mirror of
https://github.com/FAUSheppy/athq-vm-management
synced 2025-12-06 05:41:35 +01:00
Compare commits
3 Commits
9cb5204fec
...
c8640eb035
| Author | SHA1 | Date | |
|---|---|---|---|
| c8640eb035 | |||
| 2a9559642b | |||
| ac2fbfdef2 |
8
nginx.py
8
nginx.py
@@ -32,7 +32,7 @@ def dump_config(vmList, masterAddress):
|
||||
for vmo in vmList:
|
||||
relevant_subdomains = filter(lambda x: x.get("no-terminate-ssl"), vmo.subdomains)
|
||||
for s in relevant_subdomains:
|
||||
print(s, "ssl_target_port", s.get("ssl_target_port"))
|
||||
# print(s, "ssl_target_port", s.get("ssl_target_port"))
|
||||
# build the map contents #
|
||||
if s.get("include-subdomains"):
|
||||
match = "~.*{}".format(s.get("name"))
|
||||
@@ -66,7 +66,7 @@ def dump_config(vmList, masterAddress):
|
||||
for vmo in vmList:
|
||||
for subdomain in vmo.subdomains:
|
||||
if vmo.noTerminateACME:
|
||||
print("Not terminating ACME for: {}".format(subdomain))
|
||||
print("Not terminating ACME for: {}".format(subdomain.get("name")))
|
||||
continue
|
||||
if type(subdomain) == dict:
|
||||
domains.append(subdomain["name"])
|
||||
@@ -95,10 +95,10 @@ def dump_config(vmList, masterAddress):
|
||||
f.write(content)
|
||||
|
||||
def check_transparent_proxy_loader():
|
||||
retcode = os.system("systemctl is-enabled nginx-iptables.service")
|
||||
retcode = os.system("systemctl -q is-enabled nginx-iptables.service")
|
||||
if retcode != 0:
|
||||
print("############################ WARNING ###############################")
|
||||
print("+++ You may have transparent proxy rules but the service to load +++")
|
||||
print("+++ them is not enabled or missing, a restart WILL break your +++")
|
||||
print("+++ setup! Add see nginx-iptables.service in the project root +++")
|
||||
print("+++ setup! Look at nginx-iptables.service in the project root +++")
|
||||
print("############################ WARNING ###############################")
|
||||
|
||||
18
vm.py
18
vm.py
@@ -1,4 +1,5 @@
|
||||
import libvirt
|
||||
import json
|
||||
import jinja2
|
||||
|
||||
class VM:
|
||||
@@ -36,6 +37,8 @@ class VM:
|
||||
network = con.networkLookupByName(self.network)
|
||||
leases = network.DHCPLeases()
|
||||
for l in leases:
|
||||
if not l.get("type") == 0: # FIXME: only ipv4 for now
|
||||
continue
|
||||
if l.get("hostname") == self.hostname:
|
||||
return l
|
||||
|
||||
@@ -91,7 +94,14 @@ class VM:
|
||||
components = []
|
||||
template = self.environment.get_template("nginx_stream_block.conf.j2")
|
||||
if not self.isExternal:
|
||||
self.sshOutsidePort = 7000 + int(self.ip.split(".")[-1])
|
||||
|
||||
try:
|
||||
self.sshOutsidePort = 7000 + int(self.ip.split(".")[-1])
|
||||
except ValueError as e:
|
||||
print(f"Warning: {self.hostname} Invalid IP (IPv6 is not supported) {e}",
|
||||
file=sys.stderr)
|
||||
return []
|
||||
|
||||
component = template.render(targetip=self.ip, udp=False,
|
||||
portstring=self.sshOutsidePort,
|
||||
targetportoverwrite=7000,
|
||||
@@ -136,7 +146,7 @@ class VM:
|
||||
for subdomain in self.subdomains:
|
||||
|
||||
if subdomain.get("no-terminate-ssl"):
|
||||
print("Not terminating TLS for: {}".format(subdomain))
|
||||
print("Not terminating TLS for: {}".format(subdomain.get("name")))
|
||||
|
||||
if type(subdomain) != dict:
|
||||
raise ValueError("Subdomain must be object containing 'name' ")
|
||||
@@ -158,6 +168,10 @@ class VM:
|
||||
if subdomain.get("include-subdomains") and not subdomain.get("no-terminate-ssl"):
|
||||
raise ValueError("Wildcard Subdomain not supported with SSL Termination")
|
||||
|
||||
if "port" in subdomain and "no-terminate-ssl" in subdomain:
|
||||
print(json.dumps(subdomain, indent=2))
|
||||
raise ValueError("'port' is not allowed with no-terminate-ssl subdomain, use http_target_port and ssl_target_port")
|
||||
|
||||
component = template.render(targetip=self.ip, targetport=targetport,
|
||||
servernames=[subdomain["name"]], comment=compositeName,
|
||||
proxy_pass_blob=self.proxy_pass_blob,
|
||||
|
||||
Reference in New Issue
Block a user