From 6ef59643ddb210c5e13a9a82166e2a5e6d731a13 Mon Sep 17 00:00:00 2001
From: Aidaho12 <buffoon2001@mail.ru>
Date: Fri, 27 Apr 2018 10:07:59 +0600
Subject: [PATCH] v2.0.8

Firewalld support!
---
 README.md                           |  9 +++---
 cgi-bin/config.py                   |  3 +-
 cgi-bin/funct.py                    | 47 +++++++++++++++++++++--------
 cgi-bin/haproxy-webintarface.config |  2 ++
 cgi-bin/options.py                  | 17 ++---------
 cgi-bin/ovw.py                      |  2 +-
 inc/style.css                       | 13 ++++++--
 7 files changed, 56 insertions(+), 37 deletions(-)

diff --git a/README.md b/README.md
index d51ff390..c2e1ca41 100644
--- a/README.md
+++ b/README.md
@@ -14,10 +14,11 @@ A simple web interface(user-frendly web GUI) for managing Haproxy servers. Leave
 8. Editing configs
 9. Rollback to previous versions of the config
 10. Master/slave servers
-11. Comparing versions of configs
-12. Users roles: admin, editor, viewer
-13. Server groups
-14. Telegram notification
+11. Configure firewalld on HAProxy servers based on config ports
+12. Comparing versions of configs
+13. Users roles: admin, editor, viewer
+14. Server groups
+15. Telegram notification
 
 # Install
 The installer will ask you a few questions
diff --git a/cgi-bin/config.py b/cgi-bin/config.py
index 6d567918..0d1afa34 100644
--- a/cgi-bin/config.py
+++ b/cgi-bin/config.py
@@ -63,7 +63,8 @@ if form.getvalue('serv') is not None and form.getvalue('config') is not None:
 	except IOError:
 		print("Can't read import config file")
 
-	print("<center><b>New config was saved as: %s </b></br></br></center>" % cfg)
+	print('<center><div class="alert alert-info">New config was saved as: %s </div></center>' % cfg)
+	
 	
 	MASTERS = sql.is_master(serv)
 	for master in MASTERS:
diff --git a/cgi-bin/funct.py b/cgi-bin/funct.py
index b2424f36..e0dce844 100644
--- a/cgi-bin/funct.py
+++ b/cgi-bin/funct.py
@@ -199,7 +199,7 @@ def links():
 				'</li>')
 	print('</ul>'
 		  '</nav>'
-		  '<div class="copyright-menu">HAproxy-WI v2.0.7</div>'
+		  '<div class="copyright-menu">HAproxy-WI v2.0.8</div>'
 		  '</div>')	
 
 def show_login_links():
@@ -377,6 +377,7 @@ def upload(serv, path, file, **kwargs):
 		sftp = ssh.open_sftp()
 		file = sftp.put(file, full_path)
 		sftp.close()
+		ssh.close()
 	except Exception as e:
 		print('<div class="alert alert-danger">Upload fail: %s</div>' % e)
 	
@@ -385,9 +386,9 @@ def upload_and_restart(serv, cfg, **kwargs):
 	
