_or_dns(request.form.get('list_ip_for_delete'))
list_id = common.checkAjaxInput(request.form.get('list_id_for_delete'))
list_name = common.checkAjaxInput(request.form.get('list_name'))
return runtime.delete_ip_from_list(serv, ip_id, ip, list_id, list_name)
@bp.route('/list/add', methods=['POST'])
def add_ip_to_list():
ip = request.form.get('list_ip_for_add')
ip = ip.strip()
ip = common.is_ip_or_dns(ip)
list_id = common.checkAjaxInput(request.form.get('list_id_for_add'))
list_name = common.checkAjaxInput(request.form.get('list_name'))
return runtime.add_ip_to_list(serv, ip, list_id, list_name)

5
app/routes/server/__init__.py Normal file
View File

@ -0,0 +1,5 @@
from flask import Blueprint
bp = Blueprint('server', __name__)
from app.routes.server import routes

462
app/routes/server/routes.py Normal file
View File

@ -0,0 +1,462 @@
import os
import sys
import json
import distro
from flask import render_template, request
from flask_login import login_required
from app import app, login_manager
from app.routes.server import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.roxy as roxy
import modules.roxywi.group as group_mod
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.roxy_wi_tools as roxy_wi_tools
import modules.server.ssh as ssh_mod
import modules.server.server as server_mod
import modules.tools.smon as smon_mod
import modules.service.backup as backup_mod
get_config = roxy_wi_tools.GetConfigVar()
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
error_mess = roxywi_common.return_error_message()
@bp.before_request
@login_required
def before_request():
""" Protect all of the admin endpoints. """
pass
@bp.route('/check/ssh/<server_ip>')
def check_ssh(server_ip):
roxywi_auth.page_for_admin(level=2)
server_ip = common.is_ip_or_dns(server_ip)
try:
return server_mod.ssh_command(server_ip, ["ls -1t"])
except Exception as e:
return str(e)
@bp.route('/check/server/<server_ip>')
def check_server(server_ip):
server_ip = common.is_ip_or_dns(server_ip)
return server_mod.server_is_up(server_ip)
@bp.route('/show/if/<server_ip>')
def show_if(server_ip):
roxywi_auth.page_for_admin(level=2)
server_ip = common.is_ip_or_dns(server_ip)
commands = ["sudo ip link|grep 'UP' |grep -v 'lo'| awk '{print $2}' |awk -F':' '{print $1}'"]
return server_mod.ssh_command(server_ip, commands)
@bp.route('/create', methods=['POST'])
def create_server():
roxywi_auth.page_for_admin(level=2)
hostname = common.checkAjaxInput(request.form.get('servername'))
ip = common.is_ip_or_dns(request.form.get('newip'))
group = common.checkAjaxInput(request.form.get('newservergroup'))
typeip = common.checkAjaxInput(request.form.get('typeip'))
haproxy = common.checkAjaxInput(request.form.get('haproxy'))
nginx = common.checkAjaxInput(request.form.get('nginx'))
apache = common.checkAjaxInput(request.form.get('apache'))
firewall = common.checkAjaxInput(request.form.get('firewall'))
enable = common.checkAjaxInput(request.form.get('enable'))
master = common.checkAjaxInput(request.form.get('slave'))
cred = common.checkAjaxInput(request.form.get('cred'))
page = common.checkAjaxInput(request.form.get('page'))
page = page.split("#")[0]
port = common.checkAjaxInput(request.form.get('newport'))
desc = common.checkAjaxInput(request.form.get('desc'))
add_to_smon = common.checkAjaxInput(request.form.get('add_to_smon'))
lang = roxywi_common.get_user_lang_for_flask()
if ip == '':
return 'error: IP or DNS name is not valid'
try:
if server_mod.create_server(hostname, ip, group, typeip, enable, master, cred, port, desc, haproxy, nginx,
apache, firewall):
try:
user_subscription = roxywi_common.return_user_status()
except Exception as e:
user_subscription = roxywi_common.return_unsubscribed_user_status()
roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
if add_to_smon:
user_group = roxywi_common.get_user_group(id=1)
smon_mod.create_smon(hostname, ip, 0, 1, 0, 0, hostname, desc, 0, 0, 0, 56, 'ping', 0, 0, user_group, 0)
roxywi_common.logging(ip, f'A new server {hostname} has been created', roxywi=1, login=1, keep_history=1, service='server')
return render_template(
'ajax/new_server.html', groups=sql.select_groups(), servers=sql.select_servers(server=ip), lang=lang,
masters=sql.select_servers(get_master_servers=1), sshs=sql.select_ssh(group=group), page=page,
user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], adding=1
)
except Exception as e:
return f'error: {e}'
@bp.route('/create/after', methods=['POST'])
def after_add():
hostname = common.checkAjaxInput(request.form.get('servername'))
ip = common.is_ip_or_dns(request.form.get('newip'))
scan_server = common.checkAjaxInput(request.form.get('scan_server'))
try:
return server_mod.update_server_after_creating(hostname, ip, scan_server)
except Exception as e:
return str(e)
@bp.route('/update', methods=['POST'])
def update_server():
roxywi_auth.page_for_admin(level=2)
name = request.form.get('updateserver')
group = request.form.get('servergroup')
typeip = request.form.get('typeip')
firewall = request.form.get('firewall')
enable = request.form.get('enable')
master = request.form.get('slave')
serv_id = request.form.get('id')
cred = request.form.get('cred')
port = request.form.get('port')
protected = request.form.get('protected')
desc = request.form.get('desc')
if name is None or port is None:
return error_mess
else:
sql.update_server(name, group, typeip, enable, master, serv_id, cred, port, desc, firewall, protected)
roxywi_common.logging(f'The server {name}', ' has been updated ', roxywi=1, login=1)
server_ip = sql.select_server_ip_by_id(serv_id)
roxywi_common.logging(server_ip, f'The server {name} has been update', roxywi=1, login=1, keep_history=1, service='server')
return 'ok'
@bp.route('/delete/<int:server_id>')
def delete_server(server_id):
roxywi_auth.page_for_admin(level=2)
return server_mod.delete_server(server_id)
@bp.route('/group/create', methods=['POST'])
def create_group():
roxywi_auth.page_for_admin()
newgroup = common.checkAjaxInput(request.form.get('groupname'))
desc = common.checkAjaxInput(request.form.get('newdesc'))
if newgroup == '':
return error_mess
else:
try:
if sql.add_group(newgroup, desc):
roxywi_common.logging('Roxy-WI server', f'A new group {newgroup} has been created', roxywi=1, login=1)
return render_template('ajax/new_group.html', groups=sql.select_groups(group=newgroup))
except Exception as e:
return str(e)
@bp.route('/group/update', methods=['POST'])
def update_group():
roxywi_auth.page_for_admin()
name = common.checkAjaxInput(request.form.get('updategroup'))
desc = common.checkAjaxInput(request.form.get('descript'))
group_id = common.checkAjaxInput(request.form.get('id'))
return group_mod.update_group(group_id, name, desc)
@bp.route('/group/delete/<int:group_id>')
def delete_group(group_id):
roxywi_auth.page_for_admin()
return group_mod.delete_group(group_id)
@bp.route('/ssh/create', methods=['POST'])
def create_ssh():
roxywi_auth.page_for_admin(level=2)
return ssh_mod.create_ssh_cred()
@bp.route('/ssh/delete/<int:ssh_id>')
def delete_ssh(ssh_id):
roxywi_auth.page_for_admin(level=2)
return ssh_mod.delete_ssh_key(ssh_id)
@bp.route('/ssh/update', methods=['POST'])
def update_ssh():
roxywi_auth.page_for_admin(level=2)
return ssh_mod.update_ssh_key()
@bp.route('/ssh/upload', methods=['POST'])
def upload_ssh_key():
user_group = roxywi_common.get_user_group()
name = common.checkAjaxInput(request.form.get('name'))
key = request.form.get('ssh_cert')
try:
return ssh_mod.upload_ssh_key(name, user_group, key)
except Exception as e:
return str(e)
@bp.app_template_filter('string_to_dict')
def string_to_dict(dict_string) -> dict:
from ast import literal_eval
return literal_eval(dict_string)
@bp.route('/system_info/get/<server_ip>/<int:server_id>')
def get_system_info(server_ip, server_id):
server_ip = common.is_ip_or_dns(server_ip)
