github
/
haproxy-wi
mirror of https://github.com/Aidaho12/haproxy-wi
1
0
Fork 0
Code Issues Releases Wiki Activity

v6.0.2.0 

Changelog: https://roxy-wi.org/changelog.py#6_0_2
pull/321/head
Pavel Loginov 2022-05-22 23:54:47 +03:00
parent a5370ccde0
commit 8d615e9a51
8 changed files with 270 additions and 272 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/add.py
View File

@ -16,11 +16,11 @@ funct.check_login(service=1)
funct.page_for_admin(level=3) funct.page_for_admin(level=3)
if ( if (
form.getvalue('mode') is None and form.getvalue('mode') is None and
form.getvalue('new_userlist') is None and form.getvalue('new_userlist') is None and
form.getvalue('peers-name') is None and form.getvalue('peers-name') is None and
form.getvalue('generateconfig') is None form.getvalue('generateconfig') is None
): ):
try: try:
user, user_id, role, token, servers, user_services = funct.get_users_params(haproxy=1) user, user_id, role, token, servers, user_services = funct.get_users_params(haproxy=1)
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))

105
app/create_db.py
View File

@ -13,94 +13,94 @@ def default_values():
{'param': 'time_zone', 'value': 'UTC', 'section': 'main', 'desc': 'Time Zone', 'group': '1'}, {'param': 'time_zone', 'value': 'UTC', 'section': 'main', 'desc': 'Time Zone', 'group': '1'},
{'param': 'proxy', 'value': '', 'section': 'main', 'desc': 'IP address and port of the proxy server. Use proto://ip:port', 'group': '1'}, {'param': 'proxy', 'value': '', 'section': 'main', 'desc': 'IP address and port of the proxy server. Use proto://ip:port', 'group': '1'},
{'param': 'session_ttl', 'value': '5', 'section': 'main', 'desc': 'TTL for a user session (in days)', {'param': 'session_ttl', 'value': '5', 'section': 'main', 'desc': 'TTL for a user session (in days)',
'group': '1'}, 'group': '1'},
{'param': 'token_ttl', 'value': '5', 'section': 'main', 'desc': 'TTL for a user token (in days)', {'param': 'token_ttl', 'value': '5', 'section': 'main', 'desc': 'TTL for a user token (in days)',
'group': '1'}, 'group': '1'},
{'param': 'tmp_config_path', 'value': '/tmp/', 'section': 'main', {'param': 'tmp_config_path', 'value': '/tmp/', 'section': 'main',
'desc': 'Path to the temporary directory. A valid path should be specified as the value of this parameter. The directory must be owned by the user specified in SSH settings', 'desc': 'Path to the temporary directory. A valid path should be specified as the value of this parameter. The directory must be owned by the user specified in SSH settings',
'group': '1'}, 'group': '1'},
{'param': 'cert_path', 'value': '/etc/ssl/certs/', 'section': 'main', {'param': 'cert_path', 'value': '/etc/ssl/certs/', 'section': 'main',
'desc': 'Path to SSL dir. Folder owner must be a user which set in the SSH settings. Path must exist', 'desc': 'Path to SSL dir. Folder owner must be a user which set in the SSH settings. Path must exist',
'group': '1'}, 'group': '1'},
{'param': 'ssl_local_path', 'value': 'certs', 'section': 'main', {'param': 'ssl_local_path', 'value': 'certs', 'section': 'main',
'desc': 'Path to the directory with the saved local SSL certificates. The value of this parameter is specified as a relative path beginning with $HOME_ROXY_WI/app/', 'desc': 'Path to the directory with the saved local SSL certificates. The value of this parameter is specified as a relative path beginning with $HOME_ROXY_WI/app/',
'group': '1'}, 'group': '1'},
{'param': 'lists_path', 'value': 'lists', 'section': 'main', {'param': 'lists_path', 'value': 'lists', 'section': 'main',
'desc': 'Path to the black and the wild list. The value of this paramer should be specified as a relative path beginning with $HOME_ROXY-WI', 'desc': 'Path to the black and the wild list. The value of this paramer should be specified as a relative path beginning with $HOME_ROXY-WI',
'group': '1'}, 'group': '1'},
{'param': 'haproxy_path_logs', 'value': '/var/log/haproxy/', 'section': 'haproxy', {'param': 'haproxy_path_logs', 'value': '/var/log/haproxy/', 'section': 'haproxy',
'desc': 'The path for HAProxy logs', 'group': '1'}, 'desc': 'The path for HAProxy logs', 'group': '1'},
{'param': 'syslog_server_enable', 'value': '0', 'section': 'logs', {'param': 'syslog_server_enable', 'value': '0', 'section': 'logs',
'desc': 'Enable getting logs from a syslog server; (0 - no, 1 - yes)', 'group': '1'}, 'desc': 'Enable getting logs from a syslog server; (0 - no, 1 - yes)', 'group': '1'},
{'param': 'syslog_server', 'value': '', 'section': 'logs', 'desc': 'IP address of the syslog_server', {'param': 'syslog_server', 'value': '', 'section': 'logs', 'desc': 'IP address of the syslog_server',
'group': '1'}, 'group': '1'},
{'param': 'log_time_storage', 'value': '14', 'section': 'logs', {'param': 'log_time_storage', 'value': '14', 'section': 'logs',
'desc': 'Retention period for user activity logs (in days)', 'group': '1'}, 'desc': 'Retention period for user activity logs (in days)', 'group': '1'},
{'param': 'stats_user', 'value': 'admin', 'section': 'haproxy', 'desc': 'Username for accessing HAProxy stats page', {'param': 'stats_user', 'value': 'admin', 'section': 'haproxy', 'desc': 'Username for accessing HAProxy stats page',
'group': '1'}, 'group': '1'},
{'param': 'stats_password', 'value': 'password', 'section': 'haproxy', {'param': 'stats_password', 'value': 'password', 'section': 'haproxy',
'desc': 'Password for accessing HAProxy stats page', 'group': '1'}, 'desc': 'Password for accessing HAProxy stats page', 'group': '1'},
{'param': 'stats_port', 'value': '8085', 'section': 'haproxy', 'desc': 'Port for HAProxy stats page', {'param': 'stats_port', 'value': '8085', 'section': 'haproxy', 'desc': 'Port for HAProxy stats page',
'group': '1'}, 'group': '1'},
{'param': 'stats_page', 'value': 'stats', 'section': 'haproxy', 'desc': 'URI for HAProxy stats page', {'param': 'stats_page', 'value': 'stats', 'section': 'haproxy', 'desc': 'URI for HAProxy stats page',
'group': '1'}, 'group': '1'},
{'param': 'haproxy_dir', 'value': '/etc/haproxy', 'section': 'haproxy', 'desc': 'Path to the HAProxy directory', {'param': 'haproxy_dir', 'value': '/etc/haproxy', 'section': 'haproxy', 'desc': 'Path to the HAProxy directory',
'group': '1'}, 'group': '1'},
{'param': 'haproxy_config_path', 'value': '/etc/haproxy/haproxy.cfg', 'section': 'haproxy', 'desc': 'Path to the HAProxy configuration file', {'param': 'haproxy_config_path', 'value': '/etc/haproxy/haproxy.cfg', 'section': 'haproxy', 'desc': 'Path to the HAProxy configuration file',
'group': '1'}, 'group': '1'},
{'param': 'server_state_file', 'value': '/etc/haproxy/haproxy.state', 'section': 'haproxy', 'desc': 'Path to the HAProxy state file', {'param': 'server_state_file', 'value': '/etc/haproxy/haproxy.state', 'section': 'haproxy', 'desc': 'Path to the HAProxy state file',
'group': '1'}, 'group': '1'},
{'param': 'haproxy_sock', 'value': '/var/run/haproxy.sock', 'section': 'haproxy', {'param': 'haproxy_sock', 'value': '/var/run/haproxy.sock', 'section': 'haproxy',
'desc': 'Socket port for HAProxy', 'group': '1'}, 'desc': 'Socket port for HAProxy', 'group': '1'},
{'param': 'haproxy_sock_port', 'value': '1999', 'section': 'haproxy', 'desc': 'HAProxy sock port', {'param': 'haproxy_sock_port', 'value': '1999', 'section': 'haproxy', 'desc': 'HAProxy sock port',
'group': '1'}, 'group': '1'},
{'param': 'apache_log_path', 'value': '/var/log/'+apache_dir+'/', 'section': 'logs', 'desc': 'Path to Apache logs', {'param': 'apache_log_path', 'value': '/var/log/'+apache_dir+'/', 'section': 'logs', 'desc': 'Path to Apache logs',
'group': '1'}, 'group': '1'},
{'param': 'nginx_path_logs', 'value': '/var/log/nginx/', 'section': 'nginx', {'param': 'nginx_path_logs', 'value': '/var/log/nginx/', 'section': 'nginx',
'desc': 'The path for NGINX logs', 'group': '1'}, 'desc': 'The path for NGINX logs', 'group': '1'},
{'param': 'nginx_stats_user', 'value': 'admin', 'section': 'nginx', 'desc': 'Username for accessing NGINX stats page', {'param': 'nginx_stats_user', 'value': 'admin', 'section': 'nginx', 'desc': 'Username for accessing NGINX stats page',
'group': '1'}, 'group': '1'},
{'param': 'nginx_stats_password', 'value': 'password', 'section': 'nginx', {'param': 'nginx_stats_password', 'value': 'password', 'section': 'nginx',
'desc': 'Password for Stats web page NGINX', 'group': '1'}, 'desc': 'Password for Stats web page NGINX', 'group': '1'},
{'param': 'nginx_stats_port', 'value': '8086', 'section': 'nginx', 'desc': 'Stats port for web page NGINX', {'param': 'nginx_stats_port', 'value': '8086', 'section': 'nginx', 'desc': 'Stats port for web page NGINX',
'group': '1'}, 'group': '1'},
{'param': 'nginx_stats_page', 'value': 'stats', 'section': 'nginx', 'desc': 'URI Stats for web page NGINX', {'param': 'nginx_stats_page', 'value': 'stats', 'section': 'nginx', 'desc': 'URI Stats for web page NGINX',
'group': '1'}, 'group': '1'},
{'param': 'nginx_dir', 'value': '/etc/nginx/', 'section': 'nginx', {'param': 'nginx_dir', 'value': '/etc/nginx/', 'section': 'nginx',
