Exemple #1
0
def get_status():

    status = {'redis': {}, 'stunnel': {}}
    servers = Server.query.all()

    check_cmd = 'python -c "import socket;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);print s.connect_ex((\'{0}\', {1}))"'

    for server in servers:
        r = os.popen3(check_cmd.format(server.ip, 7777))
        stat = r[1].read().strip()
        if stat == '0':
            status['stunnel'][server.id] = True
        else:
            status['stunnel'][server.id] = False

        c = RemoteClient(host=server.hostname, ip=server.ip)
        try:
            c.startup()
        except:
            status['stunnel'][server.id] = False

        r = c.run(check_cmd.format('localhost', 6379))
        stat = r[1].strip()

        if stat == '0':
            status['redis'][server.id] = True
        else:
            status['redis'][server.id] = False

    return jsonify(status)
Exemple #2
0
def chekFSR(server, gluu_version):
    c = RemoteClient(server.hostname, ip=server.ip)
    
    paths = []
    
    try:
        c.startup()
    except Exception as e:
        flash("Can't establish SSH connection to {}".format(server.hostname),
              "warning")
        return False, [], paths
    
    csync_config = '/opt/gluu-server-{}/etc/csync2.cfg'.format(gluu_version)
    result = c.get_file(csync_config)
    
    if result[0]:
        
        servers = []

        paths

        for l in result[1].readlines():
            ls = l.strip()
            if ls.startswith('host') and ls.endswith(';'):
                hostname = ls.split()[1][:-1]
                servers.append(hostname)
            elif ls.startswith('include') and ls.endswith(';'):
                ipath = ls.split('include')[1].strip().strip(';').strip()
                paths.append(ipath)
        
        if servers:
            return True, servers, paths

    return False, [], paths
def get_uptime(host):
    """Retreives uptime for host
    
    Args:
        host (string): hostname of server
        
    returns: 
        Uptime for host
    """

    c = RemoteClient(host)
    try:
        c.startup()
    except:
        flash(
            "SSH Connection to host {} could not be established".format(host))
        return
    try:
        #Execute script on the remote server, fetch output and convert json data
        #to Python dictionary
        cmd = 'python /var/monitoring/scripts/get_data.py age'
        result = c.run(cmd)
        data = json.loads(result[1])
        return str(timedelta(seconds=data['data']['uptime']))
    except:
        flash("Uptime information could not be fethced from {}".format(host))
Exemple #4
0
 def __init__(self, server, tid):
     self.server = server
     self.tid = tid
     self.rc = RemoteClient(server.hostname, ip=server.ip)
     self.chdir = None
     if self.server.gluu_server:
         version = AppConfiguration.query.first().gluu_version
         self.chdir = "/opt/gluu-server-{0}".format(version)
Exemple #5
0
def dry_run(server_id):
    
    #return jsonify({'nginx': {'port_status': {7777: True, 1636: True, 80: True, 30865: True, 1689: True, 443: True, 4444: False, 8989: True}, 'ssh': True}, 'server': {'port_status': {7777: True, 1636: True, 80: True, 30865: True, 1689: True, 443: True, 4444: False, 8989: False}, 'ssh': True}})
    
    
    result = {'server':{'ssh':False, 'port_status':{}}, 'nginx':{'ssh':False, 'port_status':{}}}
    server_ports = [1689, 443, 4444, 1636, 80, 8989, 7777, 30865]
    
    for p in server_ports:
        result['nginx']['port_status'][p] = False
        result['server']['port_status'][p] = False
    
    server = Server.query.get(server_id)
    appconf = AppConfiguration.query.first()


    c = RemoteClient(server.hostname, server.ip)
    
    try:
        c.startup()
        result['server']['ssh']=True
    except:
        pass
    
    if result['server']['ssh']:
        #Test is any process listening ports that will be used by gluu-server
        for p in server_ports:
            r = c.run('nc -zv {} {}'.format(server.ip, p))
            if r[2].strip().endswith('open') or r[2].strip().endswith('succeeded!'):
                result['server']['port_status'][p] = True
    
    
        if appconf.external_load_balancer:
            c_host = appconf.cache_host
            c_ip = appconf.cache_ip
        else:
            c_host = appconf.nginx_host
            c_ip = appconf.nginx_ip
    
        c_nginx = RemoteClient(c_host, c_ip)
        try:
            c_nginx.startup()
            result['nginx']['ssh']=True
        except:
            pass
            
        if result['nginx']['ssh']:
            for p in server_ports:
                if not result['server']['port_status'][p]:
                    r = test_port(c, c_nginx, p)
                    if r:
                        result['nginx']['port_status'][p] = True
                else:
                    r = c_nginx.run('nc -zv {} {}'.format(server.ip, p))
                    if r[2].strip().endswith('open') or r[2].strip().endswith('succeeded!'):
                        result['nginx']['port_status'][p] = True
    
    return jsonify(result)
Exemple #6
0
def __get_remote_client(server, tid):
    rc = RemoteClient(server.hostname, ip=server.ip)
    try:
        rc.startup()
        wlogger.log(tid, "Connecting to server: {0}".format(server.hostname),
                    "success", server_id=server.id)
    except Exception as e:
        wlogger.log(tid, "Could not connect to the server over SSH. Error:"
                         "\n{0}".format(e), "error", server_id=server.id)
        return None
    return rc
Exemple #7
0
def setup_redis_cluster(tid):
    servers = Server.query.filter(Server.redis.is_(True)).filter(
        Server.stunnel.is_(True)).all()
    appconf = AppConfiguration.query.first()

    master_conf = [
        "port 7000", "cluster-enabled yes",
        "cluster-config-file nodes_7000.conf", "cluster-node-timeout 5000",
        "appendonly yes"
    ]
    slave_conf = [
        "port 7001", "cluster-enabled yes",
        "cluster-config-file nodes_7001.conf", "cluster-node-timeout 5000",
        "appendonly yes"
    ]
    for server in servers:
        rc = RemoteClient(server.hostname, ip=server.ip)
        try:
            rc.startup()
            wlogger.log(tid,
                        "Connecting to server ...",
                        "success",
                        server_id=server.id)
        except Exception as e:
            wlogger.log(tid,
                        "Could not connect to the server over SSH. Error:"
                        "{0}\nRedis configuration failed.".format(e),
                        "error",
                        server_id=server.id)
            continue

        chdir = '/'
        if server.gluu_server:
            chdir = "/opt/gluu-server-{0}".format(appconf.gluu_version)
        # upload the conf files
        wlogger.log(tid,
                    "Uploading redis conf files...",
                    "debug",
                    server_id=server.id)
        rc.put_file(os.path.join(chdir, "etc/redis/redis_7000.conf"),
                    "\n".join(master_conf))
        rc.put_file(os.path.join(chdir, "etc/redis/redis_7001.conf"),
                    "\n".join(slave_conf))
        # upload the modified init.d file
        rc.upload(
            os.path.join(app.root_path, "templates", "redis", "redis-server"),
            os.path.join(chdir, "etc/init.d/redis-server"))
        wlogger.log(tid,
                    "Configuration upload complete.",
                    "success",
                    server_id=server.id)

    return True
Exemple #8
0
def index():
    servers = Server.query.all()
    appconf = AppConfiguration.query.first()

    if not appconf:
        flash(
            "The application needs to be configured first. Kindly set the "
            "values before attempting clustering.", "warning")
        return redirect(url_for("index.app_configuration"))

    if not servers:
        flash("Add servers to the cluster before attempting to manage cache",
              "warning")
        return redirect(url_for('index.home'))

    if appconf.external_load_balancer:
        c_host = appconf.cache_host
        c_ip = appconf.cache_ip
    else:
        c_host = appconf.nginx_host
        c_ip = appconf.nginx_ip

    c = RemoteClient(host=c_host, ip=c_ip)

