sheppy/athq-vm-management
1
0
Fork 0
mirror of https://github.com/FAUSheppy/athq-vm-management synced 2025-12-07 06:11:35 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: extract and make optional

Browse Source
This commit is contained in:
Johnathen Sheppard
2023-01-14 03:55:26 +01:00
parent 683282c237
commit f13043e77a
3 changed files with 122 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

122
main.py
View File

@@ -1,120 +1,60 @@
import json import json
import argparse
import vm import vm
import sys import sys
import jinja2 import jinja2
import icinga import icinga
import backup import backup
import nginx
ACME_CONTENT = ''' import pyansible
location /.well-known/acme-challenge/ {
auth_basic off;
alias /var/www/.well-known/acme-challenge/;
}
'''
MASTER_ADDRESS = "atlantishq.de" MASTER_ADDRESS = "atlantishq.de"
if __name__ == "__main__": if __name__ == "__main__":
password = None parser = argparse.ArgumentParser(description='AtlantisHQ VM Management Script',
with open("password.txt") as f: formatter_class=argparse.ArgumentDefaultsHelpFormatter)
password = f.read().strip("\n")
parser.add_argument("--backup", action="store_const", default=False, const=True)
parser.add_argument("--skip-ansible", action="store_const", default=True, const=False)
parser.add_argument("--skip-nginx", action="store_const", default=True, const=False)
parser.add_argument("--skip-icinga", action="store_const", default=True, const=False)
parser.add_argument("--skip-ssh-config", action="store_const", default=True, const=False)
args = parser.parse_args()
FILE = "./config/vms.json" FILE = "./config/vms.json"
vmList = []
with open(FILE) as f: with open(FILE) as f:
jsonList = json.load(f) jsonList = json.load(f)
vmList = []
for obj in jsonList: for obj in jsonList:
try: try:
vmo = vm.VM(obj) vmo = vm.VM(obj)
vmList.append(vmo) vmList.append(vmo)
except ValueError as e: except ValueError as e:
print(e, file=sys.stderr) print(e, file=sys.stderr)
# dump nginx config #
if args.skip_nginx:
nginx.dump_config(vmList, MASTER_ADDRESS)
with open("/etc/nginx/iptables.sh", "w") as f:
f.write("ip route add local 0.0.0.0/0 dev lo table 100\n")
f.write("ip rule add fwmark 1 lookup 100\n")
for vmo in vmList:
[ f.write(c) for c in vmo.dumpIptables()]
with open("/etc/nginx/iptables-clear.sh", "w") as f:
f.write("ip route delete local 0.0.0.0/0 dev lo table 100\n")
f.write("ip rule delete fwmark 1 lookup 100\n")
for vmo in vmList:
[ f.write(c) for c in vmo.dumpIptables(remove=True)]
with open("/etc/nginx/stream_include.conf", "w") as f:
for vmo in vmList:
[ f.write(c) for c in vmo.dumpStreamComponents()]
for vmo in set(vmList):
[ f.write(c) for c in vmo.dumpSshFowardsNginx()]
with open("/etc/nginx/http_include.conf", "w") as f:
for vmo in vmList:
[ f.write(c) for c in vmo.dumpServerComponents()]
with open("/etc/nginx/acme-challenge.conf", "w") as f:
f.write(ACME_CONTENT)
with open("/etc/nginx/cert.sh", "w") as f:
f.write("certbot certonly --webroot -w /var/www \\\n")
domains = []
for vmo in vmList:
for subdomain in vmo.subdomains:
if vmo.noTerminateACME:
print("Not terminating ACME for: {}".format(subdomain))
continue
if type(subdomain) == dict:
domains.append(subdomain["name"])
else:
domains.append(subdomain)
f.write(" -d {} \\\n".format(MASTER_ADDRESS))
for d in set(domains):
if d == MASTER_ADDRESS:
continue
f.write(" -d {} \\\n".format(d))
f.write("--rsa-key-size 2048 --expand")
with open("/etc/nginx/nginx.conf", "w") as f:
with open("./config/nginx.json") as j:
nginxJson = json.load(j)
env = jinja2.Environment(loader=jinja2.FileSystemLoader(searchpath="./templates"))
template = env.get_template("nginx.conf.j2")
content = template.render(nginxJson)
f.write(content)
# dump icinga master # dump icinga master
icinga.createMasterHostConfig(vmList) if args.skip_icinga:
icinga.createMasterHostConfig(vmList)
# dump ansible # dump ansible
with open("./ansible/hosts.ini", "w") as f: if args.skip_ansible:
env = jinja2.Environment(loader=jinja2.FileSystemLoader(searchpath="./templates")) pyansible.dump_config(vmList)
template = env.get_template("hosts.ini.j2")
for vmo in set(vmList):
if vmo.ansible:
f.write(template.render(hostname=vmo.hostname, ip=vmo.ip))
f.write("\n")
# dump ansible
with open("./ansible/files/nsca_server.conf", "w") as f:
env = jinja2.Environment(loader=jinja2.FileSystemLoader(searchpath="./templates"))
template = env.get_template("nsca_server.conf.j2")
f.write(template.render(vmList=sorted(list(set(filter(lambda x: x.ansible, vmList)))),
password=password))
# dump direct connect ssh-config # dump direct connect ssh-config
with open("./ssh_config_for_clients", "w") as f: if args.skip_ssh_config:
for vmo in filter(lambda x: x.sshOutsidePort, set(vmList)): with open("./ssh_config_for_clients", "w") as f:
f.write("Host {}\n".format(vmo.hostname + "." + MASTER_ADDRESS)) for vmo in filter(lambda x: x.sshOutsidePort, set(vmList)):
f.write(" Port {}\n".format(vmo.sshOutsidePort)) f.write("Host {}\n".format(vmo.hostname + "." + MASTER_ADDRESS))
f.write(" User root\n") f.write(" Port {}\n".format(vmo.sshOutsidePort))
f.write("\n") f.write(" User root\n")
f.write("\n")
# backup # # backup #
with open("./config/backup.json") as f: if args.backup:
backup.createBackupScriptStructure(json.load(f), baseDomain=MASTER_ADDRESS) with open("./config/backup.json") as f:
backup.createBackupScriptStructure(json.load(f), baseDomain=MASTER_ADDRESS)

68
nginx.py Normal file
View File

@@ -0,0 +1,68 @@
import jinja2
import json
ACME_CONTENT = '''
location /.well-known/acme-challenge/ {
auth_basic off;
alias /var/www/.well-known/acme-challenge/;
}
'''
def dump_config(vmList, masterAddress):
with open("/etc/nginx/iptables.sh", "w") as f:
f.write("ip route add local 0.0.0.0/0 dev lo table 100\n")
f.write("ip rule add fwmark 1 lookup 100\n")
for vmo in vmList:
[ f.write(c) for c in vmo.dumpIptables()]
with open("/etc/nginx/iptables-clear.sh", "w") as f:
f.write("ip route delete local 0.0.0.0/0 dev lo table 100\n")
f.write("ip rule delete fwmark 1 lookup 100\n")
for vmo in vmList:
[ f.write(c) for c in vmo.dumpIptables(remove=True)]
with open("/etc/nginx/stream_include.conf", "w") as f:
for vmo in vmList:
[ f.write(c) for c in vmo.dumpStreamComponents()]
for vmo in set(vmList):
[ f.write(c) for c in vmo.dumpSshFowardsNginx()]
with open("/etc/nginx/http_include.conf", "w") as f:
for vmo in vmList:
[ f.write(c) for c in vmo.dumpServerComponents()]
with open("/etc/nginx/acme-challenge.conf", "w") as f:
f.write(ACME_CONTENT)
with open("/etc/nginx/cert.sh", "w") as f:
f.write("certbot certonly --webroot -w /var/www \\\n")
domains = []
for vmo in vmList:
for subdomain in vmo.subdomains:
if vmo.noTerminateACME:
print("Not terminating ACME for: {}".format(subdomain))
continue
if type(subdomain) == dict:
domains.append(subdomain["name"])
else:
domains.append(subdomain)
f.write(" -d {} \\\n".format(masterAddress))
for d in set(domains):
if d == masterAddress:
continue
f.write(" -d {} \\\n".format(d))
f.write("--rsa-key-size 2048 --expand")
with open("/etc/nginx/nginx.conf", "w") as f:
with open("./config/nginx.json") as j:
nginxJson = json.load(j)
env = jinja2.Environment(loader=jinja2.FileSystemLoader(searchpath="./templates"))
template = env.get_template("nginx.conf.j2")
content = template.render(nginxJson)
f.write(content)

23
pyansible.py Normal file
View File

@@ -0,0 +1,23 @@
import jinja2
def dump_config(vmList):
password = None
with open("password.txt") as f:
password = f.read().strip("\n")
# dump ansible
with open("./ansible/hosts.ini", "w") as f:
env = jinja2.Environment(loader=jinja2.FileSystemLoader(searchpath="./templates"))
template = env.get_template("hosts.ini.j2")
for vmo in set(vmList):
if vmo.ansible:
f.write(template.render(hostname=vmo.hostname, ip=vmo.ip))
f.write("\n")
# dump ansible
with open("./ansible/files/nsca_server.conf", "w") as f:
env = jinja2.Environment(loader=jinja2.FileSystemLoader(searchpath="./templates"))
template = env.get_template("nsca_server.conf.j2")
f.write(template.render(vmList=sorted(list(set(filter(lambda x: x.ansible, vmList)))),
password=password))