return server_mod.show_system_info(server_ip, server_id)
@bp.route('/system_info/update/<server_ip>/<int:server_id>')
def update_system_info(server_ip, server_id):
server_ip = common.is_ip_or_dns(server_ip)
return server_mod.update_system_info(server_ip, server_id)
@bp.route('/tools')
def show_tools():
roxywi_auth.page_for_admin()
lang = roxywi_common.get_user_lang_for_flask()
try:
services = roxy.get_services_status()
except Exception as e:
return str(e)
return render_template('ajax/load_services.html', services=services, lang=lang)
@bp.route('/tools/update/<service>')
def update_tools(service):
roxywi_auth.page_for_admin()
try:
return roxy.update_roxy_wi(service)
except Exception as e:
return f'error: {e}'
@bp.route('/tools/action/<service>/<action>')
def action_tools(service, action):
roxywi_auth.page_for_admin()
if action not in ('start', 'stop', 'restart'):
return 'error: wrong action'
return roxy.action_service(action, service)
@bp.route('/update')
def update_roxywi():
roxywi_auth.page_for_admin()
versions = roxy.versions()
checker_ver = roxy.check_new_version('checker')
smon_ver = roxy.check_new_version('smon')
metrics_ver = roxy.check_new_version('metrics')
keep_ver = roxy.check_new_version('keep_alive')
portscanner_ver = roxy.check_new_version('portscanner')
socket_ver = roxy.check_new_version('socket')
prometheus_exp_ver = roxy.check_new_version('prometheus-exporter')
services = roxy.get_services_status()
lang = roxywi_common.get_user_lang_for_flask()
return render_template(
'ajax/load_updateroxywi.html', services=services, versions=versions, checker_ver=checker_ver, smon_ver=smon_ver,
metrics_ver=metrics_ver, portscanner_ver=portscanner_ver, socket_ver=socket_ver, prometheus_exp_ver=prometheus_exp_ver,
keep_ver=keep_ver, lang=lang
)
@bp.route('/openvpn')
def load_openvpn():
roxywi_auth.page_for_admin()
openvpn_configs = ''
openvpn_sess = ''
openvpn = ''
if distro.id() == 'ubuntu':
stdout, stderr = server_mod.subprocess_execute("apt show openvpn3 2>&1|grep E:")
elif distro.id() == 'centos' or distro.id() == 'rhel':
stdout, stderr = server_mod.subprocess_execute("rpm --query openvpn3-client")
if (
(stdout[0] != 'package openvpn3-client is not installed' and stderr != '/bin/sh: rpm: command not found')
and stdout[0] != 'E: No packages found'
):
cmd = "sudo openvpn3 configs-list |grep -E 'ovpn|(^|[^0-9])[0-9]{4}($|[^0-9])' |grep -v net|awk -F\" \" '{print $1}'|awk 'ORS=NR%2?\" \":\"\\n\"'"
openvpn_configs, stderr = server_mod.subprocess_execute(cmd)
cmd = "sudo openvpn3 sessions-list|grep -E 'Config|Status'|awk -F\":\" '{print $2}'|awk 'ORS=NR%2?\" \":\"\\n\"'| sed 's/^ //g'"
openvpn_sess, stderr = server_mod.subprocess_execute(cmd)
openvpn = stdout[0]
return render_template('ajax/load_openvpn.html', openvpn=openvpn, openvpn_sess=openvpn_sess, openvpn_configs=openvpn_configs)
@bp.post('/openvpn/upload')
def upload_openvpn():
name = common.checkAjaxInput(request.form.get('ovpnname'))
ovpn_file = f"{os.path.dirname('/tmp/')}/{name}.ovpn"
try:
with open(ovpn_file, "w") as conf:
conf.write(request.form.get('uploadovpn'))
except IOError as e:
error = f'error: Cannot save ovpn file {e}'
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
return error
try:
cmd = 'sudo openvpn3 config-import --config %s --persistent' % ovpn_file
server_mod.subprocess_execute(cmd)
except IOError as e:
error = f'error: Cannot import OpenVPN file: {e}'
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
return error
try:
cmd = 'sudo cp %s /etc/openvpn3/%s.conf' % (ovpn_file, name)
server_mod.subprocess_execute(cmd)
except IOError as e:
error = f'error: Cannot save OpenVPN file: {e}'
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
return error
roxywi_common.logging("Roxy-WI server", f" has been uploaded a new ovpn file {ovpn_file}", roxywi=1, login=1)
return 'success: ovpn file has been saved </div>'
@bp.post('/openvpn/delete')
def delete_openvpn():
openvpndel = common.checkAjaxInput(request.form.get('openvpndel'))
cmd = f'sudo openvpn3 config-remove --config /tmp/{openvpndel}.ovpn --force'
try:
server_mod.subprocess_execute(cmd)
roxywi_common.logging(openvpndel, ' has deleted the ovpn file ', roxywi=1, login=1)
except IOError as e:
error = f'error: Cannot delete OpenVPN file: {e}'
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
return error
else:
return 'ok'
@bp.route('/openvpn/action/<action>/<openvpn>')
def action_openvpn(action, openvpn):
openvpn = common.checkAjaxInput(openvpn)
if action == 'start':
cmd = f'sudo openvpn3 session-start --config /tmp/{openvpn}.ovpn'
elif action == 'restart':
cmd = f'sudo openvpn3 session-manage --config /tmp/{openvpn}.ovpn --restart'
elif action == 'disconnect':
cmd = f'sudo openvpn3 session-manage --config /tmp/{openvpn}.ovpn --disconnect'
else:
return 'error: wrong action'
try:
server_mod.subprocess_execute(cmd)
roxywi_common.logging(openvpn, f' The ovpn session has been {action}ed ', roxywi=1, login=1)
return f"success: The {openvpn} has been {action}ed"
except IOError as e:
roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1)
return f'error: Cannot {action} OpenVPN: {e}'
@bp.route('/services/<int:server_id>', methods=['GET', 'POST'])
def show_server_services(server_id):
roxywi_auth.page_for_admin(level=2)
if request.method == 'GET':
return server_mod.show_server_services(server_id)
else:
server_name = common.checkAjaxInput(request.form.get('changeServerServicesServer'))
server_services = json.loads(request.form.get('jsonDatas'))
return server_mod.change_server_services(server_id, server_name, server_services)
@bp.route('/firewall/<server_ip>')
def show_firewall(server_ip):
roxywi_auth.page_for_admin(level=2)
server_ip = common.is_ip_or_dns(server_ip)
return server_mod.show_firewalld_rules(server_ip)
@bp.post('/backup/create')
@bp.post('/backup/delete')
@bp.post('/backup/update')
def create_backup():
server = common.is_ip_or_dns(request.form.get('server'))
rpath = common.checkAjaxInput(request.form.get('rpath'))
time = common.checkAjaxInput(request.form.get('time'))
backup_type = common.checkAjaxInput(request.form.get('type'))
rserver = common.checkAjaxInput(request.form.get('rserver'))
cred = int(request.form.get('cred'))
deljob = common.checkAjaxInput(request.form.get('deljob'))
update = common.checkAjaxInput(request.form.get('backupupdate'))
description = common.checkAjaxInput(request.form.get('description'))
try:
return backup_mod.backup(server, rpath, time, backup_type, rserver, cred, deljob, update, description)
except Exception as e:
return str(e)
@bp.post('/s3backup/create')
@bp.post('/s3backup/delete')
def create_s3_backup():
server = common.is_ip_or_dns(request.form.get('s3_backup_server'))
s3_server = common.checkAjaxInput(request.form.get('s3_server'))
bucket = common.checkAjaxInput(request.form.get('s3_bucket'))
secret_key = common.checkAjaxInput(request.form.get('s3_secret_key'))
access_key = common.checkAjaxInput(request.form.get('s3_access_key'))
time = common.checkAjaxInput(request.form.get('time'))
deljob = common.checkAjaxInput(request.form.get('dels3job'))
description = common.checkAjaxInput(request.form.get('description'))
try:
return backup_mod.s3_backup(server, s3_server, bucket, secret_key, access_key, time, deljob, description)
except Exception as e:
return str(e)
@bp.post('/git/create')
@bp.post('/git/delete')
def create_git_backup():
server_id = request.form.get('server')
service_id = request.form.get('git_service')
git_init = request.form.get('git_init')
repo = request.form.get('git_repo')
branch = request.form.get('git_branch')
period = request.form.get('time')
cred = request.form.get('cred')
deljob = request.form.get('git_deljob')
description = request.form.get('description')
return backup_mod.git_backup(server_id, service_id, git_init, repo, branch, period, cred, deljob, description)

5
app/routes/service/__init__.py Normal file
View File

@ -0,0 +1,5 @@
from flask import Blueprint
bp = Blueprint('service', __name__)
from app.routes.service import routes

386
app/routes/service/routes.py Normal file
View File

@ -0,0 +1,386 @@
import os
import sys
from functools import wraps
import distro
from flask import render_template, request, redirect, url_for, abort
from flask_login import login_required
from app import app, login_manager, cache
from app.routes.service import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.server.server as server_mod
import modules.service.action as service_action
import modules.service.common as service_common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.roxywi.overview as roxy_overview
def check_services(fn):
@wraps(fn)
def decorated_view(*args, **kwargs):
service = kwargs['service']
if service not in ('haproxy', 'nginx', 'apache', 'keepalived'):
abort(400, 'bad service')
return fn(*args, **kwargs)
return decorated_view
@bp.before_request
@login_required
def before_request():
""" Protect all of the admin endpoints. """
pass
@bp.route('/<service>', defaults={'serv': None})
@bp.route('/<service>/<serv>')
@check_services
def services(service, serv):
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
services = []
servers: object
autorefresh = 0
waf_server = ''
cmd = "ps ax |grep -e 'keep_alive.py' |grep -v grep |wc -l"
keep_alive, stderr = server_mod.subprocess_execute(cmd)
service_desc = sql.select_service(service)
is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id)
if is_redirect != 'ok':
return redirect(url_for(f'{is_redirect}'))
if serv:
if roxywi_common.check_is_server_in_group(serv):
servers = sql.select_servers(server=serv)
autorefresh = 1
waf_server = sql.select_waf_servers(serv)
server_id = sql.select_server_id_by_ip(serv)
docker_settings = sql.select_docker_service_settings(server_id, service_desc.slug)
restart_settings = sql.select_restart_service_settings(server_id, service_desc.slug)
else:
raise Exception('error: wrong group')
else:
servers = roxywi_common.get_dick_permit(virt=1, service=service_desc.slug)
docker_settings = sql.select_docker_services_settings(service_desc.slug)
restart_settings = sql.select_restart_services_settings(service_desc.slug)
services_name = {'roxy-wi-checker': 'Master backends checker service',
'roxy-wi-keep_alive': 'Auto start service',
'roxy-wi-metrics': 'Master metrics service'}
for s, v in services_name.items():
if distro.id() == 'ubuntu':
if s == 'roxy-wi-keep_alive':
s = 'roxy-wi-keep-alive'
cmd = "apt list --installed 2>&1 |grep " + s
else:
cmd = "rpm --query " + s + "-* |awk -F\"" + s + "\" '{print $2}' |awk -F\".noa\" '{print $1}' |sed 's/-//1' |sed 's/-/./'"
service_ver, stderr = server_mod.subprocess_execute(cmd)
try:
services.append([s, service_ver[0]])
except Exception:
services.append([s, ''])
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
servers_with_status1 = []
out1 = ''
if len(servers) == 1:
serv = servers[0][2]
for s in servers:
servers_with_status = list()
servers_with_status.append(s[0])
servers_with_status.append(s[1])
servers_with_status.append(s[2])
servers_with_status.append(s[11])
if service == 'nginx':
h = (['', ''],)
cmd = [
"/usr/sbin/nginx -v 2>&1|awk '{print $3}' && systemctl status nginx |grep -e 'Active' |awk "
"'{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l"]
for service_set in docker_settings:
if service_set.server_id == s[0] and service_set.setting == 'dockerized' and service_set.value == '1':
container_name = sql.get_setting('nginx_container_name')
cmd = [
"docker exec -it " + container_name + " /usr/sbin/nginx -v 2>&1|awk '{print $3}' && "
"docker ps -a -f name=" + container_name + " --format '{{.Status}}'|tail -1 && ps ax |grep nginx:"
"|grep -v grep |wc -l"
]
try:
out = server_mod.ssh_command(s[2], cmd)
h = ()
out1 = []
for k in out.split():
out1.append(k)
h = (out1,)
servers_with_status.append(h)
servers_with_status.append(h)
servers_with_status.append(s[17])
except Exception:
servers_with_status.append(h)
servers_with_status.append(h)
servers_with_status.append(s[17])
elif service == 'keepalived':
h = (['', ''],)
cmd = [
"/usr/sbin/keepalived -v 2>&1|head -1|awk '{print $2}' && systemctl status keepalived |"
"grep -e 'Active' |awk '{print $2, $9$10$11$12$13}' && ps ax |grep keepalived|grep -v grep |wc -l"
]
try:
out = server_mod.ssh_command(s[2], cmd)
out1 = []
for k in out.split():
out1.append(k)
h = (out1,)
servers_with_status.append(h)
servers_with_status.append(h)
servers_with_status.append(s[22])
except Exception:
servers_with_status.append(h)
servers_with_status.append(h)
servers_with_status.append(s[22])
elif service == 'apache':
h = (['', ''],)
apache_stats_user = sql.get_setting('apache_stats_user')
apache_stats_password = sql.get_setting('apache_stats_password')
apache_stats_port = sql.get_setting('apache_stats_port')
apache_stats_page = sql.get_setting('apache_stats_page')
cmd = "curl -s -u %s:%s http://%s:%s/%s?auto |grep 'ServerVersion\|Processes\|ServerUptime:'" % (
apache_stats_user, apache_stats_password, s[2], apache_stats_port, apache_stats_page
)
try:
out = server_mod.subprocess_execute(cmd)
if out != '':
for k in out:
servers_with_status.append(k)
servers_with_status.append(s[22])
except Exception:
servers_with_status.append(h)
servers_with_status.append(h)
servers_with_status.append(s[22])
else:
cmd = 'echo "show info" |nc %s %s -w 1 -v|grep -e "Ver\|Uptime:\|Process_num"' % (s[2], haproxy_sock_port)
out = server_mod.subprocess_execute(cmd)
for k in out:
if "Connection refused" not in k:
out1 = out
else:
out1 = False
servers_with_status.append(out1)
servers_with_status.append(s[12])
servers_with_status.append(sql.is_master(s[2]))
servers_with_status.append(sql.select_servers(server=s[2]))
is_keepalived = sql.select_keepalived(s[2])
if is_keepalived:
try:
cmd = ['sudo kill -USR1 `cat /var/run/keepalived.pid` && sudo grep State /tmp/keepalived.data -m 1 |'
'awk -F"=" \'{print $2}\'|tr -d \'[:space:]\' && sudo rm -f /tmp/keepalived.data']
out = server_mod.ssh_command(s[2], cmd)
out1 = ('1', out)
servers_with_status.append(out1)
except Exception as e:
servers_with_status.append(str(e))
else:
servers_with_status.append('')
servers_with_status1.append(servers_with_status)
user_subscription = roxywi_common.return_user_subscription()
return render_template(
'hapservers.html', h2=1, autorefresh=autorefresh, role=user_params['role'], user=user, servers=servers_with_status1,
keep_alive=''.join(keep_alive), serv=serv, service=service, services=services, user_services=user_params['user_services'],
docker_settings=docker_settings, user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'],
waf_server=waf_server, restart_settings=restart_settings, service_desc=service_desc, token=user_params['token'],
lang=user_params['lang']
)
@bp.route('/action/check-service', methods=['POST'])
def check_service():
user_uuid = request.cookies.get('uuid')
server_ip = common.checkAjaxInput(request.form.get('server_ip'))
service = common.checkAjaxInput(request.form.get('service'))
return service_action.check_service(server_ip, user_uuid, service)
@bp.route('/action/<service>/<server_ip>/<action>', methods=['GET'])
@check_services
def action_service(service, server_ip, action):
server_ip = common.is_ip_or_dns(server_ip)
return service_action.common_action(server_ip, action, service)
@bp.route('/<service>/<server_ip>/last-edit')
def last_edit(service, server_ip):
return service_common.get_overview_last_edit(server_ip, service)
@bp.route('/cpu-ram-metrics/<server_ip>/<server_id>/<name>/<service>')
def cpu_ram_metrics(server_ip, server_id, name, service):
user_params = roxywi_common.get_users_params()
if service == 'haproxy':
cmd = 'echo "show info" |nc %s %s -w 1|grep -e "node\|Nbproc\|Maxco\|MB\|Nbthread"' % (server_ip, sql.get_setting('haproxy_sock_port'))
out = server_mod.subprocess_execute(cmd)
return_out = ""
for k in out:
if "Ncat:" not in k:
for r in k:
return_out += r
return_out += "\n"
else:
return_out = "Cannot connect to HAProxy"
else:
return_out = ''
server_status = (name, server_ip, return_out)
servers = []
user_id = request.cookies.get('uuid')
group_id = int(request.cookies.get('group'))
role = sql.get_user_role_by_uuid(user_id, group_id)
servers.append(server_status)
servers_sorted = sorted(servers, key=common.get_key)
return render_template('ajax/overviewServers.html', service_status=servers_sorted, role=role, id=server_id, service_page=service,
lang=user_params['lang'])
@bp.route('/haproxy/bytes', methods=['POST'])
def show_haproxy_bytes():
server_ip = common.is_ip_or_dns(request.form.get('showBytes'))
return roxy_overview.show_haproxy_binout(server_ip)
@bp.route('/nginx/connections', methods=['POST'])
def show_nginx_connections():
server_ip = common.is_ip_or_dns(request.form.get('nginxConnections'))
return roxy_overview.show_nginx_connections(server_ip)
@bp.route('/apache/bytes', methods=['POST'])
def show_apache_bytes():
server_ip = common.is_ip_or_dns(request.form.get('apachekBytes'))
return roxy_overview.show_apache_bytes(server_ip)
@bp.route('/keepalived/become-master', methods=['POST'])
@cache.cached()
def show_keepalived_become_master():
server_ip = common.is_ip_or_dns(request.form.get('keepalivedBecameMaster'))
return roxy_overview.keepalived_became_master(server_ip)
@bp.route('/<service>/backends/<server_ip>')
@cache.cached()
def show_service_backends(service, server_ip):
server_ip = common.is_ip_or_dns(server_ip)
return service_common.overview_backends(server_ip, service)
@bp.route('/position/<int:server_id>/<int:pos>')
def change_pos(server_id, pos):
return sql.update_server_pos(pos, server_id)
@bp.route('/haproxy/version/<server_ip>')
def get_haproxy_v(server_ip):
server_ip = common.is_ip_or_dns(server_ip)
return service_common.check_haproxy_version(server_ip)
@bp.route('/settings/<service>/<int:server_id>')
@check_services
def show_service_settings(service, server_id):
settings = sql.select_service_settings(server_id, service)
return render_template('ajax/service_settings.html', settings=settings, service=service)
@bp.post('/settings/<service>')
@check_services
def save_service_settings(service):
server_id = common.checkAjaxInput(request.form.get('serverSettingsSave'))
haproxy_enterprise = common.checkAjaxInput(request.form.get('serverSettingsEnterprise'))
service_dockerized = common.checkAjaxInput(request.form.get('serverSettingsDockerized'))
service_restart = common.checkAjaxInput(request.form.get('serverSettingsRestart'))
server_ip = sql.select_server_ip_by_id(server_id)
service_docker = f'Service {service.title()} has been flagged as a dockerized'
service_systemd = f'Service {service.title()} has been flagged as a system service'
disable_restart = f'Restart option is disabled for {service.title()} service'
enable_restart = f'Restart option is disabled for {service.title()} service'
if service == 'haproxy':
if sql.insert_or_update_service_setting(server_id, service, 'haproxy_enterprise', haproxy_enterprise):
if haproxy_enterprise == '1':
roxywi_common.logging(server_ip, 'Service has been flagged as an Enterprise version', roxywi=1, login=1,
keep_history=1, service=service)
else:
roxywi_common.logging(server_ip, 'Service has been flagged as a community version', roxywi=1, login=1,
keep_history=1, service=service)
if sql.insert_or_update_service_setting(server_id, service, 'dockerized', service_dockerized):
if service_dockerized == '1':
roxywi_common.logging(server_ip, service_docker, roxywi=1, login=1, keep_history=1, service=service)
else:
roxywi_common.logging(server_ip, service_systemd, roxywi=1, login=1, keep_history=1, service=service)
if sql.insert_or_update_service_setting(server_id, service, 'restart', service_restart):
if service_restart == '1':
roxywi_common.logging(server_ip, disable_restart, roxywi=1, login=1, keep_history=1, service=service)
else:
roxywi_common.logging(server_ip, enable_restart, roxywi=1, login=1, keep_history=1, service=service)
return 'ok'
@bp.post('/<service>/tools/update')
@check_services
def update_tools_enable(service):
server_id = request.form.get('server_id')
active = request.form.get('active')
name = request.form.get('name')
alert = request.form.get('alert_en')
metrics = request.form.get('metrics')
sql.update_hapwi_server(server_id, alert, metrics, active, service)
server_ip = sql.select_server_ip_by_id(server_id)
roxywi_common.logging(server_ip, f'The server {name} has been updated ', roxywi=1, login=1, keep_history=1,
service=service)
return 'ok'
@bp.route('/check-restart/<server_ip>')
def check_restart(server_ip):
server_ip = common.is_ip_or_dns(server_ip)
servers = roxywi_common.get_dick_permit(ip=server_ip)
for server in servers:
if server != "":
return 'ok'
return 'nothing'

