Commit 694f3319 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

Merge remote-tracking branch 'origin/master' into erp5-component

parents 2ad8cb70 2c303cf2
[buildout]
extends =
../../component/libtool/buildout.cfg
../../component/automake/buildout.cfg
../../component/autoconf/buildout.cfg
parts =
hwloc
[hwloc]
recipe = slapos.recipe.cmmi
url = http://www.open-mpi.org/software/hwloc/v1.9/downloads/hwloc-1.9.tar.gz
md5sum = 1f9f9155682fe8946a97c08896109508
environment =
PATH=${pkgconfig:location}/bin:${automake:location}/bin:${autoconf:location}/bin:${libtool:location}/bin:%(PATH)s
configure-options =
--prefix="${buildout:parts-directory}/${:_buildout_section_name_}"
\ No newline at end of file
[buildout]
extends =
../readline/buildout.cfg
parts =
lua
[lua]
recipe = slapos.recipe.cmmi
url = http://www.lua.org/ftp/lua-5.2.3.tar.gz
md5sum = dc7f94ec6ff15c985d2d6ad0f1b35654
configure-command = make posix
make-targets =
install INSTALL_TOP=${buildout:parts-directory}/${:_buildout_section_name_}
environment =
CMAKE_INCLUDE_PATH=${readline:location}/include
CMAKE_LIBRARY_PATH=${readline:location}/lib
CPPFLAGS =-I${readline:location}/include
LDFLAGS =-L${readline:location}/lib -Wl,-rpath=${readline:location}/lib
[buildout]
extends =
../../component/lua/buildout.cfg
../../component/hwloc/buildout.cfg
../../component/pkgconfig/buildout.cfg
../../component/libtool/buildout.cfg
../../component/make/buildout.cfg
../../component/openssl/buildout.cfg
../../component/tcl/buildout.cfg
../../component/libexpat/buildout.cfg
../../component/pcre/buildout.cfg
../../component/libcap/buildout.cfg
../../component/flex/buildout.cfg
../../component/ncurses/buildout.cfg
../../component/curl/buildout.cfg
../../component/zlib/buildout.cfg
parts =
trafficserver
[trafficserver]
recipe = slapos.recipe.cmmi
url = http://apache.claz.org/trafficserver/trafficserver-4.2.1.tar.bz2
md5sum = 18f7d56650cba260c8cce3bf4abfa56c
configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_}
--with-openssl=${openssl:location}
--with-expat=${libexpat:location}
--with-pcre=${pcre:location}
--with-lua=${lua:location}
--with-ncurses=${ncurses:location}
--with-tcl=${tcl:location}/lib/
--with-zlib=${zlib:location}
environment =
PATH=${make:location}/bin:${libtool:location}/bin:${pkgconfig:location}/bin:%(PATH)s
LDFLAGS = -L${tcl:location}/lib -Wl,-rpath=${tcl:location}/lib
make-target =
check
install
......@@ -13,7 +13,8 @@ extends =
../../component/dcron/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/rdiff-backup/buildout.cfg
../../component/squid/buildout.cfg
../../component/trafficserver/buildout.cfg
# Monitoring stack
../../stack/monitor/buildout.cfg
......@@ -33,7 +34,6 @@ parts +=
dcron
logrotate
rdiff-backup
squid
[slapos-toolbox]
recipe = zc.recipe.egg
......@@ -67,7 +67,7 @@ mode = 0644
[template-apache-frontend]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-apache-frontend.cfg
md5sum = f5ec3d3b29d20ccdb00e3b64aa588fa5
md5sum = b823cb31ff97700c009cf14725690323
output = ${buildout:directory}/template-apache-frontend.cfg
mode = 0644
......@@ -144,12 +144,6 @@ url = ${:_profile_base_location_}/templates/template-log-access.conf.in
md5sum = f85005b430978f3bd24ee7ce11b0e304
mode = 640
[template-squid-configuration]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/squid.conf.jinja2
md5sum = f17753fa87da074bc949b2967a330099
mode = 640
[template-empty]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/empty.in
......@@ -162,3 +156,12 @@ url = ${:_profile_base_location_}/templates/wrapper.in
output = ${buildout:directory}/template-wrapper.cfg
mode = 0644
md5sum = 8cde04bfd0c0e9bd56744b988275cfd8
[template-trafficserver-records-config]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
