diff --git a/README.md b/README.md index 4a22a13d..ca09bdbc 100644 --- a/README.md +++ b/README.md @@ -134,6 +134,7 @@ For Apache do virtualhost with cgi-bin. Like this: ScriptAlias /cgi-bin/ "/var/www/haproxy-wi/app/" + DirectoryIndex overview.py Options +ExecCGI AddHandler cgi-script .py Order deny,allow @@ -146,33 +147,33 @@ For Apache do virtualhost with cgi-bin. Like this: Deny from all - - Options +ExecCGI -Indexes +MultiViews - Order Deny,Allow - Deny from all - + + Options +ExecCGI -Indexes +MultiViews + Order Deny,Allow + Deny from all + - + Order Deny,Allow Deny from all - + - - Order Deny,Allow - Deny from all - + + Order Deny,Allow + Deny from all + - - Header set X-XSS-Protection: 1; - Header set X-Frame-Options: deny - Header set X-Content-Type-Options: nosniff - Header set Strict-Transport-Security: max-age=3600; - Header set Cache-Control no-cache - Header set Expires: 0 + + Header set X-XSS-Protection: 1; + Header set X-Frame-Options: deny + Header set X-Content-Type-Options: nosniff + Header set Strict-Transport-Security: max-age=3600; + Header set Cache-Control no-cache + Header set Expires: 0 - + Header set Cache-Control "max-age=86400, public" - + ``` @@ -213,6 +214,11 @@ For Runtime API, Metrics and Alerting enable state file and stat socket on HApro load-server-state-from-file global listen stats + bind *:8085 + stats enable + stats uri /stats + stats realm HAProxy-04\ Statistics + stats auth admin:password stats admin if TRUE ``` ![alt text](image/haproxy-wi-logs.png "View logs page") diff --git a/app/create_db.py b/app/create_db.py index 1468b4cc..a405e681 100644 --- a/app/create_db.py +++ b/app/create_db.py @@ -459,7 +459,7 @@ def update_db_v_3_8_1(**kwargs): def update_ver(**kwargs): con, cur = get_cur() - sql = """update version set version = '3.9.1'; """ + sql = """update version set version = '3.9.2'; """ try: cur.execute(sql) con.commit() diff --git a/app/funct.py b/app/funct.py index 639eae15..511bcb80 100644 --- a/app/funct.py +++ b/app/funct.py @@ -155,11 +155,10 @@ def page_for_admin(**kwargs): print('

How did you get here?! O_o You do not have need permissions') print('') import sys - sys.exit() - -def ssh_connect(serv, **kwargs): - import paramiko - from paramiko import SSHClient + sys.exit() + + +def return_ssh_keys_path(serv): import sql fullpath = get_config_var('main', 'fullpath') ssh_enable = '' @@ -172,6 +171,16 @@ def ssh_connect(serv, **kwargs): ssh_user_name = sshs[4] ssh_user_password = sshs[5] ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2] + + return ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name + + +def ssh_connect(serv, **kwargs): + import paramiko + from paramiko import SSHClient + import sql + + ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = return_ssh_keys_path(serv) servers = sql.select_servers(server=serv) for server in servers: @@ -327,7 +336,7 @@ def rewrite_section(start_line, end_line, config, section): return_config += line return return_config - + def install_haproxy(serv, **kwargs): import sql @@ -339,17 +348,10 @@ def install_haproxy(serv, **kwargs): stats_password = sql.get_setting('stats_password') proxy = sql.get_setting('proxy') hapver = kwargs.get('hapver') - fullpath = get_config_var('main', 'fullpath') - ssh_enable = '' - ssh_port = '' - ssh_user_name = '' - ssh_user_password = '' + ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = return_ssh_keys_path(serv) - for sshs in sql.select_ssh(serv=serv): - ssh_enable = sshs[3] - ssh_user_name = sshs[4] - ssh_user_password = sshs[5] - ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2] + if ssh_enable == 0: + ssh_key_name = '' os.system("cp scripts/%s ." % script) diff --git a/app/index.html b/app/index.html deleted file mode 100644 index bfaba42c..00000000 --- a/app/index.html +++ /dev/null @@ -1,32 +0,0 @@ - - - - - HAProxy-WI - - - - - - - - - - - - -
-
-
-

