#!/usr/bin/env python3 import distro from sql import out_error from db_model import * from funct import check_ver def default_values(): if distro.id() == 'ubuntu': apache_dir = 'apache2' else: apache_dir = 'httpd' data_source = [ {'param': 'time_zone', 'value': 'UTC', 'section': 'main', 'desc': 'Time Zone', 'group': '1'}, {'param': 'proxy', 'value': '', 'section': 'main', 'desc': 'IP address and port of the proxy server. Use proto://ip:port', 'group': '1'}, {'param': 'session_ttl', 'value': '5', 'section': 'main', 'desc': 'TTL for a user session (in days)', 'group': '1'}, {'param': 'token_ttl', 'value': '5', 'section': 'main', 'desc': 'TTL for a user token (in days)', 'group': '1'}, {'param': 'tmp_config_path', 'value': '/tmp/', 'section': 'main', 'desc': 'Path to the temporary directory. A valid path should be specified as the value of this parameter. The directory must be owned by the user specified in SSH settings', 'group': '1'}, {'param': 'cert_path', 'value': '/etc/ssl/certs/', 'section': 'main', 'desc': 'Path to SSL dir. Folder owner must be a user which set in the SSH settings. Path must exist', 'group': '1'}, {'param': 'ssl_local_path', 'value': 'certs', 'section': 'main', 'desc': 'Path to the directory with the saved local SSL certificates. The value of this parameter is specified as a relative path beginning with $HOME_ROXY_WI/app/', 'group': '1'}, {'param': 'lists_path', 'value': 'lists', 'section': 'main', 'desc': 'Path to the black and the wild list. The value of this paramer should be specified as a relative path beginning with $HOME_ROXY-WI', 'group': '1'}, {'param': 'haproxy_path_logs', 'value': '/var/log/haproxy/', 'section': 'haproxy', 'desc': 'The path for HAProxy logs', 'group': '1'}, {'param': 'syslog_server_enable', 'value': '0', 'section': 'logs', 'desc': 'Enable getting logs from a syslog server; (0 - no, 1 - yes)', 'group': '1'}, {'param': 'syslog_server', 'value': '', 'section': 'logs', 'desc': 'IP address of the syslog_server', 'group': '1'}, {'param': 'log_time_storage', 'value': '14', 'section': 'logs', 'desc': 'Retention period for user activity logs (in days)', 'group': '1'}, {'param': 'stats_user', 'value': 'admin', 'section': 'haproxy', 'desc': 'Username for accessing HAProxy stats page', 'group': '1'}, {'param': 'stats_password', 'value': 'password', 'section': 'haproxy', 'desc': 'Password for accessing HAProxy stats page', 'group': '1'}, {'param': 'stats_port', 'value': '8085', 'section': 'haproxy', 'desc': 'Port for HAProxy stats page', 'group': '1'}, {'param': 'stats_page', 'value': 'stats', 'section': 'haproxy', 'desc': 'URI for HAProxy stats page', 'group': '1'}, {'param': 'haproxy_dir', 'value': '/etc/haproxy', 'section': 'haproxy', 'desc': 'Path to the HAProxy directory', 'group': '1'}, {'param': 'haproxy_config_path', 'value': '/etc/haproxy/haproxy.cfg', 'section': 'haproxy', 'desc': 'Path to the HAProxy configuration file', 'group': '1'}, {'param': 'server_state_file', 'value': '/etc/haproxy/haproxy.state', 'section': 'haproxy', 'desc': 'Path to the HAProxy state file', 'group': '1'}, {'param': 'haproxy_sock', 'value': '/var/run/haproxy.sock', 'section': 'haproxy', 'desc': 'Socket port for HAProxy', 'group': '1'}, {'param': 'haproxy_sock_port', 'value': '1999', 'section': 'haproxy', 'desc': 'HAProxy sock port', 'group': '1'}, {'param': 'apache_log_path', 'value': '/var/log/'+apache_dir+'/', 'section': 'logs', 'desc': 'Path to Apache logs', 'group': '1'}, {'param': 'nginx_path_logs', 'value': '/var/log/nginx/', 'section': 'nginx', 'desc': 'The path for Nginx logs', 'group': '1'}, {'param': 'nginx_stats_user', 'value': 'admin', 'section': 'nginx', 'desc': 'Username for accessing Nginx stats page', 'group': '1'}, {'param': 'nginx_stats_password', 'value': 'password', 'section': 'nginx', 'desc': 'Password for Stats web page Ngin', 'group': '1'}, {'param': 'nginx_stats_port', 'value': '8086', 'section': 'nginx', 'desc': 'Stats port for web page Nginx', 'group': '1'}, {'param': 'nginx_stats_page', 'value': 'stats', 'section': 'nginx', 'desc': 'URI Stats for web page Nginx', 'group': '1'}, {'param': 'nginx_dir', 'value': '/etc/nginx/conf.d/', 'section': 'nginx', 'desc': 'Path to the Nginx directory with config files', 'group': '1'}, {'param': 'nginx_config_path', 'value': '/etc/nginx/nginx.conf', 'section': 'nginx', 'desc': 'Path to the main Nginx configuration file', 'group': '1'}, {'param': 'ldap_enable', 'value': '0', 'section': 'ldap', 'desc': 'Enable LDAP (1 - yes, 0 - no)', 'group': '1'}, {'param': 'ldap_server', 'value': '', 'section': 'ldap', 'desc': 'IP address of the LDAP server', 'group': '1'}, {'param': 'ldap_port', 'value': '389', 'section': 'ldap', 'desc': 'LDAP port (port 389 or 636 is used by default)', 'group': '1'}, {'param': 'ldap_user', 'value': '', 'section': 'ldap', 'desc': 'LDAP username. Format: user@domain.com', 'group': '1'}, {'param': 'ldap_password', 'value': '', 'section': 'ldap', 'desc': 'LDAP password', 'group': '1'}, {'param': 'ldap_base', 'value': '', 'section': 'ldap', 'desc': 'Base domain. Example: dc=domain, dc=com', 'group': '1'}, {'param': 'ldap_domain', 'value': '', 'section': 'ldap', 'desc': 'LDAP domain for logging in', 'group': '1'}, {'param': 'ldap_class_search', 'value': 'user', 'section': 'ldap', 'desc': 'Class for searching the user', 'group': '1'}, {'param': 'ldap_user_attribute', 'value': 'sAMAccountName', 'section': 'ldap', 'desc': 'Attribute to search users by', 'group': '1'}, {'param': 'ldap_search_field', 'value': 'mail', 'section': 'ldap', 'desc': 'User\'s email address', 'group': '1'}, {'param': 'ldap_type', 'value': '0', 'section': 'ldap', 'desc': 'Use LDAPS (1 - yes, 0 - no)', 'group': '1'}, {'param': 'rabbitmq_host', 'value': '127.0.0.1', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server host', 'group': '1'}, {'param': 'rabbitmq_port', 'value': '5672', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server port', 'group': '1'}, {'param': 'rabbitmq_port', 'value': '5672', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server port', 'group': '1'}, {'param': 'rabbitmq_vhost', 'value': '/', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server vhost', 'group': '1'}, {'param': 'rabbitmq_queue', 'value': 'roxy-wi', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server queue', 'group': '1'}, {'param': 'rabbitmq_user', 'value': 'roxy-wi', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server user', 'group': '1'}, {'param': 'rabbitmq_password', 'value': 'roxy-wi123', 'section': 'rabbitmq', 'desc': 'RabbitMQ-server user password', 'group': '1'}, ] try: Setting.insert_many(data_source).on_conflict_ignore().execute() except Exception as e: out_error(e) data_source = [ {'username': 'admin', 'email': 'admin@localhost', 'password': '21232f297a57a5a743894a0e4a801fc3', 'role': 'superAdmin', 'groups': '1'}, {'username': 'editor', 'email': 'editor@localhost', 'password': '5aee9dbd2a188839105073571bee1b1f', 'role': 'admin', 'groups': '1'}, {'username': 'guest', 'email': 'guest@localhost', 'password': '084e0343a0486ff05530df6c705c8bb4', 'role': 'guest', 'groups': '1'} ] try: User.insert_many(data_source).on_conflict_ignore().execute() except Exception as e: out_error(e) data_source = [ {'name': 'superAdmin', 'description': 'Has the highest level of administrative permissions and controls the actions of all other users'}, {'name': 'admin', 'description': 'Has access everywhere except the Admin area'}, {'name': 'editor', 'description': 'Has the same rights as the admin but has no access to the Servers page'}, {'name': 'guest', 'description': 'Read-only access'} ] try: Role.insert_many(data_source).on_conflict_ignore().execute() except Exception as e: out_error(e) try: Groups.insert(name='All', description='All servers are included in this group by default').on_conflict_ignore().execute() except Exception as e: out_error(e) def update_db_v_3_4_5_22(): try: Version.insert(version='3.4.5.2').execute() except Exception as e: print('Cannot insert version %s' % e) # Needs for updating user_group. Do not delete def update_db_v_4_3_0(**kwargs): try: UserGroups.insert_from(User.select(User.user_id, User.groups), fields=[UserGroups.user_id, UserGroups.user_group_id]).on_conflict_ignore().execute() except Exception as e: if kwargs.get('silent') != 1: if e.args[0] == 'duplicate column name: haproxy' or str(e) == '(1060, "Duplicate column name \'haproxy\'")': print('Updating... go to version 4.3.1') else: print("An error occurred:", e) def update_db_v_5_1_2(**kwargs): data_source = [ {'param': 'smon_keep_history_range', 'value': '14', 'section': 'monitoring', 'desc': 'Retention period for SMON history', 'group': '1'}, {'param': 'checker_keep_history_range', 'value': '14', 'section': 'monitoring', 'desc': 'Retention period for Checker history', 'group': '1'} ] try: Setting.insert_many(data_source).on_conflict_ignore().execute() except Exception as e: if kwargs.get('silent') != 1: if str(e) == 'columns param, group are not unique': pass else: print("An error occurred:", e) else: if kwargs.get('silent') != 1: print('Updating... DB has been updated to version 5.1.2') def update_db_v_5_1_3(**kwargs): cursor = conn.cursor() sql = """ALTER TABLE `servers` ADD COLUMN protected INTEGER NOT NULL DEFAULT 0;""" try: cursor.execute(sql) except Exception as e: if kwargs.get('silent') != 1: if str(e) == 'duplicate column name: protected' or str(e) == '(1060, "Duplicate column name \'protected\'")': print('Updating... DB has been updated to version 5.1.3') else: print("An error occurred:", e) else: print("DB has been updated to version 5.1.3") def update_db_v_5_2_0(**kwargs): try: Setting.insert(param='portscanner_keep_history_range', value=14, section='monitoring', desc='Retention period for Port scanner history').execute() except Exception as e: if kwargs.get('silent') != 1: if ( str(e) == 'columns param, group are not unique' or str(e) == '(1062, "Duplicate entry \'portscanner_keep_history_range-1\' for key \'param\'")' or str(e) == 'UNIQUE constraint failed: settings.param, settings.group' ): pass else: print("An error occurred:", e) else: if kwargs.get('silent') != 1: print('Updating... DB has been updated to version 5.2.0') def update_db_v_5_2_4(**kwargs): cursor = conn.cursor() sql = """ALTER TABLE `user` ADD COLUMN user_services varchar(20) DEFAULT '1 2 3 4';""" try: cursor.execute(sql) except Exception as e: if kwargs.get('silent') != 1: if str(e) == 'duplicate column name: user_services' or str(e) == '(1060, "Duplicate column name \'user_services\'")': print('Updating... DB has been updated to version 5.2.4') else: print("An error occurred:", e) else: print("Updating... DB has been updated to version 5.2.4") def update_db_v_5_2_4_1(**kwargs): cursor = conn.cursor() sql = """ALTER TABLE `servers` ADD COLUMN nginx_metrics integer DEFAULT 0;""" try: cursor.execute(sql) except Exception as e: if kwargs.get('silent') != 1: if str(e) == 'duplicate column name: nginx_metrics' or str(e) == '(1060, "Duplicate column name \'nginx_metrics\'")': print('Updating... DB has been updated to version 5.2.4-1') else: print("An error occurred:", e) else: print("Updating... DB has been updated to version 5.2.4-1") def update_db_v_5_2_5(**kwargs): query = Role.update(name='user').where(Role.name == 'editor') try: query.execute() except Exception as e: if kwargs.get('silent') != 1: if str(e) == 'column name is not unique' or str(e) == '(1060, "column name is not unique")': print('Updating... DB has been updated to version 5.2.5-1') else: print("An error occurred:", e) else: if kwargs.get('silent') != 1: print("Updating... DB has been updated to version 5.2.5") def update_db_v_5_2_5_1(**kwargs): query = User.update(role='user').where(User.role == 'editor') try: query.execute() except Exception as e: print("An error occurred:", e) else: if kwargs.get('silent') != 1: print("Updating... DB has been updated to version 5.2.5-1") def update_db_v_5_2_5_2(**kwargs): query = Role.delete().where(Role.name == 'editor') try: query.execute() except Exception as e: print("An error occurred:", e) else: if kwargs.get('silent') != 1: print("Updating... DB has been updated to version 5.2.5-2") def update_db_v_5_2_5_3(**kwargs): cursor = conn.cursor() sql = list() sql.append("alter table user add column last_login_date timestamp default '0000-00-00 00:00:00'") sql.append("alter table user add column last_login_ip VARCHAR ( 64 )") for i in sql: try: cursor.execute(i) except: pass else: if kwargs.get('silent') != 1: print('Updating... DB has been updated to version 5.2.5-3') def update_db_v_5_2_6(**kwargs): query = Setting.delete().where(Setting.param == 'haproxy_enterprise') try: query.execute() except Exception as e: print("An error occurred:", e) else: if kwargs.get('silent') != 1: print("Updating... DB has been updated to version 5.2.6") def update_db_v_5_3_0(**kwargs): groups = '' query = Groups.select() try: query_res = query.execute() except Exception as e: out_error(e) else: groups = query_res for g in groups: try: data_source = [ {'param': 'nginx_container_name', 'value': 'nginx', 'section': 'nginx', 'desc': 'Docker container name for Nginx service', 'group': g.group_id}, {'param': 'haproxy_container_name', 'value': 'haproxy', 'section': 'haproxy', 'desc': 'Docker container name for HAProxy service', 'group': g.group_id}, ] try: Setting.insert_many(data_source).on_conflict_ignore().execute() except Exception as e: if kwargs.get('silent') != 1: if str(e) == 'columns param, group are not unique': pass else: print("An error occurred:", e) except Exception as e: if kwargs.get('silent') != 1: if ( str(e) == 'columns param, group are not unique' or str(e) == '(1062, "Duplicate entry \'nginx_container_name\' for key \'param\'")' or str(e) == 'UNIQUE constraint failed: settings.param, settings.group' ): pass else: print("An error occurred:", e) def update_db_v_5_3_1(**kwargs): cursor = conn.cursor() sql = """ ALTER TABLE `servers` ADD COLUMN keepalived_active INTEGER NOT NULL DEFAULT 0; """ try: cursor.execute(sql) except Exception as e: if kwargs.get('silent') != 1: if e.args[0] == 'duplicate column name: keepalived_active' or str(e) == '(1060, "Duplicate column name \'keepalived_active\'")': print('Updating... DB has been updated to version 5.3.1') else: print("An error occurred:", e) else: print("Updating... DB has been updated to version 5.3.1") def update_db_v_5_3_2(**kwargs): try: Setting.insert(param='checker_maxconn_threshold', value=90, section='monitoring', desc='Threshold value for alerting, in %').execute() except Exception as e: if kwargs.get('silent') != 1: if ( str(e) == 'columns param, group are not unique' or str(e) == '(1062, "Duplicate entry \'checker_maxconn_threshold-1\' for key \'param\'")' or str(e) == 'UNIQUE constraint failed: settings.param, settings.group' ): pass else: print("An error occurred:", e) else: if kwargs.get('silent') != 1: print('Updating... DB has been updated to version 5.3.2') def update_db_v_5_3_2_2(**kwargs): cursor = conn.cursor() sql = """ ALTER TABLE `servers` ADD COLUMN keepalived_alert INTEGER NOT NULL DEFAULT 0; """ try: cursor.execute(sql) except Exception as e: if kwargs.get('silent') != 1: if e.args[0] == 'duplicate column name: keepalived_alert' or str(e) == '(1060, "Duplicate column name \'keepalived_alert\'")': print('Updating... DB has been updated to version 5.3.2') else: print("An error occurred:", e) else: print("Updating... DB has been updated to version 5.3.2") def update_db_v_5_4_2(**kwargs): cursor = conn.cursor() sql = """ALTER TABLE `smon` ADD COLUMN slack_channel_id integer DEFAULT '0';""" try: cursor.execute(sql) except Exception as e: if kwargs.get('silent') != 1: if str(e) == 'duplicate column name: slack_channel_id' or str(e) == '(1060, "Duplicate column name \'slack_channel_id\'")': print('Updating... DB has been updated to version 5.4.2') else: print("An error occurred:", e) else: print("Updating... DB has been updated to version 5.4.2") def update_db_v_5_4_3(**kwargs): query = Setting.update(param='nginx_path_logs', value='/var/log/nginx/').where(Setting.param == 'nginx_path_error_logs') try: query.execute() except Exception as e: print("An error occurred:", e) else: if kwargs.get('silent') != 1: print("Updating... DB has been updated to version 5.4.3") def update_db_v_5_4_3_1(**kwargs): query = Setting.update( value='/etc/nginx/').where(Setting.param == 'nginx_dir') try: query.execute() except Exception as e: print("An error occurred:", e) else: if kwargs.get('silent') != 1: print("Updating... DB has been updated to version 5.4.3-1") def update_ver(): query = Version.update(version='5.5.0.0') try: query.execute() except: print('Cannot update version') def update_all(): if check_ver() is None: update_db_v_3_4_5_22() update_db_v_4_3_0() update_db_v_5_1_2() update_db_v_5_1_3() update_db_v_5_2_0() update_db_v_5_2_4() update_db_v_5_2_4_1() update_db_v_5_2_5() update_db_v_5_2_5_1() update_db_v_5_2_5_2() update_db_v_5_2_5_3() update_db_v_5_2_6() update_db_v_5_3_0() update_db_v_5_3_1() update_db_v_5_3_2() update_db_v_5_3_2_2() update_db_v_5_4_2() update_db_v_5_4_3() update_db_v_5_4_3_1() update_ver() def update_all_silent(): if check_ver() is None: update_db_v_3_4_5_22() update_db_v_4_3_0(silent=1) update_db_v_5_1_2(silent=1) update_db_v_5_1_3(silent=1) update_db_v_5_2_0(silent=1) update_db_v_5_2_4(silent=1) update_db_v_5_2_4_1(silent=1) update_db_v_5_2_5(silent=1) update_db_v_5_2_5_1(silent=1) update_db_v_5_2_5_2(silent=1) update_db_v_5_2_5_3(silent=1) update_db_v_5_2_6(silent=1) update_db_v_5_3_0(silent=1) update_db_v_5_3_1(silent=1) update_db_v_5_3_2(silent=1) update_db_v_5_3_2_2(silent=1) update_db_v_5_4_2(silent=1) update_db_v_5_4_3(silent=1) update_db_v_5_4_3_1(silent=1) update_ver() if __name__ == "__main__": create_tables() default_values() update_all()