sheppy/athq-vm-management
1
0
Fork 0
mirror of https://github.com/FAUSheppy/athq-vm-management synced 2025-12-09 23:08:33 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: sheppy:9cb5204fecb5384ee08c40dde45f3f99b29016f8
Branches Tags
sheppy:master
...
compare: sheppy:c8640eb035d2b63b682accc87c090d0980d1e178
Branches Tags
sheppy:master

3 Commits
9cb5204fec ... c8640eb035

Author SHA1 Message Date
Yannik Schmidt
c8640eb035 fix: cleanup stdout output 2025-10-27 14:13:53 +01:00
Yannik Schmidt
2a9559642b fix: simple warnings/handlers for ipv6 2025-10-27 14:13:51 +01:00
Yannik Schmidt
ac2fbfdef2 fix: add error for invalid port config 2025-10-27 14:13:36 +01:00
2 changed files with 20 additions and 6 deletions
Expand all files Collapse all files

8
nginx.py
View File

@@ -32,7 +32,7 @@ def dump_config(vmList, masterAddress):
for vmo in vmList: for vmo in vmList:
relevant_subdomains = filter(lambda x: x.get("no-terminate-ssl"), vmo.subdomains) relevant_subdomains = filter(lambda x: x.get("no-terminate-ssl"), vmo.subdomains)
for s in relevant_subdomains: for s in relevant_subdomains:
print(s, "ssl_target_port", s.get("ssl_target_port")) # print(s, "ssl_target_port", s.get("ssl_target_port"))
# build the map contents # # build the map contents #
if s.get("include-subdomains"): if s.get("include-subdomains"):
match = "~.*{}".format(s.get("name")) match = "~.*{}".format(s.get("name"))
@@ -66,7 +66,7 @@ def dump_config(vmList, masterAddress):
for vmo in vmList: for vmo in vmList:
for subdomain in vmo.subdomains: for subdomain in vmo.subdomains:
if vmo.noTerminateACME: if vmo.noTerminateACME:
print("Not terminating ACME for: {}".format(subdomain)) print("Not terminating ACME for: {}".format(subdomain.get("name")))
continue continue
if type(subdomain) == dict: if type(subdomain) == dict:
domains.append(subdomain["name"]) domains.append(subdomain["name"])
@@ -95,10 +95,10 @@ def dump_config(vmList, masterAddress):
f.write(content) f.write(content)
def check_transparent_proxy_loader(): def check_transparent_proxy_loader():
retcode = os.system("systemctl is-enabled nginx-iptables.service") retcode = os.system("systemctl -q is-enabled nginx-iptables.service")
if retcode != 0: if retcode != 0:
print("############################ WARNING ###############################") print("############################ WARNING ###############################")
print("+++ You may have transparent proxy rules but the service to load +++") print("+++ You may have transparent proxy rules but the service to load +++")
print("+++ them is not enabled or missing, a restart WILL break your +++") print("+++ them is not enabled or missing, a restart WILL break your +++")
print("+++ setup! Add see nginx-iptables.service in the project root +++") print("+++ setup! Look at nginx-iptables.service in the project root +++")
print("############################ WARNING ###############################") print("############################ WARNING ###############################")

16
vm.py
View File

@@ -1,4 +1,5 @@
import libvirt import libvirt
import json
import jinja2 import jinja2
class VM: class VM:
@@ -36,6 +37,8 @@ class VM:
network = con.networkLookupByName(self.network) network = con.networkLookupByName(self.network)
leases = network.DHCPLeases() leases = network.DHCPLeases()
for l in leases: for l in leases:
if not l.get("type") == 0: # FIXME: only ipv4 for now
continue
if l.get("hostname") == self.hostname: if l.get("hostname") == self.hostname:
return l return l
@@ -91,7 +94,14 @@ class VM:
components = [] components = []
template = self.environment.get_template("nginx_stream_block.conf.j2") template = self.environment.get_template("nginx_stream_block.conf.j2")
if not self.isExternal: if not self.isExternal:
try:
self.sshOutsidePort = 7000 + int(self.ip.split(".")[-1]) self.sshOutsidePort = 7000 + int(self.ip.split(".")[-1])
except ValueError as e:
print(f"Warning: {self.hostname} Invalid IP (IPv6 is not supported) {e}",
file=sys.stderr)
return []
component = template.render(targetip=self.ip, udp=False, component = template.render(targetip=self.ip, udp=False,
portstring=self.sshOutsidePort, portstring=self.sshOutsidePort,
targetportoverwrite=7000, targetportoverwrite=7000,
@@ -136,7 +146,7 @@ class VM:
for subdomain in self.subdomains: for subdomain in self.subdomains:
if subdomain.get("no-terminate-ssl"): if subdomain.get("no-terminate-ssl"):
print("Not terminating TLS for: {}".format(subdomain)) print("Not terminating TLS for: {}".format(subdomain.get("name")))
if type(subdomain) != dict: if type(subdomain) != dict:
raise ValueError("Subdomain must be object containing 'name' ") raise ValueError("Subdomain must be object containing 'name' ")
@@ -158,6 +168,10 @@ class VM:
if subdomain.get("include-subdomains") and not subdomain.get("no-terminate-ssl"): if subdomain.get("include-subdomains") and not subdomain.get("no-terminate-ssl"):
raise ValueError("Wildcard Subdomain not supported with SSL Termination") raise ValueError("Wildcard Subdomain not supported with SSL Termination")
if "port" in subdomain and "no-terminate-ssl" in subdomain:
print(json.dumps(subdomain, indent=2))
raise ValueError("'port' is not allowed with no-terminate-ssl subdomain, use http_target_port and ssl_target_port")
component = template.render(targetip=self.ip, targetport=targetport, component = template.render(targetip=self.ip, targetport=targetport,
servernames=[subdomain["name"]], comment=compositeName, servernames=[subdomain["name"]], comment=compositeName,
proxy_pass_blob=self.proxy_pass_blob, proxy_pass_blob=self.proxy_pass_blob,