md5sum = 950a19be225a25309a3bda3f61fb5f6a
location = ${buildout:parts-directory}/${:_buildout_section_name_}
filename = records.config.jinja2
download-only = true
mode = 0644
......@@ -9,16 +9,11 @@ parts =
certificate-authority
logrotate-entry-apache
logrotate-entry-apache-cached
logrotate-entry-squid
apache-frontend
apache-cached
switch-apache-softwaretype
frontend-apache-graceful
cached-apache-graceful
squid-service
squid-prepare
squid-reload
promise-squid
dynamic-template-default-vh
not-found-html
promise-frontend-apache-configuration
......@@ -28,6 +23,14 @@ parts =
promise-apache-frontend-v6-https
promise-apache-frontend-v6-http
promise-apache-cached
trafficserver-launcher
trafficserver-reload
trafficserver-configuration-directory
trafficserver-records-config
trafficserver-remap-config
trafficserver-storage-config
## Monitoring part
###Parts to add for monitoring
certificate-authority
......@@ -47,6 +50,9 @@ parts =
## Monitor for apache
monitor-current-log-access
monitor-backup-log-access
monitor-ats-cache-stats-wrapper
monitor-apache-configuration-verification
extends = ${monitor-template:output}
......@@ -79,6 +85,7 @@ crontabs = $${:etc}/crontabs
cronstamps = $${:etc}/cronstamps
ca-dir = $${:srv}/ssl
[switch-apache-softwaretype]
recipe = slapos.cookbook:softwaretype
single-default = $${dynamic-default-template-slave-list:rendered}
......@@ -117,14 +124,6 @@ apache-directory = ${apache-2.2:location}
apache-ipv6 = $${instance-parameter:ipv6-random}
apache-https-port = $${instance-parameter:configuration.port}
[monitor-current-log-access]
< = monitor-directory-access
source = $${directory:log}
[monitor-backup-log-access]
< = monitor-directory-access
source = $${directory:logrotate-backup}
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
rendered = $${buildout:directory}/$${:filename}
......@@ -135,6 +134,7 @@ context =
key develop_eggs_directory buildout:develop-eggs-directory
key slap_software_type instance-parameter:slap-software-type
key slapparameter_dict instance-parameter:configuration
section directory directory
$${:extra-context}
[dynamic-template-default-vh]
......@@ -333,8 +333,8 @@ cache-access-log = $${directory:log}/frontend-apache-access-cached.log
cache-error-log = $${directory:log}/frontend-apache-error-cached.log
cache-pid-file = $${directory:run}/httpd-cached.pid
# Comunication with squid
cache-port = 26010
# Comunication with ats
cache-port = $${trafficserver-variable:input-port}
cache-through-port = 26011
# Create wrapper for "apachectl conftest" in bin
......@@ -433,77 +433,70 @@ sharedscripts = true
notifempty = true
create = true
[logrotate-entry-squid]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = squid
log = $${squid-cache:cache-log-path} $${squid-cache:access-log-path}
frequency = daily
rotatep-num = 30
post = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:pid-file} SIGHUP
sharedscripts = true
notifempty = true
create = true
######################
# Squid deployment
######################
[squid-directory]
#################
# Trafficserver
#################
[trafficserver-directory]
recipe = slapos.cookbook:mkdirectory
squid-cache = $${directory:srv}/squid_cache
[squid-cache]
prepare-path = $${directory:etc-run}/squid-prepare
wrapper-path = $${directory:service}/squid
binary-path = ${squid:location}/sbin/squid
configuration-path = $${directory:etc}/squid.cfg
cache-path = $${squid-directory:squid-cache}
ip = $${instance-parameter:ipv4-random}
port = $${apache-configuration:cache-port}
backend-ip = $${instance-parameter:ipv4-random}
backend-port = $${apache-configuration:cache-through-port}
open-port = $${instance-parameter:configuration.open-port}
access-log-path = $${directory:log}/squid-access.log
