v6.3.1.0

Changelog: https://roxy-wi.org/changelog#6_3_1

app/create_db.py

@@ -966,7 +966,7 @@ def update_db_v_6_2_1():
 
 def update_ver():
 	try:
-		Version.update(version='6.3.0.0').execute()
+		Version.update(version='6.3.1.0').execute()
 	except Exception:
 		print('Cannot update version')
 

app/ha.py

@@ -24,6 +24,7 @@ except Exception as e:
 	sys.exit()
 
 roxywi_auth.page_for_admin(level=2)
+is_needed_tool = common.is_tool('ansible')
 
 try:
 	user_subscription = roxywi_common.return_user_status()
@@ -34,6 +35,6 @@ except Exception as e:
 parsed_template = template.render(
 	h2=1, title=title, role=user_params['role'], user=user_params['user'], serv=serv, selects=user_params['servers'],
 	user_services=user_params['user_services'], user_status=user_subscription['user_status'],
-	user_plan=user_subscription['user_plan'], token=user_params['token']
+	user_plan=user_subscription['user_plan'], is_needed_tool=is_needed_tool, token=user_params['token']
 )
 print(parsed_template)

app/modules/common/common.py

@@ -62,3 +62,10 @@ def string_to_dict(dict_string) -> dict:
 
 def get_key(item):
 	return item[0]
+
+
+def is_tool(name):
+	from shutil import which
+	is_tool_installed = which(name)
+
+	return True if is_tool_installed is not None else False

app/modules/config/config.py

@@ -3,11 +3,13 @@ import re
 import http.cookies
 
 import modules.db.sql as sql
+import modules.common.common as common
 import modules.server.server as server_mod
 import modules.roxywi.common as roxywi_common
 import modules.roxy_wi_tools as roxy_wi_tools
 from modules.service.common import is_not_allowed_to_restart, get_correct_apache_service_name
 
+form = common.form
 time_zone = sql.get_setting('time_zone')
 get_date = roxy_wi_tools.GetDate(time_zone)
 get_config_var = roxy_wi_tools.GetConfigVar()
@@ -372,3 +374,74 @@ def get_userlists(config):
 				return_config += line + ','
 
 	return return_config
+
+
+def get_ssl_cert(server_ip: str) -> None:
+	cert_id = common.checkAjaxInput(form.getvalue('getcert'))
+
+	cert_path = sql.get_setting('cert_path')
+	commands = [f"openssl x509 -in {cert_path}/{cert_id} -text"]
+	try:
+		server_mod.ssh_command(server_ip, commands, ip="1")
+	except Exception as e:
+		print(f'error: Cannot connect to the server {e.args[0]}')
+
+
+def get_ssl_certs(server_ip: str) -> None:
+	cert_path = sql.get_setting('cert_path')
+	commands = [f"sudo ls -1t {cert_path} |grep -E 'pem|crt|key'"]
+	try:
+		server_mod.ssh_command(server_ip, commands, ip="1")
+	except Exception as e:
+		print(f'error: Cannot connect to the server: {e.args[0]}')
+
+
+def del_ssl_cert(server_ip: str) -> None:
+	cert_id = form.getvalue('delcert')
+	cert_id = common.checkAjaxInput(cert_id)
+	cert_path = sql.get_setting('cert_path')
+	commands = [f"sudo rm -f {cert_path}/{cert_id}"]
+	try:
+		server_mod.ssh_command(server_ip, commands, ip="1")
+	except Exception as e:
+		print(f'error: Cannot delete the certificate {e.args[0]}')
+
+
+def upload_ssl_cert(server_ip: str) -> None:
+	cert_local_dir = f"{os.path.dirname(os.getcwd())}/{sql.get_setting('ssl_local_path')}"
+	cert_path = sql.get_setting('cert_path')
+	name = ''
+
+	if not os.path.exists(cert_local_dir):
+		os.makedirs(cert_local_dir)
+
+	if form.getvalue('ssl_name') is None:
+		print('error: Please enter a desired name')
+	else:
+		name = f"{common.checkAjaxInput(form.getvalue('ssl_name'))}.pem"
+
+	try:
+		with open(name, "w") as ssl_cert:
+			ssl_cert.write(form.getvalue('ssl_cert'))
+	except IOError as e:
+		print(f'error: Cannot save the SSL key file: {e.args[0]}')
+		sys.exit()
+
+	masters = sql.is_master(server_ip)
+	for master in masters:
+		if master[0] is not None:
+			error = upload(master[0], cert_path, name)
+			if not error:
+				print(f'success: the SSL file has been uploaded to {master[0]} into: {cert_path}/{name} <br/>')
+	try:
+		error = upload(server_ip, cert_path, name)
+		if not error:
+			print(f'success: the SSL file has been uploaded to {server_ip} into: {cert_path}/{name}')
+	except Exception as e:
+		roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1)
+	try:
+		os.rename(name, cert_local_dir)
+	except OSError as e:
+		roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1)
+
+	roxywi_common.logging(server_ip, f"add.py#ssl uploaded a new SSL cert {name}", roxywi=1, login=1)

app/modules/config/runtime.py

@@ -218,3 +218,152 @@ def table_select():
 		template = template.render(tables_head=tables_head, table=table)
 
