def _get_app_network(self):
_logger.debug('Getting network for %s' % self.app)
network = ucr_get(self.app.ucr_ip_key)
if network and '/' in network:
_logger.debug('Found %s' % network)
try:
network = IPv4Network(u'%s' % (network, ), False)
except ValueError as exc:
_logger.warn('Error using the network %s: %s' % (network, exc))
return None
else:
return network
docker0_net = IPv4Network(
u'%s' %
(ucr_get('appcenter/docker/compose/network', '172.16.1.1/16'), ),
False)
gateway, netmask = docker0_net.exploded.split('/',
1) # '172.16.1.1', '16'
used_docker_networks = []
for _app in Apps().get_all_apps(
): # TODO: find container not managed by the App Center?
if _app.id == self.app.id:
continue
ip = ucr_get(_app.ucr_ip_key)
try:
app_network = IPv4Network(u'%s' % (ip, ), False)
except ValueError as exc:
continue
else:
used_docker_networks.append(app_network)
prefixlen_diff = 24 - int(netmask)
if prefixlen_diff <= 0:
_logger.warn(
'Cannot get a subnet big enough'
) # maybe I could... but currently, I only work with 24-netmasks
return None
for network in docker0_net.subnets(
prefixlen_diff
): # 172.16.1.1/24, 172.16.2.1/24, ..., 172.16.255.1/24
_logger.debug('Testing %s' % network)
if IPv4Address(u'%s' % (gateway, )) in network:
_logger.debug('Refusing due to "main subnet"')
continue
if any(
app_network.overlaps(network)
for app_network in used_docker_networks):
_logger.debug('Refusing due to range already used')
continue
return network
_logger.warn('Cannot find any viable subnet')
def to_dict(cls, app):
ret = app.attrs_dict()
ret['logo_name'] = app.logo_name
ret['logo_detail_page_name'] = app.logo_detail_page_name
ret['license_description'] = app.license_description
ret['thumbnails'] = app.get_thumbnail_urls()
ret['is_installed'] = app.is_installed()
ret['is_current'] = app.without_repository or ucr_get('repository/online/component/%s' % app.component_id) == 'enabled'
ret['local_role'] = ucr_get('server/role')
ret['is_master'] = ret['local_role'] == 'domaincontroller_master'
ret['host_master'] = ucr_get('ldap/master')
ret['is_ucs_component'] = app.is_ucs_component()
ret.update(cls._candidate_dict(app))
return ret
def _install_app(self, app, args):
self._register_component(app)
install_master = False
if app.default_packages_master:
if ucr_get('server/role') == 'domaincontroller_master':
self._install_master_packages(app, 30)
install_master = True
for host, is_master in self._find_hosts_for_master_packages(args):
self._install_only_master_packages_remotely(
app, host, is_master, args)
if ucr_get('server/role') == 'domaincontroller_backup':
self._install_master_packages(app, 30)
install_master = True
return self._install_packages(
app.get_packages(), 80, update=not install_master).returncode == 0
def update_certificates(self, app):
hostname = ucr_get('hostname')
domain = ucr_get('domainname')
docker_host_cert = '/etc/univention/ssl/' + hostname + '.' + domain
if app.docker:
docker = self._get_docker(app)
if docker.is_running():
ca_path = '/etc/univention/ssl/ucsCA/CAcert.pem'
if os.path.isfile(ca_path):
# update-ca-certificates, debian, ubuntu, appbox
docker.execute('mkdir',
'-p',
'/usr/local/share/ca-certificates',
_logger=self.logfile_logger)
docker.cp_to_container(
ca_path,
'/usr/local/share/ca-certificates/ucs.crt',
_logger=self.logfile_logger)
if docker.execute(
'which',
'update-ca-certificates',
_logger=self.logfile_logger).returncode == 0:
docker.execute('update-ca-certificates',
_logger=self.logfile_logger)
# appboox ca cert
docker.execute('mkdir',
'-p',
'/etc/univention/ssl/ucsCA/',
_logger=self.logfile_logger)
docker.cp_to_container(ca_path,
ca_path,
_logger=self.logfile_logger)
# docker host cert canonical name and ucs path
if os.path.isfile('{0}/cert.pem'.format(
docker_host_cert)) and os.path.isfile(
'{0}/private.key'.format(docker_host_cert)):
# canonical name
self._copy_host_cert(
docker, docker_host_cert,
'/etc/univention/ssl/docker-host-certificate')
# ucs name
self._copy_host_cert(docker, docker_host_cert,
docker_host_cert)
else:
self.warn(
'Could not update certificates for {0}, app is not running'
.format(app))
super(UpdateCertificates, self).update_certificates(app)
def _install_app(self, app, args):
if self._register_component(app):
update_packages()
if app.default_packages_master:
if ucr_get('server/role') == 'domaincontroller_master':
self._install_master_packages(app)
self.percentage = 30
for host, is_master in find_hosts_for_master_packages():
self._install_only_master_packages_remotely(
app, host, is_master, args)
if ucr_get('server/role') == 'domaincontroller_backup':
self._install_master_packages(app)
self.percentage = 30
ret = self._install_packages(app.get_packages())
self.percentage = 80
return ret
def create_extended_attribute(attribute, app, layout_position, lo, pos):
attrs = {}
attribute_position = '%s,%s' % (attribute.position, ucr_get('ldap/base'))
create_recursive_container(attribute_position, lo, pos)
pos.setDn(attribute_position)
attrs['name'] = attribute.name
attrs['shortDescription'] = attribute.description
if attribute.long_description:
attrs['longDescription'] = attribute.long_description
if attribute.description_de:
attrs['translationShortDescription'] = [('de_DE',
attribute.description_de)]
if attribute.long_description_de:
attrs['translationLongDescription'] = [('de_DE',
attribute.long_description_de)]
attrs['syntax'] = attribute._udm_syntax or attribute.syntax
attrs['multivalue'] = not attribute.single_value
if attribute.default:
attrs['default'] = attribute.default
attrs['tabPosition'] = str(layout_position)
attrs['tabName'] = 'Apps'
attrs['groupName'] = app.name
attrs['ldapMapping'] = attribute.name
attrs['objectClass'] = attribute.belongs_to
attrs['module'] = attribute.module
attrs['deleteObjectClass'] = True
attrs['mayChange'] = True
attrs['fullWidth'] = attribute._full_width
attribute_logger.debug('Creating DN: %s' % attribute.dn)
if not create_object_if_not_exists('settings/extended_attribute', lo, pos,
**attrs):
attribute_logger.debug('... already exists. Overwriting!')
modify_object('settings/extended_attribute', lo, pos, attribute.dn,
**attrs)
def access(image):
if '/' not in image:
return True
hub, image_name = image.split('/', 1)
if ':' in image_name:
image_name, image_tag = image_name.split(':', 1)
else:
image_tag = 'latest'
url = 'https://%s/v2/%s/manifests/%s' % (hub, image_name, image_tag)
username = password = ucr_get('uuid/license')
auth = encodestring('%s:%s' % (username, password)).replace('\n', '')
request = urllib_request.Request(
url, headers={'Authorization': 'Basic %s' % auth})
try:
urlopen(request)
except urllib_request.HTTPError as exc:
if exc.getcode() == 401:
return False
else:
return False # TODO
except (urllib_request.URLError, ssl.CertificateError,
http_client.BadStatusLine):
return False # TODO
else:
return True
def test_install(self, app):
server_role = ucr_get('server/role')
if not app._allowed_on_local_server():
return {
'current_role': server_role,
'allowed_roles': ', '.join(app.server_role),
}
def to_dict(cls, app):
ret = super(Get, cls).to_dict(app)
configure = get_action('configure')
ret['config'] = configure.list_config(app)
ret['is_running'] = app_is_running(app)
ret['autostart'] = ucr_get('%s/autostart' % app.id, 'yes')
return ret
def main(self, args):
meta_inf_dir = os.path.join(args.path, 'meta-inf', args.ucs_version)
repo_dir = os.path.join(args.path, 'univention-repository', args.ucs_version, 'maintained', 'component')
self.generate_index_json(meta_inf_dir, repo_dir, args.ucs_version, args.appcenter_host)
if args.ucs_version == ucr_get('version/version'):
update = get_action('update')
update.call_safe()
def install_app(app, set_vars=None):
username = re.match('uid=([^,]*),.*',
ucr_get('tests/domainadmin/account')).groups()[0]
install = get_action('install')
subprocess.run(['apt-get', 'update'], check=True)
install.call(app=[app],
username=username,
password=ucr_get('tests/domainadmin/pwd'),
noninteractive=True,
set_vars=set_vars)
yield app
remove = get_action('remove')
remove.call(app=[app],
username=username,
password=ucr_get('tests/domainadmin/pwd'),
noninteractive=True)
def main(self, args):
prev_unmaintained = ucr_get('repository/online/unmaintained', 'no')
ucr_save({'repository/online/unmaintained': 'true'})
ret_code = self._subprocess(
['univention-install', '-y',
'ucs-test-selenium-runner']).returncode
ucr_save({'repository/online/unmaintained': prev_unmaintained})
return ret_code != 0
def get_db_host(self):
bip = ucr_get('docker/daemon/default/opts/bip', '172.17.42.1/16')
try:
IPv4Network(u'%s' % (bip, ), False)
except AddressValueError:
raise DatabaseInfoError('Could not find DB host for %r' % bip)
else:
ip_address = IPv4Address(u'%s' % (bip.split('/', 1)[0], ))
return str(ip_address)
def _find_hosts_for_master_packages(self, args):
lo, pos = self._get_ldap_connection(args,
allow_machine_connection=True)
hosts = []
for host in search_objects('computers/domaincontroller_master', lo,
pos):
hosts.append((host.info.get('fqdn'), True))
for host in search_objects('computers/domaincontroller_backup', lo,
pos):
hosts.append((host.info.get('fqdn'), False))
try:
local_fqdn = '%s.%s' % (ucr_get('hostname'), ucr_get('domainname'))
local_is_master = ucr_get(
'server/role') == 'domaincontroller_master'
hosts.remove((local_fqdn, local_is_master))
except ValueError:
# not in list
pass
return hosts
