diff --git a/app/funct.py b/app/funct.py index ddeb6223..73f2a581 100644 --- a/app/funct.py +++ b/app/funct.py @@ -784,10 +784,11 @@ def install_nginx(server_ip, **kwargs): stats_port = str(sql.get_setting('nginx_stats_port')) stats_page = sql.get_setting('nginx_stats_page') config_path = sql.get_setting('nginx_config_path') + nginx_dir = sql.get_setting('nginx_dir') server_for_installing = kwargs.get('server') proxy = sql.get_setting('proxy') docker = kwargs.get('docker') - container_name = sql.get_setting('haproxy_container_name') + container_name = sql.get_setting('nginx_container_name') ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = return_ssh_keys_path(server_ip) ssh_port = '22' @@ -809,7 +810,7 @@ def install_nginx(server_ip, **kwargs): commands = ["chmod +x " + script + " && ./" + script + " PROXY=" + proxy_serv + " STATS_USER=" + stats_user + " STATS_PASS='" + stats_password + "' SSH_PORT=" + ssh_port + " CONFIG_PATH=" + config_path + " CONT_NAME=" + container_name + - " STAT_PORT=" + stats_port + " STAT_PAGE=" + stats_page+" SYN_FLOOD=" + syn_flood_protect + " DOCKER=" + docker + + " STAT_PORT=" + stats_port + " STAT_PAGE=" + stats_page+" SYN_FLOOD=" + syn_flood_protect + " DOCKER=" + docker + " nginx_dir=" + nginx_dir + " HOST=" + server_ip + " USER=" + ssh_user_name + " PASS='" + ssh_user_password + "' KEY=" + ssh_key_name] output, error = subprocess_execute(commands[0]) diff --git a/app/hapservers.py b/app/hapservers.py index 1300f52d..2b728f75 100644 --- a/app/hapservers.py +++ b/app/hapservers.py @@ -92,8 +92,14 @@ for s in servers: servers_with_status.append(s[11]) if service == 'nginx': h = (['', ''],) - cmd = [ - "/usr/sbin/nginx -v 2>&1|awk '{print $3}' && systemctl status nginx |grep -e 'Active' |awk '{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l"] + for service_set in service_settings: + if service_set.server_id == s[0] and service_set.setting == 'dockerized' and service_set.value == '1': + cmd = [ + "docker exec -it nginx /usr/sbin/nginx -v 2>&1|awk '{print $3}' && docker ps |grep nginx |awk '{print $7, $8$9}' && ps ax |grep nginx:|grep -v grep |wc -l" + ] + else: + cmd = [ + "/usr/sbin/nginx -v 2>&1|awk '{print $3}' && systemctl status nginx |grep -e 'Active' |awk '{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l"] try: out = funct.ssh_command(s[2], cmd) h = () diff --git a/app/scripts/ansible/roles/nginx.yml b/app/scripts/ansible/roles/nginx.yml index f743f7f2..f63d76f6 100644 --- a/app/scripts/ansible/roles/nginx.yml +++ b/app/scripts/ansible/roles/nginx.yml @@ -1,125 +1,20 @@ -- hosts: "{{ variable_host }}" +--- +- name: Install common role + hosts: "{{ variable_host }}" become: yes become_method: sudo - tasks: - - name: Set SSH port - set_fact: - ansible_port: "{{SSH_PORT}}" - - - - name: check if Nginx is installed - package_facts: - manager: "auto" - - - name: populate service facts - service_facts: - - - - name: Creates directory - file: - path: /etc/nginx - state: directory - when: "'nginx' not in ansible_facts.packages" - - - - name: Creates directory - file: - path: /etc/nginx/conf.d - state: directory - when: "'nginx' not in ansible_facts.packages" - - - - name: Set passlib version - set_fact: - passlib_ver: "python3-passlib" - when: (ansible_facts['distribution_major_version'] == '8' and (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS')) or (ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu') - ignore_errors: True - - - - name: Set passlib version - set_fact: - passlib_ver: "python-passlib" - when: ansible_facts['distribution_major_version'] == '7' - ignore_errors: True - - - - name: Install passlib - package: - name: "{{passlib_ver}}" - state: present - when: "'nginx' not in ansible_facts.packages" + gather_facts: yes + roles: + - role: nginx_common environment: http_proxy: "{{PROXY}}" https_proxy: "{{PROXY}}" - - - - name: Copy Nginx configuration in place. - template: - src: /var/www/haproxy-wi/app/scripts/ansible/roles/default.conf.j2 - dest: "{{CONFIG_PATH}}" - mode: 0644 - force: no - when: "'nginx' not in ansible_facts.packages" - ignore_errors: yes - - - - name: Open stat port for firewalld - firewalld: - port: "{{ STAT_PORT }}/tcp" - state: enabled - permanent: yes - immediate: yes - ignore_errors: yes - no_log: True - debugger: never - when: - - '"firewalld" in ansible_facts.packages' - - ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS' - - ansible_facts.services["firewalld.service"]['state'] == "running" - - - - name: Open stat port for iptables - iptables: - chain: INPUT - destination_port: "{{ STAT_PORT }}" - jump: ACCEPT - protocol: tcp - ignore_errors: yes - - - htpasswd: - path: /etc/nginx/status_page_passwdfile - name: "{{STATS_USER}}" - password: "{{STATS_PASS}}" - when: "'nginx' not in ansible_facts.packages" - - - - name: test to see if selinux is running - command: getenforce - register: sestatus - changed_when: false - when: ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS' + tags: + - system + - docker - - - name: Disble SELINUX in config - template: - src: /var/www/haproxy-wi/app/scripts/ansible/roles/haproxy/templates/selinux.j2 - dest: /etc/selinux/config - ignore_errors: yes - when: - - sestatus.stdout is defined - - '"Enforcing" in sestatus.stdout' - - - - name: Disble SELINUX in env - shell: setenforce 0 - ignore_errors: yes - debugger: never - when: - - sestatus.stdout is defined - - '"Enforcing" in sestatus.stdout' - -- name: Install Nginx as a Docker +- name: Install docker hosts: "{{ variable_host }}" become: yes become_method: sudo @@ -129,29 +24,21 @@ environment: http_proxy: "{{PROXY}}" https_proxy: "{{PROXY}}" - tasks: - - name: Create Nginx - docker_container: - name: "{{ CONT_NAME }}" - image: "nginx" - recreate: yes - network_mode: host - volumes: - - "/etc/nginx/:/etc/nginx/:rw" - - "/tmp:/tmp:ro" - - "/var/log:/var/log:rw" - vars: - ansible_python_interpreter: /usr/bin/python3 + - role: nginx_docker + environment: + http_proxy: "{{PROXY}}" + https_proxy: "{{PROXY}}" tags: - docker - -- hosts: "{{ variable_host }}" + +- name: Install system role + hosts: "{{ variable_host }}" become: yes become_method: sudo tasks: - - name: Add syn_flood tasks - include: haproxy/tasks/syn_flood.yml - when: (SYN_FLOOD is defined) and (SYN_FLOOD|length > 0) + - name: Add syn_flood tasks + include: haproxy/tasks/syn_flood.yml + when: (SYN_FLOOD is defined) and (SYN_FLOOD|length > 0) roles: - role: nginxinc.nginx environment: diff --git a/app/scripts/ansible/roles/nginx_common/tasks/main.yml b/app/scripts/ansible/roles/nginx_common/tasks/main.yml new file mode 100644 index 00000000..058ac5d8 --- /dev/null +++ b/app/scripts/ansible/roles/nginx_common/tasks/main.yml @@ -0,0 +1,117 @@ +--- +- name: Set SSH port + set_fact: + ansible_port: "{{SSH_PORT}}" + + +- name: check if Nginx is installed + package_facts: + manager: "auto" + +- name: populate service facts + service_facts: + + +- name: Creates directory + file: + path: /etc/nginx + state: directory + when: "'nginx' not in ansible_facts.packages" + + +- name: Creates directory + file: + path: /etc/nginx/conf.d + state: directory + when: "'nginx' not in ansible_facts.packages" + + +- name: Set passlib version + set_fact: + passlib_ver: "python3-passlib" + when: (ansible_facts['distribution_major_version'] == '8' and (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS')) or (ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu') + ignore_errors: True + + +- name: Set passlib version + set_fact: + passlib_ver: "python-passlib" + when: ansible_facts['distribution_major_version'] == '7' + ignore_errors: True + + +- name: Install passlib + package: + name: "{{passlib_ver}}" + state: present + when: "'nginx' not in ansible_facts.packages" + environment: + http_proxy: "{{PROXY}}" + https_proxy: "{{PROXY}}" + + +- name: Copy Nginx configuration in place. + template: + src: /var/www/haproxy-wi/app/scripts/ansible/roles/default.conf.j2 + dest: "{{CONFIG_PATH}}" + mode: 0644 + force: no + when: "'nginx' not in ansible_facts.packages" + ignore_errors: yes + + +- name: Open stat port for firewalld + firewalld: + port: "{{ STAT_PORT }}/tcp" + state: enabled + permanent: yes + immediate: yes + ignore_errors: yes + no_log: True + debugger: never + when: + - '"firewalld" in ansible_facts.packages' + - ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS' + - ansible_facts.services["firewalld.service"]['state'] == "running" + + +- name: Open stat port for iptables + iptables: + chain: INPUT + destination_port: "{{ STAT_PORT }}" + jump: ACCEPT + protocol: tcp + ignore_errors: yes + + +- htpasswd: + path: /etc/nginx/status_page_passwdfile + name: "{{STATS_USER}}" + password: "{{STATS_PASS}}" + when: "'nginx' not in ansible_facts.packages" + + +- name: test to see if selinux is running + command: getenforce + register: sestatus + changed_when: false + when: ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS' + + +- name: Disble SELINUX in config + template: + src: /var/www/haproxy-wi/app/scripts/ansible/roles/haproxy/templates/selinux.j2 + dest: /etc/selinux/config + ignore_errors: yes + when: + - sestatus.stdout is defined + - '"Enforcing" in sestatus.stdout' + + +- name: Disble SELINUX in env + shell: setenforce 0 + ignore_errors: yes + debugger: never + when: + - sestatus.stdout is defined + - '"Enforcing" in sestatus.stdout' diff --git a/app/scripts/ansible/roles/default.conf.j2 b/app/scripts/ansible/roles/nginx_common/templates/default.conf.j2 similarity index 99% rename from app/scripts/ansible/roles/default.conf.j2 rename to app/scripts/ansible/roles/nginx_common/templates/default.conf.j2 index 58490af1..08267826 100644 --- a/app/scripts/ansible/roles/default.conf.j2 +++ b/app/scripts/ansible/roles/nginx_common/templates/default.conf.j2 @@ -1,7 +1,7 @@ server { listen {{STAT_PORT}} ; server_name localhost; - + location /{{STAT_PAGE}} { stub_status; auth_basic "Resticted Area"; diff --git a/app/scripts/ansible/roles/nginx_docker/tasks/main.yml b/app/scripts/ansible/roles/nginx_docker/tasks/main.yml new file mode 100644 index 00000000..0c2ab21e --- /dev/null +++ b/app/scripts/ansible/roles/nginx_docker/tasks/main.yml @@ -0,0 +1,75 @@ +--- +- name: Ensuring config directories exist + file: + path: "{{ nginx_dir }}" + state: "directory" + owner: "{{ansible_user}}" + group: "{{ansible_user}}" + mode: "0770" + become: true + ignore_errors: yes + +- name: Ensuring conf.d directories exist + file: + path: "{{ nginx_dir }}/conf.d" + state: "directory" + owner: "{{ansible_user}}" + group: "{{ansible_user}}" + mode: "0770" + become: true + ignore_errors: yes + +- name: Ensuring sites-enabled directories exist + file: + path: "{{ nginx_dir }}/sites-enabled" + state: "directory" + owner: "{{ansible_user}}" + group: "{{ansible_user}}" + mode: "0770" + become: true + ignore_errors: yes + +- name: Ensuring log directories exist + file: + path: "/var/log/nginx/" + state: "directory" + owner: "{{ansible_user}}" + group: "{{ansible_user}}" + mode: "0770" + become: true + ignore_errors: yes + +- name: Copying over nginx.conf + template: + src: nginx.conf.j2 + dest: "{{ nginx_dir }}/nginx.conf" + mode: "0666" + owner: "{{ansible_user}}" + group: "{{ansible_user}}" + force: no + become: true + ignore_errors: yes + +- name: Copying over mime.types + template: + src: mime.types.j2 + dest: "{{ nginx_dir }}/mime.types" + mode: "0666" + owner: "{{ansible_user}}" + group: "{{ansible_user}}" + force: no + become: true + ignore_errors: yes + +- name: Create Nginx + docker_container: + name: "{{ CONT_NAME }}" + image: "nginx" + recreate: yes + network_mode: host + volumes: + - "/etc/nginx/:/etc/nginx/:rw" + - "/tmp:/tmp:ro" + - "/var/log:/var/log:rw" + vars: + ansible_python_interpreter: /usr/bin/python3 diff --git a/app/scripts/ansible/roles/nginx_docker/templates/mime.types.j2 b/app/scripts/ansible/roles/nginx_docker/templates/mime.types.j2 new file mode 100644 index 00000000..c2302120 --- /dev/null +++ b/app/scripts/ansible/roles/nginx_docker/templates/mime.types.j2 @@ -0,0 +1,96 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} \ No newline at end of file diff --git a/app/scripts/ansible/roles/nginx_docker/templates/nginx.conf.j2 b/app/scripts/ansible/roles/nginx_docker/templates/nginx.conf.j2 new file mode 100644 index 00000000..2c7f6f09 --- /dev/null +++ b/app/scripts/ansible/roles/nginx_docker/templates/nginx.conf.j2 @@ -0,0 +1,31 @@ +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1021; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} \ No newline at end of file diff --git a/app/scripts/install_nginx.sh b/app/scripts/install_nginx.sh index 1633132a..dd153648 100644 --- a/app/scripts/install_nginx.sh +++ b/app/scripts/install_nginx.sh @@ -19,6 +19,7 @@ do CONFIG_PATH) CONFIG_PATH=${VALUE} ;; DOCKER) DOCKER=${VALUE} ;; CONT_NAME) CONT_NAME=${VALUE} ;; + nginx_dir) nginx_dir=${VALUE} ;; *) esac done @@ -48,9 +49,9 @@ PWD=$PWD/scripts/ansible/ echo "$HOST ansible_port=$SSH_PORT" > $PWD/$HOST if [[ $KEY == "" ]]; then - ansible-playbook $PWD/roles/nginx.yml -e "ansible_user=$USER ansible_ssh_pass='$PASS' variable_host=$HOST PROXY=$PROXY CONT_NAME=$CONT_NAME SYN_FLOOD=$SYN_FLOOD STAT_PAGE=$STAT_PAGE STAT_PORT=$STAT_PORT STATS_USER=$STATS_USER STATS_PASS=$STATS_PASS CONFIG_PATH=$CONFIG_PATH SSH_PORT=$SSH_PORT" -i $PWD/$HOST -t $tags -else - ansible-playbook $PWD/roles/nginx.yml --key-file $KEY -e "ansible_user=$USER variable_host=$HOST PROXY=$PROXY CONT_NAME=$CONT_NAME SYN_FLOOD=$SYN_FLOOD STAT_PAGE=$STAT_PAGE STAT_PORT=$STAT_PORT STATS_USER=$STATS_USER STATS_PASS=$STATS_PASS CONFIG_PATH=$CONFIG_PATH SSH_PORT=$SSH_PORT" -i $PWD/$HOST -t $tags + ansible-playbook $PWD/roles/nginx.yml -e "ansible_user=$USER ansible_ssh_pass='$PASS' variable_host=$HOST PROXY=$PROXY CONT_NAME=$CONT_NAME nginx_dir=$nginx_dir SYN_FLOOD=$SYN_FLOOD STAT_PAGE=$STAT_PAGE STAT_PORT=$STAT_PORT STATS_USER=$STATS_USER STATS_PASS=$STATS_PASS CONFIG_PATH=$CONFIG_PATH SSH_PORT=$SSH_PORT" -i $PWD/$HOST -t $tags +else + ansible-playbook $PWD/roles/nginx.yml --key-file $KEY -e "ansible_user=$USER variable_host=$HOST PROXY=$PROXY CONT_NAME=$CONT_NAME nginx_dir=$nginx_dir SYN_FLOOD=$SYN_FLOOD STAT_PAGE=$STAT_PAGE STAT_PORT=$STAT_PORT STATS_USER=$STATS_USER STATS_PASS=$STATS_PASS CONFIG_PATH=$CONFIG_PATH SSH_PORT=$SSH_PORT" -i $PWD/$HOST -t $tags fi if [ $? -gt 0 ] diff --git a/app/templates/hapservers.html b/app/templates/hapservers.html index da5591d4..ba8c825f 100644 --- a/app/templates/hapservers.html +++ b/app/templates/hapservers.html @@ -95,7 +95,7 @@ {% set is_checker_enabled = s.8.0.19 %} {% set is_metrics_enabled = s.8.0.21 %} {% set action_service = 'nginx' %} - {% if s.5.0.1 == 'active' %} + {% if s.5.0.1 == 'active' or s.5.0.1 == 'Up' %} {% set additional_status_class = 'div-server-head-up' %} {% else %} {% set additional_status_class = 'div-server-head-down' %} @@ -179,7 +179,7 @@ {% if service == 'nginx' or service == 'keepalived' %} Version: {{s.5.0.0}} Process_num: {{s.5.0.3}}
- {% if s.5.0.1 == 'active' %} + {% if s.5.0.1 == 'active' or s.5.0.1 == 'Up' %} Started: {% else %} Stopped: