def service_settings(request, service_id): service = get_object_or_404(Service, pk=service_id) site = privileges_check(service.site.id, request.user) if site is None: return HttpResponseForbidden() if service.is_busy: return redirect(site) breadcrumbs = { 0: dict(name='Managed Web Service server: ' + str(site.name), url=site.get_absolute_url()), 1: dict(name='Server settings' if service.primary else 'Test server settings', url=reverse(service_settings, kwargs={'service_id': service.id})) } return render( request, 'mws/settings.html', { 'breadcrumbs': breadcrumbs, 'site': site, 'service': service, 'sidebar_messages': warning_messages(site), })
def clone_vm_view(request, site_id): site = privileges_check(site_id, request.user) if site is None: return HttpResponseForbidden() breadcrumbs = { 0: dict(name='Managed Web Service server: ' + str(site.name), url=site.get_absolute_url()), 1: dict(name='Production and test servers management', url=reverse(clone_vm_view, kwargs={'site_id': site.id})) } if request.method == 'POST': if site.is_ready and site.test_service: clone_vm_api_call.delay(site) messages.info(request, 'The test server is being created. This will usually take around 10 minutes. You will need to refresh the page.') elif not site.is_ready: messages.error(request, 'The test server cannot be created while the production server is being configured.') elif not site.test_service: messages.error(request, 'The test server cannot be created at this moment, please contact [email protected]') return redirect(site) return render(request, 'mws/clone_vm.html', { 'breadcrumbs': breadcrumbs, 'site': site, })
def quarantine(request, service_id): service = get_object_or_404(Service, pk=service_id) site = privileges_check(service.site.id, request.user) if site is None: return HttpResponseForbidden() if not service or not service.active or service.is_busy: return redirect(site) breadcrumbs = { 0: dict(name='Managed Web Service server: ' + str(site.name), url=site.get_absolute_url()), 1: dict(name='Server settings' if service.primary else 'Test server settings', url=reverse(service_settings, kwargs={'service_id': service.id})), 2: dict(name='Quarantine', url=reverse(quarantine, kwargs={'service_id': service.id})), } parameters = { 'breadcrumbs': breadcrumbs, 'service': service, 'site': site, 'sidebar_messages': warning_messages(site), } if request.method == 'POST' and not site.is_admin_suspended(): if request.POST['quarantine'] == "Quarantine": service.quarantined = True else: service.quarantined = False service.save() launch_ansible(service) return redirect(site) return render(request, 'mws/quarantine.html', parameters)
def force_update(request, site_id): site = privileges_check(site_id, request.user) if site is None: return HttpResponseForbidden() if request.method == 'POST': launch_ansible_site(site) # to refresh lookup lists # TODO add message to the user return redirect(site)
def service_status(request, service_id): service = get_object_or_404(Service, pk=service_id) site = privileges_check(service.site.id, request.user) if site is None: return HttpResponseForbidden() if service.is_ready: return HttpResponse(json.dumps({'status': 'ready'}), content_type='application/json') else: return HttpResponse(json.dumps({'status': 'busy'}), content_type='application/json')
def change_db_root_password(request, service_id): service = get_object_or_404(Service, pk=service_id) site = privileges_check(service.site.id, request.user) if site is None: return HttpResponseForbidden() if (service.operating_system == 'stretch') \ or not service or not service.active or service.is_busy: return redirect(site) breadcrumbs = { 0: dict(name='Managed Web Service server: ' + str(site.name), url=site.get_absolute_url()), 1: dict(name='Server settings' if service.primary else 'Test server settings', url=reverse(service_settings, kwargs={'service_id': service.id})), 2: dict(name='Change db root pass', url=reverse(change_db_root_password, kwargs={'service_id': service.id})), } if request.method == 'POST': if request.POST.get( 'typepost') == "Delete temporary mySQL root