def load(self, site_name):
safe_site_name = self.get_safe_name(site_name)
if self.is_conf_exists(safe_site_name):
conf_path = "%s/%s" % (CONF_MAP('site','conf_path'), safe_site_name)
self.conf = UWSAConfiguration(conf_file=conf_path,
template=files.get_rel_path("data/site.conf.tpl"),
exclude=self.exclude)
self.set_name(site_name, self.conf.get('vhost','redirect'))
def __init__(self):
AbstractCommand.__init__(self)
self.exclude = {
'access':[
'unix_pass',
'ldap_pass',
'ldap_to_apply',
],
'mysql':[
'mysql_apply',
],
}
self.conf = UWSAConfiguration(template=files.get_rel_path("data/site.conf.tpl"),exclude=self.exclude)
self.t = ' '
self.tt = self.t + self.t
self.domain_admin_user = None
self.domain_admin_pass = None
class SiteCommand(AbstractCommand):
NAME = 'site'
def __init__(self):
AbstractCommand.__init__(self)
self.exclude = {
'access':[
'unix_pass',
'ldap_pass',
'ldap_to_apply',
],
'mysql':[
'mysql_apply',
],
}
self.conf = UWSAConfiguration(template=files.get_rel_path("data/site.conf.tpl"),exclude=self.exclude)
self.t = ' '
self.tt = self.t + self.t
self.domain_admin_user = None
self.domain_admin_pass = None
def init_help(self):
help = AbstractCommand.init_help(self)
help['command_detail'] = t("\n\nThe command %s is used create, modify or update web site") % self.NAME
return help
def get_log_name(self):
return 'site'
def output_config(self):
try:
if inputs.get_input_yesno(t("Do you want to send configuration of %(name)s to %(mail)s?") %
{ 'name': self.conf.get('main','site_name'),
'mail': CONF_MAP('mail','admin_mail'),
}):
self.send_status_mail()
except Exception:
L.exception(t("Problem sending mail in %s") % __file__)
print self.gen_status_msg()
def do(self, args=[]):
completed = AbstractCommand.do(self,args)
if not completed:
if 'fix' in args:
args.remove('fix')
completed = self.do_fix_all(self.get_next_arg(args))
elif self.__class__ == SiteCommand:
self.print_unsupported(args)
return completed
def do_fix_all(self, site_name):
site_name = self.ask_site_name(site_name)
if not self.is_conf_exists(site_name):
print t("This site does not exists.")
return False
self.load(site_name)
self.fix_config(overwrite=True)
self.output_config()
def is_conf_exists(self, site_name):
safe_site_name = self.get_safe_name(site_name)
conf_path = "%s/%s" % (CONF_MAP('site','conf_path'), safe_site_name)
return files.exists(conf_path)
def load(self, site_name):
safe_site_name = self.get_safe_name(site_name)
if self.is_conf_exists(safe_site_name):
conf_path = "%s/%s" % (CONF_MAP('site','conf_path'), safe_site_name)
self.conf = UWSAConfiguration(conf_file=conf_path,
template=files.get_rel_path("data/site.conf.tpl"),
exclude=self.exclude)
self.set_name(site_name, self.conf.get('vhost','redirect'))
def save(self):
safe_site_name = self.get_safe_name(self.conf.get('main','site_name'))
conf_path = "%s/%s" % (CONF_MAP('site','conf_path'), safe_site_name)
self.conf.save_to_file(conf_path)
def gen_status_msg(self):
msg = t("Hi! A new site was created! Here it's configuration.\n\n")
msg += t("Site name: %s\n") % self.conf.get('main','site_name')
msg += t("Site dev name: %s\n") % self.conf.get('main','site_dev_name')
msg += t("Redirect enabled: %s\n") % self.conf.get('vhost','redirect')
msg += t("Client name: %s\n") % self.conf.get('main','client_name')
msg += t("Client email: %s\n") % self.conf.get('main','client_mail')
if self.conf.get('wordpress','enabled'):
msg += t("\nWordpress")
if self.conf.get('wikimedia','enabled'):
msg += t("\nWikimedia")
if self.conf.get('typo3','enabled'):
msg += t("\ntypo3")
msg += t("\nAllowOverride is: %s\n") % self.conf.get('vhost','allow_override')
msg += t("\nThe PHP engine is: %s\n") % self.conf.get('php','php_engine')
if self.conf.get('access','ldap_user'):
msg += t("LDAP user: %s\n") % self.conf.get('access','ldap_user')
msg += t("LDAP pass: %s\n") % self.conf.get('access','ldap_pass')
if self.conf.get('access','ldap_group'):
msg += t("LDAP group: %s\n") % self.conf.get('access','ldap_group')
if self.conf.get('access','unix_user'):
msg += t("UNIX user: %s\n") % self.conf.get('access','unix_user')
if self.conf.get('access','unix_pass'):
msg += t("UNIX pass: %s\n") % self.conf.get('access','unix_pass')
if self.conf.get('access','unix_group'):
msg += t("UNIX group: %s\n") % self.conf.get('access','unix_group')
if self.conf.get('mysql','schema'):
msg += t("MySQL user: %s\n") % self.conf.get('mysql','user')
msg += t("MySQL pass: %s\n") % self.conf.get('mysql','pass')
msg += t("MySQL schema: %s\n") % self.conf.get('mysql','schema')
msg += t("\n\nEnjoy!")