'desc': 'Path to the NGINX directory with config files', 'group': '1'}, 'desc': 'Path to the NGINX directory with config files', 'group': '1'},
{'param': 'nginx_config_path', 'value': '/etc/nginx/nginx.conf', 'section': 'nginx', {'param': 'nginx_config_path', 'value': '/etc/nginx/nginx.conf', 'section': 'nginx',
'desc': 'Path to the main NGINX configuration file', 'group': '1'}, 'desc': 'Path to the main NGINX configuration file', 'group': '1'},
{'param': 'ldap_enable', 'value': '0', 'section': 'ldap', 'desc': 'Enable LDAP (1 - yes, 0 - no)', {'param': 'ldap_enable', 'value': '0', 'section': 'ldap', 'desc': 'Enable LDAP (1 - yes, 0 - no)',
'group': '1'}, 'group': '1'},
{'param': 'ldap_server', 'value': '', 'section': 'ldap', 'desc': 'IP address of the LDAP server', 'group': '1'}, {'param': 'ldap_server', 'value': '', 'section': 'ldap', 'desc': 'IP address of the LDAP server', 'group': '1'},
{'param': 'ldap_port', 'value': '389', 'section': 'ldap', 'desc': 'LDAP port (port 389 or 636 is used by default)', {'param': 'ldap_port', 'value': '389', 'section': 'ldap', 'desc': 'LDAP port (port 389 or 636 is used by default)',
'group': '1'}, 'group': '1'},
{'param': 'ldap_user', 'value': '', 'section': 'ldap', {'param': 'ldap_user', 'value': '', 'section': 'ldap',
'desc': 'LDAP username. Format: user@domain.com', 'group': '1'}, 'desc': 'LDAP username. Format: user@domain.com', 'group': '1'},
{'param': 'ldap_password', 'value': '', 'section': 'ldap', 'desc': 'LDAP password', 'group': '1'}, {'param': 'ldap_password', 'value': '', 'section': 'ldap', 'desc': 'LDAP password', 'group': '1'},
{'param': 'ldap_base', 'value': '', 'section': 'ldap', 'desc': 'Base domain. Example: dc=domain, dc=com', {'param': 'ldap_base', 'value': '', 'section': 'ldap', 'desc': 'Base domain. Example: dc=domain, dc=com',
'group': '1'}, 'group': '1'},
{'param': 'ldap_domain', 'value': '', 'section': 'ldap', 'desc': 'LDAP domain for logging in', 'group': '1'}, {'param': 'ldap_domain', 'value': '', 'section': 'ldap', 'desc': 'LDAP domain for logging in', 'group': '1'},
{'param': 'ldap_class_search', 'value': 'user', 'section': 'ldap', 'desc': 'Class for searching the user', {'param': 'ldap_class_search', 'value': 'user', 'section': 'ldap', 'desc': 'Class for searching the user',
'group': '1'}, 'group': '1'},
{'param': 'ldap_user_attribute', 'value': 'sAMAccountName', 'section': 'ldap', {'param': 'ldap_user_attribute', 'value': 'sAMAccountName', 'section': 'ldap',
'desc': 'Attribute to search users by', 'group': '1'}, 'desc': 'Attribute to search users by', 'group': '1'},
{'param': 'ldap_search_field', 'value': 'mail', 'section': 'ldap', 'desc': 'User\'s email address', 'group': '1'}, {'param': 'ldap_search_field', 'value': 'mail', 'section': 'ldap', 'desc': 'User\'s email address', 'group': '1'},
{'param': 'ldap_type', 'value': '0', 'section': 'ldap', 'desc': 'Use LDAPS (1 - yes, 0 - no)', 'group': '1'}, {'param': 'ldap_type', 'value': '0', 'section': 'ldap', 'desc': 'Use LDAPS (1 - yes, 0 - no)', 'group': '1'},
{'param': 'smon_check_interval', 'value': '1', 'section': 'monitoring', 'desc': 'Check interval for SMON (in minutes)', {'param': 'smon_check_interval', 'value': '1', 'section': 'monitoring', 'desc': 'Check interval for SMON (in minutes)',
'group': '1'}, 'group': '1'},
{'param': 'port_scan_interval', 'value': '5', 'section': 'monitoring', {'param': 'port_scan_interval', 'value': '5', 'section': 'monitoring',
'desc': 'Check interval for Port scanner (in minutes)', 'group': '1'}, 'desc': 'Check interval for Port scanner (in minutes)', 'group': '1'},
{'param': 'portscanner_keep_history_range', 'value': '14', 'section': 'monitoring', {'param': 'portscanner_keep_history_range', 'value': '14', 'section': 'monitoring',
'desc': 'Retention period for Port scanner history', 'group': '1'}, 'desc': 'Retention period for Port scanner history', 'group': '1'},
{'param': 'smon_keep_history_range', 'value': '14', 'section': 'monitoring', {'param': 'smon_keep_history_range', 'value': '14', 'section': 'monitoring',
'desc': 'Retention period for SMON history', 'group': '1'}, 'desc': 'Retention period for SMON history', 'group': '1'},
{'param': 'checker_keep_history_range', 'value': '14', 'section': 'monitoring', {'param': 'checker_keep_history_range', 'value': '14', 'section': 'monitoring',
'desc': 'Retention period for Checker history', 'group': '1'}, 'desc': 'Retention period for Checker history', 'group': '1'},
{'param': 'checker_maxconn_threshold', 'value': '90', 'section': 'monitoring', {'param': 'checker_maxconn_threshold', 'value': '90', 'section': 'monitoring',
'desc': 'Threshold value for alerting, in %', 'group': '1'}, 'desc': 'Threshold value for alerting, in %', 'group': '1'},
{'param': 'checker_check_interval', 'value': '1', 'section': 'monitoring', {'param': 'checker_check_interval', 'value': '1', 'section': 'monitoring',
'desc': 'Check interval for Checker (in minutes)', 'group': '1'}, 'desc': 'Check interval for Checker (in minutes)', 'group': '1'},
{'param': 'rabbitmq_host', 'value': '127.0.0.1', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server host', 'group': '1'}, {'param': 'rabbitmq_host', 'value': '127.0.0.1', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server host', 'group': '1'},
{'param': 'rabbitmq_port', 'value': '5672', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server port', 'group': '1'}, {'param': 'rabbitmq_port', 'value': '5672', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server port', 'group': '1'},
{'param': 'rabbitmq_port', 'value': '5672', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server port', 'group': '1'}, {'param': 'rabbitmq_port', 'value': '5672', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server port', 'group': '1'},
@ -109,21 +109,21 @@ def default_values():
{'param': 'rabbitmq_user', 'value': 'roxy-wi', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server user', 'group': '1'}, {'param': 'rabbitmq_user', 'value': 'roxy-wi', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server user', 'group': '1'},
{'param': 'rabbitmq_password', 'value': 'roxy-wi123', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server user password', 'group': '1'}, {'param': 'rabbitmq_password', 'value': 'roxy-wi123', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server user password', 'group': '1'},
{'param': 'apache_path_logs', 'value': '/var/log/httpd/', 'section': 'apache', {'param': 'apache_path_logs', 'value': '/var/log/httpd/', 'section': 'apache',
'desc': 'The path for Apache logs', 'group': '1'}, 'desc': 'The path for Apache logs', 'group': '1'},
{'param': 'apache_stats_user', 'value': 'admin', 'section': 'apache', {'param': 'apache_stats_user', 'value': 'admin', 'section': 'apache',
'desc': 'Username for accessing Apache stats page', 'group': '1'}, 'desc': 'Username for accessing Apache stats page', 'group': '1'},
{'param': 'apache_stats_password', 'value': 'password', 'section': 'apache', {'param': 'apache_stats_password', 'value': 'password', 'section': 'apache',
'desc': 'Password for Apache stats webpage', 'group': '1'}, 'desc': 'Password for Apache stats webpage', 'group': '1'},
{'param': 'apache_stats_port', 'value': '8087', 'section': 'apache', 'desc': 'Stats port for webpage Apache', {'param': 'apache_stats_port', 'value': '8087', 'section': 'apache', 'desc': 'Stats port for webpage Apache',
'group': '1'}, 'group': '1'},
{'param': 'apache_stats_page', 'value': 'stats', 'section': 'apache', 'desc': 'URI Stats for webpage Apache', {'param': 'apache_stats_page', 'value': 'stats', 'section': 'apache', 'desc': 'URI Stats for webpage Apache',
'group': '1'}, 'group': '1'},
{'param': 'apache_dir', 'value': '/etc/httpd/', 'section': 'apache', {'param': 'apache_dir', 'value': '/etc/httpd/', 'section': 'apache',
'desc': 'Path to the Apache directory with config files', 'group': '1'}, 'desc': 'Path to the Apache directory with config files', 'group': '1'},
{'param': 'apache_config_path', 'value': '/etc/httpd/conf/httpd.conf', 'section': 'apache', {'param': 'apache_config_path', 'value': '/etc/httpd/conf/httpd.conf', 'section': 'apache',
'desc': 'Path to the main Apache configuration file', 'group': '1'}, 'desc': 'Path to the main Apache configuration file', 'group': '1'},
{'param': 'apache_container_name', 'value': 'apache', 'section': 'apache', {'param': 'apache_container_name', 'value': 'apache', 'section': 'apache',
'desc': 'Docker container name for Apache service', 'group': '1'}, 'desc': 'Docker container name for Apache service', 'group': '1'},
] ]
try: try:
Setting.insert_many(data_source).on_conflict_ignore().execute() Setting.insert_many(data_source).on_conflict_ignore().execute()
@ -626,7 +626,6 @@ def update_db_v_5_3_1(**kwargs):
print("Updating... DB has been updated to version 5.3.1") print("Updating... DB has been updated to version 5.3.1")
def update_db_v_5_3_2_2(**kwargs): def update_db_v_5_3_2_2(**kwargs):
cursor = conn.cursor() cursor = conn.cursor()
sql = """ sql = """

