def service_settings(request, service_id):
service = get_object_or_404(Service, pk=service_id)
site = privileges_check(service.site.id, request.user)
if site is None:
return HttpResponseForbidden()
if service.is_busy:
return redirect(site)
breadcrumbs = {
0:
dict(name='Managed Web Service server: ' + str(site.name),
url=site.get_absolute_url()),
1:
dict(name='Server settings'
if service.primary else 'Test server settings',
url=reverse(service_settings, kwargs={'service_id': service.id}))
}
return render(
request, 'mws/settings.html', {
'breadcrumbs': breadcrumbs,
'site': site,
'service': service,
'sidebar_messages': warning_messages(site),
})
def clone_vm_view(request, site_id):
site = privileges_check(site_id, request.user)
if site is None:
return HttpResponseForbidden()
breadcrumbs = {
0: dict(name='Managed Web Service server: ' + str(site.name), url=site.get_absolute_url()),
1: dict(name='Production and test servers management', url=reverse(clone_vm_view, kwargs={'site_id': site.id}))
}
if request.method == 'POST':
if site.is_ready and site.test_service:
clone_vm_api_call.delay(site)
messages.info(request, 'The test server is being created. This will usually take around 10 minutes. You will need to refresh the page.')
elif not site.is_ready:
messages.error(request, 'The test server cannot be created while the production server is being configured.')
elif not site.test_service:
messages.error(request, 'The test server cannot be created at this moment, please contact [email protected]')
return redirect(site)
return render(request, 'mws/clone_vm.html', {
'breadcrumbs': breadcrumbs,
'site': site,
})
def quarantine(request, service_id):
service = get_object_or_404(Service, pk=service_id)
site = privileges_check(service.site.id, request.user)
if site is None:
return HttpResponseForbidden()
if not service or not service.active or service.is_busy:
return redirect(site)
breadcrumbs = {
0: dict(name='Managed Web Service server: ' + str(site.name), url=site.get_absolute_url()),
1: dict(name='Server settings' if service.primary else 'Test server settings',
url=reverse(service_settings, kwargs={'service_id': service.id})),
2: dict(name='Quarantine', url=reverse(quarantine, kwargs={'service_id': service.id})),
}
parameters = {
'breadcrumbs': breadcrumbs,
'service': service,
'site': site,
'sidebar_messages': warning_messages(site),
}
if request.method == 'POST' and not site.is_admin_suspended():
if request.POST['quarantine'] == "Quarantine":
service.quarantined = True
else:
service.quarantined = False
service.save()
launch_ansible(service)
return redirect(site)
return render(request, 'mws/quarantine.html', parameters)
def force_update(request, site_id):
site = privileges_check(site_id, request.user)
if site is None:
return HttpResponseForbidden()
if request.method == 'POST':
launch_ansible_site(site) # to refresh lookup lists
# TODO add message to the user
return redirect(site)
def service_status(request, service_id):
service = get_object_or_404(Service, pk=service_id)
site = privileges_check(service.site.id, request.user)
if site is None:
return HttpResponseForbidden()
if service.is_ready:
return HttpResponse(json.dumps({'status': 'ready'}), content_type='application/json')
else:
return HttpResponse(json.dumps({'status': 'busy'}), content_type='application/json')
def change_db_root_password(request, service_id):
service = get_object_or_404(Service, pk=service_id)
site = privileges_check(service.site.id, request.user)
if site is None:
return HttpResponseForbidden()
if (service.operating_system == 'stretch') \
or not service or not service.active or service.is_busy:
return redirect(site)
breadcrumbs = {
0:
dict(name='Managed Web Service server: ' + str(site.name),
url=site.get_absolute_url()),
1:
dict(name='Server settings'
if service.primary else 'Test server settings',
url=reverse(service_settings, kwargs={'service_id': service.id})),
2:
dict(name='Change db root pass',
url=reverse(change_db_root_password,
kwargs={'service_id': service.id})),
}
if request.method == 'POST':
if request.POST.get(
'typepost') == "Delete temporary mySQL root password":
AnsibleConfiguration.objects.filter(
service=service, key="mysql_root_password").delete()
else:
ansibleconf, created = AnsibleConfiguration.objects.get_or_create(
service=service, key="mysql_root_password")
ansibleconf.value = "Resetting"
ansibleconf.save()
ansible_change_mysql_root_pwd.delay(service)
return HttpResponseRedirect(
reverse(change_db_root_password,
kwargs={'service_id': service.id}))
ansibleconf = AnsibleConfiguration.objects.filter(
service=service, key="mysql_root_password")
ansibleconf = ansibleconf[0].value if ansibleconf else None
return render(
request, 'mws/change_db_root_password.html', {
'breadcrumbs': breadcrumbs,
'service': service,
'site': site,
'sidebar_messages': warning_messages(site),
'ansibleconf': ansibleconf,
})
def power_vm(request, service_id):
service = get_object_or_404(Service, pk=service_id)
site = privileges_check(service.site.id, request.user)
if site is None:
return HttpResponseForbidden()
if not service or not service.active or service.is_busy:
return redirect(site)
service.power_on()
return redirect(service_settings, service_id=service.id)
def resend_email_confirmation_view(request, site_id):
site = privileges_check(site_id, request.user)
if site is None:
return HttpResponseForbidden()
if request.method == 'POST':
from apimws.utils import send_email_confirmation
send_email_confirmation.delay(site)
else:
return HttpResponseForbidden()
return HttpResponse()
def switch_services(request, site_id):
'''This function swiches the production and test services'''
site = get_object_or_404(Site, pk=site_id)
site = privileges_check(site.id, request.user)
if site is None:
return HttpResponseForbidden()
if site.switch_services():
return redirect(site)
else:
messages.error(request, 'An error happened while trying to switch the test server with the production server')
return redirect(site)
def resync(request, site_id):
'''This function syncs production file system with the test one'''
site = get_object_or_404(Site, pk=site_id)
site = privileges_check(site.id, request.user)
if not site.is_ready:
messages.error(request, 'Any of the two server is busy during configuration, wait until both of them are ready')
return redirect(site)
if request.method == 'POST':
post_installOS.delay(site.test_service)
messages.info(request, 'The filesystem started to synchronise')
return redirect(site)
def add_supporter(request, site_id):
site = privileges_check(site_id, request.user)
if site is None:
return HttpResponseForbidden()
if request.method == 'POST':
site.supporters.add(request.user)
launch_ansible_site(site)
remove_supporter.apply_async(args=(site.id, request.user.username),
countdown=3600) # Remove supporter after 1 hour
return redirect(site)
def php_libs(request, service_id):
service = get_object_or_404(Service, pk=service_id)
site = privileges_check(service.site.id, request.user)
if site is None:
return HttpResponseForbidden()
if not service or not service.active or service.is_busy:
return redirect(site)
breadcrumbs = {
0:
dict(name='Managed Web Service server: ' + str(site.name),
url=site.get_absolute_url()),
1:
dict(name='Server settings'
if service.primary else 'Test server settings',
url=reverse(service_settings, kwargs={'service_id': service.id})),
2:
dict(name='PHP Libraries',
url=reverse(php_libs, kwargs={'service_id': service.id})),
}
from apimws.forms import PHPLibForm
parameters = {
'breadcrumbs':
breadcrumbs,
'service':
service,
'site':
site,
'sidebar_messages':
warning_messages(site),
'form':
PHPLibForm(initial={
'php_libs':
list(service.php_libs.values_list('name', flat=True))
}),
}
if request.method == 'POST':
f = PHPLibForm(request.POST)
if f.is_valid():
service.php_libs.set(PHPLib.objects.filter(
name__in=f.cleaned_data['php_libs']).all(),
clear=True)
service.save()
launch_ansible(service)
return render(request, 'mws/phplibs.html', parameters)
def auth_change(request, site_id):
site = privileges_check(site_id, request.user)
if site is None:
return HttpResponseForbidden()
if not site.production_service or site.production_service.virtual_machines.count() == 0 \
or site.production_service.is_busy:
return redirect(site)
if request.method == 'POST':
authuserlist = validate_crsid_list(
request.POST.getlist('users_crsids'))
sshuserlist = validate_crsid_list(
request.POST.getlist('sshusers_crsids'))
authgrouplist = validate_groupid_list(request.POST.getlist('groupids'))
sshauthgrouplist = validate_groupid_list(
request.POST.getlist('sshgroupids'))
site.users.clear()
site.users.add(*authuserlist)
site.ssh_users.clear()
site.ssh_users.add(*sshuserlist)
site.groups.clear()
site.groups.add(*authgrouplist)
site.ssh_groups.clear()
site.ssh_groups.add(*sshauthgrouplist)
launch_ansible_site(
site
) # to add or delete users from the ssh/login auth list of the server
return redirect(site)
breadcrumbs = {
0:
dict(name='Managed Web Server: ' + str(site.name),
url=site.get_absolute_url()),
1:
dict(name='Authorisation',
url=reverse(auth_change, kwargs={'site_id': site.id}))
}
return render(
request, 'mws/auth.html', {
'authorised_users': site.users.all(),
'sshuserlist': site.ssh_users.all(),
'authorised_groups': site.groups.all(),
'sshusers_groups': site.ssh_groups.all(),
'breadcrumbs': breadcrumbs,
'sidebar_messages': warning_messages(site),
'site': site
})
def service_status(request, service_id):
service = get_object_or_404(Service, pk=service_id)
site = privileges_check(service.site.id, request.user)
if site is None:
return HttpResponseForbidden()
if not (site.production_service.is_ready or site.test_service.is_ready):
status = 'busy'
elif not site.production_service.is_ready:
status = 'prod'
elif not site.test_service.is_ready:
status = 'test'
else:
status = 'ready'
return HttpResponse(json.dumps({'status': status}), content_type='application/json')
def delete_vm(request, service_id):
service = get_object_or_404(Service, pk=service_id)
site = privileges_check(service.site.id, request.user)
if site is None or service.primary:
return HttpResponseForbidden()
if not service or not service.active or service.is_busy:
return redirect(site)
if request.method == 'POST':
for vm in service.virtual_machines.all():
vm.delete()
return redirect(site)
return HttpResponseForbidden()
def generate_csr(request, vhost_id):
vhost = get_object_or_404(Vhost, pk=vhost_id)
site = privileges_check(vhost.service.site.id, request.user)
if request.method == 'POST' and vhost.tls_key_hash != 'requested' and vhost.tls_key_hash != 'renewal':
if vhost.main_domain is None:
breadcrumbs = {
0:
dict(name='Managed Web Service server: ' + str(site.name),
url=site.get_absolute_url()),
1:
dict(name='Server settings'
if vhost.service.primary else 'Test server settings',
url=reverse('sitesmanagement.views.service_settings',
kwargs={'service_id': vhost.service.id})),
2:
dict(name='Vhosts Management: %s' % vhost.name,
url=reverse('listvhost',
kwargs={'service_id': vhost.service.id})),
3:
dict(name='TLS/SSL Certificates',
url=reverse(certificates, kwargs={'vhost_id': vhost.id})),
}
return render(
request, 'mws/certificates.html', {
'breadcrumbs': breadcrumbs,
'vhost': vhost,
'service': vhost.service,
'site': site,
'error_main_domain': True
})
if vhost.tls_enabled:
vhost.tls_key_hash = 'renewal'
vhost.csr = None
vhost.save()
else:
vhost.tls_key_hash = 'requested'
vhost.certificate = None
vhost.csr = None
vhost.tls_enabled = False
vhost.save()
launch_ansible(vhost.service)
return redirect(reverse(certificates, kwargs={'vhost_id': vhost.id}))
def vhost_onwership(request, vhost_id):
vhost = get_object_or_404(Vhost, pk=vhost_id)
site = privileges_check(vhost.service.site.id, request.user)
service = vhost.service
if site is None or (not service or not service.active or service.is_busy):
return HttpResponseForbidden()
if request.method == 'POST' and not vhost.apache_owned:
vhost_enable_apache_owned.delay(vhost_id)
return HttpResponse(
"The ownership of the '%s' website docroot folder has been changed to www-data "
"successfully. This change will only remain for one hour." %
vhost.name)
return HttpResponseForbidden(
"An error happened while changing ownership of the docroot folder of the '%s' "
"website" % vhost.name)
def billing_management(request, site_id):
site = privileges_check(site_id, request.user)
if site is None:
return HttpResponseForbidden()
breadcrumbs = {
0:
dict(name='Managed Web Service server: ' + str(site.name),
url=site.get_absolute_url()),
1:
dict(name='Billing',
url=reverse('billing_management', kwargs={'site_id': site.id}))
}
if request.method == 'POST':
if hasattr(site, 'billing'):
billing_form = BillingForm(request.POST,
request.FILES,
instance=site.billing)
if billing_form.is_valid():
billing_form.save()
return redirect(site)
else:
billing_form = BillingForm(request.POST, request.FILES)
if billing_form.is_valid():
billing = billing_form.save(commit=False)
billing.site = site
billing.save()
return redirect(site)
elif hasattr(site, 'billing'):
billing_form = BillingForm(instance=site.billing)
else:
billing_form = BillingForm()
return render(
request, 'mws/billing.html', {
'breadcrumbs': breadcrumbs,
'site': site,
'billing_form': billing_form,
'sidebar_messages': warning_messages(site),
'cost': ServerType.objects.get(id=1).price
})
def reset_vm(request, service_id):
service = get_object_or_404(Service, pk=service_id)
site = privileges_check(service.site.id, request.user)
if site is None:
return HttpResponseForbidden()
if not service or not service.active or service.is_busy:
messages.error(request, 'Any of the two server is busy during configuration, wait until both of them are ready')
return redirect(site)
if request.method == 'POST':
if service.do_reset():
messages.success(request, "Your server will be restarted shortly")
else:
messages.error(request, "Your server couldn't be restarted")
else:
messages.error(request, "An error happened")
return redirect(site)
def clone_vm_view(request, site_id):
site = privileges_check(site_id, request.user)
if site is None:
return HttpResponseForbidden()
can_upgrade = False
is_queued = False
if settings.MAX_PENDING_UPGRADES:
pending_upgrades = len([x for x in Service.objects.filter(type='test').prefetch_related('virtual_machines') if x.active])
if pending_upgrades < settings.MAX_PENDING_UPGRADES:
can_upgrade = True
else:
if not hasattr(site,'queueentry'):
QueueEntry.objects.create(site=site)
else:
is_queued = True
breadcrumbs = {
0: dict(name='Managed Web Service server: ' + str(site.name), url=site.get_absolute_url()),
1: dict(name='Production and test servers management', url=reverse(clone_vm_view, kwargs={'site_id': site.id}))
}
if request.method == 'POST':
if site.is_ready and site.test_service:
clone_vm_api_call.delay(site)
messages.info(request, 'The test server is being created. This will usually take around 10 minutes. You will need to refresh the page.')
elif not site.is_ready:
messages.error(request, 'The test server cannot be created while the production server is being configured.')
elif not site.test_service:
messages.error(request, 'The test server cannot be created at this moment, please contact [email protected]')
return redirect(site)
return render(request, 'mws/clone_vm.html', {
'breadcrumbs': breadcrumbs,
'site': site,
'can_upgrade': can_upgrade,
'is_queued': is_queued,
})
def set_dn_as_main(request, domain_id):
"""View(Controller) to set the domain name selected as the main domain of the vhost"""
domain = get_object_or_404(DomainName, pk=domain_id)
vhost = domain.vhost
site = privileges_check(vhost.service.site.id, request.user)
service = vhost.service
if site is None:
return HttpResponseForbidden()
if not service or not service.active or service.is_busy:
return redirect(site)
if request.method == 'POST':
vhost.main_domain = domain
vhost.save()
launch_ansible(
vhost.service
) # to update the vhost main domain name in the apache configuration
return HttpResponseRedirect(
reverse('listdomains', kwargs={'vhost_id': vhost.id}))
def certificates(request, vhost_id):
vhost = get_object_or_404(Vhost, pk=vhost_id)
site = privileges_check(vhost.service.site.id, request.user)
service = vhost.service
if site is None:
return HttpResponseForbidden()
if not service or not service.active or service.is_busy:
return redirect(site)
if not vhost.domain_names.all():
return redirect(
reverse('listvhost', kwargs={'service_id': vhost.service.id}))
breadcrumbs = {
0:
dict(name='Managed Web Service server: ' + str(site.name),
url=site.get_absolute_url()),
1:
dict(name='Server settings'
if vhost.service.primary else 'Test server settings',
url=reverse('sitesmanagement.views.service_settings',
kwargs={'service_id': vhost.service.id})),
2:
dict(name='Web sites management: %s' % vhost.name,
url=reverse('listvhost', kwargs={'service_id':
vhost.service.id})),
3:
dict(name='TLS/SSL Certificate',
url=reverse(certificates, kwargs={'vhost_id': vhost.id})),
}
error_message = None
if request.method == 'POST':
try:
if 'cert' in request.FILES:
try:
certificates_str = request.FILES['cert'].file.read()
cert = crypto.load_certificate(crypto.FILETYPE_PEM,
certificates_str)
except Exception as e:
raise ValidationError("The certificate file is invalid")
if vhost.csr is None:
raise ValidationError("CSR does not exists")
if not csr_match_crt(vhost.csr, certificates_str):
raise ValidationError(
"The certificate doesn't match the CSR")
issuer = None
for component in cert.get_issuer().get_components():
if component[0] == 'CN':
issuer = component[1]
if not issuer:
raise ValidationError(
"The certificate doesn't have any issuer")
if issuer not in CERTIFICATE_CHAINS:
raise ValidationError("Certificate issuer unknown by MWS")
vhost.certificate = certificates_str
vhost.certificate_chain = CERTIFICATE_CHAINS[issuer]
vhost.tls_enabled = True
if vhost.tls_key_hash == 'renewal_waiting_cert':
vhost.tls_key_hash = 'renewal_cert'
vhost.save()
launch_ansible(service)
else:
raise ValidationError("No Certificate uploaded")
except ValidationError as e:
error_message = e.message
return render(
request, 'mws/certificates.html', {
'breadcrumbs': breadcrumbs,
'vhost': vhost,
'service': vhost.service,
'site': site,
'sidebar_messages': warning_messages(site),
'error_message': error_message
})
def add_domain(request, vhost_id, socket_error=None):
"""View(Controller) to add a domain name to the vhost selected. """
vhost = get_object_or_404(Vhost, pk=vhost_id)
site = privileges_check(vhost.service.site.id, request.user)
service = vhost.service
if site is None:
return HttpResponseForbidden()
if not service or not service.active or service.is_busy:
return redirect(site)
if request.method == 'POST':
domain_form = DomainNameFormNew(request.POST)
if domain_form.is_valid():
domain_requested = domain_form.save(commit=False)
if domain_requested.name != '':
if is_camacuk(domain_requested.name):
if domain_requested.name.endswith(
".usertest.mws3.csx.cam.ac.uk"):
new_domain = DomainName.objects.create(
name=domain_requested.name,
status='accepted',
vhost=vhost,
requested_by=request.user)
new_domain.accept_it()
elif domain_requested.name.endswith(".mws3.csx.cam.ac.uk"):
new_domain = DomainName.objects.create(
name=domain_requested.name,
status='denied',
vhost=vhost,
requested_by=request.user)
elif 'special_case' in domain_form.data:
new_domain = DomainName.objects.create(
name=domain_requested.name,
status='special',
vhost=vhost,
requested_by=request.user,
reject_reason="User marked as special")
else:
new_domain = DomainName.objects.create(
name=domain_requested.name,
status='requested',
vhost=vhost,
requested_by=request.user)
ip_register_api_request.delay(new_domain)
else:
new_domain = DomainName.objects.create(
name=domain_requested.name,
status='external',
vhost=vhost,
requested_by=request.user)
if vhost.main_domain is None or \
vhost.main_domain.name == vhost.service.network_configuration.name:
vhost.main_domain = new_domain
vhost.save()
launch_ansible(
vhost.service
) # to add the new domain name to the vhost apache configuration
else:
breadcrumbs = {
0:
dict(name='Managed Web Service server: ' + str(site.name),
url=site.get_absolute_url()),
1:
dict(name='Server settings'
if vhost.service.primary else 'Test server settings',
url=reverse('sitesmanagement.views.service_settings',
kwargs={'service_id': vhost.service.id})),
2:
dict(name='Web sites management: %s' % vhost.name,
url=reverse('listvhost',
kwargs={'service_id': vhost.service.id})),
3:
dict(name='Domain Names management',
url=reverse('listdomains', kwargs={'vhost_id': vhost.id}))
}
return render(
request, 'mws/domains.html', {
'breadcrumbs': breadcrumbs,
'vhost': vhost,
'site': site,
'service': vhost.service,
'domain_form': domain_form,
'error': True
})
return redirect(reverse('listdomains', kwargs={'vhost_id': vhost.id}))
