def install_nginx_service(options, conf=None):
if conf is None:
conf = waptserver.config.load_config(options.configfile)
print("register nginx frontend")
repository_path = os.path.join(wapt_root_dir, 'waptserver', 'repository')
for repo_path in ('wapt', 'wapt-host', 'waptwua'):
mkdir_p(os.path.join(repository_path, repo_path))
run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' %
os.path.join(repository_path, repo_path))
mkdir_p(os.path.join(wapt_root_dir, 'waptserver', 'nginx', 'temp'))
run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' %
(os.path.join(wapt_root_dir, 'waptserver', 'nginx', 'temp')))
run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' %
os.path.join(wapt_root_dir, 'waptserver', 'nginx', 'logs'))
make_nginx_config(wapt_root_dir, conf['wapt_folder'], force=options.force)
service_binary = os.path.abspath(
os.path.join(wapt_root_dir, 'waptserver', 'nginx', 'nginx.exe'))
service_parameters = ''
service_logfile = os.path.join(log_directory, 'nssm_nginx.log')
service_name = 'WAPTNginx'
if setuphelpers.service_installed(
service_name) and setuphelpers.service_is_running(service_name):
setuphelpers.service_stop(service_name)
#print('Register "%s" in registry' % service_name)
install_windows_nssm_service(service_name, service_binary,
service_parameters, service_logfile)
time.sleep(5)
if setuphelpers.service_installed(
service_name
) and not setuphelpers.service_is_running(service_name):
setuphelpers.service_start(service_name)
def install_nginx_service(options,conf=None):
if conf is None:
conf = waptserver.config.load_config(options.configfile)
print("register nginx frontend")
repository_path = os.path.join(wapt_root_dir,'waptserver','repository')
for repo_path in ('wapt','wapt-host','waptwua'):
mkdir_p(os.path.join(repository_path,repo_path))
run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' % os.path.join(repository_path,repo_path))
mkdir_p(os.path.join(wapt_root_dir,'waptserver','nginx','temp'))
run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' % (os.path.join(wapt_root_dir,'waptserver','nginx','temp')))
run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' % os.path.join(wapt_root_dir,'waptserver','nginx','logs'))
run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' % os.path.join(wapt_root_dir,'log'))
make_nginx_config(wapt_root_dir, conf['wapt_folder'],force=options.force)
service_binary = os.path.abspath(os.path.join(wapt_root_dir,'waptserver','nginx','nginx.exe'))
service_parameters = ''
service_logfile = os.path.join(log_directory, 'nssm_nginx.log')
service_name = 'WAPTNginx'
if setuphelpers.service_installed(service_name) and setuphelpers.service_is_running(service_name):
setuphelpers.service_stop(service_name)
#print('Register "%s" in registry' % service_name)
install_windows_nssm_service(service_name,service_binary,service_parameters,service_logfile)
time.sleep(5)
if setuphelpers.service_installed(service_name) and not setuphelpers.service_is_running(service_name):
setuphelpers.service_start(service_name)
def install_wapttasks_service(options, conf=None):
if setuphelpers.service_installed('WAPTTasks'):
if setuphelpers.service_is_running('WAPTTasks'):
setuphelpers.service_stop('WAPTTasks')
setuphelpers.service_delete('WAPTTasks')
if conf is None:
conf = waptserver.config.load_config(options.configfile)
print("install wapttasks")
service_binary = os.path.abspath(
os.path.join(wapt_root_dir, 'waptpython.exe'))
