github
/
haproxy-wi
mirror of https://github.com/Aidaho12/haproxy-wi
1
0
Fork 0
Code Issues Releases Wiki Activity

v6.3.0.0 

Changelog: https://roxy-wi.org/changelog#6_3_0
pull/355/head
Pavel Loginov 2022-11-17 10:34:58 +03:00
parent e5dedade0b
commit c48f9f8fc6
51 changed files with 3786 additions and 3523 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
api/api.py
View File

@ -11,7 +11,8 @@ sys.path.append(os.path.dirname(os.path.abspath(__file__)))
os.chdir(os.path.dirname(os.path.abspath(__file__))) os.chdir(os.path.dirname(os.path.abspath(__file__)))
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app/')) sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app/'))
import sql import modules.db.sql as sql
import modules.config.config as config_mod
_error_auth = '403 Auth before' _error_auth = '403 Auth before'
_allow_origin = '*' _allow_origin = '*'
@ -101,7 +102,7 @@ def get_servers():
try: try:
token = request.headers.get('token') token = request.headers.get('token')
login, group_id = sql.get_username_groupid_from_api_token(token) login, group_id = sql.get_username_groupid_from_api_token(token)
servers = sql.get_dick_permit(username=login, group_id=group_id, token=token) servers = funct.get_dick_permit(username=login, group_id=group_id, token=token)
for s in servers: for s in servers:
data[s[0]] = { data[s[0]] = {
@ -225,7 +226,7 @@ def service_config_show(server_id, service):
if not check_login(required_service=required_service): if not check_login(required_service=required_service):
return dict(error=_error_auth) return dict(error=_error_auth)
config_path = request.headers.get('config-file') config_path = request.headers.get('config-file')
return api_funct.get_config(server_id, service=service, config_path=config_path) return api_config_mod.get_config((server_id, service=service, config_path=config_path)
@route('/<service>/<server_id>/config', method=['POST']) @route('/<service>/<server_id>/config', method=['POST'])

101
api/api_funct.py
View File

@ -4,25 +4,30 @@ import json
from bottle import request from bottle import request
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app/')) sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app/'))
import sql import modules.db.sql as sql
import funct import modules.common.common as common
import modules.server.server as server_mod
import modules.config.section as section_mod
import modules.config.config as config_mod
import modules.roxy_wi_tools as roxy_wi_tools import modules.roxy_wi_tools as roxy_wi_tools
import modules.roxywi.logs as roxywi_logs
import modules.service.common as service_common
get_config_var = roxy_wi_tools.GetConfigVar() get_config_var = roxy_wi_tools.GetConfigVar()
def get_token(): def get_token():
try: try:
user_status, user_plan = funct.return_user_status() user_subscription = roxywi_common.return_user_status()
except Exception as e: except Exception as e:
funct.logging('API', f'Cannot get a user plan: {e}', roxywi=1) user_subscription = roxywi_common.return_unsubscribed_user_status()
return False common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
if user_status == 0: if user_subscription['user_status'] == 0:
funct.logging('API', 'You are not subscribed. Please subscribe to have access to this feature.', roxywi=1) common.logging('API', 'You are not subscribed. Please subscribe to have access to this feature.', roxywi=1)
return False return False
elif user_plan == 'user': elif user_subscription['user_plan'] == 'user':
funct.logging('API', 'This feature is not available for your plan.', roxywi=1) common.logging('API', 'This feature is not available for your plan.', roxywi=1)
return False return False
try: try:
@ -57,16 +62,16 @@ def get_token():
def check_login(required_service=0) -> bool: def check_login(required_service=0) -> bool:
try: try:
user_status, user_plan = funct.return_user_status() user_subscription = roxywi_common.return_user_status()
except Exception as e: except Exception as e:
funct.logging('API', f'Cannot get a user plan: {e}', roxywi=1) user_subscription = roxywi_common.return_unsubscribed_user_status()
return False common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
if user_status == 0: if user_subscription['user_status'] == 0:
funct.logging('API', 'You are not subscribed. Please subscribe to have access to this feature.', roxywi=1) common.logging('API', 'You are not subscribed. Please subscribe to have access to this feature.', roxywi=1)
return False return False
elif user_plan == 'user': elif user_subscription['user_plan'] == 'user':
funct.logging('API', 'This feature is not available for your plan.', roxywi=1) common.logging('API', 'This feature is not available for your plan.', roxywi=1)
return False return False
token = request.headers.get('token') token = request.headers.get('token')
@ -159,7 +164,7 @@ def get_status(server_id, service):
for s in servers: for s in servers:
if service == 'haproxy': if service == 'haproxy':
cmd = 'echo "show info" |nc %s %s -w 1|grep -e "Ver\|CurrConns\|Maxco\|MB\|Uptime:"' % (s[2], sql.get_setting('haproxy_sock_port')) cmd = 'echo "show info" |nc %s %s -w 1|grep -e "Ver\|CurrConns\|Maxco\|MB\|Uptime:"' % (s[2], sql.get_setting('haproxy_sock_port'))
out = funct.subprocess_execute(cmd) out = server_mod.subprocess_execute(cmd)
data = return_dict_from_out(server_id, out[0]) data = return_dict_from_out(server_id, out[0])
elif service == 'nginx': elif service == 'nginx':
cmd = [ cmd = [
@ -167,7 +172,7 @@ def get_status(server_id, service):
"|awk '{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l" "|awk '{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l"
] ]
try: try:
out = funct.ssh_command(s[2], cmd) out = server_mod.ssh_command(s[2], cmd)
out1 = out.split() out1 = out.split()
json_for_sending = {server_id: {"Version": out1[0].split('/')[1], "Uptime": out1[2], "Process": out1[3]}} json_for_sending = {server_id: {"Version": out1[0].split('/')[1], "Uptime": out1[2], "Process": out1[3]}}
data = json_for_sending data = json_for_sending
@ -182,7 +187,7 @@ def get_status(server_id, service):
(apache_stats_user, apache_stats_password, s[2], apache_stats_port, apache_stats_page) (apache_stats_user, apache_stats_password, s[2], apache_stats_port, apache_stats_page)
servers_with_status = list() servers_with_status = list()
try: try:
out = funct.subprocess_execute(cmd) out = server_mod.subprocess_execute(cmd)
if out != '': if out != '':
for k in out: for k in out:
servers_with_status.append(k) servers_with_status.append(k)
@ -218,7 +223,7 @@ def get_all_statuses():
for s in servers: for s in servers:
cmd = 'echo "show info" |nc %s %s -w 1|grep -e "Ver\|CurrConns\|Maxco\|MB\|Uptime:"' % (s[2], sock_port) cmd = 'echo "show info" |nc %s %s -w 1|grep -e "Ver\|CurrConns\|Maxco\|MB\|Uptime:"' % (s[2], sock_port)
data[s[2]] = {} data[s[2]] = {}
out = funct.subprocess_execute(cmd) out = server_mod.subprocess_execute(cmd)
data[s[2]] = return_dict_from_out(s[1], out[0]) data[s[2]] = return_dict_from_out(s[1], out[0])
except Exception: except Exception:
data = {"error": "Cannot find the server"} data = {"error": "Cannot find the server"}
@ -238,9 +243,9 @@ def actions(server_id, action, service):
for s in servers: for s in servers:
if service == 'apache': if service == 'apache':
service = funct.get_correct_apache_service_name(server_ip=s[2]) service = service_common.get_correct_apache_service_name(server_ip=s[2])
cmd = ["sudo systemctl %s %s" % (action, service)] cmd = ["sudo systemctl %s %s" % (action, service)]
error = funct.ssh_command(s[2], cmd) error = server_mod.ssh_command(s[2], cmd)
done = error if error else 'done' done = error if error else 'done'
data = {'server_id': s[0], 'ip': s[2], 'action': action, 'hostname': s[1], 'status': done} data = {'server_id': s[0], 'ip': s[2], 'action': action, 'hostname': s[1], 'status': done}
@ -261,7 +266,7 @@ def runtime(server_id):
cmd = ['echo "%s" |sudo socat stdio %s' % (action, haproxy_sock)] cmd = ['echo "%s" |sudo socat stdio %s' % (action, haproxy_sock)]
for s in servers: for s in servers:
out = funct.ssh_command(s[2], cmd) out = server_mod.ssh_command(s[2], cmd)
data = {server_id: {}} data = {server_id: {}}
sep_data = out.split('\r\n') sep_data = out.split('\r\n')
@ -299,7 +304,7 @@ def get_config(server_id, **kwargs):
for s in servers: for s in servers:
cfg = '/tmp/' + s[2] + '.cfg' cfg = '/tmp/' + s[2] + '.cfg'
funct.get_config(s[2], cfg, service=service, config_file_name=kwargs.get('config_path')) config_mod.get_config(s[2], cfg, service=service, config_file_name=kwargs.get('config_path'))
os.system("sed -i 's/\\n/\n/g' " + cfg) os.system("sed -i 's/\\n/\n/g' " + cfg)
try: try:
conf = open(cfg, "r") conf = open(cfg, "r")
@ -324,8 +329,8 @@ def get_section(server_id):
for s in servers: for s in servers:
cfg = '/tmp/' + s[2] + '.cfg' cfg = '/tmp/' + s[2] + '.cfg'
funct.get_config(s[2], cfg) config_mod.get_config(s[2], cfg)
start_line, end_line, config_read = funct.get_section_from_config(cfg, section_name) start_line, end_line, config_read = section_mod.get_section_from_config(cfg, section_name)
data = {server_id: {section_name: {'start_line': start_line, 'end_line': end_line, 'config_read': config_read}}} data = {server_id: {section_name: {'start_line': start_line, 'end_line': end_line, 'config_read': config_read}}}
return dict(section=data) return dict(section=data)
@ -351,9 +356,9 @@ def edit_section(server_id):
ip = s[2] ip = s[2]
cfg = f'/tmp/{ip}.cfg' cfg = f'/tmp/{ip}.cfg'
out = funct.get_config(ip, cfg) out = config_mod.get_config(ip, cfg)
start_line, end_line, config_read = funct.get_section_from_config(cfg, section_name) start_line, end_line, config_read = section_mod.get_section_from_config(cfg, section_name)
returned_config = funct.rewrite_section(start_line, end_line, cfg, body) returned_config = funct.section_mod(start_line, end_line, cfg, body)
time_zone = sql.get_setting('time_zone') time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone) get_date = roxy_wi_tools.GetDate(time_zone)
cur_date = get_date.return_date('config') cur_date = get_date.return_date('config')
@ -366,9 +371,9 @@ def edit_section(server_id):
conf.write(returned_config) conf.write(returned_config)
return_mess = 'section has been updated' return_mess = 'section has been updated'
os.system(f"/bin/cp {cfg} {cfg_for_save}") os.system(f"/bin/cp {cfg} {cfg_for_save}")
out = funct.master_slave_upload_and_restart(ip, cfg, save, login=login) out = config_mod.master_slave_upload_and_restart(ip, cfg, save, login=login)
funct.logging('localhost', f" section {section_name} has been edited via API", login=login) common.logging('localhost', f" section {section_name} has been edited via API", login=login)
funct.logging( common.logging(
ip, f'Section {section_name} has been edited via API', roxywi=1, ip, f'Section {section_name} has been edited via API', roxywi=1,
login=login, keep_history=1, service='haproxy' login=login, keep_history=1, service='haproxy'
) )
@ -435,14 +440,14 @@ def upload_config(server_id, **kwargs):
os.system("/bin/cp %s %s" % (cfg, cfg_for_save)) os.system("/bin/cp %s %s" % (cfg, cfg_for_save))
if kwargs.get('service') == 'nginx': if kwargs.get('service') == 'nginx':
out = funct.master_slave_upload_and_restart(ip, cfg, save, login=login, nginx=nginx, config_file_name=kwargs.get('config_path')) out = config_mod.master_slave_upload_and_restart(ip, cfg, save, login=login, nginx=nginx, config_file_name=kwargs.get('config_path'))
elif kwargs.get('service') == 'apache': elif kwargs.get('service') == 'apache':
out = funct.master_slave_upload_and_restart(ip, cfg, save, login=login, apache=apache, config_file_name=kwargs.get('config_path')) out = config_mod.master_slave_upload_and_restart(ip, cfg, save, login=login, apache=apache, config_file_name=kwargs.get('config_path'))
else: else:
out = funct.master_slave_upload_and_restart(ip, cfg, save, login=login) out = config_mod.master_slave_upload_and_restart(ip, cfg, save, login=login)
funct.logging('localhost', " config has been uploaded via API", login=login) common.logging('localhost', " config has been uploaded via API", login=login)
funct.logging( common.logging(
ip, 'Config has been uploaded via API', roxywi=1, login=login, keep_history=1, service=service_name ip, 'Config has been uploaded via API', roxywi=1, login=login, keep_history=1, service=service_name
) )
@ -482,14 +487,14 @@ def add_to_config(server_id):
cfg = f'/tmp/{ip}.cfg' cfg = f'/tmp/{ip}.cfg'
cur_date = get_date.return_date('config') cur_date = get_date.return_date('config')
cfg_for_save = f'{hap_configs_dir}{ip}-{cur_date}.cfg' cfg_for_save = f'{hap_configs_dir}{ip}-{cur_date}.cfg'
out = funct.get_config(ip, cfg) out = config_mod.get_config(ip, cfg)
try: try:
with open(cfg, "a") as conf: with open(cfg, "a") as conf:
conf.write('\n' + body + '\n') conf.write('\n' + body + '\n')
return_mess = 'section has been added to the config' return_mess = 'section has been added to the config'
os.system(f"/bin/cp {cfg} {cfg_for_save}") os.system(f"/bin/cp {cfg} {cfg_for_save}")
funct.logging('localhost', " section has been added via REST API", login=login) common.logging('localhost', " section has been added via REST API", login=login)
out = funct.upload_and_restart(ip, cfg, just_save=save) out = funct.upload_and_restart(ip, cfg, just_save=save)
if out: if out:
@ -538,7 +543,7 @@ def show_log(server_id):
data[server_id] = {"error": "Cannot find the server"} data[server_id] = {"error": "Cannot find the server"}
return dict(error=data) return dict(error=data)
out = funct.show_roxy_log(ip, rows=rows, waf=str(waf), grep=grep, hour=str(hour), minut=str(minute), hour1=str(hour1), minut1=str(minute1), html=0) out = roxywi_logs.show_roxy_log(ip, rows=rows, waf=str(waf), grep=grep, hour=str(hour), minut=str(minute), hour1=str(hour1), minut1=str(minute1), html=0)
data = {server_id: out} data = {server_id: out}
return dict(log=data) return dict(log=data)
@ -559,14 +564,14 @@ def add_acl(server_id):
server_ip = s[2] server_ip = s[2]
try: try:
out = funct.get_config(server_ip, cfg) out = config_mod.get_config(server_ip, cfg)
start_line, end_line, config_read = funct.get_section_from_config(cfg, section_name) start_line, end_line, config_read = section_mod.get_section_from_config(cfg, section_name)
except Exception as e: except Exception as e:
status = "Cannot read section: " + str(e) status = "Cannot read section: " + str(e)
try: try:
config_read += acl config_read += acl
config = funct.rewrite_section(start_line, end_line, cfg, config_read) config = funct.section_mod(start_line, end_line, cfg, config_read)
try: try:
with open(cfg, "w") as conf: with open(cfg, "w") as conf:
conf.write(config) conf.write(config)
@ -576,7 +581,7 @@ def add_acl(server_id):
status = str(e) status = str(e)
try: try:
out = funct.master_slave_upload_and_restart(server_ip, cfg, just_save=save) out = config_mod.master_slave_upload_and_restart(server_ip, cfg, just_save=save)
if out != '': if out != '':
status = out status = out
else: else:
@ -602,8 +607,8 @@ def del_acl(server_id):
cfg = '/tmp/' + s[2] + '.cfg' cfg = '/tmp/' + s[2] + '.cfg'
server_ip = s[2] server_ip = s[2]
try: try:
out = funct.get_config(server_ip, cfg) out = config_mod.get_config(server_ip, cfg)
start_line, end_line, config_read = funct.get_section_from_config(cfg, section_name) start_line, end_line, config_read = section_mod.get_section_from_config(cfg, section_name)
except Exception as e: except Exception as e:
status = str(e) status = str(e)
@ -617,7 +622,7 @@ def del_acl(server_id):
status = 'Cannot delete ACL: ' + str(e) status = 'Cannot delete ACL: ' + str(e)
try: try:
config = funct.rewrite_section(start_line, end_line, cfg, config_new_read) config = funct.section_mod(start_line, end_line, cfg, config_new_read)
try: try:
with open(cfg, "w") as conf: with open(cfg, "w") as conf:
conf.write(config) conf.write(config)
@ -627,7 +632,7 @@ def del_acl(server_id):
status = 'Cannot delete ACL: ' + str(e) status = 'Cannot delete ACL: ' + str(e)
try: try:
out = funct.master_slave_upload_and_restart(server_ip, cfg, just_save=save) out = config_mod.master_slave_upload_and_restart(server_ip, cfg, just_save=save)
if out != '': if out != '':
status = out status = out
else: else:

35
app/add.py
View File

@ -6,27 +6,32 @@ import http.cookies
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
import funct import modules.db.sql as sql
import sql import modules.common.common as common
import modules.config.config as config_mod
import modules.roxy_wi_tools as roxy_wi_tools import modules.roxy_wi_tools as roxy_wi_tools
import modules.roxywi.common as roxywi_common
import modules.roxywi.auth as roxywi_auth
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
get_config_var = roxy_wi_tools.GetConfigVar() get_config_var = roxy_wi_tools.GetConfigVar()
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('add.html') template = env.get_template('add.html')
form = funct.form form = common.form
serv = form.getvalue('serv') serv = form.getvalue('serv')
print('Content-type: text/html\n') print('Content-type: text/html\n')
user, user_id, role, token, servers, user_services = funct.get_users_params(haproxy=1) user_params = roxywi_common.get_users_params(haproxy=1)
try: try:
funct.check_login(user_id, token, service=1) roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1)
except Exception as e: except Exception as e:
print(f'error {e}') print(f'error {e}')
sys.exit() sys.exit()
funct.page_for_admin(level=3) roxywi_auth.page_for_admin(level=3)
if all(v is None for v in [ if all(v is None for v in [
form.getvalue('mode'), form.getvalue('new_userlist'), form.getvalue('mode'), form.getvalue('new_userlist'),
@ -53,13 +58,13 @@ if all(v is None for v in [
if not os.path.exists(black_dir): if not os.path.exists(black_dir):
os.makedirs(black_dir) os.makedirs(black_dir)
white_lists = funct.get_files(folder=white_dir, file_format="lst") white_lists = roxywi_common.get_files(folder=white_dir, file_format="lst")
black_lists = funct.get_files(folder=black_dir, file_format="lst") black_lists = roxywi_common.get_files(folder=black_dir, file_format="lst")
template = template.render( template = template.render(
title="Add: ", role=role, user=user, selects=servers, add=form.getvalue('add'), conf_add=form.getvalue('conf'), title="Add: ", role=user_params['role'], user=user_params['user'], selects=user_params['servers'], add=form.getvalue('add'), conf_add=form.getvalue('conf'),
group=user_group, options=sql.select_options(), saved_servers=sql.select_saved_servers(), white_lists=white_lists, group=user_group, options=sql.select_options(), saved_servers=sql.select_saved_servers(), white_lists=white_lists,
black_lists=black_lists, user_services=user_services, token=token black_lists=black_lists, user_services=user_params['user_services'], token=user_params['token']
) )
print(template) print(template)
@ -382,21 +387,21 @@ if form.getvalue('generateconfig') is None and serv is not None:
server_name = serv server_name = serv
try: try:
funct.check_is_server_in_group(serv) roxywi_common.check_is_server_in_group(serv)
if config_add: if config_add:
hap_configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir') hap_configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')
cfg = hap_configs_dir + serv + "-" + funct.get_data('config') + ".cfg" cfg = hap_configs_dir + serv + "-" + get_date.return_date('config') + ".cfg"
funct.get_config(serv, cfg) config_mod.get_config(serv, cfg)
try: try:
with open(cfg, "a") as conf: with open(cfg, "a") as conf:
conf.write(config_add) conf.write(config_add)
except IOError: except IOError:
print("error: Can't read import config file") print("error: Can't read import config file")
funct.logging(serv, "add.py add new %s" % name) roxywi_common.logging(serv, "add.py add new %s" % name)
output = funct.master_slave_upload_and_restart(serv, cfg, just_save="save") output = config_mod.master_slave_upload_and_restart(serv, cfg, just_save="save")
if output: if output:
print(output) print(output)
else: else:

26
app/add_nginx.py
View File

@ -4,32 +4,34 @@ import sys
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
import funct import modules.db.sql as sql
import sql import modules.common.common as common
import modules.roxy_wi_tools as roxy_wi_tools import modules.roxy_wi_tools as roxy_wi_tools
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
get_config_var = roxy_wi_tools.GetConfigVar() get_config_var = roxy_wi_tools.GetConfigVar()
form = funct.form form = common.form
serv = form.getvalue('serv') serv = form.getvalue('serv')
print('Content-type: text/html\n') print('Content-type: text/html\n')
user, user_id, role, token, servers, user_services = funct.get_users_params(service='nginx') user_params = roxywi_common.get_users_params(service='nginx')
try: try:
funct.check_login(user_id, token, service=2) roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=2)
except Exception as e: except Exception as e:
print(f'error {e}') print(f'error {e}')
sys.exit() sys.exit()
funct.page_for_admin(level=3) roxywi_auth.page_for_admin(level=3)
if all(v is None for v in [form.getvalue('upstream'), form.getvalue('generateconfig')]): if all(v is None for v in [form.getvalue('upstream'), form.getvalue('generateconfig')]):
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('add_nginx.html') template = env.get_template('add_nginx.html')
template = template.render( template = template.render(
title="Add: ", role=role, user=user, selects=servers, add=form.getvalue('add'), conf_add=form.getvalue('conf'), title="Add: ", role=user_params['role'], user=user_params['user'], selects=user_params['servers'], add=form.getvalue('add'), conf_add=form.getvalue('conf'),
user_services=user_services, token=token user_services=user_params['user_services'], token=user_params['token']
) )
print(template) print(template)
elif form.getvalue('upstream') is not None: elif form.getvalue('upstream') is not None:
@ -78,13 +80,13 @@ if form.getvalue('generateconfig') is None and serv is not None:
server_name = serv server_name = serv
try: try:
funct.check_is_server_in_group(serv) roxywi_common.check_is_server_in_group(serv)
if config_add: if config_add:
sub_folder = 'conf.d' if 'upstream' in config_name else 'sites-enabled' sub_folder = 'conf.d' if 'upstream' in config_name else 'sites-enabled'
service_configs_dir = get_config_var.get_config_var('configs', 'nginx_save_configs_dir') service_configs_dir = get_config_var.get_config_var('configs', 'nginx_save_configs_dir')
cfg = f'{service_configs_dir}{serv}-{config_name}.conf' cfg = f'{service_configs_dir}{serv}-{config_name}.conf'
nginx_dir = funct.return_nice_path(sql.get_setting('nginx_dir')) nginx_dir = comon.return_nice_path(sql.get_setting('nginx_dir'))
config_file_name = f'{nginx_dir}{sub_folder}/{config_name}.conf' config_file_name = f'{nginx_dir}{sub_folder}/{config_name}.conf'
@ -94,9 +96,9 @@ if form.getvalue('generateconfig') is None and serv is not None:
except IOError: except IOError:
print("error: Cannot save a new config") print("error: Cannot save a new config")
funct.logging(serv, "add_nginx.py add new %s" % config_name) roxywi_common.logging(serv, "add_nginx.py add new %s" % config_name)
output = funct.master_slave_upload_and_restart(serv, cfg, just_save="save", nginx=1, config_file_name=config_file_name) output = config_mod.master_slave_upload_and_restart(serv, cfg, just_save="save", nginx=1, config_file_name=config_file_name)
if output: if output:
print(output) print(output)