120
app/funct.py
View File

@ -10,8 +10,8 @@ def is_ip_or_dns(server_from_request: str) -> str:
dns_regex = "^(?!-)[A-Za-z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Za-z]{2,6}$" dns_regex = "^(?!-)[A-Za-z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Za-z]{2,6}$"
try: try:
if server_from_request in ('roxy-wi-checker', 'roxy-wi-keep_alive', 'roxy-wi-keep-alive', 'roxy-wi-metrics', if server_from_request in ('roxy-wi-checker', 'roxy-wi-keep_alive', 'roxy-wi-keep-alive', 'roxy-wi-metrics',
'roxy-wi-portscanner', 'roxy-wi-smon', 'roxy-wi-socket', 'roxy-wi-portscanner', 'roxy-wi-smon', 'roxy-wi-socket', 'fail2ban', 'prometheus',
'fail2ban', 'prometheus', 'all', 'grafana-server', 'rabbitmq-server'): 'all', 'grafana-server', 'rabbitmq-server'):
return server_from_request return server_from_request
if re.match(ip_regex, server_from_request): if re.match(ip_regex, server_from_request):
return server_from_request return server_from_request
@ -419,12 +419,12 @@ def ssh_connect(server_ip):
def get_config(server_ip, cfg, **kwargs): def get_config(server_ip, cfg, **kwargs):
import sql import sql
if kwargs.get("keepalived") or kwargs.get("service") == 'keepalived': if kwargs.get("keepalived") or kwargs.get("service") == 'keepalived':
config_path = "/etc/keepalived/keepalived.conf" config_path = "/etc/keepalived/keepalived.conf"
elif (kwargs.get("nginx") or kwargs.get("service") == 'nginx' or elif (kwargs.get("nginx") or kwargs.get("service") == 'nginx' or
kwargs.get("apache") or kwargs.get("service") == 'apache'): kwargs.get("apache") or kwargs.get("service") == 'apache'):
config_path = kwargs.get('config_file_name') config_path = kwargs.get('config_file_name')
elif kwargs.get("waf") or kwargs.get("service") == 'waf': elif kwargs.get("waf") or kwargs.get("service") == 'waf':
config_path = sql.get_setting('haproxy_dir') + '/waf/rules/' + kwargs.get("waf_rule_file") config_path = sql.get_setting('haproxy_dir') + '/waf/rules/' + kwargs.get("waf_rule_file")
else: else:
config_path = sql.get_setting('haproxy_config_path') config_path = sql.get_setting('haproxy_config_path')
@ -472,7 +472,7 @@ def diff_config(oldcfg, cfg, **kwargs):
if kwargs.get('return_diff'): if kwargs.get('return_diff'):
for line in output: for line in output:
diff += line + "\n" diff += line + "\n"
return diff return diff
else: else:
for line in output: for line in output:
@ -496,13 +496,13 @@ def get_remote_sections(server_ip: str, service: str) -> str:
section_name = 'server_name' section_name = 'server_name'
commands = [ commands = [
'sudo grep {} {}* -R |grep -v \'${}\|#\'|awk \'{{print $1, $3}}\''.format(section_name, config_dir, 'sudo grep {} {}* -R |grep -v \'${}\|#\'|awk \'{{print $1, $3}}\''.format(section_name, config_dir,
section_name)] section_name)]
elif service == 'apache': elif service == 'apache':
section_name = 'ServerName' section_name = 'ServerName'
commands = [ commands = [
'sudo grep {} {}*/*.conf -R |grep -v \'${}\|#\'|awk \'{{print $1, $3}}\''.format(section_name, config_dir, 'sudo grep {} {}*/*.conf -R |grep -v \'${}\|#\'|awk \'{{print $1, $3}}\''.format(section_name, config_dir,
section_name)] section_name)]
backends = ssh_command(server_ip, commands) backends = ssh_command(server_ip, commands)
@ -516,7 +516,7 @@ def get_sections(config, **kwargs):
if kwargs.get('service') == 'keepalived': if kwargs.get('service') == 'keepalived':
import re import re
ip_pattern = re.compile('\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}') ip_pattern = re.compile('\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}')
find_ip = re.findall(ip_pattern,line) find_ip = re.findall(ip_pattern, line)
if find_ip: if find_ip:
return_config.append(find_ip[0]) return_config.append(find_ip[0])
else: else:
@ -893,8 +893,8 @@ def upload(server_ip, path, file, **kwargs):
file = sftp.put(file, full_path) file = sftp.put(file, full_path)
except Exception as e: except Exception as e:
error = str(e.args) error = str(e.args)
print('Cannot upload '+file+' to '+full_path+' to server: '+server_ip+' error: '+ error) print('Cannot upload ' + file + ' to ' + full_path + ' to server: ' + server_ip + ' error: ' + error)
logging('localhost', ' Cannot upload '+file+' to '+full_path+' to server: '+server_ip+' Error: '+ error, haproxywi=1) logging('localhost', ' Cannot upload ' + file + ' to ' + full_path + ' to server: ' + server_ip + ' Error: ' + error, haproxywi=1)
return error return error
try: try:
@ -903,7 +903,7 @@ def upload(server_ip, path, file, **kwargs):
except Exception as e: except Exception as e:
error = str(e.args) error = str(e.args)
logging('localhost', error, haproxywi=1) logging('localhost', error, haproxywi=1)
print('Cannot upload '+file+' to '+full_path+' to server: '+server_ip+' error: '+ error) print('Cannot upload ' + file + ' to ' + full_path + ' to server: ' + server_ip + ' error: ' + error)
return error return error
@ -947,7 +947,6 @@ def upload_and_restart(server_ip, cfg, **kwargs):
if service == 'apache': if service == 'apache':
service_name = get_correct_apache_service_name(server_ip, 0) service_name = get_correct_apache_service_name(server_ip, 0)
reload_command = " && sudo systemctl reload " + service_name reload_command = " && sudo systemctl reload " + service_name
restart_command = " && sudo systemctl restart " + service_name restart_command = " && sudo systemctl restart " + service_name
@ -997,7 +996,7 @@ def upload_and_restart(server_ip, cfg, **kwargs):
check_config = "sudo docker exec -it exec " + container_name + " nginx -t -q " check_config = "sudo docker exec -it exec " + container_name + " nginx -t -q "
else: else:
check_config = "sudo apachectl configtest " check_config = "sudo apachectl configtest "
check_and_move = "sudo mv -f " + tmp_file + " " + config_path #+ " && " + check_config check_and_move = "sudo mv -f " + tmp_file + " " + config_path # + " && " + check_config
if action == "test": if action == "test":
commands = [check_config + " && sudo rm -f " + tmp_file] commands = [check_config + " && sudo rm -f " + tmp_file]
elif action == "save": elif action == "save":
@ -1018,7 +1017,7 @@ def upload_and_restart(server_ip, cfg, **kwargs):
elif action == "save": elif action == "save":
commands = [check_config + move_config] commands = [check_config + move_config]
else: else:
commands = [check_config + move_config + reload_or_restart_command ] commands = [check_config + move_config + reload_or_restart_command]
if sql.return_firewall(server_ip): if sql.return_firewall(server_ip):
commands[0] += open_port_firewalld(cfg, server_ip=server_ip) commands[0] += open_port_firewalld(cfg, server_ip=server_ip)
@ -1075,25 +1074,25 @@ def master_slave_upload_and_restart(server_ip, cfg, just_save, **kwargs):
for master in masters: for master in masters:
if master[0] is not None: if master[0] is not None:
error = upload_and_restart(master[0], error = upload_and_restart(master[0],
cfg, cfg,
just_save=just_save, just_save=just_save,
nginx=kwargs.get('nginx'), nginx=kwargs.get('nginx'),
apache=kwargs.get('apache'), apache=kwargs.get('apache'),
config_file_name=kwargs.get('config_file_name'), config_file_name=kwargs.get('config_file_name'),
slave=1) slave=1)
if kwargs.get('login'): if kwargs.get('login'):
login = kwargs.get('login') login = kwargs.get('login')
else: else:
login = '' login = ''
error = upload_and_restart(server_ip, error = upload_and_restart(server_ip,
cfg, cfg,
just_save=just_save, just_save=just_save,
nginx=kwargs.get('nginx'), nginx=kwargs.get('nginx'),
apache=kwargs.get('apache'), apache=kwargs.get('apache'),
config_file_name=kwargs.get('config_file_name'), config_file_name=kwargs.get('config_file_name'),
oldcfg=kwargs.get('oldcfg'), oldcfg=kwargs.get('oldcfg'),
login=login) login=login)
return error return error
@ -1152,7 +1151,7 @@ def check_haproxy_config(server_ip):
if is_docker == '1': if is_docker == '1':
container_name = sql.get_setting('haproxy_container_name') container_name = sql.get_setting('haproxy_container_name')
commands = [ "sudo docker exec -it " + container_name + " haproxy -q -c -f " + config_path ] commands = ["sudo docker exec -it " + container_name + " haproxy -q -c -f " + config_path]
else: else:
commands = ["haproxy -q -c -f %s" % config_path] commands = ["haproxy -q -c -f %s" % config_path]
@ -1168,7 +1167,7 @@ def check_haproxy_config(server_ip):
def check_nginx_config(server_ip): def check_nginx_config(server_ip):
import sql import sql
commands = [ "nginx -q -t -p {}".format(sql.get_setting('nginx_dir')) ] commands = ["nginx -q -t -p {}".format(sql.get_setting('nginx_dir'))]
ssh = ssh_connect(server_ip) ssh = ssh_connect(server_ip)
for command in commands: for command in commands:
stdin, stdout, stderr = ssh.exec_command(command, get_pty=True) stdin, stdout, stderr = ssh.exec_command(command, get_pty=True)
@ -1647,7 +1646,7 @@ def check_service(server_ip, service_name):
def get_service_version(server_ip, service_name): def get_service_version(server_ip, service_name):
server_ip = is_ip_or_dns(server_ip) server_ip = is_ip_or_dns(server_ip)
if service_name == 'haproxy_exporter': if service_name == 'haproxy_exporter':
commands = [ "/opt/prometheus/exporters/haproxy_exporter --version 2>&1 |head -1|awk '{print $3}'"] commands = ["/opt/prometheus/exporters/haproxy_exporter --version 2>&1 |head -1|awk '{print $3}'"]
elif service_name == 'nginx_exporter': elif service_name == 'nginx_exporter':
commands = ["/opt/prometheus/exporters/nginx_exporter 2>&1 |head -1 |awk -F\"=\" '{print $2}'|awk '{print $1}'"] commands = ["/opt/prometheus/exporters/nginx_exporter 2>&1 |head -1 |awk -F\"=\" '{print $2}'|awk '{print $1}'"]
elif service_name == 'node_exporter': elif service_name == 'node_exporter':
@ -1666,15 +1665,15 @@ def get_services_status():
services = [] services = []
is_in_docker = is_docker() is_in_docker = is_docker()
services_name = {'roxy-wi-checker': 'Checker backends master service', services_name = {'roxy-wi-checker': 'Checker backends master service',
'roxy-wi-keep_alive': 'Auto start service', 'roxy-wi-keep_alive': 'Auto start service',
'roxy-wi-metrics': 'Metrics master service', 'roxy-wi-metrics': 'Metrics master service',
'roxy-wi-portscanner': 'Port scanner service', 'roxy-wi-portscanner': 'Port scanner service',
'roxy-wi-smon': 'Simple monitoring network ports', 'roxy-wi-smon': 'Simple monitoring network ports',
'roxy-wi-socket': 'Socket service', 'roxy-wi-socket': 'Socket service',
'prometheus': 'Prometheus service', 'prometheus': 'Prometheus service',
'grafana-server': 'Grafana service', 'grafana-server': 'Grafana service',
'fail2ban': 'Fail2ban service', 'fail2ban': 'Fail2ban service',
'rabbitmq-server': 'Message broker service'} 'rabbitmq-server': 'Message broker service'}
for s, v in services_name.items(): for s, v in services_name.items():
if is_in_docker: if is_in_docker:
cmd = "sudo supervisorctl status " + s + "|awk '{print $2}'" cmd = "sudo supervisorctl status " + s + "|awk '{print $2}'"
@ -1762,8 +1761,8 @@ def get_system_info(server_ip: str) -> bool:
except Exception: except Exception:
ip = '' ip = ''
network[i['logicalname']] = {'description': i['description'], network[i['logicalname']] = {'description': i['description'],
'mac': i['serial'], 'mac': i['serial'],
'ip': ip} 'ip': ip}
for k, j in i.items(): for k, j in i.items():
if isinstance(j, list): if isinstance(j, list):
for b in j: for b in j:
@ -1801,9 +1800,9 @@ def get_system_info(server_ip: str) -> bool:
fs = volume_info['configuration']['mount.fstype'] fs = volume_info['configuration']['mount.fstype']
state = volume_info['configuration']['state'] state = volume_info['configuration']['state']
disks[volume_name] = {'mount_point': mount_point, disks[volume_name] = {'mount_point': mount_point,
'size': size, 'size': size,
'fs': fs, 'fs': fs,
'state': state} 'state': state}
except Exception: except Exception:
pass pass
@ -1815,7 +1814,7 @@ def get_system_info(server_ip: str) -> bool:
if 'children' in s: if 'children' in s:
for net in s['children']: for net in s['children']:
network[net['logicalname']] = {'description': net['description'], network[net['logicalname']] = {'description': net['description'],
'mac': net['serial']} 'mac': net['serial']}
if s['class'] == 'storage': if s['class'] == 'storage':
for p, pval in s.items(): for p, pval in s.items():
if isinstance(pval, list): if isinstance(pval, list):
@ -1830,9 +1829,9 @@ def get_system_info(server_ip: str) -> bool:
fs = volume_info['configuration']['mount.fstype'] fs = volume_info['configuration']['mount.fstype']
state = volume_info['configuration']['state'] state = volume_info['configuration']['state']
disks[volume_name] = {'mount_point': mount_point, disks[volume_name] = {'mount_point': mount_point,
'size': size, 'size': size,
'fs': fs, 'fs': fs,
'state': state} 'state': state}
for z, n in s.items(): for z, n in s.items():
if isinstance(n, list): if isinstance(n, list):
for y in n: for y in n:
@ -1867,9 +1866,9 @@ def get_system_info(server_ip: str) -> bool:
fs = q['configuration']['mount.fstype'] fs = q['configuration']['mount.fstype']
state = q['configuration']['state'] state = q['configuration']['state']
disks[volume_name] = {'mount_point': mount_point, disks[volume_name] = {'mount_point': mount_point,
'size': size, 'size': size,
'fs': fs, 'fs': fs,
'state': state} 'state': state}
except Exception as e: except Exception as e:
print(e) print(e)
except Exception: except Exception:
@ -1937,6 +1936,7 @@ def get_system_info(server_ip: str) -> bool:
else: else:
return False return False
def string_to_dict(dict_string) -> dict: def string_to_dict(dict_string) -> dict:
from ast import literal_eval from ast import literal_eval
return literal_eval(dict_string) return literal_eval(dict_string)
@ -1957,16 +1957,14 @@ def send_message_to_rabbit(message: str, **kwargs) -> None:
credentials = pika.PlainCredentials(rabbit_user, rabbit_password) credentials = pika.PlainCredentials(rabbit_user, rabbit_password)
parameters = pika.ConnectionParameters(rabbit_host, parameters = pika.ConnectionParameters(rabbit_host,
rabbit_port, rabbit_port,
rabbit_vhost, rabbit_vhost,
credentials) credentials)
connection = pika.BlockingConnection(parameters) connection = pika.BlockingConnection(parameters)
channel = connection.channel() channel = connection.channel()
channel.queue_declare(queue=rabbit_queue) channel.queue_declare(queue=rabbit_queue)
channel.basic_publish(exchange='', channel.basic_publish(exchange='', routing_key=rabbit_queue, body=message)
routing_key=rabbit_queue,
body=message)
connection.close() connection.close()
@ -2008,10 +2006,12 @@ def get_correct_apache_service_name(server_ip=0, server_id=0) -> str:
def is_docker() -> bool: def is_docker() -> bool:
import os, re import os
import re
path = "/proc/self/cgroup" path = "/proc/self/cgroup"
if not os.path.isfile(path): return False if not os.path.isfile(path):
return False
with open(path) as f: with open(path) as f:
for line in f: for line in f:
if re.match("\d+:[\w=]+:/docker(-[ce]e)?/\w+", line): if re.match("\d+:[\w=]+:/docker(-[ce]e)?/\w+", line):

38
app/hapservers.py
View File

@ -1,7 +1,9 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import distro
import funct import funct
import sql import sql
import distro
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
@ -122,7 +124,7 @@ for s in servers:
servers_with_status.append(h) servers_with_status.append(h)
servers_with_status.append(s[17]) servers_with_status.append(s[17])
elif service == 'keepalived': elif service == 'keepalived':
h = (['',''],) h = (['', ''],)
cmd = [ cmd = [
"/usr/sbin/keepalived -v 2>&1|head -1|awk '{print $2}' && systemctl status keepalived |grep -e 'Active' |awk '{print $2, $9$10$11$12$13}' && ps ax |grep keepalived|grep -v grep |wc -l"] "/usr/sbin/keepalived -v 2>&1|head -1|awk '{print $2}' && systemctl status keepalived |grep -e 'Active' |awk '{print $2, $9$10$11$12$13}' && ps ax |grep keepalived|grep -v grep |wc -l"]
try: try:
@ -139,7 +141,7 @@ for s in servers:
servers_with_status.append(h) servers_with_status.append(h)
servers_with_status.append(s[22]) servers_with_status.append(s[22])
elif service == 'apache': elif service == 'apache':
h = (['',''],) h = (['', ''],)
apache_stats_user = sql.get_setting('apache_stats_user') apache_stats_user = sql.get_setting('apache_stats_user')
apache_stats_password = sql.get_setting('apache_stats_password') apache_stats_password = sql.get_setting('apache_stats_password')
apache_stats_port = sql.get_setting('apache_stats_port') apache_stats_port = sql.get_setting('apache_stats_port')
@ -174,7 +176,7 @@ for s in servers:
if is_keepalived: if is_keepalived:
try: try:
cmd = ['sudo kill -USR1 `cat /var/run/keepalived.pid` && sudo grep State /tmp/keepalived.data -m 1 |awk -F"=" \'{print $2}\'|tr -d \'[:space:]\' && sudo rm -f /tmp/keepalived.data' ] cmd = ['sudo kill -USR1 `cat /var/run/keepalived.pid` && sudo grep State /tmp/keepalived.data -m 1 |awk -F"=" \'{print $2}\'|tr -d \'[:space:]\' && sudo rm -f /tmp/keepalived.data']
out = funct.ssh_command(s[2], cmd) out = funct.ssh_command(s[2], cmd)
out1 = ('1', out) out1 = ('1', out)
servers_with_status.append(out1) servers_with_status.append(out1)
@ -192,18 +194,18 @@ except Exception as e:
funct.logging('localhost', 'Cannot get a user plan: ' + str(e), haproxywi=1) funct.logging('localhost', 'Cannot get a user plan: ' + str(e), haproxywi=1)
template = template.render(h2=1, template = template.render(h2=1,
autorefresh=autorefresh, autorefresh=autorefresh,
title=title, title=title,
role=role, role=role,
user=user, user=user,
servers=servers_with_status1, servers=servers_with_status1,
keep_alive=''.join(keep_alive), keep_alive=''.join(keep_alive),
serv=serv, serv=serv,
service=service, service=service,
services=services, services=services,
user_services=user_services, user_services=user_services,
service_settings=service_settings, service_settings=service_settings,
user_status=user_status, user_status=user_status,
user_plan=user_plan, user_plan=user_plan,
token=token) token=token)
print(template) print(template)

37
app/history.py
View File

@ -10,9 +10,10 @@ print('Content-type: text/html\n')
funct.check_login() funct.check_login()
try: try:
user, user_id, role, token, servers, user_services = funct.get_users_params() user, user_id, role, token, servers, user_services \
= funct.get_users_params()
services = [] services = []
except: except Exception:
pass pass
form = funct.form form = funct.form
@ -27,28 +28,32 @@ if service == 'nginx':
if serv: if serv:
if funct.check_is_server_in_group(serv): if funct.check_is_server_in_group(serv):
server_id = sql.select_server_id_by_ip(serv) server_id = sql.select_server_id_by_ip(serv)
history = sql.select_action_history_by_server_id_and_service(server_id, service) history = sql.select_action_history_by_server_id_and_service(server_id,
service)
elif service == 'keepalived': elif service == 'keepalived':
if funct.check_login(service=3): if funct.check_login(service=3):
title = 'Keepalived service history' title = 'Keepalived service history'
if serv: if serv:
if funct.check_is_server_in_group(serv): if funct.check_is_server_in_group(serv):
server_id = sql.select_server_id_by_ip(serv) server_id = sql.select_server_id_by_ip(serv)
history = sql.select_action_history_by_server_id_and_service(server_id, service) history = sql.select_action_history_by_server_id_and_service(server_id,
service)
elif service == 'apache': elif service == 'apache':
if funct.check_login(service=4): if funct.check_login(service=4):
title = 'Apache service history' title = 'Apache service history'
if serv: if serv:
if funct.check_is_server_in_group(serv): if funct.check_is_server_in_group(serv):
server_id = sql.select_server_id_by_ip(serv) server_id = sql.select_server_id_by_ip(serv)
history = sql.select_action_history_by_server_id_and_service(server_id, service) history = sql.select_action_history_by_server_id_and_service(server_id,
service)
elif service == 'haproxy': elif service == 'haproxy':
if funct.check_login(service=1): if funct.check_login(service=1):
title = "HAProxy service history" title = "HAProxy service history"
if serv: if serv:
if funct.check_is_server_in_group(serv): if funct.check_is_server_in_group(serv):
server_id = sql.select_server_id_by_ip(serv) server_id = sql.select_server_id_by_ip(serv)
history = sql.select_action_history_by_server_id_and_service(server_id, service) history = sql.select_action_history_by_server_id_and_service(server_id,
service)
elif service == 'server': elif service == 'server':
if serv: if serv:
title = serv + ' history' title = serv + ' history'
@ -63,14 +68,14 @@ elif service == 'user':
users = sql.select_users() users = sql.select_users()
template = template.render(h2=1, template = template.render(h2=1,
autorefresh=0, autorefresh=0,
title=title, title=title,
role=role, role=role,
user=user, user=user,
users=users, users=users,
serv=serv, serv=serv,
service=service, service=service,
history=history, history=history,
user_services=user_services, user_services=user_services,
token=token) token=token)
print(template) print(template)

3
app/nettools.py
View File

@ -9,7 +9,8 @@ print('Content-type: text/html\n')
funct.check_login() funct.check_login()
try: try:
user, user_id, role, token, servers, user_services = funct.get_users_params(virt=1) user, user_id, role, token, servers, user_services \
= funct.get_users_params(virt=1)
except Exception: except Exception:
pass pass

