"""
__version__ = '$Id$'
from rpki.gui.script_util import setup
setup()
import sys
from rpki.gui.app.models import Conf
from rpki.irdb.models import ROARequest, GhostbusterRequest
from rpki.gui.app.glue import list_received_resources
for n in xrange(1, 33):
username = '******' % n
print 'removing objects for ' + username
for cls in (ROARequest, GhostbusterRequest):
cls.objects.filter(issuer__handle=username).delete()
conf = Conf.objects.get(handle=username)
conf.clear_alerts()
print '... updating resource certificate cache'
list_received_resources(sys.stdout, conf)
# Remove delegated resources (see https://trac.rpki.net/ticket/544)
# Note that we do not remove the parent-child relationship, just the
# resources.
for child in conf.children():
child.asns.delete()
child.address_ranges.delete()
def refresh(request):
"Query rpkid, update the db, and redirect back to the dashboard."
glue.list_received_resources(request.META['wsgi.errors'], request.session['handle'])
return http.HttpResponseRedirect(reverse(dashboard))
def notify_expired(expire_days=14, from_email=None):
"""Send email notificates about impending expirations of resource
and BPKI certificates.
expire_days: the number of days ahead of today to warn
from_email: set the From: address for the email
"""
global expire_time # so i don't have to pass it around
global now
now = datetime.datetime.utcnow()
expire_time = now + datetime.timedelta(expire_days)
# this is not exactly right, since we have no way of knowing what the
# vhost for the web portal running on this machine is
host = socket.getfqdn()
if not from_email:
from_email = 'root@' + host
# Ensure that the rcynic and routeviews data has been updated recently
# The QuerySet is created here so that it will be cached and reused on each
# iteration of the loop below
t = now - datetime.timedelta(hours=12) # 12 hours
stale_timestamps = Timestamp.objects.filter(ts__lte=t)
# Warn the server admins when data may be out of date
if stale_timestamps:
errs = StringIO()
errs.write('Warning! Stale data from external sources on host %s.\n' %
(host, ))
errs.write('data source : last import\n')
for obj in stale_timestamps:
errs.write('%-15s: %s\n' % (obj.name, obj.ts))
errs.write('\n')
send_mail('stale RPKI data on ' + host, errs.getvalue(), from_email,
['root@' + host])
# if not arguments are given, query all resource holders
qs = Conf.objects.all()
# check expiration of certs for all handles managed by the web portal
for h in qs:
# Force cache update since several checks require fresh data
try:
list_received_resources(sys.stdout, h)
except socket.error as e:
raise NetworkError('Error while talking to rpkid: %s' % e)
errs = StringIO()
check_cert(h.handle, h, errs)
# HostedCA is the ResourceHolderCA cross certified under ServerCA, so
# check the ServerCA expiration date as well
check_cert(h.handle, h.hosted_by, errs)
check_cert(h.handle, h.hosted_by.issuer, errs)
check_cert_list(h.handle, h.bscs.all(), errs)
check_cert_list(h.handle, h.parents.all(), errs)
check_cert_list(h.handle, h.children.all(), errs)
check_cert_list(h.handle, h.repositories.all(), errs)
check_expire(h, errs)
check_child_certs(h, errs)
# if there was output, display it now
s = errs.getvalue()
if s:
logger.info(s)
t = """This is an automated notice about the upcoming expiration of RPKI resources for the handle %s on %s. You are receiving this notification because your email address is either registered in a Ghostbuster record, or as the default email address for the account.\n\n""" % (
h.handle, host)
h.send_alert(subject='RPKI expiration notice for %s' % h.handle,
message=t + s,
from_email=from_email,
severity=Alert.WARNING)
"""
__version__ = '$Id$'
from rpki.gui.script_util import setup
setup()
import sys
from rpki.gui.app.models import Conf
from rpki.irdb.models import ROARequest, GhostbusterRequest
from rpki.gui.app.glue import list_received_resources
for n in xrange(1, 33):
username = '******' % n
print 'removing objects for ' + username
for cls in (ROARequest, GhostbusterRequest):
cls.objects.filter(issuer__handle=username).delete()
conf = Conf.objects.get(handle=username)
conf.clear_alerts()
print '... updating resource certificate cache'
list_received_resources(sys.stdout, conf)
# Remove delegated resources (see https://trac.rpki.net/ticket/544)
# Note that we do not remove the parent-child relationship, just the
# resources.
for child in conf.children():
child.asns.delete()
child.address_ranges.delete()
def notify_expired(expire_days=14, from_email=None):
"""Send email notificates about impending expirations of resource
and BPKI certificates.
expire_days: the number of days ahead of today to warn
from_email: set the From: address for the email
"""
global expire_time # so i don't have to pass it around
global now
now = datetime.datetime.utcnow()
expire_time = now + datetime.timedelta(expire_days)
# this is not exactly right, since we have no way of knowing what the
# vhost for the web portal running on this machine is
host = socket.getfqdn()
if not from_email:
from_email = 'root@' + host
# Ensure that the rcynic and routeviews data has been updated recently
# The QuerySet is created here so that it will be cached and reused on each
# iteration of the loop below
t = now - datetime.timedelta(hours=12) # 12 hours
stale_timestamps = Timestamp.objects.filter(ts__lte=t)
# Warn the server admins when data may be out of date
if stale_timestamps:
errs = StringIO()
errs.write('Warning! Stale data from external sources on host %s.\n' % (host,))
errs.write('data source : last import\n')
for obj in stale_timestamps:
errs.write('%-15s: %s\n' % (obj.name, obj.ts))
errs.write('\n')
send_mail('stale RPKI data on ' + host,
errs.getvalue(),
from_email,
['root@' + host])
# if not arguments are given, query all resource holders
qs = Conf.objects.all()
# check expiration of certs for all handles managed by the web portal
for h in qs:
# Force cache update since several checks require fresh data
try:
list_received_resources(sys.stdout, h)
except socket.error as e:
raise NetworkError('Error while talking to rpkid: %s' % e)
errs = StringIO()
check_cert(h.handle, h, errs)
# HostedCA is the ResourceHolderCA cross certified under ServerCA, so
# check the ServerCA expiration date as well
check_cert(h.handle, h.hosted_by, errs)
check_cert(h.handle, h.hosted_by.issuer, errs)
check_cert_list(h.handle, h.bscs.all(), errs)
check_cert_list(h.handle, h.parents.all(), errs)
check_cert_list(h.handle, h.children.all(), errs)
check_cert_list(h.handle, h.repositories.all(), errs)
check_expire(h, errs)
check_child_certs(h, errs)
# if there was output, display it now
s = errs.getvalue()
if s:
logger.info(s)
t = """This is an automated notice about the upcoming expiration of RPKI resources for the handle %s on %s. You are receiving this notification because your email address is either registered in a Ghostbuster record, or as the default email address for the account.\n\n""" % (h.handle, host)
h.send_alert(
subject='RPKI expiration notice for %s' % h.handle,
message=t + s,
from_email=from_email,
severity=Alert.WARNING
)
def refresh(request):
"Query rpkid, update the db, and redirect back to the dashboard."
glue.list_received_resources(request.META['wsgi.errors'],
request.session['handle'])
return http.HttpResponseRedirect(reverse(dashboard))