msg += t("\n\nNote: use the following command to unban client ip from fail2ban: \n%s") % "sudo iptables -D fail2ban-ssh -s IP.ADD.RE.SS -j DROP"
return msg
def send_status_mail(self):
msg = self.gen_status_msg()
sub = core.mail_subject('site', t("%s configuration") % self.conf.get('main','site_name'))
core.mail(sub, msg)
def set_name(self, name, redirect=False):
if redirect and not name.startswith('www.'):
name = 'www.' + name
self.conf.mod('main','site_name', name)
self.conf.mod('vhost','redirect', redirect)
def get_safe_name(self, name):
return name.replace(".","-").replace(" ","").replace("/","").replace("\\","")
def ask_site_name(self, site_name):
q = t("What is the name of the site?")
site_name = inputs.get_input_string(q, site_name)
return site_name
def ask_overwrite(self, site_name):
q = t("The site %(name)s already exists. Do you want to overwrite its configuration?") % {'name':site_name}
return inputs.get_input_yesno(q)
def ask_redirect(self, redirect=False):
redirect = inputs.get_input_yesno(t("Do you (really) need a www redirect?"))
return redirect
def ask_client_name(self, old):
name = inputs.get_input_string(t("What is the client full name?"),old)
return name
def ask_client_mail(self, old):
mail = inputs.get_input_string(t("What is the client email?"),old)
return mail
def update_client_info(self):
name = self.ask_client_name(self.conf.get('main','client_name'))
mail = self.ask_client_mail(self.conf.get('main','client_mail'))
self.conf.mod('main','client_name', name)
self.conf.mod('main','client_mail', mail)
def ask_domain_admin(self):
if self.domain_admin_user is None or self.domain_admin_user is None:
self.domain_admin_user = inputs.get_input_string(t("What is the domain admin username?"))
