sudo support
pull/19/head
Aidaho12 2018-05-07 01:58:52 +06:00
parent 31382f4648
commit ff069069b5
10 changed files with 111 additions and 78 deletions

View File

@ -17,6 +17,7 @@ serv = form.getvalue('serv')
config_read = ""
cfg = ""
stderr = ""
error = ""
aftersave = ""
try:
@ -43,15 +44,15 @@ if form.getvalue('serv') is not None and form.getvalue('open') is not None :
funct.logging(serv, "config.py open config")
except:
pass
funct.get_config(serv, cfg)
error = funct.get_config(serv, cfg)
try:
conf = open(cfg, "r")
config_read = conf.read()
conf.close
except IOError:
print('<div class="alert alert-danger">Can\'t read import config file</div>')
conf.close
error += '<br />Can\'t read import config file'
os.system("/bin/mv %s %s.old" % (cfg, cfg))
@ -69,7 +70,7 @@ if form.getvalue('serv') is not None and form.getvalue('config') is not None:
with open(cfg, "a") as conf:
conf.write(config)
except IOError:
print("Can't read import config file")
error = "Can't read import config file"
MASTERS = sql.is_master(serv)
for master in MASTERS:
@ -92,5 +93,6 @@ output_from_parsed_template = template.render(h2 = 1, title = "Edit Runnig HAPro
cfg = cfg,
selects = servers,
stderr = stderr,
error = error,
note = 1)
print(output_from_parsed_template)

View File

@ -138,20 +138,26 @@ def ssh_connect(serv, **kwargs):
return ssh
except paramiko.AuthenticationException:
print('<div class="alert alert-danger">Authentication failed, please verify your credentials</div>')
error = 'Authentication failed, please verify your credentials'
return False
except paramiko.SSHException as sshException:
print('<div class="alert alert-danger">Unable to establish SSH connection: %s </div>' % sshException)
error = 'Unable to establish SSH connection: %s ' % sshException
return False
except paramiko.BadHostKeyException as badHostKeyException:
print('<div class="alert alert-danger">Unable to verify server\'s host key: %s </div>' % badHostKeyException)
error = 'Unable to verify server\'s host key: %s ' % badHostKeyException
return False
except Exception as e:
if e.args[1] == "No such file or directory":
print('<div class="alert alert-danger">{}. Check ssh key</div>'.format(e.args[1]))
error = '{}. Check ssh key'.format(e.args[1])
elif e.args[1] == "Invalid argument":
print('<div class="alert alert-danger">Check the IP of the new server</div>')
error = 'Check the IP of the new server'
else:
print('<div class="alert alert-danger">{}</div>'.format(e.args[1]))
error = e.args[1]
return False
def get_config(serv, cfg, **kwargs):
@ -167,8 +173,7 @@ def get_config(serv, cfg, **kwargs):
sftp.close()
ssh.close()
except Exception as e:
print('<center><div class="alert alert-danger">' + str(e) + ' Please check IP, and SSH settings</div>')
sys.exit()
return str(e)
def show_config(cfg):
print('<div style="margin-left: 16%" class="configShow">')
@ -250,26 +255,26 @@ def upload_and_restart(serv, cfg, **kwargs):
try:
os.system("dos2unix "+cfg)
except OSError:
error = 'Please install dos2unix'
return 'Please install dos2unix'
pass
try:
ssh = ssh_connect(serv)
except:
error = 'Connect fail'
return 'Connect fail'
sftp = ssh.open_sftp()
sftp.put(cfg, tmp_file)
sftp.close()
if kwargs.get("keepalived") == 1:
if kwargs.get("just_save") == "save":
commands = [ "mv -f " + tmp_file + " /etc/keepalived/keepalived.conf" ]
commands = [ "sudo mv -f " + tmp_file + " /etc/keepalived/keepalived.conf" ]
else:
commands = [ "mv -f " + tmp_file + " /etc/keepalived/keepalived.conf", "systemctl restart keepalived" ]
commands = [ "sudo mv -f " + tmp_file + " /etc/keepalived/keepalived.conf", "sudo systemctl restart keepalived" ]
else:
if kwargs.get("just_save") == "save":
commands = [ "/sbin/haproxy -q -c -f " + tmp_file + "&& mv -f " + tmp_file + " " + haproxy_config_path ]
commands = [ "sudo /sbin/haproxy -q -c -f " + tmp_file + "&& sudo mv -f " + tmp_file + " " + haproxy_config_path ]
else:
commands = [ "/sbin/haproxy -q -c -f " + tmp_file + "&& mv -f " + tmp_file + " " + haproxy_config_path + " && " + restart_command ]
commands = [ "sudo /sbin/haproxy -q -c -f " + tmp_file + "&& sudo mv -f " + tmp_file + " " + haproxy_config_path + " && sudo " + restart_command ]
try:
if config.get('haproxy', 'firewall_enable') == "1":
commands.extend(open_port_firewalld(cfg))
@ -279,7 +284,7 @@ def upload_and_restart(serv, cfg, **kwargs):
for command in commands:
stdin, stdout, stderr = ssh.exec_command(command)
return stderr.read().decode(encoding='UTF-8')
return stderr.read()
ssh.close()
def open_port_firewalld(cfg):
@ -296,9 +301,9 @@ def open_port_firewalld(cfg):
bind[1] = bind[1].strip(' ')
bind = bind[1].split("ssl")
bind = bind[0].strip(' \t\n\r')
firewalld_commands.append('firewall-cmd --zone=public --add-port=%s/tcp --permanent' % bind)
firewalld_commands.append('sudo firewall-cmd --zone=public --add-port=%s/tcp --permanent' % bind)
firewalld_commands.append('firewall-cmd --reload')
firewalld_commands.append('sudo firewall-cmd --reload')
return firewalld_commands
def check_haproxy_config(serv):