5
app/routes/smon/__init__.py Normal file
View File

@ -0,0 +1,5 @@
from flask import Blueprint
bp = Blueprint('smon', __name__)
from app.routes.smon import routes

276
app/routes/smon/routes.py Normal file
View File

@ -0,0 +1,276 @@
import os
import sys
from pytz import timezone
from flask import render_template, request, redirect, url_for, jsonify
from flask_login import login_required
from datetime import datetime, timedelta
from app import app, login_manager
from app.routes.smon import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.tools.smon as smon_mod
@bp.before_request
@login_required
def before_request():
""" Protect all of the admin endpoints. """
pass
@bp.route('/dashboard')
def smon():
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
roxywi_common.check_user_group_for_flask()
user_group = roxywi_common.get_user_group(id=1)
smon = sql.smon_list(user_group)
smon_status, stderr = smon_mod.return_smon_status()
user_subscription = roxywi_common.return_user_subscription()
return render_template(
'smon/dashboard.html', h2=1, autorefresh=1, role=user_params['role'], user=user, group=user_group,
lang=user_params['lang'], smon_status=smon_status, smon_error=stderr, user_services=user_params['user_services'],
user_status=user_subscription['user_status'], smon=smon, user_plan=user_subscription['user_plan'], token=user_params['token']
)
@bp.route('/dashboard/<dashboard_id>/<check_id>')
def smon_dashboard(dashboard_id, check_id):
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
check_id = int(check_id)
roxywi_common.check_user_group_for_flask()
user_subscription = roxywi_common.return_user_subscription()
smon_name = sql.get_smon_service_name_by_id(dashboard_id)
check_interval = sql.get_setting('smon_check_interval')
smon = sql.select_one_smon(dashboard_id, check_id)
present = datetime.now(timezone('UTC'))
present = present.strftime('%b %d %H:%M:%S %Y %Z')
present = datetime.strptime(present, '%b %d %H:%M:%S %Y %Z')
cert_day_diff = 'N/A'
count_checks = sql.get_smon_history_count_checks(dashboard_id, check_id)
try:
uptime = round(count_checks['up'] * 100 / count_checks['total'], 2)
except Exception:
uptime = 0
try:
avg_res_time = round(sql.get_avg_resp_time(dashboard_id, check_id), 2)
except Exception:
avg_res_time = 0
try:
last_resp_time = round(sql.get_last_smon_res_time_by_check(dashboard_id, check_id), 2)
except Exception:
last_resp_time = 0
for s in smon:
if s.smon_id.ssl_expire_date is not None:
ssl_expire_date = datetime.strptime(s.smon_id.ssl_expire_date, '%Y-%m-%d %H:%M:%S')
cert_day_diff = (ssl_expire_date - present).days
return render_template(
'include/smon/smon_history.html', h2=1, autorefresh=1, role=user_params['role'], user=user, smon=smon,
lang=user_params['lang'],user_status=user_subscription['user_status'], check_interval=check_interval,
user_plan=user_subscription['user_plan'], token=user_params['token'], uptime=uptime, avg_res_time=avg_res_time,
user_services=user_params['user_services'], smon_name=smon_name, cert_day_diff=cert_day_diff, check_id=check_id,
dashboard_id=dashboard_id, last_resp_time=last_resp_time
)
@bp.route('/history')
def smon_history():
roxywi_common.check_user_group_for_flask()
user_group = roxywi_common.get_user_group(id=1)
smon_status, stderr = smon_mod.return_smon_status()
smon = sql.alerts_history('SMON', user_group)
user_subscription = roxywi_common.return_user_subscription()
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
return render_template(
'smon/history.html', h2=1, autorefresh=0, role=user_params['role'], user=user, smon=smon,
lang=user_params['lang'], user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'],
token=user_params['token'], smon_status=smon_status, smon_error=stderr, user_services=user_params['user_services']
)
@bp.route('/history/host/<server_ip>')
def smon_host_history(server_ip):
roxywi_common.check_user_group_for_flask()
needed_host = common.is_ip_or_dns(server_ip)
user_group = roxywi_common.get_user_group(id=1)
smon_status, stderr = smon_mod.return_smon_status()
smon = sql.alerts_history('SMON', user_group, host=needed_host)
user_subscription = roxywi_common.return_user_subscription()
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
return render_template(
'smon/history.html', h2=1, autorefresh=0, role=user_params['role'], user=user, smon=smon,
lang=user_params['lang'], user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'],
token=user_params['token'], smon_status=smon_status, smon_error=stderr, user_services=user_params['user_services']
)
@bp.route('/history/metric/<int:dashboard_id>/<int:check_id>')
def smon_history_metric(dashboard_id, check_id):
return jsonify(smon_mod.history_metrics(dashboard_id, check_id))
@bp.route('/history/statuses/<int:dashboard_id>/<int:check_id>')
def smon_history_statuses(dashboard_id, check_id):
return smon_mod.history_statuses(dashboard_id, check_id)
@bp.route('/history/cur_status/<int:dashboard_id>/<int:check_id>')
def smon_history_cur_status(dashboard_id, check_id):
return smon_mod.history_cur_status(dashboard_id, check_id)
@bp.route('/admin')
def smon_admin():
user_group = roxywi_common.get_user_group(id=1)
smon_status, stderr = smon_mod.return_smon_status()
telegrams = sql.get_user_telegram_by_group(user_group)
slacks = sql.get_user_slack_by_group(user_group)
pds = sql.get_user_pd_by_group(user_group)
smon = sql.select_smon(user_group)
smon_ping = sql.select_smon_ping(user_group)
smon_tcp = sql.select_smon_tcp(user_group)
smon_http = sql.select_smon_http(user_group)
smon_dns = sql.select_smon_dns(user_group)
roxywi_auth.page_for_admin(level=3)
user_subscription = roxywi_common.return_user_subscription()
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
return render_template(
'smon/add.html', h2=1, autorefresh=0, role=user_params['role'], user=user, smon=smon, lang=user_params['lang'],
user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], token=user_params['token'],
smon_status=smon_status, smon_error=stderr, user_services=user_params['user_services'], telegrams=telegrams,
slacks=slacks, pds=pds, smon_ping=smon_ping, smon_tcp=smon_tcp, smon_http=smon_http, smon_dns=smon_dns
)
@bp.post('/add')
def smon_add():
user_group = roxywi_common.get_user_group(id=1)
name = common.checkAjaxInput(request.form.get('newsmonname'))
hostname = common.checkAjaxInput(request.form.get('newsmon'))
port = common.checkAjaxInput(request.form.get('newsmonport'))
enable = common.checkAjaxInput(request.form.get('newsmonenable'))
url = common.checkAjaxInput(request.form.get('newsmonurl'))
body = common.checkAjaxInput(request.form.get('newsmonbody'))
group = common.checkAjaxInput(request.form.get('newsmongroup'))
desc = common.checkAjaxInput(request.form.get('newsmondescription'))
telegram = common.checkAjaxInput(request.form.get('newsmontelegram'))
slack = common.checkAjaxInput(request.form.get('newsmonslack'))
pd = common.checkAjaxInput(request.form.get('newsmonpd'))
check_type = common.checkAjaxInput(request.form.get('newsmonchecktype'))
resolver = common.checkAjaxInput(request.form.get('newsmonresserver'))
record_type = common.checkAjaxInput(request.form.get('newsmondns_record_type'))
packet_size = common.checkAjaxInput(request.form.get('newsmonpacket_size'))
http_method = common.checkAjaxInput(request.form.get('newsmon_http_method'))
lang = roxywi_common.get_user_lang()
try:
last_id = smon_mod.create_smon(
name, hostname, port, enable, url, body, group, desc, telegram, slack, pd, packet_size, check_type,
resolver, record_type, user_group, http_method
)
except Exception as e:
return str(e), 200
else:
if last_id:
smon = sql.select_smon_by_id(last_id)
pds = sql.get_user_pd_by_group(user_group)
slacks = sql.get_user_slack_by_group(user_group)
telegrams = sql.get_user_telegram_by_group(user_group)
smon_service = sql.select_smon_check_by_id(last_id, check_type)
return render_template(
'ajax/smon/show_new_smon.html', smon=smon, telegrams=telegrams, slacks=slacks, pds=pds, lang=lang,
check_type=check_type, smon_service=smon_service
)
@bp.post('/update/<smon_id>')
def smon_update(smon_id):
roxywi_common.check_user_group_for_flask()
name = common.checkAjaxInput(request.form.get('updateSmonName'))
ip = common.checkAjaxInput(request.form.get('updateSmonIp'))
port = common.checkAjaxInput(request.form.get('updateSmonPort'))
en = common.checkAjaxInput(request.form.get('updateSmonEn'))
url = common.checkAjaxInput(request.form.get('updateSmonUrl'))
body = common.checkAjaxInput(request.form.get('updateSmonBody'))
telegram = common.checkAjaxInput(request.form.get('updateSmonTelegram'))
slack = common.checkAjaxInput(request.form.get('updateSmonSlack'))
pd = common.checkAjaxInput(request.form.get('updateSmonPD'))
group = common.checkAjaxInput(request.form.get('updateSmonGroup'))
desc = common.checkAjaxInput(request.form.get('updateSmonDesc'))
check_type = common.checkAjaxInput(request.form.get('check_type'))
resolver = common.checkAjaxInput(request.form.get('updateSmonResServer'))
record_type = common.checkAjaxInput(request.form.get('updateSmonRecordType'))
packet_size = common.checkAjaxInput(request.form.get('updateSmonPacket_size'))
http_method = common.checkAjaxInput(request.form.get('updateSmon_http_method'))
if roxywi_common.check_user_group_for_flask():
try:
status = smon_mod.update_smon(
smon_id, name, ip, port, en, url, body, telegram, slack, pd, group, desc, check_type,
resolver, record_type, packet_size, http_method
)
except Exception as e:
return f'{e}', 200
else:
return status
@bp.route('/delete/<smon_id>')
def smon_delete(smon_id):
user_group = roxywi_common.get_user_group(id=1)
if roxywi_common.check_user_group_for_flask():
try:
status = smon_mod.delete_smon(smon_id, user_group)
except Exception as e:
return f'{e}', 200
else:
return status
@bp.post('/refresh')
def smon_show():
sort = common.checkAjaxInput(request.form.get('sort'))
return smon_mod.show_smon(sort)