 	print(template)
+
+
+def delete_ip_from_stick_table() -> None:
+	haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+	ip = common.checkAjaxInput(form.getvalue('ip_for_delete'))
+	table = common.checkAjaxInput(form.getvalue('table_for_delete'))
+
+	cmd = f'echo "clear table {table} key {ip}" |nc {serv} {haproxy_sock_port}'
+	output, stderr = server_mod.subprocess_execute(cmd)
+	if stderr[0] != '':
+		print('error: ' + stderr[0])
+
+
+def clear_stick_table() -> None:
+	haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+	table = common.checkAjaxInput(form.getvalue('table_for_clear'))
+
+	cmd = f'echo "clear table {table} " |nc {serv} {haproxy_sock_port}'
+	output, stderr = server_mod.subprocess_execute(cmd)
+	if stderr[0] != '':
+		print('error: ' + stderr[0])
+
+
+def list_of_lists() -> None:
+	haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+	cmd = f'echo "show acl"|nc {serv} {haproxy_sock_port} |grep "loaded from" |awk \'{{print $1,$2}}\''
+	output, stderr = server_mod.subprocess_execute(cmd)
+	print(output)
+
+
+def show_lists() -> None:
+	from jinja2 import Environment, FileSystemLoader
+	env = Environment(loader=FileSystemLoader('templates/'), autoescape=True,
+					  extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'], trim_blocks=True, lstrip_blocks=True)
+	template = env.get_template('ajax/list.html')
+	list_id = common.checkAjaxInput(form.getvalue('list_select_id'))
+	list_name = common.checkAjaxInput(form.getvalue('list_select_name'))
+
+	haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+	cmd = f'echo "show acl #{list_id}"|nc {serv} {haproxy_sock_port}'
+	output, stderr = server_mod.subprocess_execute(cmd)
+
+	template = template.render(list=output, list_id=list_id, list_name=list_name)
+	print(template)
+
+
+def delete_ip_from_list() -> None:
+	haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+	lists_path = sql.get_setting('lists_path')
+	lib_path = get_config.get_config_var('main', 'lib_path')
+	ip_id = common.checkAjaxInput(form.getvalue('list_ip_id_for_delete'))
+	ip = common.is_ip_or_dns(form.getvalue('list_ip_for_delete'))
+	list_id = common.checkAjaxInput(form.getvalue('list_id_for_delete'))
+	list_name = common.checkAjaxInput(form.getvalue('list_name'))
+	user_group = roxywi_common.get_user_group(id=1)
+	cmd = f"sed -i 's!{ip}$!!' {lib_path}/{lists_path}/{user_group}/{list_name}"
+	cmd1 = f"sed -i '/^$/d' {lib_path}/{lists_path}/{user_group}/{list_name}"
+	output, stderr = server_mod.subprocess_execute(cmd)
+	output1, stderr1 = server_mod.subprocess_execute(cmd1)
+	if output:
+		print(f'error: {output}')
+	if stderr:
+		print(f'error: {stderr}')
+	if output1:
+		print(f'error: {output1}')
+	if stderr1:
+		print(f'error: {stderr}')
+
+	cmd = f'echo "del acl #{list_id} #{ip_id}" |nc {serv} {haproxy_sock_port}'
+	output, stderr = server_mod.subprocess_execute(cmd)
+	if output[0] != '':
+		print(f'error: {output[0]}')
+	if stderr != '':
+		print(f'error: {stderr[0]}')
+
+	roxywi_common.logging(serv, f'{ip_id} has been delete from list {list_id}', login=1, keep_history=1,
+						  service='haproxy')
+
+
+def add_ip_to_list() -> None:
+	haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+	lists_path = sql.get_setting('lists_path')
+	lib_path = get_config.get_config_var('main', 'lib_path')
+	ip = form.getvalue('list_ip_for_add')
+	ip = ip.strip()
+	ip = common.is_ip_or_dns(ip)
+	list_id = common.checkAjaxInput(form.getvalue('list_id_for_add'))
+	list_name = common.checkAjaxInput(form.getvalue('list_name'))
+	user_group = roxywi_common.get_user_group(id=1)
+	cmd = f'echo "add acl #{list_id} {ip}" |nc {serv} {haproxy_sock_port}'
+	output, stderr = server_mod.subprocess_execute(cmd)
+	if output[0]:
+		print(f'error: {output[0]}')
+	if stderr:
+		print(f'error: {stderr[0]}')
+
+	if 'is not a valid IPv4 or IPv6 address' not in output[0]:
+		cmd = f'echo "{ip}" >> {lib_path}/{lists_path}/{user_group}/{list_name}'
+		output, stderr = server_mod.subprocess_execute(cmd)
+		if output:
+			print(f'error: {output}')
+		if stderr:
+			print(f'error: {stderr}')
+
+	roxywi_common.logging(serv, f'{ip} has been added to list {list_id}', login=1, keep_history=1,
+						  service='haproxy')
+
+
+def select_session() -> None:
+	from jinja2 import Environment, FileSystemLoader
+	env = Environment(loader=FileSystemLoader('templates'), autoescape=True,
+					  extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'], trim_blocks=True, lstrip_blocks=True)
+	serv = common.checkAjaxInput(form.getvalue('sessions_select'))
+
+	haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+
+	cmd = f'echo "show sess" |nc {serv} {haproxy_sock_port}'
+	output, stderr = server_mod.subprocess_execute(cmd)
+
+	template = env.get_template('ajax/sessions_table.html')
+	template = template.render(sessions=output)
+
+	print(template)
+
+
+def show_session() -> None:
+	serv = common.checkAjaxInput(form.getvalue('sessions_select_show'))
+	sess_id = common.checkAjaxInput(form.getvalue('sessions_select_id'))
+	haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+	cmd = f'echo "show sess {sess_id}" |nc {serv} {haproxy_sock_port}'
+
+	output, stderr = server_mod.subprocess_execute(cmd)
+
+	if stderr:
+		print('error: ' + stderr[0])
+	else:
+		for o in output:
+			print(f'{o}<br />')
+
+
+def delete_session() -> None:
+	haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+	sess_id = common.checkAjaxInput(form.getvalue('session_delete_id'))
+	cmd = 'echo "shutdown session %s" |nc %s %s' % (sess_id, serv, haproxy_sock_port)
+	output, stderr = server_mod.subprocess_execute(cmd)
+	if output[0] != '':
+		print('error: ' + output[0])
+	if stderr[0] != '':
+		print('error: ' + stderr[0])

app/modules/roxywi/roxy.py

@@ -4,6 +4,7 @@ import re
 import distro
 
 import modules.db.sql as sql
+import modules.common.common as common
 import modules.server.server as server_mod
 import modules.roxywi.common as roxywi_common
 
@@ -179,3 +180,24 @@ def check_new_version(service):
 		roxywi_common.logging('Roxy-WI server', f' {e}', roxywi=1)
 
 	return res
+
+
+def action_service(action: str, service: str) -> None:
+	if action not in ('start', 'stop', 'restart'):
+		print('error: wrong action')
+		return
+
+	is_in_docker = is_docker()
+	if action == 'stop':
+		cmd = f"sudo systemctl disable {service} --now"
+	elif action in ("start", "restart"):
+		cmd = f"sudo systemctl {action} {service} --now"
+		if not sql.select_user_status():
+			print(
+				'warning: The service is disabled because you are not subscribed. Read <a href="https://roxy-wi.org/pricing" '
+				'title="Roxy-WI pricing" target="_blank">here</a> about subscriptions')
+			sys.exit()
+	if is_in_docker:
+		cmd = f"sudo supervisorctl {action} {service}"
+	os.system(cmd)
+	roxywi_common.logging('Roxy-WI server', f' The service {service} has been {action}ed', roxywi=1, login=1)

app/modules/roxywi/user.py

@@ -0,0 +1,96 @@
+import os
+
+from jinja2 import Environment, FileSystemLoader
+
+import modules.db.sql as sql
+import modules.common.common as common
+import modules.roxywi.auth as roxywi_auth
+import modules.roxywi.common as roxywi_common
+import modules.alerting.alerting as alerting
+
+form = common.form
+
+
+def create_user():
+    email = form.getvalue('newemail')
+    password = form.getvalue('newpassword')
+    role = form.getvalue('newrole')
+    new_user = form.getvalue('newusername')
+    page = form.getvalue('page')
+    activeuser = form.getvalue('activeuser')
+    group = form.getvalue('newgroupuser')
+    role_id = sql.get_role_id_by_name(role)
+
+    if roxywi_common.check_user_group():
+        if roxywi_auth.is_admin(level=role_id):
+            try:
+                sql.add_user(new_user, email, password, role, activeuser, group)
+                env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
+                template = env.get_template('ajax/new_user.html')
+
+                template = template.render(users=sql.select_users(user=new_user),
+                                           groups=sql.select_groups(),
+                                           page=page,
+                                           roles=sql.select_roles(),
+                                           adding=1)
+                print(template)
+                roxywi_common.logging(f'a new user {new_user}', ' has been created ', roxywi=1, login=1)
+                try:
+                    message = f"A user has been created for you on Roxy-WI portal!\n\n" \
+                              f"Now you can login to https://{os.environ.get('HTTP_HOST', '')}\n\n" \
+                              f"Your credentials are:\n" \
+                              f"Login: {new_user}\n" \
+                              f"Password: {password}"
+                    alerting.send_email(email, 'A user has been created for you', message)
+                except Exception as e:
+                    roxywi_common.logging('error: Cannot send email for a new user', e, roxywi=1, login=1)
+            except Exception as e:
+                print(f'error: Cannot create a new user: {e}')
+                roxywi_common.logging('error: Cannot create a new user', e, roxywi=1, login=1)
+        else:
+            print('error: dalsdm')
+            roxywi_common.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1)
+
+
+def delete_user():
+    userdel = form.getvalue('userdel')
+    user = sql.select_users(id=userdel)
+    username = ''
+    for u in user:
+        username = u.username
+    if sql.delete_user(userdel):
+        sql.delete_user_groups(userdel)
+        roxywi_common.logging(username, ' has been deleted user ', roxywi=1, login=1)
+        print("Ok")
+
+
+def update_user():
+    email = form.getvalue('email')
+    role = form.getvalue('role')
+    new_user = form.getvalue('updateuser')
+    user_id = form.getvalue('id')
+    activeuser = form.getvalue('activeuser')
+    role_id = sql.get_role_id_by_name(role)
+
+    if roxywi_common.check_user_group():
+        if roxywi_auth.is_admin(level=role_id):
+            sql.update_user(new_user, email, role, user_id, activeuser)
+            roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1)
+        else:
+            roxywi_common.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1)
+
+
+def update_user_password():
+    password = form.getvalue('updatepassowrd')
+    username = ''
+
+    if form.getvalue('uuid'):
+        user_id = sql.get_user_id_by_uuid(form.getvalue('uuid'))
+    else:
+        user_id = form.getvalue('id')
+    user = sql.select_users(id=user_id)
+    for u in user:
+        username = u.username
+    sql.update_user_password(password, user_id)
+    roxywi_common.logging('user ' + username, ' has changed password ', roxywi=1, login=1)
+    print("Ok")

app/modules/server/server.py

@@ -81,7 +81,7 @@ def ssh_command(server_ip: str, commands: list, **kwargs):
 	except Exception as e:
 		roxywi_common.logging('Roxy-WI server',
 							  f' Something wrong with SSH connection: {e}', roxywi=1)
-		return str(f'error: {e}')
+		raise Exception(f'error: {e}')
 
 
 def subprocess_execute(cmd):

app/modules/service/action.py

@@ -0,0 +1,134 @@
+import modules.db.sql as sql
+import modules.server.server as server_mod
+import modules.roxywi.common as roxywi_common
+import modules.service.common as service_common
+
+
+def action_haproxy(server_ip: str, action: str) -> None:
+    haproxy_service_name = "haproxy"
+
+    if action not in ('start', 'stop', 'reload', 'restart'):
+        print('error: wrong action')
+        return
+
+    service_common.is_restarted(server_ip, action)
+
+    if service_common.check_haproxy_config(server_ip):
+        server_id = sql.select_server_id_by_ip(server_ip=server_ip)
+
+        if action == 'restart':
+            service_common.is_not_allowed_to_restart(server_id, 'haproxy')
+
+        is_docker = sql.select_service_setting(server_id, 'haproxy', 'dockerized')
+
+        if is_docker == '1':
+            container_name = sql.get_setting('haproxy_container_name')
+            commands = [f"sudo docker {action} {container_name}"]
+        else:
+            haproxy_enterprise = sql.select_service_setting(server_id, 'haproxy', 'haproxy_enterprise')
+            if haproxy_enterprise == '1':
+                haproxy_service_name = "hapee-2.0-lb"
+            commands = [f"sudo systemctl {action} {haproxy_service_name}"]
+
+        server_mod.ssh_command(server_ip, commands)
+        roxywi_common.logging(server_ip, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1,
+                              service='haproxy')
+        print(f"success: HAProxy has been {action}")
+    else:
+        print("error: Bad config, check please")
+
+
+def action_nginx(server_ip: str, action: str) -> None:
+    if action not in ('start', 'stop', 'reload', 'restart'):
+        print('error: wrong action')
+        return
+
+    service_common.is_restarted(server_ip, action)
+
+    if service_common.check_nginx_config(server_ip):
+        server_id = sql.select_server_id_by_ip(server_ip=server_ip)
+
+        if action == 'restart':
+            service_common.is_not_allowed_to_restart(server_id, 'nginx')
+        is_docker = sql.select_service_setting(server_id, 'nginx', 'dockerized')
+
+        if is_docker == '1':
+            container_name = sql.get_setting('nginx_container_name')
+            commands = [f"sudo docker {action} {container_name}"]
+        else:
+            commands = [f"sudo systemctl {action} nginx"]
+        server_mod.ssh_command(server_ip, commands)
+        roxywi_common.logging(server_ip, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, service='nginx')
+        print(f"success: NGINX has been {action}")
+    else:
+        print("error: Bad config, check please")
+
+
+def action_keepalived(server_ip: str, action: str) -> None:
+    if action not in ('start', 'stop', 'reload', 'restart'):
+        print('error: wrong action')
+        return
+
+    service_common.is_restarted(server_ip, action)
+
+    commands = [f"sudo systemctl {action} keepalived"]
+    server_mod.ssh_command(server_ip, commands)
+    roxywi_common.logging(server_ip, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, service='keepalived')
+    print(f"success: Keepalived has been {action}")
+
+
+def action_apache(server_ip: str, action: str) -> None:
+    if action not in ('start', 'stop', 'reload', 'restart'):
+        print('error: wrong action')
+        return
+
+    service_common.is_restarted(server_ip, action)
+
+    server_id = sql.select_server_id_by_ip(server_ip)
+
+    if action == 'restart':
+        service_common.is_not_allowed_to_restart(server_id, 'apache')
+
+    is_docker = sql.select_service_setting(server_id, 'apache', 'dockerized')
+    if is_docker == '1':
+        container_name = sql.get_setting('apache_container_name')
+        commands = [f"sudo docker {action} {container_name}"]
+    else:
+        service_apache_name = service_common.get_correct_apache_service_name(None, server_id)
+
+        commands = [f"sudo systemctl {action} {service_apache_name}"]
+    server_mod.ssh_command(server_ip, commands)
+    roxywi_common.logging(server_ip, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, service='apache')
+    print(f"success: Apache has been {action}")
+
+
+def action_haproxy_waf(server_ip: str, action: str) -> None:
+    if action not in ('start', 'stop', 'reload', 'restart'):
+        print('error: wrong action')
+        return
+
+    service_common.is_restarted(server_ip, action)
+
+    roxywi_common.logging(server_ip, f'HAProxy WAF service has been {action}ed', roxywi=1, login=1, keep_history=1,
+                  service='haproxy')
+    commands = [f"sudo systemctl {action} waf"]
+    server_mod.ssh_command(server_ip, commands)
+
+
+def action_nginx_waf(server_ip: str, action: str) -> None:
+    config_dir = common.return_nice_path(sql.get_setting('nginx_dir'))
+
+    if action not in ('start', 'stop'):
+        print('error: wrong action')
+        return
+
+    service_common.is_restarted(server_ip, action)
+
+    waf_new_state = 'on' if action == 'start' else 'off'
+    waf_old_state = 'off' if action == 'start' else 'on'
+
+    roxywi_common.logging(serv, f'NGINX WAF service has been {action}ed', roxywi=1, login=1, keep_history=1,
+                          service='nginx')
+    commands = [f"sudo sed -i 's/modsecurity {waf_old_state}/modsecurity {waf_new_state}/g' {config_dir}nginx.conf"
+                f" && sudo systemctl reload nginx"]
+    server_mod.ssh_command(server_ip, commands)