service_parameters = '"%s" %s' % (os.path.join(
wapt_root_dir, 'waptserver', 'wapthuey.py'), 'tasks_common.huey -w 2')
service_logfile = os.path.join(log_directory, 'nssm_wapttasks.log')
service_dependencies = 'WAPTPostgresql'
install_windows_nssm_service('WAPTTasks', service_binary,
service_parameters, service_logfile,
service_dependencies)
tasks_db = os.path.join(wapt_root_dir, 'db')
setuphelpers.run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' % tasks_db)
if setuphelpers.service_installed('WAPTTasks'):
if not setuphelpers.service_is_running('WAPTTasks'):
setuphelpers.service_start('WAPTTasks')
def install_wapttasks_service(options,conf=None):
if setuphelpers.service_installed('WAPTTasks'):
if setuphelpers.service_is_running('WAPTTasks'):
setuphelpers.service_stop('WAPTTasks')
setuphelpers.service_delete('WAPTTasks')
if conf is None:
conf = waptserver.config.load_config(options.configfile)
print("install wapttasks")
service_binary = os.path.abspath(os.path.join(wapt_root_dir,'waptpython.exe'))
service_parameters = '"%s" %s' % (os.path.join(wapt_root_dir,'waptserver','wapthuey.py'),'waptenterprise.waptserver.wsus_tasks.huey -w 2')
service_logfile = os.path.join(log_directory, 'nssm_wapttasks.log')
service_dependencies = 'WAPTPostgresql'
install_windows_nssm_service('WAPTTasks',service_binary,service_parameters,service_logfile,service_dependencies)
tasks_db = os.path.join(wapt_root_dir,'db')
setuphelpers.run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' % tasks_db)
if setuphelpers.service_installed('WAPTTasks'):
if not setuphelpers.service_is_running('WAPTTasks'):
setuphelpers.service_start('WAPTTasks')
def install_postgresql_service(options, conf=None):
if conf is None:
conf = waptserver.config.load_config(options.configfile)
print("install postgres database")
pgsql_root_dir = r'%s\waptserver\pgsql-9.6' % wapt_root_dir
pgsql_data_dir = r'%s\waptserver\pgsql_data-9.6' % wapt_root_dir
pgsql_data_dir = pgsql_data_dir.replace('\\', '/')
print("build database directory")
if not os.path.exists(os.path.join(pgsql_data_dir, 'postgresql.conf')):
setuphelpers.mkdirs(pgsql_data_dir)
# need to have specific write acls for current user otherwise initdb fails...
setuphelpers.run(r'icacls "%s" /t /grant "%s":(OI)(CI)(M)' %
(pgsql_data_dir, GetUserName()))
setuphelpers.run(r'"%s\bin\initdb" -U postgres -E=UTF8 -D "%s"' %
(pgsql_root_dir, pgsql_data_dir))
setuphelpers.run(r'icacls "%s" /t /grant "*S-1-5-20":(OI)(CI)(M)' %
pgsql_data_dir)
print("start postgresql database")
if setuphelpers.service_installed('WaptPostgresql'):
if setuphelpers.service_is_running('WaptPostgresql'):
setuphelpers.service_stop('waptPostgresql')
setuphelpers.service_delete('waptPostgresql')
cmd = r'"%s\bin\pg_ctl" register -N WAPTPostgresql -U "nt authority\networkservice" -S auto -D "%s" ' % (
pgsql_root_dir, pgsql_data_dir)
print cmd
run(cmd)
setuphelpers.run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' %
log_directory)
setuphelpers.run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' %
pgsql_data_dir)
else:
print("database already instanciated, doing nothing")
# try to migrate from old version (pg 9.4, wapt 1.5)
old_pgsql_root_dir = r'%s\waptserver\pgsql' % wapt_root_dir
old_pgsql_data_dir = r'%s\waptserver\pgsql_data' % wapt_root_dir
old_pgsql_data_dir = old_pgsql_data_dir.replace('\\', '/')
if os.path.isdir(old_pgsql_data_dir) and os.path.isdir(old_pgsql_root_dir):