    try:
        c.startup()
    except:
        flash("SSH connection can't be established to cache server", "warning")

    result = c.get_file('/etc/stunnel/stunnel.conf')

    installed_servers = []

    if result[0]:
        installed_servers = get_redis_config(result[1])

    for server in servers:
        if server.ip in installed_servers:
            server.redis = True
        else:
            server.redis = False

    version = int(appconf.gluu_version.replace(".", ""))
    if version < 311:
        flash(
            "Cache Management is available only for clusters configured with"
            " Gluu Server version 3.1.1 and above", "danger")
        return redirect(url_for('index.home'))

    form = CacheSettingsForm()

    return render_template('cache_index.html', servers=servers, form=form)
Exemple #9
0
def get_status():

    status = {'redis': {}, 'stunnel': {}}
    servers = Server.query.all()

    check_cmd = 'python -c "import socket;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);print s.connect_ex((\'{0}\', {1}))"'

    cache_servers = get_cache_servers()

    stunnel_port = cache_servers[0].stunnel_port if cache_servers else None

    for server in servers + cache_servers:
        key = server.ip.replace('.', '_')

        c = RemoteClient(host=server.hostname, ip=server.ip)
        try:
            c.startup()
        except:
            status['stunnel'][key] = False
            status['redis'][key] = False
        else:

            status['stunnel'][key] = False

            if server in cache_servers:
                r = c.run(check_cmd.format('localhost', 6379))
                stat = r[1].strip()

                if stat == '0':
                    status['redis'][key] = True
                else:
                    status['redis'][key] = False

                if stunnel_port:
                    r = c.run(check_cmd.format(server.ip, stunnel_port))
                    stat = r[1].strip()

                if stat == '0':
                    status['stunnel'][key] = True

            else:

                if stunnel_port:

                    r = c.run(check_cmd.format('localhost', '6379'))
                    stat = r[1].strip()

                    if stat == '0':
                        status['stunnel'][key] = True

        c.close()

    return jsonify(status)
    def startup(self):
        if self.local:
            ldap_server = 'localhost'
        else:
            ldap_server = self.server

        ldap_server = Server("ldaps://{}:1636".format(self.server), use_ssl=True)
        self.conn = Connection(ldap_server, user="******", password=self.ldap_password)
        r = self.conn.bind()
        if not r:
            print "Can't conect to LDAP Server"
            return False

        self.container = '/opt/gluu-server-{}'.format(self.gluu_version)
        if not self.local:
            print "NOT LOCAL?"

            sys.path.append("..")
            from clustermgr.core.remote import RemoteClient
            self.c = RemoteClient(self.server)
            self.c.startup()
        else:
            self.c = FakeRemote()
            if os.path.exists('/etc/gluu/conf/ox-ldap.properties'):
                self.container = '/'
                self.c.fake_remote = True


        self.installer = Installer(self.c, self.gluu_version, self.os_type)

        self.appliance_inum = self.get_appliance_inum()
        self.base_inum = self.get_base_inum()

        return True
Exemple #11
0
 def test_starup_falls_back_to_ip(self, mock_client):
     instance = mock_client.return_value
     instance.connect = MagicMock(side_effect=[SSHException, None])
     RemoteClient('server', ip='0.0.0.0').startup()
     instance.connect.assert_called_with('0.0.0.0',
                                         port=22,
                                         username='******')
Exemple #12
0
def get_remote_stats():
    app_conf = AppConfiguration.query.first()
    if app_conf:
        if app_conf.monitoring:

            servers = Server.query.all()
            for server in servers:
                print "Monitoring: getting data for server {}".format(
                    server.hostname)
                c = RemoteClient(server.hostname, ip=server.ip)
                try:
                    c.startup()
                    for t in sqlite_monitoring_tables.monitoring_tables:
                        get_remote_data(server.hostname, t, c)
                        get_age(server.hostname, c)
                except Exception as e:
                    print "Monitoring: An error occurred while retreiveing monitoring data from server {}. Error {}".format(
                        server.hostname, e)
Exemple #13
0
def get_opendj_replication_status():
    """Retreives opendj replication status form primary server

    :returns: A string that shows replication status
    """

    primary_server = Server.query.filter_by(primary_server=True).first()
    app_config = AppConfiguration.query.first()

    #Make ssh connection to primary server
    c = RemoteClient(primary_server.hostname, ip=primary_server.ip)
    chroot = '/opt/gluu-server-' + app_config.gluu_version

    cmd_run = '{}'

    #determine execution environment for differetn OS types
    if (primary_server.os == 'CentOS 7') or (primary_server.os == 'RHEL 7'):
        chroot = None
        cmd_run = ('ssh -o IdentityFile=/etc/gluu/keys/gluu-console '
                   '-o Port=60022 -o LogLevel=QUIET '
                   '-o StrictHostKeyChecking=no '
                   '-o UserKnownHostsFile=/dev/null '
                   '-o PubkeyAuthentication=yes root@localhost "{}"')
    else:
        cmd_run = 'chroot %s /bin/bash -c "{}"' % (chroot)

    try:
        c.startup()
    except Exception as e:
        return False, "Cannot establish SSH connection {0}".format(e)

    #This command queries server for replication status
    cmd = ('/opt/opendj/bin/dsreplication status -n -X -h {} '
           '-p 4444 -I admin -w $\'{}\'').format(
               primary_server.hostname,
               app_config.replication_pw.replace("'", "\\'"))

    print "executing", cmd
    cmd = cmd_run.format(cmd)

    si, so, se = c.run(cmd)

    return True, so
    def __init__(self,
                 c,
                 gluu_version,
                 server_os=None,
                 logger_tid=None,
                 server_id=None):
        self.c = c
        self.logger_tid = logger_tid
        self.gluu_version = gluu_version
        self.server_os = server_os
        self.server_id = server_id

        if not "RemoteClient" in str(type(c)):
            self.server_os = c.os
            self.server_id = c.id
            self.c = RemoteClient(c.hostname, c.ip)

            wlogger.log(
                self.logger_tid,
                "Making SSH connection to {} ...".format(c.hostname),
                'info',
                server_id=self.server_id,
            )

            try:
                self.c.startup()
                wlogger.log(
                    self.logger_tid,
                    "SSH connection to {} was successful.".format(c.hostname),
                    'success',
                    server_id=self.server_id,
                )
            except:
                self.c = None
                wlogger.log(
                    self.logger_tid,
                    "Can't make SSH connection to {}".format(c.hostname),
                    'fail',
                    server_id=self.server_id,
                )
        if self.server_os:
            self.appy_config()
def get_server_status():

    servers = Server.query.all()

    services = {
        'oxauth': '.well-known/openid-configuration',
        'identity': 'identity/restv1/scim-configuration',
        'shib': 'idp/shibboleth',
        'passport': 'passport'
    }

    status = {}
    active_services = ['oxauth', 'identity']
    prop = get_setup_properties()

    if prop['installSaml']:
        active_services.append('shib')

    if prop['installPassport']:
        active_services.append('passport')

    for server in servers:
        status[server.id] = {}
        c = RemoteClient(server.hostname)
        c.ok = False
        try:
            c.startup()
            c.ok = True
        except Exception as e:
            pass

        for service in active_services:
            status[server.id][service] = False

            if c.ok:
                try:
                    result = c.run("curl -kLI https://localhost/" +
                                   services[service] +
                                   " -o /dev/null -w '%{http_code}\n' -s")
                    if result[1].strip() == '200':
                        status[server.id][service] = True
                except Exception as e:
                    print "Error getting service status of {0} for {1}. ERROR: {2}".format(
                        server.hostname, service, e)

    return jsonify(status)
Exemple #16
0
def edit_slapd_conf(server_id):
    """This view  provides editing of slapd.conf file before depoloyments."""