app/options.py

@@ -65,12 +65,7 @@ if not sql.check_token_exists(token):
     sys.exit()
 
 if form.getvalue('getcerts') is not None and serv is not None:
-    cert_path = sql.get_setting('cert_path')
+    config_mod.get_ssl_certs(serv)
-    commands = [f"sudo ls -1t {cert_path} |grep -E 'pem|crt|key'"]
-    try:
-        server_mod.ssh_command(serv, commands, ip="1")
-    except Exception as e:
-        print(f'error: Cannot connect to the server: {e.args[0]}')
 
 if form.getvalue('checkSshConnect') is not None and serv is not None:
     try:
@@ -79,60 +74,13 @@ if form.getvalue('checkSshConnect') is not None and serv is not None:
         print(e)
 
 if form.getvalue('getcert') is not None and serv is not None:
-    cert_id = common.checkAjaxInput(form.getvalue('getcert'))
+    config_mod.get_ssl_cert(serv)
-
-    cert_path = sql.get_setting('cert_path')
-    commands = [f"openssl x509 -in {cert_path}/{cert_id} -text"]
-    try:
-        server_mod.ssh_command(serv, commands, ip="1")
-    except Exception as e:
-        print(f'error: Cannot connect to the server {e.args[0]}')
 
 if form.getvalue('delcert') is not None and serv is not None:
-    cert_id = form.getvalue('delcert')
+    config_mod.del_ssl_cert(serv)
-    cert_id = common.checkAjaxInput(cert_id)
-    cert_path = sql.get_setting('cert_path')
-    commands = [f"sudo rm -f {cert_path}/{cert_id}"]
-    try:
-        server_mod.ssh_command(serv, commands, ip="1")
-    except Exception as e:
-        print(f'error: Cannot delete the certificate {e.args[0]}')
 
 if serv and form.getvalue('ssl_cert'):
-    cert_local_dir = os.path.dirname(os.getcwd()) + "/" + sql.get_setting('ssl_local_path')
+    config_mod.upload_ssl_cert(serv)
-    cert_path = sql.get_setting('cert_path')
-    name = ''
-
-    if not os.path.exists(cert_local_dir):
-        os.makedirs(cert_local_dir)
-
-    if form.getvalue('ssl_name') is None:
-        print('error: Please enter a desired name')
-    else:
-        name = common.checkAjaxInput(form.getvalue('ssl_name'))
-
-    try:
-        with open(name, "w") as ssl_cert:
-            ssl_cert.write(form.getvalue('ssl_cert'))
-    except IOError as e:
-        print(f'error: Cannot save the SSL key file. Check a SSH key path in config {e.args[0]}')
-
-    MASTERS = sql.is_master(serv)
-    for master in MASTERS:
-        if master[0] is not None:
-            config_mod.upload(master[0], cert_path, name)
-            print('success: the SSL file has been uploaded to %s into: %s%s <br/>' % (master[0], cert_path, '/' + name))
-    try:
-        error = config_mod.upload(serv, cert_path, name)
-        print('success: the SSL file has been uploaded to %s into: %s%s' % (serv, cert_path, '/' + name))
-    except Exception as e:
-        roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1)
-    try:
-        os.rename(name, cert_local_dir)
-    except OSError as e:
-        roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1)
-
-    roxywi_common.logging(serv, "add.py#ssl uploaded a new SSL cert %s" % name, roxywi=1, login=1)
 
 if form.getvalue('backend') is not None:
     import modules.config.runtime as runtime
@@ -187,142 +135,49 @@ if form.getvalue('table_select') is not None:
     runtime.table_select()
 
 if form.getvalue('ip_for_delete') is not None:
-    haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+    import modules.config.runtime as runtime
-    ip = common.checkAjaxInput(form.getvalue('ip_for_delete'))
-    table = common.checkAjaxInput(form.getvalue('table_for_delete'))
 
-    cmd = 'echo "clear table %s key %s" |nc %s %s' % (table, ip, serv, haproxy_sock_port)
+    runtime.delete_ip_from_stick_table()
-    output, stderr = server_mod.subprocess_execute(cmd)
-    if stderr[0] != '':
-        print('error: ' + stderr[0])
 
 if form.getvalue('table_for_clear') is not None:
-    haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+    import modules.config.runtime as runtime
-    table = common.checkAjaxInput(form.getvalue('table_for_clear'))
 
-    cmd = 'echo "clear table %s " |nc %s %s' % (table, serv, haproxy_sock_port)
+    runtime.clear_stick_table()
-    output, stderr = server_mod.subprocess_execute(cmd)
-    if stderr[0] != '':
-        print('error: ' + stderr[0])
 
 if form.getvalue('list_serv_select') is not None:
-    haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+    import modules.config.runtime as runtime
-    cmd = f'echo "show acl"|nc {serv} {haproxy_sock_port} |grep "loaded from" |awk \'{{print $1,$2}}\''
+
-    output, stderr = server_mod.subprocess_execute(cmd)
+    runtime.list_of_lists()
-    print(output)
 
 if form.getvalue('list_select_id') is not None:
-    env = Environment(loader=FileSystemLoader('templates/'), autoescape=True,
+    import modules.config.runtime as runtime
-                      extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'], trim_blocks=True, lstrip_blocks=True)
-    template = env.get_template('ajax/list.html')
-    list_id = common.checkAjaxInput(form.getvalue('list_select_id'))
-    list_name = common.checkAjaxInput(form.getvalue('list_select_name'))
 
-    haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+    runtime.show_lists()
-    cmd = f'echo "show acl #{list_id}"|nc {serv} {haproxy_sock_port}'
-    output, stderr = server_mod.subprocess_execute(cmd)
-
-    template = template.render(list=output, list_id=list_id, list_name=list_name)
-    print(template)
 
 if form.getvalue('list_id_for_delete') is not None:
-    haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+    import modules.config.runtime as runtime
-    lists_path = sql.get_setting('lists_path')
-    lib_path = get_config.get_config_var('main', 'lib_path')
-    ip_id = common.checkAjaxInput(form.getvalue('list_ip_id_for_delete'))
-    ip = common.is_ip_or_dns(form.getvalue('list_ip_for_delete'))
-    list_id = common.checkAjaxInput(form.getvalue('list_id_for_delete'))
-    list_name = common.checkAjaxInput(form.getvalue('list_name'))
-    user_group = roxywi_common.get_user_group(id=1)
-    cmd = f"sed -i 's!{ip}$!!' {lib_path}/{lists_path}/{user_group}/{list_name}"
-    cmd1 = f"sed -i '/^$/d' {lib_path}/{lists_path}/{user_group}/{list_name}"
-    output, stderr = server_mod.subprocess_execute(cmd)
-    output1, stderr1 = server_mod.subprocess_execute(cmd1)
-    if output:
-        print(f'error: {output}')
-    if stderr:
-        print(f'error: {stderr}')
-    if output1:
-        print(f'error: {output1}')
-    if stderr1:
-        print(f'error: {stderr}')
 
