sheppy/athq-vm-management
1
0
Fork 0
mirror of https://github.com/FAUSheppy/athq-vm-management synced 2025-12-06 05:41:35 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: nginx autoconf

Browse Source
This commit is contained in:
Johnathen Sheppard
2022-12-21 12:18:37 +01:00
parent 55b5768acb
commit a57ffadf8a
2 changed files with 86 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
main.py
View File

@@ -1,12 +1,51 @@
import json import json
import vm import vm
ACME_CONTENT = '''
location /.well-known/acme-challenge/ {
auth_basic off;
alias /var/www/.well-known/acme-challenge/;
}
'''
if __name__ == "__main__": if __name__ == "__main__":
FILE = "vms.json" FILE = "vms.json"
with open(FILE) as f: with open(FILE) as f:
jsonList = json.load(f) jsonList = json.load(f)
vmList = [ vm.VM(obj) for obj in jsonList ] vmList = []
for obj in jsonList:
try:
vmo = vm.VM(obj)
vmList.append(vmo)
except ValueError as e:
print(e)
for vmo in vmList: with open("./build/stream_include.conf", "w") as f:
[ print(c) for c in vmo.dumpHAProxyComponents()] for vmo in vmList:
[ print(c) for c in vmo.dumpStreamComponents()]
[ f.write(c) for c in vmo.dumpStreamComponents()]
with open("./build/http_include.conf", "w") as f:
for vmo in vmList:
[ print(c) for c in vmo.dumpServerComponents()]
[ f.write(c) for c in vmo.dumpServerComponents()]
with open("./build/acme-challenge.conf", "w") as f:
f.write(ACME_CONTENT)
with open("./build/cert.sh", "w") as f:
f.write("certbot certonly --webroot -w /var/www \\")
domains = []
for vmo in vmList:
for subdomain in vmo.subdomains:
if type(subdomain) == dict:
domains.append(subdomain["name"])
else:
domains.append(subdomain)
for d in set(domains):
f.write(" -d {} \\".format(d))
f.write("--rsa-key-size 2048 --expand")

83
vm.py
View File

@@ -1,32 +1,10 @@
import libvirt import libvirt
import jinja2
BASE_DOMAIN = "new.atlantishq.de"
HA_PROXY_TEMPLATE_PORT = '''
listen {name}
bind 0.0.0.0:{port}
mode {proto}
timeout connect 4000
timeout client 180000
timeout client 180000
server srv1 {ip}
'''
HA_PROXY_TEMPLATE_SNI = '''
frontend {subdomain}.{basedomain}
bind 0.0.0.0:80
bind 0.0.0.0:443 ssl
http-request redirect scheme https unless {{ ssl_fc }}
default_backend {name}
backend {name}
server srv1 {ip} check maxconn 20
'''
class VM: class VM:
environment = jinja2.Environment(loader=jinja2.FileSystemLoader(searchpath="./templates"))
def __init__(self, args): def __init__(self, args):
self.hostname = args.get("hostname") self.hostname = args.get("hostname")
@@ -47,26 +25,49 @@ class VM:
raise ValueError("Hostname {} doesn't have a DHCP lease".format(self.hostname)) raise ValueError("Hostname {} doesn't have a DHCP lease".format(self.hostname))
def dumpHAProxyComponents(self): def dumpStreamComponents(self):
components = []
# port forwarding components # # port forwarding components #
for pObj in self.ports: components = []
name = str(pObj.get("name")).replace(" ", "") template = self.environment.get_template("nginx_server_block.conf.j2")
portOrRange = str(pObj.get("port")).replace(" ", "")
proto = pObj.get("proto") or "tcp"
compositeName = "-".join((self.hostname, name, portOrRange, proto))
component = HA_PROXY_TEMPLATE_PORT.format(name=compositeName, port=portOrRange, for portStruct in self.ports:
proto=proto, ip=self.ip)
components.append(component)
# https components # name = str(portStruct.get("name")).replace(" ", "")
for subdomain in self.subdomains: portstring = str(portStruct.get("port")).replace(" ", "")
compositeName = "-".join((self.hostname, subdomain.replace(".","-"))) transparent = portStruct.get("transparent")
component = HA_PROXY_TEMPLATE_SNI.format(name=compositeName, basedomain=BASE_DOMAIN, proto = portStruct.get("proto") or "tcp"
ip=self.ip, subdomain=subdomain) isUDP = proto == "udp"
compositeName = "-".join((self.hostname, name, portstring, proto))
component = template.render(targetip=self.ip, udp=isUDP, portstring=portstring,
transparent=transparent)
components.append(component)
return components
def dumpServerComponents(self):
# https components #
components = []
template = self.environment.get_template("nginx_server_block.conf.j2")
targetport = 80
if all([type(e) == dict for e in self.subdomains]):
for subdomain in self.subdomains:
compositeName = "-".join((self.hostname, subdomain["name"].replace(".","-")))
targetport = subdomain["port"]
component = template.render(targetip=self.ip, targetport=targetport,
servernames=[subdomain["name"]], comment=compositeName)
components.append(component)
elif any([type(e) == dict for e in self.subdomains]):
raise ValueError("Mixed subdomains not allowed - must be all complex or all simple")
else:
compositeName = "-".join((self.hostname, self.subdomains[0].replace(".","-")))
component = template.render(targetip=self.ip, targetport=targetport,
servernames=self.subdomains, comment=compositeName)
components.append(component) components.append(component)
return components return components