    server = Server.query.get(server_id)
    appconf = AppConfiguration.query.first()

    # If there is no server with server_id return to home
    if not server:
        flash("No such server.", "warning")
        return redirect(url_for('index.home'))

    if not server.gluu_server:
        chroot = '/'
    else:
        chroot = '/opt/gluu-server-' + appconf.gluu_version

    # slapd.conf file will be downloaded from server. Make ssh connection
    # and download it
    c = RemoteClient(server.hostname, ip=server.ip)
    try:
        c.startup()
    except ClientNotSetupException as e:
        flash(str(e), "danger")
        return redirect(url_for('index.home'))

    slapd_conf_file = os.path.join(chroot, 'opt/symas/etc/openldap/slapd.conf')

    if request.method == 'POST':

        config = request.form.get('conf')
        r = c.put_file(slapd_conf_file, config)
        if not r[0]:
            flash("Cant' saved to server: {0}".format(r[1]), "danger")
        else:
            flash('File {0} was saved on {1}'.format(slapd_conf_file,
                                                     server.hostname))
            return redirect(url_for('index.home'))

    # After editing, slapd.conf file will be uploaded to server via ssh
    r = c.get_file(slapd_conf_file)

    if not r[0]:
        flash("Cant't get file {0}: {1}".format(slapd_conf_file, r[1]),
              "success")
        return redirect(url_for('index.home'))

    config = r[1].read()

    return render_template('conf_editor.html',
                           config=config,
                           hostname=server.hostname)
Exemple #17
0
def edit_slapd_conf(server_id):
    server = Server.query.get(server_id)
    appconf = AppConfiguration.query.first()

    if not server:
        print "Yoook"
        flash("No such server.", "warning")
        return redirect(url_for('index.home'))

    if not server.gluu_server:
        chroot = '/'
    else:
        chroot = '/opt/gluu-server-' + appconf.gluu_version

    c = RemoteClient(server.hostname, ip=server.ip)
    try:
        c.startup()
    except ClientNotSetupException as e:
        flash(str(e), "danger")
        return redirect(url_for('index.home'))

    slapd_conf_file = os.path.join(chroot, 'opt/symas/etc/openldap/slapd.conf')

    if request.method == 'POST':

        config = request.form.get('conf')
        r = c.put_file(slapd_conf_file, config)
        if not r[0]:
            flash("Cant' saved to server: {0}".format(r[1]), "danger")
        else:
            flash('File {0} was saved on {1}'.format(slapd_conf_file,
                                                     server.hostname))
            return redirect(url_for('index.home'))

    r = c.get_file(slapd_conf_file)

    if not r[0]:
        flash("Cant't get file {0}: {1}".format(slapd_conf_file, r[1]),
              "success")
        return redirect(url_for('index.home'))

    config = r[1].read()

    return render_template('conf_editor.html',
                           config=config,
                           hostname=server.hostname)
Exemple #18
0
def wizard_step1(self):
    """Celery task that collects information about server.

    :param self: the celery task

    :return: the number of servers where both stunnel and redis were installed
        successfully
    """

    tid = self.request.id

    wlogger.log(tid, "Analayzing Current Server")

    server = Server.query.filter_by(primary_server=True).first()

    app_conf = AppConfiguration.query.first()

    c = RemoteClient(server.hostname, ip=server.ip)

    try:
        c.startup()
        wlogger.log(tid, "SSH connection established", 'success')
    except:
        wlogger.log(tid, "Can't establish SSH connection", 'fail')
        wlogger.log(tid, "Ending analyzation of server.", 'error')
        return

    os_type = get_os_type(c)

    server.os = os_type

    wlogger.log(tid, "OS type was determined as {}".format(os_type), 'debug')

    gluu_version = None

    #Determine if a version of gluu server was installed.
    r = c.listdir("/opt")
    if r[0]:
        for s in r[1]:
            m = re.search(
                'gluu-server-(?P<gluu_version>(\d+).(\d+).(\d+)(.\d+)?)$', s)
            if m:
                gluu_version = m.group("gluu_version")

                app_conf.gluu_version = gluu_version
                wlogger.log(
                    tid,
                    "Gluu version was determined as {}".format(gluu_version),
                    'debug')

    if not gluu_version:
        wlogger.log(tid, "Gluu server was not installed on this server",
                    'fail')
        wlogger.log(tid, "Ending analyzation of server.", 'error')
        return

    gluu_path = '/opt/gluu-server-{}'.format(gluu_version)

    server.gluu_server = True

    setup_properties_last = os.path.join(
        gluu_path, 'install/community-edition-setup/setup.properties.last')

    setup_properties_local = os.path.join(Config.DATA_DIR, 'setup.properties')

    result = c.download(setup_properties_last, setup_properties_local)

    prop = get_setup_properties()
    prop['hostname'] = app_conf.nginx_host
    write_setup_properties_file(prop)

    if not result.startswith('Download successful'):
        wlogger.log(tid, result, 'fail')
        wlogger.log(tid, "Ending analyzation of server.", 'error')
        return

    wlogger.log(tid, "setup.properties file was downloaded", 'debug')

    server.ldap_password = prop['ldapPass']

    wlogger.log(tid, "LDAP Bind password was identifed", 'success')

    db.session.commit()
Exemple #19
0
def install_cache_cluster(self, servers_id_list, cache_servers_id_list):

    tid = self.request.id

    servers = [ Server.query.get(id) for id in servers_id_list ]
    cache_servers = [ CacheServer.query.get(id) for id in cache_servers_id_list ]

    app_conf = AppConfiguration.query.first()
    
    primary_cache = None
    primary_cache_server = CacheServer.query.first()

    for server in cache_servers:

        rc = __get_remote_client(server, tid)
        if not rc:
            wlogger.log(tid, "SSH connection to server failed", "error", server_id=server.id)
            return False
        
        ri = RedisInstaller(server, tid, rc)
        
        if app_conf.offline:
            if not ri.check_installed():
                wlogger.log(
                    tid, 
                    'Redis Server was not installed. Please install Redis '
                    ' Server and retry.', 
                    'error',
                    server_id=server.id
                    )
                return False

        redis_installed = ri.install()
        
        wlogger.log(
                    tid, 
                    'Setting Redis password',
                    'info',
                    server_id=server.id
                    )
        
        ri.set_redis_password()
    
        if redis_installed:
            wlogger.log(tid, "Redis install successful", "success",
                        server_id=server.id)
        else:
            wlogger.log(tid, "Redis install failed", "fail",
                        server_id=server.id)
            return False

        ri.run_sysctl('enable')
        ri.run_sysctl('restart')

        si = StunnelInstaller(server, tid, rc)

        if app_conf.offline:
            if not si.check_installed():
                wlogger.log(
                    tid, 
                    'Stunnel was not installed. Please install stunnel '
                    'and retry.', 
                    'error',
                    server_id=server.id
                    )
                return False

         
        if si.check_installed():
            server.stunnel = True
        else:
            wlogger.log(tid, "Installing Stunnel", "info", server_id=server.id)
            
            stunnel_installed = si.install()
            if stunnel_installed:
                server.stunnel = True
                wlogger.log(tid, "Stunnel install successful", "success",
                            server_id=server.id)
            else:
                server.stunnel = False
                wlogger.log(tid, "Stunnel install failed", "fail",
                            server_id=server.id)
                            
                return False
        
        if si.os_type == 'rpm':
            si.upload_service_file()
        
        if si.os_type == 'deb':
            wlogger.log(tid, "Enabling stunnel", "debug", server_id=server.id)
            si.run_command("sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/stunnel4")
        
        if not primary_cache:
            primary_cache = server.ip
            if not rc.exists('/etc/stunnel/redis-server.crt'):
                wlogger.log(tid, "Creating SSL certificate for stunnel", "info",
                                server_id=server.id)
                si.run_command(
                        'openssl req -x509 -nodes -days 3650 -newkey rsa:2048 '
                        '-batch -keyout /etc/stunnel/redis-server.key '
                        '-out /etc/stunnel/redis-server.crt'
                        )
                si.run_command('chmod 600 /etc/stunnel/redis-server.key')
            