-    cmd = f'echo "del acl #{list_id} #{ip_id}" |nc {serv} {haproxy_sock_port}'
+    runtime.delete_ip_from_list()
-    output, stderr = server_mod.subprocess_execute(cmd)
-    if output[0] != '':
-        print(f'error: {output[0]}')
-    if stderr != '':
-        print(f'error: {stderr[0]}')
-
-    roxywi_common.logging(serv, f'{ip_id} has been delete from list {list_id}', login=1, keep_history=1,
-                  service='haproxy')
 
 if form.getvalue('list_ip_for_add') is not None:
-    haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+    import modules.config.runtime as runtime
-    lists_path = sql.get_setting('lists_path')
-    lib_path = get_config.get_config_var('main', 'lib_path')
-    ip = form.getvalue('list_ip_for_add')
-    ip = ip.strip()
-    ip = common.is_ip_or_dns(ip)
-    list_id = common.checkAjaxInput(form.getvalue('list_id_for_add'))
-    list_name = common.checkAjaxInput(form.getvalue('list_name'))
-    user_group = roxywi_common.get_user_group(id=1)
-    cmd = f'echo "add acl #{list_id} {ip}" |nc {serv} {haproxy_sock_port}'
-    output, stderr = server_mod.subprocess_execute(cmd)
-    if output[0]:
-        print(f'error: {output[0]}')
-    if stderr:
-        print(f'error: {stderr[0]}')
 
-    if 'is not a valid IPv4 or IPv6 address' not in output[0]:
+    runtime.add_ip_to_list()
-        cmd = f'echo "{ip}" >> {lib_path}/{lists_path}/{user_group}/{list_name}'
-        output, stderr = server_mod.subprocess_execute(cmd)
-        if output:
-            print(f'error: {output}')
-        if stderr:
-            print(f'error: {stderr}')
-
-    roxywi_common.logging(serv, f'{ip} has been added to list {list_id}', login=1, keep_history=1,
-                  service='haproxy')
 
 if form.getvalue('sessions_select') is not None:
-    env = Environment(loader=FileSystemLoader('templates'), autoescape=True,
+    import modules.config.runtime as runtime
-                      extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'], trim_blocks=True, lstrip_blocks=True)
-    serv = common.checkAjaxInput(form.getvalue('sessions_select'))
 
-    haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+    runtime.select_session()
-
-    cmd = f'echo "show sess" |nc {serv} {haproxy_sock_port}'
-    output, stderr = server_mod.subprocess_execute(cmd)
-
-    template = env.get_template('ajax/sessions_table.html')
-    template = template.render(sessions=output)
-
-    print(template)
 
 if form.getvalue('sessions_select_show') is not None:
-    serv = common.checkAjaxInput(form.getvalue('sessions_select_show'))
+    import modules.config.runtime as runtime
-    sess_id = common.checkAjaxInput(form.getvalue('sessions_select_id'))
-    haproxy_sock_port = sql.get_setting('haproxy_sock_port')
-    cmd = 'echo "show sess %s" |nc %s %s' % (sess_id, serv, haproxy_sock_port)
 
-    output, stderr = server_mod.subprocess_execute(cmd)
+    runtime.show_session()
-
-    if stderr:
-        print('error: ' + stderr[0])
-    else:
-        for o in output:
-            print(o + '<br />')
 
 if form.getvalue('session_delete_id') is not None:
-    haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+    import modules.config.runtime as runtime
-    sess_id = common.checkAjaxInput(form.getvalue('session_delete_id'))
+
-    cmd = 'echo "shutdown session %s" |nc %s %s' % (sess_id, serv, haproxy_sock_port)
+    runtime.delete_session()
-    output, stderr = server_mod.subprocess_execute(cmd)
-    if output[0] != '':
-        print('error: ' + output[0])
-    if stderr[0] != '':
-        print('error: ' + stderr[0])
 
 if form.getvalue("change_pos") is not None:
     pos = form.getvalue('change_pos')
@@ -338,170 +193,46 @@ if form.getvalue('showif'):
     server_mod.ssh_command(serv, commands, ip="1")
 
 if form.getvalue('action_hap') is not None and serv is not None:
+    import modules.service.action as service_action
+
     action = form.getvalue('action_hap')
-    haproxy_service_name = "haproxy"
+    service_action.action_haproxy(serv, action)
-
-    if action not in ('start', 'stop', 'reload', 'restart'):
-        print('error: wrong action')
-        sys.exit()
-
-    service_common.is_restarted(serv, action)
-
-    if service_common.check_haproxy_config(serv):
-        server_id = sql.select_server_id_by_ip(server_ip=serv)
-
-        if action == 'restart':
-            service_common.is_not_allowed_to_restart(server_id, 'haproxy')
-
-        is_docker = sql.select_service_setting(server_id, 'haproxy', 'dockerized')
-
-        if is_docker == '1':
-            container_name = sql.get_setting('haproxy_container_name')
-            commands = [f"sudo docker {action} {container_name}"]
-        else:
-            haproxy_enterprise = sql.select_service_setting(server_id, 'haproxy', 'haproxy_enterprise')
-            if haproxy_enterprise == '1':
-                haproxy_service_name = "hapee-2.0-lb"
-            commands = [f"sudo systemctl {action} {haproxy_service_name}"]
-
-        server_mod.ssh_command(serv, commands)
-        roxywi_common.logging(serv, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1,
-                      service='haproxy')
-        print(f"success: HAProxy has been {action}")
-    else:
-        print("error: Bad config, check please")
 
 if form.getvalue('action_nginx') is not None and serv is not None:
+    import modules.service.action as service_action
+
     action = form.getvalue('action_nginx')
-
+    service_action.action_nginx(serv, action)
-    if action not in ('start', 'stop', 'reload', 'restart'):
-        print('error: wrong action')
-        sys.exit()
-
-    service_common.is_restarted(serv, action)
-
-    if service_common.check_nginx_config(serv):
-        server_id = sql.select_server_id_by_ip(server_ip=serv)
-
-        if action == 'restart':
-            service_common.is_not_allowed_to_restart(server_id, 'nginx')
-        is_docker = sql.select_service_setting(server_id, 'nginx', 'dockerized')
-
-        if is_docker == '1':
-            container_name = sql.get_setting('nginx_container_name')
-            commands = ["sudo docker %s %s" % (action, container_name)]
-        else:
-            commands = ["sudo systemctl %s nginx" % action]
-        server_mod.ssh_command(serv, commands)
-        roxywi_common.logging(serv, 'Service has been ' + action + 'ed', roxywi=1, login=1, keep_history=1, service='nginx')
-        print("success: Nginx has been %s" % action)
-    else:
-        print("error: Bad config, check please")
 
 if form.getvalue('action_keepalived') is not None and serv is not None:
+    import modules.service.action as service_action
+
     action = form.getvalue('action_keepalived')
-
+    service_action.action_keepalived(serv, action)
-    if action not in ('start', 'stop', 'reload', 'restart'):
-        print('error: wrong action')
-        sys.exit()
-
-    service_common.is_restarted(serv, action)
-
-    commands = ["sudo systemctl %s keepalived" % action]
-    server_mod.ssh_command(serv, commands)
-    roxywi_common.logging(serv, 'Service has been ' + action + 'ed', roxywi=1, login=1, keep_history=1, service='keepalived')
-    print("success: Keepalived has been %s" % action)
 
