Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Improve stack_pref

Browse Source
This commit is contained in:
VirtuBox
2019-09-06 14:27:45 +02:00
parent e2ae44714c
commit ecc938c11f
3 changed files with 138 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
wo/cli/plugins/stack.py
View File

@@ -493,13 +493,13 @@ class WOStackController(CementBaseController):
WOAptGet.install(self, apt_packages) WOAptGet.install(self, apt_packages)
Log.valide(self, "Installing APT packages ") Log.valide(self, "Installing APT packages ")
Log.wait(self, "Configuring APT packages ") Log.wait(self, "Configuring APT packages ")
post_pref(self, apt_packages, empty_packages) post_pref(self, apt_packages, [])
Log.valide(self, "Configuring APT packages ") Log.valide(self, "Configuring APT packages ")
if (packages): if (packages):
Log.debug(self, "Downloading following: {0}".format(packages)) Log.debug(self, "Downloading following: {0}".format(packages))
WODownload.download(self, packages) WODownload.download(self, packages)
Log.debug(self, "Calling post_pref") Log.debug(self, "Calling post_pref")
post_pref(self, empty_packages, packages) post_pref(self, [], packages)
if disp_msg: if disp_msg:
if (self.msg): if (self.msg):

136
wo/cli/plugins/stack_pref.py
View File

@@ -23,12 +23,13 @@ from wo.core.services import WOService
from wo.core.shellexec import CommandExecutionError, WOShellExec from wo.core.shellexec import CommandExecutionError, WOShellExec
from wo.core.template import WOTemplate from wo.core.template import WOTemplate
from wo.core.variables import WOVariables from wo.core.variables import WOVariables
from wo.core.sslutils import SSL
def pre_pref(self, apt_packages): def pre_pref(self, apt_packages):
"""Pre settings to do before installation packages""" """Pre settings to do before installation packages"""
if set(WOVariables.wo_mysql).issubset(set(apt_packages)): if ("mariadb-server" in apt_packages or "mariadb-client" in apt_packages):
# add mariadb repository excepted on raspbian and ubuntu 19.04 # add mariadb repository excepted on raspbian and ubuntu 19.04
if (not WOVariables.wo_distro == 'raspbian'): if (not WOVariables.wo_distro == 'raspbian'):
Log.info(self, "Adding repository for MySQL, please wait...") Log.info(self, "Adding repository for MySQL, please wait...")
@@ -43,7 +44,7 @@ def pre_pref(self, apt_packages):
keyserver='keys.gnupg.net') keyserver='keys.gnupg.net')
WORepo.add_key(self, '0xF1656F24C74CD1D8', WORepo.add_key(self, '0xF1656F24C74CD1D8',
keyserver='hkp://keys.gnupg.net') keyserver='hkp://keys.gnupg.net')
if ["mariadb-server"] in apt_packages: if "mariadb-server" in apt_packages:
# generate random 24 characters root password # generate random 24 characters root password
chars = ''.join(random.sample(string.ascii_letters, 24)) chars = ''.join(random.sample(string.ascii_letters, 24))
@@ -389,98 +390,61 @@ def post_pref(self, apt_packages, packages, upgrade=False):
'/etc/nginx/' '/etc/nginx/'
'sites-enabled/' 'sites-enabled/'
'22222']) '22222'])
# Create log and cert folder and softlinks # Create log and cert folder and softlinks
if not os.path.exists('{0}22222/logs' if not os.path.exists('{0}22222/logs'
.format(ngxroot)): .format(ngxroot)):
Log.debug(self, "Creating directory " Log.debug(self, "Creating directory "
"{0}22222/logs " "{0}22222/logs "
.format(ngxroot)) .format(ngxroot))
os.makedirs('{0}22222/logs' os.makedirs('{0}22222/logs'
.format(ngxroot))
if not os.path.exists('{0}22222/cert'
.format(ngxroot)):
Log.debug(self, "Creating directory "
"{0}22222/cert"
.format(ngxroot))
os.makedirs('{0}22222/cert'
.format(ngxroot))
if not os.path.isdir('{0}22222/conf/nginx'
.format(ngxroot)):
Log.debug(self, "Creating directory "
"{0}22222/conf/nginx"
.format(ngxroot))
os.makedirs('{0}22222/conf/nginx'
.format(ngxroot))
WOFileUtils.create_symlink(
self,
['/var/log/nginx/'
'22222.access.log',
'{0}22222/'
'logs/access.log'
.format(ngxroot)]
)
WOFileUtils.create_symlink(
self,
['/var/log/nginx/'
'22222.error.log',
'{0}22222/'
'logs/error.log'
.format(ngxroot)]
)
try:
WOShellExec.cmd_exec(
self, "openssl genrsa -out "
"{0}22222/cert/22222.key 2048"
.format(ngxroot))
WOShellExec.cmd_exec(
self, "openssl req -new -batch "
"-subj /commonName=localhost/ "
"-key {0}22222/cert/22222.key "
"-out {0}22222/cert/"
"22222.csr"
.format(ngxroot)) .format(ngxroot))
WOFileUtils.mvfile( if not os.path.exists('{0}22222/cert'
self, "{0}22222/cert/22222.key" .format(ngxroot)):
.format(ngxroot), Log.debug(self, "Creating directory "
"{0}22222/cert/" "{0}22222/cert"
"22222.key.org" .format(ngxroot))
os.makedirs('{0}22222/cert'
.format(ngxroot)) .format(ngxroot))
WOShellExec.cmd_exec( if not os.path.isdir('{0}22222/conf/nginx'
self, "openssl rsa -in " .format(ngxroot)):
"{0}22222/cert/" Log.debug(self, "Creating directory "
"22222.key.org -out " "{0}22222/conf/nginx"
"{0}22222/cert/22222.key" .format(ngxroot))
os.makedirs('{0}22222/conf/nginx'
.format(ngxroot)) .format(ngxroot))
WOShellExec.cmd_exec( WOFileUtils.create_symlink(
self, "openssl x509 -req -days " self,
"3652 -in {0}22222/cert/" ['/var/log/nginx/'
"22222.csr -signkey {0}" '22222.access.log',
"22222/cert/22222.key -out " '{0}22222/'
"{0}22222/cert/22222.crt" 'logs/access.log'
.format(ngxroot)) .format(ngxroot)]
)
except CommandExecutionError as e: WOFileUtils.create_symlink(
Log.debug(self, "{0}".format(e)) self,
Log.error( ['/var/log/nginx/'
self, "Failed to generate HTTPS " '22222.error.log',
"certificate for 22222", False) '{0}22222/'
'logs/error.log'
.format(ngxroot)]
)
if (not os.path.isfile('{0}22222/cert/22222.key'
.format(ngxroot))):
SSL.selfsignedcert(self, 'localhost',
'', backend=True)
if not os.path.isfile('{0}22222/conf/nginx/ssl.conf' if not os.path.isfile('{0}22222/conf/nginx/ssl.conf'
.format(ngxroot)): .format(ngxroot)):
with open("/var/www/22222/conf/nginx/" with open("/var/www/22222/conf/nginx/"
"ssl.conf", "w") as php_file: "ssl.conf", "w") as php_file:
php_file.write("ssl_certificate " php_file.write("ssl_certificate "
"/var/www/22222/cert/22222.crt;\n" "/var/www/22222/cert/22222.crt;\n"
"ssl_certificate_key " "ssl_certificate_key "
"/var/www/22222/cert/22222.key;\n") "/var/www/22222/cert/22222.key;\n")
server_ip = requests.get('http://v4.wordops.eu') server_ip = requests.get('http://v4.wordops.eu')

86
wo/core/sslutils.py
View File

@@ -39,6 +39,9 @@ class SSL:
def getexpirationdate(self, domain): def getexpirationdate(self, domain):
# check if exist # check if exist
if os.path.islink('/var/www/{0}/conf/nginx/ssl.conf'):
split_domain = domain.split('.')
domain = ('.').join(split_domain[1:])
if not os.path.isfile('/etc/letsencrypt/live/{0}/cert.pem' if not os.path.isfile('/etc/letsencrypt/live/{0}/cert.pem'
.format(domain)): .format(domain)):
Log.error(self, 'File Not Found: /etc/letsencrypt/' Log.error(self, 'File Not Found: /etc/letsencrypt/'
@@ -115,3 +118,86 @@ class SSL:
certfile.close() certfile.close()
return iswildcard return iswildcard
def setupHsts(self, wo_domain_name):
Log.info(
self, "Adding /var/www/{0}/conf/nginx/hsts.conf"
.format(wo_domain_name))
hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf"
.format(wo_domain_name),
encoding='utf-8', mode='w')
hstsconf.write("more_set_headers "
"\"Strict-Transport-Security: "
"max-age=31536000; "
"includeSubDomains; "
"preload\";")
hstsconf.close()
return 0
def selfsignedcert(self, wo_domain_name,
cert_path, backend=False):
"""issue a self-signed certificate"""
selfs_tmp = '/var/lib/wo/tmp/selfssl'
# create self-signed tmp directory
if not os.path.isdir(selfs_tmp):
WOFileUtils.mkdir(selfs_tmp)
if wo_domain_name == '':
wo_domain_name = 'localhost'
try:
WOShellExec.cmd_exec(
self, "openssl genrsa -out "
"{0}/ssl.key 2048"
.format(selfs_tmp))
WOShellExec.cmd_exec(
self, "openssl req -new -batch "
"-subj /commonName={0}/ "
"-key {1}/ssl.key -out {1}/ssl.csr"
.format(wo_domain_name, selfs_tmp))
WOFileUtils.mvfile(
self, "{0}/ssl.key"
.format(selfs_tmp),
"{0}/ssl.key.org"
.format(selfs_tmp))
WOShellExec.cmd_exec(
self, "openssl rsa -in "
"{0}/ssl.key.org -out "
"{0}/ssl.key"
.format(selfs_tmp))
WOShellExec.cmd_exec(
self, "openssl x509 -req -days "
"3652 -in {0}/ssl.csr -signkey {0}"
"/ssl.key -out {0}/ssl.crt"
.format(selfs_tmp))
except Exception as e:
Log.debug(self, "{0}".format(e))
Log.error(
self, "Failed to generate HTTPS "
"certificate for 22222", False)
if backend:
WOFileUtils.mvfile(
self, "{0}/ssl.key"
.format(selfs_tmp),
"/var/www/22222/cert/22222.key")
WOFileUtils.mvfile(
self, "{0}/ssl.cert"
.format(selfs_tmp),
"/var/www/22222/cert/22222.crt")
else:
if not os.path.isdir(cert_path):
WOFileUtils.mkdir(self, cert_path)
WOFileUtils.mvfile(
self, "{0}/ssl.key"
.format(selfs_tmp),
"{0}/key.pem".format(cert_path))
WOFileUtils.mvfile(
self, "{0}/ssl.crt"
.format(selfs_tmp),
"{0}/cert.pem".format(cert_path))
# remove self-signed tmp directory
WOFileUtils.rm(self, selfs_tmp)