63
app/config.py
View File

@ -4,28 +4,35 @@ import sys
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
import funct import modules.db.sql as sql
import sql import modules.config.config as config_mod
import modules.roxy_wi_tools as roxy_wi_tools import modules.roxy_wi_tools as roxy_wi_tools
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.common.common as common
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
get_config_var = roxy_wi_tools.GetConfigVar() get_config_var = roxy_wi_tools.GetConfigVar()
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('config.html') template = env.get_template('config.html')
print('Content-type: text/html\n') print('Content-type: text/html\n')
form = funct.form form = common.form
serv = funct.is_ip_or_dns(form.getvalue('serv')) serv = common.is_ip_or_dns(form.getvalue('serv'))
try: try:
service = funct.checkAjaxInput(form.getvalue('service')) service = common.checkAjaxInput(form.getvalue('service'))
except Exception: except Exception:
print('<meta http-equiv="refresh" content="0; url=/app/">') print('<meta http-equiv="refresh" content="0; url=/app/">')
is_serv_protected = False is_serv_protected = False
try: try:
config_file_name = form.getvalue('config_file_name').replace('92', '/') config_file_name = form.getvalue('config_file_name').replace('92', '/')
except Exception: except Exception:
config_file_name = '' config_file_name = ''
config_read = "" config_read = ""
cfg = "" cfg = ""
stderr = "" stderr = ""
@ -33,16 +40,16 @@ error = ""
aftersave = "" aftersave = ""
is_restart = '' is_restart = ''
user, user_id, role, token, servers, user_services = funct.get_users_params() user_params = roxywi_common.get_users_params(service='nginx')
if service in ('haproxy', 'nginx', 'keepalived', 'apache'): if service in ('haproxy', 'nginx', 'keepalived', 'apache'):
service_desc = sql.select_service(service) service_desc = sql.select_service(service)
if funct.check_login(user_id, token, service=service_desc.service_id): if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id):
title = f"Working with {service_desc.service} configuration files" title = f"Working with {service_desc.service} configuration files"
action = f"config.py?service={service_desc.slug}" action = f"config.py?service={service_desc.slug}"
configs_dir = get_config_var.get_config_var('configs', 'kp_save_configs_dir') configs_dir = get_config_var.get_config_var('configs', 'kp_save_configs_dir')
file_format = 'conf' file_format = 'conf'
servers = sql.get_dick_permit(service=service_desc.slug) servers = roxywi_common.get_dick_permit(service=service_desc.slug)
if service in ('haproxy', 'nginx', 'apache'): if service in ('haproxy', 'nginx', 'apache'):
configs_dir = get_config_var.get_config_var('configs', f'{service_desc.service}_save_configs_dir') configs_dir = get_config_var.get_config_var('configs', f'{service_desc.service}_save_configs_dir')
@ -57,38 +64,38 @@ else:
if serv is not None: if serv is not None:
if service == 'nginx' or service == 'apache': if service == 'nginx' or service == 'apache':
conf_file_name_short = config_file_name.split('/')[-1] conf_file_name_short = config_file_name.split('/')[-1]
cfg = configs_dir + serv + "-" + conf_file_name_short + "-" + funct.get_data('config') + "." + file_format cfg = f"{configs_dir}{serv}-{conf_file_name_short}-{get_date.return_date('config')}.{file_format}"
else: else:
cfg = configs_dir + serv + "-" + funct.get_data('config') + "." + file_format cfg = f"{configs_dir}{serv}-{get_date.return_date('config')}.{file_format}"
if serv is not None and form.getvalue('open') is not None and form.getvalue('new_config') is None: if serv is not None and form.getvalue('open') is not None and form.getvalue('new_config') is None:
funct.check_is_server_in_group(serv) roxywi_common.check_is_server_in_group(serv)
is_serv_protected = sql.is_serv_protected(serv) is_serv_protected = sql.is_serv_protected(serv)
server_id = sql.select_server_id_by_ip(serv) server_id = sql.select_server_id_by_ip(serv)
is_restart = sql.select_service_setting(server_id, service, 'restart') is_restart = sql.select_service_setting(server_id, service, 'restart')
if service == 'keepalived': if service == 'keepalived':
error = funct.get_config(serv, cfg, keepalived=1) error = config_mod.get_config(serv, cfg, keepalived=1)
try: try:
funct.logging(serv, " Keepalived config has been opened for ") roxywi_roxywi_common.logging(serv, " Keepalived config has been opened for ")
except Exception: except Exception:
pass pass
elif service == 'nginx': elif service == 'nginx':
error = funct.get_config(serv, cfg, nginx=1, config_file_name=config_file_name) error = config_mod.get_config(serv, cfg, nginx=1, config_file_name=config_file_name)
try: try:
funct.logging(serv, " NGINX config has been opened ") roxywi_roxywi_common.logging(serv, " NGINX config has been opened ")
except Exception: except Exception:
pass pass
elif service == 'apache': elif service == 'apache':
error = funct.get_config(serv, cfg, apache=1, config_file_name=config_file_name) error = config_mod.get_config(serv, cfg, apache=1, config_file_name=config_file_name)
try: try:
funct.logging(serv, " Apache config has been opened ") roxywi_roxywi_common.logging(serv, " Apache config has been opened ")
except Exception: except Exception:
pass pass
else: else:
error = funct.get_config(serv, cfg) error = config_mod.get_config(serv, cfg)
try: try:
funct.logging(serv, " HAProxy config has been opened ") roxywi_roxywi_common.logging(serv, " HAProxy config has been opened ")
except Exception: except Exception:
pass pass
@ -105,8 +112,7 @@ if form.getvalue('new_config') is not None:
config_read = ' ' config_read = ' '
if serv is not None and form.getvalue('config') is not None: if serv is not None and form.getvalue('config') is not None:
import sys roxywi_common.check_is_server_in_group(serv)
funct.check_is_server_in_group(serv)
config = form.getvalue('config') config = form.getvalue('config')
oldcfg = form.getvalue('oldconfig') oldcfg = form.getvalue('oldconfig')
@ -119,15 +125,15 @@ if serv is not None and form.getvalue('config') is not None:
print("error: Cannot read imported config file") print("error: Cannot read imported config file")
if service == 'keepalived': if service == 'keepalived':
stderr = funct.upload_and_restart(serv, cfg, just_save=save, keepalived=1, oldcfg=oldcfg) stderr = config_mod.upload_and_restart(serv, cfg, just_save=save, keepalived=1, oldcfg=oldcfg)
elif service == 'nginx': elif service == 'nginx':
stderr = funct.master_slave_upload_and_restart(serv, cfg, just_save=save, nginx=1, oldcfg=oldcfg, config_file_name=config_file_name) stderr = config_mod.master_slave_upload_and_restart(serv, cfg, just_save=save, nginx=1, oldcfg=oldcfg, config_file_name=config_file_name)
elif service == 'apache': elif service == 'apache':
stderr = funct.master_slave_upload_and_restart(serv, cfg, just_save=save, apache=1, oldcfg=oldcfg, config_file_name=config_file_name) stderr = config_mod.master_slave_upload_and_restart(serv, cfg, just_save=save, apache=1, oldcfg=oldcfg, config_file_name=config_file_name)
else: else:
stderr = funct.master_slave_upload_and_restart(serv, cfg, just_save=save, oldcfg=oldcfg) stderr = config_mod.master_slave_upload_and_restart(serv, cfg, just_save=save, oldcfg=oldcfg)
funct.diff_config(oldcfg, cfg) config_mod.diff_config(oldcfg, cfg)
try: try:
os.system("/bin/rm -f " + configs_dir + "*.old") os.system("/bin/rm -f " + configs_dir + "*.old")
@ -140,8 +146,9 @@ if serv is not None and form.getvalue('config') is not None:
sys.exit() sys.exit()
template = template.render( template = template.render(
h2=1, title=title, role=role, action=action, user=user, select_id="serv", serv=serv, aftersave=aftersave, h2=1, title=title, role=user_params['role'], action=action, user=user_params['user'], select_id="serv", serv=serv, aftersave=aftersave,
config=config_read, cfg=cfg, selects=servers, stderr=stderr, error=error, service=service, is_restart=is_restart, config=config_read, cfg=cfg, selects=servers, stderr=stderr, error=error, service=service, is_restart=is_restart,
user_services=user_services, config_file_name=config_file_name, is_serv_protected=is_serv_protected, token=token user_services=user_params['user_services'], config_file_name=config_file_name, is_serv_protected=is_serv_protected,
token=user_params['token']
) )
print(template) print(template)

4
app/create_db.py
View File

@ -1,7 +1,7 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import distro import distro
from modules.db_model import * from modules.db.db_model import *
def default_values(): def default_values():
@ -966,7 +966,7 @@ def update_db_v_6_2_1():
def update_ver(): def update_ver():
try: try:
Version.update(version='6.2.3.0').execute() Version.update(version='6.3.0.0').execute()
except Exception: except Exception:
print('Cannot update version') print('Cannot update version')

2005
app/funct.py
View File

File diff suppressed because it is too large Load Diff

33
app/ha.py
View File

@ -1,38 +1,39 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import sys import sys
import funct import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('ha.html') template = env.get_template('ha.html')
title="Create and configure HA cluster"
print('Content-type: text/html\n') print('Content-type: text/html\n')
form = funct.form form = common.form
serv = form.getvalue('serv') serv = form.getvalue('serv')
try: user_params = roxywi_common.get_users_params(service='keepalived')
user, user_id, role, token, servers, user_services = funct.get_users_params()
except Exception:
pass
try: try:
funct.check_login(user_id, token, service=3) roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=3)
except Exception as e: except Exception as e:
print(f'error {e}') print(f'error {e}')
sys.exit() sys.exit()
funct.page_for_admin(level=2) roxywi_auth.page_for_admin(level=2)
try: try:
user_status, user_plan = funct.return_user_status() user_subscription = roxywi_common.return_user_status()
except Exception as e: except Exception as e:
user_status, user_plan = 0, 0 user_subscription = roxywi_common.return_unsubscribed_user_status()
funct.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
parsed_template = template.render(
output_from_parsed_template = template.render( h2=1, title=title, role=user_params['role'], user=user_params['user'], serv=serv, selects=user_params['servers'],
h2=1, title="Create and configure HA cluster", role=role, user=user, serv=serv, selects=servers, user_services=user_params['user_services'], user_status=user_subscription['user_status'],
user_services=user_services, user_status=user_status, user_plan=user_plan, token=token user_plan=user_subscription['user_plan'], token=user_params['token']
) )
print(output_from_parsed_template) print(parsed_template)

282
app/hapservers.py
View File

@ -3,184 +3,188 @@ import sys
import distro import distro
import funct import modules.db.sql as sql
import sql import modules.common.common as common
import modules.server.server as server_mod
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
import modules.roxywi.common as roxywi_common
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('hapservers.html') template = env.get_template('hapservers.html')
print('Content-type: text/html\n') print('Content-type: text/html\n')
user, user_id, role, token, servers, user_services = funct.get_users_params() user_params = roxywi_common.get_users_params()
services = [] services = []
servers: object servers: object
form = funct.form form = common.form
serv = funct.is_ip_or_dns(form.getvalue('serv')) serv = common.is_ip_or_dns(form.getvalue('serv'))
service = funct.checkAjaxInput(form.getvalue('service')) service = common.checkAjaxInput(form.getvalue('service'))
autorefresh = 0 autorefresh = 0
servers_waf = () servers_waf = ()
title = '' title = ''
cmd = "ps ax |grep -e 'keep_alive.py' |grep -v grep |wc -l" cmd = "ps ax |grep -e 'keep_alive.py' |grep -v grep |wc -l"
keep_alive, stderr = funct.subprocess_execute(cmd) keep_alive, stderr = server_mod.subprocess_execute(cmd)
is_restart = '' is_restart = ''
service_desc = '' service_desc = ''
restart_settings = '' restart_settings = ''
if service in ('haproxy', 'nginx', 'keepalived', 'apache'): if service in ('haproxy', 'nginx', 'keepalived', 'apache'):
service_desc = sql.select_service(service) service_desc = sql.select_service(service)
if funct.check_login(user_id, token, service=service_desc.service_id): if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id):
title = f'{service_desc.service} servers overview' title = f'{service_desc.service} servers overview'
if serv: if serv:
if funct.check_is_server_in_group(serv): if roxywi_common.check_is_server_in_group(serv):
servers = sql.select_servers(server=serv) servers = sql.select_servers(server=serv)
autorefresh = 1 autorefresh = 1
server_id = sql.select_server_id_by_ip(serv) server_id = sql.select_server_id_by_ip(serv)
docker_settings = sql.select_docker_service_settings(server_id, service_desc.slug) docker_settings = sql.select_docker_service_settings(server_id, service_desc.slug)
restart_settings = sql.select_restart_service_settings(server_id, service_desc.slug) restart_settings = sql.select_restart_service_settings(server_id, service_desc.slug)
else: else:
servers = sql.get_dick_permit(virt=1, service=service_desc.slug) servers = roxywi_common.get_dick_permit(virt=1, service=service_desc.slug)
docker_settings = sql.select_docker_services_settings(service_desc.slug) docker_settings = sql.select_docker_services_settings(service_desc.slug)
restart_settings = sql.select_restart_services_settings(service_desc.slug) restart_settings = sql.select_restart_services_settings(service_desc.slug)
else: else:
print('<meta http-equiv="refresh" content="0; url=/app/overview.py">') print('<meta http-equiv="refresh" content="0; url=/app/overview.py">')
sys.exit() sys.exit()
services_name = {'roxy-wi-checker': 'Master backends checker service', services_name = {'roxy-wi-checker': 'Master backends checker service',
'roxy-wi-keep_alive': 'Auto start service', 'roxy-wi-keep_alive': 'Auto start service',
'roxy-wi-metrics': 'Master metrics service'} 'roxy-wi-metrics': 'Master metrics service'}
for s, v in services_name.items(): for s, v in services_name.items():
if distro.id() == 'ubuntu': if distro.id() == 'ubuntu':
if s == 'roxy-wi-keep_alive': if s == 'roxy-wi-keep_alive':
s = 'roxy-wi-keep-alive' s = 'roxy-wi-keep-alive'
cmd = "apt list --installed 2>&1 |grep " + s cmd = "apt list --installed 2>&1 |grep " + s
else: else:
cmd = "rpm --query " + s + "-* |awk -F\"" + s + "\" '{print $2}' |awk -F\".noa\" '{print $1}' |sed 's/-//1' |sed 's/-/./'" cmd = "rpm --query " + s + "-* |awk -F\"" + s + "\" '{print $2}' |awk -F\".noa\" '{print $1}' |sed 's/-//1' |sed 's/-/./'"
service_ver, stderr = funct.subprocess_execute(cmd) service_ver, stderr = server_mod.subprocess_execute(cmd)
try: try:
services.append([s, service_ver[0]]) services.append([s, service_ver[0]])
except Exception: except Exception:
services.append([s, '']) services.append([s, ''])
haproxy_sock_port = sql.get_setting('haproxy_sock_port') haproxy_sock_port = sql.get_setting('haproxy_sock_port')
servers_with_status1 = [] servers_with_status1 = []
out1 = '' out1 = ''
if len(servers) == 1: if len(servers) == 1:
serv = servers[0][2] serv = servers[0][2]
for s in servers: for s in servers:
servers_with_status = list() servers_with_status = list()
servers_with_status.append(s[0]) servers_with_status.append(s[0])
servers_with_status.append(s[1]) servers_with_status.append(s[1])
servers_with_status.append(s[2]) servers_with_status.append(s[2])
servers_with_status.append(s[11]) servers_with_status.append(s[11])
if service == 'nginx': if service == 'nginx':
h = (['', ''],) h = (['', ''],)
cmd = [ cmd = [
"/usr/sbin/nginx -v 2>&1|awk '{print $3}' && systemctl status nginx |grep -e 'Active' |awk " "/usr/sbin/nginx -v 2>&1|awk '{print $3}' && systemctl status nginx |grep -e 'Active' |awk "
"'{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l"] "'{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l"]
for service_set in docker_settings: for service_set in docker_settings:
if service_set.server_id == s[0] and service_set.setting == 'dockerized' and service_set.value == '1': if service_set.server_id == s[0] and service_set.setting == 'dockerized' and service_set.value == '1':
container_name = sql.get_setting('nginx_container_name') container_name = sql.get_setting('nginx_container_name')
cmd = [ cmd = [
"docker exec -it " + container_name + " /usr/sbin/nginx -v 2>&1|awk '{print $3}' && " "docker exec -it " + container_name + " /usr/sbin/nginx -v 2>&1|awk '{print $3}' && "
"docker ps -a -f name=" + container_name + " --format '{{.Status}}'|tail -1 && ps ax |grep nginx:" "docker ps -a -f name=" + container_name + " --format '{{.Status}}'|tail -1 && ps ax |grep nginx:"
"|grep -v grep |wc -l" "|grep -v grep |wc -l"
] ]
try: try:
out = funct.ssh_command(s[2], cmd) out = server_mod.ssh_command(s[2], cmd)
h = () h = ()
out1 = [] out1 = []
for k in out.split(): for k in out.split():
out1.append(k) out1.append(k)
h = (out1,) h = (out1,)
servers_with_status.append(h) servers_with_status.append(h)
servers_with_status.append(h) servers_with_status.append(h)
servers_with_status.append(s[17]) servers_with_status.append(s[17])
except Exception: except Exception:
servers_with_status.append(h) servers_with_status.append(h)
servers_with_status.append(h) servers_with_status.append(h)
servers_with_status.append(s[17]) servers_with_status.append(s[17])
elif service == 'keepalived': elif service == 'keepalived':
h = (['', ''],) h = (['', ''],)
cmd = [ cmd = [
"/usr/sbin/keepalived -v 2>&1|head -1|awk '{print $2}' && systemctl status keepalived |" "/usr/sbin/keepalived -v 2>&1|head -1|awk '{print $2}' && systemctl status keepalived |"
"grep -e 'Active' |awk '{print $2, $9$10$11$12$13}' && ps ax |grep keepalived|grep -v grep |wc -l" "grep -e 'Active' |awk '{print $2, $9$10$11$12$13}' && ps ax |grep keepalived|grep -v grep |wc -l"
] ]
try: try:
out = funct.ssh_command(s[2], cmd) out = server_mod.ssh_command(s[2], cmd)
out1 = [] out1 = []
for k in out.split(): for k in out.split():
out1.append(k) out1.append(k)
h = (out1,) h = (out1,)
servers_with_status.append(h) servers_with_status.append(h)
servers_with_status.append(h) servers_with_status.append(h)
servers_with_status.append(s[22]) servers_with_status.append(s[22])
except Exception: except Exception:
servers_with_status.append(h) servers_with_status.append(h)
servers_with_status.append(h) servers_with_status.append(h)
servers_with_status.append(s[22]) servers_with_status.append(s[22])
elif service == 'apache': elif service == 'apache':
h = (['', ''],) h = (['', ''],)
apache_stats_user = sql.get_setting('apache_stats_user') apache_stats_user = sql.get_setting('apache_stats_user')
apache_stats_password = sql.get_setting('apache_stats_password') apache_stats_password = sql.get_setting('apache_stats_password')
apache_stats_port = sql.get_setting('apache_stats_port') apache_stats_port = sql.get_setting('apache_stats_port')
apache_stats_page = sql.get_setting('apache_stats_page') apache_stats_page = sql.get_setting('apache_stats_page')
cmd = "curl -s -u %s:%s http://%s:%s/%s?auto |grep 'ServerVersion\|Processes\|ServerUptime:'" % ( cmd = "curl -s -u %s:%s http://%s:%s/%s?auto |grep 'ServerVersion\|Processes\|ServerUptime:'" % (
apache_stats_user, apache_stats_password, s[2], apache_stats_port, apache_stats_page apache_stats_user, apache_stats_password, s[2], apache_stats_port, apache_stats_page
) )
try: try:
out = funct.subprocess_execute(cmd) out = server_mod.subprocess_execute(cmd)
if out != '': if out != '':
for k in out: for k in out:
servers_with_status.append(k) servers_with_status.append(k)
servers_with_status.append(s[22]) servers_with_status.append(s[22])
except Exception: except Exception:
servers_with_status.append(h) servers_with_status.append(h)
servers_with_status.append(h) servers_with_status.append(h)
servers_with_status.append(s[22]) servers_with_status.append(s[22])
else: else:
cmd = 'echo "show info" |nc %s %s -w 1 -v|grep -e "Ver\|Uptime:\|Process_num"' % (s[2], haproxy_sock_port) cmd = 'echo "show info" |nc %s %s -w 1 -v|grep -e "Ver\|Uptime:\|Process_num"' % (s[2], haproxy_sock_port)
out = funct.subprocess_execute(cmd) out = server_mod.subprocess_execute(cmd)
for k in out: for k in out:
if "Connection refused" not in k: if "Connection refused" not in k:
out1 = out out1 = out
else: else:
out1 = False out1 = False
servers_with_status.append(out1) servers_with_status.append(out1)
servers_with_status.append(s[12]) servers_with_status.append(s[12])
servers_with_status.append(sql.is_master(s[2])) servers_with_status.append(sql.is_master(s[2]))
servers_with_status.append(sql.select_servers(server=s[2])) servers_with_status.append(sql.select_servers(server=s[2]))
is_keepalived = sql.select_keepalived(s[2]) is_keepalived = sql.select_keepalived(s[2])
if is_keepalived: if is_keepalived:
try: try:
cmd = ['sudo kill -USR1 `cat /var/run/keepalived.pid` && sudo grep State /tmp/keepalived.data -m 1 |' cmd = ['sudo kill -USR1 `cat /var/run/keepalived.pid` && sudo grep State /tmp/keepalived.data -m 1 |'
'awk -F"=" \'{print $2}\'|tr -d \'[:space:]\' && sudo rm -f /tmp/keepalived.data'] 'awk -F"=" \'{print $2}\'|tr -d \'[:space:]\' && sudo rm -f /tmp/keepalived.data']
out = funct.ssh_command(s[2], cmd) out = server_mod.ssh_command(s[2], cmd)
out1 = ('1', out) out1 = ('1', out)
servers_with_status.append(out1) servers_with_status.append(out1)
except Exception as e: except Exception as e:
servers_with_status.append(str(e)) servers_with_status.append(str(e))
else: else:
servers_with_status.append('') servers_with_status.append('')
servers_with_status1.append(servers_with_status) servers_with_status1.append(servers_with_status)
try: try:
user_status, user_plan = funct.return_user_status() user_subscription = roxywi_common.return_user_status()
except Exception as e: except Exception as e:
user_status, user_plan = 0, 0 user_subscription = roxywi_common.return_unsubscribed_user_status()
funct.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
template = template.render( template = template.render(
h2=1, autorefresh=autorefresh, title=title, role=role, user=user, servers=servers_with_status1, h2=1, autorefresh=autorefresh, title=title, role=user_params['role'], user=user_params['user'], servers=servers_with_status1,
keep_alive=''.join(keep_alive), serv=serv, service=service, services=services, user_services=user_services, keep_alive=''.join(keep_alive), serv=serv, service=service, services=services, user_services=user_params['user_services'],
docker_settings=docker_settings, user_status=user_status, user_plan=user_plan, servers_waf=servers_waf, docker_settings=docker_settings, user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'],
restart_settings=restart_settings, service_desc=service_desc, token=token servers_waf=servers_waf, restart_settings=restart_settings, service_desc=service_desc, token=user_params['token']
) )
print(template) print(template)