password": AnsibleConfiguration.objects.filter( service=service, key="mysql_root_password").delete() else: ansibleconf, created = AnsibleConfiguration.objects.get_or_create( service=service, key="mysql_root_password") ansibleconf.value = "Resetting" ansibleconf.save() ansible_change_mysql_root_pwd.delay(service) return HttpResponseRedirect( reverse(change_db_root_password, kwargs={'service_id': service.id})) ansibleconf = AnsibleConfiguration.objects.filter( service=service, key="mysql_root_password") ansibleconf = ansibleconf[0].value if ansibleconf else None return render( request, 'mws/change_db_root_password.html', { 'breadcrumbs': breadcrumbs, 'service': service, 'site': site, 'sidebar_messages': warning_messages(site), 'ansibleconf': ansibleconf, })
def power_vm(request, service_id): service = get_object_or_404(Service, pk=service_id) site = privileges_check(service.site.id, request.user) if site is None: return HttpResponseForbidden() if not service or not service.active or service.is_busy: return redirect(site) service.power_on() return redirect(service_settings, service_id=service.id)
def resend_email_confirmation_view(request, site_id): site = privileges_check(site_id, request.user) if site is None: return HttpResponseForbidden() if request.method == 'POST': from apimws.utils import send_email_confirmation send_email_confirmation.delay(site) else: return HttpResponseForbidden() return HttpResponse()
def switch_services(request, site_id): '''This function swiches the production and test services''' site = get_object_or_404(Site, pk=site_id) site = privileges_check(site.id, request.user) if site is None: return HttpResponseForbidden() if site.switch_services(): return redirect(site) else: messages.error(request, 'An error happened while trying to switch the test server with the production server') return redirect(site)
def resync(request, site_id): '''This function syncs production file system with the test one''' site = get_object_or_404(Site, pk=site_id) site = privileges_check(site.id, request.user) if not site.is_ready: messages.error(request, 'Any of the two server is busy during configuration, wait until both of them are ready') return redirect(site) if request.method == 'POST': post_installOS.delay(site.test_service) messages.info(request, 'The filesystem started to synchronise') return redirect(site)
def add_supporter(request, site_id): site = privileges_check(site_id, request.user) if site is None: return HttpResponseForbidden() if request.method == 'POST': site.supporters.add(request.user) launch_ansible_site(site) remove_supporter.apply_async(args=(site.id, request.user.username), countdown=3600) # Remove supporter after 1 hour return redirect(site)
def php_libs(request, service_id): service = get_object_or_404(Service, pk=service_id) site = privileges_check(service.site.id, request.user) if site is None: return HttpResponseForbidden() if not service or not service.active or service.is_busy: return redirect(site) breadcrumbs = { 0: dict(name='Managed Web Service server: ' + str(site.name), url=site.get_absolute_url()), 1: dict(name='Server settings' if service.primary else 'Test server settings', url=reverse(service_settings, kwargs={'service_id': service.id})), 2: dict(name='PHP Libraries', url=reverse(php_libs, kwargs={'service_id': service.id})), } from apimws.forms import PHPLibForm parameters = { 'breadcrumbs': breadcrumbs, 'service': service, 'site': site, 'sidebar_messages': warning_messages(site), 'form': PHPLibForm(initial={ 'php_libs': list(service.php_libs.values_list('name', flat=True)) }), } if request.method == 'POST': f = PHPLibForm(request.POST) if f.is_valid(): service.php_libs.set(PHPLib.objects.filter( name__in=f.cleaned_data['php_libs']).all(), clear=True) service.save() launch_ansible(service) return render(request, 'mws/phplibs.html', parameters)
