github
/
haproxy-wi
mirror of https://github.com/Aidaho12/haproxy-wi
1
0
Fork 0
Code Issues Releases Wiki Activity

v5.3.0.0 

Changelog: https://haproxy-wi.org/changelog.py#5_3
pull/304/head
Pavel Loginov 2021-10-04 00:46:19 +06:00
parent 8fe6876c49
commit cb2ae2d21d
23 changed files with 810 additions and 284 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
app/create_db.py
View File

@ -763,8 +763,50 @@ def update_db_v_5_2_6(**kwargs):
print("Updating... DB has been updated to version 5.2.6")
def update_db_v_5_3_0(**kwargs):
groups = ''
query = Groups.select()
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
groups = query_res
for g in groups:
try:
data_source = [
{'param': 'nginx_container_name', 'value': 'nginx', 'section': 'nginx',
'desc': 'Docker container name for Nginx service',
'group': g.group_id},
{'param': 'haproxy_container_name', 'value': 'haproxy', 'section': 'haproxy',
'desc': 'Docker container name for HAProxy service',
'group': g.group_id},
]
try:
Setting.insert_many(data_source).on_conflict_ignore().execute()
except Exception as e:
if kwargs.get('silent') != 1:
if str(e) == 'columns param, group are not unique':
pass
else:
print("An error occurred:", e)
except Exception as e:
if kwargs.get('silent') != 1:
if (
str(e) == 'columns param, group are not unique' or
str(e) == '(1062, "Duplicate entry \'nginx_container_name\' for key \'param\'")' or
str(e) == 'UNIQUE constraint failed: settings.param, settings.group'
):
pass
else:
print("An error occurred:", e)
def update_ver():
query = Version.update(version='5.2.6.0')
query = Version.update(version='5.3.0.0')
try:
query.execute()
except:
@ -796,6 +838,7 @@ def update_all():
update_db_v_5_2_5_2()
update_db_v_5_2_5_3()
update_db_v_5_2_6()
update_db_v_5_3_0()
update_ver()
@ -824,6 +867,7 @@ def update_all_silent():
update_db_v_5_2_5_2(silent=1)
update_db_v_5_2_5_3(silent=1)
update_db_v_5_2_6(silent=1)
update_db_v_5_3_0(silent=1)
update_ver()

134
app/funct.py
View File

@ -162,7 +162,10 @@ def logging(server_ip, action, **kwargs):
mess = get_data('date_in_log') + " from " + ip + " user: " + login + ", group: " + user_group + ", " + \
action + " for: " + server_ip + "\n"
if kwargs.get('keep_history'):
keep_action_history(kwargs.get('service'), action, server_ip, login, ip)
try:
keep_action_history(kwargs.get('service'), action, server_ip, login, ip)
except Exception as e:
print(str(e))
else:
mess = get_data('date_in_log') + " " + action + " from " + ip + "\n"
log = open(log_path + "/roxy-wi-"+get_data('logs')+".log", "a")
@ -187,10 +190,12 @@ def logging(server_ip, action, **kwargs):
def keep_action_history(service: str, action: str, server_ip: str, login: str, user_ip: str):
import sql
server_id = sql.select_server_id_by_ip(server_ip=server_ip)
user_id = sql.get_user_id_by_username(login)
sql.insert_action_history(service, action, server_id, user_id, user_ip)
try:
server_id = sql.select_server_id_by_ip(server_ip=server_ip)
user_id = sql.get_user_id_by_username(login)
sql.insert_action_history(service, action, server_id, user_id, user_ip)
except Exception as e:
print('Cannot save a history ' + srt(e))
def telegram_send_mess(mess, **kwargs):
@ -645,8 +650,11 @@ def install_haproxy(server_ip, **kwargs):
stats_user = sql.get_setting('stats_user')
stats_password = sql.get_setting('stats_password')
proxy = sql.get_setting('proxy')
haproxy_dir = sql.get_setting('haproxy_dir')
container_name = sql.get_setting('haproxy_container_name')
haproxy_ver = kwargs.get('hapver')
server_for_installing = kwargs.get('server')
DOCKER='1'
ssh_port = 22
ssh_enable, ssh_user_name, ssh_user_password, ssh_key_name = return_ssh_keys_path(server_ip)
@ -670,8 +678,8 @@ def install_haproxy(server_ip, **kwargs):
syn_flood_protect = '1' if kwargs.get('syn_flood') == "1" else ''
commands = ["chmod +x " + script + " && ./" + script + " PROXY=" + proxy_serv +
" SOCK_PORT=" + hap_sock_p + " STAT_PORT=" + stats_port + " STAT_FILE="+server_state_file +
" SSH_PORT=" + ssh_port + " STATS_USER=" + stats_user +
" SOCK_PORT=" + hap_sock_p + " STAT_PORT=" + stats_port + " STAT_FILE="+server_state_file + " DOCKER=" + DOCKER +
" SSH_PORT=" + ssh_port + " STATS_USER=" + stats_user + " CONT_NAME=" + container_name + " HAP_DIR=" + haproxy_dir +
" STATS_PASS='" + stats_password + "' HAPVER=" + haproxy_ver + " SYN_FLOOD=" + syn_flood_protect +
" HOST=" + server_ip + " USER=" + ssh_user_name + " PASS='" + ssh_user_password + "' KEY=" + ssh_key_name]
@ -829,13 +837,13 @@ def upload(server_ip, path, file, **kwargs):
error = str(e.args)
logging('localhost', error, haproxywi=1)
print('Cannot upload '+file+' to '+full_path+' to server: '+server_ip+' error: '+ error)
return str(error)
return error
def upload_and_restart(server_ip, cfg, **kwargs):
import sql
error = ""
error = ''
container_name = ''
if kwargs.get("nginx"):
service = 'nginx'
@ -874,27 +882,45 @@ def upload_and_restart(server_ip, cfg, **kwargs):
else:
commands = ["sudo mv -f " + tmp_file + " /etc/keepalived/keepalived.conf && sudo systemctl restart keepalived"]
elif service == "nginx":
server_id = sql.select_server_id_by_ip(server_ip=server_ip)
is_docker = sql.select_service_setting(server_id, 'nginx', 'dockerized')
if is_docker == '1':
container_name = sql.get_setting('nginx_container_name')
check_config = "sudo docker exec -it exec " + container_name + " nginx -t -q "
else:
check_config = "sudo nginx -t -q -p " + tmp_file
check_and_move = "sudo mv -f " + tmp_file + " " + config_path + " && sudo nginx -t -q"
if action == "test":
commands = [check_config + " && sudo rm -f " + tmp_file]
elif action == "save":
commands = [check_and_move]
elif action == "reload":
commands = [check_and_move + " && sudo systemctl reload nginx"]
if is_docker == '1':
commands = [ check_and_move + " && sudo docker kill -s HUP "+container_name ]
else:
commands = [ check_and_move + " && sudo systemctl reload nginx" ]
else:
commands = [check_and_move + " && sudo systemctl restart nginx"]
if is_docker == '1':
commands = [check_and_move + " && sudo docker restart " + container_name]
else:
commands = [check_and_move + " && sudo systemctl restart nginx"]
if sql.return_firewall(server_ip):
commands[0] += open_port_firewalld(cfg, server_ip=server_ip, service='nginx')
else:
server_id = sql.select_server_id_by_ip(server_ip=server_ip)
haproxy_enterprise = sql.select_service_setting(server_id, 'haproxy', 'haproxy_enterprise')
is_docker = sql.select_service_setting(server_id, 'haproxy', 'dockerized')
haproxy_service_name = "haproxy"
if haproxy_enterprise == '1':
haproxy_service_name = "hapee-2.0-lb"
if is_docker == '1':
container_name = sql.get_setting('haproxy_container_name')
check_config = "sudo docker exec -it " + container_name + " haproxy -q -c -f " + tmp_file
else:
haproxy_service_name = "haproxy"
haproxy_enterprise = sql.select_service_setting(server_id, 'haproxy', 'haproxy_enterprise')
check_config = "sudo " + haproxy_service_name + " -q -c -f " + tmp_file
if haproxy_enterprise == '1':
haproxy_service_name = "hapee-2.0-lb"
check_config = "sudo " + haproxy_service_name + " haproxy -q -c -f " + tmp_file
move_config = " && sudo mv -f " + tmp_file + " " + config_path
if action == "test":
@ -902,38 +928,54 @@ def upload_and_restart(server_ip, cfg, **kwargs):
elif action == "save":
commands = [check_config + move_config]
elif action == "reload":
commands = [check_config + move_config + " && sudo systemctl reload "+haproxy_service_name+""]
if is_docker == '1':
commands = [check_config + move_config + " && sudo docker kill -s HUP "+container_name ]
else:
commands = [check_config + move_config + " && sudo systemctl reload "+haproxy_service_name ]
else:
commands = [check_config + move_config + " && sudo systemctl restart "+haproxy_service_name+""]
if is_docker == '1':
commands = [check_config + move_config + " && sudo docker restart "+container_name ]
else:
commands = [check_config + move_config + " && sudo systemctl restart "+haproxy_service_name ]
if sql.return_firewall(server_ip):
commands[0] += open_port_firewalld(cfg, server_ip=server_ip)
error += str(upload(server_ip, tmp_file, cfg, dir='fullpath'))
try:
error += ssh_command(server_ip, commands)
if action != 'test':
logging(server_ip, 'A new config file has been uploaded', login=1, keep_history=1,
service=service)
if action == 'reload' or action == 'restart':
logging(server_ip, 'Service has been ' + action + 'ed', login=1, keep_history=1,
service=service)
upload(server_ip, tmp_file, cfg, dir='fullpath')
try:
if action != 'test':
logging(server_ip, 'A new config file has been uploaded', login=1, keep_history=1,
service=service)
except Exception as e:
logging('localhost', str(e), haproxywi=1)
except Exception as e:
error += e
if error:
logging('localhost', error, haproxywi=1)
logging('localhost', str(e), haproxywi=1)
return error
return error
try:
error = ssh_command(server_ip, commands)
try:
if action == 'reload' or action == 'restart':
logging(server_ip, 'Service has been ' + action + 'ed', login=1, keep_history=1,
service=service)
except Exception as e:
logging('localhost', str(e), haproxywi=1)
except Exception as e:
logging('localhost', str(e), haproxywi=1)
return e
if error.strip() != 'haproxy' and error.strip() != 'nginx':
return error.strip()
def master_slave_upload_and_restart(server_ip, cfg, just_save, **kwargs):
import sql
masters = sql.is_master(server_ip)
error = ""
for master in masters:
if master[0] is not None:
error += upload_and_restart(master[0], cfg, just_save=just_save, nginx=kwargs.get('nginx'))
error = upload_and_restart(master[0], cfg, just_save=just_save, nginx=kwargs.get('nginx'))
error += upload_and_restart(server_ip, cfg, just_save=just_save, nginx=kwargs.get('nginx'))
error = upload_and_restart(server_ip, cfg, just_save=just_save, nginx=kwargs.get('nginx'))
return error
@ -986,7 +1028,29 @@ def open_port_firewalld(cfg, server_ip, **kwargs):
def check_haproxy_config(server_ip):
import sql
commands = ["haproxy -q -c -f %s" % sql.get_setting('haproxy_config_path')]
server_id = sql.select_server_id_by_ip(server_ip=server_ip)
is_docker = sql.select_service_setting(server_id, 'haproxy', 'dockerized')
config_path = sql.get_setting('haproxy_config_path')
if is_docker == '1':
container_name = sql.get_setting('haproxy_container_name')
commands = [ "sudo docker exec -it " + container_name + " haproxy -q -c -f " + config_path ]
else:
commands = ["haproxy -q -c -f %s" % config_path]
ssh = ssh_connect(server_ip)
for command in commands:
stdin, stdout, stderr = ssh.exec_command(command, get_pty=True)
if not stderr.read():
return True
else:
return False
ssh.close()
def check_nginx_config(server_ip):
import sql
commands = [ "nginx -q -t -p {}".format(sql.get_setting('nginx_dir')) ]
ssh = ssh_connect(server_ip)
for command in commands:
stdin, stdout, stderr = ssh.exec_command(command, get_pty=True)

12
app/hapservers.py
View File

@ -32,6 +32,10 @@ if service == 'nginx':
if funct.check_is_server_in_group(serv):
servers = sql.select_servers(server=serv)
autorefresh = 1
server_id = sql.select_server_id_by_ip(serv)
service_settings = sql.select_docker_service_settings(server_id, service)
else:
service_settings = sql.select_docker_services_settings(service)
elif service == 'keepalived':
if funct.check_login(service=3):
title = 'Keepalived servers overview'
@ -41,6 +45,10 @@ elif service == 'keepalived':
if funct.check_is_server_in_group(serv):
servers = sql.select_servers(server=serv)
autorefresh = 1
server_id = sql.select_server_id_by_ip(serv)
service_settings = sql.select_docker_service_settings(server_id, service)
else:
service_settings = sql.select_docker_services_settings(service)
else:
if funct.check_login(service=1):
title = "HAProxy servers overview"
@ -49,8 +57,11 @@ else:
if funct.check_is_server_in_group(serv):
servers = sql.select_servers(server=serv)
autorefresh = 1
server_id = sql.select_server_id_by_ip(serv)
service_settings = sql.select_docker_service_settings(server_id, service)
else:
servers = sql.get_dick_permit(virt=1, haproxy=1)
service_settings = sql.select_docker_services_settings(service)
services_name = {'roxy-wi-checker': 'Master backends checker service',
'roxy-wi-keep_alive': 'Auto start service',
@ -155,5 +166,6 @@ template = template.render(h2=1,
service=service,
services=services,
user_services=user_services,
service_settings=service_settings,
token=token)
print(template)

65
app/options.py
View File

@ -405,18 +405,21 @@ if form.getvalue('showif'):
if form.getvalue('action_hap') is not None and serv is not None:
action = form.getvalue('action_hap')
haproxy_service_name = "haproxy"
if funct.check_haproxy_config(serv):
servers = sql.select_servers(server=serv)
for server in servers:
server_id = server[0]
haproxy_enterprise = sql.select_service_setting(server_id, 'haproxy', 'haproxy_enterprise')
if haproxy_enterprise == '1':
haproxy_service_name = "hapee-2.0-lb"
else:
haproxy_service_name = "haproxy"
server_id = sql.select_server_id_by_ip(server_ip=serv)
is_docker = sql.select_service_setting(server_id, 'haproxy', 'dockerized')
if is_docker == '1':
container_name = sql.get_setting('haproxy_container_name')
commands = ["sudo docker %s %s" % (action, container_name)]
else:
haproxy_enterprise = sql.select_service_setting(server_id, 'haproxy', 'haproxy_enterprise')
if haproxy_enterprise == '1':
haproxy_service_name = "hapee-2.0-lb"
commands = ["sudo systemctl %s %s" % (action, haproxy_service_name)]
commands = ["sudo systemctl %s %s" % (action, haproxy_service_name)]
funct.ssh_command(serv, commands)
funct.logging(serv, 'Service has been ' + action + 'ed', haproxywi=1, login=1, keep_history=1, service='haproxy')
print("success: HAProxy has been %s" % action)
@ -426,10 +429,19 @@ if form.getvalue('action_hap') is not None and serv is not None:
if form.getvalue('action_nginx') is not None and serv is not None:
action = form.getvalue('action_nginx')
commands = ["sudo systemctl %s nginx" % action]
funct.ssh_command(serv, commands)
funct.logging(serv, 'Service has been ' + action + 'ed', haproxywi=1, login=1, keep_history=1, service='nginx')
print("success: Nginx has been %s" % action)
if funct.check_nginx_config(serv):
server_id = sql.select_server_id_by_ip(server_ip=serv)
is_docker = sql.select_service_setting(server_id, 'nginx', 'dockerized')
if is_docker == '1':
container_name = sql.get_setting('nginx_container_name')
commands = ["sudo docker %s %s" % (action, container_name)]
else:
commands = ["sudo systemctl %s nginx" % action]
funct.ssh_command(serv, commands)
funct.logging(serv, 'Service has been ' + action + 'ed', haproxywi=1, login=1, keep_history=1, service='nginx')
print("success: Nginx has been %s" % action)
else:
print("error: Bad config, check please")
if form.getvalue('action_keepalived') is not None and serv is not None:
action = form.getvalue('action_keepalived')
@ -3772,7 +3784,34 @@ if form.getvalue('serverSettingsSave') is not None:
server_id = form.getvalue('serverSettingsSave')
service = form.getvalue('serverSettingsService')
haproxy_enterprise = form.getvalue('serverSettingsEnterprise')
haproxy_dockerized = form.getvalue('serverSettingshaproxy_dockerized')
nginx_dockerized = form.getvalue('serverSettingsnginx_dockerized')
server_ip = sql.select_server_ip_by_id(server_id)
if service == 'haproxy':
if sql.insert_or_update_service_setting(server_id, service, 'haproxy_enterprise', haproxy_enterprise):
print('Ok')
if haproxy_enterprise == '1':
funct.logging(server_ip, 'Service has been flagged as an Enterprise version', haproxywi=1, login=1,
keep_history=1, service=service)
else:
funct.logging(server_ip, 'Service has been flagged as a community version', haproxywi=1, login=1,
keep_history=1, service=service)
if sql.insert_or_update_service_setting(server_id, service, 'dockerized', haproxy_dockerized):
print('Ok')
if haproxy_dockerized == '1':
funct.logging(server_ip, 'Service has been flagged as a dockerized', haproxywi=1, login=1,
keep_history=1, service=service)
else:
funct.logging(server_ip, 'Service has been flagged as a system service', haproxywi=1, login=1,
keep_history=1, service=service)
if service == 'nginx':
if sql.insert_or_update_service_setting(server_id, service, 'dockerized', nginx_dockerized):
print('Ok')
if nginx_dockerized:
funct.logging(server_ip, 'Service has been flagged as a dockerized', haproxywi=1, login=1,
keep_history=1, service=service)
else:
funct.logging(server_ip, 'Service has been flagged as a system service', haproxywi=1, login=1,
keep_history=1, service=service)

38
app/scripts/ansible/roles/docker/defaults/main.yml Normal file
View File

@ -0,0 +1,38 @@
---
# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
docker_edition: 'ce'
docker_package: "docker-{{ docker_edition }}"
docker_package_state: present
# Service options.
docker_service_state: started
docker_service_enabled: true
docker_restart_handler_state: restarted
# Docker Compose options.
docker_install_compose: true
docker_compose_version: "1.26.0"
docker_compose_url: https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64
docker_compose_path: /usr/local/bin/docker-compose
# Docker repo URL.
docker_repo_url: https://download.docker.com/linux
# Used only for Debian/Ubuntu. Switch 'stable' to 'nightly' if needed.
docker_apt_release_channel: stable
docker_apt_arch: amd64
docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
docker_apt_ignore_key_error: true
docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg"
# Used only for RedHat/CentOS/Fedora.
docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"
docker_yum_repo_enable_nightly: '0'
docker_yum_repo_enable_test: '0'
docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg"
# A list of users who will be added to the docker group.
docker_users: [ "{{ ansible_user }}" ]
# Docker daemon options as a dict
docker_daemon_options: {}

4
app/scripts/ansible/roles/docker/handlers/main.yml Normal file
View File

@ -0,0 +1,4 @@
---
- name: restart docker
service: "name=docker state={{ docker_restart_handler_state }}"
ignore_errors: "{{ ansible_check_mode }}"

60
app/scripts/ansible/roles/docker/tasks/main.yml Normal file
View File

@ -0,0 +1,60 @@
---
- include_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include_tasks: setup-Debian.yml
when: ansible_os_family == 'Debian'
- name: Install Docker.
package:
name: "{{ docker_package }}"
state: "{{ docker_package_state }}"
notify: restart docker
ignore_errors: "{{ ansible_check_mode }}"
- name: Ensure /etc/docker/ directory exists.
file:
path: /etc/docker
state: directory
mode: 0755
when: docker_daemon_options.keys() | length > 0
- name: Configure Docker daemon options.
copy:
content: "{{ docker_daemon_options | to_nice_json }}"
dest: /etc/docker/daemon.json
mode: 0644
when: docker_daemon_options.keys() | length > 0
notify: restart docker
- name: Ensure Docker is started and enabled at boot.
service:
name: docker
state: "{{ docker_service_state }}"
enabled: "{{ docker_service_enabled }}"
ignore_errors: "{{ ansible_check_mode }}"
- name: Ensure handlers are notified now to avoid firewall conflicts.
meta: flush_handlers
- include_tasks: docker-users.yml
when: docker_users | length > 0
- name: Install pip3.
package:
name: python3-pip
- name: Update pip3.
pip:
name: pip
extra_args: --upgrade
vars:
ansible_python_interpreter: /usr/bin/python3
- name: Install docker pips.
pip:
name:
- docker
- docker-api
vars:
ansible_python_interpreter: /usr/bin/python3

44
app/scripts/ansible/roles/docker/tasks/setup-Debian.yml Normal file
View File

@ -0,0 +1,44 @@
---
- name: Ensure dependencies are installed.
apt:
name:
- apt-transport-https
- ca-certificates
state: present
- name: Ensure additional dependencies are installed (on Ubuntu < 20.04 and any other systems).
apt:
name: gnupg2
state: present
when: ansible_distribution != 'Ubuntu' or ansible_distribution_version is version('20.04', '<')
- name: Ensure additional dependencies are installed (on Ubuntu >= 20.04).
apt:
name: gnupg
state: present
when: ansible_distribution == 'Ubuntu' or ansible_distribution_version is version('20.04', '>=')
- name: Add Docker apt key.
apt_key:
url: "{{ docker_apt_gpg_key }}"
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
state: present
register: add_repository_key
ignore_errors: "{{ docker_apt_ignore_key_error }}"
- name: Ensure curl is present (on older systems without SNI).
package: name=curl state=present
when: add_repository_key is failed
- name: Add Docker apt key (alternative for older systems without SNI).
shell: >
curl -sSL {{ docker_apt_gpg_key }} | sudo apt-key add -
args:
warn: false
when: add_repository_key is failed
- name: Add Docker repository.
apt_repository:
repo: "{{ docker_apt_repository }}"
state: present
update_cache: true

42
app/scripts/ansible/roles/docker/tasks/setup-RedHat.yml Normal file
View File

@ -0,0 +1,42 @@
---
- name: Add Docker GPG key.
rpm_key:
key: "{{ docker_yum_gpg_key }}"
state: present
- name: Add Docker repository.
get_url:
url: "{{ docker_yum_repo_url }}"
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
owner: root
group: root
mode: 0644
- name: Configure Docker Nightly repo.
ini_file:
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
section: 'docker-{{ docker_edition }}-nightly'
option: enabled
value: '{{ docker_yum_repo_enable_nightly }}'
mode: 0644
- name: Configure Docker Test repo.
ini_file:
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
section: 'docker-{{ docker_edition }}-test'
option: enabled
value: '{{ docker_yum_repo_enable_test }}'
mode: 0644
- name: Configure containerd on RHEL 8.
block:
- name: Ensure container-selinux is installed.
package:
name: container-selinux
state: present
- name: Ensure containerd.io is installed.
package:
name: containerd.io
state: present
when: ansible_distribution_major_version | int == 8

1
app/scripts/ansible/roles/haproxy-docker/defaults/main.yml Normal file
View File

@ -0,0 +1 @@
haproxy_version: "{{HAPVER.split('-')[0]}}"

48
app/scripts/ansible/roles/haproxy-docker/tasks/main.yml Normal file
View File

@ -0,0 +1,48 @@
---
- name: Ensuring config directories exist.
file:
path: "{{ HAP_DIR }}"
state: "directory"
owner: "{{ansible_user}}"
group: "{{ansible_user}}"
mode: "0770"
become: true
ignore_errors: yes
- name: Copying over haproxy.cfg.
template:
src: haproxy.cfg.j2
dest: "{{ HAP_DIR }}/haproxy.cfg"
mode: "0666"
owner: "{{ansible_user}}"
group: "{{ansible_user}}"
force: no
become: true
ignore_errors: yes
- name: Setting sysctl values.
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
sysctl_set: yes
become: true
with_items:
- { name: "net.ipv4.ip_nonlocal_bind", value: 1}
- { name: "net.ipv6.ip_nonlocal_bind", value: 1}
- { name: "net.unix.max_dgram_qlen", value: 128}
- name: Create HAProxy.
docker_container:
name: "{{ CONT_NAME }}"
image: "haproxytech/haproxy-alpine:{{haproxy_version}}"
recreate: yes
network_mode: host
volumes:
- "{{ HAP_DIR }}:/usr/local/etc/haproxy:rw"
- "/tmp:/tmp:ro"
vars:
ansible_python_interpreter: /usr/bin/python3
- name: Add syn_flood tasks.
include: ../../haproxy/tasks/syn_flood.yml
when: (SYN_FLOOD is defined) and (SYN_FLOOD|length > 0)

29
app/scripts/ansible/roles/haproxy.yml
View File

@ -1,6 +1,31 @@
- hosts: "{{ variable_host }}"
---
- name: Install HAProxy as a service
hosts: "{{ variable_host }}"
become: yes
become_method: sudo
gather_facts: yes
roles:
- { role: haproxy }
- role: haproxy
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
tags:
- system
- name: Install HAProxy as a Docker
hosts: "{{ variable_host }}"
become: yes
become_method: sudo
gather_facts: yes
roles:
- role: docker
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
- role: haproxy-docker
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
tags:
- docker

122
app/scripts/ansible/roles/haproxy/tasks/configure.yml Normal file
View File

@ -0,0 +1,122 @@
- name: Change wrong HAProxy service file
template:
src: haproxy.service.j2
dest: /usr/lib/systemd/system/haproxy.service
mode: 0644
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and haproxy_from_wi is defined
- name: test to see if selinux is running
command: getenforce
register: sestatus
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS')
changed_when: false
ignore_errors: yes
debugger: never
- name: Disble SELINUX in config
template:
src: selinux.j2
dest: /etc/selinux/config
ignore_errors: yes
when:
- sestatus.stdout is defined
- '"Enforcing" in sestatus.stdout'
- name: Disble SELINUX in env
shell: setenforce 0 &> /dev/null
ignore_errors: yes
debugger: never
when:
- sestatus.stdout is defined
- '"Enforcing" in sestatus.stdout'
- name: Installing HAProxy conf for rsyslog
template:
src: haproxy_rsyslog.conf.j2
dest: /etc/rsyslog.d/haproxy.conf
ignore_errors: yes
- name: Installing rsyslog config
template:
src: rsyslog.conf
dest: /etc/rsyslog.conf
ignore_errors: yes
notify: restart rsyslog
- name: Installing HAProxy conf for logrotate
template:
src: logrotate.conf.j2
dest: /etc/logrotate.d/haproxy.conf
ignore_errors: yes
- name: Get HAProxy version.
command: haproxy -v
register: haproxy_version_result
changed_when: false
check_mode: false
- name: Set HAProxy version.
set_fact:
haproxy_version: "{{ '1.5' if '1.5.' in haproxy_version_result.stdout else '1.6' }}"
- name: Open stat port for firewalld
firewalld:
port: "{{ item }}/tcp"
state: enabled
permanent: yes
immediate: yes
ignore_errors: yes
no_log: True
debugger: never
when:
- '"firewalld" in ansible_facts.packages'
- ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'
- ansible_facts.services["firewalld.service"]['state'] == "running"
with_items: [ "{{ STAT_PORT }}", "{{ SOCK_PORT }}" ]
- name: Open stat port for iptables
iptables:
chain: INPUT
destination_port: "{{ item }}"
jump: ACCEPT
protocol: tcp
ignore_errors: yes
with_items: [ "{{ STAT_PORT }}", "{{ SOCK_PORT }}" ]
- name: Copy HAProxy configuration in place.
template:
src: haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
mode: 0644
validate: haproxy -f %s -c -q
force: no
notify: restart haproxy
- name: Creates HAProxy stats directory
file:
path: /var/lib/haproxy
owner: haproxy
group: haproxy
state: directory
ignore_errors: yes
- name: Enable and start service HAProxy
systemd:
name: haproxy
daemon_reload: yes
state: started
enabled: yes
force: no
ignore_errors: yes

84
app/scripts/ansible/roles/haproxy/tasks/installation.yml Normal file
View File

@ -0,0 +1,84 @@
- name: install EPEL Repository
yum:
name: epel-release
state: latest
disable_gpg_check: yes
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0
ignore_errors: yes
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
- name: install HAProxy {{HAPVER}} on EL{{ansible_facts['distribution_major_version']}}
yum:
name:
- http://repo.roxy-wi.org/haproxy-{{HAPVER}}.el{{ansible_facts['distribution_major_version']}}.x86_64.rpm
- socat
- rsyslog
state: present
disable_gpg_check: yes
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0
ignore_errors: yes
register: install_result
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
- name: Try to install another HAProxy {{HAPVER}} on EL{{ansible_facts['distribution_major_version']}}
yum:
name:
- http://repo1.roxy-wi.org/haproxy-{{HAPVER}}.el{{ansible_facts['distribution_major_version']}}.x86_64.rpm
- socat
- rsyslog
- bind-utils
state: present
register: install_result1
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and ("'timed out' in install_result.stderr")
ignore_errors: yes
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
- name: set_fact from wi`
set_fact:
haproxy_from_wi: "yes"
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0
- name: install the latest version of HAProxy
yum:
name:
- haproxy
- socat
- rsyslog
state: latest
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and ("'FAILED' in install_result1.stderr")
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
- name: Install HAProxy
apt:
name:
- haproxy
- socat
- rsyslog
state: present
when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu'
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
- name: Enable and start service HAProxy
systemd:
name: haproxy
daemon_reload: yes
state: started
enabled: yes
force: no
ignore_errors: yes
when: "'haproxy' in ansible_facts.packages"

221
app/scripts/ansible/roles/haproxy/tasks/main.yml
View File

@ -2,233 +2,18 @@
- name: Set SSH port
set_fact:
ansible_port: "{{SSH_PORT}}"
- name: check if HAProxy is installed
package_facts:
manager: "auto"
- name: populate service facts
service_facts:
- name: install EPEL Repository
yum:
name: epel-release
state: latest
disable_gpg_check: yes
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0
ignore_errors: yes
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
- name: install HAProxy {{HAPVER}} on EL{{ansible_facts['distribution_major_version']}}
yum:
name:
- http://repo.roxy-wi.org/haproxy-{{HAPVER}}.el{{ansible_facts['distribution_major_version']}}.x86_64.rpm
- socat
- rsyslog
state: present
disable_gpg_check: yes
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0
ignore_errors: yes
register: install_result
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
- name: Try to install another HAProxy {{HAPVER}} on EL{{ansible_facts['distribution_major_version']}}
yum:
name:
- http://repo1.roxy-wi.org/haproxy-{{HAPVER}}.el{{ansible_facts['distribution_major_version']}}.x86_64.rpm
- socat
- rsyslog
- bind-utils
state: present
register: install_result1
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and ("'timed out' in install_result.stderr")
ignore_errors: yes
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
- name: set_fact from wi`
set_fact:
haproxy_from_wi: "yes"
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0
- name: install the latest version of HAProxy
yum:
name:
- haproxy
- socat
- rsyslog
state: latest
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and ("'FAILED' in install_result1.stderr")
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
- include: installation.yml
- name: Install HAProxy
apt:
name:
- haproxy
- socat
- rsyslog
state: present
when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu'
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
- name: Change wrong HAProxy service file
template:
src: haproxy.service.j2
dest: /usr/lib/systemd/system/haproxy.service
mode: 0644
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and haproxy_from_wi is defined
- include: configure.yml
- name: test to see if selinux is running
command: getenforce
register: sestatus
when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS')
changed_when: false
ignore_errors: yes
debugger: never
- name: Disble SELINUX in config
template:
src: selinux.j2
dest: /etc/selinux/config
ignore_errors: yes
when:
- sestatus.stdout is defined
- '"Enforcing" in sestatus.stdout'
- name: Disble SELINUX in env
shell: setenforce 0 &> /dev/null
ignore_errors: yes
debugger: never
when:
- sestatus.stdout is defined
- '"Enforcing" in sestatus.stdout'
- name: Enable and start service HAProxy
systemd:
name: haproxy
daemon_reload: yes
state: started
enabled: yes
force: no
ignore_errors: yes
when: "'haproxy' in ansible_facts.packages"
- name: Exiting
meta: end_play
when: "'haproxy' in ansible_facts.packages"
- name: Installing HAProxy conf for rsyslog
template:
src: haproxy_rsyslog.conf.j2
dest: /etc/rsyslog.d/haproxy.conf
ignore_errors: yes
- name: Installing rsyslog config
template:
src: rsyslog.conf
dest: /etc/rsyslog.conf
ignore_errors: yes
notify: restart rsyslog
- name: Installing HAProxy conf for logrotate
template:
src: logrotate.conf.j2
dest: /etc/logrotate.d/haproxy.conf
ignore_errors: yes
- name: Get HAProxy version.
command: haproxy -v
register: haproxy_version_result
changed_when: false
check_mode: false
- name: Set HAProxy version.
set_fact:
haproxy_version: "{{ '1.5' if '1.5.' in haproxy_version_result.stdout else '1.6' }}"
- name: Open stat port for firewalld
firewalld:
port: "{{ item }}/tcp"
state: enabled
permanent: yes
immediate: yes
ignore_errors: yes
no_log: True
debugger: never
when:
- '"firewalld" in ansible_facts.packages'
- ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'
- ansible_facts.services["firewalld.service"]['state'] == "running"
with_items: [ "{{ STAT_PORT }}", "{{ SOCK_PORT }}" ]
- name: Open stat port for iptables
iptables:
chain: INPUT
destination_port: "{{ item }}"
jump: ACCEPT
protocol: tcp
ignore_errors: yes
with_items: [ "{{ STAT_PORT }}", "{{ SOCK_PORT }}" ]
- name: Copy HAProxy configuration in place.
template:
src: haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
mode: 0644
validate: haproxy -f %s -c -q
notify: restart haproxy
- name: Creates HAProxy stats directory
file:
path: /var/lib/haproxy
owner: haproxy
group: haproxy
state: directory
ignore_errors: yes
- name: Enable and start service HAProxy
systemd:
name: haproxy
daemon_reload: yes
state: started
enabled: yes
force: no
ignore_errors: yes
- name: Add syn_flood tasks
include: syn_flood.yml
when: (SYN_FLOOD is defined) and (SYN_FLOOD|length > 0)

29
app/scripts/ansible/roles/nginx.yml
View File

@ -58,6 +58,7 @@
src: /var/www/haproxy-wi/app/scripts/ansible/roles/default.conf.j2
dest: "{{CONFIG_PATH}}"
mode: 0644
force: no
when: "'nginx' not in ansible_facts.packages"
ignore_errors: yes
@ -117,7 +118,31 @@
when:
- sestatus.stdout is defined
- '"Enforcing" in sestatus.stdout'
- name: Install Nginx as a Docker
hosts: "{{ variable_host }}"
become: yes
become_method: sudo
gather_facts: yes
roles:
- role: docker
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
tasks:
- name: Create Nginx.
docker_container:
name: "{{ CONT_NAME }}"
image: "haproxytech/haproxy-alpine:{{haproxy_version}}"
recreate: yes
network_mode: host
volumes:
- "/etc/nginx/:/etc/nginx/:rw"
- "/tmp:/tmp:ro"
vars:
ansible_python_interpreter: /usr/bin/python3
tags:
- docker
- hosts: "{{ variable_host }}"
become: yes
@ -131,4 +156,6 @@
environment:
http_proxy: "{{PROXY}}"
https_proxy: "{{PROXY}}"
tags:
- system

34
app/sql.py
View File

@ -460,6 +460,15 @@ def select_server_id_by_ip(server_ip):
return server_id
def select_server_ip_by_id(server_id):
try:
server_ip = Server.get(Server.server_id == server_id).ip
except Exception as e:
return out_error(e)
else:
return server_ip
def select_servers(**kwargs):
cursor = conn.cursor()
sql = """select * from servers where enable = '1' ORDER BY groups """
@ -2793,6 +2802,31 @@ def select_service_settings(server_id: int, service: str) -> str:
out_error(e)
else:
return query_res
def select_docker_service_settings(server_id: int, service: str) -> str:
query = ServiceSetting.select().where(
(ServiceSetting.server_id == server_id) &
(ServiceSetting.service == service) &
(ServiceSetting.setting == 'dockerized'))
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_docker_services_settings(service: str) -> str:
query = ServiceSetting.select().where(
(ServiceSetting.service == service) &
(ServiceSetting.setting == 'dockerized'))
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_service_setting(server_id: int, service: str, setting: str) -> str:

60
app/templates/ajax/show_service_settings.html
View File

@ -3,28 +3,76 @@
{% if service == 'haproxy' %}
{% if settings %}
{% for s in settings %}
{% if s.haproxy_enterprise != '' %}
{{s.dockerized}}
{% if s.haproxy_enterprise != '' and s.setting == 'haproxy_enterprise' %}
<tr>
<td class="padding20 help_cursor" style="width: 70%" title="If you use enterprise HAProxy, check this. The name of the service will be changed as it is required for the commercial version
">HAProxy Enterprise</td>
<td class="padding20 help_cursor" style="width: 70%"
title="If you use enterprise HAProxy, check this. The name of the service will be changed as it is required for the commercial version">HAProxy Enterprise</td>
<td>
{% if s.value == '1' and s.setting == 'haproxy_enterprise' %}
{{ checkbox('haproxy_enterprise', checked='checked', title='This server uses HAProxy enterprise') }}
{% else %}
{% elif s.setting == 'haproxy_enterprise' %}
{{ checkbox('haproxy_enterprise', title='This server uses HAProxy community') }}
{% endif %}
</td>
</tr>
{% endif %}
{% if s.dockerized != '' and s.setting == 'dockerized' %}
<tr>
<td class="padding20 help_cursor" style="width: 70%"
title="If you use HAProxy inside Docker, check this. Roxy-WI is starting managing it as Docker container">HAProxy dockerized</td>
<td>
{% if s.value == '1' and s.setting == 'dockerized' %}
{{ checkbox('haproxy_dockerized', checked='checked', title='This service is running inside a Docker container') }}
{% elif s.setting == 'dockerized' %}
{{ checkbox('haproxy_dockerized', title='This server will be used as Docker container') }}
{% endif %}
</td>
</tr>
{% endif %}
{% endfor %}
{% else %}
<tr>
<td class="padding20 help_cursor" style="width: 70%" title="If you use enterprise HAProxy, check this. The name of the service will be changed as it is required for the commercial version
">HAProxy Enterprise</td>
<td class="padding20 help_cursor" style="width: 70%"
title="If you use enterprise HAProxy, check this. The name of the service will be changed as it is required for the commercial version">HAProxy Enterprise</td>
<td>
{{ checkbox('haproxy_enterprise', title='This server uses HAProxy community') }}
</td>
</tr>
<tr>
<td class="padding20 help_cursor" style="width: 70%"
title="If you use HAProxy inside Docker, check this. Roxy-WI is starting managing it as Docker container">HAProxy dockerized</td>
<td>
{{ checkbox('haproxy_dockerized', title='This server will be used as Docker container') }}
</td>
</tr>
{% endif %}
{% endif %}
{% if service == 'nginx' %}
{% if settings %}
{% for s in settings %}
{% if s.dockerized != '' and s.setting == 'dockerized' %}
<tr>
<td class="padding20 help_cursor" style="width: 70%"
title="If you use Nginx inside Docker, check this. Roxy-WI is starting managing it as Docker container">Nginx dockerized</td>
<td>
{% if s.value == '1' and s.setting == 'dockerized' %}
{{ checkbox('nginx_dockerized', checked='checked', title='This service is running inside a Docker container') }}
{% else %}
{{ checkbox('nginx_dockerized', title='This server will be used as Docker container') }}
{% endif %}
</td>
</tr>
{% endif %}
{% endfor %}
{% else %}
<tr>
<td class="padding20 help_cursor" style="width: 70%"
title="If you use Nginx inside Docker, check this. Roxy-WI is starting managing it as Docker container">Nginx dockerized</td>
<td>
{{ checkbox('nginx_dockerized', title='This server will be used as Docker container') }}
</td>
</tr>
{% endif %}
{% endif %}
</table>

2
app/templates/config.html
View File

@ -55,7 +55,7 @@
</div>
<p>
<center>
{% if service == 'haproxy' %}
{% if service != 'keepalived' %}
<button type="submit" value="test" name="save" class="btn btn-default" title="Check config without saving the config">Check config</button>
{% endif %}
<button type="submit" value="save" name="save" class="btn btn-default" title="Save config without reloading the service">Save</button>

6
app/templates/configver.html
View File

@ -9,7 +9,7 @@
</form>
</p>
{% if not aftersave %}
{% if stderr or error %}
{% if stderr %}
{% include 'include/errors.html' %}
{% endif %}
{% endif %}
@ -35,8 +35,8 @@
</center>
{% endif %}
{% if aftersave %}
<div class="alert alert-info">The following version of the configuration file has been uploaded and saved as: {{ configver }} </div>
{% if stderr or error %}
<div class="alert alert-info alert-two-row">The following version of the configuration file has been uploaded and saved as: {{ configver }} </div>
{% if stderr %}
{% include 'include/errors.html' %}
{% else %}
<div class="alert alert-success">Config is ok</div>

9
app/templates/hapservers.html
View File

@ -153,6 +153,11 @@
{% if s.8.0.20 == 1 %}
<span class="lock" title="This server is inaccessible for editing by everyone except the admin role"></span>
{% endif %}
{% for set in service_settings %}
{% if set.server_id == s.0 and set.setting == 'dockerized' and set.value == '1' %}
<span class="box" title="This server is dockerized"></span>
{% endif %}
{% endfor %}
{% if role <= 2 %}
<span class="server-action">
<a id="start-{{ s.2 }}" class="start" title="Start {{service}} service">
@ -167,7 +172,7 @@
<a id="stop-{{ s.2 }}" class="stop" title="Stop {{service}} service">
<span class="service-stop" onclick="confirmAjaxAction('stop', '{{action_service}}', '{{s.2}}')"></span>
</a>
{% if service != 'nginx' and service != 'keepalived' %}
{% if service != 'keepalived' %}
<span class="menu-bar" onclick="serverSettings('{{s.0}}', '{{s.1}}')" title="Edit settings for {{s.1}} service" style="margin: 0 0 0 10px;"></span>
{% endif %}
</span>
@ -208,7 +213,7 @@
Master for: <b>{{ copy_to_clipboard(value=s.7.0.1, style='font-weight: bold') }}</b>
{% endif %}
{% if s.9.0 == '1' %}
VRRP status: <b>
VRRP: <b>
{% if s.9.1 == 'MASTER' or s.9.1 == 'BACKUP' or s.9.1 == 'INIT' or s.9.1 == 'FAULT' %}
{{s.9.1}}
{% else %}

2
app/templates/include/errors.html
View File

@ -1,4 +1,4 @@
<div class="alert alert-danger" style="margin-bottom: 10px;">
<div class="alert alert-danger alert-one-row" style="margin-bottom: 10px;">
{{stderr}}
{{error}}
</div>

2
inc/style.css
View File

@ -345,7 +345,7 @@ pre {
font-style: italic;
}
.add_server_number {
width: 50px;
width: 70px;
}
.overview {
width: 100%;