From ff069069b51b309e0d190268fb7eade4ffb975ef Mon Sep 17 00:00:00 2001 From: Aidaho12 Date: Mon, 7 May 2018 01:58:52 +0600 Subject: [PATCH] v2.5.2 sudo support --- app/config.py | 12 ++++++---- app/funct.py | 27 ++++++++++++--------- app/keepalivedconfig.py | 2 +- app/options.py | 29 ++++++++++++---------- app/scripts/add_vrrp.sh | 16 ++++++------- app/scripts/install_haproxy.sh | 40 +++++++++++++++---------------- app/scripts/install_keepalived.sh | 39 +++++++++++++++--------------- app/templates/base.html | 2 +- app/templates/config.html | 11 +++++++++ app/templates/configver.html | 11 +++++++++ 10 files changed, 111 insertions(+), 78 deletions(-) diff --git a/app/config.py b/app/config.py index edaad85d..fa866a89 100644 --- a/app/config.py +++ b/app/config.py @@ -17,6 +17,7 @@ serv = form.getvalue('serv') config_read = "" cfg = "" stderr = "" +error = "" aftersave = "" try: @@ -43,15 +44,15 @@ if form.getvalue('serv') is not None and form.getvalue('open') is not None : funct.logging(serv, "config.py open config") except: pass - funct.get_config(serv, cfg) + + error = funct.get_config(serv, cfg) try: conf = open(cfg, "r") config_read = conf.read() + conf.close except IOError: - print('
Can\'t read import config file
') - - conf.close + error += '
Can\'t read import config file' os.system("/bin/mv %s %s.old" % (cfg, cfg)) @@ -69,7 +70,7 @@ if form.getvalue('serv') is not None and form.getvalue('config') is not None: with open(cfg, "a") as conf: conf.write(config) except IOError: - print("Can't read import config file") + error = "Can't read import config file" MASTERS = sql.is_master(serv) for master in MASTERS: @@ -92,5 +93,6 @@ output_from_parsed_template = template.render(h2 = 1, title = "Edit Runnig HAPro cfg = cfg, selects = servers, stderr = stderr, + error = error, note = 1) print(output_from_parsed_template) \ No newline at end of file diff --git a/app/funct.py b/app/funct.py index b1dbff86..81b2281b 100644 --- a/app/funct.py +++ b/app/funct.py @@ -138,20 +138,26 @@ def ssh_connect(serv, **kwargs): return ssh except paramiko.AuthenticationException: print('
Authentication failed, please verify your credentials
') + error = 'Authentication failed, please verify your credentials' return False except paramiko.SSHException as sshException: print('
Unable to establish SSH connection: %s
' % sshException) + error = 'Unable to establish SSH connection: %s ' % sshException return False except paramiko.BadHostKeyException as badHostKeyException: print('
Unable to verify server\'s host key: %s
' % badHostKeyException) + error = 'Unable to verify server\'s host key: %s ' % badHostKeyException return False except Exception as e: if e.args[1] == "No such file or directory": print('
{}. Check ssh key
'.format(e.args[1])) + error = '{}. Check ssh key'.format(e.args[1]) elif e.args[1] == "Invalid argument": print('
Check the IP of the new server
') + error = 'Check the IP of the new server' else: print('
{}
'.format(e.args[1])) + error = e.args[1] return False def get_config(serv, cfg, **kwargs): @@ -167,8 +173,7 @@ def get_config(serv, cfg, **kwargs): sftp.close() ssh.close() except Exception as e: - print('
' + str(e) + ' Please check IP, and SSH settings
') - sys.exit() + return str(e) def show_config(cfg): print('
') @@ -250,26 +255,26 @@ def upload_and_restart(serv, cfg, **kwargs): try: os.system("dos2unix "+cfg) except OSError: - error = 'Please install dos2unix' + return 'Please install dos2unix' pass try: ssh = ssh_connect(serv) except: - error = 'Connect fail' + return 'Connect fail' sftp = ssh.open_sftp() sftp.put(cfg, tmp_file) sftp.close() if kwargs.get("keepalived") == 1: if kwargs.get("just_save") == "save": - commands = [ "mv -f " + tmp_file + " /etc/keepalived/keepalived.conf" ] + commands = [ "sudo mv -f " + tmp_file + " /etc/keepalived/keepalived.conf" ] else: - commands = [ "mv -f " + tmp_file + " /etc/keepalived/keepalived.conf", "systemctl restart keepalived" ] + commands = [ "sudo mv -f " + tmp_file + " /etc/keepalived/keepalived.conf", "sudo systemctl restart keepalived" ] else: if kwargs.get("just_save") == "save": - commands = [ "/sbin/haproxy -q -c -f " + tmp_file + "&& mv -f " + tmp_file + " " + haproxy_config_path ] + commands = [ "sudo /sbin/haproxy -q -c -f " + tmp_file + "&& sudo mv -f " + tmp_file + " " + haproxy_config_path ] else: - commands = [ "/sbin/haproxy -q -c -f " + tmp_file + "&& mv -f " + tmp_file + " " + haproxy_config_path + " && " + restart_command ] + commands = [ "sudo /sbin/haproxy -q -c -f " + tmp_file + "&& sudo mv -f " + tmp_file + " " + haproxy_config_path + " && sudo " + restart_command ] try: if config.get('haproxy', 'firewall_enable') == "1": commands.extend(open_port_firewalld(cfg)) @@ -279,7 +284,7 @@ def upload_and_restart(serv, cfg, **kwargs): for command in commands: stdin, stdout, stderr = ssh.exec_command(command) - return stderr.read().decode(encoding='UTF-8') + return stderr.read() ssh.close() def open_port_firewalld(cfg): @@ -296,9 +301,9 @@ def open_port_firewalld(cfg): bind[1] = bind[1].strip(' ') bind = bind[1].split("ssl") bind = bind[0].strip(' \t\n\r') - firewalld_commands.append('firewall-cmd --zone=public --add-port=%s/tcp --permanent' % bind) + firewalld_commands.append('sudo firewall-cmd --zone=public --add-port=%s/tcp --permanent' % bind) - firewalld_commands.append('firewall-cmd --reload') + firewalld_commands.append('sudo firewall-cmd --reload') return firewalld_commands def check_haproxy_config(serv): diff --git a/app/keepalivedconfig.py b/app/keepalivedconfig.py index df662359..476b3c5b 100644 --- a/app/keepalivedconfig.py +++ b/app/keepalivedconfig.py @@ -72,7 +72,7 @@ if form.getvalue('serv') is not None and form.getvalue('config') is not None: except IOError: print("Can't read import config file") - stderr, error = funct.upload_and_restart(serv, cfg, just_save=save, keepalived=1) + stderr = funct.upload_and_restart(serv, cfg, just_save=save, keepalived=1) os.system("/bin/diff -ub %s %s >> %s/config_edit-%s.log" % (oldcfg, cfg, log_path, funct.get_data('logs'))) os.system("/bin/rm -f " + kp_save_configs_dir + "*.old") diff --git a/app/options.py b/app/options.py index da92ee9b..cc66d4e7 100644 --- a/app/options.py +++ b/app/options.py @@ -40,8 +40,10 @@ if form.getvalue('ssh_cert'): print('
Can\'t save ssh keys file. Check ssh keys path in config
') else: print('
Ssh key was save into: %s
' % ssh_keys) - - funct.logging("local", "users.py#ssh upload new ssl cert %s" % ssh_keys) + try: + funct.logging("local", "users.py#ssh upload new ssl cert %s" % ssh_keys) + except: + pass if serv and form.getvalue('ssl_cert'): cert_local_dir = config.get('main', 'cert_local_dir') @@ -64,7 +66,10 @@ if serv and form.getvalue('ssl_cert'): for master in MASTERS: if master[0] != None: funct.upload(master[0], cert_path, name) - funct.upload(serv, cert_path, name) + try: + funct.upload(serv, cert_path, name) + except: + pass os.system("mv %s %s" % (name, cert_local_dir)) funct.logging(serv, "add.py#ssl upload new ssl cert %s" % name) @@ -89,11 +94,11 @@ if backend is not None: if form.getvalue('ip') is not None and serv is not None: - commands = [ "ip a |grep inet |egrep -v '::1' |awk '{ print $2 }' |awk -F'/' '{ print $1 }'" ] + commands = [ "sudo ip a |grep inet |egrep -v '::1' |awk '{ print $2 }' |awk -F'/' '{ print $1 }'" ] funct.ssh_command(serv, commands, ip="1") if form.getvalue('showif'): - commands = ["ip link|grep 'UP' | awk '{print $2}' |awk -F':' '{print $1}'"] + commands = ["sudo ip link|grep 'UP' | awk '{print $2}' |awk -F':' '{print $1}'"] funct.ssh_command(serv, commands, ip="1") if form.getvalue('action') is not None and serv is not None: @@ -101,7 +106,7 @@ if form.getvalue('action') is not None and serv is not None: action = form.getvalue('action') if funct.check_haproxy_config(serv): - commands = [ "systemctl %s haproxy" % action ] + commands = [ "sudo systemctl %s haproxy" % action ] funct.ssh_command(serv, commands) else: print("Bad config, check please") @@ -166,10 +171,10 @@ if form.getvalue('servaction') is not None: enable = form.getvalue('servaction') backend = form.getvalue('servbackend') - cmd='echo "%s %s" |socat stdio %s | cut -d "," -f 1-2,5-10,34-36 | column -s, -t' % (enable, backend, haproxy_sock) + cmd='echo "%s %s" |sudo socat stdio %s | cut -d "," -f 1-2,5-10,34-36 | column -s, -t' % (enable, backend, haproxy_sock) if form.getvalue('save') == "on": - save_command = 'echo "show servers state" | socat stdio %s > %s' % (haproxy_sock, server_state_file) + save_command = 'echo "show servers state" | sudo socat stdio %s > %s' % (haproxy_sock, server_state_file) command = [ cmd, save_command ] else: command = [ cmd ] @@ -198,9 +203,7 @@ if serv is not None and act == "configShow": funct.get_config(serv, cfg) else: cfg = hap_configs_dir + form.getvalue('configver') - - - + print('') print("

Config from %s

" % serv) print('

' @@ -285,10 +288,10 @@ if form.getvalue('masteradd'): funct.upload(master, tmp_config_path, script) funct.upload(slave, tmp_config_path, script) - commands = [ "chmod +x "+tmp_config_path+script, tmp_config_path+script+" MASTER "+interface+" "+vrrpip+" "+kp] + commands = [ "sudo chmod +x "+tmp_config_path+script, tmp_config_path+script+" MASTER "+interface+" "+vrrpip+" "+kp] funct.ssh_command(master, commands) - commands = [ "chmod +x "+tmp_config_path+script, tmp_config_path+script+" BACKUP "+interface+" "+vrrpip+" "+kp ] + commands = [ "sudo chmod +x "+tmp_config_path+script, tmp_config_path+script+" BACKUP "+interface+" "+vrrpip+" "+kp ] funct.ssh_command(slave, commands) os.system("rm -f %s" % script) diff --git a/app/scripts/add_vrrp.sh b/app/scripts/add_vrrp.sh index fcfb01d9..360a04c8 100644 --- a/app/scripts/add_vrrp.sh +++ b/app/scripts/add_vrrp.sh @@ -1,7 +1,7 @@ #!/bin/bash CONF=/etc/keepalived/keepalived.conf -IP=`cat $CONF |grep $3 |sed s/' '//g|sed s/'\t'//g` -VI=`cat /etc/keepalived/keepalived.conf |grep VI |awk '{print $2}' |awk -F"_" '{print $2}' |tail -1` +IP=`sudo cat $CONF |grep $3 |sed s/' '//g|sed s/'\t'//g| head -1` +VI=`sudo cat /etc/keepalived/keepalived.conf |grep VI |awk '{print $2}' |awk -F"_" '{print $2}' |tail -1` VI=$(($VI+1)) if [[ $IP == $3 ]];then @@ -9,7 +9,7 @@ if [[ $IP == $3 ]];then exit 1 fi -cat << EOF >> $CONF +sudo bash -c cat << EOF >> $CONF vrrp_instance VI_$VI { state MASTER interface eth1 @@ -37,15 +37,15 @@ then echo "Can't read keepalived config" exit 1 fi -sed -i "s/MASTER/$1/g" $CONF -sed -i "s/eth1/$2/g" $CONF -sed -i "s/0.0.0.1/$3/g" $CONF +sudo sed -i "s/MASTER/$1/g" $CONF +sudo sed -i "s/eth1/$2/g" $CONF +sudo sed -i "s/0.0.0.1/$3/g" $CONF if [[ $1 == "BACKUP" ]];then - sed -i "s/103/104/g" $CONF + sudo sed -i "s/103/104/g" $CONF fi if [[ $4 == "1" ]];then - systemctl restart keepalived + sudo systemctl restart keepalived fi echo "success" \ No newline at end of file diff --git a/app/scripts/install_haproxy.sh b/app/scripts/install_haproxy.sh index e6233900..ea76c2e8 100644 --- a/app/scripts/install_haproxy.sh +++ b/app/scripts/install_haproxy.sh @@ -2,30 +2,30 @@ if [[ $1 != "" ]] then - export http_proxy="$1" - export https_proxy="$1" + sudo export http_proxy="$1" + sudo export https_proxy="$1" echo "Exporting proxy" fi if [ -f /etc/haproxy/haproxy.cfg ];then - echo -e 'error: Haproxy alredy installed. You can edit confighere' + echo -e 'error: Haproxy already installed. You can edit confighere

' exit 1 fi -wget http://cbs.centos.org/kojifiles/packages/haproxy/1.8.1/5.el7/x86_64/haproxy18-1.8.1-5.el7.x86_64.rpm -yum install haproxy18-1.8.1-5.el7.x86_64.rpm -y +sudo wget http://cbs.centos.org/kojifiles/packages/haproxy/1.8.1/5.el7/x86_64/haproxy18-1.8.1-5.el7.x86_64.rpm +sudo yum install haproxy18-1.8.1-5.el7.x86_64.rpm -y if [ $? -eq 1 ] then - yum install wget socat -y > /dev/null - wget http://cbs.centos.org/kojifiles/packages/haproxy/1.8.1/5.el7/x86_64/haproxy18-1.8.1-5.el7.x86_64.rpm - yum install haproxy18-1.8.1-5.el7.x86_64.rpm -y + sudo yum install wget socat -y > /dev/null + sudo wget http://cbs.centos.org/kojifiles/packages/haproxy/1.8.1/5.el7/x86_64/haproxy18-1.8.1-5.el7.x86_64.rpm + sudo yum install haproxy18-1.8.1-5.el7.x86_64.rpm -y fi if [ $? -eq 1 ] then - yum install haproxy socat -y > /dev/null + sudo yum install haproxy socat -y > /dev/null fi echo "" > /etc/haproxy/haproxy.cfg -cat << EOF > /etc/haproxy/haproxy.cfg +sudo bash -c cat << EOF > /etc/haproxy/haproxy.cfg global log 127.0.0.1 local2 chroot /var/lib/haproxy @@ -63,23 +63,23 @@ listen stats stats realm HAProxy-04\ Statistics stats auth admin:password EOF -cat << EOF > /etc/rsyslog.d/haproxy.conf +sudo bash -c cat << EOF > /etc/rsyslog.d/haproxy.conf local2.* /var/log/haproxy.log EOF -sed -i 's/#$UDPServerRun 514/$UDPServerRun 514/g' /etc/rsyslog.conf -sed -i 's/#$ModLoad imudp/$ModLoad imudp/g' /etc/rsyslog.conf +sudo sed -i 's/#$UDPServerRun 514/$UDPServerRun 514/g' /etc/rsyslog.conf +sudo sed -i 's/#$ModLoad imudp/$ModLoad imudp/g' /etc/rsyslog.conf -firewall-cmd --zone=public --add-port=8085/tcp --permanent -firewall-cmd --reload -setenforce 0 -sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config -systemctl enable haproxy -systemctl restart haproxy +sudo firewall-cmd --zone=public --add-port=8085/tcp --permanent +sudo sudo firewall-cmd --reload +sudo setenforce 0 +sudo sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config +sudo systemctl enable haproxy +sudo systemctl restart haproxy if [ $? -eq 1 ] then - echo "error: Can't start Haproxy service" + echo "error: Can't start Haproxy service

" exit 1 fi echo "success" \ No newline at end of file diff --git a/app/scripts/install_keepalived.sh b/app/scripts/install_keepalived.sh index da42744a..dee3b541 100644 --- a/app/scripts/install_keepalived.sh +++ b/app/scripts/install_keepalived.sh @@ -2,19 +2,19 @@ CONF=/etc/keepalived/keepalived.conf if [ -f $CONF ];then - echo -e 'error: Keepalived alredy installed. You can edit config here' + echo -e 'error: Keepalived already installed. You can edit config here

' exit 1 fi -yum install keepalived -y > /dev/null +sudo yum install keepalived -y > /dev/null if [ $? -eq 1 ] then - echo "error: Can't install keepalived" + echo "error: Can't install keepalived

" exit 1 fi -echo "" > $CONF +sudo echo "" > $CONF -cat << EOF > $CONF +sudo bash -c cat << EOF > $CONF global_defs { router_id LVS_DEVEL } @@ -49,27 +49,28 @@ vrrp_instance VI_1 { EOF if [ $? -eq 1 ] then - echo "error: Can't read keepalived config" + echo "error: Can't read keepalived config

" exit 1 fi -sed -i "s/MASTER/$1/g" $CONF -sed -i "s/eth0/$2/g" $CONF -sed -i "s/0.0.0.0/$3/g" $CONF +sudo sed -i "s/MASTER/$1/g" $CONF +sudo sed -i "s/eth0/$2/g" $CONF +sudo sed -i "s/0.0.0.0/$3/g" $CONF if [[ $1 == "BACKUP" ]];then - sed -i "s/102/103/g" $CONF + sudo sed -i "s/102/103/g" $CONF fi -systemctl enable keepalived -systemctl restart keepalived -echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf -sysctl -p -firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface enp0s8 --destination 224.0.0.18 --protocol vrrp -j ACCEPT -firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 --out-interface enp0s8 --destination 224.0.0.18 --protocol vrrp -j ACCEPT -firewall-cmd --reload +sudo systemctl enable keepalived +sudo systemctl restart keepalived +sudo echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf +sudo sysctl -p +sudo firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface enp0s8 --destination 224.0.0.18 --protocol vrrp -j ACCEPT +sudo firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 --out-interface enp0s8 --destination 224.0.0.18 --protocol vrrp -j ACCEPT +sudo firewall-cmd --reload if [ $? -eq 1 ] then - echo "error: Can't start keepalived" + echo "error: Can't start keepalived

" exit 1 -fi \ No newline at end of file +fi +echo "success" \ No newline at end of file diff --git a/app/templates/base.html b/app/templates/base.html index fd4845d5..e2997506 100644 --- a/app/templates/base.html +++ b/app/templates/base.html @@ -94,7 +94,7 @@ {% endif %} -

HAproxy-WI v2.5.1
+
HAproxy-WI v2.5.2
diff --git a/app/templates/config.html b/app/templates/config.html index ab17e190..1b6806b1 100644 --- a/app/templates/config.html +++ b/app/templates/config.html @@ -34,6 +34,17 @@ {% endif %}

+ {% if not aftersave %} + {% if stderr or error %} +
+ Some errors: +
+
+ {{stderr}} + {{error}} +
+ {% endif %} + {% endif %} {% if note %}
Note: If you reconfigure Master server, Slave will reconfigured automatically
{% endif %} diff --git a/app/templates/configver.html b/app/templates/configver.html index 0e9b5c6a..790d9932 100644 --- a/app/templates/configver.html +++ b/app/templates/configver.html @@ -17,6 +17,17 @@

+ {% if not aftersave %} + {% if stderr or error %} +
+ Some errors: +
+
+ {{stderr}} + {{error}} +
+ {% endif %} + {% endif %} {% if note %}
Note: If you reconfigure Master server, Slave will reconfigured automatically
{% endif %}