cache-log-path = $${directory:log}/squid-cache.log
pid-filename-path = $${directory:run}/squid.pid
[squid-configuration]
< = jinja2-template-base
template = ${template-squid-configuration:target}
rendered = $${squid-cache:configuration-path}
extra-context =
key ip squid-cache:ip
key port squid-cache:port
key backend_ip squid-cache:backend-ip
key backend_port squid-cache:backend-port
key cache_path squid-cache:cache-path
key access_log_path squid-cache:access-log-path
key cache_log_path squid-cache:cache-log-path
key pid_filename_path squid-cache:pid-filename-path
key open_port squid-cache:open-port
[squid-service]
configuration = $${directory:etc}/trafficserver
local-state = $${directory:var}/trafficserver
bin_path = ${trafficserver:location}/bin
log = $${directory:log}/trafficserver
cache-path = $${directory:srv}/ats_cache
[trafficserver-variable]
wrapper-path = $${directory:service}/trafficserver
reload-path = $${directory:etc-run}/trafficserver-reload
local-ip = $${instance-parameter:ipv4-random}
input-port = 23432
hostname = $${slap-parameter:frontend-name}
remap = map / http://$${instance-parameter:ipv4-random}:$${apache-configuration:cache-through-port}
disk-cache-config = $${trafficserver-directory:cache-path} 8G volume=$${slap-parameter:frontend-name}
[trafficserver-configuration-directory]
recipe = plone.recipe.command
command = cp -rn ${trafficserver:location}/etc/trafficserver/* $${:target}
target = $${trafficserver-directory:configuration}
[trafficserver-launcher]
recipe = slapos.cookbook:wrapper
command-line = $${squid-cache:binary-path} -N -f $${squid-configuration:rendered}
wrapper-path = $${squid-cache:wrapper-path}
command-line = ${trafficserver:location}/bin/traffic_cop
wrapper-path = $${trafficserver-variable:wrapper-path}
environment = TS_ROOT=$${buildout:directory}
[squid-prepare]
[trafficserver-reload]
recipe = slapos.cookbook:wrapper
command-line = $${squid-cache:binary-path} -z -f $${squid-configuration:rendered}
wrapper-path = $${squid-cache:prepare-path}
command-line = ${trafficserver:location}/bin/traffic_line -x
wrapper-path = $${trafficserver-variable:reload-path}
environment = TS_ROOT=$${buildout:directory}
[squid-reload]
recipe = slapos.cookbook:wrapper
command-line = ${buildout:bin-directory}/killpidfromfile $${squid-cache:pid-filename-path} SIGHUP
wrapper-path = $${directory:etc-run}/squid-reload
[trafficserver-records-config]
< = jinja2-template-base
template = ${template-trafficserver-records-config:location}/${template-trafficserver-records-config:filename}
rendered = $${trafficserver-directory:configuration}/records.config
mode = 700
context =
import os_module os
section ats_directory trafficserver-directory
section ats_configuration trafficserver-variable
[promise-squid]
recipe = slapos.cookbook:check_port_listening
path = $${directory:promise}/squid
hostname = $${instance-parameter:ipv4-random}
port = $${apache-configuration:cache-port}
[trafficserver-remap-config]
< = jinja2-template-base
template = ${template-empty:target}
rendered = $${trafficserver-configuration-directory:target}/remap.config
mode = 700
context =
key content trafficserver-variable:remap
# End of Squid part
[trafficserver-storage-config]
< = jinja2-template-base
template = ${template-empty:target}
rendered = $${trafficserver-configuration-directory:target}/storage.config
mode = 700
context =
key content trafficserver-variable:disk-cache-config
### End of ATS sections
### Apaches Graceful and promises
[frontend-apache-graceful]
......@@ -577,3 +570,62 @@ server_url = $${slap-connection:server-url}
software_release_url = $${slap-connection:software-release-url}
key_file = $${slap-connection:key-file}
cert_file = $${slap-connection:cert-file}
[slap-parameter]