 	try:
 		ssh = ssh_connect(serv)
-		print("<center>connected to %s<br />" % serv)
+		print('<center><div class="alert alert-info">connected to %s</div>' % serv)
 	except:
-		print("Connect fail")
+		print('<center><div class="alert alert-danger">Connect fail</div>')
 	sftp = ssh.open_sftp()
 	sftp.put(cfg, tmp_file)
 	sftp.close()
@@ -396,32 +397,49 @@ def upload_and_restart(serv, cfg, **kwargs):
 		commands = [ "/sbin/haproxy  -q -c -f " + tmp_file, "mv -f " + tmp_file + " " + haproxy_config_path ]
 	else:
 		commands = [ "/sbin/haproxy  -q -c -f " + tmp_file, "mv -f " + tmp_file + " " + haproxy_config_path, restart_command ]
-	
+		
+	if config.get('haproxy', 'firewall_enable') == "1":
+		commands.extend(open_port_firewalld(cfg))
+		
 	i = 0
 	for command in commands:
 		i = i + 1
-		print("</br>Executing: {}".format( command ))
-		print("</br>")
 		stdin , stdout, stderr = ssh.exec_command(command)
-		print(stdout.read().decode(encoding='UTF-8'))
 		if i == 1:
 			if not stderr.read():
-				print('<h3 style="color: #23527c">Config ok</h3>')
+				print('<div class="alert alert-success">Config ok</div><pre>')
 			else:
-				print('<h3 style="color: red">In your config have errors, please check, and try again</h3>')
+				print('<div class="alert alert-danger">In your config have errors, please check, and try again</div>')
 				print(stderr.read().decode(encoding='UTF-8'))
 				return False
 				break
 		if i is not 1:
-			print("</br>Errors:")	
 			print(stderr.read().decode(encoding='UTF-8'))
-			print("</br>")
 	
 	return True	
 	
 	print('</center>')
 	ssh.close()
 
+def open_port_firewalld(cfg):
+	try:
+		conf = open(cfg, "r")
+	except IOError:
+		print('<div class="alert alert-danger">Can\'t read export config file</div>')
+	
+	firewalld_commands = []
+	
+	for line in conf:
+		if "bind" in line:
+			bind = line.split(":")
+			bind[1] = bind[1].strip(' ')
+			bind = bind[1].split("ssl")
+			bind = bind[0].strip(' \t\n\r')
+			firewalld_commands.append('firewall-cmd --zone=public --add-port=%s/tcp --permanent' % bind)
+				
+	firewalld_commands.append('firewall-cmd --reload')
+	return firewalld_commands
+	
 def check_haproxy_config(serv):
 	commands = [ "/sbin/haproxy  -q -c -f %s" % haproxy_config_path ]
 	ssh = ssh_connect(serv)
@@ -431,7 +449,8 @@ def check_haproxy_config(serv):
 			return True
 		else:
 			return False
-			
+	ssh.close()
+	
 def compare(stdout):
 	i = 0
 	minus = 0
@@ -514,6 +533,8 @@ def ssh_command(serv, commands, **kwargs):
 			print('<div style="margin: -10px;">'+stdout.read().decode(encoding='UTF-8')+'</div>')
 			
 		print(stderr.read().decode(encoding='UTF-8'))
+		
+	ssh.close()
 
 def choose_only_select(serv, **kwargs):
 	if kwargs.get("virt"):
@@ -555,6 +576,6 @@ def chooseServer(formName, title, note, **kwargs):
 	print('</p></form>')
 	
 	if note == "y":
-		print('<p><b>Note:</b> If you reconfigure First server, second will reconfigured automatically</p>')
+		print('<div class="alert alert-info"><b>Note:</b> If you reconfigure First server, second will reconfigured automatically</div>')
 	print('</center>')
 
diff --git a/cgi-bin/haproxy-webintarface.config b/cgi-bin/haproxy-webintarface.config
index e21f6b51..a9046d87 100644
--- a/cgi-bin/haproxy-webintarface.config
+++ b/cgi-bin/haproxy-webintarface.config
@@ -60,3 +60,5 @@ haproxy_sock = /var/run/haproxy.sock
 #Temp store configs, for haproxy check
 tmp_config_path = /tmp
 cert_path = /etc/ssl/certs/
+#If enable this option Haproxy-wi will be configure firewalld based on config port
+firewall_enable = 1
\ No newline at end of file
diff --git a/cgi-bin/options.py b/cgi-bin/options.py
index 07519685..aa987bfe 100644
--- a/cgi-bin/options.py
+++ b/cgi-bin/options.py
@@ -28,6 +28,7 @@ if form.getvalue('getcert') is not None and serv is not None:
 	
 if form.getvalue('ssh_cert'):
 	ssh_keys = config.get('ssh', 'ssh_keys')
+	
 	try:
 		with open(ssh_keys, "w") as conf:
 			conf.write(form.getvalue('ssh_cert'))
@@ -87,16 +88,6 @@ if form.getvalue('ip') is not None and serv is not None:
 	commands = [ "ip a |grep inet |egrep -v  '::1' |awk '{ print $2  }' |awk -F'/' '{ print $1  }'" ]
 	funct.ssh_command(serv, commands, ip="1")
 	
