def setup():
"""
Configure the settings and load the apps.
"""
from zentral.apps import apps
from zentral.conf import settings
apps.populate(settings.get('apps', []))
def _load_middlewares(self):
self.processors = []
for entry in settings.get('middlewares', []):
mw_modulename, _, mw_classname = entry.rpartition('.')
mw_module = import_module(mw_modulename)
mw_class = getattr(mw_module, mw_classname)
self.processors.append(mw_class().process_event)
def test_source(self):
worker_count = 0
for worker in get_workers():
worker_count += 1
self.assertTrue(isinstance(worker.client.source["config"], dict))
self.assertEqual(
worker_count,
len(
settings.get('apps', {}).get('zentral.contrib.inventory',
{}).get('clients', [])))
def extra_links(request):
"""Django context processor to add the extra links from base.json"""
if not request.user.is_authenticated:
return {}
extra_links = []
for link in settings.get('extra_links', []):
authorized_groups = link.get("authorized_groups", None)
if authorized_groups and not request.user.is_superuser:
if not request.user.group_name_set:
# user is not a member of any group, it cannot be a match
continue
if not request.user.group_name_set.intersection(authorized_groups):
# no common groups
continue
extra_links.append(link)
return {'zentral_extra_links': extra_links}
def get_external_link_authorization_groups(self):
original_uri = self.request.META.get("HTTP_X_ORIGINAL_URI")
if not original_uri:
return
original_uri_first_elem = original_uri.strip("/").split("/")[0]
for link in zentral_settings.get('extra_links', []):
authorized_groups = link.get("authorized_groups")
if not authorized_groups:
continue
url = link.get("url")
if not url:
continue
if url.startswith("http") or url.startswith("//"):
continue
url_first_elem = url.strip("/").split("/")[0]
if url_first_elem == original_uri_first_elem:
return authorized_groups
def push_inventory_metrics():
ppg = settings.get('apps', {}).get('zentral.contrib.inventory', {}).get('prometheus_push_gateway', None)
if not ppg:
return
registry = CollectorRegistry()
g = Gauge('zentral_inventory_osx_apps', 'Zentral inventory OSX apps',
['name', 'version_str', 'source'],
registry=registry)
for r in osx_app_count():
count = r.pop('count')
g.labels(r).set(count)
g = Gauge('zentral_inventory_os_versions', 'Zentral inventory OS Versions',
['name', 'major', 'minor', 'patch', 'build', 'source'],
registry=registry)
for r in os_version_count():
count = r.pop('count')
g.labels(r).set(count)
push_to_gateway(ppg, job='zentral_push_inventory_metrics', registry=registry)
def extra_links(request):
"""Django context processor to add the extra links from base.json"""
return {'zentral_extra_links': settings.get('extra_links', [])}
ALLOWED_HOSTS = django_zentral_settings['ALLOWED_HOSTS']
# Application definition
INSTALLED_APPS = [
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'bootstrapform',
'base'
]
# add the zentral apps
for app_name in zentral_settings.get('apps', []):
INSTALLED_APPS.append(app_name)
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
)
ROOT_URLCONF = 'server.urls'
TEMPLATES = [
{
url(r'^admin/users/', include('accounts.urls', namespace='users')),
# special login view with verification device redirect
url(r'^accounts/login/$', login, name='login'),
url(r'^accounts/verify_totp/$',
VerifyTOTPView.as_view(),
name='verify_totp'),
url(r'^accounts/verify_u2f/$', VerifyU2FView.as_view(), name='verify_u2f'),
]
# add all the auth url patterns except the login
for up in auth_urlpatterns:
if up.name != 'login':
urlpatterns.append(up)
# zentral apps
for app_name in zentral_settings.get('apps', []):
app_shortname = app_name.rsplit('.', 1)[-1]
for url_prefix, url_module_name in (("", "urls"), ("api/", "api_urls")):
url_module = "{}.{}".format(app_name, url_module_name)
namespace = app_shortname
if url_prefix:
namespace = "{}_{}".format(namespace, url_prefix.strip("/"))
try:
urlpatterns.append(
url(r'^{p}{a}/'.format(p=url_prefix, a=app_shortname),
include(url_module, namespace=namespace)))
except ImportError as error:
if error.__class__.__name__ == "ModuleNotFoundError":
pass
else:
logger.exception("Could not load app %s %s", app_shortname,
def get_queues(settings):
queues_settings = settings.get('queues', {}).copy()
queues_settings['stores'] = list(settings.get('stores', {}).keys())
return get_queues_instance(queues_settings)
ROOT_DIR = os.path.realpath(os.path.join(os.path.dirname(__file__), "../../server"))
