diff --git a/app/config.py b/app/config.py
index 470f5144..9a6e5f16 100644
--- a/app/config.py
+++ b/app/config.py
@@ -12,6 +12,7 @@ funct.check_login()
form = funct.form
serv = form.getvalue('serv')
service = form.getvalue('service')
+is_serv_protected = False
try:
config_file_name = form.getvalue('config_file_name').replace('92', '/')
except:
@@ -41,6 +42,13 @@ elif service == 'nginx':
configs_dir = funct.get_config_var('configs', 'nginx_save_configs_dir')
file_format = 'conf'
servers = sql.get_dick_permit(nginx=1)
+elif service == 'apache':
+ if funct.check_login(service=2):
+ title = "Working with Apache configuration files"
+ action = "config.py?service=apache"
+ configs_dir = funct.get_config_var('configs', 'apache_save_configs_dir')
+ file_format = 'conf'
+ servers = sql.get_dick_permit(apache=1)
else:
if funct.check_login(service=1):
title = "Working with HAProxy configuration files"
@@ -50,7 +58,7 @@ else:
servers = sql.get_dick_permit(haproxy=1)
if serv is not None:
- if service == 'nginx':
+ if service == 'nginx' or service == 'apache':
conf_file_name_short = config_file_name.split('/')[-1]
cfg = configs_dir + serv + "-" + conf_file_name_short + "-" + funct.get_data('config') + "." + file_format
else:
@@ -58,6 +66,8 @@ if serv is not None:
if serv is not None and form.getvalue('open') is not None and form.getvalue('new_config') is None:
funct.check_is_server_in_group(serv)
+ is_serv_protected = sql.is_serv_protected(serv)
+
if service == 'keepalived':
error = funct.get_config(serv, cfg, keepalived=1)
try:
@@ -70,6 +80,12 @@ if serv is not None and form.getvalue('open') is not None and form.getvalue('new
funct.logging(serv, " Nginx config has been opened ")
except Exception:
pass
+ elif service == 'apache':
+ error = funct.get_config(serv, cfg, apache=1, config_file_name=config_file_name)
+ try:
+ funct.logging(serv, " Apache config has been opened ")
+ except Exception:
+ pass
else:
error = funct.get_config(serv, cfg)
try:
@@ -107,6 +123,8 @@ if serv is not None and form.getvalue('config') is not None:
stderr = funct.upload_and_restart(serv, cfg, just_save=save, keepalived=1, oldcfg=oldcfg)
elif service == 'nginx':
stderr = funct.master_slave_upload_and_restart(serv, cfg, just_save=save, nginx=1, oldcfg=oldcfg, config_file_name=config_file_name)
+ elif service == 'apache':
+ stderr = funct.master_slave_upload_and_restart(serv, cfg, just_save=save, apache=1, oldcfg=oldcfg, config_file_name=config_file_name)
else:
stderr = funct.master_slave_upload_and_restart(serv, cfg, just_save=save, oldcfg=oldcfg)
@@ -138,5 +156,6 @@ template = template.render(h2=1, title=title,
service=service,
user_services=user_services,
config_file_name=config_file_name,
+ is_serv_protected=is_serv_protected,
token=token)
print(template)
diff --git a/app/create_db.py b/app/create_db.py
index df4b3f42..9ed01a27 100644
--- a/app/create_db.py
+++ b/app/create_db.py
@@ -108,6 +108,22 @@ def default_values():
{'param': 'rabbitmq_queue', 'value': 'roxy-wi', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server queue', 'group': '1'},
{'param': 'rabbitmq_user', 'value': 'roxy-wi', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server user', 'group': '1'},
{'param': 'rabbitmq_password', 'value': 'roxy-wi123', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server user password', 'group': '1'},
+ {'param': 'apache_path_logs', 'value': '/var/log/httpd/', 'section': 'apache',
+ 'desc': 'The path for Apache logs', 'group': '1'},
+ {'param': 'apache_stats_user', 'value': 'admin', 'section': 'apache',
+ 'desc': 'Username for accessing Apache stats page', 'group': '1'},
+ {'param': 'apache_stats_password', 'value': 'password', 'section': 'apache',
+ 'desc': 'Password for Apache stats webpage', 'group': '1'},
+ {'param': 'apache_stats_port', 'value': '8087', 'section': 'apache', 'desc': 'Stats port for webpage Apache',
+ 'group': '1'},
+ {'param': 'apache_stats_page', 'value': 'stats', 'section': 'apache', 'desc': 'URI Stats for webpage Apache',
+ 'group': '1'},
+ {'param': 'apache_dir', 'value': '/etc/httpd/', 'section': 'apache',
+ 'desc': 'Path to the Apache directory with config files', 'group': '1'},
+ {'param': 'apache_config_path', 'value': '/etc/httpd/conf/httpd.conf', 'section': 'apache',
+ 'desc': 'Path to the main Nginx configuration file', 'group': '1'},
+ {'param': 'apache_container_name', 'value': 'apache', 'section': 'apache',
+ 'desc': 'Docker container name for Apache service', 'group': '1'},
]
try:
Setting.insert_many(data_source).on_conflict_ignore().execute()
@@ -637,8 +653,25 @@ def update_db_v_5_4_3_1(**kwargs):
print("Updating... DB has been updated to version 5.4.3-1")
+def update_db_v_6_0(**kwargs):
+ cursor = conn.cursor()
+ sql = list()
+ sql.append("alter table servers add column apache integer default 0")
+ sql.append("alter table servers add column apache_active integer default 0")
+ sql.append("alter table servers add column apache_alert integer default 0")
+ sql.append("alter table servers add column apache_metrics integer default 0")
+ for i in sql:
+ try:
+ cursor.execute(i)
+ except Exception as e:
+ pass
+ else:
+ if kwargs.get('silent') != 1:
+ print('Updating... DB has been updated to version 6.0.0.0')
+
+
def update_ver():
- query = Version.update(version='5.5.1.0')