View File

@ -72,7 +72,7 @@ if form.getvalue('serv') is not None and form.getvalue('config') is not None:
except IOError:
print("Can't read import config file")
stderr, error = funct.upload_and_restart(serv, cfg, just_save=save, keepalived=1)
stderr = funct.upload_and_restart(serv, cfg, just_save=save, keepalived=1)
os.system("/bin/diff -ub %s %s >> %s/config_edit-%s.log" % (oldcfg, cfg, log_path, funct.get_data('logs')))
os.system("/bin/rm -f " + kp_save_configs_dir + "*.old")

View File

@ -40,8 +40,10 @@ if form.getvalue('ssh_cert'):
print('<div class="alert alert-danger">Can\'t save ssh keys file. Check ssh keys path in config</div>')
else:
print('<div class="alert alert-success">Ssh key was save into: %s </div>' % ssh_keys)
funct.logging("local", "users.py#ssh upload new ssl cert %s" % ssh_keys)
try:
funct.logging("local", "users.py#ssh upload new ssl cert %s" % ssh_keys)
except:
pass
if serv and form.getvalue('ssl_cert'):
cert_local_dir = config.get('main', 'cert_local_dir')
@ -64,7 +66,10 @@ if serv and form.getvalue('ssl_cert'):
for master in MASTERS:
if master[0] != None:
funct.upload(master[0], cert_path, name)
funct.upload(serv, cert_path, name)
try:
funct.upload(serv, cert_path, name)
except:
pass
os.system("mv %s %s" % (name, cert_local_dir))
funct.logging(serv, "add.py#ssl upload new ssl cert %s" % name)
@ -89,11 +94,11 @@ if backend is not None:
if form.getvalue('ip') is not None and serv is not None:
commands = [ "ip a |grep inet |egrep -v '::1' |awk '{ print $2 }' |awk -F'/' '{ print $1 }'" ]
commands = [ "sudo ip a |grep inet |egrep -v '::1' |awk '{ print $2 }' |awk -F'/' '{ print $1 }'" ]
funct.ssh_command(serv, commands, ip="1")
if form.getvalue('showif'):
commands = ["ip link|grep 'UP' | awk '{print $2}' |awk -F':' '{print $1}'"]
commands = ["sudo ip link|grep 'UP' | awk '{print $2}' |awk -F':' '{print $1}'"]
funct.ssh_command(serv, commands, ip="1")
if form.getvalue('action') is not None and serv is not None:
@ -101,7 +106,7 @@ if form.getvalue('action') is not None and serv is not None:
action = form.getvalue('action')
if funct.check_haproxy_config(serv):
commands = [ "systemctl %s haproxy" % action ]
commands = [ "sudo systemctl %s haproxy" % action ]
funct.ssh_command(serv, commands)
else:
print("Bad config, check please")
@ -166,10 +171,10 @@ if form.getvalue('servaction') is not None:
enable = form.getvalue('servaction')
backend = form.getvalue('servbackend')
cmd='echo "%s %s" |socat stdio %s | cut -d "," -f 1-2,5-10,34-36 | column -s, -t' % (enable, backend, haproxy_sock)
cmd='echo "%s %s" |sudo socat stdio %s | cut -d "," -f 1-2,5-10,34-36 | column -s, -t' % (enable, backend, haproxy_sock)
if form.getvalue('save') == "on":
save_command = 'echo "show servers state" | socat stdio %s > %s' % (haproxy_sock, server_state_file)
save_command = 'echo "show servers state" | sudo socat stdio %s > %s' % (haproxy_sock, server_state_file)
command = [ cmd, save_command ]
else:
command = [ cmd ]
@ -198,9 +203,7 @@ if serv is not None and act == "configShow":
funct.get_config(serv, cfg)
else:
cfg = hap_configs_dir + form.getvalue('configver')
print('<a name="top"></a>')
print("<center><h3>Config from %s</h3>" % serv)
print('<p class="accordion-expand-holder">'
@ -285,10 +288,10 @@ if form.getvalue('masteradd'):
funct.upload(master, tmp_config_path, script)
funct.upload(slave, tmp_config_path, script)
commands = [ "chmod +x "+tmp_config_path+script, tmp_config_path+script+" MASTER "+interface+" "+vrrpip+" "+kp]
commands = [ "sudo chmod +x "+tmp_config_path+script, tmp_config_path+script+" MASTER "+interface+" "+vrrpip+" "+kp]
funct.ssh_command(master, commands)
commands = [ "chmod +x "+tmp_config_path+script, tmp_config_path+script+" BACKUP "+interface+" "+vrrpip+" "+kp ]
commands = [ "sudo chmod +x "+tmp_config_path+script, tmp_config_path+script+" BACKUP "+interface+" "+vrrpip+" "+kp ]
funct.ssh_command(slave, commands)
os.system("rm -f %s" % script)