            
            wlogger.log(tid, "Retreiving server certificate", "info",
                                server_id=server.id)


            stunnel_redis_conf = (
                                'pid = /run/stunnel-redis.pid\n'
                                '[redis-server]\n'
                                'cert = /etc/stunnel/redis-server.crt\n'
                                'key = /etc/stunnel/redis-server.key\n'
                                'accept = {0}:{1}\n'
                                'connect = 127.0.0.1:6379\n'
                                ).format(server.ip, primary_cache_server.stunnel_port)
            
            wlogger.log(tid, "Writing redis stunnel configurations", "info",
                                server_id=server.id)
            
            rc.put_file('/etc/stunnel/stunnel.conf', stunnel_redis_conf)
            
            si.run_sysctl('enable')
            si.run_sysctl('restart')
        
        server.installed = True
        db.session.commit()
        rc.close()
        
    wlogger.log(tid, "2", "set_step")
    
    # retreive stunnel certificate
    rc = RemoteClient(primary_cache_server.hostname, ip=primary_cache_server.ip)
    rc.startup()
    stunnel_cert = rc.get_file('/etc/stunnel/redis-server.crt')

    if not stunnel_cert[0]:
        print "Can't retreive server certificate from primary cache server"
        return False

    stunnel_cert = stunnel_cert[1].read()

    for server in servers:
                
        rc = __get_remote_client(server, tid)
        if not rc:
            wlogger.log(tid, "SSH connection to server failed", "error", server_id=server.id)
            return False

        si = StunnelInstaller(server, tid, rc)

        wlogger.log(tid, "Installing Stunnel", "debug", server_id=server.id)
         
        if si.rc.exists('/usr/bin/stunnel') or si.rc.exists('/bin/stunnel'):
            wlogger.log(tid, "Stunnel was allready installed", "info", 
                        server_id=server.id)
            server.stunnel = True
        else:
            wlogger.log(tid, "Installing Stunnel", "info", server_id=server.id)
            
            stunnel_installed = si.install()
            if stunnel_installed:
                server.stunnel = True
                wlogger.log(tid, "Stunnel install successful", "success",
                            server_id=server.id)
            else:
                server.stunnel = False
                wlogger.log(tid, "Stunnel install failed", "fail",
                            server_id=server.id)
                            
                return False

        if si.os_type == 'rpm':
            si.upload_service_file()
        
        
        if si.os_type == 'deb':
            wlogger.log(tid, "Enabling stunnel", "debug", server_id=server.id)
            si.run_command("sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/stunnel4")

        stunnel_redis_conf = ( 
                            'pid = /run/stunnel-redis.pid\n'
                            '[redis-client]\n'
                            'client = yes\n'
                            'accept = 127.0.0.1:{1}\n'
                            'connect = {0}:{1}\n'
                            'CAfile = /etc/stunnel/redis-server.crt\n'
                            'verify = 4\n'
                            ).format(primary_cache, primary_cache_server.stunnel_port)

        wlogger.log(tid, "Writing redis stunnel configurations", "info",
                                server_id=server.id)
        rc.put_file('/etc/stunnel/stunnel.conf', stunnel_redis_conf)

        wlogger.log(tid, "Uploading server certificate", "info",
                                server_id=server.id)

        rc.put_file('/etc/stunnel/redis-server.crt', stunnel_cert)

        si.run_sysctl('enable')
        si.run_sysctl('restart')

        if server.primary_server:
            
            server_string = 'localhost:{0}'.format(primary_cache_server.stunnel_port)
            __update_LDAP_cache_method(tid, server, server_string, redis_password=primary_cache_server.redis_password)
        

        wlogger.log(tid, "Restarting Gluu Server", "info",
                                server_id=server.id)


        if server.os in ('RHEL 7', 'CentOS 7', 'Ubuntu 18'):
            si.run_command('/sbin/gluu-serverd-{} restart'.format(app_conf.gluu_version))
        else:
            si.run_command('systemctl restart gluu-server-{}'.format(app_conf.gluu_version))

    wlogger.log(tid, "3", "set_step")
Exemple #20
0
    s_in, s_out, s_err = c.run(cmd)

    try:
        data = json.loads(s_out)
        arg_d = {
            u'fields': ['time', u'uptime'],
            u'data': [[int(time.time()), data['data']['uptime']]]
        }
    except:
        print "Server did not return json data"
        arg_d = {
            u'fields': ['time', u'uptime'],
            u'data': [[int(time.time()), 0]]
        }

    print "Uptime", data['data']
    write_influx(host, 'uptime', arg_d)


servers = sys.argv[1:]

if not servers:
    print "Usage: python get_remote_stats.py server1 server2 servser3"

for server in servers:
    c = RemoteClient(server)
    c.startup()
    for t in sqlite_monitoring_tables.monitoring_tables:
        get_remote_data(server, t, c)
    #get_age(server, c)
Exemple #21
0
def index():
    """Route for URL /server/. GET returns ServerForm to add a server,
    POST accepts the ServerForm, validates and creates a new Server object
    """

    appconfig = AppConfiguration.query.first()
    if not appconfig:
        flash(
            "Kindly set default values for the application before adding"
            " servers.", "info")
        return redirect(url_for('index.app_configuration', next="/server/"))

    form = ServerForm()
    header = "New Server"
    primary_server = Server.query.filter(
        Server.primary_server.is_(True)).first()

    if primary_server:
        del form.ldap_password
        del form.ldap_password_confirm
    else:
        header = "New Server - Primary Server"

    if form.validate_on_submit():

        server = Server()
        server.hostname = form.hostname.data.strip()
        server.ip = form.ip.data.strip()
        server.mmr = False
        ask_passphrase = False

        server_exist = Server.query.filter_by(
            hostname=form.hostname.data.strip()).first()

        if server_exist:
            flash(
                "Server with hostname {} is already in cluster".format(
                    server_exist.hostname), "warning")
            return redirect(url_for('index.home'))

        c = RemoteClient(server.hostname, server.ip)
        try:
            c.startup()

        except ClientNotSetupException as e:

            if str(e) == 'Pubkey is encrypted.':
                ask_passphrase = True
                flash(
                    "Pubkey seems to password protected. "
                    "After setting your passphrase re-submit this form.",
                    'warning')
            elif str(e) == 'Could not deserialize key data.':
                ask_passphrase = True
                flash(
                    "Password your provided for pubkey did not work. "
                    "After setting your passphrase re-submit this form.",
                    'warning')
            else:
                flash(
                    "SSH connection to {} failed. Please check if your pub key is "
                    "added to /root/.ssh/authorized_keys on this server. Reason: {}"
                    .format(server.hostname, e), 'error')

        #except:
        #    flash("SSH connection to {} failed. Please check if your pub key is "
        #        "asdded to /root/.ssh/authorized_keys on this server".format(
        #                                            server.hostname))

            print "ask_passphrase", ask_passphrase

            return render_template('new_server.html',
                                   form=form,
                                   header=header,
                                   server_id=None,
                                   ask_passphrase=ask_passphrase,
                                   next=url_for('server.index'))

        if primary_server:
            server.ldap_password = primary_server.ldap_password
        else:
            server.ldap_password = form.ldap_password.data.strip()
            server.primary_server = True

        if not server.hostname == appconfig.nginx_host:
            db.session.add(server)
            db.session.commit()
            # start the background job to get system details
            collect_server_details.delay(server.id)
            return redirect(url_for('index.home'))

        else:
            flash("Load balancer can't be used as gluu server", 'danger')

    return render_template('new_server.html',
                           form=form,
                           header=header,
                           server_id=None)
Exemple #22
0
def app_configuration():
    """This view provides application configuration forms"""

    # create forms
    conf_form = AppConfigForm()
    sch_form = SchemaForm()
    config = AppConfiguration.query.first()
    schemafiles = os.listdir(app.config['SCHEMA_DIR'])

    conf_form.gluu_archive.choices = [
        (f, os.path.split(f)[1]) for f in glob.glob(
            os.path.join(app.config['GLUU_REPO'], 'gluu-server-*'))
    ]

    # If the form is submitted and password for replication user was not
    # not supplied, make password "**dummy**", so don't change
    # what we have before

    #external_lb_checked = False
    external_lb_checked = conf_form.external_load_balancer.data

    if request.method == 'POST':

        if conf_form.gluu_version.data < '3.1.4':
            conf_form.use_ldap_cache.data = False

        if config and not conf_form.replication_pw.data.strip():
            conf_form.replication_pw.validators = []
            conf_form.replication_pw_confirm.validators = []

        if conf_form.external_load_balancer.data:
            conf_form.nginx_ip.validators = []

        print "OFFLINE", conf_form.offline.data, conf_form.gluu_archive.data

        if not conf_form.offline.data:
            del conf_form._fields['gluu_archive']

    if not config:
        #del conf_form.replication_pw
        #del conf_form.replication_pw_confirm
        config = AppConfiguration()
        db.session.add(config)

    # If form is submitted and validated process it
    if conf_form.update.data and conf_form.validate_on_submit():

        if config.replication_pw:
            new_replication_passwd = conf_form.replication_pw.data.strip()
            if conf_form.replication_pw.data:

                c = None
                server = Server.query.first()

                if server:

                    c = RemoteClient(server.hostname, ip=server.ip)

                    try:
                        c.startup()
                    except Exception as e:
                        flash(
                            "Can't establish SSH connection to {}. "
                            "Replication password is not changed".format(
                                server.hostname), "warning")
                    if c:

                        installer = Installer(c, config.gluu_version,
                                              server.os)

                        cmd = (
                            '/opt/opendj/bin/ldappasswordmodify --bindDN '
                            '\'cn=Directory Manager\' --bindPassword $\'{}\' '
                            '--port 4444 --newPassword $\'{}\' --authzID '
                            '\'cn=admin,cn=Administrators,cn=admin data\' '
                            '--trustAll --useSSL'.format(
                                server.ldap_password.replace("'", "\\'"),
                                new_replication_passwd.replace("'", "\\'"),
                            ))

                        result = installer.run(cmd)
                        if result[1].strip() == \
                        'The LDAP password modify operation was successful':
                            flash("Replication password is changed", "success")
                            config.replication_pw = new_replication_passwd

        config.gluu_version = conf_form.gluu_version.data.strip()
        config.nginx_host = conf_form.nginx_host.data.strip()
        config.nginx_ip = conf_form.nginx_ip.data.strip()
        config.modify_hosts = conf_form.modify_hosts.data

        config.ldap_update_period = conf_form.ldap_update_period.data
        config.ldap_update_period_unit = 's'
        config.external_load_balancer = conf_form.external_load_balancer.data
        config.use_ldap_cache = conf_form.use_ldap_cache.data

        if conf_form.offline.data:
            config.offline = True
            config.gluu_archive = conf_form.gluu_archive.data
        else:
            config.offline = False
            config.gluu_archive = ''

        if getattr(conf_form, 'replication_pw'):
            if conf_form.replication_pw_confirm.data:
                config.replication_pw = conf_form.replication_pw.data.strip()

        config.gluu_version = conf_form.gluu_version.data.strip()

        db.session.commit()

        flash(
            "Gluu Cluster Manager application configuration has been "
            "updated.", "success")

    elif sch_form.upload.data and sch_form.validate_on_submit():
        f = sch_form.schema.data
        filename = secure_filename(f.filename)
        if any(filename in s for s in schemafiles):
            name, extension = os.path.splitext(filename)
            matches = [s for s in schemafiles if name in s]
            filename = name + "_" + str(len(matches)) + extension
        f.save(os.path.join(app.config['SCHEMA_DIR'], filename))
        schemafiles.append(filename)
        flash(
            "Schema: {0} has been uploaded sucessfully. "
            "Please edit slapd.conf of primary server and "
            "re-deploy all servers.".format(filename), "success")

    # request.method == GET gets processed here
    if config:
        conf_form.nginx_host.data = config.nginx_host
        conf_form.modify_hosts.data = config.modify_hosts
        conf_form.nginx_ip.data = config.nginx_ip
        conf_form.external_load_balancer.data = config.external_load_balancer
        conf_form.use_ldap_cache.data = config.use_ldap_cache
        conf_form.offline.data = config.offline

        service_status_update_period = config.ldap_update_period

        if service_status_update_period and config.ldap_update_period_unit != 's':
            service_status_update_period = service_status_update_period * 60

        conf_form.ldap_update_period.data = str(service_status_update_period)

        #conf_form.use_ip.data = config.use_ip
        if config.gluu_version:
            conf_form.gluu_version.data = config.gluu_version

    if not config.id:
        conf_form.use_ldap_cache.data = True

    #create fake remote class that provides the same interface with RemoteClient
    fc = FakeRemote()

    #Getermine local OS type
    localos = get_os_type(fc)

    app.jinja_env.globals['use_ldap_cache'] = config.use_ldap_cache

    return render_template(
        'app_config.html',
        cform=conf_form,
        sform=sch_form,
        config=config,
        schemafiles=schemafiles,
        localos=localos,
        external_lb_checked=external_lb_checked,
        repo_dir=app.config['GLUU_REPO'],
        next=request.args.get('next'),
    )
Exemple #23
0
def home():
    cfg_file = app.config["AUTH_CONFIG_FILE"]
    oxd_file_config = app.config["OXD_CLIENT_CONFIG_FILE"]

    if not os.path.exists(cfg_file):
        if not os.path.exists(oxd_file_config):
            return redirect(url_for('auth.signup'))

    if not current_user.is_authenticated:
        return redirect(url_for("auth.login", next='/'))
    """This is the home view --dashboard--"""
    if 'nongluuldapinfo' in session:
        del session['nongluuldapinfo']

    try:
        appconf = AppConfiguration.query.first()
    except:
        return render_template('index_nodb.html')

    if not appconf:
        return render_template('intro.html', setup='cluster')

    servers = Server.query.all()
    if not servers:
        return render_template('intro.html', setup='server')

    ask_passphrase = False

    logger.debug("Checking if primary server is reachable with ssh")
    c = RemoteClient(servers[0].ip, servers[0].hostname)
    try:
        c.startup()

    except ClientNotSetupException as e:

        if str(e) == 'Pubkey is encrypted.':
            ask_passphrase = True
            flash(
                "Pubkey seems to password protected. "
                "Please set passphrase.", 'warning')
        elif str(e) == 'Could not deserialize key data.':
            ask_passphrase = True
            flash(
                "Password you provided for pubkey did not work. "
                "Please set valid passphrase.", 'warning')
        else:
            flash(
                "SSH connection to {} failed. Please check if your pub key is "
                "added to /root/.ssh/authorized_keys on this server. Reason: {}"
                .format(servers[0].hostname, e), 'error')

        if ask_passphrase:
            return render_template(
                'index_passphrase.html',
                e=e,
                ask_passphrase=ask_passphrase,
                next='/',
                warning_text="Error accessing primary server")

    server_id_list = [str(server.id) for server in servers]

    services = ['oxauth', 'identity']
    prop = get_setup_properties()

    if as_boolean(prop['installSaml']):
        services.append('shib')

    if as_boolean(prop['installPassport']):
        services.append('passport')

    service_update_period = 300

    if appconf.ldap_update_period:
        service_update_period = appconf.ldap_update_period
        if appconf.ldap_update_period_unit != 's':
            service_update_period = service_update_period * 60

    return render_template('dashboard.html',
                           servers=servers,
                           app_conf=appconf,
                           services=services,
                           server_id_list=server_id_list,
                           service_update_period=service_update_period)
Exemple #24
0
 def __init__(self, server, tid):
     self.server = server
     self.tid = tid
     self.rc = RemoteClient(server.hostname, ip=server.ip)
Exemple #25
0
def step1():

    pserver = Server.query.filter_by(primary_server=True).first()
    if pserver and request.args.get('pass_set') != 'true':
        flash("Oops this service is not for you.", 'warning')
        return redirect(url_for('index.home'))

    wform = WizardStep1()

    if request.method == 'POST':
        if wform.validate_on_submit():
            replication_pw = uuid.uuid4().hex
            app_conf = AppConfiguration()
            app_conf.nginx_host = wform.new_hostname.data.strip()
            app_conf.replication_pw = replication_pw
            app_conf.nginx_ip = wform.nginx_ip.data.strip()
            app_conf.modify_hosts = True
            db.session.add(app_conf)

            server = Server()
            server.ip = wform.ip.data.strip()
            server.hostname = wform.current_hostname.data.strip()
            server.primary_server = True

            db.session.add(app_conf)
            db.session.add(server)
            db.session.commit()

    if request.method == 'POST' or request.args.get('pass_set') == 'true':

        servers = Server.query.all()

        ask_passphrase = False

        c = RemoteClient(servers[0].ip, servers[0].hostname)
        try:
            c.startup()

        except ClientNotSetupException as e:

            if str(e) == 'Pubkey is encrypted.':
                ask_passphrase = True
                flash(
                    "Pubkey seems to password protected. "
                    "Please set passphrase.", 'warning')
            elif str(e) == 'Could not deserialize key data.':
                ask_passphrase = True
                flash(
                    "Password your provided for pubkey did not work. "
                    "Please set valid passphrase.", 'warning')
            else:
                flash(
                    "SSH connection to {} failed. Please check if your pub key is "
                    "added to /root/.ssh/authorized_keys on this server. Reason: {}"
                    .format(servers[0].hostname, e), 'error')

            return render_template(
                'index_passphrase.html',
                e=e,
                ask_passphrase=ask_passphrase,
                next=url_for('wizard.step1', pass_set='true'),
                warning_text="Error accessing Stand Allone Server")

        task = wizard_step1.delay()
        print "TASK STARTED", task.id

        servers = Server.query.all()
        return render_template('wizard/wizard_logger.html',
                               step=1,
                               task_id=task.id,
                               servers=servers)

    return render_template('wizard/step1.html', wform=wform)
Exemple #26
0
class BaseInstaller(object):
    """Base class for component installers.

    Args:
        server (class:`clustermgr.models.Server`): the server object denoting
            the server where server should be installed
        tid (string): the task id of the celery task to add logs
    """

    def __init__(self, server, tid):
        self.server = server
        self.tid = tid
        self.rc = RemoteClient(server.hostname, ip=server.ip)

    def install(self):
        """install() detects the os of the server and calls the appropriate
        function to install redis on that server.

        Returns:
            boolean status of the install process
        """
        try:
            self.rc.startup()
        except Exception as e:
            wlogger.log(self.tid, "Could not connect to {0}".format(e),
                        "error", server_id=self.server.id)
            return False

        cin, cout, cerr = self.rc.run("ls /etc/*release")
        files = cout.split()
        cin, cout, cerr = self.rc.run("cat " + files[0])

        status = False
        if "Ubuntu" in cout:
            status = self.install_in_ubuntu()
        elif "CentOS" in cout:
            status = self.install_in_centos()
        else:
            wlogger.log(self.tid, "Server OS is not supported. {0}".format(
                cout), "error", server_id=self.server.id)
        self.rc.close()
        return status

    def install_in_ubuntu(self):
        """This method should be overridden by the sub classes. Run the
        commands needed to install your component.

        Returns:
            boolean status of success of the install
        """
        pass

    def install_in_centos(self):
        """This method should be overridden by the sub classes. Run the
        commands needed to install your component.

        Returns:
            boolean status of success of the install
        """
        pass

    def run_command(self, cmd):
        wlogger.log(self.tid, cmd, "debug", server_id=self.server.id)
        return self.rc.run(cmd)
Exemple #27
0
def install_cache_components(self, method):
    """Celery task that installs the redis, stunnel and twemproxy applications
    in the required servers.

    Redis and stunnel are installed in all the servers in the cluster.
    Twemproxy is installed in the load-balancer/proxy server

    :param self: the celery task
    :param method: either STANDALONE, SHARDED

    :return: the number of servers where both stunnel and redis were installed
        successfully
    """
    tid = self.request.id
    installed = 0
    servers = Server.query.all()
    for server in servers:
        wlogger.log(tid, "Installing Redis in server {0}".format(
            server.hostname), "info", server_id=server.id)
        ri = RedisInstaller(server, tid)
        redis_installed = ri.install()
        if redis_installed:
            server.redis = True
            wlogger.log(tid, "Redis install successful", "success",
                        server_id=server.id)
        else:
            server.redis = False
            wlogger.log(tid, "Redis install failed", "fail",
                        server_id=server.id)

        wlogger.log(tid, "Installing Stunnel", "info", server_id=server.id)
        si = StunnelInstaller(server, tid)
        stunnel_installed = si.install()
        if stunnel_installed:
            server.stunnel = True
            wlogger.log(tid, "Stunnel install successful", "success",
                        server_id=server.id)
        else:
            server.stunnel = False
            wlogger.log(tid, "Stunnel install failed", "fail",
                        server_id=server.id)
        # Save the redis and stunnel install situation to the db
        db.session.commit()

        if redis_installed and stunnel_installed:
            installed += 1

    if method != 'STANDALONE':
        # No need to install twemproxy for "SHARDED" configuration
        return True

    # Install twemproxy in the Nginx load balancing proxy server
    app_conf = AppConfiguration.query.first()
    host = app_conf.nginx_host
    rc = RemoteClient(host)
    try:
        rc.startup()
    except Exception as e:
        wlogger.log(tid, "Could not connect to {0}".format(e), "error")
        return False

    server_os = get_os_type(rc)

    mock_server = Server()
    mock_server.hostname = host
    wlogger.log(tid, "Installing Stunnel in proxy server")
    si = StunnelInstaller(mock_server, tid)
    stunnel_installed = si.install()
    if stunnel_installed:
        wlogger.log(tid, "Stunnel install successful", "success")
    else:
        wlogger.log(tid, "Stunnel install failed", "fail")

    wlogger.log(tid, "Cluster manager will now try to build Twemproxy")
    # 1. Setup the development tools for installation
    if server_os in ["Ubuntu 16", "Ubuntu 14"]:
        run_and_log(rc, "apt-get update", tid)
        run_and_log(rc, "apt-get install -y build-essential autoconf libtool",
                    tid)
    elif server_os in ["CentOS 6", "CentOS 7", "RHEL 7"]:
        run_and_log(rc, "yum install -y wget", tid)
        run_and_log(rc, "yum groupinstall -y 'Development tools'", tid)

    if server_os == "CentOS 6":
        run_and_log(rc, "wget http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz",
                    tid)
        run_and_log(rc, "tar xvfvz autoconf-2.69.tar.gz", tid)
        run_and_log(rc, "cd autoconf-2.69 && ./configure", tid)
        run_and_log(rc, "cd autoconf-2.69 && make", tid)
        run_and_log(rc, "cd autoconf-2.69 && make install", tid)

    # 2. Get the source, build & install the nutcracker binaries
    run_and_log(rc, "wget https://github.com/twitter/twemproxy/archive/v0.4.1.tar.gz",
                tid)
    run_and_log(rc, "tar -xf v0.4.1.tar.gz", tid)
    run_and_log(rc, "cd twemproxy-0.4.1", tid)
    run_and_log(rc, "cd twemproxy-0.4.1 && autoreconf -fvi", tid)
    run_and_log(rc, "cd twemproxy-0.4.1 && ./configure --prefix=/usr", tid)
    run_and_log(rc, "cd twemproxy-0.4.1 && make", tid)
    run_and_log(rc, "cd twemproxy-0.4.1 && make install", tid)

    # 3. Post installation - setup user and logging
    run_and_log(rc, "useradd nutcracker", tid)
    run_and_log(rc, "mkdir /var/log/nutcracker", tid)
    run_and_log(rc, "touch /var/log/nutcracker/nutcracker.log", tid)
    run_and_log(rc, "chown -R nutcracker:nutcracker /var/log/nutcracker",
                tid)
    logrotate_conf = ["/var/log/nutcracker/nutcracker*.log {", "\tweekly",
                      "\tmissingok", "\trotate 12", "\tcompress",
                      "\tnotifempty", "}"]
    rc.put_file("/etc/logrotate.d/nutcracker", "\n".join(logrotate_conf))

    # 4. Add init/service scripts to run nutcracker as a service
    if server_os in ["Ubuntu 16", "CentOS 7", "RHEL 7"]:
        local = os.path.join(app.root_path, "templates", "twemproxy",
                             "twemproxy.service")
        remote = "/lib/systemd/system/nutcracker.service"
        rc.upload(local, remote)
        run_and_log(rc, "systemctl enable nutcracker", tid, None)
    elif server_os == "Ubuntu 14":
        local = os.path.join(app.root_path, "templates", "twemproxy",
                             "nutcracker.init")
        remote = "/etc/init.d/nutcracker"
        rc.upload(local, remote)
        run_and_log(rc, 'chmod +x /etc/init.d/nutcracker', tid)
        run_and_log(rc, "update-rc.d nutcracker defaults", tid)
    elif server_os == "CentOS 6":
        local = os.path.join(app.root_path, "templates", "twemproxy",
                             "nutcracker.centos.init")
        remote = "/etc/rc.d/init.d/nutcracker"
        rc.upload(local, remote)
        run_and_log(rc, "chmod +x /etc/init.d/nutcracker", tid)
        run_and_log(rc, "chkconfig --add nutcracker", tid)
        run_and_log(rc, "chkconfig nutcracker on", tid)

    # 5. Create the default configuration file referenced in the init scripts
    run_and_log(rc, "mkdir -p /etc/nutcracker", tid)
    run_and_log(rc, "touch /etc/nutcracker/nutcracker.yml", tid)

    rc.close()
    return installed
Exemple #28
0
def setup_server(self, server_id, conffile):
    """This Task sets up a standalone server with only OpenLDAP installed as
    per the request.

    As the task proceeds the various status are logged to the WebLogger under
    the uniqueID of the task. This lets the web interface to poll for the
    near-realtime updates.

    Args:
        server_id (int): the primary key of the LDAPServer object
        conffile (string): complete path of the slapd.conf generated via webui
    """
    server = LDAPServer.query.get(server_id)
    tid = self.request.id

    wlogger.log(tid, "Connecting to the server %s" % server.hostname)
    c = RemoteClient(server.hostname)
    try:
        c.startup()
    except Exception as e:
        wlogger.log(tid, "Cannot establish SSH connection {0}".format(e),
                    "error")

    wlogger.log(tid, "Retrying with the IP address")
    c = RemoteClient(server.ip)
    try:
        c.startup()
    except Exception as e:
        wlogger.log(tid, "Cannot establish SSH connection {0}".format(e),
                    "error")
        wlogger.log(tid, "Ending server setup process.", "error")
        return False

    wlogger.log(tid, 'Starting premilinary checks')
    # 1. Check OpenLDAP is installed
    if c.exists('/opt/symas/bin/slaptest'):
        wlogger.log(tid, 'Checking if OpenLDAP is installed', 'success')
    else:
        wlogger.log(tid, 'Cheking if OpenLDAP is installed', 'fail')
        wlogger.log(
            tid, 'Kindly install OpenLDAP on the server and refresh'
            ' this page to try setup again.')
        return

    # 2. symas-openldap.conf file exists
    if c.exists('/opt/symas/etc/openldap/symas-openldap.conf'):
        wlogger.log(tid, 'Checking symas-openldap.conf exists', 'success')
    else:
        wlogger.log(tid, 'Checking if symas-openldap.conf exists', 'fail')
        wlogger.log(
            tid, 'Configure OpenLDAP with /opt/gluu/etc/openldap'
            '/symas-openldap.conf', 'warning')
        return

    # 3. Certificates
    if server.tls_cacert:
        if c.exists(server.tls_cacert):
            wlogger.log(tid, 'Checking TLS CA Certificate', 'success')
        else:
            wlogger.log(tid, 'Checking TLS CA Certificate', 'fail')
    if server.tls_servercert:
        if c.exists(server.tls_servercert):
            wlogger.log(tid, 'Checking TLS Server Certificate', 'success')
        else:
            wlogger.log(tid, 'Checking TLS Server Certificate', 'fail')
    if server.tls_serverkey:
        if c.exists(server.tls_serverkey):
            wlogger.log(tid, 'Checking TLS Server Key', 'success')
        else:
            wlogger.log(tid, 'Checking TLS Server Key', 'fail')

    # 4. Data directories
    wlogger.log(tid, "Checking for data and schema folders for LDAP")
    conf = open(conffile, 'r')
    for line in conf:
        if re.match('^directory', line):
            folder = line.split()[1]
            if not c.exists(folder):
                run_command(tid, c, 'mkdir -p ' + folder)
            else:
                wlogger.log(tid, folder, 'success')

    # 5. Copy Gluu Schema files
    wlogger.log(tid, "Copying Schema files to server")
    if not c.exists('/opt/gluu/schema/openldap'):
        run_command(tid, c, 'mkdir -p /opt/gluu/schema/openldap')
    gluu_schemas = os.listdir(os.path.join(app.static_folder, 'schema'))
    for schema in gluu_schemas:
        upload_file(tid, c, os.path.join(app.static_folder, 'schema', schema),
                    "/opt/gluu/schema/openldap/" + schema)
    # 6. Copy User's custom schema files
    schemas = os.listdir(app.config['SCHEMA_DIR'])
    for schema in schemas:
        upload_file(tid, c, os.path.join(app.config['SCHEMA_DIR'], schema),
                    "/opt/gluu/schema/openldap/" + schema)

    # 7. Setup slapd.conf
    wlogger.log(tid, "Copying slapd.conf file to remote server")
    upload_file(tid, c, conffile, '/opt/symas/etc/openldap/slapd.conf')

    wlogger.log(tid, "Restarting LDAP server to validate slapd.conf")
    # IMPORTANT:
    # Restart allows the server to create missing mdb files for accesslog so
    # slapd.conf -> slapd.d conversion runs without error
    run_command(tid, c, 'service solserver restart')

    # 8. Generate OLC slapd.d
    wlogger.log(tid, "Migrating from slapd.conf to slapd.d OnlineConfig (OLC)")
    run_command(tid, c, 'service solserver stop')
    run_command(tid, c, 'rm -rf /opt/symas/etc/openldap/slapd.d')
    run_command(tid, c, 'mkdir -p /opt/symas/etc/openldap/slapd.d')
    run_command(
        tid, c, '/opt/symas/bin/slaptest -f /opt/symas/etc/openldap/slapd.conf'
        ' -F /opt/symas/etc/openldap/slapd.d')

    # 9. Restart the solserver with the new configuration
    wlogger.log(
        tid, "Starting LDAP server with OLC configuraion. Any future"
        "changes to slapd.conf will have NO effect on the LDAP server")
    log = run_command(tid, c, 'service solserver start')
    if 'failed' in log:
        wlogger.log(tid, "OpenLDAP server failed to start.", "error")
        wlogger.log(tid, "Debugging slapd...", "info")
        run_command(tid, "service solserver start -d 1")

    # Everything is done. Set the flag to based on the messages
    msgs = wlogger.get_messages(tid)
    setup_success = True
    for msg in msgs:
        setup_success = setup_success and msg['level'] != 'error'
    server.setup = setup_success
    db.session.commit()
Exemple #29
0
def configure_gluu_server(self, server_id, conffile):
    server = LDAPServer.query.get(server_id)
    tid = self.request.id
    chdir = '/opt/gluu-server-' + server.gluu_version

    wlogger.log(tid, "Connecting to the server %s" % server.hostname)
    c = RemoteClient(server.hostname)
    try:
        c.startup()
    except Exception as e:
        wlogger.log(tid, "Cannot establish SSH connection {0}".format(e),
                    "error")

    wlogger.log(tid, "Retrying with the IP address")
    c = RemoteClient(server.ip)
    try:
        c.startup()
    except Exception as e:
        wlogger.log(tid, "Cannot establish SSH connection {0}".format(e),
                    "error")
        wlogger.log(tid, "Ending server setup process.", "error")
        return False

    # Since it is a Gluu Server, a number of checks can be avoided
    # 1. Check if OpenLDAP is installed
    # 2. Check if symas-openldap.conf files exists
    # 3. Check for certificates - They will be at /etc/certs

    # 4. Existance of data directories - this is necassr check as we will be
    #    enabling accesslog DIT, maybe others by admin in the conf editor
    wlogger.log(tid, "Checking existing data and schema folders for LDAP")
    conf = open(conffile, 'r')
    for line in conf:
        if re.match('^directory', line):
            folder = line.split()[1]
            if not c.exists(os.path.join(chdir, folder)):
                run_command(tid, c, 'mkdir -p ' + folder, chdir)
            else:
                wlogger.log(tid, folder, 'success')

    # 5. Gluu Schema file will be present - no checks required

    # 6. Copy User's custom schema files if any
    schemas = os.listdir(app.config['SCHEMA_DIR'])
    if len(schemas):
        wlogger.log(tid, "Copying custom schema files to the server")
        for schema in schemas:
            local = os.path.join(app.config['SCHEMA_DIR'], schema)
            remote = chdir + "/opt/gluu/schema/openldap/" + schema
            upload_file(tid, c, local, remote)

    # 7. Copy the slapd.conf
    wlogger.log(tid, "Copying slapd.conf file to the server")
    upload_file(tid, c, conffile,
                chdir + "/opt/symas/etc/openaldap/slapd.conf")

    wlogger.log(tid, "Restarting LDAP server to validate slapd.conf")
    # IMPORTANT:
    # Restart allows the server to create the mdb files for accesslog so
    # slaptest doesn't throw errors during OLC generation
    run_command(tid, c, 'service solserver restart', chdir)

    # 8. Download openldap.crt to be used in other servers for ldaps
    wlogger.log(tid, "Downloading SSL Certificate to be used in other servers")
    remote = chdir + '/etc/certs/openldap.crt'
    local = os.path.join(app.config["CERTS_DIR"],
                         "{0}.crt".format(server.hostname))
    download_file(tid, c, remote, local)

    # 9. Generate OLC slapd.d
    wlogger.log(tid, "Convert slapd.conf to slapd.d OLC")
    run_command(tid, c, 'service solserver stop', chdir)
    run_command(tid, c, "rm -rf /opt/symas/etc/openldap/slapd.d", chdir)
    run_command(tid, c, "mkdir /opt/symas/etc/openldap/slapd.d", chdir)
    run_command(
        tid, c, "/opt/symas/bin/slaptest -f /opt/symas/etc/openldap/"
        "slapd.conf -F /opt/symas/etc/openldap/slapd.d", chdir)

    # 10. Reset ownerships
    run_command(tid, c, "chown -R ldap:ldap /opt/gluu/data", chdir)
    run_command(tid, c, "chown -R ldap:ldap /opt/gluu/schema/openldap", chdir)
    run_command(tid, c, "chown -R ldap:ldap /opt/symas/etc/openldap/slapd.d",
                chdir)

    # 11. Restart the solserver with the new OLC configuration
    wlogger.log(tid, "Restarting LDAP server with OLC configuration")
    log = run_command(tid, c, "service solserver start", chdir)
    if 'failed' in log:
        wlogger.log(
            tid, "There seems to be some issue in starting the server."
            "Running LDAP server in debug mode for troubleshooting")
        run_command(tid, c, "service solserver start -d 1", chdir)

    # Everything is done. Set the flag to based on the messages
    msgs = wlogger.get_messages(tid)
    setup_success = True
    for msg in msgs:
        setup_success = setup_success and msg['level'] != 'error'
    server.setup = setup_success
    db.session.commit()
Exemple #30
0
def wizard_step2(self):
    tid = self.request.id

    setup_prop = get_setup_properties()

    server = Server.query.filter_by(primary_server=True).first()
    app_conf = AppConfiguration.query.first()

    c = RemoteClient(server.hostname, ip=server.ip)

    wlogger.log(tid, "Making SSH Connection")

    try:
        c.startup()
        wlogger.log(tid, "SSH connection established", 'success')
    except:
        wlogger.log(tid, "Can't establish SSH connection", 'fail')
        wlogger.log(tid, "Ending changing name.", 'error')
        return

    name_changer = ChangeGluuHostname(
        old_host=server.hostname,
        new_host=app_conf.nginx_host,
        cert_city=setup_prop['city'],
        cert_mail=setup_prop['admin_email'],
        cert_state=setup_prop['state'],
        cert_country=setup_prop['countryCode'],
        server=server.hostname,
        ip_address=server.ip,
        ldap_password=setup_prop['ldapPass'],
        os_type=server.os,
        gluu_version=app_conf.gluu_version,
        local=False,
    )

    name_changer.logger_tid = tid

    r = name_changer.startup()
    if not r:
        wlogger.log(tid, "Name changer can't be started", 'fail')
        wlogger.log(tid, "Ending changing name.", 'error')
        return

    wlogger.log(tid, "Cahnging LDAP Applience configurations")
    name_changer.change_appliance_config()
    wlogger.log(tid, "LDAP Applience configurations were changed", 'success')

    wlogger.log(tid, "Cahnging LDAP Clients entries")
    name_changer.change_clients()
    wlogger.log(tid, "LDAP Applience Clients entries were changed", 'success')

    wlogger.log(tid, "Cahnging LDAP Uma entries")
    name_changer.change_uma()
    wlogger.log(tid, "LDAP Applience Uma entries were changed", 'success')

    wlogger.log(tid, "Modifying SAML & Passport")
    name_changer.modify_saml_passport()
    wlogger.log(tid, "SAML & Passport were changed", 'success')

    wlogger.log(tid, "Reconfiguring http")
    name_changer.change_httpd_conf()
    wlogger.log(tid, " LDAP Applience Uma entries were changed", 'success')

    wlogger.log(tid, "Creating certificates")
    name_changer.create_new_certs()

    wlogger.log(tid, "Changing /etc/hostname")
    name_changer.change_host_name()
    wlogger.log(tid, "/etc/hostname was changed", 'success')

    wlogger.log(tid, "Modifying /etc/hosts")
    name_changer.modify_etc_hosts()
    wlogger.log(tid, "/etc/hosts was modified", 'success')

    name_changer.installer.restart_gluu()