print('migrating database from previous postgresql DB')
migrate_pg_db(old_pgsql_root_dir, old_pgsql_data_dir, pgsql_root_dir,
pgsql_data_dir)
print('starting postgresql')
if not setuphelpers.service_is_running('waptpostgresql'):
setuphelpers.service_start('waptpostgresql')
# waiting for postgres to be ready
time.sleep(2)
print("creating wapt database")
import psycopg2
from psycopg2.extensions import ISOLATION_LEVEL_AUTOCOMMIT
conn = None
cur = None
try:
conn = psycopg2.connect('dbname=template1 user=postgres')
conn.set_isolation_level(ISOLATION_LEVEL_AUTOCOMMIT)
cur = conn.cursor()
cur.execute("select 1 from pg_roles where rolname='%(db_user)s'" %
conf)
val = cur.fetchone()
if val is None:
print(
"%(db_user)s pgsql user does not exists, creating %(db_user)s user"
% conf)
cur.execute("create user %(db_user)s" % conf)
cur.execute("select 1 from pg_database where datname='%(db_name)s'" %
conf)
val = cur.fetchone()
if val is None:
print(
"database %(db_name)s does not exists, creating %(db_name)s db"
% conf)
cur.execute("create database %(db_name)s owner %(db_user)s" % conf)
finally:
if cur:
cur.close()
if conn:
conn.close()
print("Creating/upgrading wapt tables")
run(r'"%s\waptpython.exe" "%s\waptserver\model.py" init_db -c "%s"' %
(wapt_root_dir, wapt_root_dir, options.configfile))
print("Done")
print('Import lcoal Packages data into database')
repo = WaptLocalRepo(conf['wapt_folder'])
load_db_config(conf)
Packages.update_from_repo(repo)
def install_waptserver_service(options,conf=None):
if setuphelpers.service_installed('WAPTServer'):
if setuphelpers.service_is_running('WAPTServer'):
setuphelpers.service_stop('WAPTServer')
setuphelpers.service_delete('WAPTServer')
if conf is None:
conf = waptserver.config.load_config(options.configfile)
conf_dir = os.path.join(wapt_root_dir,'conf')
if not os.path.isdir(conf_dir):
os.makedirs(conf_dir)
run(r'icacls "%s" /t /grant "*S-1-5-20":(OI)(CI)(M)' % conf_dir)
print("install waptserver")
service_binary = os.path.abspath(os.path.join(wapt_root_dir,'waptpython.exe'))
service_parameters = '"%s"' % os.path.join(wapt_root_dir,'waptserver','server.py')
service_logfile = os.path.join(log_directory, 'nssm_waptserver.log')
service_dependencies = 'WAPTPostgresql'
install_windows_nssm_service('WAPTServer',service_binary,service_parameters,service_logfile,service_dependencies)
tasks_db = os.path.join(wapt_root_dir,'db')
mkdir_p(tasks_db)
setuphelpers.run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' % tasks_db)
if not conf.get('secret_key'):
conf['secret_key'] = ''.join(random.SystemRandom().choice(string.letters + string.digits) for _ in range(64))
waptserver.config.write_config_file(options.configfile,conf)
if options.setpassword:
conf['wapt_password'] = pbkdf2_sha256.hash(base64.b64decode(options.setpassword).encode('utf8'))
waptserver.config.write_config_file(options.configfile,conf)
clients_signing_certificate = conf.get('clients_signing_certificate')
clients_signing_key = conf.get('clients_signing_key')
if not clients_signing_certificate or not clients_signing_key:
clients_signing_certificate = os.path.join(wapt_root_dir,'conf','ca-%s.crt' % fqdn())
clients_signing_key = os.path.join(wapt_root_dir,'conf','ca-%s.pem' % fqdn())
conf['clients_signing_certificate'] = clients_signing_certificate
conf['clients_signing_key'] = clients_signing_key
waptserver.config.write_config_file(options.configfile,conf)