-if form.getvalue('name') is not None:
-	name = form.getvalue('name')
-	conf = open("/home/ploginov/haproxy/cgi-bin/hap_config/test.cfg", "r")
-	s = form.getvalue('s')
-	for line in conf:
-
-		if s in line and name in line:
-			print("yes")
-			break
-
 if form.getvalue('action') is not None and serv is not None:
 	serv = form.getvalue('serv')
 	action = form.getvalue('action')
@@ -225,8 +216,4 @@ if form.getvalue('viewlogs') is not None:
 			print('<div class="line3">' + line + '</div>')
 		else:
 			print('<div class="line">' + line + '</div>')
-	
-if form.getvalue('tailf_stop') is not None:
-	serv = form.getvalue('serv')
-	commands = [ "ps ax |grep python3 |grep -v grep |awk '{ print $1 }' |xargs kill" ]
-	funct.ssh_command(serv, commands)
\ No newline at end of file
+	
\ No newline at end of file
diff --git a/cgi-bin/ovw.py b/cgi-bin/ovw.py
index 650fcfb7..2269a42b 100644
--- a/cgi-bin/ovw.py
+++ b/cgi-bin/ovw.py
@@ -79,7 +79,7 @@ def get_overview():
 		print('</td><td>')
 		if funct.is_admin():
 			print('<a id="%s" class="start" title="Start HAproxy service" onclick = "if (! confirm(\'Start service?\')) return false;"><img src=/image/pic/start.png alt="start" class="icon"></a>' % server[2])
-			print('<a id="%s" class="stop" title="Stop HAproxy service" onclick = "if (! confirm(\'Stop service?\')) return false;"><img src=/image/pic/stop.png alt="start" class="icon"></a>' % server[2])
+			print('<a id="%s" class="stop" title="Stop HAproxy service" onclick = "return confirm(\'Stop service?\')"><img src=/image/pic/stop.png alt="start" class="icon"></a>' % server[2])
 			print('<a id="%s" class="restart" title="Restart HAproxy service" onclick = "if (! confirm(\'Restart service?\')) return false;"><img src=/image/pic/update.png alt="restart" class="icon"></a>' % server[2])
 		print('<a href="/cgi-bin/configshow.py?serv=%s&open=open#conf"  title="Show config"><img src=/image/pic/show.png alt="show" class="icon"></a>' % server[2])
 		print('<a href="/cgi-bin/config.py?serv=%s&open=open#conf"  title="Edit config"><img src=/image/pic/edit.png alt="edit" class="icon"></a>' % server[2])
diff --git a/inc/style.css b/inc/style.css
index 51a043bc..3b35671b 100644
--- a/inc/style.css
+++ b/inc/style.css
@@ -530,6 +530,10 @@ a:focus {
 	padding-left: 10px;
 	margin-bottom: 10px;	
 }
+.alert-danger, .alert-info, .alert-success {
+	width: 400px;
+	margin-left: 15px;
+}
 .alert-danger {
 	color: #a94442;
 	background-color: #f2dede;
@@ -538,14 +542,17 @@ a:focus {
 	display: block;
 	margin-top: 15px;
 	margin-bottom: -50px;
-	margin-left: 20px;
 }
 .alert-success {
 	color: #3c763d;
 	background-color: #dff0d8;
 	border-color: #d6e9c6;
-	width: 400px;
-	margin-left: 15px;
+
+}
+.alert-info {
+	color: #0c5460;
+	background-color: #d1ecf1;
+	border-color: #bee5eb;
 }
 label {
   display: inline-block;