def fw_block(vserver, ips):
vss = vsutil.list_vservers()
if not vss.has_key(vserver):
print 'ERROR: No such vserver: %s' % vserver
return
vsutil.fw_block(vserver, ips)
def fw_close(vserver, proto, port, ips=[]):
vss = vsutil.list_vservers()
if not vss.has_key(vserver):
print 'ERROR: No such vserver: %s' % vserver
return
vsutil.fw_close(vserver, proto, port, ips)
def fw_block(vserver, ips):
vss = vsutil.list_vservers()
if not vss.has_key(vserver):
print 'ERROR: No such vserver: %s' % vserver
return
vsutil.fw_block(vserver, ips)
def fw_start(vserver, mode):
vss = vsutil.list_vservers()
if not vss.has_key(vserver):
print 'ERROR: No such vserver: %s' % vserver
return
vsutil.fw_start(vserver, mode)
def fw_close(vserver, proto, port, ips=[]):
vss = vsutil.list_vservers()
if not vss.has_key(vserver):
print 'ERROR: No such vserver: %s' % vserver
return
vsutil.fw_close(vserver, proto, port, ips)
def fw_start(vserver, mode):
vss = vsutil.list_vservers()
if not vss.has_key(vserver):
print 'ERROR: No such vserver: %s' % vserver
return
vsutil.fw_start(vserver, mode)
def set_bwlimit(vserver, limit):
vss = vsutil.list_vservers()
if not vss.has_key(vserver):
print 'ERROR: No such vserver: %s' % vserver
return
vsutil.set_bwlimit(vserver, limit)
vsutil.set_tc_class(vserver)
def set_bwlimit(vserver, limit):
vss = vsutil.list_vservers()
if not vss.has_key(vserver):
print 'ERROR: No such vserver: %s' % vserver
return
vsutil.set_bwlimit(vserver, limit)
vsutil.set_tc_class(vserver)
def fw_finish(vserver):
vss = vsutil.list_vservers()
if not vss.has_key(vserver):
print 'ERROR: No such vserver: %s' % vserver
return
vsutil.fw_finish(vserver)
# this is a bit of a hack - it seems that upon startup not
# necessary modules are loaded confusing our vserver startup
# when we save them, the OS will figure out what needs to be
# loaded.
cmd = "/sbin/service iptables save"
print cmd
print commands.getoutput(cmd)
def fw_finish(vserver):
vss = vsutil.list_vservers()
if not vss.has_key(vserver):
print 'ERROR: No such vserver: %s' % vserver
return
vsutil.fw_finish(vserver)
# this is a bit of a hack - it seems that upon startup not
# necessary modules are loaded confusing our vserver startup
# when we save them, the OS will figure out what needs to be
# loaded.
cmd = "/sbin/service iptables save"
print cmd
print commands.getoutput(cmd)
def collect_stats():
# this function will walk through xids and collect
# stats for them and write to rrd all at the same time
# get iptables counters for all contexts
input, output = iptables_info()
# get vserver configs
vservers = vsutil.list_vservers()
# walk through /proc/virtual/*, these are active vservers
virtual = filter(str.isdigit, os.listdir('/proc/virtual'))
for xid in virtual:
# lookup vserver name (a little complex, but it works)
server = filter(lambda x: x[1] == xid, \
[(name, vservers[name]['context']) for name in vservers.keys()])
if server:
server = server[0][0]
else:
# this is a zombie - it exists in /proc/virtual, but there is no such xid
continue
# do all of the above
data = {}
try:
data.update(bandwidth(server, input, output, vservers))
data.update(disk(xid))
data.update(limits(xid))
data.update(sched(xid))
data.update(ipcs(xid))
update_rrd(server, data)
except ValueError, AttributeError:
# vserver no longer running
log('Vserver %s(%s) does not appear to be running or not enterable'
% (server, xid))
def collect_stats():
# this function will walk through xids and collect
# stats for them and write to rrd all at the same time
# get iptables counters for all contexts
input, output = iptables_info()
# get vserver configs
vservers = vsutil.list_vservers()
# walk through /proc/virtual/*, these are active vservers
virtual = filter(str.isdigit, os.listdir("/proc/virtual"))
for xid in virtual:
# lookup vserver name (a little complex, but it works)
server = filter(lambda x: x[1] == xid, [(name, vservers[name]["context"]) for name in vservers.keys()])
if server:
server = server[0][0]
else:
# this is a zombie - it exists in /proc/virtual, but there is no such xid
continue
# do all of the above
data = {}
try:
data.update(bandwidth(server, input, output, vservers))
data.update(disk(xid))
data.update(limits(xid))
data.update(sched(xid))
data.update(ipcs(xid))
update_rrd(server, data)
except ValueError, AttributeError:
# vserver no longer running
log("Vserver %s(%s) does not appear to be running or not enterable" % (server, xid))
def restore(dumpfile, refserver):
# this is quite simply the reverse of dump
# first let's check the sig
# XXX is 4096 enough?
header = open(dumpfile).read(4096)
if header[:len('\openvps-dump')] != '\0openvps-dump':
print '%s is not an openvps-dump file, aborting.' % dumpfile
return
# this would need to be adjusted if we alter the header
h_len = 8 # including the sig
header, junk = header.split('|\0', 1)
# remember the offset
offset = len(header) + 2
header = header.split('|', h_len)
if len(header) < h_len:
print 'Bad header, %s may be corrupt, aborting.' % dumpfile
return
header, stored_digest = '|'.join(header[:-1]), header[-1]
digest = hmac.new(cfg.DUMP_SECRET, header).hexdigest()
if stored_digest != digest:
print 'The header signature in %s is bad, check your DUMP_SECRET value, aborting.' % dumpfile
return
# split it back now
header = header.split('|')
## now do some sanity checking: make sure xid, name and ips aren't in use
abort = 0
vss = vsutil.list_vservers()
# check name
vserver_name = header[3]
if vss.has_key(vserver_name):
print 'New vserver "%s" already exists.' % vserver_name
abort = 1
# check xid
context = header[4]
for vs in vss.keys():
if vss[vs]['context'] == context:
print 'New vserver "%s" wants xid %s, but it is in use by "%s".' \
% (vserver_name, context, vs)
abort = 1
# check ips
ips = header[5].split(',')
ips = [ip.split(':')[1].split('/')[0] for ip in ips]
for vs in vss.keys():
for ifc in vss[vs]['interfaces']:
if ifc['ip'] in ips:
print 'New vserver "%s" wants ip %s, but it is in use by "%s".' \
% (vserver_name, ifc['ip'], vs)
abort = 1
# does the target exist?
path = os.path.join(cfg.VSERVERS_ROOT, vserver_name)
if os.path.exists(path):
print 'Path %s already exists, please fix this first.' % path
abort = 1
path = os.path.join(cfg.VSERVERS_ROOT, context)
if os.path.exists(path):
print 'Path %s already exists, please fix this first.' % path
abort = 1
if abort:
print 'Aborting.'
return
## at this point it should be safe to restore
## first clone it
clone(refserver, os.path.join(cfg.VSERVERS_ROOT, vserver_name))
## now unarchive
fd_r, fd_w = os.pipe()
# write the password to the new file descriptor so openssl can read it
os.write(fd_w, cfg.DUMP_SECRET + '\n')
# note that we specify 'u' in cpio here for unconditionl,
# i.e. don't worry about overwriting newer files with older
# ones. this is the only way it would work if the reference server
# has progressed and has a newer rpm database. a subsequent
# vserver update should cure any incompatibilities anyway.
cmd = 'dd if=%s bs=1 skip=%d obs=1024 | /usr/bin/openssl bf -d -salt -pass fd:%d | /usr/bin/bzip2 -d | /bin/cpio -idvuHcrc' \
% (dumpfile, offset, fd_r)
pipe = os.popen(cmd, 'r', 0)
s = pipe.read(1)
while s:
sys.stdout.write(s)
sys.stdout.flush()
s = pipe.read(1)
pipe.close()
os.close(fd_w)
## lastly fix xids
fixxids(os.path.join(cfg.VSERVERS_ROOT, vserver_name), context)
## and finally, set the disk limits
dl = header[6]
d_used, d_lim, i_used, i_lim, r = dl.split(',')
vserver_disk_limit(os.path.join(cfg.VSERVERS_ROOT, vserver_name),
context,
d_lim,
d_used=d_used,
i_used=i_used)
print 'Done!'