def auth_change(request, site_id): site = privileges_check(site_id, request.user) if site is None: return HttpResponseForbidden() if not site.production_service or site.production_service.virtual_machines.count() == 0 \ or site.production_service.is_busy: return redirect(site) if request.method == 'POST': authuserlist = validate_crsid_list( request.POST.getlist('users_crsids')) sshuserlist = validate_crsid_list( request.POST.getlist('sshusers_crsids')) authgrouplist = validate_groupid_list(request.POST.getlist('groupids')) sshauthgrouplist = validate_groupid_list( request.POST.getlist('sshgroupids')) site.users.clear() site.users.add(*authuserlist) site.ssh_users.clear() site.ssh_users.add(*sshuserlist) site.groups.clear() site.groups.add(*authgrouplist) site.ssh_groups.clear() site.ssh_groups.add(*sshauthgrouplist) launch_ansible_site( site ) # to add or delete users from the ssh/login auth list of the server return redirect(site) breadcrumbs = { 0: dict(name='Managed Web Server: ' + str(site.name), url=site.get_absolute_url()), 1: dict(name='Authorisation', url=reverse(auth_change, kwargs={'site_id': site.id})) } return render( request, 'mws/auth.html', { 'authorised_users': site.users.all(), 'sshuserlist': site.ssh_users.all(), 'authorised_groups': site.groups.all(), 'sshusers_groups': site.ssh_groups.all(), 'breadcrumbs': breadcrumbs, 'sidebar_messages': warning_messages(site), 'site': site })
def service_status(request, service_id): service = get_object_or_404(Service, pk=service_id) site = privileges_check(service.site.id, request.user) if site is None: return HttpResponseForbidden() if not (site.production_service.is_ready or site.test_service.is_ready): status = 'busy' elif not site.production_service.is_ready: status = 'prod' elif not site.test_service.is_ready: status = 'test' else: status = 'ready' return HttpResponse(json.dumps({'status': status}), content_type='application/json')
def delete_vm(request, service_id): service = get_object_or_404(Service, pk=service_id) site = privileges_check(service.site.id, request.user) if site is None or service.primary: return HttpResponseForbidden() if not service or not service.active or service.is_busy: return redirect(site) if request.method == 'POST': for vm in service.virtual_machines.all(): vm.delete() return redirect(site) return HttpResponseForbidden()
def generate_csr(request, vhost_id): vhost = get_object_or_404(Vhost, pk=vhost_id) site = privileges_check(vhost.service.site.id, request.user) if request.method == 'POST' and vhost.tls_key_hash != 'requested' and vhost.tls_key_hash != 'renewal': if vhost.main_domain is None: breadcrumbs = { 0: dict(name='Managed Web Service server: ' + str(site.name), url=site.get_absolute_url()), 1: dict(name='Server settings' if vhost.service.primary else 'Test server settings', url=reverse('sitesmanagement.views.service_settings', kwargs={'service_id': vhost.service.id})), 2: dict(name='Vhosts Management: %s' % vhost.name, url=reverse('listvhost', kwargs={'service_id': vhost.service.id})), 3: dict(name='TLS/SSL Certificates', url=reverse(certificates, kwargs={'vhost_id': vhost.id})), } return render( request, 'mws/certificates.html', { 'breadcrumbs': breadcrumbs, 'vhost': vhost, 'service': vhost.service, 'site': site, 'error_main_domain': True }) if vhost.tls_enabled: vhost.tls_key_hash = 'renewal' vhost.csr = None vhost.save() else: vhost.tls_key_hash = 'requested' vhost.certificate = None vhost.csr = None vhost.tls_enabled = False vhost.save() launch_ansible(vhost.service) return redirect(reverse(certificates, kwargs={'vhost_id': vhost.id}))
def vhost_onwership(request, vhost_id): vhost = get_object_or_404(Vhost, pk=vhost_id) site = privileges_check(vhost.service.site.id, request.user) service = vhost.service if site is None or (not service or not service.active or service.is_busy): return HttpResponseForbidden() if request.method == 'POST' and not vhost.apache_owned: vhost_enable_apache_owned.delay(vhost_id) return HttpResponse( "The ownership of the '%s' website docroot folder has been changed to www-data " "successfully. This change will only remain for one hour." % vhost.name) return HttpResponseForbidden( "An error happened while changing ownership of the docroot folder of the '%s' " "website" % vhost.name)