42
app/options.py
View File

@ -597,7 +597,7 @@ if act == "overview":
haproxy = sql.select_haproxy(serv) if '1' in user_services else 0 haproxy = sql.select_haproxy(serv) if '1' in user_services else 0
nginx = sql.select_nginx(serv) if '2' in user_services else 0 nginx = sql.select_nginx(serv) if '2' in user_services else 0
keepalived = sql.select_keepalived(serv) if '3' in user_services else 0 keepalived = sql.select_keepalived(serv) if '3' in user_services else 0
apache = sql.select_apache(serv) if '4' in user_services else 0 apache = sql.select_apache(serv) if '4' in user_services else 0
waf = sql.select_waf_servers(serv2) waf = sql.select_waf_servers(serv2)
haproxy_process = '' haproxy_process = ''
@ -646,7 +646,6 @@ if act == "overview":
apache_process) apache_process)
return server_status return server_status
async def get_runner_overview(): async def get_runner_overview():
env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True, env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True,
extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do']) extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'])
@ -663,7 +662,6 @@ if act == "overview":
template = template.render(service_status=servers_sorted, role=sql.get_user_role_by_uuid(user_uuid.value)) template = template.render(service_status=servers_sorted, role=sql.get_user_role_by_uuid(user_uuid.value))
print(template) print(template)
ioloop = asyncio.get_event_loop() ioloop = asyncio.get_event_loop()
ioloop.run_until_complete(get_runner_overview()) ioloop.run_until_complete(get_runner_overview())
ioloop.close() ioloop.close()
@ -673,7 +671,7 @@ if act == "overviewwaf":
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True, env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True,
extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do']) extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'])
template = env.get_template('overivewWaf.html') template = env.get_template('overivewWaf.html')
servers = sql.select_servers(server=serv) servers = sql.select_servers(server=serv)
@ -728,7 +726,6 @@ if act == "overviewwaf":
if act == "overviewServers": if act == "overviewServers":
import asyncio import asyncio
async def async_get_overviewServers(serv1, serv2, service): async def async_get_overviewServers(serv1, serv2, service):
if service == 'haproxy': if service == 'haproxy':
cmd = 'echo "show info" |nc %s %s -w 1|grep -e "node\|Nbproc\|Maxco\|MB\|Nbthread"' % (serv2, sql.get_setting('haproxy_sock_port')) cmd = 'echo "show info" |nc %s %s -w 1|grep -e "node\|Nbproc\|Maxco\|MB\|Nbthread"' % (serv2, sql.get_setting('haproxy_sock_port'))
@ -748,7 +745,6 @@ if act == "overviewServers":
server_status = (serv1, serv2, return_out) server_status = (serv1, serv2, return_out)
return server_status return server_status
async def get_runner_overviewServers(**kwargs): async def get_runner_overviewServers(**kwargs):
import http.cookies import http.cookies
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
@ -769,7 +765,6 @@ if act == "overviewServers":
template = template.render(service_status=servers_sorted, role=role, id=kwargs.get('id'), service_page=service) template = template.render(service_status=servers_sorted, role=role, id=kwargs.get('id'), service_page=service)
print(template) print(template)
server_id = form.getvalue('id') server_id = form.getvalue('id')
name = form.getvalue('name') name = form.getvalue('name')
service = form.getvalue('service') service = form.getvalue('service')
@ -1703,9 +1698,9 @@ if form.getvalue('git_backup'):
branch = 'main' branch = 'main'
commands = ["chmod +x " + script + " && ./" + script + " HOST=" + server_ip + " DELJOB=" + deljob + commands = ["chmod +x " + script + " && ./" + script + " HOST=" + server_ip + " DELJOB=" + deljob +
" SERVICE=" + service_name + " INIT=" + git_init + " SSH_PORT=" + ssh_port + " PERIOD=" + period + " SERVICE=" + service_name + " INIT=" + git_init + " SSH_PORT=" + ssh_port + " PERIOD=" + period +
" REPO=" + repo + " BRANCH=" + branch + " CONFIG_DIR=" + service_config_dir + " REPO=" + repo + " BRANCH=" + branch + " CONFIG_DIR=" + service_config_dir +
" PROXY=" + proxy_serv + " USER=" + str(ssh_user_name) + " KEY=" + str(ssh_key_name)] " PROXY=" + proxy_serv + " USER=" + str(ssh_user_name) + " KEY=" + str(ssh_key_name)]
output, error = funct.subprocess_execute(commands[0]) output, error = funct.subprocess_execute(commands[0])
@ -2129,7 +2124,6 @@ if form.getvalue('newuser') is not None:
group = form.getvalue('newgroupuser') group = form.getvalue('newgroupuser')
role_id = sql.get_role_id_by_name(role) role_id = sql.get_role_id_by_name(role)
if funct.check_user_group(): if funct.check_user_group():
if funct.is_admin(level=role_id): if funct.is_admin(level=role_id):
if sql.add_user(new_user, email, password, role, activeuser, group): if sql.add_user(new_user, email, password, role, activeuser, group):
@ -2341,7 +2335,7 @@ if form.getvalue('newgroup') is not None:
output_from_parsed_template = template.render(groups=sql.select_groups(group=newgroup)) output_from_parsed_template = template.render(groups=sql.select_groups(group=newgroup))
print(output_from_parsed_template) print(output_from_parsed_template)
funct.logging('localhost','A new group ' + newgroup + ' has been created', haproxywi=1, login=1) funct.logging('localhost', 'A new group ' + newgroup + ' has been created', haproxywi=1, login=1)
if form.getvalue('groupdel') is not None: if form.getvalue('groupdel') is not None:
groupdel = form.getvalue('groupdel') groupdel = form.getvalue('groupdel')
@ -2387,7 +2381,7 @@ if form.getvalue('new_ssh'):
output_from_parsed_template = template.render(groups=sql.select_groups(), sshs=sql.select_ssh(name=name), output_from_parsed_template = template.render(groups=sql.select_groups(), sshs=sql.select_ssh(name=name),
page=page) page=page)
print(output_from_parsed_template) print(output_from_parsed_template)
funct.logging('localhost', 'A new SSH credentials ' + name +' has created', haproxywi=1, login=1) funct.logging('localhost', 'A new SSH credentials ' + name + ' has created', haproxywi=1, login=1)
if form.getvalue('sshdel') is not None: if form.getvalue('sshdel') is not None:
fullpath = funct.get_config_var('main', 'fullpath') fullpath = funct.get_config_var('main', 'fullpath')
@ -2565,7 +2559,7 @@ if form.getvalue('updatesettings') is not None:
settings = form.getvalue('updatesettings') settings = form.getvalue('updatesettings')
val = form.getvalue('val') val = form.getvalue('val')
if sql.update_setting(settings, val): if sql.update_setting(settings, val):
funct.logging('localhost', 'The ' + settings +' setting has been changed to: ' + val, haproxywi=1, login=1) funct.logging('localhost', 'The ' + settings + ' setting has been changed to: ' + val, haproxywi=1, login=1)
print("Ok") print("Ok")
if form.getvalue('getuserservices'): if form.getvalue('getuserservices'):
@ -2727,7 +2721,6 @@ if form.getvalue('updateSmonIp') is not None:
print('SMON error: Cannot be HTTP with 443 port') print('SMON error: Cannot be HTTP with 443 port')
sys.exit() sys.exit()
if sql.update_smon(smon_id, ip, port, body, telegram, slack, group, desc, en): if sql.update_smon(smon_id, ip, port, body, telegram, slack, group, desc, en):
print("Ok") print("Ok")
funct.logging('SMON', ' Has been update the server ' + ip + ' to SMON ', haproxywi=1, login=1) funct.logging('SMON', ' Has been update the server ' + ip + ' to SMON ', haproxywi=1, login=1)
@ -3496,7 +3489,7 @@ if form.getvalue('awseditworkspace'):
cmd = 'cd scripts/terraform/ && sudo terraform workspace select ' + workspace + '_' + group + '_aws' cmd = 'cd scripts/terraform/ && sudo terraform workspace select ' + workspace + '_' + group + '_aws'
output, stderr = funct.subprocess_execute(cmd) output, stderr = funct.subprocess_execute(cmd)
except Exception as e: except Exception as e:
print('error: ' +str(e)) print('error: ' + str(e))
if stderr != '': if stderr != '':
stderr = stderr.strip() stderr = stderr.strip()
@ -3509,14 +3502,15 @@ if form.getvalue('awseditworkspace'):
print('ok') print('ok')
if ( if (
form.getvalue('awsprovisining') or form.getvalue('awsprovisining') or
form.getvalue('awseditingprovisining') or form.getvalue('awseditingprovisining') or
form.getvalue('doprovisining') or form.getvalue('doprovisining') or
form.getvalue('doeditprovisining') or form.getvalue('doeditprovisining') or
form.getvalue('gcoreprovisining') or form.getvalue('gcoreprovisining') or
form.getvalue('gcoreeditgprovisining') form.getvalue('gcoreeditgprovisining')
): ):
funct.check_user_group() funct.check_user_group()
if form.getvalue('awsprovisining'): if form.getvalue('awsprovisining'):
workspace = form.getvalue('awsprovisining') workspace = form.getvalue('awsprovisining')
group = form.getvalue('aws_create_group') group = form.getvalue('aws_create_group')
@ -3923,7 +3917,7 @@ if form.getvalue('loadopenvpn'):
if ( if (
(stdout[0] != 'package openvpn3-client is not installed' and stderr != '/bin/sh: rpm: command not found') and (stdout[0] != 'package openvpn3-client is not installed' and stderr != '/bin/sh: rpm: command not found') and
stdout[0] != 'E: No packages found' stdout[0] != 'E: No packages found'
): ):
cmd = "sudo openvpn3 configs-list |grep -E 'ovpn|(^|[^0-9])[0-9]{4}($|[^0-9])' |grep -v net|awk -F\" \" '{print $1}'|awk 'ORS=NR%2?\" \":\"\\n\"'" cmd = "sudo openvpn3 configs-list |grep -E 'ovpn|(^|[^0-9])[0-9]{4}($|[^0-9])' |grep -v net|awk -F\" \" '{print $1}'|awk 'ORS=NR%2?\" \":\"\\n\"'"
openvpn_configs, stderr = funct.subprocess_execute(cmd) openvpn_configs, stderr = funct.subprocess_execute(cmd)
cmd = "sudo openvpn3 sessions-list|grep -E 'Config|Status'|awk -F\":\" '{print $2}'|awk 'ORS=NR%2?\" \":\"\\n\"'| sed 's/^ //g'" cmd = "sudo openvpn3 sessions-list|grep -E 'Config|Status'|awk -F\":\" '{print $2}'|awk 'ORS=NR%2?\" \":\"\\n\"'| sed 's/^ //g'"