5
app/routes/user/__init__.py Normal file
View File

@ -0,0 +1,5 @@
from flask import Blueprint
bp = Blueprint('user', __name__)
from app.routes.user import routes

149
app/routes/user/routes.py Normal file
View File

@ -0,0 +1,149 @@
import os
import sys
import json
from flask import render_template, request
from flask_login import login_required
from app import app, login_manager
from app.routes.user import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.user as roxywi_user
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
@bp.before_request
@login_required
def before_request():
""" Protect all of the admin endpoints. """
pass
@bp.post('/create')
def create_user():
roxywi_auth.page_for_admin(level=2)
email = common.checkAjaxInput(request.form.get('newemail'))
password = common.checkAjaxInput(request.form.get('newpassword'))
role = common.checkAjaxInput(request.form.get('newrole'))
new_user = common.checkAjaxInput(request.form.get('newusername'))
page = common.checkAjaxInput(request.form.get('page'))
activeuser = common.checkAjaxInput(request.form.get('activeuser'))
group = common.checkAjaxInput(request.form.get('newgroupuser'))
token = common.checkAjaxInput(request.form.get('token'))
lang = roxywi_common.get_user_lang_for_flask()
if not roxywi_common.check_user_group_for_flask(token=token):
return 'error: Wrong group'
if page == 'servers':
if roxywi_auth.is_admin(level=2, role_id=role):
roxywi_common.logging(new_user, ' tried to privilege escalation: user creation', roxywi=1, login=1)
return 'error: Wrong role'
if roxywi_user.create_user(new_user, email, password, role, activeuser, group):
return render_template(
'ajax/new_user.html', users=sql.select_users(user=new_user), groups=sql.select_groups(), page=page,
roles=sql.select_roles(), adding=1, lang=lang
)
@bp.post('/update')
def update_user():
roxywi_auth.page_for_admin(level=2)
email = request.form.get('email')
new_user = request.form.get('updateuser')
user_id = request.form.get('id')
enabled = request.form.get('activeuser')
group_id = int(request.form.get('usergroup'))
if roxywi_common.check_user_group_for_flask():
if request.form.get('role'):
role_id = int(request.form.get('role'))
if roxywi_auth.is_admin(level=role_id):
roxywi_user.update_user(email, new_user, user_id, enabled, group_id, role_id)
else:
roxywi_common.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1)
return 'error: dalsd'
else:
try:
sql.update_user_from_admin_area(new_user, email, user_id, enabled)
except Exception as e:
return f'error: Cannot update user: {e}'
roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1)
return 'ok'
@bp.route('/delete/<int:user_id>')
def delete_user(user_id):
roxywi_auth.page_for_admin(level=2)
try:
return roxywi_user.delete_user(user_id)
except Exception as e:
return f'error: {e}'
@bp.route('/ldap/<username>')
def get_ldap_email(username):
roxywi_auth.page_for_admin(level=2)
return roxywi_user.get_ldap_email(username)
@bp.post('/password')
def update_password():
password = request.form.get('updatepassowrd')
uuid = request.form.get('uuid')
user_id_from_get = request.form.get('id')
return roxywi_user.update_user_password(password, uuid, user_id_from_get)
@bp.route('/services/<int:user_id>', methods=['GET', 'POST'])
def show_user_services(user_id):
if request.method == 'GET':
return roxywi_user.get_user_services(user_id)
else:
user = common.checkAjaxInput(request.form.get('changeUserServicesUser'))
user_services = json.loads(request.form.get('jsonDatas'))
return roxywi_user.change_user_services(user, user_id, user_services)
@bp.route('/group/current')
def get_current_group():
uuid = request.cookies.get('uuid')
group = request.cookies.get('group')
return roxywi_user.get_user_active_group(uuid, group)
@bp.post('/group/change')
def change_current_group():
group_id = common.checkAjaxInput(request.form.get('changeUserCurrentGroupId'))
user_uuid = common.checkAjaxInput(request.form.get('changeUserGroupsUser'))
return roxywi_user.change_user_active_group(group_id, user_uuid)
@bp.route('/groups/<int:user_id>')
def show_user_groups_and_roles(user_id):
lang = roxywi_common.get_user_lang_for_flask()
return roxywi_user.show_user_groups_and_roles(user_id, lang)
@bp.post('/groups/save')
def change_user_groups_and_roles():
user = common.checkAjaxInput(request.form.get('changeUserGroupsUser'))
groups_and_roles = json.loads(request.form.get('jsonDatas'))
return roxywi_user.save_user_group_and_role(user, groups_and_roles)
@bp.route('/group/name/<int:group_id>')
def get_group_name_by_id(group_id):
return sql.get_group_name_by_id(group_id)