 if form.getvalue('action_waf') is not None and serv is not None:
-    serv = form.getvalue('serv')
+    import modules.service.action as service_action
+
     action = form.getvalue('action_waf')
-
+    service_action.action_haproxy_waf(serv, action)
-    if action not in ('start', 'stop', 'reload', 'restart'):
-        print('error: wrong action')
-        sys.exit()
-
-    service_common.is_restarted(serv, action)
-
-    roxywi_common.logging(serv, 'HAProxy WAF service has been ' + action + 'ed', roxywi=1, login=1, keep_history=1,
-                  service='haproxy')
-    commands = ["sudo systemctl %s waf" % action]
-    server_mod.ssh_command(serv, commands)
 
 if form.getvalue('action_waf_nginx') is not None and serv is not None:
-    serv = form.getvalue('serv')
+    import modules.service.action as service_action
+
     action = form.getvalue('action_waf_nginx')
-    config_dir = common.return_nice_path(sql.get_setting('nginx_dir'))
+    service_action.action_nginx_waf(serv, action)
-
-    if action not in ('start', 'stop'):
-        print('error: wrong action')
-        sys.exit()
-
-    service_common.is_restarted(serv, action)
-
-    waf_new_state = 'on' if action == 'start' else 'off'
-    waf_old_state = 'off' if action == 'start' else 'on'
-
-    roxywi_common.logging(serv, 'NGINX WAF service has been ' + action + 'ed', roxywi=1, login=1, keep_history=1,
-                  service='nginx')
-    commands = [f"sudo sed -i 's/modsecurity {waf_old_state}/modsecurity {waf_new_state}/g' {config_dir}nginx.conf"
-                f" && sudo systemctl reload nginx"]
-    server_mod.ssh_command(serv, commands)
 
 if form.getvalue('action_apache') is not None and serv is not None:
+    import modules.service.action as service_action
+
     action = form.getvalue('action_apache')
-
+    service_action.action_apache(serv, action)
-    if action not in ('start', 'stop', 'reload', 'restart'):
-        print('error: wrong action')
-        sys.exit()
-
-    service_common.is_restarted(serv, action)
-
-    server_id = sql.select_server_id_by_ip(serv)
-
-    if action == 'restart':
-        service_common.is_not_allowed_to_restart(server_id, 'apache')
-
-    is_docker = sql.select_service_setting(server_id, 'apache', 'dockerized')
-    if is_docker == '1':
-        container_name = sql.get_setting('apache_container_name')
-        commands = ["sudo docker %s %s" % (action, container_name)]
-    else:
-        service_apache_name = service_common.get_correct_apache_service_name(None, server_id)
-
-        commands = ["sudo systemctl %s %s" % (action, service_apache_name)]
-    server_mod.ssh_command(serv, commands)
-    roxywi_common.logging(serv, 'Service has been ' + action + 'ed', roxywi=1, login=1, keep_history=1, service='apache')
-    print("success: Apache has been %s" % action)
 
 if form.getvalue('action_service') is not None:
     import modules.roxywi.roxy as roxy
+
     action = common.checkAjaxInput(form.getvalue('action_service'))
-
+    roxy.action_service(action, serv)
-    if action not in ('start', 'stop', 'restart'):
-        print('error: wrong action')
-        sys.exit()
-
-    is_in_docker = roxy.is_docker()
-    if action == 'stop':
-        cmd = "sudo systemctl disable %s --now" % serv
-    elif action == "start":
-        cmd = "sudo systemctl enable %s --now" % serv
-        if not sql.select_user_status():
-            print(
-                'warning: The service is disabled because you are not subscribed. Read <a href="https://roxy-wi.org/pricing.py" '
-                'title="Roxy-WI pricing" target="_blank">here</a> about subscriptions')
-            sys.exit()
-    elif action == "restart":
-        cmd = "sudo systemctl restart %s --now" % serv
-        if not sql.select_user_status():
-            print(
-                'warning: The service is disabled because you are not subscribed. Read <a href="https://roxy-wi.org/pricing.py" '
-                'title="Roxy-WI pricing" target="_blank">here</a> about subscriptions')
-            sys.exit()
-    if is_in_docker:
-        cmd = "sudo supervisorctl " + action + " " + serv
-    output, stderr = server_mod.subprocess_execute(cmd)
-    roxywi_common.logging('Roxy-WI server', ' The service ' + serv + ' has been ' + action + 'ed', roxywi=1, login=1)
 
 if act == "overviewHapserverBackends":
     import modules.config.section as section_mod
@@ -1882,77 +1613,24 @@ if form.getvalue('change_waf_mode'):
 error_mess = 'error: All fields must be completed'
 
 if form.getvalue('newuser') is not None:
-    email = form.getvalue('newemail')
+    import modules.roxywi.user as roxywi_user
-    password = form.getvalue('newpassword')
-    role = form.getvalue('newrole')
-    new_user = form.getvalue('newusername')
-    page = form.getvalue('page')
-    activeuser = form.getvalue('activeuser')
-    group = form.getvalue('newgroupuser')
-    role_id = sql.get_role_id_by_name(role)
 
-    if roxywi_common.check_user_group():
+    roxywi_user.create_user()
-        if roxywi_auth.is_admin(level=role_id):
-            try:
-                sql.add_user(new_user, email, password, role, activeuser, group)
-                env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
-                template = env.get_template('ajax/new_user.html')
-
-                template = template.render(users=sql.select_users(user=new_user),
-                                           groups=sql.select_groups(),
-                                           page=page,
-                                           roles=sql.select_roles(),
-                                           adding=1)
-                print(template)
-                roxywi_common.logging(f'a new user {new_user}', ' has been created ', roxywi=1, login=1)
-            except Exception as e:
-                print(e)
-                roxywi_common.logging('Cannot create a new user', e, roxywi=1, login=1)
-        else:
-            print('error: dalsdm')
-            roxywi_common.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1)
 
 if form.getvalue('userdel') is not None:
-    userdel = form.getvalue('userdel')
+    import modules.roxywi.user as roxywi_user
-    user = sql.select_users(id=userdel)
+
-    username = ''
+    roxywi_user.delete_user()
-    for u in user:
-        username = u.username
-    if sql.delete_user(userdel):
-        sql.delete_user_groups(userdel)
-        roxywi_common.logging(username, ' has been deleted user ', roxywi=1, login=1)
-        print("Ok")
 
 if form.getvalue('updateuser') is not None:
-    email = form.getvalue('email')
+    import modules.roxywi.user as roxywi_user
-    role = form.getvalue('role')
-    new_user = form.getvalue('updateuser')
-    user_id = form.getvalue('id')
-    activeuser = form.getvalue('activeuser')
-    group = form.getvalue('usergroup')
-    role_id = sql.get_role_id_by_name(role)
 
-    if roxywi_common.check_user_group():
+    roxywi_user.update_user()
-        if roxywi_auth.is_admin(level=role_id):
-            sql.update_user(new_user, email, role, user_id, activeuser)
-            roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1)
-        else:
-            roxywi_common.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1)
 
 if form.getvalue('updatepassowrd') is not None:
-    password = form.getvalue('updatepassowrd')
+    import modules.roxywi.user as roxywi_user
-    username = ''
 