def billing_management(request, site_id): site = privileges_check(site_id, request.user) if site is None: return HttpResponseForbidden() breadcrumbs = { 0: dict(name='Managed Web Service server: ' + str(site.name), url=site.get_absolute_url()), 1: dict(name='Billing', url=reverse('billing_management', kwargs={'site_id': site.id})) } if request.method == 'POST': if hasattr(site, 'billing'): billing_form = BillingForm(request.POST, request.FILES, instance=site.billing) if billing_form.is_valid(): billing_form.save() return redirect(site) else: billing_form = BillingForm(request.POST, request.FILES) if billing_form.is_valid(): billing = billing_form.save(commit=False) billing.site = site billing.save() return redirect(site) elif hasattr(site, 'billing'): billing_form = BillingForm(instance=site.billing) else: billing_form = BillingForm() return render( request, 'mws/billing.html', { 'breadcrumbs': breadcrumbs, 'site': site, 'billing_form': billing_form, 'sidebar_messages': warning_messages(site), 'cost': ServerType.objects.get(id=1).price })
def reset_vm(request, service_id): service = get_object_or_404(Service, pk=service_id) site = privileges_check(service.site.id, request.user) if site is None: return HttpResponseForbidden() if not service or not service.active or service.is_busy: messages.error(request, 'Any of the two server is busy during configuration, wait until both of them are ready') return redirect(site) if request.method == 'POST': if service.do_reset(): messages.success(request, "Your server will be restarted shortly") else: messages.error(request, "Your server couldn't be restarted") else: messages.error(request, "An error happened") return redirect(site)
def clone_vm_view(request, site_id): site = privileges_check(site_id, request.user) if site is None: return HttpResponseForbidden() can_upgrade = False is_queued = False if settings.MAX_PENDING_UPGRADES: pending_upgrades = len([x for x in Service.objects.filter(type='test').prefetch_related('virtual_machines') if x.active]) if pending_upgrades < settings.MAX_PENDING_UPGRADES: can_upgrade = True else: if not hasattr(site,'queueentry'): QueueEntry.objects.create(site=site) else: is_queued = True breadcrumbs = { 0: dict(name='Managed Web Service server: ' + str(site.name), url=site.get_absolute_url()), 1: dict(name='Production and test servers management', url=reverse(clone_vm_view, kwargs={'site_id': site.id})) } if request.method == 'POST': if site.is_ready and site.test_service: clone_vm_api_call.delay(site) messages.info(request, 'The test server is being created. This will usually take around 10 minutes. You will need to refresh the page.') elif not site.is_ready: messages.error(request, 'The test server cannot be created while the production server is being configured.') elif not site.test_service: messages.error(request, 'The test server cannot be created at this moment, please contact [email protected]') return redirect(site) return render(request, 'mws/clone_vm.html', { 'breadcrumbs': breadcrumbs, 'site': site, 'can_upgrade': can_upgrade, 'is_queued': is_queued, })
def set_dn_as_main(request, domain_id): """View(Controller) to set the domain name selected as the main domain of the vhost""" domain = get_object_or_404(DomainName, pk=domain_id) vhost = domain.vhost site = privileges_check(vhost.service.site.id, request.user) service = vhost.service if site is None: return HttpResponseForbidden() if not service or not service.active or service.is_busy: return redirect(site) if request.method == 'POST': vhost.main_domain = domain vhost.save() launch_ansible( vhost.service ) # to update the vhost main domain name in the apache configuration return HttpResponseRedirect( reverse('listdomains', kwargs={'vhost_id': vhost.id}))