+ query = Version.update(version='6.0.0.0')
try:
query.execute()
except:
@@ -662,6 +695,7 @@ def update_all():
update_db_v_5_4_2()
update_db_v_5_4_3()
update_db_v_5_4_3_1()
+ update_db_v_6_0()
update_ver()
@@ -682,6 +716,7 @@ def update_all_silent():
update_db_v_5_4_2(silent=1)
update_db_v_5_4_3(silent=1)
update_db_v_5_4_3_1(silent=1)
+ update_db_v_6_0(silent=1)
update_ver()
diff --git a/app/db_model.py b/app/db_model.py
index 2671e20f..7d5fadb4 100644
--- a/app/db_model.py
+++ b/app/db_model.py
@@ -63,6 +63,10 @@ class Server(BaseModel):
nginx_metrics = IntegerField(constraints=[SQL('DEFAULT 0')])
keepalived_active = IntegerField(constraints=[SQL('DEFAULT 0')])
keepalived_alert = IntegerField(constraints=[SQL('DEFAULT 0')])
+ apache = IntegerField(constraints=[SQL('DEFAULT 0')])
+ apache_active = IntegerField(constraints=[SQL('DEFAULT 0')])
+ apache_alert = IntegerField(constraints=[SQL('DEFAULT 0')])
+ apache_metrics = IntegerField(constraints=[SQL('DEFAULT 0')])
class Meta:
table_name = 'servers'
diff --git a/app/funct.py b/app/funct.py
index 1b970561..24263123 100644
--- a/app/funct.py
+++ b/app/funct.py
@@ -420,7 +420,8 @@ def get_config(server_ip, cfg, **kwargs):
if kwargs.get("keepalived") or kwargs.get("service") == 'keepalived':
config_path = "/etc/keepalived/keepalived.conf"
- elif kwargs.get("nginx") or kwargs.get("service") == 'nginx':
+ elif (kwargs.get("nginx") or kwargs.get("service") == 'nginx' or
+ kwargs.get("apache") or kwargs.get("service") == 'apache'):
config_path = kwargs.get('config_file_name')
elif kwargs.get("waf") or kwargs.get("service") == 'waf':
config_path = sql.get_setting('haproxy_dir') + '/waf/rules/' + kwargs.get("waf_rule_file")
@@ -492,9 +493,16 @@ def get_remote_sections(server_ip: str, service: str) -> str:
config_dir = return_nice_path(config_dir)
if service == 'nginx':
section_name = 'server_name'
+ commands = [
+ 'sudo grep {} {}* -R |grep -v \'${}\|#\'|awk \'{{print $1, $3}}\''.format(section_name, config_dir,
+ section_name)]
+
elif service == 'apache':
section_name = 'ServerName'
- commands = ['sudo grep {} {}* -R |grep -v \'$server_name\|#\'|awk \'{{print $1, $3}}\''.format(section_name, config_dir)]
+ commands = [
+ 'sudo grep {} {}*/*.conf -R |grep -v \'${}\|#\'|awk \'{{print $1, $3}}\''.format(section_name, config_dir,
+ section_name)]
+
backends = ssh_command(server_ip, commands)
return backends
@@ -912,7 +920,10 @@ def upload_and_restart(server_ip, cfg, **kwargs):
if kwargs.get("nginx"):
service = 'nginx'
- # config_path = sql.get_setting('nginx_config_path')
+ config_path = kwargs.get('config_file_name')
+ tmp_file = sql.get_setting('tmp_config_path') + "/" + get_data('config') + ".conf"
+ elif kwargs.get("apache"):
+ service = 'apache'
config_path = kwargs.get('config_file_name')
tmp_file = sql.get_setting('tmp_config_path') + "/" + get_data('config') + ".conf"
elif kwargs.get("keepalived"):
@@ -936,6 +947,15 @@ def upload_and_restart(server_ip, cfg, **kwargs):
haproxy_enterprise = sql.select_service_setting(server_id, 'haproxy', 'haproxy_enterprise')
if haproxy_enterprise == '1':
service_name = "hapee-2.0-lb"
+ if service == 'apache':
+ server_id = sql.select_server_id_by_ip(server_ip)
+ os_info = sql.select_os_info(server_id)
+
+ if "CentOS" in os_info or "Redhat" in os_info:
+ service_name = 'httpd'
+ else:
+ service_name = 'apache2'
+
reload_command = " && sudo systemctl reload " + service_name
restart_command = " && sudo systemctl restart " + service_name
@@ -980,6 +1000,20 @@ def upload_and_restart(server_ip, cfg, **kwargs):
commands = [check_and_move + reload_or_restart_command]
if sql.return_firewall(server_ip):
commands[0] += open_port_firewalld(cfg, server_ip=server_ip, service='nginx')
+ elif service == "apache":
+ if is_docker == '1':
+ check_config = "sudo docker exec -it exec " + container_name + " nginx -t -q "
+ else:
+ check_config = "sudo apachectl configtest "
+ check_and_move = "sudo mv -f " + tmp_file + " " + config_path #+ " && " + check_config
+ if action == "test":
+ commands = [check_config + " && sudo rm -f " + tmp_file]
+ elif action == "save":
+ commands = [check_and_move]
+ else:
+ commands = [check_and_move + reload_or_restart_command]
+ # if sql.return_firewall(server_ip):
+ # commands[0] += open_port_firewalld(cfg, server_ip=server_ip, service='nginx')
else:
if is_docker == '1':
check_config = "sudo docker exec -it " + container_name + " haproxy -q -c -f " + tmp_file
@@ -1004,6 +1038,7 @@ def upload_and_restart(server_ip, cfg, **kwargs):
except Exception as e:
logging('localhost', str(e), haproxywi=1)
# If master then save version of config in a new way
+
if not kwargs.get('slave'):
diff = ''
old_cfg = kwargs.get('oldcfg')
@@ -1051,6 +1086,7 @@ def master_slave_upload_and_restart(server_ip, cfg, just_save, **kwargs):
cfg,
just_save=just_save,
nginx=kwargs.get('nginx'),
+ apache=kwargs.get('apache'),
config_file_name=kwargs.get('config_file_name'),
slave=1)
@@ -1062,6 +1098,7 @@ def master_slave_upload_and_restart(server_ip, cfg, just_save, **kwargs):
cfg,
just_save=just_save,
nginx=kwargs.get('nginx'),
+ apache=kwargs.get('apache'),
config_file_name=kwargs.get('config_file_name'),
oldcfg=kwargs.get('oldcfg'),
login=login)
@@ -1197,7 +1234,6 @@ def show_finding_in_config(stdout: str, **kwargs) -> str:
return out
-
def show_haproxy_log(serv, rows=10, waf='0', grep=None, hour='00', minut='00', hour1='24', minut1='00', service='haproxy', **kwargs):
import sql
exgrep = form.getvalue('exgrep')
@@ -1216,12 +1252,15 @@ def show_haproxy_log(serv, rows=10, waf='0', grep=None, hour='00', minut='00', h
else:
exgrep_act = ''
- if service == 'nginx' or service == 'haproxy':
+ if service == 'nginx' or service == 'haproxy' or service == 'apache':
syslog_server_enable = sql.get_setting('syslog_server_enable')
if syslog_server_enable is None or syslog_server_enable == 0:
if service == 'nginx':
local_path_logs = sql.get_setting('nginx_path_logs')
commands = ["sudo cat %s/%s |tail -%s %s %s" % (local_path_logs, log_file, rows, grep_act, exgrep_act)]
+ elif service == 'apache':
+ local_path_logs = sql.get_setting('apache_path_logs')
+ commands = ["sudo cat %s/%s| awk -F\"/|:\" '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act)]
else:
local_path_logs = sql.get_setting('haproxy_path_logs')
commands = ["sudo cat %s/%s| awk '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act)]
@@ -1239,7 +1278,7 @@ def show_haproxy_log(serv, rows=10, waf='0', grep=None, hour='00', minut='00', h
return show_log(a, html=0, grep=grep)
else:
return ssh_command(syslog_server, commands, show_log='1', grep=grep)
- elif service == 'apache':
+ elif service == 'apache_internal':
apache_log_path = sql.get_setting('apache_log_path')
if serv == 'roxy-wi.access.log':
@@ -1342,6 +1381,8 @@ def ssh_command(server_ip, commands, **kwargs):
ssh.close()
return str(e)
+ if kwargs.get('raw'):
+ return stdout
try:
if kwargs.get("ip") == "1":
show_ip(stdout)
@@ -1354,8 +1395,6 @@ def ssh_command(server_ip, commands, **kwargs):
return stdout.read().decode(encoding='UTF-8')
elif kwargs.get('return_err') == 1:
return stderr.read().decode(encoding='UTF-8')
- elif kwargs.get('raw'):
- return stdout
else:
return stdout.read().decode(encoding='UTF-8')
except Exception as e:
@@ -1441,7 +1480,10 @@ def get_remote_files(server_ip: str, config_dir: str, file_format: str):
def return_nice_path(return_path: str) -> str:
- if 'nginx' not in return_path and 'haproxy' not in return_path:
+ if ('nginx' not in return_path and
+ 'haproxy' not in return_path and
+ 'apache2' not in return_path and
+ 'httpd' not in return_path):
return 'error: The path must contain the name of the service. Check it in Roxy-WI settings'
if return_path[-1] != '/':
return_path += '/'
@@ -1919,3 +1961,16 @@ def send_message_to_rabbit(message: str) -> None:
body=message)
connection.close()
+
+
+def is_restarted(server_ip, action):
+ import sql
+ import http.cookies
+
+ cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
+ user_uuid = cookie.get('uuid')
+ user_role = sql.get_user_role_by_uuid(user_uuid.value)
+
+ if sql.is_serv_protected(server_ip) and int(user_role) > 2:
+ print('error: This server is protected. You cannot ' + action + ' it')
+ sys.exit()
diff --git a/app/hapservers.py b/app/hapservers.py
index c641b3bb..229ee6a5 100644
--- a/app/hapservers.py
+++ b/app/hapservers.py
@@ -9,17 +9,15 @@ template = env.get_template('hapservers.html')
print('Content-type: text/html\n')
funct.check_login()
-
-try:
- user, user_id, role, token, servers, user_services = funct.get_users_params()
- services = []
-except:
- pass
+services = []
+servers: object
+user, user_id, role, token, servers, user_services = funct.get_users_params()
form = funct.form
serv = funct.is_ip_or_dns(form.getvalue('serv'))
service = form.getvalue('service')
autorefresh = 0
+title = "HAProxy servers overview"
cmd = "ps ax |grep -e 'keep_alive.py' |grep -v grep |wc -l"
keep_alive, stderr = funct.subprocess_execute(cmd)
@@ -47,9 +45,20 @@ elif service == 'keepalived':
else:
servers = sql.get_dick_permit(virt=1, keepalived=1)
service_settings = sql.select_docker_services_settings(service)
+elif service == 'apache':
+ if funct.check_login(service=4):
+ title = 'Apache servers overview'
+ if serv:
+ if funct.check_is_server_in_group(serv):
+ servers = sql.select_servers(server=serv)
+ autorefresh = 1
+ server_id = sql.select_server_id_by_ip(serv)
+ service_settings = sql.select_docker_service_settings(server_id, service)
+ else:
+ servers = sql.get_dick_permit(virt=1, apache=1)
+ service_settings = sql.select_docker_services_settings(service)
else:
if funct.check_login(service=1):
- title = "HAProxy servers overview"
service = 'haproxy'
if serv:
if funct.check_is_server_in_group(serv):
@@ -92,7 +101,6 @@ for s in servers:
servers_with_status.append(s[11])
if service == 'nginx':
h = (['', ''],)
- print(str(service_settings))
cmd = [
"/usr/sbin/nginx -v 2>&1|awk '{print $3}' && systemctl status nginx |grep -e 'Active' |awk '{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l"]
for service_set in service_settings:
@@ -132,6 +140,23 @@ for s in servers:
servers_with_status.append(h)
servers_with_status.append(h)
servers_with_status.append(s[22])
+ elif service == 'apache':
+ h = (['',''],)
+ apache_stats_user = sql.get_setting('apache_stats_user')
+ apache_stats_password = sql.get_setting('apache_stats_password')
+ apache_stats_port = sql.get_setting('apache_stats_port')
+ apache_stats_page = sql.get_setting('apache_stats_page')