-    if form.getvalue('uuid'):
+    roxywi_user.update_user_password()
-        user_id = sql.get_user_id_by_uuid(form.getvalue('uuid'))
-    else:
-        user_id = form.getvalue('id')
-    user = sql.select_users(id=user_id)
-    for u in user:
-        username = u.username
-    sql.update_user_password(password, user_id)
-    roxywi_common.logging('user ' + username, ' has changed password ', roxywi=1, login=1)
-    print("Ok")
 
 if form.getvalue('newserver') is not None:
     import modules.server.server as server_mod
@@ -2645,7 +2323,7 @@ if form.getvalue('lets_domain'):
     lets_domain = form.getvalue('lets_domain')
     lets_email = form.getvalue('lets_email')
     proxy = sql.get_setting('proxy')
-    ssl_path = sql.get_setting('cert_path')
+    ssl_path = common.return_nice_path(sql.get_setting('cert_path'))
     haproxy_dir = sql.get_setting('haproxy_dir')
     script = "letsencrypt.sh"
     proxy_serv = ''

app/provisioning.py

@@ -7,7 +7,6 @@ import modules.db.sql as sql
 import modules.common.common as common
 import modules.roxywi.auth as roxywi_auth
 import modules.roxywi.common as roxywi_common
-import modules.server.server as server_mod
 
 env = Environment(extensions=["jinja2.ext.do"], loader=FileSystemLoader('templates/'), autoescape=True)
 template = env.get_template('provisioning.html')
@@ -31,13 +30,7 @@ try:
         groups = roxywi_common.get_user_group(id=1)
     user_group = roxywi_common.get_user_group(id=1)
 
-    cmd = 'which terraform'
+    is_needed_tool = common.is_tool('terraform')
-    output, stderr = server_mod.subprocess_execute(cmd)
-
-    if stderr != '':
-        is_terraform = False
-    else:
-        is_terraform = True
 
     params = sql.select_provisioning_params()
 except Exception as e:
@@ -46,6 +39,6 @@ except Exception as e:
 rendered_template = template.render(
     title="Servers provisioning", role=user_params['role'], user=user_params['user'], groups=groups,
     user_group=user_group, servers=sql.select_provisioned_servers(), providers=sql.select_providers(user_group),
-    is_terraform=is_terraform, user_services=user_params['user_services'], token=user_params['token'], params=params
+    is_needed_tool=is_needed_tool, user_services=user_params['user_services'], token=user_params['token'], params=params
 )
 print(rendered_template)

app/scripts/ansible/roles/haproxy/tasks/installation.yml

@@ -21,6 +21,9 @@
   when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0
   ignore_errors: yes
   register: install_result
+  retries: 5
+  until: install_result.rc == 0
+  delay: 5
   environment:
     http_proxy: "{{PROXY}}"
     https_proxy: "{{PROXY}}"
@@ -34,9 +37,12 @@
       - rsyslog
       - bind-utils
     state: present
-  register: install_result1
   when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and ("'timed out' in install_result.stderr")
   ignore_errors: yes
+  register: install_result1
+  retries: 5
+  until: install_result1.rc == 0
+  delay: 5
   environment:
     http_proxy: "{{PROXY}}"
     https_proxy: "{{PROXY}}"
@@ -56,6 +62,10 @@
       - rsyslog
     state: latest
   when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and ("'FAILED' in install_result1.stderr")
+  register: install_result
+  retries: 5
+  until: install_result.rc == 0
+  delay: 5
   environment:
     http_proxy: "{{PROXY}}"
     https_proxy: "{{PROXY}}"
@@ -69,6 +79,10 @@
       - rsyslog
     state: present
   when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu'
+  register: install_result
+  retries: 5
+  until: install_result.rc == 0
+  delay: 5
   environment:
     http_proxy: "{{PROXY}}"
     https_proxy: "{{PROXY}}"

app/servers.py

@@ -32,6 +32,7 @@ try:
 	gits = sql.select_gits()
 	servers = roxywi_common.get_dick_permit(virt=1, disable=0, only_group=1)
 	masters = sql.select_servers(get_master_servers=1, uuid=user_params['user_uuid'].value)
+	is_needed_tool = common.is_tool('ansible')
 except Exception:
 	pass
 
@@ -48,5 +49,6 @@ rendered_template = template.render(
 	token=user_params['token'], settings=settings, backups=sql.select_backups(), page="servers.py",
 	geoip_country_codes=geoip_country_codes, user_services=user_params['user_services'], ldap_enable=ldap_enable,
 	user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], gits=gits,
+	is_needed_tool=is_needed_tool
 )
 print(rendered_template)

app/templates/ha.html

@@ -9,6 +9,14 @@
 </style>
 {% if user_status == 0 or user_plan == 'user' %}
 {% include 'include/no_sub.html' %}
+{% elif not is_needed_tool %}
+	<div style="text-align: center;">
+		<h3>You have not installed Ansible</h3>.
+		<img src="/inc/images/no_servers.png" alt="There is no server">
+		<h4>
+			Read <a href="https://roxy-wi.org/installation#ansible" title="Installing Ansible" target="_blank">here</a> how to install Ansible.
+		</h4>
+	</div>
 {% else %}
 <table class="overview" style="margin-bottom: 20px;">
 	<caption><h3>Create a new HA cluster</h3></caption>
@@ -130,7 +138,7 @@
 </table>
 <div id="ajax"></div>
 <div class="add-note alert addName alert-info" style="width: inherit; margin-right: 15px;">
-	Read <a href="https://roxy-wi.org/howto/ha-cluster" title="How to create high available cluster" target="_blank">How to create high available cluster</a>
+	Read <a href="https://roxy-wi.org/howto.py/ha_cluster" title="How to create high available cluster" target="_blank">How to create high available cluster</a>
 </div>
 <div id="server_creating" style="display: none;">
     <ul style="padding: 20px 20px 0px 20px;font-size: 15px;">

app/templates/include/admin_backup.html

@@ -1,3 +1,12 @@
+{% if not is_needed_tool %}
+    <div style="text-align: center;">
+		<h3>You have not installed Ansible</h3>.
+		<img src="/inc/images/no_servers.png" alt="There is no server">
+		<h4>
+			Read <a href="https://roxy-wi.org/installation#ansible" title="Installing Ansible" target="_blank">here</a> how to install Ansible.
+		</h4>
+	</div>
+{% else %}
 <div id="backup_tabs">
 	<ul>
 		<li><a href="#git_tab" title="Admin area: Upload to Git - Roxy-WI" id="backup-git-li">Git</a></li>
@@ -111,3 +120,4 @@
 		{% endif %}
 	</div>
 </div>
+{% endif %}

