def init_ejbca_vpn(self): """ Configures EJBCA for use for VPN Throws an exception if something goes wrong. :return: """ if self.args.no_ejbca_install: logger.warning('EJBCA disabled, cannot prepare VPN vars') return ret = self.ejbca.vpn_create_ca() if ret != 0: raise errors.SetupError('Cannot create CA for the VPN') ret = self.ejbca.vpn_create_profiles() if ret != 0: raise errors.SetupError( 'Cannot create new identity profiles in EJBCA for VPN') time.sleep(2) ret = self.ejbca.vpn_create_server_certs() if ret != 0: raise errors.SetupError( 'Cannot create new certificate for VPN server') ret = self.ejbca.vpn_create_crl() if ret != 0: raise errors.SetupError('Cannot generate new CRL for the VPN') self.vpn_keys = self.ejbca.vpn_get_server_cert_paths() self.vpn_crl = self.ejbca.vpn_get_crl_path() self.vpn_client_config = self.ejbca.vpn_get_vpn_client_config_path() self.ejbca.vpn_install_cron()
def untar_get_single_dir(archive_path, sysconfig): """ tar -xzvf archive && get the only one folder in the archive folder archive_path should be the only file in the directory. :param archive: :return: """ basedir = os.path.dirname(archive_path) cmd = 'tar -xzf %s' % archive_path ret, out, err = sysconfig.cli_cmd_sync(cmd, write_dots=True, cwd=basedir) if ret != 0: raise errors.SetupError('Could not extract the archive') folders = [ f for f in os.listdir(basedir) if not os.path.isfile(os.path.join(basedir, f)) and f != '.' and f != '..' ] if len(folders) != 1: raise errors.SetupError( 'Invalid folder structure after update extraction') archive_dir = os.path.join(basedir, folders[0]) return archive_dir
def init_vpn(self): """ Installs and configures VPN daemon. Throws an exception if something goes wrong. :return: """ self.ovpn.config = self.config ret = self.ovpn.install() if ret != 0: raise errors.SetupError('Cannot install openvpn package') ret = self.ovpn.generate_dh_group(self.full_reinstall) if ret != 0: raise errors.SetupError( 'Cannot generate a new DH group for VPN server') self.ovpn.configure_server() vpn_ca, vpn_cert, vpn_key = self.vpn_keys if self.args.no_ejbca_install: logger.warning('EJBCA disabled, VPN wont be configured properly') else: ret = self.ovpn.store_server_cert(ca=vpn_ca, cert=vpn_cert, key=vpn_key) if ret != 0: raise errors.SetupError( 'Cannot install VPN certificate+key to the VPN server') self.ovpn.configure_crl(crl_path=self.vpn_crl) # Configure VPN client configuration file to match the server config self.ovpn.client_config_path = self.vpn_client_config self.ovpn.configure_client() self.ejbca.jboss_fix_privileges() # OS configuration ret = self.ovpn.setup_os() if ret != 0: raise errors.SetupError( 'Cannot configure OS for the openvpn server (ip forwarding, masquerade)' ) # Starting VPN server ret = self.ovpn.enable() if ret != 0: raise errors.SetupError( 'Cannot set openvpn server to start after boot') Core.write_configuration(self.config)
def init_supervisord(self): """ Installs supervisord :return: """ self.supervisord.install() ret = self.supervisord.enable() if ret != 0: raise errors.SetupError( 'Error with setting supervisord to start after boot') ret = self.supervisord.switch(restart=True) if ret != 0: raise errors.SetupError('Error in starting supervisord daemon')
def init_php(self): """ Installs php :return: """ self.php.user = self.nginx.nginx_user self.php.install() self.php.configure() ret = self.php.enable() if ret != 0: raise errors.SetupError( 'Error with setting php to start after boot') ret = self.php.switch(restart=True) if ret != 0: raise errors.SetupError('Error in starting php daemon')
def init_dnsmasq_restart(self): """ Restarts dns masq :return: """ ret = self.dnsmasq.switch(restart=True) if ret != 0: raise errors.SetupError('Error in starting dnsmasq daemon')
def init_nginx_start(self): """ Starts Nginx Can start it after it is properly configured & PHP is installed :return: """ ret = self.nginx.switch(restart=True) if ret != 0: raise errors.SetupError('Error in starting nginx daemon')
def init_dnsmasq(self): """ Initializes DNSMasq Throws an exception if something goes wrong. :return: """ self.dnsmasq.hostname = self.certificates.hostname self.dnsmasq.vpn_server_ip = self.ovpn.get_ip_vpn_server() ret = self.dnsmasq.install() if ret != 0: raise errors.SetupError('Error with dnsmasq installation') self.dnsmasq.configure_server() ret = self.dnsmasq.enable() if ret != 0: raise errors.SetupError( 'Error with setting dnsmasq to start after boot') self.dnsmasq.switch(restart=True)
def init_vpn_start(self): """ Starts VPN server :return: """ if self.args.no_ejbca_install and self.full_reinstall: logger.warning('EJBCA disabled, VPN wont be started') return ret = self.ovpn.switch(restart=True) if ret != 0: raise errors.SetupError('Cannot start openvpn server')
def init_nginx(self): """ Initializes Nginx Throws an exception if something goes wrong. :return: """ self.nginx.hostname = self.certificates.hostname self.nginx.domains = self.config.domains self.nginx.internal_addresses = [ '%s/%s' % (self.ovpn.get_ip_net(), self.ovpn.get_ip_net_size()) ] self.nginx.cert_dir = self.ejbca.cert_dir self.nginx.html_root = self.pspace_web.get_public_dir( ) # Laravel based private space landing page self.nginx.add_le_subdomains(self.certificates.subdomains) ret = self.nginx.install() if ret != 0: raise errors.SetupError('Error with nginx installation') # Loading basic info self.nginx.load_configuration() # Install PHP self.init_php() # Configure properly self.nginx.configure_server() # Use Nginx certbot plugin for renewal self.config.le_renew_nginx = True Core.write_configuration(self.config) ret = self.nginx.enable() if ret != 0: raise errors.SetupError( 'Error with setting nginx to start after boot')
def reinstall_soft_body(self): """ Reinstallation after initial checks :return: """ self.vpn_keys = self.ejbca.vpn_get_server_cert_paths() self.vpn_crl = self.ejbca.vpn_get_crl_path() self.vpn_client_config = self.ejbca.vpn_get_vpn_client_config_path() self.full_reinstall = False self.nextcloud.doing_reinstall = True self.ovpn.doing_reinstall = True self.reinstall_ejbca() self.ovpn.load_from_config() ret = self.init_main_phase_2_try() if ret != 0: raise errors.SetupError('Reinstall failed') Core.write_configuration(self.config) return ret