From 8c9c995b33dcab7b167b97da14d59f45b4bfcf35 Mon Sep 17 00:00:00 2001 From: Pavel Loginov Date: Wed, 22 Apr 2020 15:30:31 +0200 Subject: [PATCH] v4.2.3.0 Changelog: https://haproxy-wi.org/changelog.py#4_2_3 --- app/create_db.py | 28 ++++++++++++++++-- app/funct.py | 29 ++++++++++++------- .../roles/keepalived/tasks/install.yml | 2 +- app/scripts/waf.sh | 4 +-- 4 files changed, 48 insertions(+), 15 deletions(-) diff --git a/app/create_db.py b/app/create_db.py index 20441e4d..2e98e6e3 100644 --- a/app/create_db.py +++ b/app/create_db.py @@ -419,12 +419,34 @@ def update_db_v_42(**kwargs): except sqltool.Error as e: if kwargs.get('silent') != 1: if e.args[0] == 'duplicate column name: haproxy' or e == " 1060 (42S21): Duplicate column name 'haproxy' ": - print('DB was update to 4.0.0') + print('Updating... go to version 4.2.3') else: print("An error occurred:", e) return False else: - print("DB was update to 4.0.0") + print("Updating... go to version 4.2.3") + return True + cur.close() + con.close() + + +def update_db_v_4_2_3(**kwargs): + con, cur = get_cur() + sql = """ + update settings set section = 'main' where param = 'firewall_enable'; + """ + try: + cur.execute(sql) + con.commit() + except sqltool.Error as e: + if kwargs.get('silent') != 1: + if e.args[0] == 'duplicate column name: haproxy' or e == " 1060 (42S21): Duplicate column name 'haproxy' ": + print('DB was update to 4.2.3') + else: + print("An error occurred:", e) + return False + else: + print("DB was update to 4.2.3") return True cur.close() con.close() @@ -456,6 +478,7 @@ def update_all(): update_db_v_4() update_db_v_41() update_db_v_42() + update_db_v_4_2_3() update_ver() @@ -473,6 +496,7 @@ def update_all_silent(): update_db_v_4(silent=1) update_db_v_41(silent=1) update_db_v_42(silent=1) + update_db_v_4_2_3(silent=1) update_ver() diff --git a/app/funct.py b/app/funct.py index a71070a3..2e740410 100644 --- a/app/funct.py +++ b/app/funct.py @@ -608,6 +608,8 @@ def upload_and_restart(serv, cfg, **kwargs): commands = [ "sudo mv -f " + tmp_file + " " + config_path + " && sudo nginx -t -q && sudo systemctl reload nginx" ] else: commands = [ "sudo mv -f " + tmp_file + " " + config_path + " && sudo nginx -t -q && sudo systemctl restart nginx" ] + if sql.get_setting('firewall_enable') == "1": + commands[0] += open_port_firewalld(cfg, serv=serv, service='nginx') else: if kwargs.get("just_save") == "test": commands = [ "sudo haproxy -q -c -f " + tmp_file + "&& sudo rm -f " + tmp_file ] @@ -618,7 +620,7 @@ def upload_and_restart(serv, cfg, **kwargs): else: commands = [ "sudo haproxy -q -c -f " + tmp_file + "&& sudo mv -f " + tmp_file + " " + config_path + " && sudo systemctl restart haproxy" ] if sql.get_setting('firewall_enable') == "1": - commands[0] += open_port_firewalld(cfg) + commands[0] += open_port_firewalld(cfg, serv=serv) error += str(upload(serv, tmp_file, cfg, dir='fullpath')) try: @@ -644,7 +646,7 @@ def master_slave_upload_and_restart(serv, cfg, just_save, **kwargs): return error -def open_port_firewalld(cfg): +def open_port_firewalld(cfg, serv, **kwargs): try: conf = open(cfg, "r") except IOError: @@ -654,16 +656,23 @@ def open_port_firewalld(cfg): ports = '' for line in conf: - if "bind" in line: - bind = line.split(":") - bind[1] = bind[1].strip(' ') - bind = bind[1].split("ssl") - bind = bind[0].strip(' \t\n\r') - firewalld_commands += ' sudo firewall-cmd --zone=public --add-port=%s/tcp --permanent -q &&' % bind - ports += bind+' ' + if kwargs.get('service') == 'nginx': + if "listen " in line and '#' not in line: + listen = ' '.join(line.split()) + listen = listen.split(" ")[1] + listen = listen.split(";")[0] + ports += listen+' ' + else: + if "bind" in line: + bind = line.split(":") + bind[1] = bind[1].strip(' ') + bind = bind[1].split("ssl") + bind = bind[0].strip(' \t\n\r') + firewalld_commands += ' sudo firewall-cmd --zone=public --add-port=%s/tcp --permanent -q &&' % bind + ports += bind+' ' firewalld_commands += 'sudo firewall-cmd --reload -q' - logging('localhost', ' Next ports have opened: '+ports+ ' has opened ') + logging(serv, ' Next ports have been opened: '+ports+ ' has opened ') return firewalld_commands diff --git a/app/scripts/ansible/roles/keepalived/tasks/install.yml b/app/scripts/ansible/roles/keepalived/tasks/install.yml index f5afc8eb..81f03de1 100644 --- a/app/scripts/ansible/roles/keepalived/tasks/install.yml +++ b/app/scripts/ansible/roles/keepalived/tasks/install.yml @@ -18,7 +18,7 @@ yum: name: epel-release state: latest - when: ((ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0 + when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0 ignore_errors: yes environment: http_proxy: "{{PROXY}}" diff --git a/app/scripts/waf.sh b/app/scripts/waf.sh index 3c195226..1bff4422 100644 --- a/app/scripts/waf.sh +++ b/app/scripts/waf.sh @@ -31,11 +31,11 @@ if [ -f $HAPROXY_PATH/waf/modsecurity.conf ];then exit 1 fi if hash apt-get 2>/dev/null; then - sudo apt install libevent-dev apache2-dev libpcre3-dev libxml2-dev gcc pcre-devel -y + sudo apt install libevent-dev apache2-dev libpcre3-dev libxml2-dev gcc pcre-devel wget -y else sudo yum install -y http://rpmfind.net/linux/centos/7/os/x86_64/Packages/yajl-devel-2.0.4-4.el7.x86_64.rpm >> /dev/null sudo yum install -y http://mirror.centos.org/centos/7/os/x86_64/Packages/libevent-devel-2.0.21-4.el7.x86_64.rpm >> /dev/null - sudo yum install -y httpd-devel libxml2-devel gcc curl-devel pcre-devel -y >> /dev/null + sudo yum install -y httpd-devel libxml2-devel gcc curl-devel pcre-devel wget -y >> /dev/null fi wget -O /tmp/modsecurity.tar.gz https://www.modsecurity.org/tarball/2.9.2/modsecurity-2.9.2.tar.gz >> /dev/null