5
app/routes/waf/__init__.py Normal file
View File

@ -0,0 +1,5 @@
from flask import Blueprint
bp = Blueprint('waf', __name__)
from app.routes.waf import routes

219
app/routes/waf/routes.py Normal file
View File

@ -0,0 +1,219 @@
import os
import sys
from flask import render_template, request
from flask_login import login_required
from app import app, login_manager
from app.routes.waf import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
from modules.db.db_model import *
import modules.common.common as common
import modules.roxy_wi_tools as roxy_wi_tools
import modules.roxywi.waf as roxy_waf
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.config.config as config_mod
get_config = roxy_wi_tools.GetConfigVar()
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
@bp.route('/<service>')
@login_required
def waf(service):
roxywi_auth.page_for_admin(level=2)
manage_rules = ''
waf_rule_id = ''
config_file_name = ''
waf_rule_file = ''
config_read = ''
rules = ''
serv = ''
cfg = ''
user_params = roxywi_common.get_users_params()
if service == 'nginx':
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=2)
servers = roxywi_common.get_dick_permit(nginx=1)
else:
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1)
servers = user_params['servers']
title = "Web application firewall"
servers_waf = sql.select_waf_servers_metrics(user_params['user_uuid'])
autorefresh = 1
return render_template(
'waf.html',
h2=1, title=title, autorefresh=autorefresh, role=user_params['role'], user=user_params['user'], serv=serv,
servers=servers_waf,
servers_all=servers, manage_rules=manage_rules, rules=rules, user_services=user_params['user_services'],
waf_rule_file=waf_rule_file, waf_rule_id=waf_rule_id, config=config_read, cfg=cfg, token=user_params['token'],
config_file_name=config_file_name, service=service, lang=user_params['lang']
)
@bp.route('/<service>/<server_ip>/rules')
@login_required
def waf_rules(service, server_ip):
roxywi_auth.page_for_admin(level=2)
roxywi_common.check_is_server_in_group(server_ip)
manage_rules = '1'
waf_rule_id = ''
config_file_name = ''
waf_rule_file = ''
servers_waf = ''
config_read = ''
servers = ''
cfg = ''
user_params = roxywi_common.get_users_params()
title = "Manage rules - Web application firewall"
rules = sql.select_waf_rules(server_ip, service)
if service == 'nginx':
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=2)
else:
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1)
return render_template(
'waf.html',
h2=1, title=title, autorefresh=0, role=user_params['role'], user=user_params['user'], serv=server_ip,
servers=servers_waf,
servers_all=servers, manage_rules=manage_rules, rules=rules, user_services=user_params['user_services'],
waf_rule_file=waf_rule_file, waf_rule_id=waf_rule_id, config=config_read, cfg=cfg, token=user_params['token'],
config_file_name=config_file_name, service=service, lang=user_params['lang']
)
@bp.route('/<service>/<server_ip>/rule/<rule_id>')
@login_required
def waf_rule_edit(service, server_ip, rule_id):
roxywi_auth.page_for_admin(level=2)
roxywi_common.check_is_server_in_group(server_ip)
manage_rules = ''
servers_waf = ''
config_read = ''
servers = ''
user_params = roxywi_common.get_users_params()
rules = sql.select_waf_rules(server_ip, service)
if service == 'nginx':
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=2)
config_path = sql.get_setting('nginx_dir')
else:
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1)
config_path = sql.get_setting('haproxy_dir')
title = 'Edit a WAF rule'
waf_rule_file = sql.select_waf_rule_by_id(rule_id)
configs_dir = sql.get_setting('tmp_config_path')
cfg = f"{configs_dir}{server_ip}-{get_date.return_date('config')}-{waf_rule_file}"
error = config_mod.get_config(server_ip, cfg, waf=service, waf_rule_file=waf_rule_file)
config_file_name = common.return_nice_path(config_path) + 'waf/rules/' + waf_rule_file
try:
conf = open(cfg, "r")
config_read = conf.read()
conf.close()
except IOError:
print('Cannot read imported config file')
return render_template(
'waf.html',
h2=1, title=title, autorefresh=0, role=user_params['role'], user=user_params['user'], serv=server_ip,
servers=servers_waf,
servers_all=servers, manage_rules=manage_rules, rules=rules, user_services=user_params['user_services'],
waf_rule_file=waf_rule_file, waf_rule_id=rule_id, config=config_read, cfg=cfg, token=user_params['token'],
config_file_name=config_file_name, service=service, lang=user_params['lang']
)
@bp.route('/<service>/<server_ip>/rule/<rule_id>/save', methods=['POST'])
@login_required
def waf_save_config(service, server_ip, rule_id):
roxywi_auth.page_for_admin(level=2)
roxywi_common.check_is_server_in_group(server_ip)
configs_dir = sql.get_setting('tmp_config_path')
cfg = f"{configs_dir}{server_ip}-{get_date.return_date('config')}"
config_file_name = request.form.get('config_file_name')
config = request.form.get('config')
oldcfg = request.form.get('oldconfig')
save = request.form.get('save')
try:
with open(cfg, "a") as conf:
conf.write(config)
except IOError:
print("error: Cannot read imported config file")
stderr = config_mod.master_slave_upload_and_restart(server_ip, cfg, save, 'waf', oldcfg=oldcfg, config_file_name=config_file_name)
config_mod.diff_config(oldcfg, cfg)
try:
os.system(f"/bin/rm -f {configs_dir}*.old")
except Exception as e:
return f'error: {e}'
if stderr:
return stderr
return
@bp.route('/<server_ip>/rule/<int:rule_id>/<int:enable>')
@login_required
def enable_rule(server_ip, rule_id, enable):
server_ip = common.is_ip_or_dns(server_ip)
return roxy_waf.switch_waf_rule(server_ip, enable, rule_id)
@bp.route('/<service>/<server_ip>/rule/create', methods=['POST'])
@login_required
def create_rule(service, server_ip):
if service not in ('haproxy', 'nginx'):
return 'error: Wrong service'
server_ip = common.is_ip_or_dns(server_ip)
return roxy_waf.create_waf_rule(server_ip, service)
@bp.route('/<service>/mode/<server_name>/<waf_mode>')
@login_required
def change_waf_mode(service, server_name, waf_mode):
if service not in ('haproxy', 'nginx'):
return 'error: Wrong service'
server_name = common.checkAjaxInput(server_name)
waf_mode = common.checkAjaxInput(waf_mode)
return roxy_waf.change_waf_mode(waf_mode, server_name, service)
@bp.route('/overview/<service>/<server_ip>')
@login_required
def overview_waf(service, server_ip):
server_ip = common.is_ip_or_dns(server_ip)
if service not in ('haproxy', 'nginx'):
return 'error: Wrong service'
return roxy_waf.waf_overview(server_ip, service)
@bp.route('/metric/enable/<int:enable>/<server_name>')
@login_required
def enable_metric(enable, server_name):
server_name = common.checkAjaxInput(server_name)
return sql.update_waf_metrics_enable(server_name, enable)

33
app/runtimeapi.py
View File

@ -1,33 +0,0 @@
#!/usr/bin/env python3
import sys
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('runtimeapi.html')
print('Content-type: text/html\n')
user_params = roxywi_common.get_users_params(virt=1, haproxy=1)
try:
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1)
except Exception as e:
print(f'error {e}')
sys.exit()
form = common.form
servbackend = form.getvalue('servbackend')
serv = form.getvalue('serv')
if servbackend is None:
servbackend = ""
rendered_template = template.render(
h2=1, title="RunTime API", role=user_params['role'], user=user_params['user'], select_id="serv",
selects=user_params['servers'], token=user_params['token'], user_services=user_params['user_services'],
servbackend=servbackend, lang=user_params['lang']
)
print(rendered_template)

7
app/scripts/backup.sh
View File

@ -12,8 +12,8 @@ do
SERVER) SERVER=${VALUE} ;;
USER) USER=${VALUE} ;;
KEY) KEY=${VALUE} ;;
DELJOB) DELJOB=${VALUE} ;;
SSH_PORT) SSH_PORT=${VALUE} ;;
DELJOB) DELJOB=${VALUE} ;;
SSH_PORT) SSH_PORT=${VALUE} ;;
*)
esac
done
@ -24,8 +24,7 @@ export ACTION_WARNINGS=False
export LOCALHOST_WARNING=False
export COMMAND_WARNINGS=False
PWD=`pwd`
PWD=$PWD/scripts/ansible/
PWD=/var/www/haproxy-wi/app/scripts/ansible/
echo '[backup]' > $PWD/$HOST
echo "$HOST ansible_port=$SSH_PORT" >> $PWD/$HOST
echo '[haproxy_wi]' >> $PWD/$HOST