if clients_signing_certificate is not None and clients_signing_key is not None and not os.path.isfile(clients_signing_certificate):
print('Create a certificate and key for clients certificate signing')
key = SSLPrivateKey(clients_signing_key)
if not os.path.isfile(clients_signing_key):
print('Create SSL RSA Key %s' % clients_signing_key)
key.create()
key.save_as_pem()
crt = key.build_sign_certificate(cn=fqdn(),is_code_signing=False,is_ca=True)
print('Create X509 cert %s' % clients_signing_certificate)
crt.save_as_pem(clients_signing_certificate)
# ensure Packages index
repo = WaptLocalRepo(conf['wapt_folder'])
repo.update_packages_index()
if setuphelpers.service_installed('WAPTServer'):
if not setuphelpers.service_is_running('WAPTServer'):
setuphelpers.service_start('WAPTServer')
def install_postgresql_service(options,conf=None):
if conf is None:
conf = waptserver.config.load_config(options.configfile)
print ("install postgres database")
pgsql_root_dir = r'%s\waptserver\pgsql-9.6' % wapt_root_dir
pgsql_data_dir = r'%s\waptserver\pgsql_data-9.6' % wapt_root_dir
pgsql_data_dir = pgsql_data_dir.replace('\\','/')
print ("about to build database directory")
if setuphelpers.service_installed('waptpostgresql') and setuphelpers.service_is_running('waptpostgresql'):
print('stopping postgresql')
setuphelpers.service_stop('waptpostgresql')
# waiting for postgres to be ready
time.sleep(2)
if not os.path.exists(os.path.join(pgsql_data_dir,'postgresql.conf')):
setuphelpers.mkdirs(pgsql_data_dir)
# need to have specific write acls for current user otherwise initdb fails...
setuphelpers.run(r'icacls "%s" /t /grant "%s":(OI)(CI)(M)' % (pgsql_data_dir,GetUserName()))
setuphelpers.run(r'"%s\bin\initdb" -U postgres -E=UTF8 -D "%s"' % (pgsql_root_dir,pgsql_data_dir))
setuphelpers.run(r'icacls "%s" /t /grant "*S-1-5-20":(OI)(CI)(M)' % pgsql_data_dir)
else:
print("database already instanciated, doing nothing")
print("start postgresql database")
if setuphelpers.service_installed('WaptPostgresql'):
if setuphelpers.service_is_running('WaptPostgresql'):
setuphelpers.service_stop('waptPostgresql')
setuphelpers.service_delete('waptPostgresql')
cmd = r'"%s\bin\pg_ctl" register -N WAPTPostgresql -U "nt authority\networkservice" -S auto -D "%s" ' % (pgsql_root_dir ,pgsql_data_dir)
run(cmd)
setuphelpers.run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' % log_directory)
setuphelpers.run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' % pgsql_data_dir)
# try to migrate from old version (pg 9.4, wapt 1.5)
old_pgsql_root_dir = r'%s\waptserver\pgsql' % wapt_root_dir
old_pgsql_data_dir = r'%s\waptserver\pgsql_data' % wapt_root_dir
old_pgsql_data_dir = old_pgsql_data_dir.replace('\\','/')
if os.path.isdir(old_pgsql_data_dir) and os.path.isdir(old_pgsql_root_dir):
print('migrating database from previous postgresql DB')
migrate_pg_db(old_pgsql_root_dir,old_pgsql_data_dir,pgsql_root_dir,pgsql_data_dir)
print('starting postgresql')
if not setuphelpers.service_is_running('waptpostgresql'):
setuphelpers.service_start('waptpostgresql')
# waiting for postgres to be ready
time.sleep(2)
print("checking wapt database")
import psycopg2
from psycopg2.extensions import ISOLATION_LEVEL_AUTOCOMMIT
conn = None
cur = None
try:
conn = psycopg2.connect('dbname=template1 user=postgres')
conn.set_isolation_level(ISOLATION_LEVEL_AUTOCOMMIT)
cur = conn.cursor()
cur.execute("select 1 from pg_roles where rolname='%(db_user)s'" % conf)
val = cur.fetchone()
if val is None:
print("%(db_user)s pgsql user does not exists, creating %(db_user)s user" % conf)
cur.execute("create user %(db_user)s" % conf)
cur.execute("select 1 from pg_database where datname='%(db_name)s'" % conf)
val = cur.fetchone()
if val is None:
print ("database %(db_name)s does not exists, creating %(db_name)s db" % conf)
cur.execute("create database %(db_name)s owner %(db_user)s" % conf)
finally:
if cur:
cur.close()
if conn:
conn.close()
print("Creating/upgrading wapt db tables")
run(r'"%s\waptpython.exe" "%s\waptserver\model.py" init_db -c "%s"' % (wapt_root_dir, wapt_root_dir, options.configfile ))
print("Done")
print('Import lcoal Packages data into database')
repo = WaptLocalRepo(conf['wapt_folder'])
load_db_config(conf)
Packages.update_from_repo(repo)
def install_waptserver_service(options,conf=None):
if setuphelpers.service_installed('WAPTServer'):
if setuphelpers.service_is_running('WAPTServer'):
setuphelpers.service_stop('WAPTServer')
setuphelpers.service_delete('WAPTServer')
if conf is None:
conf = waptserver.config.load_config(options.configfile)
conf_dir = os.path.join(wapt_root_dir,'conf')
if not os.path.isdir(conf_dir):
os.makedirs(conf_dir)
run(r'icacls "%s" /t /grant "*S-1-5-20":(OI)(CI)(M)' % conf_dir)
if not conf.get('server_uuid'):
conf['server_uuid'] = str(uuid.uuid1())
waptserver.config.write_config_file(options.configfile,conf)
print("install waptserver")
service_binary = os.path.abspath(os.path.join(wapt_root_dir,'waptpython.exe'))
service_parameters = '"%s"' % os.path.join(wapt_root_dir,'waptserver','server.py')
service_logfile = os.path.join(log_directory, 'nssm_waptserver.log')
service_dependencies = 'WAPTPostgresql'
install_windows_nssm_service('WAPTServer',service_binary,service_parameters,service_logfile,service_dependencies)
tasks_db = os.path.join(wapt_root_dir,'db')
mkdir_p(tasks_db)
setuphelpers.run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' % tasks_db)
if not conf.get('secret_key'):
conf['secret_key'] = ''.join(random.SystemRandom().choice(string.letters + string.digits) for _ in range(64))
waptserver.config.write_config_file(options.configfile,conf)
if options.setpassword:
conf['wapt_password'] = pbkdf2_sha256.hash(base64.b64decode(options.setpassword).encode('utf8'))
waptserver.config.write_config_file(options.configfile,conf)
clients_signing_certificate = conf.get('clients_signing_certificate')
clients_signing_key = conf.get('clients_signing_key')
if not clients_signing_certificate or not clients_signing_key:
clients_signing_certificate = os.path.join(wapt_root_dir,'conf','ca-%s.crt' % fqdn())
clients_signing_key = os.path.join(wapt_root_dir,'conf','ca-%s.pem' % fqdn())
conf['clients_signing_certificate'] = clients_signing_certificate
conf['clients_signing_key'] = clients_signing_key
waptserver.config.write_config_file(options.configfile,conf)
if clients_signing_certificate is not None and clients_signing_key is not None and not os.path.isfile(clients_signing_certificate):
print('Create a certificate and key for clients certificate signing')
key = SSLPrivateKey(clients_signing_key)
if not os.path.isfile(clients_signing_key):
print('Create SSL RSA Key %s' % clients_signing_key)
key.create()
key.save_as_pem()
crt = key.build_sign_certificate(cn=fqdn(),is_code_signing=False,is_ca=True)
print('Create X509 cert %s' % clients_signing_certificate)
crt.save_as_pem(clients_signing_certificate)
# ensure Packages index
repo = WaptLocalRepo(conf['wapt_folder'])
repo.update_packages_index()
#Migrate file for new version waptwua
wuafolder = conf['waptwua_folder']
for (root,dirs,files) in list(os.walk(wuafolder,topdown=False)):
if root == os.path.join(wuafolder,'.stfolder'):
continue
for f in files:
oldpath = os.path.join(root,f)
newpath = os.path.join(wuafolder,f)
if os.path.isfile(newpath):
continue
print('Move %s --> %s' % (oldpath,newpath))
os.rename(oldpath,newpath)
for d in dirs:
if d == '.stfolder':
continue
print('Delete folder %s' % os.path.join(root,d))
shutil.rmtree(os.path.join(root,d))
if setuphelpers.service_installed('WAPTServer'):
if not setuphelpers.service_is_running('WAPTServer'):
setuphelpers.service_start('WAPTServer')
def install_postgresql_service():
print("install postgres database")
pgsql_root_dir = r'%s\waptserver\pgsql' % wapt_root_dir
pgsql_data_dir = r'%s\waptserver\pgsql_data' % wapt_root_dir
pgsql_data_dir = pgsql_data_dir.replace('\\', '/')
print("build database directory")
if os.path.exists(os.path.join(pgsql_data_dir, 'postgresql.conf')):
print("database already instanciated, doing nothing")
# TODO: check that database is fully working and up to date
# TODO: add a force option
return
print("init pgsql data directory")
pg_data_dir = os.path.join(wapt_root_dir, 'waptserver', 'pgsql_data')
setuphelpers.mkdirs(pg_data_dir)
# need to have specific write acls for current user otherwise initdb fails...
setuphelpers.run(r'icacls "%s" /t /grant "%s":(OI)(CI)(M)' %
(pg_data_dir, GetUserName()))
setuphelpers.run(
r'"%s\waptserver\pgsql\bin\initdb" -U postgres -E=UTF8 -D "%s\waptserver\pgsql_data"'
% (wapt_root_dir, wapt_root_dir))
setuphelpers.run(r'icacls "%s" /t /grant "*S-1-5-20":(OI)(CI)(M)' %
pg_data_dir)
print("start postgresql database")
if setuphelpers.service_installed('WaptPostgresql'):
if setuphelpers.service_is_running('WaptPostgresql'):
setuphelpers.service_stop('waptPostgresql')
setuphelpers.service_delete('waptPostgresql')
cmd = r'"%s\bin\pg_ctl" register -N WAPTPostgresql -U "nt authority\networkservice" -S auto -D "%s" ' % (
pgsql_root_dir, os.path.join(wapt_root_dir, 'waptserver',
'pgsql_data'))
print cmd
run(cmd)
setuphelpers.run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' %
log_directory)
setuphelpers.run(r'icacls "%s" /grant "*S-1-5-20":(OI)(CI)(M)' %
pgsql_data_dir)
print('starting postgresql')
run('net start waptpostgresql')
#cmd = r"%s\bin\pg_ctl.exe -D %s start" % (pgsql_root_dir, pgsql_data_dir)
#devnull = open(os.devnull,'wb')
#print(subprocess.Popen(cmd,shell=True))
# waiting for postgres to be ready
time.sleep(1)
print("creating wapt database")
import psycopg2
from psycopg2.extensions import ISOLATION_LEVEL_AUTOCOMMIT
conn = psycopg2.connect('dbname=template1 user=postgres')
conn.set_isolation_level(ISOLATION_LEVEL_AUTOCOMMIT)
cur = conn.cursor()
cur.execute("select 1 from pg_roles where rolname='wapt'")
val = cur.fetchone()
if val != 1:
print("wapt pgsql user does not exists, creating wapt user")
cur.execute("create user wapt")
val = cur.execute("select 1 from pg_database where datname='wapt'")
if val != 1:
print("database wapt does not exists, creating wapt db")
cur.execute(r"create extension hstore")
cur.execute("create database wapt owner wapt")
cur.close()
conn.close()
run(r'"%s\waptpython.exe" "%s\waptserver\waptserver_model.py" init_db' %
(wapt_root_dir, wapt_root_dir))
time.sleep(1)
setuphelpers.service_stop('waptpostgresql')