""" __version__ = '$Id$' from rpki.gui.script_util import setup setup() import sys from rpki.gui.app.models import Conf from rpki.irdb.models import ROARequest, GhostbusterRequest from rpki.gui.app.glue import list_received_resources for n in xrange(1, 33): username = '******' % n print 'removing objects for ' + username for cls in (ROARequest, GhostbusterRequest): cls.objects.filter(issuer__handle=username).delete() conf = Conf.objects.get(handle=username) conf.clear_alerts() print '... updating resource certificate cache' list_received_resources(sys.stdout, conf) # Remove delegated resources (see https://trac.rpki.net/ticket/544) # Note that we do not remove the parent-child relationship, just the # resources. for child in conf.children(): child.asns.delete() child.address_ranges.delete()
def refresh(request): "Query rpkid, update the db, and redirect back to the dashboard." glue.list_received_resources(request.META['wsgi.errors'], request.session['handle']) return http.HttpResponseRedirect(reverse(dashboard))
def notify_expired(expire_days=14, from_email=None): """Send email notificates about impending expirations of resource and BPKI certificates. expire_days: the number of days ahead of today to warn from_email: set the From: address for the email """ global expire_time # so i don't have to pass it around global now now = datetime.datetime.utcnow() expire_time = now + datetime.timedelta(expire_days) # this is not exactly right, since we have no way of knowing what the # vhost for the web portal running on this machine is host = socket.getfqdn() if not from_email: from_email = 'root@' + host # Ensure that the rcynic and routeviews data has been updated recently # The QuerySet is created here so that it will be cached and reused on each # iteration of the loop below t = now - datetime.timedelta(hours=12) # 12 hours stale_timestamps = Timestamp.objects.filter(ts__lte=t) # Warn the server admins when data may be out of date if stale_timestamps: errs = StringIO() errs.write('Warning! Stale data from external sources on host %s.\n' % (host, )) errs.write('data source : last import\n') for obj in stale_timestamps: errs.write('%-15s: %s\n' % (obj.name, obj.ts)) errs.write('\n') send_mail('stale RPKI data on ' + host, errs.getvalue(), from_email, ['root@' + host]) # if not arguments are given, query all resource holders qs = Conf.objects.all() # check expiration of certs for all handles managed by the web portal for h in qs: # Force cache update since several checks require fresh data try: list_received_resources(sys.stdout, h) except socket.error as e: raise NetworkError('Error while talking to rpkid: %s' % e) errs = StringIO() check_cert(h.handle, h, errs) # HostedCA is the ResourceHolderCA cross certified under ServerCA, so # check the ServerCA expiration date as well check_cert(h.handle, h.hosted_by, errs) check_cert(h.handle, h.hosted_by.issuer, errs) check_cert_list(h.handle, h.bscs.all(), errs) check_cert_list(h.handle, h.parents.all(), errs) check_cert_list(h.handle, h.children.all(), errs) check_cert_list(h.handle, h.repositories.all(), errs) check_expire(h, errs) check_child_certs(h, errs) # if there was output, display it now s = errs.getvalue() if s: logger.info(s) t = """This is an automated notice about the upcoming expiration of RPKI resources for the handle %s on %s. You are receiving this notification because your email address is either registered in a Ghostbuster record, or as the default email address for the account.\n\n""" % ( h.handle, host) h.send_alert(subject='RPKI expiration notice for %s' % h.handle, message=t + s, from_email=from_email, severity=Alert.WARNING)
def notify_expired(expire_days=14, from_email=None): """Send email notificates about impending expirations of resource and BPKI certificates. expire_days: the number of days ahead of today to warn from_email: set the From: address for the email """ global expire_time # so i don't have to pass it around global now now = datetime.datetime.utcnow() expire_time = now + datetime.timedelta(expire_days) # this is not exactly right, since we have no way of knowing what the # vhost for the web portal running on this machine is host = socket.getfqdn() if not from_email: from_email = 'root@' + host # Ensure that the rcynic and routeviews data has been updated recently # The QuerySet is created here so that it will be cached and reused on each # iteration of the loop below t = now - datetime.timedelta(hours=12) # 12 hours stale_timestamps = Timestamp.objects.filter(ts__lte=t) # Warn the server admins when data may be out of date if stale_timestamps: errs = StringIO() errs.write('Warning! Stale data from external sources on host %s.\n' % (host,)) errs.write('data source : last import\n') for obj in stale_timestamps: errs.write('%-15s: %s\n' % (obj.name, obj.ts)) errs.write('\n') send_mail('stale RPKI data on ' + host, errs.getvalue(), from_email, ['root@' + host]) # if not arguments are given, query all resource holders qs = Conf.objects.all() # check expiration of certs for all handles managed by the web portal for h in qs: # Force cache update since several checks require fresh data try: list_received_resources(sys.stdout, h) except socket.error as e: raise NetworkError('Error while talking to rpkid: %s' % e) errs = StringIO() check_cert(h.handle, h, errs) # HostedCA is the ResourceHolderCA cross certified under ServerCA, so # check the ServerCA expiration date as well check_cert(h.handle, h.hosted_by, errs) check_cert(h.handle, h.hosted_by.issuer, errs) check_cert_list(h.handle, h.bscs.all(), errs) check_cert_list(h.handle, h.parents.all(), errs) check_cert_list(h.handle, h.children.all(), errs) check_cert_list(h.handle, h.repositories.all(), errs) check_expire(h, errs) check_child_certs(h, errs) # if there was output, display it now s = errs.getvalue() if s: logger.info(s) t = """This is an automated notice about the upcoming expiration of RPKI resources for the handle %s on %s. You are receiving this notification because your email address is either registered in a Ghostbuster record, or as the default email address for the account.\n\n""" % (h.handle, host) h.send_alert( subject='RPKI expiration notice for %s' % h.handle, message=t + s, from_email=from_email, severity=Alert.WARNING )