4
app/scripts/git_backup.sh
View File

@ -27,11 +27,9 @@ export ACTION_WARNINGS=False
export LOCALHOST_WARNING=False
export COMMAND_WARNINGS=False
PWD=`pwd`
PWD=$PWD/scripts/ansible/
PWD=/var/www/haproxy-wi/app/scripts/ansible/
echo "$HOST ansible_port=$SSH_PORT" >> $PWD/$HOST
ansible-playbook $PWD/roles/git_backup.yml --key-file $KEY -e "ansible_user=$USER variable_host=$HOST DELJOB=$DELJOB SERVICE=$SERVICE INIT=$INIT REPO=$REPO BRANCH=$BRANCH PERIOD=$PERIOD CONFIG_DIR=$CONFIG_DIR PROXY=$PROXY KEY=$KEY" -i $PWD/$HOST
if [ $? -gt 0 ]

3
app/scripts/install_apache.sh
View File

@ -36,8 +36,7 @@ export ACTION_WARNINGS=False
export LOCALHOST_WARNING=False
export COMMAND_WARNINGS=False
PWD=`pwd`
PWD=$PWD/scripts/ansible/
PWD=/var/www/haproxy-wi/app/scripts/ansible/
echo "$HOST ansible_port=$SSH_PORT" > $PWD/$HOST
if [[ $KEY == "" ]]; then

3
app/scripts/install_apache_exporter.sh
View File

@ -27,8 +27,7 @@ export ACTION_WARNINGS=False
export LOCALHOST_WARNING=False
export COMMAND_WARNINGS=False
PWD=`pwd`
PWD=$PWD/scripts/ansible/
PWD=/var/www/haproxy-wi/app/scripts/ansible/
echo "$HOST ansible_port=$SSH_PORT" > $PWD/$HOST
if [[ $KEY == "" ]]; then

3
app/scripts/install_grafana.sh
View File

@ -32,8 +32,7 @@ export ACTION_WARNINGS=False
export LOCALHOST_WARNING=False
export COMMAND_WARNINGS=False
PWD=`pwd`
PWD=$PWD/scripts/ansible/
PWD=/var/www/haproxy-wi/app/scripts/ansible/
ansible-playbook $PWD/roles/grafana.yml -e "PROXY=$PROXY"

3
app/scripts/install_haproxy_exporter.sh
View File

@ -38,8 +38,7 @@ export ANSIBLE_HOST_KEY_CHECKING=False
export ANSIBLE_DISPLAY_SKIPPED_HOSTS=False
export ACTION_WARNINGS=False
export ANSIBLE_DEPRECATION_WARNINGS=False
PWD=$(pwd)
PWD=$PWD/scripts/ansible/
PWD=/var/www/haproxy-wi/app/scripts/ansible/
echo "$HOST ansible_port=$SSH_PORT" > "$PWD"/"$HOST"
if [[ $KEY == "" ]]; then

3
app/scripts/install_haproxy_geoip.sh
View File

@ -24,8 +24,7 @@ export ACTION_WARNINGS=False
export LOCALHOST_WARNING=False
export COMMAND_WARNINGS=False
PWD=$(pwd)
PWD=$PWD/scripts/ansible/
PWD=/var/www/haproxy-wi/app/scripts/ansible/
echo "$HOST ansible_port=$SSH_PORT" > $PWD/$HOST
if [[ $maxmind_key == "" ]]; then

3
app/scripts/install_keepalived_exporter.sh
View File

@ -23,8 +23,7 @@ export ACTION_WARNINGS=False
export LOCALHOST_WARNING=False
export COMMAND_WARNINGS=False
PWD=`pwd`
PWD=$PWD/scripts/ansible/
PWD=/var/www/haproxy-wi/app/scripts/ansible/
echo "$HOST ansible_port=$SSH_PORT" > $PWD/$HOST
if [[ $KEY == "" ]]; then

3
app/scripts/install_nginx_exporter.sh
View File

@ -40,8 +40,7 @@ export ACTION_WARNINGS=False
export LOCALHOST_WARNING=False
export COMMAND_WARNINGS=False
PWD=`pwd`
PWD=$PWD/scripts/ansible/
PWD=/var/www/haproxy-wi/app/scripts/ansible/
echo "$HOST ansible_port=$SSH_PORT" > $PWD/$HOST
if [[ $KEY == "" ]]; then

3
app/scripts/install_nginx_geoip.sh
View File

@ -24,8 +24,7 @@ export ACTION_WARNINGS=False
export LOCALHOST_WARNING=False
export COMMAND_WARNINGS=False
PWD=$(pwd)
PWD=$PWD/scripts/ansible/
PWD=/var/www/haproxy-wi/app/scripts/ansible/
echo "$HOST ansible_port=$SSH_PORT" > $PWD/$HOST
if [[ $maxmind_key == "" ]]; then

3
app/scripts/install_node_exporter.sh
View File

@ -23,8 +23,7 @@ export ACTION_WARNINGS=False
export LOCALHOST_WARNING=False
export COMMAND_WARNINGS=False
PWD=`pwd`
PWD=$PWD/scripts/ansible/
PWD=/var/www/haproxy-wi/app/scripts/ansible/
echo "$HOST ansible_port=$SSH_PORT" > $PWD/$HOST
if [[ $KEY == "" ]]; then

3
app/scripts/letsencrypt.sh
View File

@ -25,8 +25,7 @@ export ACTION_WARNINGS=False
export LOCALHOST_WARNING=False
export COMMAND_WARNINGS=False
PWD=`pwd`
PWD=$PWD/scripts/ansible/
PWD=/var/www/haproxy-wi/app/scripts/ansible/
echo "$HOST ansible_port=$SSH_PORT" > $PWD/$HOST
if [[ $KEY == "" ]]; then

3
app/scripts/s3_backup.sh
View File

@ -22,8 +22,7 @@ export ACTION_WARNINGS=False
export LOCALHOST_WARNING=False
export COMMAND_WARNINGS=False
PWD=`pwd`
PWD=$PWD/scripts/ansible/
PWD=/var/www/haproxy-wi/app/scripts/ansible/
ansible-playbook $PWD/roles/s3_backup.yml -e "SERVER=$SERVER S3_SERVER=$S3_SERVER BUCKET=$BUCKET SECRET_KEY=$SECRET_KEY ACCESS_KEY=$ACCESS_KEY TIME=$TIME" -t $TAG -i $PWD/$HOST

3
app/scripts/waf.sh
View File

@ -31,8 +31,7 @@ export ACTION_WARNINGS=False
export LOCALHOST_WARNING=False
export COMMAND_WARNINGS=False
PWD=$(pwd)
PWD=$PWD/scripts/ansible/
PWD=/var/www/haproxy-wi/app/scripts/ansible/
echo "$HOST ansible_port=$SSH_PORT" > $PWD/$HOST
if [[ $KEY == "" ]]; then

3
app/scripts/waf_nginx.sh
View File

@ -24,8 +24,7 @@ export ACTION_WARNINGS=False
export LOCALHOST_WARNING=False
export COMMAND_WARNINGS=False
PWD=$(pwd)
PWD=$PWD/scripts/ansible/
PWD=/var/www/haproxy-wi/app/scripts/ansible/
echo "$HOST ansible_port=$SSH_PORT" > $PWD/$HOST
if [[ $KEY == "" ]]; then

115
app/sections.py
View File

@ -1,115 +0,0 @@
#!/usr/bin/env python3
import os
import sys
from jinja2 import Environment, FileSystemLoader
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.config.section as section_mod
import modules.config.config as config_mod
import modules.roxy_wi_tools as roxy_wi_tools
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
get_config_var = roxy_wi_tools.GetConfigVar()
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True, extensions=['jinja2.ext.loopcontrols'])
template = env.get_template('sections.html')
print('Content-type: text/html\n')
user_params = roxywi_common.get_users_params()
try:
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1)
except Exception as e:
print(f'error {e}')
sys.exit()
form = common.form
serv = form.getvalue('serv')
section = form.getvalue('section')
is_serv_protected = sql.is_serv_protected(serv)
sections = ""
config_read = ""
cfg = ""
stderr = ""
error = ""
aftersave = ""
start_line = ""
end_line = ""
warning = ''
is_restart = ''
hap_configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')
if serv is not None and open is not None:
cfg = f"{hap_configs_dir}{serv}-{get_date.return_date('config')}.cfg"
error = config_mod.get_config(serv, cfg)
sections = section_mod.get_sections(cfg)
if serv is not None and section is not None:
try:
roxywi_common.logging(serv, "sections.py open config")
except Exception:
pass
start_line, end_line, config_read = section_mod.get_section_from_config(cfg, section)
server_id = sql.select_server_id_by_ip(serv)
is_restart = sql.select_service_setting(server_id, 'haproxy', 'restart')
os.system(f"/bin/mv {cfg} {cfg}.old")
if serv is not None and form.getvalue('config') is not None:
try:
roxywi_common.logging(serv, "sections.py edited config")
except Exception:
pass
config = form.getvalue('config')
oldcfg = form.getvalue('oldconfig')
save = form.getvalue('save')
start_line = form.getvalue('start_line')
end_line = form.getvalue('end_line')
aftersave = 1
if save == 'delete':
config = ''
save = 'reload'
config = section_mod.rewrite_section(start_line, end_line, oldcfg, config)
try:
with open(cfg, "w") as conf:
conf.write(config)
except IOError:
error = "Can't read import config file"
stderr = config_mod.master_slave_upload_and_restart(serv, cfg, just_save=save, oldcfg=oldcfg)
if "is valid" in stderr:
warning = stderr
stderr = ''
config_mod.diff_config(oldcfg, cfg)
os.system(f"/bin/rm -f {hap_configs_dir}*.old")
if user_params['lang'] == 'ru':
title = 'Работа с секциями HAProxy'
elif user_params['lang'] == 'fr':
title = 'Utilisation des sections de configuration HAProxy'
else:
title = 'Working with HAProxy config sections'
rendered_template = template.render(
h2=1, title=title, role=user_params['role'], action="sections.py", user=user_params['user'],
select_id="serv", serv=serv, aftersave=aftersave, config=config_read, cfg=cfg, selects=user_params['servers'],
stderr=stderr, error=error, start_line=start_line, end_line=end_line, section=section, sections=sections,
is_serv_protected=is_serv_protected, user_services=user_params['user_services'], token=user_params['token'],
warning=warning, is_restart=is_restart, lang=user_params['lang']
)
print(rendered_template)

