v4.2.3.0

Changelog: https://haproxy-wi.org/changelog.py#4_2_3
2020-04-22 15:30:31 +02:00 · 2020-04-22 15:30:31 +02:00 · 8c9c995b33
parent 2e331a4582
commit 8c9c995b33
4 changed files with 48 additions and 15 deletions
--- a/app/create_db.py
+++ b/app/create_db.py
@ -419,12 +419,34 @@ def update_db_v_42(**kwargs):
 	except sqltool.Error as e:
 		if kwargs.get('silent') != 1:
 			if e.args[0] == 'duplicate column name: haproxy' or e == " 1060 (42S21): Duplicate column name 'haproxy' ":
-				print('DB was update to 4.0.0')
+				print('Updating... go to version 4.2.3')
 			else:
 				print("An error occurred:", e)
 		return False
 	else:
-		print("DB was update to 4.0.0")
+		print("Updating... go to version 4.2.3")
+		return True
+	cur.close() 
+	con.close()
+	
+	
+def update_db_v_4_2_3(**kwargs):
+	con, cur = get_cur()
+	sql = """
+	update settings set section = 'main' where param = 'firewall_enable';
+	"""
+	try:    
+		cur.execute(sql)
+		con.commit()
+	except sqltool.Error as e:
+		if kwargs.get('silent') != 1:
+			if e.args[0] == 'duplicate column name: haproxy' or e == " 1060 (42S21): Duplicate column name 'haproxy' ":
+				print('DB was update to 4.2.3')
+			else:
+				print("An error occurred:", e)
+		return False
+	else:
+		print("DB was update to 4.2.3")
 		return True
 	cur.close() 
 	con.close()
@ -456,6 +478,7 @@ def update_all():
 	update_db_v_4()
 	update_db_v_41()
 	update_db_v_42()
+	update_db_v_4_2_3()
 	update_ver()
 		
 	
@ -473,6 +496,7 @@ def update_all_silent():
 	update_db_v_4(silent=1)
 	update_db_v_41(silent=1)
 	update_db_v_42(silent=1)
+	update_db_v_4_2_3(silent=1)
 	update_ver()
 	
 		
--- a/app/funct.py
+++ b/app/funct.py
@ -608,6 +608,8 @@ def upload_and_restart(serv, cfg, **kwargs):
 			commands = [ "sudo mv -f " + tmp_file + " " + config_path + " && sudo nginx -t -q && sudo systemctl reload nginx" ]	
 		else:
 			commands = [ "sudo mv -f " + tmp_file + " " + config_path + " && sudo nginx -t -q && sudo systemctl restart nginx" ]	
+		if sql.get_setting('firewall_enable') == "1":
+			commands[0] += open_port_firewalld(cfg, serv=serv, service='nginx')
 	else:
 		if kwargs.get("just_save") == "test":
 			commands = [ "sudo haproxy  -q -c -f " + tmp_file + "&& sudo rm -f " + tmp_file ]
@ -618,7 +620,7 @@ def upload_and_restart(serv, cfg, **kwargs):
 		else:
 			commands = [ "sudo haproxy  -q -c -f " + tmp_file + "&& sudo mv -f " + tmp_file + " " + config_path + " && sudo systemctl restart haproxy" ]	
 		if sql.get_setting('firewall_enable') == "1":
-			commands[0] += open_port_firewalld(cfg)
+			commands[0] += open_port_firewalld(cfg, serv=serv)
 	error += str(upload(serv, tmp_file, cfg, dir='fullpath'))

 	try:
@ -644,7 +646,7 @@ def master_slave_upload_and_restart(serv, cfg, just_save, **kwargs):
 	return error
 	
 		
-def open_port_firewalld(cfg):
+def open_port_firewalld(cfg, serv, **kwargs):
 	try:
 		conf = open(cfg, "r")
 	except IOError:
@ -654,16 +656,23 @@ def open_port_firewalld(cfg):
 	ports = ''
 	
 	for line in conf:
-		if "bind" in line:
-			bind = line.split(":")
-			bind[1] = bind[1].strip(' ')
-			bind = bind[1].split("ssl")
-			bind = bind[0].strip(' \t\n\r')
-			firewalld_commands += ' sudo firewall-cmd --zone=public --add-port=%s/tcp --permanent -q &&' % bind
-			ports += bind+' '
+		if kwargs.get('service') == 'nginx':
+			if "listen " in line and '#' not in line:			
+				listen = ' '.join(line.split())
+				listen = listen.split(" ")[1]
+				listen = listen.split(";")[0]
+				ports += listen+' '
+		else:
+			if "bind" in line:
+				bind = line.split(":")
+				bind[1] = bind[1].strip(' ')
+				bind = bind[1].split("ssl")
+				bind = bind[0].strip(' \t\n\r')
+				firewalld_commands += ' sudo firewall-cmd --zone=public --add-port=%s/tcp --permanent -q &&' % bind
+				ports += bind+' '
 				
 	firewalld_commands += 'sudo firewall-cmd --reload -q' 
-	logging('localhost', ' Next ports have opened: '+ports+ ' has opened ')
+	logging(serv, ' Next ports have been opened: '+ports+ ' has opened ')
 	return firewalld_commands
 	
 	
--- a/app/scripts/ansible/roles/keepalived/tasks/install.yml
+++ b/app/scripts/ansible/roles/keepalived/tasks/install.yml
@ -18,7 +18,7 @@
  yum:
    name: epel-release
    state: latest
-  when: ((ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0
+  when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0
  ignore_errors: yes
  environment:
    http_proxy: "{{PROXY}}"
--- a/app/scripts/waf.sh
+++ b/app/scripts/waf.sh
@ -31,11 +31,11 @@ if [ -f $HAPROXY_PATH/waf/modsecurity.conf  ];then
 	exit 1
 fi
 if hash apt-get 2>/dev/null; then
-	sudo apt install libevent-dev apache2-dev libpcre3-dev libxml2-dev gcc pcre-devel -y
+	sudo apt install libevent-dev apache2-dev libpcre3-dev libxml2-dev gcc pcre-devel wget -y
 else
 	sudo yum install -y http://rpmfind.net/linux/centos/7/os/x86_64/Packages/yajl-devel-2.0.4-4.el7.x86_64.rpm >> /dev/null
 	sudo yum install -y http://mirror.centos.org/centos/7/os/x86_64/Packages/libevent-devel-2.0.21-4.el7.x86_64.rpm >> /dev/null
-	sudo yum install -y httpd-devel libxml2-devel gcc curl-devel pcre-devel -y >> /dev/null
+	sudo yum install -y httpd-devel libxml2-devel gcc curl-devel pcre-devel wget -y >> /dev/null
 fi

 wget -O /tmp/modsecurity.tar.gz https://www.modsecurity.org/tarball/2.9.2/modsecurity-2.9.2.tar.gz >> /dev/null