33
app/sql.py
View File

@ -386,14 +386,12 @@ def select_user_groups_with_names(user_id, **kwargs):
if kwargs.get("all") is not None: if kwargs.get("all") is not None:
query = (UserGroups query = (UserGroups
.select(UserGroups.user_group_id, UserGroups.user_id, Groups.name) .select(UserGroups.user_group_id, UserGroups.user_id, Groups.name)
.join(Groups, on=(UserGroups.user_group_id == Groups.group_id)) .join(Groups, on=(UserGroups.user_group_id == Groups.group_id)))
)
else: else:
query = (UserGroups query = (UserGroups
.select(UserGroups.user_group_id, Groups.name) .select(UserGroups.user_group_id, Groups.name)
.join(Groups, on=(UserGroups.user_group_id == Groups.group_id)) .join(Groups, on=(UserGroups.user_group_id == Groups.group_id))
.where(UserGroups.user_id == user_id) .where(UserGroups.user_id == user_id))
)
try: try:
query_res = query.execute() query_res = query.execute()
except Exception as e: except Exception as e:
@ -1055,6 +1053,7 @@ def update_slack(token, chanel, group, slack_id):
else: else:
return True return True
def insert_new_option(saved_option, group): def insert_new_option(saved_option, group):
try: try:
Option.insert(options=saved_option, groups=group).execute() Option.insert(options=saved_option, groups=group).execute()
@ -2193,7 +2192,6 @@ def select_en_service():
return query_res return query_res
def select_status(smon_id): def select_status(smon_id):
try: try:
query_res = SMON.get(SMON.id == smon_id).status query_res = SMON.get(SMON.id == smon_id).status
@ -2316,16 +2314,14 @@ def response_time(time, smon_id):
def smon_list(user_group): def smon_list(user_group):
if user_group == 1: if user_group == 1:
query = (SMON.select(SMON.ip, SMON.port,SMON.status,SMON.en,SMON.desc,SMON.response_time,SMON.time_state, query = (SMON.select(SMON.ip, SMON.port, SMON.status, SMON.en, SMON.desc, SMON.response_time, SMON.time_state,
SMON.group,SMON.script,SMON.http,SMON.http_status,SMON.body,SMON.body_status) SMON.group, SMON.script, SMON.http, SMON.http_status, SMON.body, SMON.body_status)
.order_by(SMON.group) .order_by(SMON.group))
)
else: else:
query = (SMON.select(SMON.ip, SMON.port, SMON.status, SMON.en, SMON.desc, SMON.response_time, SMON.time_state, query = (SMON.select(SMON.ip, SMON.port, SMON.status, SMON.en, SMON.desc, SMON.response_time, SMON.time_state,
SMON.group, SMON.script, SMON.http, SMON.http_status, SMON.body, SMON.body_status) SMON.group, SMON.script, SMON.http, SMON.http_status, SMON.body, SMON.body_status)
.where(SMON.user_group == user_group) .where(SMON.user_group == user_group)
.order_by(SMON.group) .order_by(SMON.group))
)
try: try:
query_res = query.execute() query_res = query.execute()
@ -2511,7 +2507,7 @@ def delete_ports(serv):
def insert_port_scanner_history(serv, port, port_status, service_name): def insert_port_scanner_history(serv, port, port_status, service_name):
try: try:
PortScannerHistory.insert(serv=serv, port=port, status=port_status, service_name=service_name, PortScannerHistory.insert(serv=serv, port=port, status=port_status, service_name=service_name,
date=funct.get_data('regular')).execute() date=funct.get_data('regular')).execute()
except Exception as e: except Exception as e:
out_error(e) out_error(e)
@ -2621,7 +2617,7 @@ def add_server_aws(region, instance_type, public_ip, floating_ip, volume_size, s
return False return False
def add_server_gcore(project ,region, instance_type, network_type, network_name, volume_size, ssh_key_name, name, os, def add_server_gcore(project, region, instance_type, network_type, network_name, volume_size, ssh_key_name, name, os,
firewall, provider_id, group_id, status, delete_on_termination, volume_type): firewall, provider_id, group_id, status, delete_on_termination, volume_type):
try: try:
ProvisionedServers.insert(region=region, instance_type=instance_type, public_ip=network_type, network_name=network_name, ProvisionedServers.insert(region=region, instance_type=instance_type, public_ip=network_type, network_name=network_name,
@ -2655,7 +2651,7 @@ def select_aws_server(server_id):
prov_serv.volume_size, prov_serv.ssh_key_name, prov_serv.name, prov_serv.os, prov_serv.volume_size, prov_serv.ssh_key_name, prov_serv.name, prov_serv.os,
prov_serv.firewall, prov_serv.provider_id, prov_serv.group_id, prov_serv.id, prov_serv.firewall, prov_serv.provider_id, prov_serv.group_id, prov_serv.id,
prov_serv.delete_on_termination, prov_serv.volume_type) prov_serv.delete_on_termination, prov_serv.volume_type)
.where(prov_serv.id == server_id)) .where(prov_serv.id == server_id))
try: try:
query_res = query.execute() query_res = query.execute()
except Exception as e: except Exception as e:
@ -2766,7 +2762,7 @@ def update_server_do(size, privet_net, floating_ip, ssh_ids, ssh_name, oss, fire
group, status, server_id): group, status, server_id):
query = ProvisionedServers.update(instance_type=size, private_networking=privet_net, query = ProvisionedServers.update(instance_type=size, private_networking=privet_net,
floating_ip=floating_ip, ssh_ids=ssh_ids, ssh_key_name=ssh_name, floating_ip=floating_ip, ssh_ids=ssh_ids, ssh_key_name=ssh_name,
os=oss,firewall=firewall, monitoring=monitoring, backup=backup, os=oss, firewall=firewall, monitoring=monitoring, backup=backup,
provider_id=provider, provider_id=provider,
group_id=group, status=status).where(ProvisionedServers.id == server_id) group_id=group, status=status).where(ProvisionedServers.id == server_id)
try: try:
@ -2792,9 +2788,9 @@ def select_provisioned_servers(**kwargs):
prov_serv.select(prov_serv.id, prov_serv.name, prov_serv.provider_id, prov_serv.type, prov_serv.select(prov_serv.id, prov_serv.name, prov_serv.provider_id, prov_serv.type,
prov_serv.group_id, prov_serv.instance_type, prov_serv.status, prov_serv.date, prov_serv.group_id, prov_serv.instance_type, prov_serv.status, prov_serv.date,
prov_serv.region, prov_serv.os, prov_serv.IP, prov_serv.last_error, prov_serv.name_template) prov_serv.region, prov_serv.os, prov_serv.IP, prov_serv.last_error, prov_serv.name_template)
.where((prov_serv.name == kwargs.get('new')) & .where((prov_serv.name == kwargs.get('new')) &
(prov_serv.group_id == kwargs.get('group')) & (prov_serv.group_id == kwargs.get('group')) &
(prov_serv.type == kwargs.get('type')))) (prov_serv.type == kwargs.get('type'))))
else: else:
query = prov_serv.select(prov_serv.id, prov_serv.name, prov_serv.provider_id, prov_serv.type, prov_serv.group_id, query = prov_serv.select(prov_serv.id, prov_serv.name, prov_serv.provider_id, prov_serv.type, prov_serv.group_id,
prov_serv.instance_type, prov_serv.status, prov_serv.date, prov_serv.region, prov_serv.os, prov_serv.instance_type, prov_serv.status, prov_serv.date, prov_serv.region, prov_serv.os,
@ -3226,6 +3222,7 @@ def insert_new_git(server_id, service_id, repo, branch, period, cred, descriptio
else: else:
return True return True
def select_gits(**kwargs): def select_gits(**kwargs):
if kwargs.get("server_id") is not None and kwargs.get("service_id") is not None: if kwargs.get("server_id") is not None and kwargs.get("service_id") is not None:
query = GitSetting.select().where((GitSetting.server_id == kwargs.get("server_id")) & (GitSetting.service_id == kwargs.get("service_id"))) query = GitSetting.select().where((GitSetting.server_id == kwargs.get("server_id")) & (GitSetting.service_id == kwargs.get("service_id")))