self.domain_admin_pass = inputs.get_password(t("What is the domain admin password?"), confirm=False, validate=False)
ldap.DOMAIN_USER = self.domain_admin_user
ldap.DOMAIN_PASS = self.domain_admin_pass
def ask_create_user(self, default=None):
return self.ask_create_ug(t("What is the new username?"), default)
def ask_create_group(self, default=None):
return self.ask_create_ug(t("What is the new groupname?"), default)
def ask_create_ug(self, prompt, default=None):
default = inputs.gen_username() if default is None else default
val = inputs.get_input_string(prompt, default)
return val
def generate_virtualhost(self):
site_name = self.conf.get('main','site_name')
site_dev_name = self.conf.get('main', 'site_dev_name')
safe_site_name = self.get_safe_name(site_name)
site_short_name = site_name.replace('www.','',1)
admin_mail = CONF_MAP('mail','admin_mail')
server_name = self.t + "ServerName %s\n" % site_name
server_alias = self.t + "ServerAlias %s\n" % site_dev_name
rewrite_cond = ""
site_path, root_path, log_path, upload_tmp_path = self.generate_dir()
options = self.conf.get('vhost','options')
allow_override = self.conf.get('vhost','allow_override')
php_extra = self.tt
if str(self.conf.get('php','php_engine')).lower() != 'on':
php_extra += "php_admin_value engine off"
if self.conf.get('vhost','redirect'):
server_alias += self.t + "ServerAlias %s\n" % site_short_name
rewrite_cond = str(""
"%(tab)sRewriteEngine on\n"
"%(tab)sRewriteCond %(http_post)s ^%(site_rewrite_cond)s$ [NC]\n"
"%(tab)sRewriteRule ^(.*)$ http://%(site_name)s$1 [R=301,L]\n"
% {
"http_post":"%{HTTP_HOST}",
"site_rewrite_cond":site_short_name.replace(".","\."),
"site_name":site_name,
"tab":self.t,
})
vhost = ""
with open(files.get_rel_path("data/virtualhost.tpl")) as f:
vhost_tpl = Template(f.read())
vhost = vhost_tpl.safe_substitute(
admin_mail=admin_mail,
server_name=server_name.strip(),
server_alias=server_alias.strip(),
root_path=root_path,
site_path=site_path,
rewrite_cond=rewrite_cond.strip(),
options=options,
allow_override=allow_override,
php_extra=php_extra.strip(),
safe_site_name=safe_site_name,
log_path=log_path,
upload_tmp_path=upload_tmp_path,
)
return vhost
def fix_vhost(self):
safe_site_name = self.get_safe_name(self.conf.get('main','site_name'))
vhost = self.generate_virtualhost()
vhost_filename = CONF_MAP('site','vhost_path') + "/%s" % safe_site_name
files.create(vhost_filename, vhost)
def generate_dir(self):
uwsa_www_path = CONF_MAP('site','www_path')
safe_site_name = self.get_safe_name(self.conf.get('main','site_name'))
site_path = uwsa_www_path + "/%s" % safe_site_name
root_path = site_path + "/%s" % self.conf.get('vhost','root_path')
log_path = site_path + "/%s" % self.conf.get('vhost','log_path')
upload_tmp_path = site_path + "/%s" % self.conf.get('vhost','upload_tmp_path')
return site_path, root_path, log_path, upload_tmp_path
def mkdir(self, overwrite=False):
site_path, root_path, log_path, upload_tmp_path = self.generate_dir()
files.mkdir(root_path, overwrite)
files.mkdir(log_path, overwrite)
files.mkdir(upload_tmp_path, overwrite)
def create_access(self):
user_mail = self.conf.get('main','client_mail')
unix_user = self.conf.get('access','unix_user')
unix_pass = self.conf.get('access','unix_pass')
unix_group = self.conf.get('access','unix_group')
ldap_user = self.conf.get('access','ldap_user')
ldap_pass = self.conf.get('access','ldap_pass')
ldap_group = self.conf.get('access','ldap_group')
if CONF_MAP('ldap','enabled') and self.conf.get('access','ldap_to_apply'):
self.ask_domain_admin()
if ldap_user and not ldap.user_exists(ldap_user):
ldap.create_user(ldap_user, user_mail, ldap_pass)
if ldap_group and not ldap.group_exists(ldap_group):
ldap.create_group(ldap_group)
if ldap_user and ldap_group and not ldap.is_member_of(ldap_user, ldap_group):
ldap.user_to_group(ldap_user, ldap_group)
if CONF_MAP('unix','enabled'):
if unix_user and not unix.user_exists(unix_user):
unix.create_user(unix_user, user_mail, unix_pass)
if unix_group and not unix.group_exists(unix_group):
unix.create_group(unix_group)
if unix_user and unix_group and not unix.is_member_of(unix_user , unix_group):
unix.user_to_group(unix_user, unix_group)
def generate_acl(self, group):
cron_acl = ""
site_path, root_path, log_path, upload_tmp_path = self.generate_dir()
with open(files.get_rel_path("data/cron_acl.tpl")) as f:
cron_acl_tpl = Template(f.read())
cron_acl = cron_acl_tpl.safe_substitute(group=group, site_path=site_path)
return cron_acl
def fix_cron_acl(self):
unix_group = self.conf.get('access','unix_group')
ldap_group = self.conf.get('access','ldap_group')
if unix_group and CONF_MAP('unix','enabled'):
unix_acl = self.generate_acl(unix_group)
cron_fullpath = "/etc/cron.acl/%s" % self.get_safe_name(unix_group)
files.create(cron_fullpath, unix_acl)
files.chmod(cron_fullpath, u='rx',g='rx',o='rx')
if ldap_group and CONF_MAP('ldap','enabled'):
ldap_acl = self.generate_acl(ldap_group)
cron_fullpath = "/etc/cron.acl/%s" % self.get_safe_name(ldap_group)
files.create(cron_fullpath, ldap_acl)
files.chmod(cron_fullpath, u='rx',g='rx',o='rx')
def check_centrify_allow(self, group):
is_ok = True
is_ok &= files.contains('/etc/centrifydc/groups.allow', group)
return is_ok
def fix_centrify_allow(self):
g_allow = '/etc/centrifydc/groups.allow'
ldap_group = self.conf.get('access','ldap_group')
if ldap_group and not files.contains(g_allow, ldap_group):
files.append(g_allow, '\n%s' % ldap_group)
def generate_auto_mount(self):
auto_mount = ""
safe_site_name = self.get_safe_name(self.conf.get('main','site_name'))
site_path, root_path, log_path, upload_tmp_path = self.generate_dir()
unix_group = self.conf.get('access','unix_group')
ldap_group = self.conf.get('access','ldap_group')
with open(files.get_rel_path("data/auto_mount.tpl.py")) as f:
auto_mount_tpl = Template(f.read())
auto_mount = auto_mount_tpl.safe_substitute(
site_name=safe_site_name,
site_path=site_path,
ldap_group=ldap_group,
unix_group=unix_group,
)
return auto_mount
def fix_auto_mount(self):
safe_site_name = self.get_safe_name(self.conf.get('main','site_name'))
auto_mount = self.generate_auto_mount()
auto_mount_filename = CONF_MAP('libpam_script','auto_mount_dir') + "/%s" % safe_site_name
files.create(auto_mount_filename, auto_mount)
files.chmod(auto_mount_filename, u='rx',g='rx',o='')
def ask_mysql_cred(self):
if mysql.MYSQL_USER != 'root':
mysql.MYSQL_USER = '******'
mysql.MYSQL_PASS = inputs.get_password(t("What is the mysql password for root?"), confirm=False, validate=False)
def fix_mysql(self):
mysql_user = self.conf.get('mysql','user')
mysql_pass = self.conf.get('mysql','pass')
mysql_schema = self.conf.get('mysql','schema')
mysql_apply = self.conf.get('mysql','mysql_apply')
if mysql_apply:
self.ask_mysql_cred()
if mysql_user:
if mysql.user_exists(mysql_user):
mysql.update_user_password(mysql_user,mysql_pass)
else:
mysql.create_user(mysql_user,mysql_pass)
if mysql_schema and not mysql.schema_exists(mysql_schema):
mysql.create_schema(mysql_schema)
if mysql_schema and mysql_user:
mysql.grant_user(mysql_user, mysql_schema)
def try_acl_activation(self):
unix_group = self.conf.get('access','unix_group')
ldap_group = self.conf.get('access','ldap_group')
cmd_list = []
if unix_group:
#unix_acl = self.generate_acl(unix_group)
cron_fullpath = "/etc/cron.acl/%s" % self.get_safe_name(unix_group)
cmd_list.append(cron_fullpath)
if ldap_group:
#ldap_acl = self.generate_acl(ldap_group)
cron_fullpath = "/etc/cron.acl/%s" % self.get_safe_name(ldap_group)
cmd_list.append(cron_fullpath)
if len(cmd_list) > 0:
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
L.error(t("ACL not applied properly, probably because centrify is not updated. "
"You will need to apply them manually or wait the auto apply..."))
def create_wordpress(self):
if self.conf.get('wordpress','enabled'):
site_path, root_path, log_path, upload_tmp_path = self.generate_dir()
wp_tpl_webroot = CONF_MAP('site','wordpress_template_path') + "/webroot"
wp_tpl_schema = CONF_MAP('site','wordpress_template_path') + "/schema/wordpress_tpl_schema.sql"
wp_webroot_conf = root_path + "/wp-config.php"
mysql_user = self.conf.get('mysql','user')
mysql_pass = self.conf.get('mysql','pass')
mysql_schema = self.conf.get('mysql','schema')
site_name = self.conf.get('main','site_name')
if inputs.get_input_noyes(t("Do you want deploy the default wordpress template under %s?") % root_path):
if files.exists(wp_tpl_webroot):
cmd_list = [
"bash -c 'cp -fr %s/* %s/'" % (wp_tpl_webroot, root_path),
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
L.error(t("Cannot deploy the template."))
else:
L.info(t("There is no template under %s") % wp_tpl_webroot)
elif inputs.get_input_yesno(t("Do you want to only deploy default plugins?")):
if files.exists(wp_tpl_webroot):
cmd_list = [
"bash -c 'mkdir -p %s/wp-content/plugins'" % root_path,
"bash -c 'cp -fr %s/wp-content/plugins/* %s/wp-content/plugins/'" % (wp_tpl_webroot, root_path),
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
L.error(t("Cannot deploy plugins."))
else:
L.info(t("There is no template under %s") % wp_tpl_webroot)
if files.exists(wp_webroot_conf):
params_dict = {
'DB_NAME': mysql_schema,
'DB_USER': mysql_user,
'DB_PASSWORD': mysql_pass,
'DB_HOST':'localhost',
}
for key in params_dict:
pattern = "define\(\s*?['\"]%s['\"].*;" % key
target = "define('%s', '%s');" % (key, params_dict[key])
files.re_replace_in(wp_webroot_conf, pattern, target)
else:
L.info(t("There is no wp-config.php under %s") % root_path)
if files.exists(wp_tpl_schema) and inputs.get_input_noyes(t("Do you want to restore default database?")):
L.info(t("Restoring default schema %s.") % mysql_schema)
tmp_file = "/tmp/uwsa_wp_schema_%s" % uuid.uuid4()
files.cp(wp_tpl_schema, tmp_file)
files.re_replace_in(tmp_file,'UWSA_SCHEMA_NAME', mysql_schema)
files.replace_in_php_database(tmp_file,'UWSA_SITE_NAME', site_name)
cmd_list = [
{
'command': "bash -c 'mysql -u %s -p%s %s < %s'" % (mysql_user, mysql_pass, mysql_schema, tmp_file),
'anonymous': "bash -c 'mysql -u %s -p%s %s < %s'" % (mysql_user, "XXXXX", mysql_schema, tmp_file),
},
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
L.error(t("Failed to restore schema %s!") % mysql_schema)
os.remove(tmp_file)
def fix_config(self, overwrite=False):
unix_group = self.conf.get('access','unix_group')
ldap_group = self.conf.get('access','ldap_group')
self.mkdir(overwrite)
self.fix_vhost()
self.create_access()
if CONF_MAP('ldap','enabled') and self.conf.get('access','ldap_to_apply'):
centrify.ldap_centrify_refresh(unix_group, ldap_group)
self.fix_centrify_allow()
self.fix_cron_acl()
self.fix_auto_mount()
self.fix_mysql()
self.create_wordpress()
apache.enable(self.get_safe_name(self.conf.get('main','site_name')))
apache.graceful()
self.try_acl_activation()
# Send the email (this example assumes SMTP authentication is required)
import smtplib
smtp = smtplib.SMTP(smtp_server)
#smtp.connect(smtp,25)
#smtp.login('exampleuser', 'examplepass')
smtp.sendmail(strFrom, strTo, msgRoot.as_string())
smtp.quit()
## end of http://code.activestate.com/recipes/473810/ }}}
#--------------------------------------------------------------------------------------------------#
# Global initialisation
#--------------------------------------------------------------------------------------------------#
CONFIG = UWSAConfiguration(conf_file='/etc/uwsa/uwsa.conf',
template=files.get_rel_path("data/uwsa.conf.tpl"),
exclude = {
'core':['tool_name',],
})
CONFIG.mod('core','tool_name','uwsa')
CONF_MAP = CONFIG.get
hi = get_host_info()
CONFIG.mod('mail','hostname',hi['hostname'])
CONFIG.mod('mail','ip',hi['ip'])
L = Logger()
#--------------------------------------------------------------------------------------------------#
# Main
#--------------------------------------------------------------------------------------------------#
if __name__ == 'uwsa.core':