61
app/history.py
View File

@ -1,6 +1,9 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import funct import modules.db.sql as sql
import sql import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
@ -8,48 +11,44 @@ template = env.get_template('history.html')
print('Content-type: text/html\n') print('Content-type: text/html\n')
try: user_params = roxywi_common.get_users_params(service='keepalived')
user, user_id, role, token, servers, user_services \
= funct.get_users_params()
services = []
except Exception:
pass
form = funct.form form = common.form
serv = funct.is_ip_or_dns(form.getvalue('serv')) serv = common.is_ip_or_dns(form.getvalue('serv'))
service = form.getvalue('service') service = form.getvalue('service')
user_id_history = form.getvalue('user_id') user_id_history = form.getvalue('user_id')
if service in ('haproxy', 'nginx', 'keepalived', 'apache'): if service in ('haproxy', 'nginx', 'keepalived', 'apache'):
service_desc = sql.select_service(service) service_desc = sql.select_service(service)
if funct.check_login(user_id, token, service=service_desc.service_id): if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id):
title = f'{service_desc.service} service history' title = f'{service_desc.service} service history'
server_id = sql.select_server_id_by_ip(serv) server_id = sql.select_server_id_by_ip(serv)
history = sql.select_action_history_by_server_id_and_service( history = sql.select_action_history_by_server_id_and_service(
server_id, server_id,
service_desc.service service_desc.service
) )
elif service == 'server': elif service == 'server':
if serv: if serv:
title = f'{serv} history' title = f'{serv} history'
if funct.check_is_server_in_group(serv): if roxywi_common.check_is_server_in_group(serv):
server_id = sql.select_server_id_by_ip(serv) server_id = sql.select_server_id_by_ip(serv)
history = sql.select_action_history_by_server_id(server_id) history = sql.select_action_history_by_server_id(server_id)
elif service == 'user': elif service == 'user':
if user_id_history: if user_id_history:
title = 'User history' title = 'User history'
history = sql.select_action_history_by_user_id(user_id_history) history = sql.select_action_history_by_user_id(user_id_history)
users = sql.select_users() users = sql.select_users()
try: try:
user_status, user_plan = funct.return_user_status() user_subscription = roxywi_common.return_user_status()
except Exception as e: except Exception as e:
user_status, user_plan = 0, 0 user_subscription = roxywi_common.return_unsubscribed_user_status()
funct.logging('Roxy-WI server', 'Cannot get a user plan: ' + str(e), roxywi=1) roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
rendered_template = template.render( rendered_template = template.render(
h2=1, autorefresh=0, title=title, role=role, user=user, users=users, serv=serv, service=service, h2=1, autorefresh=0, title=title, role=user_params['role'], user=user_params['user'], users=users, serv=serv,
history=history, user_services=user_services, token=token, user_status=user_status, user_plan=user_plan service=service, history=history, user_services=user_params['user_services'], token=user_params['token'],
user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan']
) )
print(rendered_template) print(rendered_template)

20
app/login.py
View File

@ -8,14 +8,16 @@ import datetime
import uuid import uuid
import distro import distro
import sql import modules.db.sql as sql
import funct import modules.common.common as common
import modules.server.server as server_mod
import modules.roxy_wi_tools as roxy_wi_tools import modules.roxy_wi_tools as roxy_wi_tools
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('login.html') template = env.get_template('login.html')
form = funct.form form = common.form
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_id = cookie.get('uuid') user_id = cookie.get('uuid')
@ -75,7 +77,7 @@ def send_cookie(login):
try: try:
user_name = sql.get_user_name_by_uuid(user_uuid) user_name = sql.get_user_name_by_uuid(user_uuid)
funct.logging('Roxy-WI server', f' user: {user_name}, group: {user_group} login', roxywi=1) roxywi_roxywi_common.logging('Roxy-WI server', f' user: {user_name}, group: {user_group} login', roxywi=1)
except Exception: except Exception:
pass pass
print("Content-type: text/html\n") print("Content-type: text/html\n")
@ -85,14 +87,14 @@ def send_cookie(login):
if distro.id() == 'ubuntu': if distro.id() == 'ubuntu':
if os.path.exists('/etc/apt/auth.conf.d/roxy-wi.conf'): if os.path.exists('/etc/apt/auth.conf.d/roxy-wi.conf'):
cmd = "grep login /etc/apt/auth.conf.d/roxy-wi.conf |awk '{print $2}'" cmd = "grep login /etc/apt/auth.conf.d/roxy-wi.conf |awk '{print $2}'"
get_user_name, stderr = funct.subprocess_execute(cmd) get_user_name, stderr = server_mod.subprocess_execute(cmd)
user_name = get_user_name[0] user_name = get_user_name[0]
else: else:
user_name = 'git' user_name = 'git'
else: else:
if os.path.exists('/etc/yum.repos.d/roxy-wi.repo'): if os.path.exists('/etc/yum.repos.d/roxy-wi.repo'):
cmd = "grep base /etc/yum.repos.d/roxy-wi.repo |awk -F\":\" '{print $2}'|awk -F\"/\" '{print $3}'" cmd = "grep base /etc/yum.repos.d/roxy-wi.repo |awk -F\":\" '{print $2}'|awk -F\"/\" '{print $3}'"
get_user_name, stderr = funct.subprocess_execute(cmd) get_user_name, stderr = server_mod.subprocess_execute(cmd)
user_name = get_user_name[0] user_name = get_user_name[0]
else: else:
user_name = 'git' user_name = 'git'
@ -101,7 +103,7 @@ def send_cookie(login):
else: else:
sql.insert_user_name(user_name) sql.insert_user_name(user_name)
except Exception as e: except Exception as e:
funct.logging('Cannot update subscription: ', str(e), roxywi=1) roxywi_roxywi_common.logging('Cannot update subscription: ', str(e), roxywi=1)
sys.exit() sys.exit()
@ -115,9 +117,9 @@ def ban():
c["ban"]["Secure"] = "True" c["ban"]["Secure"] = "True"
c["ban"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT") c["ban"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT")
try: try:
funct.logging('Roxy-WI server', f'{login} failed log in', roxywi=1, login=1) roxywi_roxywi_common.logging('Roxy-WI server', f'{login} failed log in', roxywi=1, login=1)
except Exception: except Exception:
funct.logging('Roxy-WI server', ' Failed log in. Wrong username', roxywi=1) roxywi_roxywi_common.logging('Roxy-WI server', ' Failed log in. Wrong username', roxywi=1)
print(c.output()) print(c.output())
print("Content-type: text/html\n") print("Content-type: text/html\n")
print('ban') print('ban')

31
app/logs.py
View File

@ -1,16 +1,16 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import funct import modules.db.sql as sql
import sql import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('logs.html') template = env.get_template('logs.html')
form = funct.form form = common.form
print('Content-type: text/html\n') print('Content-type: text/html\n')
try: user_params = roxywi_common.get_users_params()
user, user_id, role, token, servers, user_services = funct.get_users_params()
except Exception:
pass
if form.getvalue('grep') is None: if form.getvalue('grep') is None:
grep = "" grep = ""
@ -32,24 +32,25 @@ hour1 = form.getvalue('hour1')
minut = form.getvalue('minut') minut = form.getvalue('minut')
minut1 = form.getvalue('minut1') minut1 = form.getvalue('minut1')
waf = form.getvalue('waf') waf = form.getvalue('waf')
service = funct.checkAjaxInput(form.getvalue('service')) service = common.checkAjaxInput(form.getvalue('service'))
remote_file = form.getvalue('file') remote_file = form.getvalue('file')
if service in ('haproxy', 'nginx', 'keepalived', 'apache'): if service in ('haproxy', 'nginx', 'keepalived', 'apache'):
service_desc = sql.select_service(service) service_desc = sql.select_service(service)
if funct.check_login(user_id, token, service=service_desc.service_id): if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id):
title = f"{service_desc.service}`s logs" title = f"{service_desc.service}`s logs"
servers = sql.get_dick_permit(service=service_desc.slug) servers = roxywi_common.get_dick_permit(service=service_desc.slug)
elif waf == '1': elif waf == '1':
if funct.check_login(service=1): if roxywi_auth.check_login(service=1):
title = "WAF logs" title = "WAF logs"
servers = sql.get_dick_permit(haproxy=1) servers = roxywi_common.get_dick_permit(haproxy=1)
else: else:
print('<meta http-equiv="refresh" content="0; url=/app/overview.py">') print('<meta http-equiv="refresh" content="0; url=/app/overview.py">')
template = template.render( template = template.render(
h2=1, autorefresh=1, title=title, role=role, user=user, select_id="serv", selects=servers, h2=1, autorefresh=1, title=title, role=user_params['role'], user=user_params['user'], select_id="serv",
serv=form.getvalue('serv'), rows=rows, grep=grep, exgrep=exgrep, hour=hour, hour1=hour1, minut=minut, selects=servers, serv=form.getvalue('serv'), rows=rows, grep=grep, exgrep=exgrep, hour=hour, hour1=hour1,
minut1=minut1, waf=waf, service=service, user_services=user_services, token=token, remote_file=remote_file minut=minut, minut1=minut1, waf=waf, service=service, user_services=user_params['user_services'],
token=user_params['token'], remote_file=remote_file
) )
print(template) print(template)

41
app/metrics.py
View File

@ -1,25 +1,31 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import distro import distro
import funct import modules.db.sql as sql
import sql import modules.common.common as common
import modules.server.server as server_mod
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('metrics.html') template = env.get_template('metrics.html')
form = funct.form form = common.form
service = form.getvalue('service') service = form.getvalue('service')
title = 'Metrics service' title = 'Metrics service'
print('Content-type: text/html\n') print('Content-type: text/html\n')
user, user_id, role, token, servers, user_services = funct.get_users_params() user_params = roxywi_common.get_users_params()
roxywi_common.check_user_group()
try: try:
if distro.id() == 'ubuntu': if distro.id() == 'ubuntu':
cmd = "apt list --installed 2>&1 |grep roxy-wi-metrics" cmd = "apt list --installed 2>&1 |grep roxy-wi-metrics"
else: else:
cmd = "rpm -q roxy-wi-metrics-* |awk -F\"metrics\" '{print $2}' |awk -F\".noa\" '{print $1}' |sed 's/-//1' |sed 's/-/./'" cmd = "rpm -q roxy-wi-metrics-* |awk -F\"metrics\" '{print $2}' |awk -F\".noa\" '{print $1}' |sed 's/-//1' |sed 's/-/./'"
service_ver, stderr = funct.subprocess_execute(cmd) service_ver, stderr = server_mod.subprocess_execute(cmd)
services = '0' services = '0'
if not stderr: if not stderr:
@ -27,31 +33,32 @@ try:
servers = '' servers = ''
else: else:
if service == 'nginx': if service == 'nginx':
if funct.check_login(user_id, token, service=2): if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=2):
title = "NGINX`s metrics" title = "NGINX`s metrics"
servers = sql.select_nginx_servers_metrics_for_master() user_params['servers'] = sql.select_nginx_servers_metrics_for_master()
elif service == 'apache': elif service == 'apache':
if funct.check_login(user_id, token, service=4): if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=4):
title = "Apache`s metrics" title = "Apache`s metrics"
servers = sql.select_apache_servers_metrics_for_master() user_params['servers'] = sql.select_apache_servers_metrics_for_master()
else: else:
if funct.check_login(user_id, token, service=1): if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1):
title = "HAProxy`s metrics" title = "HAProxy`s metrics"
servers = sql.select_servers_metrics() group_id = roxywi_common.get_user_group(id=1)
user_params['servers'] = sql.select_servers_metrics(group_id)
service = 'haproxy' service = 'haproxy'
services = '1' services = '1'
except Exception: except Exception:
pass pass
try: try:
user_status, user_plan = funct.return_user_status() user_subscription = roxywi_common.return_user_status()
except Exception as e: except Exception as e:
user_status, user_plan = 0, 0 user_subscription = roxywi_common.return_unsubscribed_user_status()
funct.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
template = template.render( template = template.render(
h2=1, title=title, autorefresh=1, role=role, user=user, servers=servers, services=services, h2=1, title=title, autorefresh=1, role=user_params['role'], user=user_params['user'], servers=user_params['servers'],
user_services=user_services, service=service, user_status=user_status, user_plan=user_plan, token=token services=services, user_services=user_params['user_services'], service=service, user_status=user_subscription['user_status'],
user_plan=user_subscription['user_plan'], token=user_params['token']
) )
print(template) print(template)

1
app/modules/alerting/__init__.py Normal file
View File

@ -0,0 +1 @@
NAME = 'roxy-wi-alerting-module'

175
app/modules/alerting/alerting.py Normal file
View File

@ -0,0 +1,175 @@
import json
import pika
import modules.db.sql as sql
import modules.roxywi.common as roxywi_common
def send_message_to_rabbit(message: str, **kwargs) -> None:
rabbit_user = sql.get_setting('rabbitmq_user')
rabbit_password = sql.get_setting('rabbitmq_password')
rabbit_host = sql.get_setting('rabbitmq_host')
rabbit_port = sql.get_setting('rabbitmq_port')
rabbit_vhost = sql.get_setting('rabbitmq_vhost')
if kwargs.get('rabbit_queue'):
rabbit_queue = kwargs.get('rabbit_queue')
else:
rabbit_queue = sql.get_setting('rabbitmq_queue')
credentials = pika.PlainCredentials(rabbit_user, rabbit_password)
parameters = pika.ConnectionParameters(
rabbit_host,
rabbit_port,
rabbit_vhost,
credentials
)
connection = pika.BlockingConnection(parameters)
channel = connection.channel()
channel.queue_declare(queue=rabbit_queue)
channel.basic_publish(exchange='', routing_key=rabbit_queue, body=message)
connection.close()
def alert_routing(
server_ip: str, service_id: int, group_id: int, level: str, mes: str, alert_type: str
) -> None:
subject: str = level + ': ' + mes
server_id: int = sql.select_server_id_by_ip(server_ip)
checker_settings = sql.select_checker_settings_for_server(service_id, server_id)
try:
json_for_sending = {"user_group": group_id, "message": subject}
send_message_to_rabbit(json.dumps(json_for_sending))
except Exception as e:
roxywi_common.logging('Roxy-WI server', 'error: unable to send message: ' + str(e), roxywi=1)
for setting in checker_settings:
if alert_type == 'service' and setting.service_alert:
telegram_send_mess(mes, telegram_channel_id=setting.telegram_id)
slack_send_mess(mes, slack_channel_id=setting.slack_id)
if setting.email:
send_email_to_server_group(subject, mes, group_id)
if alert_type == 'backend' and setting.backend_alert:
telegram_send_mess(mes, telegram_channel_id=setting.telegram_id)
slack_send_mess(mes, slack_channel_id=setting.slack_id)
if setting.email:
send_email_to_server_group(subject, mes, group_id)
if alert_type == 'maxconn' and setting.maxconn_alert:
telegram_send_mess(mes, telegram_channel_id=setting.telegram_id)
slack_send_mess(mes, slack_channel_id=setting.slack_id)
if setting.email:
send_email_to_server_group(subject, mes, group_id)
def send_email_to_server_group(subject: str, mes: str, group_id: int) -> None:
try:
users_email = sql.select_users_emails_by_group_id(group_id)
for user_email in users_email:
send_email(user_email.email, subject, mes)
except Exception as e:
roxywi_common.logging('Roxy-WI server', f'error: unable to send email: {e}', roxywi=1)
def send_email(email_to: str, subject: str, message: str) -> None:
from smtplib import SMTP
try:
from email.MIMEText import MIMEText
except Exception:
from email.mime.text import MIMEText
mail_ssl = sql.get_setting('mail_ssl')
mail_from = sql.get_setting('mail_from')
mail_smtp_host = sql.get_setting('mail_smtp_host')
mail_smtp_port = sql.get_setting('mail_smtp_port')
mail_smtp_user = sql.get_setting('mail_smtp_user')
mail_smtp_password = sql.get_setting('mail_smtp_password')
msg = MIMEText(message)
msg['Subject'] = 'Roxy-WI: ' + subject
msg['From'] = 'Roxy-WI <' + mail_from + '>'
msg['To'] = email_to
try:
smtp_obj = SMTP(mail_smtp_host, mail_smtp_port)
if mail_ssl:
smtp_obj.starttls()
smtp_obj.login(mail_smtp_user, mail_smtp_password)
smtp_obj.send_message(msg)
roxywi_common.logging('Roxy-WI server', f'An email has been sent to {email_to}', roxywi=1)
except Exception as e:
roxywi_common.logging('Roxy-WI server', f'error: unable to send email: {e}', roxywi=1)
def telegram_send_mess(mess, **kwargs):
import telebot
from telebot import apihelper
token_bot = ''
channel_name = ''
if kwargs.get('telegram_channel_id') == 0:
return
if kwargs.get('telegram_channel_id'):
telegrams = sql.get_telegram_by_id(kwargs.get('telegram_channel_id'))
else:
telegrams = sql.get_telegram_by_ip(kwargs.get('ip'))
proxy = sql.get_setting('proxy')
for telegram in telegrams:
token_bot = telegram.token
channel_name = telegram.chanel_name
if token_bot == '' or channel_name == '':
mess = " Can't send message. Add Telegram channel before use alerting at this servers group"
roxywi_common.logging('Roxy-WI server', mess, roxywi=1)
if proxy is not None and proxy != '' and proxy != 'None':
apihelper.proxy = {'https': proxy}
try:
bot = telebot.TeleBot(token=token_bot)
bot.send_message(chat_id=channel_name, text=mess)
except Exception as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
def slack_send_mess(mess, **kwargs):
from slack_sdk import WebClient
from slack_sdk.errors import SlackApiError
slack_token = ''
channel_name = ''
if kwargs.get('slack_channel_id') == 0:
return
if kwargs.get('slack_channel_id'):
slacks = sql.get_slack_by_id(kwargs.get('slack_channel_id'))
else:
slacks = sql.get_slack_by_ip(kwargs.get('ip'))
proxy = sql.get_setting('proxy')
for slack in slacks:
slack_token = slack.token
channel_name = slack.chanel_name
if proxy is not None and proxy != '' and proxy != 'None':
proxies = dict(https=proxy, http=proxy)
client = WebClient(token=slack_token, proxies=proxies)
else:
client = WebClient(token=slack_token)
try:
client.chat_postMessage(channel='#' + channel_name, text=mess)
except SlackApiError as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)

1
app/modules/common/__init__.py Normal file
View File

@ -0,0 +1 @@
NAME = 'roxy-wi-common-modules'

64
app/modules/common/common.py Normal file
View File

@ -0,0 +1,64 @@
import re
import cgi
form = cgi.FieldStorage()
def is_ip_or_dns(server_from_request: str) -> str:
ip_regex = "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
dns_regex = "^(?!-)[A-Za-z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Za-z]{2,6}$"
try:
server_from_request = server_from_request.strip()
except Exception:
pass
try:
if server_from_request in (
'roxy-wi-checker', 'roxy-wi-keep_alive', 'roxy-wi-keep-alive', 'roxy-wi-metrics',
'roxy-wi-portscanner', 'roxy-wi-smon', 'roxy-wi-socket', 'roxy-wi-prometheus-exporter',
'prometheus', 'fail2ban', 'all', 'grafana-server', 'rabbitmq-server'
):
return server_from_request
if re.match(ip_regex, server_from_request):
return server_from_request
else:
if re.match(dns_regex, server_from_request):
return server_from_request
else:
return ''
except Exception:
return ''
def checkAjaxInput(ajax_input: str):
pattern = re.compile('[&;|$`]')
if pattern.search(ajax_input):
print('error: nice try')
return
else:
from shlex import quote
return quote(ajax_input.rstrip())
def return_nice_path(return_path: str) -> str:
if (
'nginx' not in return_path
and 'haproxy' not in return_path
and 'apache2' not in return_path
and 'httpd' not in return_path
and 'keepalived' not in return_path
):
return 'error: The path must contain the name of the service. Check it in Roxy-WI settings'
if return_path[-1] != '/':
return_path += '/'
return return_path
def string_to_dict(dict_string) -> dict:
from ast import literal_eval
return literal_eval(dict_string)
def get_key(item):
return item[0]

1
app/modules/config/__init__.py Normal file
View File

@ -0,0 +1 @@
NAME = 'roxy-wi-config-module'