sys.path.insert(0, ROOT_DIR)
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'server.settings')
import django
django.setup()
from multiprocessing import Process
from zentral.conf import settings
from zentral.core.events.processor import EventProcessor
from zentral.core.queues import queues
def process_events(worker_id, prometheus_server_base_port):
event_processor = EventProcessor(worker_id,
prometheus_server_base_port)
processor_worker = queues.get_processor_worker(event_processor)
processor_worker.run()
if __name__ == '__main__':
pw_settings = settings.get('processor_workers', {})
worker_num = int(pw_settings.get('number', 1))
prometheus_server_base_port = pw_settings.get('prometheus_server_base_port', None)
p_l = []
for worker_id in range(worker_num):
p = Process(target=process_events,
args=(worker_id, prometheus_server_base_port))
p.daemon = 1
p.start()
p_l.append(p)
for p in p_l:
p.join()
For more information on this file, see
https://docs.djangoproject.com/en/1.8/topics/settings/
For the full list of settings and their values, see
https://docs.djangoproject.com/en/1.8/ref/settings/
"""
import os
from django.core.management import utils
# Import the zentral settings (base.json)
from zentral.conf import settings as zentral_settings
from .celery import app as celery_app
__all__ = ('celery_app', )
django_zentral_settings = zentral_settings.get('django', {})
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = django_zentral_settings.get('SECRET_KEY',
utils.get_random_secret_key())
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = django_zentral_settings.get('DEBUG', False)
ALLOWED_HOSTS = django_zentral_settings.get('ALLOWED_HOSTS', [])
if not ALLOWED_HOSTS:
fqdn = zentral_settings.get("api", {}).get("fqdn")
if fqdn:
path('accounts/password_reset/',
auth_views.PasswordResetView.as_view(),
name='password_reset'),
path('accounts/password_reset/done/',
auth_views.PasswordResetDoneView.as_view(),
name='password_reset_done'),
path('accounts/reset/<uidb64>/<token>/',
auth_views.PasswordResetConfirmView.as_view(),
name='password_reset_confirm'),
path('accounts/reset/done/',
auth_views.PasswordResetCompleteView.as_view(),
name='password_reset_complete'),
]
# zentral apps
for app_name, app_config in zentral_settings.get('apps', {}).items():
app_shortname = app_name.rsplit('.', 1)[-1]
for url_prefix, url_module_name in (("", "urls"), ("api/", "api_urls"),
("metrics/", "metrics_urls")):
if url_module_name == "metrics_urls" and not app_config.get(
"metrics", False):
continue
try:
urlpatterns.append(
path(f"{url_prefix}{app_shortname}/",
include(f"{app_name}.{url_module_name}")))
except ModuleNotFoundError:
pass
# static files
urlpatterns += staticfiles_urlpatterns()
def __init__(self, settings):
self.load_config(settings.get("secret_engines", {}))
sys.path.insert(0, ROOT_DIR)
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'server.settings')
import django
django.setup()
from multiprocessing import Process
from zentral.conf import settings
from zentral.core.events.processor import EventProcessor
from zentral.core.queues import queues
def process_events(worker_id, prometheus_server_base_port):
event_processor = EventProcessor(worker_id, prometheus_server_base_port)
processor_worker = queues.get_processor_worker(event_processor)
processor_worker.run()
if __name__ == '__main__':
pw_settings = settings.get('processor_workers', {})
worker_num = int(pw_settings.get('number', 1))
prometheus_server_base_port = pw_settings.get(
'prometheus_server_base_port', None)
p_l = []
for worker_id in range(worker_num):
p = Process(target=process_events,
args=(worker_id, prometheus_server_base_port))
p.daemon = 1
p.start()
p_l.append(p)
for p in p_l:
p.join()
def extra_links(request):
"""Django context processor to add the extra links from base.json"""
return {'zentral_extra_links': settings.get('extra_links', [])}
from django.conf.urls import include, url
from django.contrib.staticfiles.urls import staticfiles_urlpatterns
from zentral.conf import settings as zentral_settings
# base
urlpatterns = [url(r"^", include("base.urls", namespace="base"))]
# zentral apps
for app_name in zentral_settings.get("apps", []):
app_shortname = app_name.rsplit(".", 1)[-1]
url_module = "{}.urls".format(app_name)
urlpatterns.append(url(r"^{}/".format(app_shortname), include(url_module, namespace=app_shortname)))
# static files
urlpatterns += staticfiles_urlpatterns()