app/templates/include/mon_installation.html

@@ -1,3 +1,12 @@
+{% if not is_needed_tool %}
+    <div style="text-align: center;">
+		<h3>You have not installed Ansible</h3>.
+		<img src="/inc/images/no_servers.png" alt="There is no server">
+		<h4>
+			Read <a href="https://roxy-wi.org/installation#ansible" title="Installing Ansible" target="_blank">here</a> how to install Ansible.
+		</h4>
+	</div>
+{% else %}
 {% if page == 'users.py' %}
     <table id="grafana-table">
         <caption><h3>Installing Grafana and Prometheus servers</h3></caption>
@@ -45,8 +54,8 @@
             <td id="cur_haproxy_exp_ver" class="padding10 first-collumn"></td>
             <td class="padding10 first-collumn" style="width: 20%;">
                 {% set values = dict() %}
-                {% set values = {'0.7.0':'0.7.0','0.7.1':'0.7.1', '0.8.0':'0.8.0', '0.9.0':'0.9.0', '0.10.0':'0.10.0', '0.11.0':'0.11.0', '0.12.0':'0.12.0', '0.13.0':'0.13.0'} %}
+                {% set values = {'0.8.0':'0.8.0', '0.9.0':'0.9.0', '0.10.0':'0.10.0', '0.11.0':'0.11.0', '0.12.0':'0.12.0', '0.13.0':'0.13.0', '0.14.0':'0.14.0'} %}
-                {{ select('hapexpver',  values=values, selected='0.13.0') }}
+                {{ select('hapexpver',  values=values, selected='0.14.0') }}
             </td>
             <td class="padding10 first-collumn">
                 <select autofocus required name="haproxy_exp_addserv" id="haproxy_exp_addserv">
@@ -76,8 +85,8 @@
             <td id="cur_nginx_exp_ver" class="padding10 first-collumn"></td>
             <td class="padding10 first-collumn" style="width: 20%;">
                 {% set values = dict() %}
-                {% set values = {'0.5.0':'0.5.0', '0.6.0':'0.6.0', '0.7.0':'0.7.0', '0.9.0':'0.9.0', '0.10.0':'0.10.0'} %}
+                {% set values = {'0.6.0':'0.6.0', '0.7.0':'0.7.0', '0.9.0':'0.9.0', '0.10.0':'0.10.0', '0.11.0':'0.11.0'} %}
-                {{ select('nginxexpver',  values=values, selected='0.10.0') }}
+                {{ select('nginxexpver',  values=values, selected='0.11.0') }}
             </td>
             <td class="padding10 first-collumn">
                 <select autofocus required name="nginx_exp_addserv" id="nginx_exp_addserv">
@@ -138,9 +147,8 @@
             <td id="cur_node_exp_ver" class="padding10 first-collumn"></td>
             <td class="padding10 first-collumn" style="width: 20%;">
                 {% set values = dict() %}
-                {% set values = {'1.0.0':'1.0.0','1.1.0':'1.1.0', '1.1.1':'1.1.1', '1.1.2':'1.1.2', '1.2.0':'1.2.0',
+                {% set values = {'1.1.1':'1.1.1', '1.1.2':'1.1.2', '1.2.0':'1.2.0', '1.2.2':'1.2.2', '1.3.0':'1.3.0', '1.3.1':'1.3.1', '1.5.0':'1.5.0'} %}
-                '1.2.2':'1.2.2', '1.3.0':'1.3.0', '1.3.1':'1.3.1'} %}
+                {{ select('nodeexpver',  values=values, selected='1.5.0') }}
-                {{ select('nodeexpver',  values=values, selected='1.3.1') }}
             </td>
             <td class="padding10 first-collumn">
                 <select autofocus required name="node_exp_addserv" id="node_exp_addserv">
@@ -161,4 +169,4 @@
         Read <a href="https://roxy-wi.org/services/grafana" title="About Grafana and Prometheus servers" target="_blank">About Grafana and Prometheus servers</a>
         and <a href="https://roxy-wi.org/howto/exporters" title="About Exporters" target="_blank">About Exporters</a>
     </div>
-    
+{% endif %}

app/templates/provisioning.html

@@ -13,14 +13,14 @@
 	</ul>
 	<ul id='browse_histroy'></ul>
 	<div id="provisioning">
-		{% if not is_terraform %}
+		{% if not is_needed_tool %}
-		<center>
+		<div style="text-align: center;">
 			<br />
 			<h3>You have not installed Terraform.</h3>
 			<img src="/inc/images/no_servers.png" alt="There is no server">
 			<h4>Read <a href="https://www.terraform.io/downloads.html"
-			title="Download Terraform" target="_blank">here</a> how to install Terraform.</h4>
+			title="Download Terraform" target="_blank" class="link">here</a> how to install Terraform.</h4>
-		</center>
+		</div>
 		{% elif servers|length == 0 %}
 			{% include 'include/getstarted.html' %}
 		{% else %}

app/templates/servers.html

@@ -41,6 +41,15 @@
 	</div>
 
 	<div id="installproxy">
+		{% if not is_needed_tool %}
+			<div style="text-align: center;">
+				<h3>You have not installed Ansible</h3>.
+				<img src="/inc/images/no_servers.png" alt="There is no server">
+				<h4>
+					Read <a href="https://roxy-wi.org/installation#ansible" title="Installing Ansible" target="_blank">here</a> how to install Ansible.
+				</h4>
+			</div>
+		{% else %}
 		<table class="overview">
 			<caption><h3>Install HAProxy</h3></caption>
 			<tr class="overviewHead">
@@ -117,6 +126,7 @@
 			</tr>
 		</table>
 		<div id="ajax"></div>
+		{% endif %}
 	</div>
 	<div id="backup">
 		{% include 'include/admin_backup.html' %}
@@ -127,6 +137,15 @@
 
 	<div id="geolite2">
 		<table>
+			{% if not is_needed_tool %}
+				<div style="text-align: center;">
+					<h3>You have not installed Ansible</h3>.
+					<img src="/inc/images/no_servers.png" alt="There is no server">
+					<h4>
+						Read <a href="https://roxy-wi.org/installation#ansible" title="Installing Ansible" target="_blank">here</a> how to install Ansible.
+					</h4>
+				</div>
+			{% else %}
 			<caption><h3>Install GeoLite2</h3></caption>
 			<tr class="overviewHead">
 				<td class="padding10 first-collumn">Server</td>
@@ -160,6 +179,7 @@
 					<span class="ui-button ui-widget ui-corner-all" id="geoip_install" title="Install GeoLite2" style="display: none;">Install</span>
 				</td>
 			</tr>
+			{% endif %}
 		</table>
 		<div id="ajax-geoip"></div>
 		<div class="add-note alert addName alert-info" style="width: inherit; margin-right: 15px; margin-bottom: 15px;">

app/users.py

@@ -33,6 +33,7 @@ ldap_enable = sql.get_setting('ldap_enable')
 services = sql.select_services()
 gits = sql.select_gits()
 masters = sql.select_servers(get_master_servers=1)
+is_needed_tool = common.is_tool('ansible')
 
 try:
 	user_subscription = roxywi_common.return_user_status()
@@ -45,6 +46,7 @@ rendered_template = template.render(
 	servers=sql.select_servers(full=1), roles=sql.select_roles(), masters=masters, sshs=sql.select_ssh(),
 	settings=settings, backups=sql.select_backups(), services=services, timezones=pytz.all_timezones,
 	page="users.py", user_services=user_params['user_services'], ldap_enable=ldap_enable, gits=gits, guide_me=1,
-	user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], token=user_params['token']
+	user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], token=user_params['token'],
+	is_needed_tool=is_needed_tool
 )
 print(rendered_template)