374
app/modules/config/config.py Normal file
View File

@ -0,0 +1,374 @@
import os
import http.cookies
import modules.db.sql as sql
import modules.common.common as common
import modules.server.server as server_mod
import modules.roxywi.common as roxywi_common
import modules.roxy_wi_tools as roxy_wi_tools
from modules.service.common import is_not_allowed_to_restart
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
get_config_var = roxy_wi_tools.GetConfigVar()
def get_config(server_ip, cfg, **kwargs):
config_path = ''
if kwargs.get("keepalived") or kwargs.get("service") == 'keepalived':
config_path = sql.get_setting('keepalived_config_path')
elif (
kwargs.get("nginx") or kwargs.get("service") == 'nginx'
or kwargs.get("apache") or kwargs.get("service") == 'apache'
):
config_path = kwargs.get('config_file_name')
elif kwargs.get("waf") or kwargs.get("service") == 'waf':
if kwargs.get("waf") == 'haproxy':
config_path = f'{sql.get_setting("haproxy_dir")}/waf/rules/{kwargs.get("waf_rule_file")}'
elif kwargs.get("waf") == 'nginx':
config_path = f'{sql.get_setting("nginx_dir")}/waf/rules/{kwargs.get("waf_rule_file")}'
else:
config_path = sql.get_setting('haproxy_config_path')
try:
with server_mod.ssh_connect(server_ip) as ssh:
ssh.get_sftp(config_path, cfg)
except Exception as e:
roxywi_common.logging('Roxy-WI server', f'error: cannot get config: {e}', roxywi=1)
def upload(server_ip, path, file, **kwargs):
full_path = path + file
if kwargs.get('dir') == "fullpath":
full_path = path
try:
with server_mod.ssh_connect(server_ip) as ssh:
ssh.put_sftp(file, full_path)
except Exception as e:
error = str(e.args)
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
print(f' Cannot upload {file} to {full_path} to server: {server_ip} error: {error}')
return error
def upload_and_restart(server_ip: str, cfg: str, **kwargs):
error = ''
service_name = ''
container_name = ''
reload_or_restart_command = ''
file_format = 'conf'
config_path = kwargs.get('config_file_name')
config_date = get_date.return_date('config')
server_id = sql.select_server_id_by_ip(server_ip=server_ip)
if kwargs.get("nginx"):
service = 'nginx'
elif kwargs.get("apache"):
service = 'apache'
elif kwargs.get("keepalived"):
service = 'keepalived'
config_path = sql.get_setting('keepalived_config_path')
file_format = 'cfg'
elif kwargs.get('waf'):
service = 'waf'
else:
service = 'haproxy'
config_path = sql.get_setting('haproxy_config_path')
file_format = 'cfg'
tmp_file = f"{sql.get_setting('tmp_config_path')}/{config_date}.{file_format}"
is_dockerized = sql.select_service_setting(server_id, service, 'dockerized')
if is_dockerized == '1':
service_cont_name = f'{service}_container_name'
container_name = sql.get_setting(service_cont_name)
reload_command = f" && sudo docker kill -s HUP {container_name}"
restart_command = f" && sudo docker restart {container_name}"
else:
service_name = service
if service == 'haproxy':
haproxy_enterprise = sql.select_service_setting(server_id, 'haproxy', 'haproxy_enterprise')
if haproxy_enterprise == '1':
service_name = "hapee-2.0-lb"
if service == 'apache':
service_name = get_correct_apache_service_name(server_ip, 0)
reload_command = f" && sudo systemctl reload {service_name}"
restart_command = f" && sudo systemctl restart {service_name}"
if kwargs.get("just_save") == 'save':
action = 'save'
elif kwargs.get("just_save") == 'test':
action = 'test'
elif kwargs.get("just_save") == 'reload':
action = 'reload'
reload_or_restart_command = reload_command
else:
is_not_allowed_to_restart(server_id, service)
action = 'restart'
reload_or_restart_command = restart_command
if kwargs.get('login'):
login = kwargs.get('login')
else:
login = 1
try:
os.system(f"dos2unix {cfg}")
except OSError:
return 'error: there is no dos2unix'
if service == "keepalived":
move_config = f"sudo mv -f {tmp_file} {config_path}"
if action == "save":
commands = [move_config]
else:
commands = [move_config + reload_or_restart_command]
elif service == "nginx":
if is_dockerized == '1':
check_config = f"sudo docker exec -it exec {container_name} nginx -t "
else:
check_config = "sudo nginx -t "
check_and_move = f"sudo mv -f {tmp_file} {config_path} && {check_config}"
if action == "test":
commands = [f"{check_config} && sudo rm -f {tmp_file}"]
elif action == "save":
commands = [check_and_move]
else:
commands = [check_and_move + reload_or_restart_command]
if sql.return_firewall(server_ip):
commands[0] += open_port_firewalld(cfg, server_ip=server_ip, service='nginx')
elif service == "apache":
if is_dockerized == '1':
check_config = f"sudo docker exec -it exec {container_name} sudo apachectl configtest "
else:
check_config = "sudo apachectl configtest "
check_and_move = f"sudo mv -f {tmp_file} {config_path} && {check_config}"
if action == "test":
commands = [f"{check_config} && sudo rm -f {tmp_file}"]
elif action == "save":
commands = [check_and_move]
else:
commands = [check_and_move + reload_or_restart_command]
# if sql.return_firewall(server_ip):
# commands[0] += open_port_firewalld(cfg, server_ip=server_ip, service='apache')
elif service == 'waf':
check_and_move = f"sudo mv -f {tmp_file} {config_path}"
if action == "save":
commands = [check_and_move]
else:
commands = [check_and_move + reload_or_restart_command]
else:
if is_dockerized == '1':
check_config = f"sudo docker exec -it {container_name} haproxy -c -f {tmp_file}"
else:
check_config = f"sudo {service_name} -c -f {tmp_file}"
move_config = f" && sudo mv -f {tmp_file} {config_path}"
if action == "test":
commands = [f"{check_config} && sudo rm -f {tmp_file}"]
elif action == "save":
commands = [check_config + move_config]
else:
commands = [check_config + move_config + reload_or_restart_command]
if sql.return_firewall(server_ip):
commands[0] += open_port_firewalld(cfg, server_ip=server_ip)
try:
upload(server_ip, tmp_file, cfg, dir='fullpath')
try:
if action != 'test':
roxywi_common.logging(server_ip, 'A new config file has been uploaded', login=login, keep_history=1, service=service)
except Exception as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
# If master then save version of config in a new way
if not kwargs.get('slave') and service != 'waf':
from pathlib import Path
diff = ''
try:
old_cfg = kwargs.get('oldcfg')
path = Path(old_cfg)
except Exception:
old_cfg = ''
path = Path(old_cfg)
if not path.is_file():
old_cfg = f'{tmp_file}.old'
try:
get_config(server_ip, old_cfg, service=service, config_file_name=config_path)
except Exception:
roxywi_common.logging('Roxy-WI server', 'Cannot download config for diff', roxywi=1)
try:
diff = diff_config(old_cfg, cfg, return_diff=1)
except Exception as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
try:
user_id = roxywi_common.get_user_id(login=kwargs.get('login'))
sql.insert_config_version(server_id, user_id, service, cfg, config_path, diff)
except Exception as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
except Exception as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
return error
try:
error = server_mod.ssh_command(server_ip, commands)
try:
if action == 'reload' or action == 'restart':
roxywi_common.logging(server_ip, f'Service has been {action}ed', login=login, keep_history=1, service=service)
except Exception as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
except Exception as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
return e
if error.strip() != 'haproxy' and error.strip() != 'nginx':
return error.strip()
def master_slave_upload_and_restart(server_ip, cfg, just_save, **kwargs):
slave_output = ''
try:
server_name = sql.get_hostname_by_server_ip(server_ip)
except Exception:
server_name = server_ip
if kwargs.get('login'):
login = kwargs.get('login')
else:
login = ''
is_master = [masters[0] for masters in sql.is_master(server_ip)]
if is_master[0] is not None:
slv_output = upload_and_restart(
is_master[0], cfg, just_save=just_save, nginx=kwargs.get('nginx'), waf=kwargs.get('waf'),
apache=kwargs.get('apache'), config_file_name=kwargs.get('config_file_name'), slave=1
)
slave_output += f'<br>slave_server:\n{slv_output}'
output = upload_and_restart(
server_ip, cfg, just_save=just_save, nginx=kwargs.get('nginx'), waf=kwargs.get('waf'),
apache=kwargs.get('apache'), config_file_name=kwargs.get('config_file_name'),
oldcfg=kwargs.get('oldcfg'), login=login
)
output = server_name + ':\n' + output
output = output + slave_output
return output
def open_port_firewalld(cfg, server_ip, **kwargs):
try:
conf = open(cfg, "r")
except IOError:
print('<div class="alert alert-danger">Cannot read exported config file</div>')
return
firewalld_commands = ' &&'
ports = ''
for line in conf:
if kwargs.get('service') == 'nginx':
if "listen " in line and '#' not in line:
try:
listen = ' '.join(line.split())
listen = listen.split(" ")[1]
listen = listen.split(";")[0]
try:
listen = int(listen)
ports += str(listen) + ' '
firewalld_commands += f' sudo firewall-cmd --zone=public --add-port={listen}/tcp --permanent -q &&'
except Exception:
pass
except Exception:
pass
else:
if "bind" in line:
try:
bind = line.split(":")
bind[1] = bind[1].strip(' ')
bind = bind[1].split("ssl")
bind = bind[0].strip(' \t\n\r')
try:
bind = int(bind)
firewalld_commands += f' sudo firewall-cmd --zone=public --add-port={bind}/tcp --permanent -q &&'
ports += str(bind) + ' '
except Exception:
pass
except Exception:
pass
firewalld_commands += 'sudo firewall-cmd --reload -q'
roxywi_common.logging(server_ip, f' Next ports have been opened: {ports}')
return firewalld_commands
def diff_config(oldcfg, cfg, **kwargs):
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
log_path = get_config_var.get_config_var('main', 'log_path')
user_group = roxywi_common.get_user_group()
diff = ""
date = get_date.return_date('date_in_log')
log_date = get_date.return_date('logs')
cmd = "/bin/diff -ub %s %s" % (oldcfg, cfg)
try:
user_uuid = cookie.get('uuid')
login = sql.get_user_name_by_uuid(user_uuid.value)
except Exception:
login = ''
output, stderr = server_mod.subprocess_execute(cmd)
if kwargs.get('return_diff'):
for line in output:
diff += line + "\n"
return diff
else:
for line in output:
diff += f"{date} user: {login}, group: {user_group} {line}\n"
log_file = f"{log_path}/config_edit-{log_date}"
try:
with open(log_file, 'a') as log:
log.write(diff)
except IOError:
print(f'<center><div class="alert alert-danger">Can\'t read write change to log. {stderr}</div></center>')
pass
def show_finding_in_config(stdout: str, **kwargs) -> str:
grep = ''
out = '<div class="line">--</div>'
if kwargs.get('grep'):
grep = kwargs.get('grep')
grep = re.sub(r'[?|$|!|^|*|\]|\[|,| |]', r'', grep)
for line in stdout:
if kwargs.get('grep'):
line = line.replace(grep, f'<span style="color: red; font-weight: bold;">{grep}</span>')
line_class = "line" if '--' in line else "line3"
out += f'<div class="{line_class}">{line}</div>'
out += '<div class="line">--</div>'
return out
def get_userlists(config):
return_config = ''
with open(config, 'r') as f:
for line in f:
if line.startswith('userlist'):
line = line.strip()
return_config += line + ','
return return_config

220
app/modules/config/runtime.py Normal file
View File

@ -0,0 +1,220 @@
import json
import modules.db.sql as sql
import modules.common.common as common
import modules.config.config as config_mod
import modules.server.server as server_mod
import modules.roxywi.common as roxywi_common
import modules.roxy_wi_tools as roxy_wi_tools
form = common.form
serv = form.getvalue('serv')
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
get_config_var = roxy_wi_tools.GetConfigVar()
def get_all_stick_table():
hap_sock_p = sql.get_setting('haproxy_sock_port')
cmd = 'echo "show table"|nc %s %s |awk \'{print $3}\' | tr -d \'\n\' | tr -d \'[:space:]\'' % (serv, hap_sock_p)
output, stderr = server_mod.subprocess_execute(cmd)
return output[0]
def get_stick_table(table):
hap_sock_p = sql.get_setting('haproxy_sock_port')
cmd = 'echo "show table %s"|nc %s %s |awk -F"#" \'{print $2}\' |head -1 | tr -d \'\n\'' % (table, serv, hap_sock_p)
output, stderr = server_mod.subprocess_execute(cmd)
tables_head = []
for i in output[0].split(','):
i = i.split(':')[1]
tables_head.append(i)
cmd = 'echo "show table %s"|nc %s %s |grep -v "#"' % (table, serv, hap_sock_p)
output, stderr = server_mod.subprocess_execute(cmd)
return tables_head, output
def show_backends(server_ip, **kwargs):
hap_sock_p = sql.get_setting('haproxy_sock_port')
cmd = f'echo "show backend" |nc {server_ip} {hap_sock_p}'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr:
roxywi_common.logging('Roxy-WI server', ' ' + stderr, roxywi=1)
if kwargs.get('ret'):
ret = list()
else:
ret = ""
for line in output:
if any(s in line for s in ('#', 'stats', 'MASTER', '<')):
continue
if len(line) > 1:
back = json.dumps(line).split("\"")
if kwargs.get('ret'):
ret.append(back[1])
else:
print(back[1], end="<br>")
if kwargs.get('ret'):
return ret
def get_backends_from_config(server_ip: str, backends='') -> None:
config_date = get_date.return_date('config')
configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')
format_cfg = 'cfg'
try:
cfg = configs_dir + roxywi_comon.get_files(configs_dir, format_cfg)[0]
except Exception as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
try:
cfg = f'{configs_dir}{server_ip}-{config_date}.{format_cfg}'
except Exception:
roxywi_common.logging('Roxy-WI server', ' Cannot generate cfg path', roxywi=1)
return
try:
config_mod.get_config(server_ip, cfg)
except Exception:
roxywi_common.logging('Roxy-WI server', ' Cannot download config', roxywi=1)
print('error: Cannot get backends')
return
with open(cfg, 'r') as f:
for line in f:
if backends == 'frontend':
if (line.startswith('listen') or line.startswith('frontend')) and 'stats' not in line:
line = line.strip()
print(line.split(' ')[1], end="<br>")
def change_ip_and_port():
backend_backend = common.checkAjaxInput(form.getvalue('backend_backend'))
backend_server = common.checkAjaxInput(form.getvalue('backend_server'))
backend_ip = common.checkAjaxInput(form.getvalue('backend_ip'))
backend_port = common.checkAjaxInput(form.getvalue('backend_port'))
if form.getvalue('backend_ip') is None:
print('error: Backend IP must be IP and not 0')
sys.exit()
if form.getvalue('backend_port') is None:
print('error: The backend port must be integer and not 0')
sys.exit()
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
MASTERS = sql.is_master(serv)
for master in MASTERS:
if master[0] is not None:
cmd = 'echo "set server %s/%s addr %s port %s check-port %s" |nc %s %s' % (
backend_backend, backend_server, backend_ip, backend_port, backend_port, master[0], haproxy_sock_port)
output, stderr = server_mod.subprocess_execute(cmd)
print(output[0])
roxywi_common.logging(
master[0], 'IP address and port have been changed. On: {}/{} to {}:{}'.format(
backend_backend, backend_server, backend_ip, backend_port
),
login=1, keep_history=1, service='haproxy'
)
cmd = 'echo "set server %s/%s addr %s port %s check-port %s" |nc %s %s' % (
backend_backend, backend_server, backend_ip, backend_port, backend_port, serv, haproxy_sock_port)
roxywi_common.logging(
serv,
'IP address and port have been changed. On: {}/{} to {}:{}'.format(backend_backend, backend_server, backend_ip,
backend_port),
login=1, keep_history=1, service='haproxy'
)
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
print('error: ' + stderr[0])
else:
print(output[0])
configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')
cfg = configs_dir + serv + "-" + get_date.return_date('config') + ".cfg"
config_mod.get_config(serv, cfg)
cmd = 'string=`grep %s %s -n -A25 |grep "server %s" |head -1|awk -F"-" \'{print $1}\'` ' \
'&& sed -Ei "$( echo $string)s/((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5]):[0-9]+/%s:%s/g" %s' % \
(backend_backend, cfg, backend_server, backend_ip, backend_port, cfg)
server_mod.subprocess_execute(cmd)
config_mod.master_slave_upload_and_restart(serv, cfg, just_save='save')
def change_maxconn():
frontend = common.checkAjaxInput(form.getvalue('maxconn_frontend'))
maxconn = common.checkAjaxInput(form.getvalue('maxconn_int'))
if form.getvalue('maxconn_int') is None:
print('error: Maxconn must be integer and not 0')
sys.exit()
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
MASTERS = sql.is_master(serv)
for master in MASTERS:
if master[0] is not None:
if frontend == 'global':
cmd = 'echo "set maxconn %s %s" |nc %s %s' % (frontend, maxconn, master[0], haproxy_sock_port)
else:
cmd = 'echo "set maxconn frontend %s %s" |nc %s %s' % (frontend, maxconn, master[0], haproxy_sock_port)
output, stderr = server_mod.subprocess_execute(cmd)
roxywi_common.logging(master[0], 'Maxconn has been changed. On: {} to {}'.format(frontend, maxconn), login=1,
keep_history=1,
service='haproxy')
if frontend == 'global':
cmd = 'echo "set maxconn %s %s" |nc %s %s' % (frontend, maxconn, serv, haproxy_sock_port)
else:
cmd = 'echo "set maxconn frontend %s %s" |nc %s %s' % (frontend, maxconn, serv, haproxy_sock_port)
print(cmd)
roxywi_common.logging(serv, 'Maxconn has been changed. On: {} to {}'.format(frontend, maxconn), login=1,
keep_history=1,
service='haproxy')
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
print(stderr[0])
elif output[0] == '':
configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')
cfg = configs_dir + serv + "-" + get_date.return_date('config') + ".cfg"
config_mod.get_config(serv, cfg)
cmd = 'string=`grep %s %s -n -A5 |grep maxcon -n |awk -F":" \'{print $2}\'|awk -F"-" \'{print $1}\'` ' \
'&& sed -Ei "$( echo $string)s/[0-9]+/%s/g" %s' % (frontend, cfg, maxconn, cfg)
server_mod.subprocess_execute(cmd)
config_mod.master_slave_upload_and_restart(serv, cfg, just_save='save')
print('success: Maxconn for %s has been set to %s ' % (frontend, maxconn))
else:
print('error: ' + output[0])
def table_select():
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates'), autoescape=True,
extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'], trim_blocks=True, lstrip_blocks=True)
table = form.getvalue('table_select')
if table == 'All':
template = env.get_template('ajax/stick_tables.html')
tables = get_all_stick_table()
table = []
for t in tables.split(','):
if t != '':
table_id = []
tables_head = []
tables_head1, table1 = get_stick_table(t)
table_id.append(tables_head1)
table_id.append(table1)
table.append(table_id)
template = template.render(table=table)
else:
template = env.get_template('ajax/stick_table.html')
tables_head, table = get_stick_table(table)
template = template.render(tables_head=tables_head, table=table)
print(template)

96
app/modules/config/section.py Normal file
View File

@ -0,0 +1,96 @@
import re
import modules.db.sql as sql
import modules.server.server as server_mod
from modules.common.common import return_nice_path
def get_sections(config, **kwargs):
return_config = list()
with open(config, 'r') as f:
for line in f:
if kwargs.get('service') == 'keepalived':
ip_pattern = re.compile('\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}')
find_ip = re.findall(ip_pattern, line)
if find_ip:
return_config.append(find_ip[0])
else:
if line.startswith((
'global', 'listen', 'frontend', 'backend', 'cache', 'defaults', '#HideBlockStart',
'#HideBlockEnd', 'peers', 'resolvers', 'userlist', 'http-errors'
)):
line = line.strip()
return_config.append(line)
return return_config
def get_section_from_config(config, section):
record = False
start_line = ""
end_line = ""
return_config = ""
with open(config, 'r') as f:
for index, line in enumerate(f):
if line.startswith(section + '\n'):
start_line = index
return_config += line
record = True
continue
if record:
if line.startswith((
'global', 'listen', 'frontend', 'backend', 'cache', 'defaults', '#HideBlockStart',
'#HideBlockEnd', 'peers', 'resolvers', 'userlist', 'http-errors'
)):
record = False
end_line = index
end_line = end_line - 1
else:
return_config += line
if end_line == "":
f = open(config, "r")
line_list = f.readlines()
end_line = len(line_list)
return start_line, end_line, return_config
def rewrite_section(start_line, end_line, config, section):
record = False
start_line = int(start_line)
end_line = int(end_line)
return_config = ""
with open(config, 'r') as f:
for index, line in enumerate(f):
index = int(index)
if index == start_line:
record = True
return_config += section
return_config += "\n"
continue
if index == end_line:
record = False
continue
if record:
continue
return_config += line
return return_config
def get_remote_sections(server_ip: str, service: str) -> str:
remote_dir = service + '_dir'
config_dir = sql.get_setting(remote_dir)
config_dir = return_nice_path(config_dir)
section_name = 'server_name'
if service == 'apache':
section_name = 'ServerName'
commands = [f"sudo grep {section_name} {config_dir}*/*.conf -R |grep -v '${{}}\|#'|awk '{{print $1, $3}}'"]
backends = server_mod.ssh_command(server_ip, commands)
return backends

1
app/modules/db/__init__.py Normal file
View File

@ -0,0 +1 @@
NAME = 'roxy-wi-db-module'

0
app/modules/db_model.py → app/modules/db/db_model.py
View File

169
app/sql.py → app/modules/db/sql.py
View File

@ -4,16 +4,27 @@ import traceback
import sys import sys
import os import os
from modules.db_model import * from modules.db.db_model import *
import modules.roxy_wi_tools as roxy_wi_tools import modules.roxy_wi_tools as roxy_wi_tools
def get_setting(param, **kwargs): def get_setting(param, **kwargs):
import funct import http.cookies
user_group = ''
try: try:
user_group = funct.get_user_group(id=1) cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_group_id = cookie.get('group')
user_group_id1 = user_group_id.value
groups = sql.select_groups(id=user_group_id1)
for g in groups:
if g.group_id == int(user_group_id1):
if kwargs.get('id'):
user_group = g.group_id
else:
user_group = g.name
except Exception: except Exception:
user_group = '' pass
if user_group == '' or param == 'lists_path' or param == 'ssl_local_path': if user_group == '' or param == 'lists_path' or param == 'ssl_local_path':
user_group = 1 user_group = 1
@ -837,9 +848,6 @@ def get_slack_by_id(slack_id):
def get_dick_permit(**kwargs): def get_dick_permit(**kwargs):
import os
import funct
if kwargs.get('username'): if kwargs.get('username'):
grp = kwargs.get('group_id') grp = kwargs.get('group_id')
else: else:
@ -851,10 +859,6 @@ def get_dick_permit(**kwargs):
except Exception: except Exception:
print('<meta http-equiv="refresh" content="0; url=/app/login.py">') print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
return return
if kwargs.get('token'):
token = kwargs.get('token')
else:
token = ''
only_group = kwargs.get('only_group') only_group = kwargs.get('only_group')
disable = 'enable = 1' disable = 'enable = 1'
@ -881,45 +885,35 @@ def get_dick_permit(**kwargs):
if kwargs.get('apache') or kwargs.get('service') == 'apache': if kwargs.get('apache') or kwargs.get('service') == 'apache':
apache = "and apache = 1" apache = "and apache = 1"
if funct.check_user_group(token=token): cursor = conn.cursor()
cursor = conn.cursor() try:
try: if mysql_enable == '1':
if mysql_enable == '1': if grp == '1' and not only_group:
if grp == '1' and not only_group: sql = """ select * from `servers` where {} {} {} {} {} {} {} order by `pos` asc""".format(
sql = """ select * from `servers` where {} {} {} {} {} {} {} order by `pos` asc""".format( disable, type_ip, nginx, haproxy, keepalived, apache, ip
disable, type_ip, nginx, haproxy, keepalived, apache, ip )
)
else:
sql = """ select * from `servers` where `groups` = {group} and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by `pos` asc
""".format(
group=grp, disable=disable, type_ip=type_ip, ip=ip, haproxy=haproxy, nginx=nginx,
keepalived=keepalived, apache=apache
)
else: else:
if grp == '1' and not only_group: sql = """ select * from `servers` where `groups` = {group} and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by `pos` asc
sql = """ select * from servers where {} {} {} {} {} {} {} order by pos""".format( """.format(
disable, type_ip, nginx, haproxy, keepalived, apache, ip group=grp, disable=disable, type_ip=type_ip, ip=ip, haproxy=haproxy, nginx=nginx, keepalived=keepalived, apache=apache
) )
else:
sql = """ select * from servers where groups = '{group}' and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by pos
""".format(
group=grp, disable=disable, type_ip=type_ip, ip=ip, haproxy=haproxy, nginx=nginx,
keepalived=keepalived, apache=apache
)
except Exception as e:
print(str(e))
print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
try:
cursor.execute(sql)
except Exception as e:
# out_error(e)
pass
else: else:
return cursor.fetchall() if grp == '1' and not only_group:
sql = """ select * from servers where {} {} {} {} {} {} {} order by pos""".format(disable, type_ip, nginx, haproxy, keepalived, apache, ip)
else:
sql = """ select * from servers where groups = '{group}' and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by pos
""".format(group=grp, disable=disable, type_ip=type_ip, ip=ip, haproxy=haproxy, nginx=nginx, keepalived=keepalived, apache=apache)
except Exception as e:
print(str(e))
print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
try:
cursor.execute(sql)
except Exception as e:
# out_error(e)
pass
else: else:
print('Atata!') return cursor.fetchall()
def is_master(ip, **kwargs): def is_master(ip, **kwargs):
@ -1768,33 +1762,27 @@ def select_apache_servers_metrics_for_master():
return query_res return query_res
def select_servers_metrics(): def select_servers_metrics(group_id):
import funct if group_id == 1:
group_id = funct.get_user_group(id=1) query = Server.select(Server.ip).where((Server.enable == 1) & (Server.metrics == 1))
if funct.check_user_group(): else:
if group_id == 1: query = Server.select(Server.ip).where(
query = Server.select(Server.ip).where((Server.enable == 1) & (Server.metrics == 1)) (Server.enable == 1) & (Server.groups == group_id) & (Server.metrics == 1))
else: try:
query = Server.select(Server.ip).where( query_res = query.execute()
(Server.enable == 1) & (Server.groups == group_id) & (Server.metrics == 1)) except Exception as e:
try: out_error(e)
query_res = query.execute() else:
except Exception as e: return query_res
out_error(e)
else:
return query_res
def select_table_metrics(): def select_table_metrics(group_id):
import funct
cursor = conn.cursor() cursor = conn.cursor()
group_id = funct.get_user_group(id=1)
if funct.check_user_group(): if group_id == 1:
if group_id == 1: groups = ""
groups = "" else:
else: groups = "and servers.groups = '{group}' ".format(group=group_id)
groups = "and servers.groups = '{group}' ".format(group=group_id)
if mysql_enable == '1': if mysql_enable == '1':
sql = """ sql = """
select ip.ip, hostname, avg_sess_1h, avg_sess_24h, avg_sess_3d, max_sess_1h, max_sess_24h, max_sess_3d, select ip.ip, hostname, avg_sess_1h, avg_sess_24h, avg_sess_3d, max_sess_1h, max_sess_24h, max_sess_3d,
@ -1994,19 +1982,16 @@ def select_table_metrics():
return cursor.fetchall() return cursor.fetchall()
def select_service_table_metrics(service): def select_service_table_metrics(service: str, group_id: int):
import funct
cursor = conn.cursor() cursor = conn.cursor()
group_id = funct.get_user_group(id=1)
if service in ('nginx', 'apache'): if service in ('nginx', 'apache'):
metrics_table = f'{service}_metrics' metrics_table = f'{service}_metrics'
if funct.check_user_group(): if group_id == 1:
if group_id == 1: groups = ""
groups = "" else:
else: groups = "and servers.groups = '{group}' ".format(group=group_id)
groups = "and servers.groups = '{group}' ".format(group=group_id)
if mysql_enable == '1': if mysql_enable == '1':
sql = """ sql = """
select ip.ip, hostname, avg_cur_1h, avg_cur_24h, avg_cur_3d, max_con_1h, max_con_24h, max_con_3d from select ip.ip, hostname, avg_cur_1h, avg_cur_24h, avg_cur_3d, max_con_1h, max_con_24h, max_con_3d from
@ -2120,18 +2105,14 @@ def select_service_table_metrics(service):
return cursor.fetchall() return cursor.fetchall()
def update_setting(param, val): def update_setting(param: str, val: str, user_group: int) -> bool:
import funct query = Setting.update(value=val).where((Setting.param == param) & (Setting.group == user_group))
user_group = funct.get_user_group(id=1) try:
query.execute()
if funct.check_user_group(): return True
query = Setting.update(value=val).where((Setting.param == param) & (Setting.group == user_group)) except Exception as e:
try: out_error(e)
query.execute() return False
return True
except Exception as e:
out_error(e)
return False
def get_ver(): def get_ver():
@ -2416,10 +2397,7 @@ def insert_smon(server, port, enable, proto, uri, body, group, desc, telegram, s
def select_smon(user_group, **kwargs): def select_smon(user_group, **kwargs):
import funct
cursor = conn.cursor() cursor = conn.cursor()
funct.check_user_group()
if user_group == 1: if user_group == 1:
user_group = '' user_group = ''
@ -2465,10 +2443,6 @@ def select_smon_by_id(last_id):
def delete_smon(smon_id, user_group): def delete_smon(smon_id, user_group):
import funct
funct.check_user_group()
query = SMON.delete().where((SMON.id == smon_id) & (SMON.user_group == user_group)) query = SMON.delete().where((SMON.id == smon_id) & (SMON.user_group == user_group))
try: try:
query.execute() query.execute()
@ -2480,9 +2454,6 @@ def delete_smon(smon_id, user_group):
def update_smon(smon_id, ip, port, body, telegram, slack, group, desc, en): def update_smon(smon_id, ip, port, body, telegram, slack, group, desc, en):
import funct
funct.check_user_group()
query = (SMON.update( query = (SMON.update(
ip=ip, port=port, body=body, telegram_channel_id=telegram, slack_channel_id=slack, group=group, desc=desc, en=en ip=ip, port=port, body=body, telegram_channel_id=telegram, slack_channel_id=slack, group=group, desc=desc, en=en
).where(SMON.id == smon_id)) ).where(SMON.id == smon_id))