# Define default parameter(s) that will be used later, in case user didn't
# specify it
# All parameters are available through the configuration.XX syntax.
# All possible parameters should have a default.
domain = example.org
public-ipv4 =
port = 4443
plain_http_port = 8080
server-admin = admin@example.com
apache_custom_https = ""
apache_custom_http = ""
apache-key =
apache-certificate =
open-port = 80 443
extra_slave_instance_list =
frontend-name =
#######
# Monitoring sections
#
[monitor-current-log-access]
< = monitor-directory-access
source = $${directory:log}
[monitor-backup-log-access]
< = monitor-directory-access
source = $${directory:logrotate-backup}
# Produce ATS Cache stats
[monitor-ats-cache-stats-wrapper]
< = jinja2-template-base
template = ${template-wrapper:output}
rendered = $${monitor-directory:monitoring-cgi}/ats-cache-stats
mode = 0700
command = export TS_ROOT=$${buildout:directory} && echo "<pre>$(${trafficserver:location}/bin/traffic_shell $${monitor-ats-cache-stats-config:rendered})</pre>"
extra-context =
key content monitor-ats-cache-stats-wrapper:command
[monitor-ats-cache-stats-config]
< = jinja2-template-base
template = ${template-empty:target}
rendered = $${trafficserver-configuration-directory:target}/cache-config.stats
mode = 644
context =
raw content show:cache-stats
# Display result of apache configuration check
[monitor-apache-configuration-verification]
< = jinja2-template-base
template = ${template-wrapper:output}
rendered = $${monitor-directory:monitoring-cgi}/front-httpd-configuration
mode = 0700
command = echo "<pre>$($${apache-configuration:frontend-configuration-verification})</pre>"
extra-context =
key content :command
refresh_pattern . 0 20% 4320 max-stale=604800
# Dissallow cachemgr access
http_access deny manager
# Squid service configuration
http_port {{ ip }}:{{ port }} accel defaultsite={{ ip }}
cache_peer {{ backend_ip }} parent {{ backend_port }} 0 no-query originserver name=backend
acl our_sites port {{ open_port }}
http_access allow our_sites
cache_peer_access backend allow our_sites
cache_peer_access backend deny all
# Drop squid headers
# via off
# reply_header_access X-Cache-Lookup deny all
# reply_header_access X-Squid-Error deny all
# reply_header_access X-Cache deny all
header_replace X-Forwarded-For
follow_x_forwarded_for allow all
forwarded_for on
cache_dir aufs {{ cache_path }} 5000 16 256
# Use 1Go of RAM
cache_mem 1024 MB
# But do not keep big object in RAM
maximum_object_size_in_memory 2048 KB
# Log
access_log {{ access_log_path }}
cache_log {{ cache_log_path }}
pid_filename {{ pid_filename_path }}
......@@ -42,30 +42,30 @@ recipe = slapos.recipe.template
url = ${:_profile_base_location_}/monitor.cfg.in
output = ${buildout:directory}/monitor.cfg
filename = monitor.cfg
md5sum = bd592a0f0c41ec15c643c4e91e9ec5cc
md5sum = 499ba647f0c22f16bea3cc88bdfd98e8
mode = 0644
[monitor-bin]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/${:filename}
download-only = true
md5sum = 1e7b4698f6627150b1eb783b06f8b13a
md5sum = cb2f15850d3dc82459a0044adb4416cf
destination = ${buildout:directory}/parts/monitor-template-monitor-bin
filename = monitor.py.in
mode = 0644
[index]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/webfiles/${:filename}
url = ${:_profile_base_location_}/webfile-directory/${:filename}
download-only = true
md5sum = 91ac749f86aecc0c383d93e51e15a572
md5sum = cd649264b331499241abfcdb4e81672a
destination = ${buildout:directory}/parts/monitor-index
filename = index.cgi.in
mode = 0644
[index-template]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/webfiles/${:filename}
url = ${:_profile_base_location_}/webfile-directory/${:filename}
download-only = true
destination = ${buildout:directory}/parts/monitor-template-index
md5sum = e0d2aaeffc046b2ac6d9d717e1ba321d
......@@ -74,22 +74,31 @@ mode = 0644
[status-cgi]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/webfiles/${:filename}
url = ${:_profile_base_location_}/webfile-directory/${:filename}
download-only = true
md5sum = aa2764cab87e457410435974f729e906
md5sum = 4fb26753ee669b8ac90ffe33dbd12e8f
destination = ${buildout:directory}/parts/monitor-template-status-cgi
filename = status.cgi.in
mode = 0644
[settings-cgi]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/webfiles/${:filename}
url = ${:_profile_base_location_}/webfile-directory/${:filename}
download-only = true
md5sum = 18574b804da0c65d8670959f9e7c4774
md5sum = f19c8e4b94718d475520618ae57338c8
destination = ${buildout:directory}/parts/monitor-template-settings-cgi
filename = settings.cgi.in
mode = 0644
[monitor-password-cgi]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/webfile-directory/${:filename}
download-only = true
md5sum = 1a6153908934bf77e3e033eeabdc1675
destination = ${buildout:directory}/parts/monitor-template-monitor-password-cgi
filename = monitor-password.cgi.in
mode = 0644
[rss-bin]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/${:filename}
......@@ -108,9 +117,9 @@ logfile = $${directory:log}/crond.log
[download-static-files]
recipe = hexagonit.recipe.download
url = https://github.com/SlapOS/staticForMonitoring/blob/db670e7568871c69a64916d462ccb57629f1c77d/static-files.tar.gz?raw=true
url = https://github.com/SlapOS/staticForMonitoring/blob/8b7050faa2dd22592766e25b66b9efe0d0b216c9/static-files.tar.gz?raw=true
download-only = true
md5sum = 9e3feb2b520620d5b8d478eb9a9be6de
md5sum = 05030ff31dc75c2b96559dedc70945f5
filename = static-files.tar.gz
destination = ${buildout:directory}/parts/monitor-static-files
mode = 0644
......@@ -18,6 +18,7 @@ url = https://[$${slap-parameters:ipv6-random}]:$${:port}
index-filename = index.cgi
index-path = $${monitor-directory:www}/$${:index-filename}
db-path = $${monitor-directory:etc}/monitor.db
monitor-password-path = $${monitor-directory:etc}/.monitor.shadow
[monitor-directory]
recipe = slapos.cookbook:mkdirectory
......@@ -97,11 +98,14 @@ mode = 0644
recipe = slapos.recipe.template:jinja2
template = ${index:location}/${index:filename}
rendered = $${monitor-parameters:index-path}
update-apache-access = ${apache:location}/bin/htpasswd -cb $${monitor-parameters:htaccess-file} admin
mode = 0744
context =
key cgi_directory monitor-directory:cgi-bin
raw index_template $${deploy-index-template:location}/$${deploy-index-template:filename}
key password zero-parameters:monitor-password
key monitor_password_path monitor-parameters:monitor-password-path
key monitor_password_script_path deploy-monitor-password-cgi:rendered
key apache_update_command :update-apache-access
raw extra_eggs_interpreter ${buildout:directory}/bin/${extra-eggs:interpreter}
raw default_page /welcome.html
......@@ -139,6 +143,17 @@ context =
key pwd monitor-directory:knowledge0-cgi
key this_file :filename
[deploy-monitor-password-cgi]
recipe = slapos.recipe.template:jinja2
template = ${monitor-password-cgi:location}/${monitor-password-cgi:filename}
rendered = $${monitor-directory:knowledge0-cgi}/$${:filename}
filename = monitor-password.cgi
mode = 0744
context =
raw python_executable ${buildout:executable}
key pwd monitor-directory:knowledge0-cgi
key this_file :filename
[deploy-monitor-script]
recipe = slapos.recipe.template:jinja2
template = ${monitor-bin:location}/${monitor-bin:filename}
......@@ -159,12 +174,6 @@ context =
section directory monitor-directory
section monitor_parameters monitor-parameters
[monitor-htaccess]
recipe = plone.recipe.command
stop-on-error = true
htaccess-path = $${monitor-parameters:htaccess-file}
command = ${apache:location}/bin/htpasswd -cb $${:htaccess-path} admin $${zero-parameters:monitor-password}
[monitor-directory-access]
recipe = plone.recipe.command
command = ln -s $${:source} $${monitor-directory:private-directory}
......@@ -211,7 +220,6 @@ name = example.com
[public]
recipe = slapos.cookbook:zero-knowledge.write
filename = knowledge0.cfg
monitor-password = passwordtochange
[zero-parameters]
recipe = slapos.cookbook:zero-knowledge.read
......@@ -279,7 +287,7 @@ input = inline:
</Files>
AuthType Basic
AuthName "Private access"
AuthUserFile "$${monitor-htaccess:htaccess-path}"
AuthUserFile "$${monitor-parameters:htaccess-file}"
Require valid-user
Options Indexes FollowSymLinks
Satisfy all
......@@ -315,4 +323,3 @@ curl_path = ${curl:location}/bin/curl
[publish-connection-informations]
recipe = slapos.cookbook:publish
monitor_url = $${monitor-parameters:url}
IMPORTANT_monitor_info = Change the monitor_password as soon as possible ! Default is : $${public:monitor-password} . You can change it in the setting.cgi section of your monitorin interface
......@@ -7,6 +7,7 @@ import subprocess
import sys
import sqlite3
import time
import threading
from optparse import OptionParser, make_option
......@@ -34,6 +35,26 @@ option_list = [
help="add the file containing services\'pid to the files to monitor")
]
class Popen(subprocess.Popen):
__timeout = None
def timeout(self, delay, delay_before_kill=5):
if self.__timeout is not None: self.__timeout.cancel()
self.__timeout = threading.Timer(delay, self.stop, [delay_before_kill])
self.__timeout.start()
def waiter():
self.wait()
self.__timeout.cancel()
threading.Thread(target=waiter).start()
def stop(self, delay_before_kill=5):
if self.__timeout is not None: self.__timeout.cancel()
self.terminate()
t = threading.Timer(delay_before_kill, self.kill)
t.start()
r = self.wait()
t.cancel()
return r
def init_db():
db = sqlite3.connect(db_path)
......@@ -89,24 +110,26 @@ def runServices(directory):
def runScripts(directory):
scripts = getListOfScripts(directory)
script_timeout = 3
# XXX script_timeout could be passed as parameters
script_timeout = 60 # in seconds
result = {}
for script in scripts:
command = [os.path.join(promise_dir, script)]
script = os.path.basename(command[0])
result[script] = ''
process_handler = subprocess.Popen(command,
cwd=instance_path,
env=None if sys.platform == 'cygwin' else {},
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
process_handler = Popen(command,
cwd=instance_path,
env=None if sys.platform == 'cygwin' else {},
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
process_handler.stdin.flush()
process_handler.stdin.close()
process_handler.stdin = None
time.sleep(script_timeout)
process_handler.timeout(script_timeout)
process_handler.wait()
if process_handler.poll() is None:
process_handler.terminate()
......
......@@ -3,11 +3,12 @@
import cgi
import cgitb
import Cookie
import base64
import hashlib
import hmac
import jinja2
import json
import os
import subprocess
import sys
import urllib
cgitb.enable(display=0, logdir="/tmp/cgi.log")
......@@ -17,6 +18,58 @@ cookie = Cookie.SimpleCookie()
cgi_path = "{{ cgi_directory }}"
monitor_password_path = "{{ monitor_password_path }}"
monitor_password_script_path = "{{ monitor_password_script_path }}"
monitor_apache_password_command = "{{ apache_update_command }}"
########
# Password functions
#######
def crypt(word, salt="$$"):
salt = salt.split("$")
algo = salt[0] or 'sha1'
if algo in hashlib.algorithms:
H = getattr(hashlib, algo)
elif algo == "plain":
return "%s$%s" % (algo, word)
else:
raise ValueError
rounds = min(max(0, int(salt[1])), 30) if salt[1] else 9
salt = salt[2] or base64.b64encode(os.urandom(12), "./")
h = hmac.new(salt, word, H).digest()
for x in xrange(1, 1 << rounds):
h = H(h).digest()
return "%s$%s$%s$%s" % (algo, rounds, salt,
base64.b64encode(h, "./").rstrip("="))
def is_password_set():
if not os.path.exists(monitor_password_path):
return False
hashed_password = open(monitor_password_path, 'r').read()
try:
void, algo, salt, hsh = hashed_password.split('$')
except ValueError:
return False
return True
def set_password(raw_password):
hashed_password = crypt(raw_password)
subprocess.check_call(monitor_apache_password_command + " %s" % raw_password,
shell=True)
open(monitor_password_path, 'w').write(hashed_password)
def check_password(raw_password):
"""
Returns a boolean of whether the raw_password was correct. Handles
encryption formats behind the scenes.