def certificates(request, vhost_id): vhost = get_object_or_404(Vhost, pk=vhost_id) site = privileges_check(vhost.service.site.id, request.user) service = vhost.service if site is None: return HttpResponseForbidden() if not service or not service.active or service.is_busy: return redirect(site) if not vhost.domain_names.all(): return redirect( reverse('listvhost', kwargs={'service_id': vhost.service.id})) breadcrumbs = { 0: dict(name='Managed Web Service server: ' + str(site.name), url=site.get_absolute_url()), 1: dict(name='Server settings' if vhost.service.primary else 'Test server settings', url=reverse('sitesmanagement.views.service_settings', kwargs={'service_id': vhost.service.id})), 2: dict(name='Web sites management: %s' % vhost.name, url=reverse('listvhost', kwargs={'service_id': vhost.service.id})), 3: dict(name='TLS/SSL Certificate', url=reverse(certificates, kwargs={'vhost_id': vhost.id})), } error_message = None if request.method == 'POST': try: if 'cert' in request.FILES: try: certificates_str = request.FILES['cert'].file.read() cert = crypto.load_certificate(crypto.FILETYPE_PEM, certificates_str) except Exception as e: raise ValidationError("The certificate file is invalid") if vhost.csr is None: raise ValidationError("CSR does not exists") if not csr_match_crt(vhost.csr, certificates_str): raise ValidationError( "The certificate doesn't match the CSR") issuer = None for component in cert.get_issuer().get_components(): if component[0] == 'CN': issuer = component[1] if not issuer: raise ValidationError( "The certificate doesn't have any issuer") if issuer not in CERTIFICATE_CHAINS: raise ValidationError("Certificate issuer unknown by MWS") vhost.certificate = certificates_str vhost.certificate_chain = CERTIFICATE_CHAINS[issuer] vhost.tls_enabled = True if vhost.tls_key_hash == 'renewal_waiting_cert': vhost.tls_key_hash = 'renewal_cert' vhost.save() launch_ansible(service) else: raise ValidationError("No Certificate uploaded") except ValidationError as e: error_message = e.message return render( request, 'mws/certificates.html', { 'breadcrumbs': breadcrumbs, 'vhost': vhost, 'service': vhost.service, 'site': site, 'sidebar_messages': warning_messages(site), 'error_message': error_message })
def add_domain(request, vhost_id, socket_error=None): """View(Controller) to add a domain name to the vhost selected. """ vhost = get_object_or_404(Vhost, pk=vhost_id) site = privileges_check(vhost.service.site.id, request.user) service = vhost.service if site is None: return HttpResponseForbidden() if not service or not service.active or service.is_busy: return redirect(site) if request.method == 'POST': domain_form = DomainNameFormNew(request.POST) if domain_form.is_valid(): domain_requested = domain_form.save(commit=False) if domain_requested.name != '': if is_camacuk(domain_requested.name): if domain_requested.name.endswith( ".usertest.mws3.csx.cam.ac.uk"): new_domain = DomainName.objects.create( name=domain_requested.name, status='accepted', vhost=vhost, requested_by=request.user) new_domain.accept_it() elif domain_requested.name.endswith(".mws3.csx.cam.ac.uk"): new_domain = DomainName.objects.create( name=domain_requested.name, status='denied', vhost=vhost, requested_by=request.user) elif 'special_case' in domain_form.data: new_domain = DomainName.objects.create( name=domain_requested.name, status='special', vhost=vhost, requested_by=request.user, reject_reason="User marked as special") else: new_domain = DomainName.objects.create( name=domain_requested.name, status='requested', vhost=vhost, requested_by=request.user) ip_register_api_request.delay(new_domain) else: new_domain = DomainName.objects.create( name=domain_requested.name, status='external', vhost=vhost, requested_by=request.user) if vhost.main_domain is None or \ vhost.main_domain.name == vhost.service.network_configuration.name: vhost.main_domain = new_domain vhost.save() launch_ansible( vhost.service ) # to add the new domain name to the vhost apache configuration else: breadcrumbs = { 0: dict(name='Managed Web Service server: ' + str(site.name), url=site.get_absolute_url()), 1: dict(name='Server settings' if vhost.service.primary else 'Test server settings', url=reverse('sitesmanagement.views.service_settings', kwargs={'service_id': vhost.service.id})), 2: dict(name='Web sites management: %s' % vhost.name, url=reverse('listvhost', kwargs={'service_id': vhost.service.id})), 3: dict(name='Domain Names management', url=reverse('listdomains', kwargs={'vhost_id': vhost.id})) } return render( request, 'mws/domains.html', { 'breadcrumbs': breadcrumbs, 'vhost': vhost, 'site': site, 'service': vhost.service, 'domain_form': domain_form, 'error': True }) return redirect(reverse('listdomains', kwargs={'vhost_id': vhost.id}))