2
app/modules/roxy_wi_tools.py
View File

@ -63,4 +63,4 @@ class Tools:
import hashlib import hashlib
h = hashlib.md5(need_hashed.encode('utf-8')) h = hashlib.md5(need_hashed.encode('utf-8'))
p = h.hexdigest() p = h.hexdigest()
return p return p

1
app/modules/roxywi/__init__.py Normal file
View File

@ -0,0 +1 @@
NAME = 'roxy-wi-service-modules'

56
app/modules/roxywi/auth.py Normal file
View File

@ -0,0 +1,56 @@
import os
import http.cookies
import modules.db.sql as sql
def check_login(user_uuid, token, **kwargs):
if user_uuid is None:
print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
ref = os.environ.get("REQUEST_URI")
try:
sql.delete_old_uuid()
except Exception as e:
raise Exception(f'error: cannot connect to DB {e}')
if user_uuid is not None:
if sql.get_user_name_by_uuid(user_uuid.value) is None:
print(f'<meta http-equiv="refresh" content="0; url=login.py?ref={ref}">')
return False
if kwargs.get('service'):
required_service = str(kwargs.get('service'))
user_id = sql.get_user_id_by_uuid(user_uuid.value)
user_services = sql.select_user_services(user_id)
if required_service in user_services:
return True
else:
print('<meta http-equiv="refresh" content="0; url=overview.py">')
return False
sql.update_last_act_user(user_uuid.value, token)
else:
print(f'<meta http-equiv="refresh" content="0; url=login.py?ref={ref}">')
return False
def is_admin(level=1):
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_id = cookie.get('uuid')
try:
role = sql.get_user_role_by_uuid(user_id.value)
except Exception:
role = 4
pass
try:
return True if role <= level else False
except Exception:
return False
def page_for_admin(level=1) -> None:
if not is_admin(level=level):
print('<meta http-equiv="refresh" content="0; url=/">')
return

276
app/modules/roxywi/common.py Normal file
View File

@ -0,0 +1,276 @@
import os
import glob
import http.cookies
import distro
import modules.db.sql as sql
import modules.common.common as common
import modules.roxy_wi_tools as roxy_wi_tools
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
get_config_var = roxy_wi_tools.GetConfigVar()
form = common.form
serv = common.is_ip_or_dns(form.getvalue('serv'))
def get_user_group(**kwargs) -> str:
user_group = ''
try:
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_group_id = cookie.get('group')
user_group_id1 = user_group_id.value
groups = sql.select_groups(id=user_group_id1)
for g in groups:
if g.group_id == int(user_group_id1):
if kwargs.get('id'):
user_group = g.group_id
else:
user_group = g.name
except Exception:
check_user_group()
return user_group
def check_user_group(**kwargs):
if kwargs.get('token') is not None:
return True
if kwargs.get('user_uuid'):
group_id = kwargs.get('user_group_id')
user_uuid = kwargs.get('user_uuid')
user_id = sql.get_user_id_by_uuid(user_uuid)
else:
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_uuid = cookie.get('uuid')
group = cookie.get('group')
group_id = group.value
user_id = sql.get_user_id_by_uuid(user_uuid.value)
if sql.check_user_group(user_id, group_id):
return True
else:
logging('Roxy-WI server', ' has tried to actions in not his group ', roxywi=1, login=1)
try:
ref = os.environ.get("REQUEST_URI").split('&')[0]
except Exception:
ref = os.environ.get("REQUEST_URI")
ref = common.checkAjaxInput(ref)
print(f'<meta http-equiv="refresh" content="0; url={ref}">')
return False
def get_user_id(**kwargs):
if kwargs.get('login'):
return sql.get_user_id_by_username(kwargs.get('login'))
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_uuid = cookie.get('uuid')
if user_uuid is not None:
user_id = sql.get_user_id_by_uuid(user_uuid.value)
return user_id
def check_is_server_in_group(server_ip: str) -> bool:
group_id = get_user_group(id=1)
servers = sql.select_servers(server=server_ip)
for s in servers:
if (s[2] == server_ip and int(s[3]) == int(group_id)) or group_id == 1:
return True
else:
logging('Roxy-WI server', ' has tried to actions in not his group server ', roxywi=1, login=1)
try:
ref = os.environ.get("REQUEST_URI").split('&')[0]
except Exception:
ref = os.environ.get("REQUEST_URI")
ref = common.checkAjaxInput(ref)
print(f'<meta http-equiv="refresh" content="0; url={ref}">')
return False
def get_files(folder=None, file_format='cfg') -> list:
if folder is None:
folder = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')
if file_format == 'log':
file = []
else:
file = set()
return_files = set()
i = 0
for files in sorted(glob.glob(os.path.join(folder, f'*.{file_format}*'))):
if file_format == 'log':
try:
file += [(i, files.split('/')[4])]
except Exception as e:
print(e)
else:
file.add(files.split('/')[-1])
i += 1
files = file
if file_format == 'cfg' or file_format == 'conf':
for file in files:
ip = file.split("-")
if serv == ip[0]:
return_files.add(file)
return sorted(return_files, reverse=True)
else:
return file
def logging(server_ip: str, action: str, **kwargs) -> None:
login = ''
cur_date = get_date.return_date('logs')
cur_date_in_log = get_date.return_date('date_in_log')
log_path = get_config_var.get_config_var('main', 'log_path')
if not os.path.exists(log_path):
os.makedirs(log_path)
try:
user_group = get_user_group()
except Exception:
user_group = ''
try:
ip = cgi.escape(os.environ["REMOTE_ADDR"])
except Exception:
ip = ''
try:
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_uuid = cookie.get('uuid')
login = sql.get_user_name_by_uuid(user_uuid.value)
except Exception:
login_name = kwargs.get('login')
try:
if len(login_name) > 1:
login = kwargs.get('login')
except Exception:
login = ''
try:
if distro.id() == 'ubuntu':
os.system('sudo chown www-data:www-data -R ' + log_path)
else:
os.system('sudo chown apache:apache -R ' + log_path)
except Exception:
pass
if kwargs.get('roxywi') == 1:
if kwargs.get('login'):
mess = f"{cur_date_in_log} from {ip} user: {login}, group: {user_group}, {action} on: {server_ip}\n"
if kwargs.get('keep_history'):
try:
keep_action_history(kwargs.get('service'), action, server_ip, login, ip)
except Exception as e:
print(str(e))
else:
mess = f"{cur_date_in_log} {action} from {ip}\n"
log_file = f"{log_path}/roxy-wi-{cur_date}.log"
elif kwargs.get('provisioning') == 1:
mess = f"{cur_date_in_log} from {ip} user: {login}, group: {user_group}, {action}\n"
log_file = f"{log_path}/provisioning-{cur_date}.log"
else:
mess = f"{cur_date_in_log} from {ip} user: {login}, group: {user_group}, {action} on: {server_ip}\n"
log_file = f"{log_path}/config_edit-{cur_date}.log"
if kwargs.get('keep_history'):
keep_action_history(kwargs.get('service'), action, server_ip, login, ip)
try:
with open(log_file, 'a') as log:
log.write(mess)
except IOError as e:
print(f'<center><div class="alert alert-danger">Cannot write log. Please check log_path in config {e}</div></center>')
def keep_action_history(service: str, action: str, server_ip: str, login: str, user_ip: str):
try:
server_id = sql.select_server_id_by_ip(server_ip=server_ip)
if login != '':
user_id = sql.get_user_id_by_username(login)
else:
user_id = 0
if user_ip == '':
user_ip = 'localhost'
sql.insert_action_history(service, action, server_id, user_id, user_ip)
except Exception as e:
logging('Roxy-WI server', f'Cannot save a history: {e}', roxywi=1)
def get_dick_permit(**kwargs):
if kwargs.get('token'):
token = kwargs.get('token')
else:
token = ''
if check_user_group(token=token):
return sql.get_dick_permit(**kwargs)
else:
print('Atata!')
def get_users_params(**kwargs):
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
try:
user_uuid = cookie.get('uuid')
user = sql.get_user_name_by_uuid(user_uuid.value)
except Exception:
print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
return
try:
role = sql.get_user_role_by_uuid(user_uuid.value)
except Exception:
print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
return
try:
user_id = sql.get_user_id_by_uuid(user_uuid.value)
user_services = sql.select_user_services(user_id)
token = sql.get_token(user_uuid.value)
except Exception:
print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
return
if kwargs.get('virt') and kwargs.get('haproxy'):
servers = get_dick_permit(virt=1, haproxy=1)
elif kwargs.get('virt'):
servers = get_dick_permit(virt=1)
elif kwargs.get('disable'):
servers = get_dick_permit(disable=0)
elif kwargs.get('haproxy'):
servers = get_dick_permit(haproxy=1)
elif kwargs.get('service'):
servers = get_dick_permit(service=kwargs.get('service'))
else:
servers = get_dick_permit()
user_params = {
'user': user,
'user_uuid': user_uuid,
'role': role,
'token': token,
'servers': servers,
'user_services': user_services
}
return user_params
def return_user_status() -> dict:
user_subscription = {}
user_subscription.setdefault('user_status', sql.select_user_status())
user_subscription.setdefault('user_plan', sql.select_user_plan())
return user_subscription
def return_unsubscribed_user_status() -> dict:
user_subscription = {'user_status': 0, 'user_plan': 0}
return user_subscription

150
app/modules/roxywi/logs.py Normal file
View File

@ -0,0 +1,150 @@
import re
import modules.db.sql as sql
import modules.server.server as server_mod
from modules.common.common import checkAjaxInput
from modules.common.common import form
import modules.roxy_wi_tools as roxy_wi_tools
import modules.roxywi.common as roxywi_common
get_config_var = roxy_wi_tools.GetConfigVar()
def roxy_wi_log(**kwargs) -> list:
log_path = get_config_var.get_config_var('main', 'log_path')
if kwargs.get('log_id'):
selects = roxywi_common.get_files(log_path, "log")
for key, value in selects:
log_file = f"{kwargs.get('file')}.log"
if log_file == value:
return key
else:
user_group_id = roxywi_common.get_user_group(id=1)
if user_group_id != 1:
user_group = roxywi_common.get_user_group()
group_grep = f'|grep "group: {user_group}"'
else:
group_grep = ''
cmd = f"find {log_path}/roxy-wi-* -type f -exec stat --format '%Y :%y %n' '{{}}' \; | sort -nr | cut -d: -f2- " \
f"| head -1 |awk '{{print $4}}' |xargs tail {group_grep}|sort -r"
try:
output, stderr = server_mod.subprocess_execute(cmd)
return output
except Exception:
return ['']
def show_log(stdout, **kwargs):
i = 0
out = ''
grep = ''
if kwargs.get('grep'):
grep = kwargs.get('grep')
grep = re.sub(r'[?|$|.|!|^|*|\]|\[|,| |]', r'', grep)
for line in stdout:
i = i + 1
if kwargs.get('grep'):
line = line.replace(grep, f'<span style="color: red; font-weight: bold;">{grep}</span>')
line_class = "line3" if i % 2 == 0 else "line"
out += f'<div class="{line_class}">{line}</div>'
return out
def show_roxy_log(
serv, rows='10', waf='0', grep=None, hour='00',
minut='00', hour1='24', minut1='00', service='haproxy', **kwargs
) -> str:
exgrep = form.getvalue('exgrep')
log_file = form.getvalue('file')
date = checkAjaxInput(hour) + ':' + checkAjaxInput(minut)
date1 = checkAjaxInput(hour1) + ':' + checkAjaxInput(minut1)
rows = checkAjaxInput(rows)
waf = checkAjaxInput(waf)
cmd = ''
awk_column = 3
if grep is not None:
grep_act = '|egrep "%s"' % checkAjaxInput(grep)
else:
grep_act = ''
if exgrep is not None:
exgrep_act = '|egrep -v "%s"' % checkAjaxInput(exgrep)
else:
exgrep_act = ''
log_file = checkAjaxInput(log_file) if log_file is not None else log_file
if service in ('nginx', 'haproxy', 'apache', 'keepalived'):
syslog_server_enable = sql.get_setting('syslog_server_enable')
if syslog_server_enable is None or syslog_server_enable == 0:
if service == 'nginx':
local_path_logs = sql.get_setting('nginx_path_logs')
commands = ["sudo cat %s/%s |tail -%s %s %s" % (local_path_logs, log_file, rows, grep_act, exgrep_act)]
elif service == 'apache':
local_path_logs = sql.get_setting('apache_path_logs')
commands = [
"sudo cat %s/%s| awk -F\"/|:\" '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act)
]
elif service == 'keepalived':
local_path_logs = sql.get_setting('keepalived_path_logs')
commands = [
"sudo cat %s/%s| awk '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (
local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act)
]
else:
local_path_logs = sql.get_setting('haproxy_path_logs')
commands = ["sudo cat %s/%s| awk '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act)]
syslog_server = serv
else:
commands = ["sudo cat /var/log/%s/syslog.log | sed '/ %s:00/,/ %s:00/! d' |tail -%s %s %s %s" % (serv, date, date1, rows, grep_act, grep, exgrep_act)]
syslog_server = sql.get_setting('syslog_server')
if waf == "1":
local_path_logs = '/var/log/waf.log'
commands = ["sudo cat %s |tail -%s %s %s" % (local_path_logs, rows, grep_act, exgrep_act)]
if kwargs.get('html') == 0:
a = server_mod.ssh_command(syslog_server, commands)
return show_log(a, html=0, grep=grep)
else:
return server_mod.ssh_command(syslog_server, commands, show_log='1', grep=grep)
elif service == 'apache_internal':
apache_log_path = sql.get_setting('apache_log_path')
if serv == 'roxy-wi.access.log':
cmd = 'sudo cat {}| awk -F"/|:" \'$3>"{}:00" && $3<"{}:00"\' |tail -{} {} {}'.format(apache_log_path + "/" + serv, date, date1, rows, grep_act, exgrep_act)
elif serv == 'roxy-wi.error.log':
cmd = "sudo cat {}| awk '$4>\"{}:00\" && $4<\"{}:00\"' |tail -{} {} {}".format(apache_log_path + "/" + serv, date, date1, rows, grep_act, exgrep_act)
elif serv == 'fail2ban.log':
cmd = 'sudo cat {}| awk -F"/|:" \'$3>"{}:00" && $3<"{}:00\' |tail -{} {} {}'.format("/var/log/" + serv, date, date1, rows, grep_act, exgrep_act)
output, stderr = server_mod.subprocess_execute(cmd)
return show_log(output, grep=grep)
elif service == 'internal':
log_path = get_config_var.get_config_var('main', 'log_path')
logs_files = roxywi_common.get_files(log_path, "log")
user_group = roxywi_common.get_user_group()
user_grep = ''
if user_group != '' and user_group != 'Default':
user_grep = f"|grep 'group: {user_group}'"
for key, value in logs_files:
if int(serv) == key:
serv = value
break
else:
return 'Haha'
if serv == 'backup.log':
awk_column = 2
cmd = f"cat {log_path}/{serv}| awk '${awk_column}>\"{date}:00\" && ${awk_column}<\"{date1}:00\"' {user_grep} {grep_act} {exgrep_act} |tail -{rows}"
output, stderr = server_mod.subprocess_execute(cmd)
return show_log(output, grep=grep)

181
app/modules/roxywi/roxy.py Normal file
View File

@ -0,0 +1,181 @@
import os
import re
import distro
import modules.db.sql as sql
import modules.server.server as server_mod
import modules.roxywi.common as roxywi_common
def is_docker() -> bool:
path = "/proc/self/cgroup"
if not os.path.isfile(path):
return False
with open(path) as f:
for line in f:
if re.match("\d+:[\w=]+:/docker(-[ce]e)?/\w+", line):
return True
return False
def update_roxy_wi(service):
restart_service = ''
if distro.id() == 'ubuntu':
try:
if service == 'roxy-wi-keep_alive':
service = 'roxy-wi-keep-alive'
except Exception:
pass
if service != 'roxy-wi':
restart_service = f'&& sudo systemctl restart {service}'
cmd = f'sudo -S apt-get update && sudo apt-get install {service} {restart_service}'
else:
if service != 'roxy-wi':
restart_service = f'&& sudo systemctl restart {service}'
cmd = f'sudo -S yum -y install {service} {restart_service}'
output, stderr = server_mod.subprocess_execute(cmd)
print(output)
print(stderr)
def check_ver():
return sql.get_ver()
def versions():
try:
current_ver = check_ver()
current_ver_without_dots = current_ver.split('.')
current_ver_without_dots = ''.join(current_ver_without_dots)
current_ver_without_dots = current_ver_without_dots.replace('\n', '')
if len(current_ver_without_dots) == 2:
current_ver_without_dots += '00'
if len(current_ver_without_dots) == 3:
current_ver_without_dots += '0'
current_ver_without_dots = int(current_ver_without_dots)
except Exception:
current_ver = "Sorry cannot get current version"
current_ver_without_dots = 0
try:
new_ver = check_new_version('roxy-wi')
new_ver_without_dots = new_ver.split('.')
new_ver_without_dots = ''.join(new_ver_without_dots)
new_ver_without_dots = new_ver_without_dots.replace('\n', '')
if len(new_ver_without_dots) == 2:
new_ver_without_dots += '00'
if len(new_ver_without_dots) == 3:
new_ver_without_dots += '0'
new_ver_without_dots = int(new_ver_without_dots)
except Exception as e:
new_ver = "Cannot get a new version"
new_ver_without_dots = 0
roxywi_common.logging('Roxy-WI server', f' {e}', roxywi=1)
return current_ver, new_ver, current_ver_without_dots, new_ver_without_dots
def get_services_status():
services = []
is_in_docker = is_docker()
services_name = {
'roxy-wi-checker': 'Checker is designed for monitoring HAProxy, NGINX, Apache and Keepalived services as well as HAProxy backends and maxconn',
'roxy-wi-keep_alive': ' The Auto Start service allows to restart the HAProxy, NGINX, Apache and Keepalived services if they are down',
'roxy-wi-metrics': 'Collects number of connections for HAProxy, NGINX, Apache and HAProxy WAF services',
'roxy-wi-portscanner': 'Probes and saves a server or host for open ports',
'roxy-wi-smon': 'SMON stands for <b>S</b>imple <b>MON</b>itoring',
'roxy-wi-socket': 'Socket is a service for sending alerts and notifications',
'roxy-wi-prometheus-exporter': 'Prometheus exporter',
'prometheus': 'Prometheus service',
'grafana-server': 'Grafana service',
'fail2ban': 'Fail2ban service',
'rabbitmq-server': 'Message broker service'
}
for s, v in services_name.items():
if is_in_docker:
cmd = f"sudo supervisorctl status {s}|awk '{{print $2}}'"
else:
cmd = f"systemctl is-active {s}"
status, stderr = server_mod.subprocess_execute(cmd)
if s != 'roxy-wi-keep_alive':
service_name = s.split('_')[0]
if s == 'grafana-server':
service_name = 'grafana'
elif s == 'roxy-wi-keep_alive' and distro.id() == 'ubuntu':
service_name = 'roxy-wi-keep-alive'
else:
service_name = s
if service_name == 'prometheus':
cmd = "prometheus --version 2>&1 |grep prometheus|awk '{print $3}'"
else:
if distro.id() == 'ubuntu':
cmd = f"apt list --installed 2>&1 |grep {service_name}|awk '{{print $2}}'|sed 's/-/./'"
else:
cmd = f"rpm -q {service_name}|awk -F\"{service_name}\" '{{print $2}}' |awk -F\".noa\" '{{print $1}}' |sed 's/-//1' |sed 's/-/./'"
service_ver, stderr = server_mod.subprocess_execute(cmd)
try:
if service_ver[0] == 'command' or service_ver[0] == 'prometheus:':
service_ver[0] = ''
except Exception:
pass
try:
services.append([s, status, v, service_ver[0]])
except Exception:
services.append([s, status, v, ''])
return services
def check_new_version(service):
import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.retry import Retry
current_ver = check_ver()
proxy = sql.get_setting('proxy')
res = ''
user_name = sql.select_user_name()
retry_strategy = Retry(
total=3,
status_forcelist=[429, 500, 502, 503, 504],
method_whitelist=["HEAD", "GET", "OPTIONS"]
)
adapter = HTTPAdapter(max_retries=retry_strategy)
roxy_wi_get_plan = requests.Session()
roxy_wi_get_plan.mount("https://", adapter)
try:
if proxy is not None and proxy != '' and proxy != 'None':
proxy_dict = {"https": proxy, "http": proxy}
response = requests.get(f'https://roxy-wi.org/version/get/{service}', timeout=1, proxies=proxy_dict)
if service == 'roxy-wi':
requests.get(f'https://roxy-wi.org/version/send/{current_ver}', timeout=1, proxies=proxy_dict)
roxy_wi_get_plan = requests.get(f'https://roxy-wi.org/user-name/{user_name}', timeout=1, proxies=proxy_dict)
else:
response = requests.get(f'https://roxy-wi.org/version/get/{service}', timeout=1)
if service == 'roxy-wi':
requests.get(f'https://roxy-wi.org/version/send/{current_ver}', timeout=1)
roxy_wi_get_plan = requests.get(f'https://roxy-wi.org/user-name/{user_name}', timeout=1)
res = response.content.decode(encoding='UTF-8')
if service == 'roxy-wi':
try:
status = roxy_wi_get_plan.content.decode(encoding='UTF-8')
status = status.split(' ')
sql.update_user_status(status[0], status[1].strip(), status[2].strip())
except Exception:
pass
except requests.exceptions.RequestException as e:
roxywi_common.logging('Roxy-WI server', f' {e}', roxywi=1)
return res

1
app/modules/server/__init__.py Normal file
View File

@ -0,0 +1 @@
NAME = 'roxy-wi-server-modules'

345
app/modules/server/server.py Normal file
View File

@ -0,0 +1,345 @@
import json
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.common as roxywi_common
from modules.server import ssh_connection
import modules.roxy_wi_tools as roxy_wi_tools
get_config_var = roxy_wi_tools.GetConfigVar()
def return_ssh_keys_path(server_ip: str, **kwargs) -> dict:
lib_path = get_config_var.get_config_var('main', 'lib_path')
ssh_settings = {}
if kwargs.get('id'):
sshs = sql.select_ssh(id=kwargs.get('id'))
else:
sshs = sql.select_ssh(serv=server_ip)
for ssh in sshs:
ssh_settings.setdefault('enabled', ssh.enable)
ssh_settings.setdefault('user', ssh.username)
ssh_settings.setdefault('password', ssh.password)
ssh_key = f'{lib_path}/keys/{ssh.name}.pem' if ssh.enable == 1 else ''
ssh_settings.setdefault('key', ssh_key)
ssh_port = [str(server[10]) for server in sql.select_servers(server=server_ip)]
ssh_settings.setdefault('port', ssh_port[0])
return ssh_settings
def ssh_connect(server_ip):
ssh_settings = return_ssh_keys_path(server_ip)
ssh = ssh_connection.SshConnection(server_ip, ssh_settings['port'], ssh_settings['user'],
ssh_settings['password'], ssh_settings['enabled'], ssh_settings['key'])
return ssh
def ssh_command(server_ip: str, commands: list, **kwargs):
if server_ip == '':
return 'error: IP cannot be empty'
with ssh_connect(server_ip) as ssh:
for command in commands:
try:
stdin, stdout, stderr = ssh.run_command(command)
except Exception as e:
roxywi_common.logging('Roxy-WI server', f' Something wrong with SSH connection. Probably sudo with password {e}', roxywi=1)
return str(e)
try:
if kwargs.get('raw'):
return stdout.readlines()
if kwargs.get("ip") == "1":
show_ip(stdout)
elif kwargs.get("show_log") == "1":
import modules.roxywi.logs as roxywi_logs
return roxywi_logs.show_log(stdout, grep=kwargs.get("grep"))
elif kwargs.get('return_err') == 1:
return stderr.read().decode(encoding='UTF-8')
else:
return stdout.read().decode(encoding='UTF-8')
except Exception as e:
roxywi_common.logging('Roxy-WI server', f' Something wrong with SSH connection. Probably sudo with password {e}', roxywi=1)
for line in stderr.readlines():
if line:
print(f'error: {line}')
roxywi_common.logging('Roxy-WI server', f' {line}', roxywi=1)
def subprocess_execute(cmd):
import subprocess
p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True, universal_newlines=True)
stdout, stderr = p.communicate()
output = stdout.splitlines()
return output, stderr
def is_file_exists(server_ip: str, file: str) -> bool:
cmd = [f'[ -f {file} ] && echo yes || echo no']
out = ssh_command(server_ip, cmd)
return True if 'yes' in out else False
def is_service_active(server_ip: str, service_name: str) -> bool:
cmd = [f'systemctl is-active {service_name}']
out = ssh_command(server_ip, cmd)
out = out.strip()
return True if 'active' == out else False
def get_remote_files(server_ip: str, config_dir: str, file_format: str):
config_dir = common.return_nice_path(config_dir)
if file_format == 'conf':
commands = [f'sudo ls {config_dir}*/*.{file_format}']
else:
commands = [f'sudo ls {config_dir}|grep {file_format}$']
config_files = ssh_command(server_ip, commands)
return config_files
def show_ip(stdout):
for line in stdout:
if "Permission denied" in line:
print(f'error: {line}')
else:
print(line)
def get_system_info(server_ip: str) -> str:
server_ip = common.is_ip_or_dns(server_ip)
if server_ip == '':
return 'error: IP cannot be empty'
server_id = sql.select_server_id_by_ip(server_ip)
command = ["sudo lshw -quiet -json"]
try:
sys_info_returned = ssh_command(server_ip, command)
except Exception as e:
raise e
command = ['sudo hostnamectl |grep "Operating System"|awk -F":" \'{print $2}\'']
try:
os_info = ssh_command(server_ip, command)
except Exception as e:
raise e
os_info = os_info.strip()
system_info = json.loads(sys_info_returned)
sys_info = {'hostname': system_info['id'], 'family': ''}
cpu = {'cpu_model': '', 'cpu_core': 0, 'cpu_thread': 0, 'hz': 0}
network = {}
ram = {'slots': 0, 'size': 0}
disks = {}
try:
sys_info['family'] = system_info['configuration']['family']
except Exception:
pass
for i in system_info['children']:
if i['class'] == 'network':
try:
ip = i['configuration']['ip']
except Exception:
ip = ''
network[i['logicalname']] = {
'description': i['description'],
'mac': i['serial'],
'ip': ip
}
for k, j in i.items():
if isinstance(j, list):
for b in j:
try:
if b['class'] == 'processor':
cpu['cpu_model'] = b['product']
cpu['cpu_core'] += 1
cpu['hz'] = round(int(b['capacity']) / 1000000)
try:
cpu['cpu_thread'] += int(b['configuration']['threads'])
except Exception:
cpu['cpu_thread'] = 1
except Exception:
pass
try:
if b['id'] == 'memory':
ram['size'] = round(b['size'] / 1073741824)
for memory in b['children']:
ram['slots'] += 1
except Exception:
pass
try:
if b['class'] == 'storage':
for p, pval in b.items():
if isinstance(pval, list):
for disks_info in pval:
for volume_info in disks_info['children']:
if isinstance(volume_info['logicalname'], list):
volume_name = volume_info['logicalname'][0]
mount_point = volume_info['logicalname'][1]
size = round(volume_info['capacity'] / 1073741824)
size = str(size) + 'Gb'
fs = volume_info['configuration']['mount.fstype']
state = volume_info['configuration']['state']
disks[volume_name] = {
'mount_point': mount_point,
'size': size,
'fs': fs,
'state': state
}
except Exception:
pass
try:
if b['class'] == 'bridge':
if 'children' in b:
for s in b['children']:
if s['class'] == 'network':
if 'children' in s:
for net in s['children']:
network[net['logicalname']] = {
'description': net['description'],
'mac': net['serial']
}
if s['class'] == 'storage':
for p, pval in s.items():
if isinstance(pval, list):
for disks_info in pval:
if 'children' in disks_info:
for volume_info in disks_info['children']:
if isinstance(volume_info['logicalname'], dict):
volume_name = volume_info['logicalname'][0]
mount_point = volume_info['logicalname'][1]
size = round(volume_info['size'] / 1073741824)
size = str(size) + 'Gb'
fs = volume_info['configuration']['mount.fstype']
state = volume_info['configuration']['state']
disks[volume_name] = {
'mount_point': mount_point,
'size': size,
'fs': fs,
'state': state
}
for z, n in s.items():
if isinstance(n, list):
for y in n:
if y['class'] == 'network':
try:
for q in y['children']:
try:
ip = q['configuration']['ip']
except Exception:
ip = ''
network[q['logicalname']] = {
'description': q['description'],
'mac': q['serial'],
'ip': ip}
except Exception:
try:
network[y['logicalname']] = {
'description': y['description'],
'mac': y['serial'],
'ip': y['configuration']['ip']}
except Exception:
pass
if y['class'] == 'disk':
try:
for q in y['children']:
try:
if isinstance(q['logicalname'], list):
volume_name = q['logicalname'][0]
mount_point = q['logicalname'][1]
size = round(q['capacity'] / 1073741824)
size = str(size) + 'Gb'
fs = q['configuration']['mount.fstype']
state = q['configuration']['state']
disks[volume_name] = {
'mount_point': mount_point,
'size': size,
'fs': fs,
'state': state
}
except Exception as e:
print(e)
except Exception:
pass
if y['class'] == 'storage' or y['class'] == 'generic':
try:
for q in y['children']:
for o in q['children']:
try:
volume_name = o['logicalname']
mount_point = ''
size = round(o['size'] / 1073741824)
size = str(size) + 'Gb'
fs = ''
state = ''
disks[volume_name] = {
'mount_point': mount_point,
'size': size,
'fs': fs,
'state': state
}
except Exception:
pass
for w in o['children']:
try:
if isinstance(w['logicalname'], list):
volume_name = w['logicalname'][0]
mount_point = w['logicalname'][1]
try:
size = round(w['size'] / 1073741824)
size = str(size) + 'Gb'
except Exception:
size = ''
fs = w['configuration']['mount.fstype']
state = w['configuration']['state']
disks[volume_name] = {
'mount_point': mount_point,
'size': size,
'fs': fs,
'state': state
}
except Exception:
pass
except Exception:
pass
try:
for q, qval in y.items():
if isinstance(qval, list):
for o in qval:
for w in o['children']:
if isinstance(w['logicalname'], list):
volume_name = w['logicalname'][0]
mount_point = w['logicalname'][1]
size = round(w['size'] / 1073741824)
size = str(size) + 'Gb'
fs = w['configuration']['mount.fstype']
state = w['configuration']['state']
disks[volume_name] = {
'mount_point': mount_point,
'size': size,
'fs': fs,
'state': state
}
except Exception:
pass
except Exception:
pass
try:
sql.insert_system_info(server_id, os_info, sys_info, cpu, ram, network, disks)
except Exception as e:
raise e

0
app/modules/ssh_connection.py → app/modules/server/ssh_connection.py
View File

1
app/modules/service/__init__.py Normal file
View File

@ -0,0 +1 @@
NAME = 'roxy-wi-service-modules'

115
app/modules/service/common.py Normal file
View File

@ -0,0 +1,115 @@
import os
import modules.db.sql as sql
import modules.common.common as common
import modules.server.server as server_mod
def check_haproxy_version(server_ip):
hap_sock_p = sql.get_setting('haproxy_sock_port')
ver = ""
cmd = f"echo 'show info' |nc {server_ip} {hap_sock_p} |grep Version |awk '{{print $2}}'"
output, stderr = roxywi_common.logging(cmd)
for line in output:
ver = line
return ver
def is_restarted(server_ip: str, action: str) -> None:
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_uuid = cookie.get('uuid')
user_role = sql.get_user_role_by_uuid(user_uuid.value)
if sql.is_serv_protected(server_ip) and int(user_role) > 2:
print(f'error: This server is protected. You cannot {action} it')
return
def is_not_allowed_to_restart(server_id: int, service: str) -> None:
is_restart = sql.select_service_setting(server_id, service, 'restart')
if int(is_restart) == 1:
print('warning: this service is not allowed to be restarted')
return
def get_exp_version(server_ip: str, service_name: str) -> str:
server_ip = common.is_ip_or_dns(server_ip)
if service_name == 'haproxy_exporter':
commands = ["/opt/prometheus/exporters/haproxy_exporter --version 2>&1 |head -1|awk '{print $3}'"]
elif service_name == 'nginx_exporter':
commands = ["/opt/prometheus/exporters/nginx_exporter 2>&1 |head -1 |awk -F\"=\" '{print $2}'|awk '{print $1}'"]
elif service_name == 'node_exporter':
commands = ["node_exporter --version 2>&1 |head -1|awk '{print $3}'"]
elif service_name == 'apache_exporter':
commands = ["/opt/prometheus/exporters/apache_exporter --version 2>&1 |head -1|awk '{print $3}'"]
ver = server_mod.ssh_command(server_ip, commands)
if ver != '':
return ver
else:
return 'no'
def get_correct_apache_service_name(server_ip=None, server_id=0) -> str:
if server_id is None:
server_id = sql.select_server_id_by_ip(server_ip)
try:
os_info = sql.select_os_info(server_id)
except Exception:
return 'error: cannot get server info'
if "CentOS" in os_info or "Redhat" in os_info:
return 'httpd'
else:
return 'apache2'
def server_status(stdout):
proc_count = ""
for line in stdout:
if "Ncat: " not in line:
for k in line:
try:
proc_count = k.split(":")[1]
except Exception:
proc_count = 1
else:
proc_count = 0
return proc_count
def check_haproxy_config(server_ip):
server_id = sql.select_server_id_by_ip(server_ip=server_ip)
is_dockerized = sql.select_service_setting(server_id, 'haproxy', 'dockerized')
config_path = sql.get_setting('haproxy_config_path')
if is_dockerized == '1':
container_name = sql.get_setting('haproxy_container_name')
commands = [f"sudo docker exec -it {container_name} haproxy -q -c -f {config_path}"]
else:
commands = [f"haproxy -q -c -f {config_path}"]
with server_mod.ssh_connect(server_ip) as ssh:
for command in commands:
stdin, stdout, stderr = ssh.run_command(command)
if not stderr.read():
return True
else:
return False
def check_nginx_config(server_ip):
commands = [f"nginx -q -t -p {sql.get_setting('nginx_dir')}"]
with server_mod.ssh_connect(server_ip) as ssh:
for command in commands:
stdin, stdout, stderr = ssh.run_command(command)
if not stderr.read():
return True
else:
return False

105
app/modules/service/exporter_installation.py Normal file
View File

@ -0,0 +1,105 @@
import os
import modules.db.sql as sql
import modules.common.common as common
import modules.server.server as server_mod
import modules.roxywi.common as roxywi_common
import modules.service.common as service_common
from modules.service.installation import show_installation_output
from modules.server.server import return_ssh_keys_path
form = common.form
def haproxy_exp_installation():
serv = form.getvalue('haproxy_exp_install')
ver = form.getvalue('exporter_v')
ext_prom = form.getvalue('ext_prom')
script = "install_haproxy_exporter.sh"
stats_port = sql.get_setting('stats_port')
server_state_file = sql.get_setting('server_state_file')
stats_user = sql.get_setting('stats_user')
stats_password = sql.get_setting('stats_password')
stat_page = sql.get_setting('stats_page')
proxy = sql.get_setting('proxy')
ssh_settings = return_ssh_keys_path(serv)
os.system(f"cp scripts/{script} .")
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
else:
proxy_serv = ''
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} STAT_PORT={stats_port} STAT_FILE={server_state_file}"
f" SSH_PORT={ssh_settings['port']} STAT_PAGE={stat_page} VER={ver} EXP_PROM={ext_prom} STATS_USER={stats_user}"
f" STATS_PASS='{stats_password}' HOST={serv} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}"
]
output, error = server_mod.subprocess_execute(commands[0])
show_installation_output(error, output, 'HAProxy exporter')
os.remove(script)
def nginx_apache_exp_installation():
if form.getvalue('nginx_exp_install'):
service = 'nginx'
elif form.getvalue('apache_exp_install'):
service = 'apache'
serv = common.is_ip_or_dns(form.getvalue('serv'))
ver = common.checkAjaxInput(form.getvalue('exporter_v'))
ext_prom = common.checkAjaxInput(form.getvalue('ext_prom'))
script = f"install_{service}_exporter.sh"
stats_user = sql.get_setting(f'{service}_stats_user')
stats_password = sql.get_setting(f'{service}_stats_password')
stats_port = sql.get_setting(f'{service}_stats_port')
stats_page = sql.get_setting(f'{service}_stats_page')
proxy = sql.get_setting('proxy')
proxy_serv = ''
ssh_settings = return_ssh_keys_path(serv)
os.system(f"cp scripts/{script} .")
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} STAT_PORT={stats_port} SSH_PORT={ssh_settings['port']} STAT_PAGE={stats_page}"
f" STATS_USER={stats_user} STATS_PASS='{stats_password}' HOST={serv} VER={ver} EXP_PROM={ext_prom} USER={ssh_settings['user']} "
f" PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}"
]
output, error = server_mod.subprocess_execute(commands[0])
show_installation_output(error, output, f'{service.title()} exporter')
os.remove(script)
def node_exp_installation():
serv = common.is_ip_or_dns(form.getvalue('node_exp_install'))
ver = common.checkAjaxInput(form.getvalue('exporter_v'))
ext_prom = common.checkAjaxInput(form.getvalue('ext_prom'))
script = "install_node_exporter.sh"
proxy = sql.get_setting('proxy')
proxy_serv = ''
ssh_settings = return_ssh_keys_path(serv)
os.system(f"cp scripts/{script} .")
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} VER={ver} EXP_PROM={ext_prom} "
f"HOST={serv} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}"
]
output, error = server_mod.subprocess_execute(commands[0])
show_installation_output(error, output, 'Node exporter')
os.remove(script)

394
app/modules/service/installation.py Normal file
View File

@ -0,0 +1,394 @@
import os
import modules.db.sql as sql
import modules.service.common as service_common
import modules.common.common as common
import modules.server.server as server_mod
import modules.roxywi.common as roxywi_common
from modules.server.server import return_ssh_keys_path
form = common.form
def show_installation_output(error: str, output: str, service: str) -> bool:
if error and "WARNING" not in error:
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
print('error: ' + error)
return False
else:
for line in output:
if any(s in line for s in ("Traceback", "FAILED", "error", "ERROR", "UNREACHABLE")):
try:
print(line)
break
except Exception:
print(output)
break
else:
print(f'success: {service} has been installed')
roxywi_common.logging('Roxy-WI server', error, roxywi=1, keep_history=1, service=service)
return True
def install_haproxy(server_ip: str, **kwargs):
script = "install_haproxy.sh"
hap_sock_p = str(sql.get_setting('haproxy_sock_port'))
stats_port = str(sql.get_setting('stats_port'))
server_state_file = sql.get_setting('server_state_file')
stats_user = sql.get_setting('stats_user')
stats_password = sql.get_setting('stats_password')
proxy = sql.get_setting('proxy')
haproxy_dir = sql.get_setting('haproxy_dir')
container_name = sql.get_setting('haproxy_container_name')
haproxy_ver = kwargs.get('hapver')
server_for_installing = kwargs.get('server')
docker = kwargs.get('docker')
proxy_serv = ''
ssh_settings = return_ssh_keys_path(server_ip)
os.system(f"cp scripts/{script} .")
if haproxy_ver is None:
haproxy_ver = '2.6.0-1'
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
syn_flood_protect = '1' if kwargs.get('syn_flood') == "1" else ''
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} SOCK_PORT={hap_sock_p} STAT_PORT={stats_port} "
f"STAT_FILE={server_state_file} DOCKER={docker} SSH_PORT={ssh_settings['port']} STATS_USER={stats_user} "
f"CONT_NAME={container_name} HAP_DIR={haproxy_dir} STATS_PASS='{stats_password}' HAPVER={haproxy_ver} "
f"SYN_FLOOD={syn_flood_protect} HOST={server_ip} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' "
f"KEY={ssh_settings['key']}"
]
output, error = server_mod.subprocess_execute(commands[0])
if server_for_installing:
service = server_for_installing + ' HAProxy'
else:
service = ' HAProxy'
if show_installation_output(error, output, service):
sql.update_haproxy(server_ip)
if docker == '1':
server_id = sql.select_server_id_by_ip(server_ip)
sql.insert_or_update_service_setting(server_id, 'haproxy', 'dockerized', '1')
sql.insert_or_update_service_setting(server_id, 'haproxy', 'restart', '1')
os.remove(script)
def waf_install(server_ip: str):
script = "waf.sh"
proxy = sql.get_setting('proxy')
haproxy_dir = sql.get_setting('haproxy_dir')
ver = service_common.check_haproxy_version(server_ip)
service = ' WAF'
proxy_serv = ''
ssh_settings = return_ssh_keys_path(server_ip)
os.system(f"cp scripts/{script} .")
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} HAPROXY_PATH={haproxy_dir} VERSION='{ver}' "
f"SSH_PORT={ssh_settings['port']} HOST={server_ip} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' "
f"KEY={ssh_settings['key']}"
]
output, error = server_mod.subprocess_execute(commands[0])
if show_installation_output(error, output, service):
sql.insert_waf_metrics_enable(server_ip, "0")
sql.insert_waf_rules(server_ip)
os.remove(script)
def waf_nginx_install(server_ip: str):
script = "waf_nginx.sh"
proxy = sql.get_setting('proxy')
nginx_dir = sql.get_setting('nginx_dir')
service = ' WAF'
proxy_serv = ''
ssh_settings = return_ssh_keys_path(server_ip)
os.system(f"cp scripts/{script} .")
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} NGINX_PATH={nginx_dir} SSH_PORT={ssh_settings['port']} "
f"HOST={server_ip} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}"
]
output, error = server_mod.subprocess_execute(commands[0])
if show_installation_output(error, output, service):
sql.insert_nginx_waf_rules(server_ip)
sql.insert_waf_nginx_server(server_ip)
os.remove(script)
def install_nginx(server_ip: str, **kwargs):
script = "install_nginx.sh"
stats_user = sql.get_setting('nginx_stats_user')
stats_password = sql.get_setting('nginx_stats_password')
stats_port = str(sql.get_setting('nginx_stats_port'))
stats_page = sql.get_setting('nginx_stats_page')
config_path = sql.get_setting('nginx_config_path')
nginx_dir = sql.get_setting('nginx_dir')
server_for_installing = kwargs.get('server')
proxy = sql.get_setting('proxy')
docker = kwargs.get('docker')
container_name = sql.get_setting('nginx_container_name')
proxy_serv = ''
ssh_settings = return_ssh_keys_path(server_ip)
os.system(f"cp scripts/{script} .")
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
syn_flood_protect = '1' if form.getvalue('syn_flood') == "1" else ''
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} STATS_USER={stats_user} STATS_PASS='{stats_password}' "
f"SSH_PORT={ssh_settings['port']} CONFIG_PATH={config_path} CONT_NAME={container_name} STAT_PORT={stats_port} "
f"STAT_PAGE={stats_page} SYN_FLOOD={syn_flood_protect} DOCKER={docker} nginx_dir={nginx_dir} HOST={server_ip} "
f"USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}"
]
output, error = server_mod.subprocess_execute(commands[0])
if server_for_installing:
service = server_for_installing + ' Nginx'
else:
service = ' Nginx'
if show_installation_output(error, output, service):
sql.update_nginx(server_ip)
if docker == '1':
server_id = sql.select_server_id_by_ip(server_ip)
sql.insert_or_update_service_setting(server_id, 'nginx', 'dockerized', '1')
sql.insert_or_update_service_setting(server_id, 'nginx', 'restart', '1')
os.remove(script)
def geoip_installation():
serv = common.is_ip_or_dns(form.getvalue('geoip_install'))
geoip_update = common.checkAjaxInput(form.getvalue('geoip_update'))
service = form.getvalue('geoip_service')
proxy = sql.get_setting('proxy')
maxmind_key = sql.get_setting('maxmind_key')
proxy_serv = ''
ssh_settings = return_ssh_keys_path(serv)
if service in ('haproxy', 'nginx'):
service_dir = common.return_nice_path(sql.get_setting(f'{service}_dir'))
script = f'install_{service}_geoip.sh'
else:
print('warning: select a server and service first')
return
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
os.system(f"cp scripts/{script} .")
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} UPDATE={geoip_update} "
f"maxmind_key={maxmind_key} service_dir={service_dir} HOST={serv} USER={ssh_settings['user']} "
f"PASS={ssh_settings['password']} KEY={ssh_settings['key']}"
]
output, error = server_mod.subprocess_execute(commands[0])
show_installation_output(error, output, 'GeoLite2 Database')
os.remove(script)
def grafana_install():
script = "install_grafana.sh"
proxy = sql.get_setting('proxy')
proxy_serv = ''
host = os.environ.get('HTTP_HOST', '')
os.system(f"cp scripts/{script} .")
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
cmd = f"chmod +x {script} && ./{script} PROXY={proxy_serv}"
output, error = server_mod.subprocess_execute(cmd)
if error:
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
print(
f'success: Grafana and Prometheus servers were installed. You can find Grafana on http://{host}:3000<br>')
else:
for line in output:
if any(s in line for s in ("Traceback", "FAILED")):
try:
print(line)
break
except Exception:
print(output)
break
else:
print(
f'success: Grafana and Prometheus servers were installed. You can find Grafana on http://{host}:3000<br>')
os.remove(script)
def keepalived_master_install():
master = form.getvalue('master')
eth = form.getvalue('interface')
eth_slave = form.getvalue('slave_interface')
vrrp_ip = form.getvalue('vrrpip')
syn_flood = form.getvalue('syn_flood')
virt_server = form.getvalue('virt_server')
return_to_master = form.getvalue('return_to_master')
haproxy = form.getvalue('hap')
nginx = form.getvalue('nginx')
router_id = form.getvalue('router_id')
script = "install_keepalived.sh"
proxy = sql.get_setting('proxy')
keepalived_path_logs = sql.get_setting('keepalived_path_logs')
proxy_serv = ''
ssh_settings = return_ssh_keys_path(master)
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
os.system(f"cp scripts/{script} .")
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} router_id={router_id} "
f"ETH={eth} IP={vrrp_ip} MASTER=MASTER ETH_SLAVE={eth_slave} keepalived_path_logs={keepalived_path_logs} "
f"RETURN_TO_MASTER={return_to_master} SYN_FLOOD={syn_flood} HOST={master} HAPROXY={haproxy} NGINX={nginx} "
f"USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}"
]
output, error = server_mod.subprocess_execute(commands[0])
if show_installation_output(error, output, 'master Keepalived'):
sql.update_keepalived(master)
if virt_server != '0':
group_id = sql.get_group_id_by_server_ip(master)
cred_id = sql.get_cred_id_by_server_ip(master)
hostname = sql.get_hostname_by_server_ip(master)
firewall = 1 if server_mod.is_service_active(master, 'firewalld') else 0
sql.add_server(
hostname + '-VIP', IP, group_id, '1', '1', '0', cred_id, ssh_settings['port'], f'VRRP IP for {master}',
haproxy, nginx, '0', firewall
)
os.remove(script)
def keepalived_slave_install():
master = form.getvalue('master_slave')
slave = form.getvalue('slave')
eth = form.getvalue('interface')
eth_slave = form.getvalue('slave_interface')
vrrp_ip = form.getvalue('vrrpip')
syn_flood = form.getvalue('syn_flood')
haproxy = form.getvalue('hap')
nginx = form.getvalue('nginx')
router_id = form.getvalue('router_id')
script = "install_keepalived.sh"
proxy = sql.get_setting('proxy')
keepalived_path_logs = sql.get_setting('keepalived_path_logs')
proxy_serv = ''
ssh_settings = return_ssh_keys_path(slave)
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
os.system(f"cp scripts/{script} .")
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} router_id={router_id} ETH={eth} "
f"IP={vrrp_ip} MASTER=BACKUP ETH_SLAVE={eth_slave} SYN_FLOOD={syn_flood} keepalived_path_logs={keepalived_path_logs} HAPROXY={haproxy} "
f"NGINX={nginx} HOST={slave} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}"
]
output, error = server_mod.subprocess_execute(commands[0])
show_installation_output(error, output, 'slave Keepalived')
os.remove(script)
sql.update_server_master(master, slave)
sql.update_keepalived(slave)
def keepalived_masteradd():
master = form.getvalue('masteradd')
eth = form.getvalue('interfaceadd')
slave_eth = form.getvalue('slave_interfaceadd')
vrrp_ip = form.getvalue('vrrpipadd')
router_id = form.getvalue('router_id')
kp = form.getvalue('kp')
return_to_master = form.getvalue('return_to_master')
script = "install_keepalived.sh"
proxy = sql.get_setting('proxy')
keepalived_path_logs = sql.get_setting('keepalived_path_logs')
proxy_serv = ''
ssh_settings = return_ssh_keys_path(master)
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
os.system(f"cp scripts/{script} .")
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} ETH={eth} SLAVE_ETH={slave_eth} "
f"keepalived_path_logs={keepalived_path_logs} RETURN_TO_MASTER={return_to_master} IP={vrrp_ip} MASTER=MASTER "
f"RESTART={kp} ADD_VRRP=1 HOST={master} router_id={router_id} USER={ssh_settings['user']} "
f"PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}"
]
output, error = server_mod.subprocess_execute(commands[0])
show_installation_output(error, output, 'master VRRP address')
os.remove(script)
def keepalived_slaveadd():
slave = form.getvalue('slaveadd')
eth = form.getvalue('interfaceadd')
slave_eth = form.getvalue('slave_interfaceadd')
vrrp_ip = form.getvalue('vrrpipadd')
router_id = form.getvalue('router_id')
kp = form.getvalue('kp')
script = "install_keepalived.sh"
proxy = sql.get_setting('proxy')
keepalived_path_logs = sql.get_setting('keepalived_path_logs')
proxy_serv = ''
ssh_settings = return_ssh_keys_path(slave)
if proxy is not None and proxy != '' and proxy != 'None':
proxy_serv = proxy
os.system(f"cp scripts/{script} .")
commands = [
f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} ETH={eth} SLAVE_ETH={slave_eth} "
f"keepalived_path_logs={keepalived_path_logs} IP={vrrp_ip} MASTER=BACKUP RESTART={kp} ADD_VRRP=1 HOST={slave} "
f"router_id={router_id} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}"
]
output, error = server_mod.subprocess_execute(commands[0])
show_installation_output(error, output, 'slave VRRP address')
os.remove(script)

28
app/nettools.py
View File

@ -1,32 +1,32 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import sys import sys
import funct import modules.common.common as common
import modules.roxywi.roxy as roxywi_mod
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('nettools.html') template = env.get_template('nettools.html')
form = funct.form form = common.form
print('Content-type: text/html\n') print('Content-type: text/html\n')
try: user_params = roxywi_common.get_users_params(virt=1)
user, user_id, role, token, servers, user_services \
= funct.get_users_params(virt=1)
except Exception:
pass
try: try:
funct.check_login(user_id, token) roxywi_auth.check_login(user_params['user_uuid'], user_params['token'])
except Exception as e: except Exception as e:
print(f'error {e}') print(f'error {e}')
sys.exit() sys.exit()
output_from_parsed_template = template.render(h2=1, autorefresh=0, output_from_parsed_template = template.render(h2=1, autorefresh=0,
title="Network tools", title="Network tools",
role=role, role=user_params['role'],
user=user, user=user_params['user'],
servers=servers, servers=user_params['servers'],
versions=funct.versions(), versions=roxywi_mod.versions(),
user_services=user_services, user_services=user_params['user_services'],
token=token) token=user_params['token'])
print(output_from_parsed_template) print(output_from_parsed_template)

1337
app/options.py
View File

File diff suppressed because it is too large Load Diff

68
app/overview.py
View File

@ -2,12 +2,16 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
import os import os
import sys import sys
import psutil import psutil
import funct
import sql
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
import modules.db.sql as sql
import modules.roxywi.logs as roxy_logs
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.server.server as server_mod
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('ovw.html') template = env.get_template('ovw.html')
@ -21,24 +25,20 @@ is_metrics_worker = 0
servers_group = [] servers_group = []
host = os.environ.get('HTTP_HOST', '') host = os.environ.get('HTTP_HOST', '')
try: user_params = roxywi_common.get_users_params()
user, user_id, role, token, servers, user_services = funct.get_users_params()
except Exception as e:
print(f'error {e}')
sys.exit()
try: try:
funct.check_login(user_id, token) roxywi_auth.check_login(user_params['user_uuid'], user_params['token'])
except Exception as e: except Exception as e:
print(f'error {e}') print(f'error {e}')
sys.exit() sys.exit()
try: try:
groups = sql.select_groups() groups = sql.select_groups()
user_group = funct.get_user_group(id=1) user_group = roxywi_common.get_user_group(id=1)
if (role == 2 or role == 3) and int(user_group) != 1: if (user_params['role'] == 2 or user_params['role'] == 3) and int(user_group) != 1:
for s in servers: for s in user_params['servers']:
servers_group.append(s[2]) servers_group.append(s[2])
is_checker_worker = len(sql.select_all_alerts(group=user_group)) is_checker_worker = len(sql.select_all_alerts(group=user_group))
@ -70,21 +70,19 @@ try:
pass pass
cmd = "systemctl is-active roxy-wi-metrics" cmd = "systemctl is-active roxy-wi-metrics"
metrics_master, stderr = funct.subprocess_execute(cmd) metrics_master, stderr = server_mod.subprocess_execute(cmd)
cmd = "systemctl is-active roxy-wi-checker" cmd = "systemctl is-active roxy-wi-checker"
checker_master, stderr = funct.subprocess_execute(cmd) checker_master, stderr = server_mod.subprocess_execute(cmd)
cmd = "systemctl is-active roxy-wi-keep_alive" cmd = "systemctl is-active roxy-wi-keep_alive"
keep_alive, stderr = funct.subprocess_execute(cmd) keep_alive, stderr = server_mod.subprocess_execute(cmd)
cmd = "systemctl is-active roxy-wi-smon" cmd = "systemctl is-active roxy-wi-smon"
smon, stderr = funct.subprocess_execute(cmd) smon, stderr = server_mod.subprocess_execute(cmd)
cmd = "systemctl is-active roxy-wi-portscanner" cmd = "systemctl is-active roxy-wi-portscanner"
port_scanner, stderr = funct.subprocess_execute(cmd) port_scanner, stderr = server_mod.subprocess_execute(cmd)
cmd = "systemctl is-active roxy-wi-socket" cmd = "systemctl is-active roxy-wi-socket"
socket, stderr = funct.subprocess_execute(cmd) socket, stderr = server_mod.subprocess_execute(cmd)
except Exception: except Exception as e:
role = ''
user = ''
groups = '' groups = ''
roles = '' roles = ''
metrics_master = '' metrics_master = ''
@ -92,21 +90,21 @@ except Exception:
keep_alive = '' keep_alive = ''
smon = '' smon = ''
socket = '' socket = ''
servers = ''
stderr = '' stderr = ''
token = '' print(e)
rendered_template = template.render( rendered_template = template.render(
h2=1, autorefresh=1, title="Overview", role=role, user=user, groups=groups, roles=sql.select_roles(), h2=1, autorefresh=1, title="Overview", role=user_params['role'], user=user_params['user'], groups=groups,
metrics_master=''.join(metrics_master), metrics_worker=metrics_worker, checker_master=''.join(checker_master), roles=sql.select_roles(), metrics_master=''.join(metrics_master), metrics_worker=metrics_worker,
checker_worker=checker_worker, keep_alive=''.join(keep_alive), smon=''.join(smon), checker_master=''.join(checker_master), checker_worker=checker_worker, keep_alive=''.join(keep_alive),
port_scanner=''.join(port_scanner), grafana=grafana, socket=''.join(socket), smon=''.join(smon), port_scanner=''.join(port_scanner), grafana=grafana, socket=''.join(socket),
roxy_wi_log_id=funct.roxy_wi_log(log_id=1, file="roxy-wi-"), roxy_wi_log_id=roxy_logs.roxy_wi_log(log_id=1, file="roxy-wi-"),
metrics_log_id=funct.roxy_wi_log(log_id=1, file="metrics"), metrics_log_id=roxy_logs.roxy_wi_log(log_id=1, file="metrics"),
checker_log_id=funct.roxy_wi_log(log_id=1, file="checker"), checker_log_id=roxy_logs.roxy_wi_log(log_id=1, file="checker"),
keep_alive_log_id=funct.roxy_wi_log(log_id=1, file="keep_alive"), keep_alive_log_id=roxy_logs.roxy_wi_log(log_id=1, file="keep_alive"),
socket_log_id=funct.roxy_wi_log(log_id=1, file="socket"), error=stderr, socket_log_id=roxy_logs.roxy_wi_log(log_id=1, file="socket"), error=stderr,
roxy_wi_log=funct.roxy_wi_log(), servers=servers, is_checker_worker=is_checker_worker, roxy_wi_log=roxy_logs.roxy_wi_log(), servers=user_params['servers'], is_checker_worker=is_checker_worker,
is_metrics_worker=is_metrics_worker, host=host, user_services=user_services, token=token is_metrics_worker=is_metrics_worker, host=host, user_services=user_params['user_services'],
token=user_params['token']
) )
print(rendered_template) print(rendered_template)

77
app/portscanner.py
View File

@ -1,63 +1,64 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import sys import sys
import funct
import sql
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.server.server as server_mod
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('portscanner.html') template = env.get_template('portscanner.html')
form = funct.form form = common.form
serv = form.getvalue('history') serv = form.getvalue('history')
print('Content-type: text/html\n') print('Content-type: text/html\n')
try: user_params = roxywi_common.get_users_params(virt=1)
user, user_id, role, token, servers, user_services = funct.get_users_params(virt=1)
except Exception as e:
print(str(e))
try: try:
funct.check_login(user_id, token) roxywi_auth.check_login(user_params['user_uuid'], user_params['token'])
except Exception as e: except Exception as e:
print(f'error {e}') print(f'error {e}')
sys.exit() sys.exit()
if serv: if serv:
title = 'Port scanner history for ' + serv title = f'Port scanner history for {serv}'
port_scanner_settings = sql.select_port_scanner_history(serv) port_scanner_settings = sql.select_port_scanner_history(serv)
history = '1' history = '1'
port_scanner = '' port_scanner = ''
port_scanner_stderr = '' port_scanner_stderr = ''
count_ports = '' count_ports = ''
else: else:
history = '' history = ''
title = 'Port scanner dashboard' title = 'Port scanner dashboard'
user_group = funct.get_user_group(id=1) user_group = roxywi_common.get_user_group(id=1)
port_scanner_settings = sql.select_port_scanner_settings(user_group) port_scanner_settings = sql.select_port_scanner_settings(user_group)
if not port_scanner_settings: if not port_scanner_settings:
port_scanner_settings = '' port_scanner_settings = ''
count_ports = '' count_ports = ''
else: else:
count_ports = list() count_ports = list()
for s in servers: for s in user_params['servers']:
count_ports_from_sql = sql.select_count_opened_ports(s[2]) count_ports_from_sql = sql.select_count_opened_ports(s[2])
i = (s[2], count_ports_from_sql) i = (s[2], count_ports_from_sql)
count_ports.append(i) count_ports.append(i)
cmd = "systemctl is-active roxy-wi-portscanner" cmd = "systemctl is-active roxy-wi-portscanner"
port_scanner, port_scanner_stderr = funct.subprocess_execute(cmd) port_scanner, port_scanner_stderr = server_mod.subprocess_execute(cmd)
try: try:
user_status, user_plan = funct.return_user_status() user_subscription = roxywi_common.return_user_status()
except Exception as e: except Exception as e:
user_status, user_plan = 0, 0 user_subscription = roxywi_common.return_unsubscribed_user_status()
funct.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
rendered_template = template.render( rendered_template = template.render(
h2=1, autorefresh=0, title=title, role=role, user=user, servers=servers, port_scanner_settings=port_scanner_settings, h2=1, autorefresh=0, title=title, role=user_params['role'], user=user_params['user'], servers=user_params['servers'],
count_ports=count_ports, history=history, port_scanner=''.join(port_scanner), port_scanner_stderr=port_scanner_stderr, port_scanner_settings=port_scanner_settings, count_ports=count_ports, history=history, port_scanner=''.join(port_scanner),
user_services=user_services, user_status=user_status, user_plan=user_plan, token=token port_scanner_stderr=port_scanner_stderr, user_services=user_params['user_services'], user_status=user_subscription['user_status'],
user_plan=user_subscription['user_plan'], token=user_params['token']
) )
print(rendered_template) print(rendered_template)

31
app/provisioning.py
View File

@ -1,33 +1,38 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import sys import sys
import funct
import sql
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.server.server as server_mod
env = Environment(extensions=["jinja2.ext.do"], loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(extensions=["jinja2.ext.do"], loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('provisioning.html') template = env.get_template('provisioning.html')
form = funct.form form = common.form
print('Content-type: text/html\n') print('Content-type: text/html\n')
user, user_id, role, token, servers, user_services = funct.get_users_params() user_params = roxywi_common.get_users_params()
try: try:
funct.check_login(user_id, token) roxywi_auth.check_login(user_params['user_uuid'], user_params['token'])
except Exception as e: except Exception as e:
print(f'error {e}') print(f'error {e}')
sys.exit() sys.exit()
funct.page_for_admin(level=2) roxywi_auth.page_for_admin(level=2)
try: try:
if role == 1: if user_params['role'] == 1:
groups = sql.select_groups() groups = sql.select_groups()
else: else:
groups = funct.get_user_group(id=1) groups = roxywi_common.get_user_group(id=1)
user_group = funct.get_user_group(id=1) user_group = roxywi_common.get_user_group(id=1)
cmd = 'which terraform' cmd = 'which terraform'
output, stderr = funct.subprocess_execute(cmd) output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '': if stderr != '':
is_terraform = False is_terraform = False
@ -39,8 +44,8 @@ except Exception as e:
print(str(e)) print(str(e))
rendered_template = template.render( rendered_template = template.render(
title="Servers provisioning", role=role, user=user, groups=groups, user_group=user_group, title="Servers provisioning", role=user_params['role'], user=user_params['user'], groups=groups,
servers=sql.select_provisioned_servers(), providers=sql.select_providers(user_group), user_group=user_group, servers=sql.select_provisioned_servers(), providers=sql.select_providers(user_group),
is_terraform=is_terraform, user_services=user_services, token=token, params=params is_terraform=is_terraform, user_services=user_params['user_services'], token=user_params['token'], params=params
) )
print(rendered_template) print(rendered_template)

15
app/runtimeapi.py
View File

@ -1,22 +1,25 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import sys import sys
import funct import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('runtimeapi.html') template = env.get_template('runtimeapi.html')
print('Content-type: text/html\n') print('Content-type: text/html\n')
user, user_id, role, token, servers, user_services = funct.get_users_params(virt=1, haproxy=1) user_params = roxywi_common.get_users_params(virt=1, haproxy=1)
try: try:
funct.check_login(user_id, token, service=1) roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1)
except Exception as e: except Exception as e:
print(f'error {e}') print(f'error {e}')
sys.exit() sys.exit()
form = funct.form form = common.form
try: try:
servbackend = form.getvalue('servbackend') servbackend = form.getvalue('servbackend')
@ -27,7 +30,7 @@ except Exception:
pass pass
rendered_template = template.render( rendered_template = template.render(
h2=0, title="RunTime API", role=role, user=user, select_id="serv", selects=servers, token=token, h2=0, title="RunTime API", role=user_params['role'], user=user_params['user'], select_id="serv",
user_services=user_services, servbackend=servbackend selects=user_params['servers'], token=user_params['token'], user_services=user_params['user_services'], servbackend=servbackend
) )
print(rendered_template) print(rendered_template)

50
app/sections.py
View File

@ -4,28 +4,31 @@ import sys
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
import sql import modules.db.sql as sql
import funct import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.config.section as section_mod
import modules.config.config as config_mod
import modules.roxy_wi_tools as roxy_wi_tools import modules.roxy_wi_tools as roxy_wi_tools
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
get_config_var = roxy_wi_tools.GetConfigVar() get_config_var = roxy_wi_tools.GetConfigVar()
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True, extensions=['jinja2.ext.loopcontrols']) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True, extensions=['jinja2.ext.loopcontrols'])
template = env.get_template('sections.html') template = env.get_template('sections.html')
print('Content-type: text/html\n') print('Content-type: text/html\n')
try: user_params = roxywi_common.get_users_params()
user, user_id, role, token, servers, user_services = funct.get_users_params()
except Exception:
pass
try: try:
funct.check_login(user_id, token, service=1) roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1)
except Exception as e: except Exception as e:
print(f'error {e}') print(f'error {e}')
sys.exit() sys.exit()
form = funct.form form = common.form
serv = form.getvalue('serv') serv = form.getvalue('serv')
section = form.getvalue('section') section = form.getvalue('section')
is_serv_protected = sql.is_serv_protected(serv) is_serv_protected = sql.is_serv_protected(serv)
@ -43,26 +46,26 @@ is_restart = ''
hap_configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir') hap_configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')
if serv is not None and open is not None: if serv is not None and open is not None:
cfg = hap_configs_dir + serv + "-" + funct.get_data('config') + ".cfg" cfg = f"{hap_configs_dir}{serv}-{get_date.return_date('config')}.cfg"
error = funct.get_config(serv, cfg) error = config_mod.get_config(serv, cfg)
sections = funct.get_sections(cfg) sections = section_mod.get_sections(cfg)
if serv is not None and section is not None: if serv is not None and section is not None:
try: try:
funct.logging(serv, "sections.py open config") roxywi_common.logging(serv, "sections.py open config")
except Exception: except Exception:
pass pass
start_line, end_line, config_read = funct.get_section_from_config(cfg, section) start_line, end_line, config_read = section_mod.get_section_from_config(cfg, section)
server_id = sql.select_server_id_by_ip(serv) server_id = sql.select_server_id_by_ip(serv)
is_restart = sql.select_service_setting(server_id, 'haproxy', 'restart') is_restart = sql.select_service_setting(server_id, 'haproxy', 'restart')
os.system("/bin/mv %s %s.old" % (cfg, cfg)) os.system(f"/bin/mv {cfg} {cfg}.old")
if serv is not None and form.getvalue('config') is not None: if serv is not None and form.getvalue('config') is not None:
try: try:
funct.logging(serv, "sections.py edited config") roxywi_common.logging(serv, "sections.py edited config")
except Exception: except Exception:
pass pass
@ -77,7 +80,7 @@ if serv is not None and form.getvalue('config') is not None:
config = '' config = ''
save = 'reload' save = 'reload'
config = funct.rewrite_section(start_line, end_line, oldcfg, config) config = section_mod.rewrite_section(start_line, end_line, oldcfg, config)
try: try:
with open(cfg, "w") as conf: with open(cfg, "w") as conf:
@ -85,21 +88,22 @@ if serv is not None and form.getvalue('config') is not None:
except IOError: except IOError:
error = "Can't read import config file" error = "Can't read import config file"
stderr = funct.master_slave_upload_and_restart(serv, cfg, just_save=save, oldcfg=oldcfg) stderr = config_mod.master_slave_upload_and_restart(serv, cfg, just_save=save, oldcfg=oldcfg)
if "is valid" in stderr: if "is valid" in stderr:
warning = stderr warning = stderr
stderr = '' stderr = ''
funct.diff_config(oldcfg, cfg) config_mod.diff_config(oldcfg, cfg)
os.system("/bin/rm -f " + hap_configs_dir + "*.old") os.system(f"/bin/rm -f {hap_configs_dir}*.old")
rendered_template = template.render( rendered_template = template.render(
h2=1, title="Working with HAProxy config sections", role=role, action="sections.py", user=user, select_id="serv", h2=1, title="Working with HAProxy config sections", role=user_params['role'], action="sections.py", user=user_params['user'],
serv=serv, aftersave=aftersave, config=config_read, cfg=cfg, selects=servers, stderr=stderr, error=error, select_id="serv", serv=serv, aftersave=aftersave, config=config_read, cfg=cfg, selects=user_params['servers'],
start_line=start_line, end_line=end_line, section=section, sections=sections, is_serv_protected=is_serv_protected, stderr=stderr, error=error, start_line=start_line, end_line=end_line, section=section, sections=sections,
user_services=user_services, token=token, warning=warning, is_restart=is_restart is_serv_protected=is_serv_protected,user_services=user_params['user_services'], token=user_params['token'],
warning=warning, is_restart=is_restart
) )
print(rendered_template) print(rendered_template)

