Beispiel #1
0
    def init_ejbca_vpn(self):
        """
        Configures EJBCA for use for VPN
        Throws an exception if something goes wrong.
        :return:
        """
        if self.args.no_ejbca_install:
            logger.warning('EJBCA disabled, cannot prepare VPN vars')
            return

        ret = self.ejbca.vpn_create_ca()
        if ret != 0:
            raise errors.SetupError('Cannot create CA for the VPN')

        ret = self.ejbca.vpn_create_profiles()
        if ret != 0:
            raise errors.SetupError(
                'Cannot create new identity profiles in EJBCA for VPN')

        time.sleep(2)
        ret = self.ejbca.vpn_create_server_certs()
        if ret != 0:
            raise errors.SetupError(
                'Cannot create new certificate for VPN server')

        ret = self.ejbca.vpn_create_crl()
        if ret != 0:
            raise errors.SetupError('Cannot generate new CRL for the VPN')

        self.vpn_keys = self.ejbca.vpn_get_server_cert_paths()
        self.vpn_crl = self.ejbca.vpn_get_crl_path()
        self.vpn_client_config = self.ejbca.vpn_get_vpn_client_config_path()
        self.ejbca.vpn_install_cron()
Beispiel #2
0
def untar_get_single_dir(archive_path, sysconfig):
    """
    tar -xzvf archive && get the only one folder in the archive folder
    archive_path should be the only file in the directory.
    
    :param archive: 
    :return: 
    """
    basedir = os.path.dirname(archive_path)
    cmd = 'tar -xzf %s' % archive_path
    ret, out, err = sysconfig.cli_cmd_sync(cmd, write_dots=True, cwd=basedir)
    if ret != 0:
        raise errors.SetupError('Could not extract the archive')

    folders = [
        f for f in os.listdir(basedir) if
        not os.path.isfile(os.path.join(basedir, f)) and f != '.' and f != '..'
    ]

    if len(folders) != 1:
        raise errors.SetupError(
            'Invalid folder structure after update extraction')

    archive_dir = os.path.join(basedir, folders[0])
    return archive_dir
Beispiel #3
0
    def init_vpn(self):
        """
        Installs and configures VPN daemon.
        Throws an exception if something goes wrong.
        :return:
        """
        self.ovpn.config = self.config

        ret = self.ovpn.install()
        if ret != 0:
            raise errors.SetupError('Cannot install openvpn package')

        ret = self.ovpn.generate_dh_group(self.full_reinstall)
        if ret != 0:
            raise errors.SetupError(
                'Cannot generate a new DH group for VPN server')

        self.ovpn.configure_server()

        vpn_ca, vpn_cert, vpn_key = self.vpn_keys
        if self.args.no_ejbca_install:
            logger.warning('EJBCA disabled, VPN wont be configured properly')

        else:
            ret = self.ovpn.store_server_cert(ca=vpn_ca,
                                              cert=vpn_cert,
                                              key=vpn_key)
            if ret != 0:
                raise errors.SetupError(
                    'Cannot install VPN certificate+key to the VPN server')

            self.ovpn.configure_crl(crl_path=self.vpn_crl)

        # Configure VPN client configuration file to match the server config
        self.ovpn.client_config_path = self.vpn_client_config
        self.ovpn.configure_client()
        self.ejbca.jboss_fix_privileges()

        # OS configuration
        ret = self.ovpn.setup_os()
        if ret != 0:
            raise errors.SetupError(
                'Cannot configure OS for the openvpn server (ip forwarding, masquerade)'
            )

        # Starting VPN server
        ret = self.ovpn.enable()
        if ret != 0:
            raise errors.SetupError(
                'Cannot set openvpn server to start after boot')

        Core.write_configuration(self.config)
Beispiel #4
0
    def init_supervisord(self):
        """
        Installs supervisord
        :return:
        """
        self.supervisord.install()

        ret = self.supervisord.enable()
        if ret != 0:
            raise errors.SetupError(
                'Error with setting supervisord to start after boot')

        ret = self.supervisord.switch(restart=True)
        if ret != 0:
            raise errors.SetupError('Error in starting supervisord daemon')
Beispiel #5
0
    def init_php(self):
        """
        Installs php
        :return: 
        """
        self.php.user = self.nginx.nginx_user
        self.php.install()
        self.php.configure()

        ret = self.php.enable()
        if ret != 0:
            raise errors.SetupError(
                'Error with setting php to start after boot')

        ret = self.php.switch(restart=True)
        if ret != 0:
            raise errors.SetupError('Error in starting php daemon')
Beispiel #6
0
 def init_dnsmasq_restart(self):
     """
     Restarts dns masq
     :return: 
     """
     ret = self.dnsmasq.switch(restart=True)
     if ret != 0:
         raise errors.SetupError('Error in starting dnsmasq daemon')
Beispiel #7
0
 def init_nginx_start(self):
     """
     Starts Nginx
     Can start it after it is properly configured & PHP is installed
     :return: 
     """
     ret = self.nginx.switch(restart=True)
     if ret != 0:
         raise errors.SetupError('Error in starting nginx daemon')
Beispiel #8
0
    def init_dnsmasq(self):
        """
        Initializes DNSMasq
        Throws an exception if something goes wrong.
        :return:
        """
        self.dnsmasq.hostname = self.certificates.hostname
        self.dnsmasq.vpn_server_ip = self.ovpn.get_ip_vpn_server()

        ret = self.dnsmasq.install()
        if ret != 0:
            raise errors.SetupError('Error with dnsmasq installation')

        self.dnsmasq.configure_server()

        ret = self.dnsmasq.enable()
        if ret != 0:
            raise errors.SetupError(
                'Error with setting dnsmasq to start after boot')

        self.dnsmasq.switch(restart=True)
Beispiel #9
0
    def init_vpn_start(self):
        """
        Starts VPN server
        :return:
        """
        if self.args.no_ejbca_install and self.full_reinstall:
            logger.warning('EJBCA disabled, VPN wont be started')
            return

        ret = self.ovpn.switch(restart=True)
        if ret != 0:
            raise errors.SetupError('Cannot start openvpn server')
Beispiel #10
0
    def init_nginx(self):
        """
        Initializes Nginx
        Throws an exception if something goes wrong.
        :return:
        """
        self.nginx.hostname = self.certificates.hostname
        self.nginx.domains = self.config.domains
        self.nginx.internal_addresses = [
            '%s/%s' % (self.ovpn.get_ip_net(), self.ovpn.get_ip_net_size())
        ]
        self.nginx.cert_dir = self.ejbca.cert_dir
        self.nginx.html_root = self.pspace_web.get_public_dir(
        )  # Laravel based private space landing page
        self.nginx.add_le_subdomains(self.certificates.subdomains)

        ret = self.nginx.install()
        if ret != 0:
            raise errors.SetupError('Error with nginx installation')

        # Loading basic info
        self.nginx.load_configuration()

        # Install PHP
        self.init_php()

        # Configure properly
        self.nginx.configure_server()

        # Use Nginx certbot plugin for renewal
        self.config.le_renew_nginx = True
        Core.write_configuration(self.config)

        ret = self.nginx.enable()
        if ret != 0:
            raise errors.SetupError(
                'Error with setting nginx to start after boot')
Beispiel #11
0
    def reinstall_soft_body(self):
        """
        Reinstallation after initial checks
        :return: 
        """
        self.vpn_keys = self.ejbca.vpn_get_server_cert_paths()
        self.vpn_crl = self.ejbca.vpn_get_crl_path()
        self.vpn_client_config = self.ejbca.vpn_get_vpn_client_config_path()
        self.full_reinstall = False
        self.nextcloud.doing_reinstall = True
        self.ovpn.doing_reinstall = True

        self.reinstall_ejbca()

        self.ovpn.load_from_config()

        ret = self.init_main_phase_2_try()
        if ret != 0:
            raise errors.SetupError('Reinstall failed')
        Core.write_configuration(self.config)

        return ret