View File

@ -1,7 +1,7 @@
#!/bin/bash
CONF=/etc/keepalived/keepalived.conf
IP=`cat $CONF |grep $3 |sed s/' '//g|sed s/'\t'//g`
VI=`cat /etc/keepalived/keepalived.conf |grep VI |awk '{print $2}' |awk -F"_" '{print $2}' |tail -1`
IP=`sudo cat $CONF |grep $3 |sed s/' '//g|sed s/'\t'//g| head -1`
VI=`sudo cat /etc/keepalived/keepalived.conf |grep VI |awk '{print $2}' |awk -F"_" '{print $2}' |tail -1`
VI=$(($VI+1))
if [[ $IP == $3 ]];then
@ -9,7 +9,7 @@ if [[ $IP == $3 ]];then
exit 1
fi
cat << EOF >> $CONF
sudo bash -c cat << EOF >> $CONF
vrrp_instance VI_$VI {
state MASTER
interface eth1
@ -37,15 +37,15 @@ then
echo "Can't read keepalived config"
exit 1
fi
sed -i "s/MASTER/$1/g" $CONF
sed -i "s/eth1/$2/g" $CONF
sed -i "s/0.0.0.1/$3/g" $CONF
sudo sed -i "s/MASTER/$1/g" $CONF
sudo sed -i "s/eth1/$2/g" $CONF
sudo sed -i "s/0.0.0.1/$3/g" $CONF
if [[ $1 == "BACKUP" ]];then
sed -i "s/103/104/g" $CONF
sudo sed -i "s/103/104/g" $CONF
fi
if [[ $4 == "1" ]];then
systemctl restart keepalived
sudo systemctl restart keepalived
fi
echo "success"

View File

@ -2,30 +2,30 @@
if [[ $1 != "" ]]
then
export http_proxy="$1"
export https_proxy="$1"
sudo export http_proxy="$1"
sudo export https_proxy="$1"
echo "Exporting proxy"
fi
if [ -f /etc/haproxy/haproxy.cfg ];then
echo -e 'error: Haproxy alredy installed. You can edit config<a href="/app/config.py" title="Edit HAProxy config">here</a>'
echo -e 'error: Haproxy already installed. You can edit config<a href="/app/config.py" title="Edit HAProxy config">here</a> <br /><br />'
exit 1
fi
wget http://cbs.centos.org/kojifiles/packages/haproxy/1.8.1/5.el7/x86_64/haproxy18-1.8.1-5.el7.x86_64.rpm
yum install haproxy18-1.8.1-5.el7.x86_64.rpm -y
sudo wget http://cbs.centos.org/kojifiles/packages/haproxy/1.8.1/5.el7/x86_64/haproxy18-1.8.1-5.el7.x86_64.rpm
sudo yum install haproxy18-1.8.1-5.el7.x86_64.rpm -y
if [ $? -eq 1 ]
then
yum install wget socat -y > /dev/null
wget http://cbs.centos.org/kojifiles/packages/haproxy/1.8.1/5.el7/x86_64/haproxy18-1.8.1-5.el7.x86_64.rpm
yum install haproxy18-1.8.1-5.el7.x86_64.rpm -y
sudo yum install wget socat -y > /dev/null
sudo wget http://cbs.centos.org/kojifiles/packages/haproxy/1.8.1/5.el7/x86_64/haproxy18-1.8.1-5.el7.x86_64.rpm
sudo yum install haproxy18-1.8.1-5.el7.x86_64.rpm -y
fi
if [ $? -eq 1 ]
then
yum install haproxy socat -y > /dev/null
sudo yum install haproxy socat -y > /dev/null
fi
echo "" > /etc/haproxy/haproxy.cfg
cat << EOF > /etc/haproxy/haproxy.cfg
sudo bash -c cat << EOF > /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
@ -63,23 +63,23 @@ listen stats
stats realm HAProxy-04\ Statistics
stats auth admin:password
EOF
cat << EOF > /etc/rsyslog.d/haproxy.conf
sudo bash -c cat << EOF > /etc/rsyslog.d/haproxy.conf
local2.* /var/log/haproxy.log
EOF
sed -i 's/#$UDPServerRun 514/$UDPServerRun 514/g' /etc/rsyslog.conf
sed -i 's/#$ModLoad imudp/$ModLoad imudp/g' /etc/rsyslog.conf
sudo sed -i 's/#$UDPServerRun 514/$UDPServerRun 514/g' /etc/rsyslog.conf
sudo sed -i 's/#$ModLoad imudp/$ModLoad imudp/g' /etc/rsyslog.conf
firewall-cmd --zone=public --add-port=8085/tcp --permanent
firewall-cmd --reload
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
systemctl enable haproxy
systemctl restart haproxy
sudo firewall-cmd --zone=public --add-port=8085/tcp --permanent
sudo sudo firewall-cmd --reload
sudo setenforce 0
sudo sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
sudo systemctl enable haproxy
sudo systemctl restart haproxy
if [ $? -eq 1 ]
then
echo "error: Can't start Haproxy service"
echo "error: Can't start Haproxy service <br /><br />"
exit 1
fi
echo "success"

View File

@ -2,19 +2,19 @@
CONF=/etc/keepalived/keepalived.conf
if [ -f $CONF ];then
echo -e 'error: Keepalived alredy installed. You can edit config <a href="/app/keepalivedconfig.py" title="Edit Keepalived config">here</a>'
echo -e 'error: Keepalived already installed. You can edit config <a href="/app/keepalivedconfig.py" title="Edit Keepalived config">here</a><br /><br />'
exit 1
fi
yum install keepalived -y > /dev/null
sudo yum install keepalived -y > /dev/null
if [ $? -eq 1 ]
then
echo "error: Can't install keepalived"
echo "error: Can't install keepalived <br /><br />"
exit 1
fi
echo "" > $CONF
sudo echo "" > $CONF
cat << EOF > $CONF
sudo bash -c cat << EOF > $CONF
global_defs {
router_id LVS_DEVEL
}
@ -49,27 +49,28 @@ vrrp_instance VI_1 {
EOF
if [ $? -eq 1 ]
then
echo "error: Can't read keepalived config"
echo "error: Can't read keepalived config <br /><br />"
exit 1
fi
sed -i "s/MASTER/$1/g" $CONF
sed -i "s/eth0/$2/g" $CONF
sed -i "s/0.0.0.0/$3/g" $CONF
sudo sed -i "s/MASTER/$1/g" $CONF
sudo sed -i "s/eth0/$2/g" $CONF
sudo sed -i "s/0.0.0.0/$3/g" $CONF
if [[ $1 == "BACKUP" ]];then
sed -i "s/102/103/g" $CONF
sudo sed -i "s/102/103/g" $CONF
fi
systemctl enable keepalived
systemctl restart keepalived
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface enp0s8 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 --out-interface enp0s8 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --reload
sudo systemctl enable keepalived
sudo systemctl restart keepalived
sudo echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sudo sysctl -p
sudo firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface enp0s8 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
sudo firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 --out-interface enp0s8 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
sudo firewall-cmd --reload
if [ $? -eq 1 ]
then
echo "error: Can't start keepalived"
echo "error: Can't start keepalived <br /><br />"
exit 1
fi
fi
echo "success"

View File

@ -94,7 +94,7 @@
{% endif %}
</ul>
</nav>
<div class="copyright-menu">HAproxy-WI v2.5.1</div>
<div class="copyright-menu">HAproxy-WI v2.5.2</div>
</div>
</div>
<div class="container">

View File

@ -34,6 +34,17 @@
{% endif %}
</form>
</p>
{% if not aftersave %}
{% if stderr or error %}
<div class="alert alert-danger" style="margin-bottom: 10px;">
Some errors:
<br>
<br>
{{stderr}}
{{error}}
</div>
{% endif %}
{% endif %}
{% if note %}
<div class="alert alert-info"><b>Note:</b> If you reconfigure Master server, Slave will reconfigured automatically</div>
{% endif %}

View File

@ -17,6 +17,17 @@
<button type="submit" value="open" name="open" class="btn btn-default">Open</button>
</form>
</p>
{% if not aftersave %}
{% if stderr or error %}
<div class="alert alert-danger" style="margin-bottom: 10px;">
Some errors:
<br>
<br>
{{stderr}}
{{error}}
</div>
{% endif %}
{% endif %}
{% if note %}
<div class="alert alert-info"><b>Note:</b> If you reconfigure Master server, Slave will reconfigured automatically</div>
{% endif %}