Exemple #1
0
def fw_block(vserver, ips):

    vss = vsutil.list_vservers()
    if not vss.has_key(vserver):
        print 'ERROR: No such vserver: %s' % vserver
        return

    vsutil.fw_block(vserver, ips)
Exemple #2
0
def fw_close(vserver, proto, port, ips=[]):

    vss = vsutil.list_vservers()
    if not vss.has_key(vserver):
        print 'ERROR: No such vserver: %s' % vserver
        return

    vsutil.fw_close(vserver, proto, port, ips)
Exemple #3
0
def fw_block(vserver, ips):

    vss = vsutil.list_vservers()
    if not vss.has_key(vserver):
        print 'ERROR: No such vserver: %s' % vserver
        return

    vsutil.fw_block(vserver, ips)
Exemple #4
0
def fw_start(vserver, mode):

    vss = vsutil.list_vservers()
    if not vss.has_key(vserver):
        print 'ERROR: No such vserver: %s' % vserver
        return

    vsutil.fw_start(vserver, mode)
Exemple #5
0
def fw_close(vserver, proto, port, ips=[]):

    vss = vsutil.list_vservers()
    if not vss.has_key(vserver):
        print 'ERROR: No such vserver: %s' % vserver
        return

    vsutil.fw_close(vserver, proto, port, ips)
Exemple #6
0
def fw_start(vserver, mode):

    vss = vsutil.list_vservers()
    if not vss.has_key(vserver):
        print 'ERROR: No such vserver: %s' % vserver
        return

    vsutil.fw_start(vserver, mode)
Exemple #7
0
def set_bwlimit(vserver, limit):

    vss = vsutil.list_vservers()
    if not vss.has_key(vserver):
        print 'ERROR: No such vserver: %s' % vserver
        return

    vsutil.set_bwlimit(vserver, limit)
    vsutil.set_tc_class(vserver)
Exemple #8
0
def set_bwlimit(vserver, limit):

    vss = vsutil.list_vservers()
    if not vss.has_key(vserver):
        print 'ERROR: No such vserver: %s' % vserver
        return

    vsutil.set_bwlimit(vserver, limit)
    vsutil.set_tc_class(vserver)
Exemple #9
0
def fw_finish(vserver):

    vss = vsutil.list_vservers()
    if not vss.has_key(vserver):
        print 'ERROR: No such vserver: %s' % vserver
        return

    vsutil.fw_finish(vserver)

    # this is a bit of a hack - it seems that upon startup not
    # necessary modules are loaded confusing our vserver startup
    # when we save them, the OS will figure out what needs to be
    # loaded.
    cmd = "/sbin/service iptables save"
    print cmd
    print commands.getoutput(cmd)
Exemple #10
0
def fw_finish(vserver):

    vss = vsutil.list_vservers()
    if not vss.has_key(vserver):
        print 'ERROR: No such vserver: %s' % vserver
        return

    vsutil.fw_finish(vserver)

    # this is a bit of a hack - it seems that upon startup not
    # necessary modules are loaded confusing our vserver startup
    # when we save them, the OS will figure out what needs to be
    # loaded.
    cmd = "/sbin/service iptables save"
    print cmd
    print commands.getoutput(cmd)
Exemple #11
0
def collect_stats():

    # this function will walk through xids and collect
    # stats for them and write to rrd all at the same time

    # get iptables counters for all contexts
    input, output = iptables_info()

    # get vserver configs
    vservers = vsutil.list_vservers()

    # walk through /proc/virtual/*, these are active vservers
    virtual = filter(str.isdigit, os.listdir('/proc/virtual'))

    for xid in virtual:

        # lookup vserver name (a little complex, but it works)
        server  = filter(lambda x: x[1] == xid, \
                         [(name, vservers[name]['context']) for name in vservers.keys()])
        if server:
            server = server[0][0]
        else:
            # this is a zombie - it exists in /proc/virtual, but there is no such xid
            continue

        # do all of the above

        data = {}

        try:

            data.update(bandwidth(server, input, output, vservers))
            data.update(disk(xid))
            data.update(limits(xid))
            data.update(sched(xid))
            data.update(ipcs(xid))

            update_rrd(server, data)

        except ValueError, AttributeError:
            # vserver no longer running
            log('Vserver %s(%s) does not appear to be running or not enterable'
                % (server, xid))
Exemple #12
0
def collect_stats():

    # this function will walk through xids and collect
    # stats for them and write to rrd all at the same time

    # get iptables counters for all contexts
    input, output = iptables_info()

    # get vserver configs
    vservers = vsutil.list_vservers()

    # walk through /proc/virtual/*, these are active vservers
    virtual = filter(str.isdigit, os.listdir("/proc/virtual"))

    for xid in virtual:

        # lookup vserver name (a little complex, but it works)
        server = filter(lambda x: x[1] == xid, [(name, vservers[name]["context"]) for name in vservers.keys()])
        if server:
            server = server[0][0]
        else:
            # this is a zombie - it exists in /proc/virtual, but there is no such xid
            continue

        # do all of the above

        data = {}

        try:

            data.update(bandwidth(server, input, output, vservers))
            data.update(disk(xid))
            data.update(limits(xid))
            data.update(sched(xid))
            data.update(ipcs(xid))

            update_rrd(server, data)

        except ValueError, AttributeError:
            # vserver no longer running
            log("Vserver %s(%s) does not appear to be running or not enterable" % (server, xid))
Exemple #13
0
def restore(dumpfile, refserver):

    # this is quite simply the reverse of dump

    # first let's check the sig

    # XXX is 4096 enough?
    header = open(dumpfile).read(4096)

    if header[:len('\openvps-dump')] != '\0openvps-dump':
        print '%s is not an openvps-dump file, aborting.' % dumpfile
        return

    # this would need to be adjusted if we alter the header
    h_len = 8  # including the sig

    header, junk = header.split('|\0', 1)

    # remember the offset
    offset = len(header) + 2

    header = header.split('|', h_len)
    if len(header) < h_len:
        print 'Bad header, %s may be corrupt, aborting.' % dumpfile
        return

    header, stored_digest = '|'.join(header[:-1]), header[-1]
    digest = hmac.new(cfg.DUMP_SECRET, header).hexdigest()
    if stored_digest != digest:
        print 'The header signature in %s is bad, check your DUMP_SECRET value, aborting.' % dumpfile
        return

    # split it back now
    header = header.split('|')

    ## now do some sanity checking: make sure xid, name and ips aren't in use
    abort = 0

    vss = vsutil.list_vservers()

    # check name
    vserver_name = header[3]
    if vss.has_key(vserver_name):
        print 'New vserver "%s" already exists.' % vserver_name
        abort = 1

    # check xid
    context = header[4]
    for vs in vss.keys():
        if vss[vs]['context'] == context:
            print 'New vserver "%s" wants xid %s, but it is in use by "%s".' \
                  % (vserver_name, context, vs)
            abort = 1

    # check ips
    ips = header[5].split(',')
    ips = [ip.split(':')[1].split('/')[0] for ip in ips]
    for vs in vss.keys():
        for ifc in vss[vs]['interfaces']:
            if ifc['ip'] in ips:
                print 'New vserver "%s" wants ip %s, but it is in use by "%s".' \
                      % (vserver_name, ifc['ip'], vs)
                abort = 1

    # does the target exist?
    path = os.path.join(cfg.VSERVERS_ROOT, vserver_name)
    if os.path.exists(path):
        print 'Path %s already exists, please fix this first.' % path
        abort = 1

    path = os.path.join(cfg.VSERVERS_ROOT, context)
    if os.path.exists(path):
        print 'Path %s already exists, please fix this first.' % path
        abort = 1

    if abort:
        print 'Aborting.'
        return

    ## at this point it should be safe to restore

    ## first clone it
    clone(refserver, os.path.join(cfg.VSERVERS_ROOT, vserver_name))

    ## now unarchive
    fd_r, fd_w = os.pipe()

    # write the password to the new file descriptor so openssl can read it
    os.write(fd_w, cfg.DUMP_SECRET + '\n')

    # note that we specify 'u' in cpio here for unconditionl,
    # i.e. don't worry about overwriting newer files with older
    # ones. this is the only way it would work if the reference server
    # has progressed and has a newer rpm database. a subsequent
    # vserver update should cure any incompatibilities anyway.

    cmd = 'dd if=%s bs=1 skip=%d obs=1024 | /usr/bin/openssl bf -d -salt -pass fd:%d | /usr/bin/bzip2 -d | /bin/cpio -idvuHcrc' \
          % (dumpfile, offset, fd_r)
    pipe = os.popen(cmd, 'r', 0)
    s = pipe.read(1)
    while s:
        sys.stdout.write(s)
        sys.stdout.flush()
        s = pipe.read(1)
    pipe.close()
    os.close(fd_w)

    ## lastly fix xids
    fixxids(os.path.join(cfg.VSERVERS_ROOT, vserver_name), context)

    ## and finally, set the disk limits
    dl = header[6]
    d_used, d_lim, i_used, i_lim, r = dl.split(',')
    vserver_disk_limit(os.path.join(cfg.VSERVERS_ROOT, vserver_name),
                       context,
                       d_lim,
                       d_used=d_used,
                       i_used=i_used)

    print 'Done!'
Exemple #14
0
def restore(dumpfile, refserver):

    # this is quite simply the reverse of dump

    # first let's check the sig

    # XXX is 4096 enough?
    header = open(dumpfile).read(4096)

    if header[:len('\openvps-dump')] != '\0openvps-dump':
        print '%s is not an openvps-dump file, aborting.' % dumpfile
        return

    # this would need to be adjusted if we alter the header
    h_len = 8 # including the sig

    header, junk = header.split('|\0', 1)

    # remember the offset
    offset = len(header)+2

    header = header.split('|', h_len)
    if len(header) < h_len:
        print 'Bad header, %s may be corrupt, aborting.' % dumpfile
        return

    header, stored_digest = '|'.join(header[:-1]), header[-1]
    digest = hmac.new(cfg.DUMP_SECRET, header).hexdigest()
    if stored_digest != digest:
        print 'The header signature in %s is bad, check your DUMP_SECRET value, aborting.' % dumpfile
        return

    # split it back now
    header = header.split('|')

    ## now do some sanity checking: make sure xid, name and ips aren't in use
    abort = 0
    
    vss = vsutil.list_vservers()

    # check name
    vserver_name = header[3]
    if vss.has_key(vserver_name):
        print 'New vserver "%s" already exists.' % vserver_name
        abort = 1

    # check xid
    context = header[4]
    for vs in vss.keys():
        if vss[vs]['context'] == context:
            print 'New vserver "%s" wants xid %s, but it is in use by "%s".' \
                  % (vserver_name, context, vs)
            abort = 1

    # check ips
    ips = header[5].split(',')
    ips = [ip.split(':')[1].split('/')[0] for ip in ips]
    for vs in vss.keys():
        for ifc in vss[vs]['interfaces']:
            if ifc['ip'] in ips:
                print 'New vserver "%s" wants ip %s, but it is in use by "%s".' \
                      % (vserver_name, ifc['ip'], vs)
                abort = 1

    # does the target exist?
    path = os.path.join(cfg.VSERVERS_ROOT, vserver_name)
    if os.path.exists(path):
        print 'Path %s already exists, please fix this first.' % path
        abort = 1

    path = os.path.join(cfg.VSERVERS_ROOT, context)
    if os.path.exists(path):
        print 'Path %s already exists, please fix this first.' % path
        abort = 1

    if abort:
        print 'Aborting.'
        return

    ## at this point it should be safe to restore

    ## first clone it
    clone(refserver,  os.path.join(cfg.VSERVERS_ROOT, vserver_name))

    ## now unarchive
    fd_r, fd_w = os.pipe()

    # write the password to the new file descriptor so openssl can read it
    os.write(fd_w, cfg.DUMP_SECRET+'\n')

    # note that we specify 'u' in cpio here for unconditionl,
    # i.e. don't worry about overwriting newer files with older
    # ones. this is the only way it would work if the reference server
    # has progressed and has a newer rpm database. a subsequent
    # vserver update should cure any incompatibilities anyway.

    cmd = 'dd if=%s bs=1 skip=%d obs=1024 | /usr/bin/openssl bf -d -salt -pass fd:%d | /usr/bin/bzip2 -d | /bin/cpio -idvuHcrc' \
          % (dumpfile, offset, fd_r)
    pipe = os.popen(cmd, 'r', 0)
    s = pipe.read(1)
    while s:
        sys.stdout.write(s); sys.stdout.flush()
        s = pipe.read(1)
    pipe.close()
    os.close(fd_w)

    ## lastly fix xids
    fixxids(os.path.join(cfg.VSERVERS_ROOT, vserver_name), context)

    ## and finally, set the disk limits
    dl = header[6]
    d_used, d_lim, i_used, i_lim, r = dl.split(',')
    vserver_disk_limit(os.path.join(cfg.VSERVERS_ROOT, vserver_name),
                       context, d_lim, d_used=d_used, i_used=i_used)

    print 'Done!'