37
app/servers.py
View File

@ -3,45 +3,50 @@ import sys
import pytz import pytz
import funct import modules.db.sql as sql
import sql import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
env = Environment(extensions=["jinja2.ext.do"], loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(extensions=["jinja2.ext.do"], loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('servers.html') template = env.get_template('servers.html')
form = funct.form form = common.form
print('Content-type: text/html\n') print('Content-type: text/html\n')
user, user_id, role, token, servers, user_services = funct.get_users_params() user_params = roxywi_common.get_users_params()
try: try:
funct.check_login(user_id, token) roxywi_auth.check_login(user_params['user_uuid'], user_params['token'])
except Exception as e: except Exception as e:
print(f'error {e}') print(f'error {e}')
sys.exit() sys.exit()
funct.page_for_admin(level=2) roxywi_auth.page_for_admin(level=2)
try: try:
ldap_enable = sql.get_setting('ldap_enable') ldap_enable = sql.get_setting('ldap_enable')
user_group = funct.get_user_group(id=1) user_group = roxywi_common.get_user_group(id=1)
settings = sql.get_setting('', all=1) settings = sql.get_setting('', all=1)
geoip_country_codes = sql.select_geoip_country_codes() geoip_country_codes = sql.select_geoip_country_codes()
services = sql.select_services() services = sql.select_services()
gits = sql.select_gits() gits = sql.select_gits()
servers = roxywi_common.get_dick_permit(virt=1, disable=0, only_group=1)
masters = sql.select_servers(get_master_servers=1, uuid=user_params['user_uuid'].value)
except Exception: except Exception:
pass pass
try: try:
user_status, user_plan = funct.return_user_status() user_subscription = roxywi_common.return_user_status()
except Exception as e: except Exception as e:
user_status, user_plan = 0, 0 user_subscription = roxywi_common.return_unsubscribed_user_status()
funct.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
rendered_template = template.render( rendered_template = template.render(
title="Servers: ", role=role, user=user, users=sql.select_users(group=user_group), groups=sql.select_groups(), title="Servers: ", role=user_params['role'], user=user_params['user'], users=sql.select_users(group=user_group),
servers=sql.get_dick_permit(virt=1, disable=0, only_group=1), roles=sql.select_roles(), groups=sql.select_groups(), servers=servers, roles=sql.select_roles(), sshs=sql.select_ssh(group=user_group),
masters=sql.select_servers(get_master_servers=1, uuid=user_id.value), group=user_group, masters=masters, group=user_group, services=services, timezones=pytz.all_timezones,
sshs=sql.select_ssh(group=user_group), token=token, settings=settings, backups=sql.select_backups(), token=user_params['token'], settings=settings, backups=sql.select_backups(), page="servers.py",
page="servers.py", geoip_country_codes=geoip_country_codes, user_services=user_services, ldap_enable=ldap_enable, geoip_country_codes=geoip_country_codes, user_services=user_params['user_services'], ldap_enable=ldap_enable,
user_status=user_status, user_plan=user_plan, gits=gits, services=services, timezones=pytz.all_timezones user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], gits=gits,
) )
print(rendered_template) print(rendered_template)

36
app/smon.py
View File

@ -1,38 +1,44 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import sys import sys
import funct
import sql
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.server.server as server_mod
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('smon.html') template = env.get_template('smon.html')
print('Content-type: text/html\n') print('Content-type: text/html\n')
user, user_id, role, token, servers, user_services = funct.get_users_params() user_params = roxywi_common.get_users_params()
try: try:
funct.check_login(user_id, token) roxywi_auth.check_login(user_params['user_uuid'], user_params['token'])
except Exception as e: except Exception as e:
print(f'error {e}') print(f'error {e}')
sys.exit() sys.exit()
form = funct.form roxywi_common.check_user_group()
form = common.form
action = form.getvalue('action') action = form.getvalue('action')
sort = form.getvalue('sort') sort = form.getvalue('sort')
autorefresh = 0 autorefresh = 0
user_group = funct.get_user_group(id=1) user_group = roxywi_common.get_user_group(id=1)
cmd = "systemctl is-active roxy-wi-smon" cmd = "systemctl is-active roxy-wi-smon"
smon_status, stderr = funct.subprocess_execute(cmd) smon_status, stderr = server_mod.subprocess_execute(cmd)
if action == 'add': if action == 'add':
smon = sql.select_smon(user_group, action='add') smon = sql.select_smon(user_group, action='add')
funct.page_for_admin(level=3) roxywi_auth.page_for_admin(level=3)
title = "SMON Admin" title = "SMON Admin"
elif action == 'history': elif action == 'history':
if form.getvalue('host'): if form.getvalue('host'):
needed_host = funct.is_ip_or_dns(form.getvalue('host')) needed_host = common.is_ip_or_dns(form.getvalue('host'))
smon = sql.alerts_history('SMON', user_group, host=needed_host) smon = sql.alerts_history('SMON', user_group, host=needed_host)
else: else:
smon = sql.alerts_history('SMON', user_group) smon = sql.alerts_history('SMON', user_group)
@ -46,15 +52,15 @@ else:
autorefresh = 1 autorefresh = 1
try: try:
user_status, user_plan = funct.return_user_status() user_subscription = roxywi_common.return_user_status()
except Exception as e: except Exception as e:
user_status, user_plan = 0, 0 user_subscription = roxywi_common.return_unsubscribed_user_status()
funct.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
rendered_template = template.render( rendered_template = template.render(
h2=1, title=title, autorefresh=autorefresh, role=role, user=user, group=user_group, h2=1, title=title, autorefresh=autorefresh, role=user_params['role'], user=user_params['user'], group=user_group,
telegrams=sql.get_user_telegram_by_group(user_group), slacks=sql.get_user_slack_by_group(user_group), telegrams=sql.get_user_telegram_by_group(user_group), slacks=sql.get_user_slack_by_group(user_group),
smon=smon, smon_status=smon_status, smon_error=stderr, action=action, sort=sort, user_services=user_services, smon=smon, smon_status=smon_status, smon_error=stderr, action=action, sort=sort, user_services=user_params['user_services'],
user_status=user_status, user_plan=user_plan, token=token user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], token=user_params['token']
) )
print(rendered_template) print(rendered_template)

20
app/statsview.py
View File

@ -1,14 +1,17 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import funct import modules.db.sql as sql
import sql import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('statsview.html') template = env.get_template('statsview.html')
print('Content-type: text/html\n') print('Content-type: text/html\n')
user, user_id, role, token, servers, user_services = funct.get_users_params(virt=1, haproxy=1) user_params = roxywi_common.get_users_params(virt=1, haproxy=1)
form = funct.form form = common.form
serv = form.getvalue('serv') serv = form.getvalue('serv')
service = form.getvalue('service') service = form.getvalue('service')
@ -23,14 +26,15 @@ except Exception:
if service in ('haproxy', 'nginx', 'apache'): if service in ('haproxy', 'nginx', 'apache'):
service_desc = sql.select_service(service) service_desc = sql.select_service(service)
if funct.check_login(user_id, token, service=service_desc.service_id): if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id):
title = f'{service_desc.service} stats page' title = f'{service_desc.service} stats page'
sql.get_dick_permit(service=service_desc.slug) roxywi_common.get_dick_permit(service=service_desc.slug)
else: else:
print('<meta http-equiv="refresh" content="0; url=/app/overview.py">') print('<meta http-equiv="refresh" content="0; url=/app/overview.py">')
rendered_template = template.render( rendered_template = template.render(
h2=1, autorefresh=1, title=title, role=role, user=user, onclick="showStats()", select_id="serv", h2=1, autorefresh=1, title=title, role=user_params['role'], user=user_params['user'], onclick="showStats()",
selects=servers, serv=serv, service=service, user_services=user_services, token=token selects=user_params['servers'], serv=serv, service=service, user_services=user_params['user_services'],
token=user_params['token'], select_id="serv"
) )
print(rendered_template) print(rendered_template)

47
app/users.py
View File

@ -4,46 +4,47 @@ import sys
import pytz import pytz
import funct import modules.db.sql as sql
import sql import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('admin.html') template = env.get_template('admin.html')
form = funct.form form = common.form
print('Content-type: text/html\n') print('Content-type: text/html\n')
user, user_id, role, token, servers, user_services = funct.get_users_params() user_params = roxywi_common.get_users_params()
try: try:
funct.check_login(user_id, token) roxywi_auth.check_login(user_params['user_uuid'], user_params['token'])
except Exception as e: except Exception as e:
print(f'error {e}') print(f'error {e}')
sys.exit() sys.exit()
funct.page_for_admin() roxywi_auth.page_for_admin()
users = sql.select_users()
settings = sql.get_setting('', all=1)
ldap_enable = sql.get_setting('ldap_enable')
services = sql.select_services()
gits = sql.select_gits()
masters = sql.select_servers(get_master_servers=1)
try: try:
users = sql.select_users() user_subscription = roxywi_common.return_user_status()
settings = sql.get_setting('', all=1)
ldap_enable = sql.get_setting('ldap_enable')
services = sql.select_services()
gits = sql.select_gits()
except Exception:
pass
try:
user_status, user_plan = funct.return_user_status()
except Exception as e: except Exception as e:
user_status, user_plan = 0, 0 user_subscription = roxywi_common.return_unsubscribed_user_status()
funct.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1)
rendered_template = template.render( rendered_template = template.render(
title="Admin area: Manage users", role=role, user=user, users=users, groups=sql.select_groups(), title="Admin area: Manage users", role=user_params['role'], user=user_params['user'], users=users, groups=sql.select_groups(),
servers=sql.select_servers(full=1), roles=sql.select_roles(), masters=sql.select_servers(get_master_servers=1), servers=sql.select_servers(full=1), roles=sql.select_roles(), masters=masters, sshs=sql.select_ssh(),
sshs=sql.select_ssh(), token=token, settings=settings, backups=sql.select_backups(), settings=settings, backups=sql.select_backups(), services=services, timezones=pytz.all_timezones,
page="users.py", user_services=user_services, ldap_enable=ldap_enable, user_status=user_status, page="users.py", user_services=user_params['user_services'], ldap_enable=ldap_enable, gits=gits,
user_plan=user_plan, gits=gits, services=services, timezones=pytz.all_timezones user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], token=user_params['token']
) )
print(rendered_template) print(rendered_template)

42
app/versions.py
View File

@ -3,8 +3,11 @@ import os
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
import funct import modules.db.sql as sql
import sql import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.config.config as config_mod
import modules.roxy_wi_tools as roxy_wi_tools import modules.roxy_wi_tools as roxy_wi_tools
get_config_var = roxy_wi_tools.GetConfigVar() get_config_var = roxy_wi_tools.GetConfigVar()
@ -13,16 +16,13 @@ template = env.get_template('delver.html')
print('Content-type: text/html\n') print('Content-type: text/html\n')
try: user_params = roxywi_common.get_users_params(disable=1)
user, user_id, role, token, servers, user_services = funct.get_users_params(disable=1)
except Exception:
pass
funct.page_for_admin(level=3) roxywi_auth.page_for_admin(level=3)
form = funct.form form = common.form
serv = funct.is_ip_or_dns(form.getvalue('serv')) serv = common.is_ip_or_dns(form.getvalue('serv'))
service = funct.checkAjaxInput(form.getvalue('service')) service = common.checkAjaxInput(form.getvalue('service'))
Select = form.getvalue('del') Select = form.getvalue('del')
configver = form.getvalue('configver') configver = form.getvalue('configver')
conf_format = 'cfg' conf_format = 'cfg'
@ -36,9 +36,9 @@ if configver:
if service in ('haproxy', 'nginx', 'keepalived', 'apache'): if service in ('haproxy', 'nginx', 'keepalived', 'apache'):
service_desc = sql.select_service(service) service_desc = sql.select_service(service)
if funct.check_login(user_id, token, service=service_desc.service_id): if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id):
title = f"Working with versions {service_desc.service} configs" title = f"Working with versions {service_desc.service} configs"
servers = sql.get_dick_permit(service=service_desc.slug) servers = roxywi_common.get_dick_permit(service=service_desc.slug)
action = f'versions.py?service={service_desc.slug}' action = f'versions.py?service={service_desc.slug}'
conf_format = 'conf' conf_format = 'conf'
@ -71,7 +71,7 @@ if serv is not None and form.getvalue('del') is not None:
os.remove(os.path.join(configs_dir, form.getvalue(get))) os.remove(os.path.join(configs_dir, form.getvalue(get)))
try: try:
file.add(form.getvalue(get) + "<br />") file.add(form.getvalue(get) + "<br />")
funct.logging( roxywi_common.logging(
serv, "Version of config has been deleted: %s" % form.getvalue(get), login=1, keep_history=1, service=service serv, "Version of config has been deleted: %s" % form.getvalue(get), login=1, keep_history=1, service=service
) )
except Exception: except Exception:
@ -85,27 +85,27 @@ if serv is not None and form.getvalue('config') is not None:
aftersave = 1 aftersave = 1
try: try:
funct.logging( roxywi_common.logging(
serv, "Version of config has been uploaded %s" % configver, login=1, keep_history=1, service=service serv, "Version of config has been uploaded %s" % configver, login=1, keep_history=1, service=service
) )
except Exception: except Exception:
pass pass
if service == 'keepalived': if service == 'keepalived':
stderr = funct.upload_and_restart(serv, configver, just_save=save, keepalived=1) stderr = config_mod.upload_and_restart(serv, configver, just_save=save, keepalived=1)
elif service == 'nginx': elif service == 'nginx':
config_file_name = sql.select_remote_path_from_version(server_ip=serv, service=service, local_path=configver) config_file_name = sql.select_remote_path_from_version(server_ip=serv, service=service, local_path=configver)
stderr = funct.master_slave_upload_and_restart(serv, configver, just_save=save, nginx=1, config_file_name=config_file_name) stderr = config_mod.master_slave_upload_and_restart(serv, configver, just_save=save, nginx=1, config_file_name=config_file_name)
elif service == 'apache': elif service == 'apache':
config_file_name = sql.select_remote_path_from_version(server_ip=serv, service=service, local_path=configver) config_file_name = sql.select_remote_path_from_version(server_ip=serv, service=service, local_path=configver)
stderr = funct.master_slave_upload_and_restart(serv, configver, just_save=save, apache=1, config_file_name=config_file_name) stderr = config_mod.master_slave_upload_and_restart(serv, configver, just_save=save, apache=1, config_file_name=config_file_name)
else: else:
stderr = funct.master_slave_upload_and_restart(serv, configver, just_save=save) stderr = config_mod.master_slave_upload_and_restart(serv, configver, just_save=save)
rendered_template = template.render( rendered_template = template.render(
h2=1, title=title, role=role, user=user, select_id="serv", serv=serv, aftersave=aftersave, selects=servers, h2=1, title=title, role=user_params['role'], user=user_params['user'], select_id="serv", serv=serv, aftersave=aftersave,
stderr=stderr, open=form.getvalue('open'), Select=form.getvalue('del'), file=file, configver=configver, selects=user_params['servers'], stderr=stderr, open=form.getvalue('open'), Select=form.getvalue('del'), file=file,
service=service, user_services=user_services, action=action, token=token configver=configver, service=service, user_services=user_params['user_services'], action=action, token=user_params['token']
) )
print(rendered_template) print(rendered_template)

24
app/viewlogs.py
View File

@ -5,20 +5,22 @@ import datetime
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
import funct import modules.db.sql as sql
import sql import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.roxy_wi_tools as roxy_wi_tools import modules.roxy_wi_tools as roxy_wi_tools
get_config_var = roxy_wi_tools.GetConfigVar() get_config_var = roxy_wi_tools.GetConfigVar()
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('logs.html') template = env.get_template('logs.html')
form = funct.form form = common.form
print('Content-type: text/html\n') print('Content-type: text/html\n')
user, user_id, role, token, servers, user_services = funct.get_users_params() user_params = roxywi_common.get_users_params()
try: try:
funct.check_login(user_id, token) roxywi_auth.check_login(user_params['user_uuid'], user_params['token'])
except Exception as e: except Exception as e:
print(f'error {e}') print(f'error {e}')
sys.exit() sys.exit()
@ -46,10 +48,10 @@ minut = form.getvalue('minut')
minut1 = form.getvalue('minut1') minut1 = form.getvalue('minut1')
if form.getvalue('type') == '2': if form.getvalue('type') == '2':
funct.page_for_admin(level=2) roxywi_auth.page_for_admin(level=2)
page = 'for_editor' page = 'for_editor'
else: else:
funct.page_for_admin() roxywi_auth.page_for_admin()
page = '' page = ''
log_path = get_config_var.get_config_var('main', 'log_path') log_path = get_config_var.get_config_var('main', 'log_path')
@ -66,15 +68,15 @@ try:
except Exception: except Exception:
pass pass
selects = funct.get_files(log_path, file_format="log") selects = roxywi_common.get_files(log_path, file_format="log")
if form.getvalue('type') is None: if form.getvalue('type') is None:
selects.append(['fail2ban.log', 'fail2ban.log']) selects.append(['fail2ban.log', 'fail2ban.log'])
selects.append(['roxy-wi.error.log', 'error.log']) selects.append(['roxy-wi.error.log', 'error.log'])
selects.append(['roxy-wi.access.log', 'access.log']) selects.append(['roxy-wi.access.log', 'access.log'])
rendered_template = template.render( rendered_template = template.render(
h2=1, autorefresh=1, title="View internal logs", role=role, user=user, serv=serv, select_id="viewlogs", h2=1, autorefresh=1, title="View internal logs", role=user_params['role'], user=user_params['user'], serv=serv,
selects=selects, rows=rows, grep=grep, exgrep=exgrep, hour=hour, hour1=hour1, minut=minut, select_id="viewlogs", selects=selects, rows=rows, grep=grep, exgrep=exgrep, hour=hour, hour1=hour1, minut=minut,
minut1=minut1, page=page, user_services=user_services, token=token minut1=minut1, page=page, user_services=user_params['user_services'], token=user_params['token']
) )
print(rendered_template) print(rendered_template)

59
app/waf.py
View File

@ -2,20 +2,25 @@
import os import os
import sys import sys
import funct
import sql
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.config.config as config_mod
import modules.roxy_wi_tools as roxy_wi_tools
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
template = env.get_template('waf.html') template = env.get_template('waf.html')
print('Content-type: text/html\n') print('Content-type: text/html\n')
try: user_params = roxywi_common.get_users_params(haproxy=1)
user, user_id, role, token, servers, user_services = funct.get_users_params(haproxy=1)
except Exception:
pass
form = funct.form form = common.form
manage_rules = form.getvalue('manage_rules') manage_rules = form.getvalue('manage_rules')
waf_rule_id = form.getvalue('waf_rule_id') waf_rule_id = form.getvalue('waf_rule_id')
service = form.getvalue('service') service = form.getvalue('service')
@ -29,32 +34,34 @@ rules = ''
cfg = '' cfg = ''
funct.page_for_admin(level=2) roxywi_auth.page_for_admin(level=2)
print(service)
if service == 'nginx': if service == 'nginx':
funct.check_login(user_id, token, service=2) roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=2)
servers = roxywi_common.get_dick_permit(nginx=1)
else: else:
funct.check_login(user_id, token, service=1) roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1)
servers = user_params['servers']
if manage_rules == '1': if manage_rules == '1':
serv = funct.is_ip_or_dns(form.getvalue('serv')) serv = common.is_ip_or_dns(form.getvalue('serv'))
funct.check_is_server_in_group(serv) roxywi_common.check_is_server_in_group(serv)
title = "Manage rules - Web application firewall" title = "Manage rules - Web application firewall"
rules = sql.select_waf_rules(serv, service) rules = sql.select_waf_rules(serv, service)
elif waf_rule_id and form.getvalue('config') is None: elif waf_rule_id and form.getvalue('config') is None:
serv = funct.is_ip_or_dns(form.getvalue('serv')) serv = common.is_ip_or_dns(form.getvalue('serv'))
funct.check_is_server_in_group(serv) roxywi_common.check_is_server_in_group(serv)
title = 'Edit a WAF rule' title = 'Edit a WAF rule'
waf_rule_file = sql.select_waf_rule_by_id(waf_rule_id) waf_rule_file = sql.select_waf_rule_by_id(waf_rule_id)
configs_dir = sql.get_setting('tmp_config_path') configs_dir = sql.get_setting('tmp_config_path')
cfg = configs_dir + serv + "-" + funct.get_data('config') + "-" + waf_rule_file cfg = configs_dir + serv + "-" + get_date.return_date('config') + "-" + waf_rule_file
error = funct.get_config(serv, cfg, waf=service, waf_rule_file=waf_rule_file) error = config_mod.get_config(serv, cfg, waf=service, waf_rule_file=waf_rule_file)
if service == 'haproxy': if service == 'haproxy':
config_path = sql.get_setting('haproxy_dir') config_path = sql.get_setting('haproxy_dir')
elif service == 'nginx': elif service == 'nginx':
config_path = sql.get_setting('nginx_dir') config_path = sql.get_setting('nginx_dir')
config_file_name = funct.return_nice_path(config_path) + 'waf/rules/' + waf_rule_file config_file_name = comon.return_nice_path(config_path) + 'waf/rules/' + waf_rule_file
try: try:
conf = open(cfg, "r") conf = open(cfg, "r")
config_read = conf.read() config_read = conf.read()
@ -63,14 +70,14 @@ elif waf_rule_id and form.getvalue('config') is None:
print('Cannot read imported config file') print('Cannot read imported config file')
else: else:
title = "Web application firewall" title = "Web application firewall"
servers_waf = sql.select_waf_servers_metrics(user_id.value) servers_waf = sql.select_waf_servers_metrics(user_params['user_uuid'].value)
autorefresh = 1 autorefresh = 1
if serv is not None and form.getvalue('config') is not None: if serv is not None and form.getvalue('config') is not None:
funct.check_is_server_in_group(serv) roxywi_common.check_is_server_in_group(serv)
configs_dir = sql.get_setting('tmp_config_path') configs_dir = sql.get_setting('tmp_config_path')
cfg = configs_dir + serv + "-" + funct.get_data('config') cfg = configs_dir + serv + "-" + get_date.return_date('config')
config_file_name = form.getvalue('config_file_name') config_file_name = form.getvalue('config_file_name')
config = form.getvalue('config') config = form.getvalue('config')
oldcfg = form.getvalue('oldconfig') oldcfg = form.getvalue('oldconfig')
@ -82,9 +89,9 @@ if serv is not None and form.getvalue('config') is not None:
except IOError: except IOError:
print("error: Cannot read imported config file") print("error: Cannot read imported config file")
stderr = funct.master_slave_upload_and_restart(serv, cfg, just_save=save, waf=1, oldcfg=oldcfg, config_file_name=config_file_name) stderr = config_mod.master_slave_upload_and_restart(serv, cfg, just_save=save, waf=1, oldcfg=oldcfg, config_file_name=config_file_name)
funct.diff_config(oldcfg, cfg) config_mod.diff_config(oldcfg, cfg)
try: try:
os.system("/bin/rm -f " + configs_dir + "*.old") os.system("/bin/rm -f " + configs_dir + "*.old")
@ -97,9 +104,9 @@ if serv is not None and form.getvalue('config') is not None:
sys.exit() sys.exit()
rendered_template = template.render( rendered_template = template.render(
h2=1, title=title, autorefresh=autorefresh, role=role, user=user, serv=serv, servers=servers_waf, h2=1, title=title, autorefresh=autorefresh, role=user_params['role'], user=user_params['user'], serv=serv, servers=servers_waf,
servers_all=servers, manage_rules=manage_rules, rules=rules, user_services=user_services, servers_all=servers, manage_rules=manage_rules, rules=rules, user_services=user_params['user_services'],
waf_rule_file=waf_rule_file, waf_rule_id=waf_rule_id, config=config_read, cfg=cfg, token=token, waf_rule_file=waf_rule_file, waf_rule_id=waf_rule_id, config=config_read, cfg=cfg, token=user_params['token'],
config_file_name=config_file_name, service=service config_file_name=config_file_name, service=service
) )
print(rendered_template) print(rendered_template)