60
app/servers.py
View File

@ -1,60 +0,0 @@
#!/usr/bin/env python3
import sys
import pytz
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader
env = Environment(extensions=["jinja2.ext.do"], loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('servers.html')
form = common.form
print('Content-type: text/html\n')
user_params = roxywi_common.get_users_params()
try:
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'])
except Exception:
print('error: your session is expired')
sys.exit()
roxywi_auth.page_for_admin(level=2)
ldap_enable = sql.get_setting('ldap_enable')
user_group = roxywi_common.get_user_group(id=1)
settings = sql.get_setting('', all=1)
geoip_country_codes = sql.select_geoip_country_codes()
services = sql.select_services()
gits = sql.select_gits()
servers = roxywi_common.get_dick_permit(virt=1, disable=0, only_group=1)
masters = sql.select_servers(get_master_servers=1, uuid=user_params['user_uuid'].value)
is_needed_tool = common.is_tool('ansible')
user_roles = sql.select_user_roles_by_group(user_group)
backups = sql.select_backups()
s3_backups = sql.select_s3_backups()
try:
user_subscription = roxywi_common.return_user_status()
except Exception as e:
user_subscription = roxywi_common.return_unsubscribed_user_status()
roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
if user_params['lang'] == 'ru':
title = 'Сервера: '
else:
title = "Servers: "
rendered_template = template.render(
h2=1, title=title, role=user_params['role'], user=user_params['user'], users=sql.select_users(group=user_group),
groups=sql.select_groups(), servers=servers, roles=sql.select_roles(), sshs=sql.select_ssh(group=user_group),
masters=masters, group=user_group, services=services, timezones=pytz.all_timezones, guide_me=1,
token=user_params['token'], settings=settings, backups=backups, s3_backups=s3_backups, page="servers.py",
geoip_country_codes=geoip_country_codes, user_services=user_params['user_services'], ldap_enable=ldap_enable,
user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], gits=gits,
is_needed_tool=is_needed_tool, lang=user_params['lang'], user_roles=user_roles
)
print(rendered_template)

143
app/smon.py
View File

@ -1,143 +0,0 @@
#!/usr/bin/env python3
import sys
from datetime import datetime
from pytz import timezone
from jinja2 import Environment, FileSystemLoader
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.server.server as server_mod
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('smon.html')
print('Content-type: text/html\n')
user_params = roxywi_common.get_users_params()
try:
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'])
except Exception as e:
print(f'error {e}')
sys.exit()
roxywi_common.check_user_group()
form = common.form
action = form.getvalue('action')
sort = form.getvalue('sort')
autorefresh = 0
lang = user_params['lang']
telegrams = ''
slacks = ''
pds = ''
user_group = roxywi_common.get_user_group(id=1)
cmd = "systemctl is-active roxy-wi-smon"
smon_status, stderr = server_mod.subprocess_execute(cmd)
smon_statuses = ''
smon_ping = ''
smon_tcp = ''
smon_http = ''
smon_dns = ''
smon = ''
try:
user_subscription = roxywi_common.return_user_status()
except Exception as e:
user_subscription = roxywi_common.return_unsubscribed_user_status()
roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
if action == 'add':
telegrams = sql.get_user_telegram_by_group(user_group)
slacks = sql.get_user_slack_by_group(user_group)
pds = sql.get_user_pd_by_group(user_group)
smon = sql.select_smon(user_group)
smon_ping = sql.select_smon_ping(user_group)
smon_tcp = sql.select_smon_tcp(user_group)
smon_http = sql.select_smon_http(user_group)
smon_dns = sql.select_smon_dns(user_group)
roxywi_auth.page_for_admin(level=3)
if lang == 'ru':
title = "SMON: Админка"
elif lang == 'fr':
title = "SMON: Administratrice"
else:
title = "SMON: Admin"
elif action == 'history':
if form.getvalue('host'):
needed_host = common.is_ip_or_dns(form.getvalue('host'))
smon = sql.alerts_history('SMON', user_group, host=needed_host)
else:
smon = sql.alerts_history('SMON', user_group)
if lang == 'ru':
title = "SMON: История"
elif lang == 'fr':
title = "SMON: Histoire"
else:
title = "SMON: History"
elif action == 'checker_history':
smon = sql.alerts_history('Checker', user_group)
if lang == 'ru':
title = "Checker: История"
elif lang == 'fr':
title = "Checker: Histoire"
else:
title = "Checker: History"
elif action == 'dashboard':
dashboard_id = int(form.getvalue('dashboard_id'))
check_id = int(form.getvalue('check_id'))
smon_name = sql.get_smon_service_name_by_id(dashboard_id)
check_interval = sql.get_setting('smon_check_interval')
smon = sql.select_one_smon(dashboard_id, check_id)
present = datetime.now(timezone('UTC'))
present = present.strftime('%b %d %H:%M:%S %Y %Z')
present = datetime.strptime(present, '%b %d %H:%M:%S %Y %Z')
cert_day_diff = 'N/A'
count_checks = sql.get_smon_history_count_checks(dashboard_id, check_id)
try:
uptime = round(count_checks['up'] * 100 / count_checks['total'], 2)
except Exception:
uptime = 0
try:
avg_res_time = round(sql.get_avg_resp_time(dashboard_id, check_id), 2)
except Exception:
avg_res_time = 0
try:
last_resp_time = round(sql.get_last_smon_res_time_by_check(dashboard_id, check_id), 2)
except Exception:
last_resp_time = 0
template = env.get_template('include/smon/smon_history.html')
for s in smon:
if s.smon_id.ssl_expire_date is not None:
ssl_expire_date = datetime.strptime(s.smon_id.ssl_expire_date, '%Y-%m-%d %H:%M:%S')
cert_day_diff = (ssl_expire_date - present).days
rendered_template = template.render(
h2=1, autorefresh=1, role=user_params['role'], user=user_params['user'], smon=smon, group=user_group, lang=lang,
user_status=user_subscription['user_status'], check_interval=check_interval, user_plan=user_subscription['user_plan'],
token=user_params['token'], uptime=uptime, user_services=user_params['user_services'], avg_res_time=avg_res_time,
smon_name=smon_name, cert_day_diff=cert_day_diff, check_id=check_id, dashboard_id=dashboard_id, last_resp_time=last_resp_time
)
print(rendered_template)
sys.exit()
else:
smon = sql.smon_list(user_group)
if lang == 'ru':
title = "SMON: Дашборд"
elif lang == 'fr':
title = "SMON: Tableau de bord"
else:
title = "SMON: Dashboard"
autorefresh = 1
rendered_template = template.render(
h2=1, title=title, autorefresh=autorefresh, role=user_params['role'], user=user_params['user'], group=user_group,
telegrams=telegrams, slacks=slacks, pds=pds, lang=lang, smon=smon, smon_status=smon_status, smon_error=stderr,
action=action, sort=sort, user_services=user_params['user_services'], user_status=user_subscription['user_status'],
user_plan=user_subscription['user_plan'], token=user_params['token'], smon_ping=smon_ping, smon_tcp=smon_tcp,
smon_http=smon_http, smon_dns=smon_dns
)
print(rendered_template)

0
inc/images/favicon/android-icon-144x144.png → app/static/images/favicon/android-icon-144x144.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 16 KiB

After

Width:  |  Height:  |  Size: 16 KiB

0
inc/images/favicon/android-icon-192x192.png → app/static/images/favicon/android-icon-192x192.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 22 KiB

After

Width:  |  Height:  |  Size: 22 KiB

Some files were not shown because too many files have changed in this diff Show More