Welcome to

- logo - Redirecting... Please wait -
-
- - diff --git a/app/options.py b/app/options.py index cc934b04..8fd1f8d6 100644 --- a/app/options.py +++ b/app/options.py @@ -582,18 +582,12 @@ if form.getvalue('master'): script = "install_keepalived.sh" fullpath = funct.get_config_var('main', 'fullpath') proxy = sql.get_setting('proxy') - ssh_enable = '' - ssh_port = '' - ssh_user_name = '' - ssh_user_password = '' + ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = funct.return_ssh_keys_path(master) + + if ssh_enable == 0: + ssh_key_name = '' proxy_serv = proxy if proxy is not None else "" - - for sshs in sql.select_ssh(serv=master): - ssh_enable = sshs[3] - ssh_user_name = sshs[4] - ssh_user_password = sshs[5] - ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2] os.system("cp scripts/%s ." % script) @@ -624,11 +618,10 @@ if form.getvalue('master'): else: print('success: Master Keepalived was installed
') - for sshs in sql.select_ssh(serv=slave): - ssh_enable = sshs[3] - ssh_user_name = sshs[4] - ssh_user_password = sshs[5] - ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2] + ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = funct.return_ssh_keys_path(slave) + + if ssh_enable == 0: + ssh_key_name = '' commands = [ "chmod +x "+script +" && ./"+script +" PROXY=" +proxy_serv+ " ETH="+ETH+" IP="+IP+" MASTER=BACKUP"+" HOST="+str(slave)+ @@ -664,20 +657,11 @@ if form.getvalue('masteradd'): IP = form.getvalue('vrrpipadd') kp = form.getvalue('kp') script = "install_keepalived.sh" - fullpath = funct.get_config_var('main', 'fullpath') - proxy = sql.get_setting('proxy') - ssh_enable = '' - ssh_port = '' - ssh_user_name = '' - ssh_user_password = '' + proxy = sql.get_setting('proxy') + ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = funct.return_ssh_keys_path(master) - proxy_serv = proxy if proxy is not None else "" - - for sshs in sql.select_ssh(serv=master): - ssh_enable = sshs[3] - ssh_user_name = sshs[4] - ssh_user_password = sshs[5] - ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2] + if ssh_enable == 0: + ssh_key_name = '' os.system("cp scripts/%s ." % script) @@ -705,11 +689,10 @@ if form.getvalue('masteradd'): print('success: Master VRRP address was added
') - for sshs in sql.select_ssh(serv=slave): - ssh_enable = sshs[3] - ssh_user_name = sshs[4] - ssh_user_password = sshs[5] - ssh_key_name = fullpath+'/keys/%s.pem' % sshs[2] + ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = funct.return_ssh_keys_path(slave) + + if ssh_enable == 0: + ssh_key_name = '' commands = [ "chmod +x "+script +" && ./"+script +" PROXY=" + proxy_serv+ " ETH="+ETH+" IP="+str(IP)+" MASTER=BACKUP"+" RESTART="+kp+" ADD_VRRP=1 HOST="+str(slave)+ @@ -781,8 +764,6 @@ if form.getvalue('new_metrics'): for i in metric: label = str(i[5]) label = label.split(' ')[1] - #label = label.split(':') - #labels += label[0]+':'+label[1]+',' labels += label+',' curr_con += str(i[1])+',' curr_ssl_con += str(i[2])+',' @@ -811,7 +792,6 @@ if form.getvalue('new_waf_metrics'): for i in metric: label = str(i[2]) label = label.split(' ')[1] - # label = label.split(':') labels += label[0]+',' curr_con += str(i[1])+',' diff --git a/app/scripts/ansible/roles/haproxy/tasks/main.yml b/app/scripts/ansible/roles/haproxy/tasks/main.yml index 0f5be086..912c33cd 100644 --- a/app/scripts/ansible/roles/haproxy/tasks/main.yml +++ b/app/scripts/ansible/roles/haproxy/tasks/main.yml @@ -3,6 +3,10 @@ package_facts: manager: "auto" + +- name: populate service facts + service_facts: + - name: install HAProxy {{HAPVER}} yum: @@ -94,6 +98,27 @@ set_fact: haproxy_version: "{{ '1.5' if '1.5.' in haproxy_version_result.stdout else '1.6' }}" + +- name: Open stat port for firewalld + firewalld: + port: "{{ item }}/tcp" + state: enabled + permanent: yes + immediate: yes + ignore_errors: yes + when: ansible_facts.services["firewalld.service"]['state'] == "running" + with_items: [ "{{ STAT_PORT }}", "{{ SOCK_PORT }}" ] + + +- name: Open stat port for iptables + iptables: + chain: INPUT + destination_port: "{{ item }}" + jump: ACCEPT + protocol: tcp + ignore_errors: yes + with_items: [ "{{ STAT_PORT }}", "{{ SOCK_PORT }}" ] + - name: Copy HAProxy configuration in place. template: diff --git a/app/scripts/waf.sh b/app/scripts/waf.sh index dc35d4bb..68d9a5c3 100644 --- a/app/scripts/waf.sh +++ b/app/scripts/waf.sh @@ -27,7 +27,7 @@ then fi if [ -f $HAPROXY_PATH/waf/modsecurity.conf ];then - echo -e 'error: Haproxy WAF already installed. You can edit confighere

' + echo -e 'error: Haproxy WAF already installed.

' exit 1 fi if hash apt-get 2>/dev/null; then diff --git a/config_other/httpd/haproxy-wi.conf b/config_other/httpd/haproxy-wi.conf index 3876672e..a9898de5 100644 --- a/config_other/httpd/haproxy-wi.conf +++ b/config_other/httpd/haproxy-wi.conf @@ -1,40 +1,40 @@ - WSGIDaemonProcess api display-name=%{GROUP} user=apache group=apache processes=1 threads=5 - WSGIScriptAlias /api /var/www/haproxy-wi/api/app.wsgi + WSGIDaemonProcess api display-name=%{GROUP} user=apache group=apache processes=1 threads=5 + WSGIScriptAlias /api /var/www/haproxy-wi/api/app.wsgi - - WSGIProcessGroup api - WSGIApplicationGroup %{GLOBAL} - Order deny,allow - Allow from all - + + WSGIProcessGroup api + WSGIApplicationGroup %{GLOBAL} + Order deny,allow + Allow from all + - SSLEngine on - SSLCertificateFile /var/www/haproxy-wi/app/certs/haproxy-wi.crt - SSLCertificateKeyFile /var/www/haproxy-wi/app/certs/haproxy-wi.key + SSLEngine on + SSLCertificateFile /var/www/haproxy-wi/app/certs/haproxy-wi.crt + SSLCertificateKeyFile /var/www/haproxy-wi/app/certs/haproxy-wi.key - ServerName haprox-wi.example.com - ErrorLog /var/log/httpd/haproxy-wi.error.log - CustomLog /var/log/httpd/haproxy-wi.access.log combined - TimeOut 600 - LimitRequestLine 16380 + ServerName haprox-wi.example.com + ErrorLog /var/log/httpd/haproxy-wi.error.log + CustomLog /var/log/httpd/haproxy-wi.access.log combined + TimeOut 600 + LimitRequestLine 16380 - DocumentRoot /var/www/haproxy-wi - ScriptAlias /cgi-bin/ "/var/www/haproxy-wi/app/" + DocumentRoot /var/www/haproxy-wi + ScriptAlias /cgi-bin/ "/var/www/haproxy-wi/app/" - - - Options +ExecCGI - AddHandler cgi-script .py - Order deny,allow - Allow from all - + + DirectoryIndex overview.py + Options +ExecCGI + AddHandler cgi-script .py + Order deny,allow + Allow from all + - Options +ExecCGI -Indexes +MultiViews - Order Deny,Allow - Deny from all - + Options +ExecCGI -Indexes +MultiViews + Order Deny,Allow + Deny from all + Options +ExecCGI -Indexes +MultiViews @@ -64,4 +64,4 @@ Header set Cache-Control "max-age=86400, public" - + \ No newline at end of file diff --git a/image/haproxy-wi-overview.png b/image/haproxy-wi-overview.png index c075d191..87917fcc 100644 Binary files a/image/haproxy-wi-overview.png and b/image/haproxy-wi-overview.png differ diff --git a/index.html b/index.html index bfaba42c..d512fdb4 100644 --- a/index.html +++ b/index.html @@ -3,8 +3,24 @@ HAProxy-WI - - + + + + + + + + + + + + + + + + + +