"""
if not os.path.exists(monitor_password_path) or not raw_password:
return False
hashed_password = open(monitor_password_path, 'r').read()
return hashed_password == crypt(raw_password, hashed_password)
### End of password functions
def forward_form():
command = os.path.join(cgi_path, form['posting-script'].value)
......@@ -33,8 +86,10 @@ def forward_form():
pass
def return_document():
command = os.path.join(cgi_path, form['script'].value)
def return_document(command=None):
if not command:
script = form['script'].value
command = os.path.join(cgi_path, script)
#XXX this functions should be called only for display,
#so a priori it doesn't need form data
os.environ['QUERY_STRING'] = ''
......@@ -45,8 +100,8 @@ def return_document():
print open(command).read()
else:
raise OSError
except (subprocess.CalledProcessError, OSError):
print "<p>File cannot be found</p>"
except (subprocess.CalledProcessError, OSError) as e:
print "<p>Error :</p><pre>%s</pre>" % e
def make_menu():
......@@ -62,29 +117,48 @@ def make_menu():
return folder_list
# Beginning of response
print "Content-Type: text/html"
# Check if user is logged
if "password" in form:
password = form['password'].value
if password == '{{ password }}' :
cookie['password'] = password
print cookie, "; Path=/; HttpOnly"
else:
def get_cookie_password():
cookie_string = os.environ.get('HTTP_COOKIE')
if cookie_string:
cookie.load(cookie_string)
try:
password = cookie['password'].value
return cookie['password'].value
except KeyError:
password = None
else:
password = None
pass
return None
def set_cookie_password(password):
cookie['password'] = password
print cookie, "; Path=/; HttpOnly"
# Beginning of response
print "Content-Type: text/html"
password = None
# Check if user is logged
if "password_2" in form and "password" in form:
password_2 = form['password_2'].value
password_1 = form['password'].value
password = get_cookie_password()
if not is_password_set() or check_password(password):
if password_2 == password_1:
password = password_1
set_password(password)
set_cookie_password(password)
elif "password" in form:
password = form['password'].value
if is_password_set() and check_password(password):
set_cookie_password(password)
else:
password = get_cookie_password()
print '\n'
if not password or password != '{{ password }}':
if not is_password_set():
return_document(monitor_password_script_path)
elif not check_password(password):
print "<html><head>"
print """
<link rel="stylesheet" href="pure-min.css">
......@@ -101,7 +175,6 @@ if not password or password != '{{ password }}':
<button type="submit" class="pure-button pure-button-primary">Access</button>
</form>
</body></html>"""
# redirection to the required script/page
else:
print
......
#!{{ python_executable }}
import cgitb
cgitb.enable()
print "<html><head>"
print """
<script type="text/javascript" src="/jquery-1.10.2.min.js"></script>
<link rel="stylesheet" href="pure-min.css">
<link rel="stylesheet" href="/style.css">"""
print "</head><body>"
print "<h1>This is the monitoring interface</h1>"
print "<h2>Please set your password for later access</h2>"
print """
<form action="/index.cgi" method="post" class="pure-form-aligned">
<div class="pure-control-group">
<label for="password">Password*:</label>
<input placeholder="Set your password" type="password" name="password" id="password"></br>
</div><div class="pure-control-group">
<label for="password">Verify Password*:</label>
<input placeholder="Verify password" type="password" name="password_2" id="password_2"></br>
</div><p id="validate-status" style="color:red"></p>
<div class="pure-controls">
<button id="register-button" type="submit" class="pure-button pure-button-primary" disabled>Access</button></div>
</form>
<script type="text/javascript" src="monitor-register.js"></script>
</body></html>
"""
......@@ -17,14 +17,19 @@ config_file = "{{ config_cfg }}"
if not os.path.exists(config_file):
print "Your software does <b>not</b> embed 0-knowledge. \
This interface is useless in this case"
This interface is useless in this case</body></html>"
exit(0)
parser = ConfigParser.ConfigParser()
parser.read(config_file)
if not parser.has_section('public'):
print "<p>Your software does not use 0-knowledge settings.</p></body></html>"
exit(0)
for name in form:
parser.set('public', name, form[name].value)
if parser.has_option('public', name):
parser.set('public', name, form[name].value)
with open(config_file, 'w') as file:
parser.write(file)
......
......@@ -3,6 +3,7 @@
import cgi
import cgitb
import json
import os
import subprocess
def refresh():
......@@ -11,10 +12,21 @@ def refresh():
cgitb.enable(display=0, logdir="/tmp/cgi.log")
form = cgi.FieldStorage()
if "refresh" in form:
refresh()
json_file = "{{ json_file }}"
if not os.path.exists(json_file) or "refresh" in form:
refresh()
if not os.path.exists(json_file):
print """<html><head>
<link rel="stylesheet" href="pure-min.css">
<link rel="stylesheet" href="/style.css">
</head><body>
<h1>Monitoring :</h1>
No status file found</p></body></html>"""
exit(0)
result = json.load(open(json_file))
print "<html><head>"
......@@ -33,7 +45,7 @@ print "<br/>"
print "<h2>These scripts and promises have failed :</h2>"
for r in result:
if result[r] != '':
print "<h3>%s</h3><p style=\"padding-left:30px;\">%s</p>" % (r, result[r])
print "<h3>%s</h3><pre style=\"padding-left:30px;\">%s</pre>" % (cgi.escape(r), cgi.escape(result[r]))
print "<br/>"
print "<h2>These scripts and promises were successful :</h2>"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment