From 0f8e56a6682824ef3f56713e457d6d918d3b644f Mon Sep 17 00:00:00 2001 From: bunkerity Date: Thu, 27 May 2021 14:41:21 +0200 Subject: [PATCH] templating - fixing bugs with autoconf --- autoconf/AutoConf.py | 24 ++++++++---- autoconf/Config.py | 55 ++++---------------------- confs/global/nginx.conf | 2 +- confs/site/fastcgi.conf | 2 +- gen/main.py | 2 +- settings.json | 86 ----------------------------------------- 6 files changed, 28 insertions(+), 143 deletions(-) diff --git a/autoconf/AutoConf.py b/autoconf/AutoConf.py index 491aa92..e819e33 100644 --- a/autoconf/AutoConf.py +++ b/autoconf/AutoConf.py @@ -1,5 +1,4 @@ -# TODO : hard tests, jobs, check state when generating env, ... - +# TODO : hard tests, jobs if swarm mode, check state when generating env, ... from Config import Config import utils import os @@ -23,17 +22,28 @@ class AutoConf : def __gen_env(self) : self.__env.clear() # TODO : check actual state (e.g. : running ?) - for instance in self.__instances : - (id, name, labels) = self.__get_infos(self.__instances[instance]) - for label in labels : - if label.startswith("bunkerized-nginx.") : - self.__env[label.replace("bunkerized-nginx.", "", 1)] = labels[label] + for id, instance in self.__instances.items() : + env = [] + if self.__swarm : + env = instance.attrs["Spec"]["TaskTemplate"]["ContainerSpec"]["Env"] + else : + env = instance.attrs["Config"]["Env"] + for entry in env : + self.__env[entry.split("=")[0]] = entry.replace(entry.split("=")[0] + "=", "", 1) + if not "SERVER_NAME" in self.__env or self.__env["SERVER_NAME"] == "" : + self.__env["SERVER_NAME"] = [] + else : + self.__env["SERVER_NAME"] = self.__env["SERVER_NAME"].split(" ") for server in self.__servers : (id, name, labels) = self.__get_infos(self.__servers[server]) first_server = labels["bunkerized-nginx.SERVER_NAME"].split(" ")[0] for label in labels : if label.startswith("bunkerized-nginx.") : self.__env[first_server + "_" + label.replace("bunkerized-nginx.", "", 1)] = labels[label] + for server_name in labels["bunkerized-nginx.SERVER_NAME"].split(" ") : + if not server_name in self.__env["SERVER_NAME"] : + self.__env["SERVER_NAME"].append(server_name) + self.__env["SERVER_NAME"] = " ".join(self.__env["SERVER_NAME"]) def pre_process(self, objs) : for instance in objs : diff --git a/autoconf/Config.py b/autoconf/Config.py index 09ce6c9..bc20143 100644 --- a/autoconf/Config.py +++ b/autoconf/Config.py @@ -60,7 +60,7 @@ class Config : def generate(self, env) : try : - # Write environment variables to fs + # Write environment variables to a file with open("/tmp/variables.env", "w") as f : for k, v in env.items() : f.write(k + "=" + v + "\n") @@ -68,8 +68,13 @@ class Config : # Call the generator proc = subprocess.run(["/bin/su", "-c", "/opt/gen/main.py --settings /opt/settings.json --templates /opt/confs --output /etc/nginx --variables /tmp/variables.env", "nginx"], capture_output=True) - # Print stdout/stderr just in case - # TODO + # Print stdout/stderr + stdout = proc.stdout.decode("ascii") + stderr = proc.stderr.decode("ascii") + if proc.stdout != "": + utils.log("[*] Generator output : " + stdout) + if proc.stderr != "" : + utils.log("[*] Generator error : " + stderr) # We're done if proc.returncode == 0 : @@ -80,50 +85,6 @@ class Config : utils.log("[!] Exception while generating site config : " + str(e)) return False - def activate(self, instances, vars, reload=True) : - try : - # Get first server name - first_server_name = vars["SERVER_NAME"].split(" ")[0] - - # Check if file exists - if not os.path.isfile("/etc/nginx/" + first_server_name + "/server.conf") : - utils.log("[!] /etc/nginx/" + first_server_name + "/server.conf doesn't exist") - return False - - # Include the server conf - utils.replace_in_file("/etc/nginx/nginx.conf", "}", "include /etc/nginx/" + first_server_name + "/server.conf;\n}") - - # Reload - if not reload or self.reload(instances) : - return True - - except Exception as e : - utils.log("[!] Exception while activating config : " + str(e)) - - return False - - def deactivate(self, instances, vars) : - try : - # Get first server name - first_server_name = vars["SERVER_NAME"].split(" ")[0] - - # Check if file exists - if not os.path.isfile("/etc/nginx/" + first_server_name + "/server.conf") : - utils.log("[!] /etc/nginx/" + first_server_name + "/server.conf doesn't exist") - return False - - # Remove the include - utils.replace_in_file("/etc/nginx/nginx.conf", "include /etc/nginx/" + first_server_name + "/server.conf;\n", "") - - # Reload - if self.reload(instances) : - return True - - except Exception as e : - utils.log("[!] Exception while deactivating config : " + str(e)) - - return False - def reload(self, instances) : return self.__api_call(instances, "/reload") diff --git a/confs/global/nginx.conf b/confs/global/nginx.conf index 0db66c9..554d104 100644 --- a/confs/global/nginx.conf +++ b/confs/global/nginx.conf @@ -120,7 +120,7 @@ http { {% set map_servers = {} %} {% for server_name in SERVER_NAME.split(" ") %} {% if server_name + "_SERVER_NAME" in all %} - {% set x = map_servers.update({server_name : [all[server_name] + "_SERVER_NAME"].split(" ")}) %} + {% set x = map_servers.update({server_name : all[server_name + "_SERVER_NAME"].split(" ")}) %} {% endif %} {% endfor %} {% for server_name in SERVER_NAME.split(" ") %} diff --git a/confs/site/fastcgi.conf b/confs/site/fastcgi.conf index c4712cc..8708187 100644 --- a/confs/site/fastcgi.conf +++ b/confs/site/fastcgi.conf @@ -1,4 +1,4 @@ -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param SCRIPT_FILENAME {{ REMOTE_PHP_PATH }}/$fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; diff --git a/gen/main.py b/gen/main.py index e2eccf4..bf8701f 100755 --- a/gen/main.py +++ b/gen/main.py @@ -56,7 +56,7 @@ if __name__ == "__main__" : templator.render_global() if config["MULTISITE"] == "no" : templator.render_site() - else : + elif config["SERVER_NAME"] != "" : # Compute a dict of first_server: [list of server_name] map_servers = {} for server_name in config["SERVER_NAME"].split(" ") : diff --git a/settings.json b/settings.json index 6ae7477..827b4ab 100644 --- a/settings.json +++ b/settings.json @@ -1118,92 +1118,6 @@ } ] }, - "CRON": { - "id": "cron", - "params": [ - { - "context": "global", - "default": "15 0 * * *", - "env": "AUTO_LETS_ENCRYPT_CRON", - "id": "auto-lets-encrypt-cron", - "label": "Cron for certbot", - "regex": "^\\S+$", - "type": "text" - }, - { - "context": "global", - "default": "30 0 * * *", - "env": "BLOCK_USER_AGENT_CRON", - "id": "block-user-agent-cron", - "label": "Cron for User-Agent", - "regex": "^\\S+$", - "type": "text" - }, - { - "context": "global", - "default": "0 */1 * * *", - "env": "BLOCK_TOR_EXIT_NODE_CRON", - "id": "block-tor-exit-node-cron", - "label": "Cron for TOR exit nodes", - "regex": "^\\S+$", - "type": "text" - }, - { - "context": "global", - "default": "0 3 * * *", - "env": "BLOCK_PROXIES_CRON", - "id": "block-proxies-cron", - "label": "Cron for proxies", - "regex": "^\\S+$", - "type": "text" - }, - { - "context": "global", - "default": "0 2 * * *", - "env": "BLOCK_ABUSERS_CRON", - "id": "block-abusers-cron", - "label": "Cron for abusers", - "regex": "^\\S+$", - "type": "text" - }, - { - "context": "global", - "default": "45 0 * * *", - "env": "BLOCK_REFERRER_CRON", - "id": "block-referrer-cron", - "label": "Cron for referrer", - "regex": "^\\S+$", - "type": "text" - }, - { - "context": "global", - "default": "0 4 2 * *", - "env": "GEOIP_CRON", - "id": "block-geoip-cron", - "label": "Cron for GeoIP", - "regex": "^\\S+$", - "type": "text" - }, - { - "context": "global", - "default": "30 1 * * *", - "env": "USE_CLAMAV_SCAN_CRON", - "id": "use-clamav-scan-cron", - "label": "Cron for ClamAV scan", - "regex": "^\\S+$", - "type": "text" - }, - { - "context": "global", - "default": "0 1 * * *", - "env": "CLAMAV_UPDATE_CRON", - "id": "clamav-update-cron", - "label": "Cron for ClamAV update", - "regex": "^\\S+$", - "type": "text" - } - ] - }, "nginx": { "id": "nginx", "params": [