+ cmd = "curl -s -u %s:%s http://%s:%s/%s?auto |grep 'ServerVersion\|Processes\|ServerUptime:'" % (apache_stats_user, apache_stats_password, s[2], apache_stats_port, apache_stats_page)
+ try:
+ out = funct.subprocess_execute(cmd)
+ if out != '':
+ for k in out:
+ servers_with_status.append(k)
+ servers_with_status.append(s[22])
+ except:
+ servers_with_status.append(h)
+ servers_with_status.append(h)
+ servers_with_status.append(s[22])
else:
cmd = 'echo "show info" |nc %s %s -w 1 -v|grep -e "Ver\|Uptime:\|Process_num"' % (s[2], haproxy_sock_port)
out = funct.subprocess_execute(cmd)
diff --git a/app/history.py b/app/history.py
index 8cfeff39..5b8b616b 100644
--- a/app/history.py
+++ b/app/history.py
@@ -35,6 +35,13 @@ elif service == 'keepalived':
if funct.check_is_server_in_group(serv):
server_id = sql.select_server_id_by_ip(serv)
history = sql.select_action_history_by_server_id_and_service(server_id, service)
+elif service == 'apache':
+ if funct.check_login(service=4):
+ title = 'Apache service history'
+ if serv:
+ if funct.check_is_server_in_group(serv):
+ server_id = sql.select_server_id_by_ip(serv)
+ history = sql.select_action_history_by_server_id_and_service(server_id, service)
elif service == 'haproxy':
if funct.check_login(service=1):
title = "HAProxy service history"
diff --git a/app/logs.py b/app/logs.py
index 7ee78713..1d051364 100644
--- a/app/logs.py
+++ b/app/logs.py
@@ -1,5 +1,6 @@
#!/usr/bin/env python3
import funct
+import sql
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('logs.html')
@@ -39,12 +40,19 @@ except Exception:
if service == 'nginx':
if funct.check_login(service=2):
title = "Nginx`s logs"
+ servers = sql.get_dick_permit(nginx=1)
+elif service == 'apache':
+ if funct.check_login(service=4):
+ title = "Apache's logs"
+ servers = sql.get_dick_permit(apache=1)
elif waf == '1':
if funct.check_login(service=1):
title = "WAF logs"
+ servers = sql.get_dick_permit(haproxy=1)
else:
if funct.check_login(service=1):
title = "HAProxy`s logs"
+ servers = sql.get_dick_permit(haproxy=1)
template = template.render(h2=1,
autorefresh=1,
diff --git a/app/options.py b/app/options.py
index a6680a1b..677da913 100644
--- a/app/options.py
+++ b/app/options.py
@@ -90,10 +90,10 @@ if serv and form.getvalue('ssl_cert'):
for master in MASTERS:
if master[0] is not None:
funct.upload(master[0], cert_path, name)
+ print('success: the SSL file has been uploaded to %s into: %s%s
' % (master[0], cert_path, '/' + name))
try:
error = funct.upload(serv, cert_path, name)
- if error == '':
- print('success: the SSL file has been uploaded to %s into: %s%s' % (serv, cert_path, '/' + name))
+ print('success: the SSL file has been uploaded to %s into: %s%s' % (serv, cert_path, '/' + name))
except Exception as e:
funct.logging('localhost', e.args[0], haproxywi=1)
try:
@@ -407,6 +407,8 @@ if form.getvalue('action_hap') is not None and serv is not None:
action = form.getvalue('action_hap')
haproxy_service_name = "haproxy"
+ funct.is_restarted(serv, action)
+
if funct.check_haproxy_config(serv):
server_id = sql.select_server_id_by_ip(server_ip=serv)
is_docker = sql.select_service_setting(server_id, 'haproxy', 'dockerized')
@@ -429,6 +431,8 @@ if form.getvalue('action_hap') is not None and serv is not None:
if form.getvalue('action_nginx') is not None and serv is not None:
action = form.getvalue('action_nginx')
+ funct.is_restarted(serv, action)
+
if funct.check_nginx_config(serv):
server_id = sql.select_server_id_by_ip(server_ip=serv)
is_docker = sql.select_service_setting(server_id, 'nginx', 'dockerized')
@@ -446,6 +450,8 @@ if form.getvalue('action_nginx') is not None and serv is not None:
if form.getvalue('action_keepalived') is not None and serv is not None:
action = form.getvalue('action_keepalived')
+ funct.is_restarted(serv, action)
+
commands = ["sudo systemctl %s keepalived" % action]
funct.ssh_command(serv, commands)
funct.logging(serv, 'Service has been ' + action + 'ed', haproxywi=1, login=1, keep_history=1, service='keepalived')
@@ -454,10 +460,36 @@ if form.getvalue('action_keepalived') is not None and serv is not None:
if form.getvalue('action_waf') is not None and serv is not None:
serv = form.getvalue('serv')
action = form.getvalue('action_waf')
+
+ funct.is_restarted(serv, action)
+
funct.logging(serv, 'WAF service has been ' + action + 'ed', haproxywi=1, login=1, keep_history=1, service='haproxy')
commands = ["sudo systemctl %s waf" % action]
funct.ssh_command(serv, commands)
+if form.getvalue('action_apache') is not None and serv is not None:
+ action = form.getvalue('action_apache')
+
+ funct.is_restarted(serv, action)
+
+ server_id = sql.select_server_id_by_ip(serv)
+ is_docker = sql.select_service_setting(server_id, 'apache', 'dockerized')
+ if is_docker == '1':
+ container_name = sql.get_setting('apache_container_name')
+ commands = ["sudo docker %s %s" % (action, container_name)]
+ else:
+ os_info = sql.select_os_info(server_id)
+
+ if "CentOS" in os_info or "Redhat" in os_info:
+ service_apache_name = 'httpd'
+ else:
+ service_apache_name = 'apache2'
+
+ commands = ["sudo systemctl %s %s" % (action, service_apache_name)]
+ funct.ssh_command(serv, commands)
+ funct.logging(serv, 'Service has been ' + action + 'ed', haproxywi=1, login=1, keep_history=1, service='apache')
+ print("success: Apache has been %s" % action)
+
if form.getvalue('action_service') is not None:
action = form.getvalue('action_service')
if action == 'stop':
@@ -484,7 +516,7 @@ if act == "overviewHapserverBackends":
configs_dir = funct.get_config_var('configs', 'kp_save_configs_dir')
format_file = 'conf'
- if service != 'nginx':
+ if service != 'nginx' and service != 'apache':
try:
sections = funct.get_sections(configs_dir + funct.get_files(dir=configs_dir, format=format_file)[0], service=service)
except Exception as e:
@@ -557,22 +589,17 @@ if act == "overview":
async def async_get_overview(serv1, serv2, user_uuid, server_id):
user_id = sql.get_user_id_by_uuid(user_uuid)
user_services = sql.select_user_services(user_id)
- if '1' in user_services:
- haproxy = sql.select_haproxy(serv2)
- else:
- haproxy = 0
- if '2' in user_services:
- nginx = sql.select_nginx(serv2)
- else:
- nginx = 0
- if '3' in user_services:
- keepalived = sql.select_keepalived(serv2)
- else:
- keepalived = 0
+
+ haproxy = sql.select_haproxy(serv) if '1' in user_services else 0
+ nginx = sql.select_nginx(serv) if '2' in user_services else 0
+ keepalived = sql.select_keepalived(serv) if '3' in user_services else 0
+ apache = sql.select_apache(serv) if '4' in user_services else 0
+
waf = sql.select_waf_servers(serv2)
haproxy_process = ''
keepalived_process = ''
nginx_process = ''
+ apache_process = ''
waf_process = ''
try:
@@ -584,14 +611,18 @@ if act == "overview":
cmd = 'echo "show info" |nc %s %s -w 1|grep -e "Process_num"' % (serv2, sql.get_setting('haproxy_sock_port'))
haproxy_process = funct.server_status(funct.subprocess_execute(cmd))
- if keepalived == 1:
- command = ["ps ax |grep keepalived|grep -v grep|wc -l|tr -d '\n'"]
- keepalived_process = funct.ssh_command(serv2, command)
-
if nginx == 1:
nginx_cmd = 'echo "something" |nc %s %s -w 1' % (serv2, sql.get_setting('nginx_stats_port'))
nginx_process = funct.server_status(funct.subprocess_execute(nginx_cmd))
+ if apache == 1:
+ apache_cmd = 'echo "something" |nc %s %s -w 1' % (serv2, sql.get_setting('apache_stats_port'))
+ apache_process = funct.server_status(funct.subprocess_execute(apache_cmd))
+
+ if keepalived == 1:
+ command = ["ps ax |grep keepalived|grep -v grep|wc -l|tr -d '\n'"]
+ keepalived_process = funct.ssh_command(serv2, command)
+
if waf_len >= 1:
command = ["ps ax |grep waf/bin/modsecurity |grep -v grep |wc -l"]
waf_process = funct.ssh_command(serv2, command)
@@ -606,7 +637,9 @@ if act == "overview":
keepalived_process,
nginx,
nginx_process,
- server_id)
+ server_id,
+ apache,
+ apache_process)
return server_status
@@ -835,7 +868,7 @@ if serv is not None and form.getvalue('rows1') is not None:
hour1 = form.getvalue('hour1')
minut1 = form.getvalue('minut1')
out = funct.show_haproxy_log(serv, rows=rows, waf='0', grep=grep, hour=hour, minut=minut, hour1=hour1,
- minut1=minut1, service='apache')
+ minut1=minut1, service='apache_internal')
print(out)
if form.getvalue('viewlogs') is not None:
@@ -1094,10 +1127,13 @@ if act == "showCompareConfigs":
template = env.get_template('ajax/show_compare_configs.html')
left = form.getvalue('left')
right = form.getvalue('right')
+ service = form.getvalue('service')
- if form.getvalue('service') == 'nginx':
+ if service == 'nginx':
return_files = funct.get_files(funct.get_config_var('configs', 'nginx_save_configs_dir'), 'conf')
- elif form.getvalue('service') == 'keepalived':
+ elif service == 'apache':
+ return_files = funct.get_files(funct.get_config_var('configs', 'apache_save_configs_dir'), 'conf')
+ elif service == 'keepalived':
return_files = funct.get_files(funct.get_config_var('configs', 'kp_save_configs_dir'), 'conf')
else:
return_files = funct.get_files()
@@ -1110,12 +1146,16 @@ if serv is not None and form.getvalue('right') is not None:
left = form.getvalue('left')
right = form.getvalue('right')
+
if form.getvalue('service') == 'nginx':
configs_dir = funct.get_config_var('configs', 'nginx_save_configs_dir')
+ elif form.getvalue('service') == 'apache':
+ configs_dir = funct.get_config_var('configs', 'apache_save_configs_dir')
elif form.getvalue('service') == 'keepalived':
configs_dir = funct.get_config_var('configs', 'kp_save_configs_dir')
else:
configs_dir = funct.get_config_var('configs', 'haproxy_save_configs_dir')
+
cmd = 'diff -pub %s%s %s%s' % (configs_dir, left, configs_dir, right)
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True,
extensions=["jinja2.ext.loopcontrols", "jinja2.ext.do"])
@@ -1145,6 +1185,9 @@ if serv is not None and act == "configShow":
elif service == 'nginx':
configs_dir = funct.get_config_var('configs', 'nginx_save_configs_dir')
cfg = '.conf'
+ elif service == 'apache':
+ configs_dir = funct.get_config_var('configs', 'apache_save_configs_dir')
+ cfg = '.conf'
else:
configs_dir = funct.get_config_var('configs', 'haproxy_save_configs_dir')
cfg = '.cfg'
@@ -1153,6 +1196,8 @@ if serv is not None and act == "configShow":
cfg = configs_dir + serv + "-" + funct.get_data('config') + cfg
if service == 'nginx':
funct.get_config(serv, cfg, nginx=1, config_file_name=form.getvalue('config_file_name'))
+ elif service == 'apache':
+ funct.get_config(serv, cfg, apache=1, config_file_name=form.getvalue('config_file_name'))
elif service == 'keepalived':
funct.get_config(serv, cfg, keepalived=1)
else:
@@ -1185,22 +1230,25 @@ if serv is not None and act == "configShow":
os.system("/bin/rm -f " + cfg)
if act == 'configShowFiles':
- config_dir = funct.get_config_var('configs', 'nginx_save_configs_dir')
- nginx_config_dir = sql.get_setting('nginx_dir')
+ service = form.getvalue('service')
+
+ config_dir = funct.get_config_var('configs', service+'_save_configs_dir')
+ service_config_dir = sql.get_setting(service+'_dir')
try:
config_file_name = form.getvalue('config_file_name').replace('92', '/')
except:
config_file_name = ''
- return_files = funct.get_remote_files(serv, nginx_config_dir, 'conf')
+ return_files = funct.get_remote_files(serv, service_config_dir, 'conf')
if 'error: ' in return_files:
print(return_files)
sys.exit()
- return_files += ' ' + sql.get_setting('nginx_config_path')
+ return_files += ' ' + sql.get_setting(service+'_config_path')
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('ajax/show_configs_files.html')
- template = template.render(serv=serv, return_files=return_files, config_file_name=config_file_name, path_dir=nginx_config_dir)
+ template = template.render(serv=serv, service=service, return_files=return_files,
+ config_file_name=config_file_name, path_dir=service_config_dir)
print(template)
if act == 'showRemoteLogFiles':
@@ -2065,6 +2113,7 @@ if form.getvalue('newserver') is not None:
typeip = form.getvalue('typeip')
haproxy = form.getvalue('haproxy')
nginx = form.getvalue('nginx')
+ apache = form.getvalue('apache')
firewall = form.getvalue('firewall')
enable = form.getvalue('enable')
master = form.getvalue('slave')
@@ -2078,13 +2127,14 @@ if form.getvalue('newserver') is not None:
print('error: IP or DNS name is not valid')
sys.exit()
- if sql.add_server(hostname, ip, group, typeip, enable, master, cred, port, desc, haproxy, nginx, firewall):
+ if sql.add_server(hostname, ip, group, typeip, enable, master, cred, port, desc, haproxy, nginx, apache, firewall):
try:
if scan_server == '1':
nginx_config_path = sql.get_setting('nginx_config_path')
haproxy_config_path = sql.get_setting('haproxy_config_path')
haproxy_dir = sql.get_setting('haproxy_dir')
+ apache_config_path = sql.get_setting('apache_config_path')
keepalived_config_path = '/etc/keepalived/keepalived.conf'
if funct.is_file_exists(ip, nginx_config_path):
@@ -2096,6 +2146,9 @@ if form.getvalue('newserver') is not None:
if funct.is_file_exists(ip, keepalived_config_path):
sql.update_keepalived(ip)
+ if funct.is_file_exists(ip, apache_config_path):
+ sql.update_apache(ip)
+
if funct.is_file_exists(ip, haproxy_dir + '/waf/bin/modsecurity'):
sql.insert_waf_metrics_enable(ip, "0")
sql.insert_waf_rules(ip)
@@ -2142,6 +2195,7 @@ if form.getvalue('updateserver') is not None:
typeip = form.getvalue('typeip')
haproxy = form.getvalue('haproxy')
nginx = form.getvalue('nginx')
+ apache = form.getvalue('apache')
firewall = form.getvalue('firewall')
enable = form.getvalue('enable')
master = form.getvalue('slave')
@@ -2154,7 +2208,7 @@ if form.getvalue('updateserver') is not None:
if name is None or port is None:
print(error_mess)
else:
- sql.update_server(name, group, typeip, enable, master, serv_id, cred, port, desc, haproxy, nginx, firewall, protected)
+ sql.update_server(name, group, typeip, enable, master, serv_id, cred, port, desc, haproxy, nginx, apache, firewall, protected)
funct.logging('the server ' + name, ' has been updated ', haproxywi=1, login=1)
server_ip = sql.select_server_ip_by_id(serv_id)
funct.logging(server_ip, 'The server ' + name + ' has been update', haproxywi=1, login=1,
@@ -3917,6 +3971,7 @@ if form.getvalue('serverSettingsSave') is not None:
haproxy_enterprise = form.getvalue('serverSettingsEnterprise')
haproxy_dockerized = form.getvalue('serverSettingshaproxy_dockerized')
nginx_dockerized = form.getvalue('serverSettingsnginx_dockerized')
+ apache_dockerized = form.getvalue('serverSettingsapache_dockerized')
server_ip = sql.select_server_ip_by_id(server_id)
if service == 'haproxy':
@@ -3947,6 +4002,16 @@ if form.getvalue('serverSettingsSave') is not None:
funct.logging(server_ip, 'Service has been flagged as a system service', haproxywi=1, login=1,
keep_history=1, service=service)
+ if service == 'apache':
+ if sql.insert_or_update_service_setting(server_id, service, 'dockerized', apache_dockerized):
+ print('Ok')
+ if apache_dockerized:
+ funct.logging(server_ip, 'Service has been flagged as a dockerized', haproxywi=1, login=1,
+ keep_history=1, service=service)
+ else:
+ funct.logging(server_ip, 'Service has been flagged as a system service', haproxywi=1, login=1,
+ keep_history=1, service=service)
+
if act == 'showListOfVersion':
service = form.getvalue('service')
configver = form.getvalue('configver')
@@ -3964,6 +4029,11 @@ if act == 'showListOfVersion':
files = funct.get_files(dir=configs_dir, format='conf')
configs = sql.select_config_version(serv, service)
action = 'versions.py?service=nginx'
+ elif service == 'apache':
+ configs_dir = funct.get_config_var('configs', 'apache_save_configs_dir')
+ files = funct.get_files(dir=configs_dir, format='conf')
+ configs = sql.select_config_version(serv, service)
+ action = 'versions.py?service=apache'
else:
service = 'haproxy'
files = funct.get_files()
@@ -4049,7 +4119,7 @@ if act == 'findInConfigs':
service = form.getvalue('service')
log_path = sql.get_setting(service + '_dir')
log_path = funct.return_nice_path(log_path)
- commands = ['sudo grep "%s" %s* -C 2 -Rn' % (finding_words, log_path)]
+ commands = ['sudo grep "%s" %s*/*.conf -C 2 -Rn' % (finding_words, log_path)]
return_find = funct.ssh_command(server_ip, commands, raw='1')
return_find = funct.show_finding_in_config(return_find, grep=finding_words)
@@ -4057,3 +4127,41 @@ if act == 'findInConfigs':
print(return_find)
sys.exit()
print(return_find)
+
+if act == 'check_service':
+ import http.cookies
+ cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
+ user_uuid = cookie.get('uuid')
+ user_id = sql.get_user_id_by_uuid(user_uuid.value)
+ user_services = sql.select_user_services(user_id)
+ server_id = form.getvalue('server_id')
+ service = form.getvalue('service')
+
+ if '1' in user_services:
+ if service == 'haproxy':
+ haproxy_sock_port = sql.get_setting('haproxy_sock_port')
+ cmd = 'echo "show info" |nc %s %s -w 1 -v|grep Name' % (serv, haproxy_sock_port)
+ out = funct.subprocess_execute(cmd)
+ for k in out[0]:
+ if "Name" in k:
+ print('up')
+ break
+ else:
+ print('down')
+ if '2' in user_services:
+ if service == 'nginx':
+ import socket
+ from contextlib import closing
+
+ nginx_stats_port = sql.get_setting('nginx_stats_port')
+
+ with closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as sock:
+ sock.settimeout(5)
+
+ try:
+ if sock.connect_ex((serv, nginx_stats_port)) == 0:
+ print('up')
+ else:
+ print('down')
+ except Exception:
+ print('down')
diff --git a/app/sql.py b/app/sql.py
index fc84cd89..87f91f1e 100644
--- a/app/sql.py
+++ b/app/sql.py
@@ -191,6 +191,22 @@ def add_setting_for_new_group(group_id):
{'param': 'ldap_search_field', 'value': 'mail', 'section': 'ldap',
'desc': 'User\'s email address', 'group': group_id},
{'param': 'ldap_type', 'value': '0', 'section': 'ldap', 'desc': 'Use LDAPS (1 - yes, 0 - no)', 'group': group_id},
+ {'param': 'apache_path_logs', 'value': '/var/log/httpd/', 'section': 'apache',
+ 'desc': 'The path for Apache logs', 'group': group_id},
+ {'param': 'apache_stats_user', 'value': 'admin', 'section': 'apache',
+ 'desc': 'Username for accessing Apache stats page', 'group': group_id},
+ {'param': 'apache_stats_password', 'value': 'password', 'section': 'apache',
+ 'desc': 'Password for Apache stats webpage', 'group': group_id},
+ {'param': 'apache_stats_port', 'value': '8087', 'section': 'apache', 'desc': 'Stats port for webpage Apache',
+ 'group': group_id},
+ {'param': 'apache_stats_page', 'value': 'stats', 'section': 'apache', 'desc': 'URI Stats for webpage Apache',
+ 'group': group_id},
+ {'param': 'apache_dir', 'value': '/etc/httpd/', 'section': 'apache',
+ 'desc': 'Path to the Apache directory with config files', 'group': group_id},
+ {'param': 'apache_config_path', 'value': '/etc/httpd/conf/httpd.conf', 'section': 'apache',
+ 'desc': 'Path to the main Nginx configuration file', 'group': group_id},
+ {'param': 'apache_container_name', 'value': 'apache', 'section': 'apache',
+ 'desc': 'Docker container name for Apache service', 'group': group_id},
]
try:
@@ -234,10 +250,10 @@ def update_group(name, descript, group_id):
return True
-def add_server(hostname, ip, group, typeip, enable, master, cred, port, desc, haproxy, nginx, firewall):
+def add_server(hostname, ip, group, typeip, enable, master, cred, port, desc, haproxy, nginx, apache, firewall):
try:
Server.insert(hostname=hostname, ip=ip, groups=group, type_ip=typeip, enable=enable, master=master, cred=cred,
- port=port, desc=desc, haproxy=haproxy, nginx=nginx, firewall_enable=firewall).execute()
+ port=port, desc=desc, haproxy=haproxy, nginx=nginx, apache=apache, firewall_enable=firewall).execute()
return True
except Exception as e:
out_error(e)
@@ -270,7 +286,7 @@ def update_hapwi_server(server_id, alert, metrics, active, service_name):
out_error(e)
-def update_server(hostname, group, typeip, enable, master, server_id, cred, port, desc, haproxy, nginx, firewall, protected):
+def update_server(hostname, group, typeip, enable, master, server_id, cred, port, desc, haproxy, nginx, apache, firewall, protected):
try:
server_update = Server.update(hostname=hostname,
groups=group,
@@ -282,6 +298,7 @@ def update_server(hostname, group, typeip, enable, master, server_id, cred, port
desc=desc,
haproxy=haproxy,
nginx=nginx,
+ apache=apache,
firewall_enable=firewall,
protected=protected).where(Server.server_id == server_id)
server_update.execute()
@@ -750,7 +767,7 @@ def get_dick_permit(**kwargs):
grp = group.value
except Exception as e:
print('')
- return
+ return
if kwargs.get('token'):
token = kwargs.get('token')
else:
@@ -761,6 +778,7 @@ def get_dick_permit(**kwargs):
haproxy = ''
nginx = ''
keepalived = ''
+ apache = ''
ip = ''
if kwargs.get('virt'):
@@ -771,22 +789,32 @@ def get_dick_permit(**kwargs):
disable = '(enable = 1 or enable = 0)'
if kwargs.get('ip'):
ip = "and ip = '%s'" % kwargs.get('ip')
- if kwargs.get('haproxy'):
+ if kwargs.get('haproxy') or kwargs.get('service') == 'haproxy':
haproxy = "and haproxy = 1"
- if kwargs.get('nginx'):
+ if kwargs.get('nginx') or kwargs.get('service') == 'nginx':
nginx = "and nginx = 1"
- if kwargs.get('keepalived'):
+ if kwargs.get('keepalived') or kwargs.get('service') == 'keepalived':
keepalived = "and keepalived = 1"
+ if kwargs.get('apache') or kwargs.get('service') == 'apache':
+ apache = "and apache = 1"
if funct.check_user_group(token=token):
cursor = conn.cursor()
try:
if grp == '1' and not only_group:
- sql = """ select * from servers where {} {} {} {} {} {} order by pos""" .format(disable, type_ip, nginx, haproxy, keepalived, ip)
+ sql = """ select * from servers where {} {} {} {} {} {} {} order by pos""" .format(disable,
+ type_ip,
+ nginx,
+ haproxy,
+ keepalived,
+ apache,
+ ip)
else:
- sql = """ select * from servers where groups = '{group}' and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} order by pos
- """.format(group=grp, disable=disable, type_ip=type_ip, ip=ip, haproxy=haproxy, nginx=nginx, keepalived=keepalived)
- except Exception:
+ sql = """ select * from servers where groups = '{group}' and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by pos
+ """.format(group=grp, disable=disable, type_ip=type_ip, ip=ip, haproxy=haproxy, nginx=nginx,
+ keepalived=keepalived, apache=apache)
+ except Exception as e:
+ print(str(e))
print('')
try:
cursor.execute(sql)
@@ -1927,6 +1955,26 @@ def update_keepalived(serv):
return True
+def select_apache(serv):
+ try:
+ apache = Server.get(Server.ip == serv).apache
+ except Exception as e:
+ out_error(e)
+ else:
+ return apache
+
+
+def update_apache(serv):
+ query = Server.update(apache='1').where(Server.ip == serv)
+ try:
+ query.execute()
+ except Exception as e:
+ out_error(e)
+ return False
+ else:
+ return True
+
+
def select_nginx(serv):
try:
query_res = Server.get(Server.ip == serv).nginx
@@ -2918,6 +2966,16 @@ def select_action_history_by_server_id(server_id: int):
return query_res
+def select_action_history_by_user_id(user_id: int):
+ query = ActionHistory.select().where(ActionHistory.user_id == user_id)
+ try:
+ query_res = query.execute()
+ except Exception as e:
+ out_error(e)
+ else:
+ return query_res
+
+
def select_action_history_by_server_id_and_service(server_id: int, service: str):
query = ActionHistory.select().where(
(ActionHistory.server_id == server_id) &
diff --git a/app/templates/ajax/overview.html b/app/templates/ajax/overview.html
index a0cf4617..8a4de95b 100644
--- a/app/templates/ajax/overview.html
+++ b/app/templates/ajax/overview.html
@@ -28,6 +28,18 @@
{% endif %}
style="margin-left: 4px !important;" id="nginx_{{service.10}}">
+
+ {% if service.11|int() == 0 %}
+ = 1 %}
+
+ |
{% if service.6|int() == 0 %}
diff --git a/app/templates/ajax/show_configs_files.html b/app/templates/ajax/show_configs_files.html
index 3e7dbc12..64e38f04 100644
--- a/app/templates/ajax/show_configs_files.html
+++ b/app/templates/ajax/show_configs_files.html
@@ -20,7 +20,7 @@
{{ input('serv', type='hidden', value=serv) }}
{{ input('open', type='hidden', value='open') }}
Open
- Add
+ Add
Find
@@ -61,7 +61,7 @@
}
});
});
- function addNewConfig(serv) {
+ function addNewConfig(serv, service) {
$( "#add-new-config" ).dialog({
autoOpen: true,
resizable: false,
@@ -83,7 +83,7 @@
let path_dir = $('#path_config_name').val();
config_file_name = config_file_name.replaceAll('\/','92');
path_dir = path_dir.replaceAll('\/','92');
- window.location.replace('config.py?service=nginx&serv='+serv+'&open=open&config_file_name='+path_dir+'92'+config_file_name+'.conf&new_config=1');
+ window.location.replace('config.py?service='+service+'&serv='+serv+'&open=open&config_file_name='+path_dir+'92'+config_file_name+'.conf&new_config=1');
$( this ).dialog( "close" );
},
Cancel: function() {
diff --git a/app/templates/ajax/show_service_settings.html b/app/templates/ajax/show_service_settings.html
index de5d8140..721419a1 100644
--- a/app/templates/ajax/show_service_settings.html
+++ b/app/templates/ajax/show_service_settings.html
@@ -75,4 +75,31 @@
{% endif %}
{% endif %}
+ {% if service == 'apache' %}
+ {% if settings %}
+ {% for s in settings %}
+ {% if s.dockerized != '' and s.setting == 'dockerized' %}
+ |
+ | Apache dockerized |
+
+ {% if s.value == '1' and s.setting == 'dockerized' %}
+ {{ checkbox('apache_dockerized', checked='checked', title='This service is running inside a Docker container') }}
+ {% else %}
+ {{ checkbox('apache_dockerized', title='This server will be used as Docker container') }}
+ {% endif %}
+ |
+
+ {% endif %}
+ {% endfor %}
+ {% else %}
+
+ | Apache dockerized |
+
+ {{ checkbox('apache_dockerized', title='This server will be used as Docker container') }}
+ |
+
+ {% endif %}
+ {% endif %}
\ No newline at end of file
diff --git a/app/templates/ajax/show_user_services.html b/app/templates/ajax/show_user_services.html
index e310a1c5..82e82b0c 100644
--- a/app/templates/ajax/show_user_services.html
+++ b/app/templates/ajax/show_user_services.html
@@ -52,7 +52,7 @@
border-color: #aaa;
}
-{% set services = {'1': 'HAProxy', '2': 'Nginx', '3': 'Keepalived' } %}
+{% set services = {'1': 'HAProxy', '2': 'Nginx', '4': 'Apache', '3': 'Keepalived' } %}
| Select one or more services |
diff --git a/app/templates/base.html b/app/templates/base.html
index daab446f..b849d4ec 100644
--- a/app/templates/base.html
+++ b/app/templates/base.html
@@ -93,6 +93,19 @@
{% endif %}
+ {% if '4' in user_services %}
+
+ {% endif %}
{% if '3' in user_services %}
{% if role <= 2 %}