Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve stack_pref

Browse Source
This commit is contained in:
VirtuBox
2019-09-06 14:27:45 +02:00
parent e2ae44714c
commit ecc938c11f
3 changed files with 138 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
wo/cli/plugins/stack.py
View File

@@ -493,13 +493,13 @@ class WOStackController(CementBaseController):
WOAptGet.install(self, apt_packages)
Log.valide(self, "Installing APT packages ")
Log.wait(self, "Configuring APT packages ")
post_pref(self, apt_packages, empty_packages)
post_pref(self, apt_packages, [])
Log.valide(self, "Configuring APT packages ")
if (packages):
Log.debug(self, "Downloading following: {0}".format(packages))
WODownload.download(self, packages)
Log.debug(self, "Calling post_pref")
post_pref(self, empty_packages, packages)
post_pref(self, [], packages)
if disp_msg:
if (self.msg):

136
wo/cli/plugins/stack_pref.py
View File

@@ -23,12 +23,13 @@ from wo.core.services import WOService
from wo.core.shellexec import CommandExecutionError, WOShellExec
from wo.core.template import WOTemplate
from wo.core.variables import WOVariables
from wo.core.sslutils import SSL
def pre_pref(self, apt_packages):
"""Pre settings to do before installation packages"""
if set(WOVariables.wo_mysql).issubset(set(apt_packages)):
if ("mariadb-server" in apt_packages or "mariadb-client" in apt_packages):
# add mariadb repository excepted on raspbian and ubuntu 19.04
if (not WOVariables.wo_distro == 'raspbian'):
Log.info(self, "Adding repository for MySQL, please wait...")
@@ -43,7 +44,7 @@ def pre_pref(self, apt_packages):
keyserver='keys.gnupg.net')
WORepo.add_key(self, '0xF1656F24C74CD1D8',
keyserver='hkp://keys.gnupg.net')
if ["mariadb-server"] in apt_packages:
if "mariadb-server" in apt_packages:
# generate random 24 characters root password
chars = ''.join(random.sample(string.ascii_letters, 24))
@@ -389,98 +390,61 @@ def post_pref(self, apt_packages, packages, upgrade=False):
'/etc/nginx/'
'sites-enabled/'
'22222'])
# Create log and cert folder and softlinks
if not os.path.exists('{0}22222/logs'
.format(ngxroot)):
Log.debug(self, "Creating directory "
"{0}22222/logs "
.format(ngxroot))
os.makedirs('{0}22222/logs'
.format(ngxroot))
if not os.path.exists('{0}22222/cert'
.format(ngxroot)):
Log.debug(self, "Creating directory "
"{0}22222/cert"
.format(ngxroot))
os.makedirs('{0}22222/cert'
.format(ngxroot))
if not os.path.isdir('{0}22222/conf/nginx'
.format(ngxroot)):
Log.debug(self, "Creating directory "
"{0}22222/conf/nginx"
.format(ngxroot))
os.makedirs('{0}22222/conf/nginx'
.format(ngxroot))
WOFileUtils.create_symlink(
self,
['/var/log/nginx/'
'22222.access.log',
'{0}22222/'
'logs/access.log'
.format(ngxroot)]
)
WOFileUtils.create_symlink(
self,
['/var/log/nginx/'
'22222.error.log',
'{0}22222/'
'logs/error.log'
.format(ngxroot)]
)
try:
WOShellExec.cmd_exec(
self, "openssl genrsa -out "
"{0}22222/cert/22222.key 2048"
.format(ngxroot))
WOShellExec.cmd_exec(
self, "openssl req -new -batch "
"-subj /commonName=localhost/ "
"-key {0}22222/cert/22222.key "
"-out {0}22222/cert/"
"22222.csr"
# Create log and cert folder and softlinks
if not os.path.exists('{0}22222/logs'
.format(ngxroot)):
Log.debug(self, "Creating directory "
"{0}22222/logs "
.format(ngxroot))
os.makedirs('{0}22222/logs'
.format(ngxroot))
WOFileUtils.mvfile(
self, "{0}22222/cert/22222.key"
.format(ngxroot),
"{0}22222/cert/"
"22222.key.org"
if not os.path.exists('{0}22222/cert'
.format(ngxroot)):
Log.debug(self, "Creating directory "
"{0}22222/cert"
.format(ngxroot))
os.makedirs('{0}22222/cert'
.format(ngxroot))
WOShellExec.cmd_exec(
self, "openssl rsa -in "
"{0}22222/cert/"
"22222.key.org -out "
"{0}22222/cert/22222.key"
if not os.path.isdir('{0}22222/conf/nginx'
.format(ngxroot)):
Log.debug(self, "Creating directory "
"{0}22222/conf/nginx"
.format(ngxroot))
os.makedirs('{0}22222/conf/nginx'
.format(ngxroot))
WOShellExec.cmd_exec(
self, "openssl x509 -req -days "
"3652 -in {0}22222/cert/"
"22222.csr -signkey {0}"
"22222/cert/22222.key -out "
"{0}22222/cert/22222.crt"
.format(ngxroot))
WOFileUtils.create_symlink(
self,
['/var/log/nginx/'
'22222.access.log',
'{0}22222/'
'logs/access.log'
.format(ngxroot)]
)
except CommandExecutionError as e:
Log.debug(self, "{0}".format(e))
Log.error(
self, "Failed to generate HTTPS "
"certificate for 22222", False)
WOFileUtils.create_symlink(
self,
['/var/log/nginx/'
'22222.error.log',
'{0}22222/'
'logs/error.log'
.format(ngxroot)]
)
if (not os.path.isfile('{0}22222/cert/22222.key'
.format(ngxroot))):
SSL.selfsignedcert(self, 'localhost',
'', backend=True)
if not os.path.isfile('{0}22222/conf/nginx/ssl.conf'
.format(ngxroot)):
with open("/var/www/22222/conf/nginx/"
"ssl.conf", "w") as php_file:
php_file.write("ssl_certificate "
"/var/www/22222/cert/22222.crt;\n"
"ssl_certificate_key "
"/var/www/22222/cert/22222.key;\n")
if not os.path.isfile('{0}22222/conf/nginx/ssl.conf'
.format(ngxroot)):
with open("/var/www/22222/conf/nginx/"
"ssl.conf", "w") as php_file:
php_file.write("ssl_certificate "
"/var/www/22222/cert/22222.crt;\n"
"ssl_certificate_key "
"/var/www/22222/cert/22222.key;\n")
server_ip = requests.get('http://v4.wordops.eu')

86
wo/core/sslutils.py
View File

@@ -39,6 +39,9 @@ class SSL:
def getexpirationdate(self, domain):
# check if exist
if os.path.islink('/var/www/{0}/conf/nginx/ssl.conf'):
split_domain = domain.split('.')
domain = ('.').join(split_domain[1:])
if not os.path.isfile('/etc/letsencrypt/live/{0}/cert.pem'
.format(domain)):
Log.error(self, 'File Not Found: /etc/letsencrypt/'
@@ -115,3 +118,86 @@ class SSL:
certfile.close()
return iswildcard
def setupHsts(self, wo_domain_name):
Log.info(
self, "Adding /var/www/{0}/conf/nginx/hsts.conf"
.format(wo_domain_name))
hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf"
.format(wo_domain_name),
encoding='utf-8', mode='w')
hstsconf.write("more_set_headers "
"\"Strict-Transport-Security: "
"max-age=31536000; "
"includeSubDomains; "
"preload\";")
hstsconf.close()
return 0
def selfsignedcert(self, wo_domain_name,
cert_path, backend=False):
"""issue a self-signed certificate"""
selfs_tmp = '/var/lib/wo/tmp/selfssl'
# create self-signed tmp directory
if not os.path.isdir(selfs_tmp):
WOFileUtils.mkdir(selfs_tmp)
if wo_domain_name == '':
wo_domain_name = 'localhost'
try:
WOShellExec.cmd_exec(
self, "openssl genrsa -out "
"{0}/ssl.key 2048"
.format(selfs_tmp))
WOShellExec.cmd_exec(
self, "openssl req -new -batch "
"-subj /commonName={0}/ "
"-key {1}/ssl.key -out {1}/ssl.csr"
.format(wo_domain_name, selfs_tmp))
WOFileUtils.mvfile(
self, "{0}/ssl.key"
.format(selfs_tmp),
"{0}/ssl.key.org"
.format(selfs_tmp))
WOShellExec.cmd_exec(
self, "openssl rsa -in "
"{0}/ssl.key.org -out "
"{0}/ssl.key"
.format(selfs_tmp))
WOShellExec.cmd_exec(
self, "openssl x509 -req -days "
"3652 -in {0}/ssl.csr -signkey {0}"
"/ssl.key -out {0}/ssl.crt"
.format(selfs_tmp))
except Exception as e:
Log.debug(self, "{0}".format(e))
Log.error(
self, "Failed to generate HTTPS "
"certificate for 22222", False)
if backend:
WOFileUtils.mvfile(
self, "{0}/ssl.key"
.format(selfs_tmp),
"/var/www/22222/cert/22222.key")
WOFileUtils.mvfile(
self, "{0}/ssl.cert"
.format(selfs_tmp),
"/var/www/22222/cert/22222.crt")
else:
if not os.path.isdir(cert_path):
WOFileUtils.mkdir(self, cert_path)
WOFileUtils.mvfile(
self, "{0}/ssl.key"
.format(selfs_tmp),
"{0}/key.pem".format(cert_path))
WOFileUtils.mvfile(
self, "{0}/ssl.crt"
.format(selfs_tmp),
"{0}/cert.pem".format(cert_path))
# remove self-signed tmp directory
WOFileUtils.rm(self, selfs_tmp)