def restore(dumpfile, refserver):
# this is quite simply the reverse of dump
# first let's check the sig
# XXX is 4096 enough?
header = open(dumpfile).read(4096)
if header[:len('\openvps-dump')] != '\0openvps-dump':
print '%s is not an openvps-dump file, aborting.' % dumpfile
return
# this would need to be adjusted if we alter the header
h_len = 8 # including the sig
header, junk = header.split('|\0', 1)
# remember the offset
offset = len(header)+2
header = header.split('|', h_len)
if len(header) < h_len:
print 'Bad header, %s may be corrupt, aborting.' % dumpfile
return
header, stored_digest = '|'.join(header[:-1]), header[-1]
digest = hmac.new(cfg.DUMP_SECRET, header).hexdigest()
if stored_digest != digest:
print 'The header signature in %s is bad, check your DUMP_SECRET value, aborting.' % dumpfile
return
# split it back now
header = header.split('|')
## now do some sanity checking: make sure xid, name and ips aren't in use
abort = 0
vss = vsutil.list_vservers()
# check name
vserver_name = header[3]
if vss.has_key(vserver_name):
print 'New vserver "%s" already exists.' % vserver_name
abort = 1
# check xid
context = header[4]
for vs in vss.keys():
if vss[vs]['context'] == context:
print 'New vserver "%s" wants xid %s, but it is in use by "%s".' \
% (vserver_name, context, vs)
abort = 1
# check ips
ips = header[5].split(',')
ips = [ip.split(':')[1].split('/')[0] for ip in ips]
for vs in vss.keys():
for ifc in vss[vs]['interfaces']:
if ifc['ip'] in ips:
print 'New vserver "%s" wants ip %s, but it is in use by "%s".' \
% (vserver_name, ifc['ip'], vs)
abort = 1
# does the target exist?
path = os.path.join(cfg.VSERVERS_ROOT, vserver_name)
if os.path.exists(path):
print 'Path %s already exists, please fix this first.' % path
abort = 1
path = os.path.join(cfg.VSERVERS_ROOT, context)
if os.path.exists(path):
print 'Path %s already exists, please fix this first.' % path
abort = 1
if abort:
print 'Aborting.'
return
## at this point it should be safe to restore
## first clone it
clone(refserver, os.path.join(cfg.VSERVERS_ROOT, vserver_name))
## now unarchive
fd_r, fd_w = os.pipe()
# write the password to the new file descriptor so openssl can read it
os.write(fd_w, cfg.DUMP_SECRET+'\n')
# note that we specify 'u' in cpio here for unconditionl,
# i.e. don't worry about overwriting newer files with older
# ones. this is the only way it would work if the reference server
# has progressed and has a newer rpm database. a subsequent
# vserver update should cure any incompatibilities anyway.
cmd = 'dd if=%s bs=1 skip=%d obs=1024 | /usr/bin/openssl bf -d -salt -pass fd:%d | /usr/bin/bzip2 -d | /bin/cpio -idvuHcrc' \
% (dumpfile, offset, fd_r)
pipe = os.popen(cmd, 'r', 0)
s = pipe.read(1)
while s:
sys.stdout.write(s); sys.stdout.flush()
s = pipe.read(1)
pipe.close()
os.close(fd_w)
## lastly fix xids
fixxids(os.path.join(cfg.VSERVERS_ROOT, vserver_name), context)
## and finally, set the disk limits
dl = header[6]
d_used, d_lim, i_used, i_lim, r = dl.split(',')
vserver_disk_limit(os.path.join(cfg.VSERVERS_ROOT, vserver_name),
context, d_lim, d_used=d_used, i_used=i_used)
print 'Done!'
