func (pc *NodeController) getNodeAddAction(c *gin.Context) { basicAuth := env.Get("BASIC_AUTH") if auth := env.Get("BASIC_AUTH"); auth != "" { basicAuth = "-u " + auth + " " } c.HTML(http.StatusOK, "node_add.html", map[string]interface{}{ "PublicHost": c.DefaultQuery("karhu_url", env.Get("PUBLIC_HOST")), "SshUser": c.DefaultQuery("ssh_user", "root"), "SshPort": c.DefaultQuery("ssh_port", "22"), "Monit": c.DefaultQuery("monit", "1"), "BasicAuth": basicAuth, }) }
func (pc *NodeController) postNodeAddDOAction(c *gin.Context) { var form models.DONodeCreateForm if err := c.Bind(&form); err != nil { c.AbortWithStatus(http.StatusBadRequest) return } if err := form.Validate(); err != nil { log.Println("invalid", err) c.Redirect(http.StatusFound, c.Request.Referer()) return } a, err := models.AccessMapper.FetchOne("do") if err != nil { panic(err) } if a == nil { c.Redirect(http.StatusFound, c.Request.Referer()) return } basicAuth := env.Get("BASIC_AUTH") if auth := env.Get("BASIC_AUTH"); auth != "" { basicAuth = "-u " + auth + " " } keyFingerprint, err := ssh.GetFingerprint() if err != nil { panic(err) } oauthClient := oauth2.NewClient(oauth2.NoContext, &DOTokenSource{ AccessToken: a.AccessKey, }) client := godo.NewClient(oauthClient) // Register key key, _, err := client.Keys.GetByFingerprint(keyFingerprint) if err != nil && !strings.Contains(err.Error(), "404 The resource you were accessing could not be found") { panic(err) } if key == nil { publicKey, err := ssh.GetPublicKey() if err != nil { panic(err) } key, _, err = client.Keys.Create(&godo.KeyCreateRequest{ Name: "karhu", PublicKey: string(publicKey), }) if err != nil && !strings.Contains(err.Error(), "SSH Key is already in use on your account") { panic(err) } } if _, _, err := client.Droplets.Create(&godo.DropletCreateRequest{ Name: form.Hostname, Region: form.Region, Size: form.InstanceType, Image: godo.DropletCreateImage{Slug: "debian-8-x64"}, SSHKeys: []godo.DropletCreateSSHKey{{Fingerprint: keyFingerprint}}, Backups: form.Backups == "on", IPv6: form.IpV6 == "on", PrivateNetworking: form.PrivateNetwork == "on", // UserData: fmt.Sprintf(`#!/bin/bash // sudo apt-get update && \ // sudo apt-get install -y curl && \ // curl %s"%s/api/nodes/register.sh?monit=1&ssh_port=22" | bash`, basicAuth, env.Get("PUBLIC_HOST")), UserData: fmt.Sprintf(`#cloud-config repo_update: true repo_upgrade: all packages: - curl runcmd: - curl %s"%s/api/nodes/register.sh?monit=1&ssh_port=22" | bash`, basicAuth, env.Get("PUBLIC_HOST")), }); err != nil { panic(err) } c.Redirect(http.StatusFound, "/nodes") }
func GetCert() ([]byte, error) { return ioutil.ReadFile(env.Get("LOGSTASH_TLS_CRT")) }
func (pc *NodeController) postNodeAddEc2Action(c *gin.Context) { var form models.EC2NodeCreateForm if err := c.Bind(&form); err != nil { c.AbortWithStatus(http.StatusBadRequest) return } if err := form.Validate(); err != nil { c.Redirect(http.StatusFound, c.Request.Referer()) return } a, err := models.AccessMapper.FetchOne("ec2") if err != nil { panic(err) } if a == nil { c.Redirect(http.StatusFound, c.Request.Referer()) return } basicAuth := env.Get("BASIC_AUTH") if auth := env.Get("BASIC_AUTH"); auth != "" { basicAuth = "-u " + auth + " " } auth, err := aws.GetAuth(a.AccessKey, a.PrivateKey, "", time.Now().Add(time.Hour)) if err != nil { panic(err) } awsec2 := ec2.New(auth, aws.Regions[form.AvailabilityZone]) // Create public key // Waiting for merge pull request https://github.com/goamz/goamz/pull/111 // { // key, err := ssh.GetPublicKey() // if err != nil { // panic(err) // } // if _, err := awsec2.ImportKeyPair(&ImportKeyPairOptions{ // KeyName: "karhu", // PublicKeyMaterial: string(key), // }); err != nil { // panic(err) // } // } if _, err := awsec2.RunInstances(&ec2.RunInstancesOptions{ ImageId: "ami-e31a6594", MinCount: 1, MaxCount: 0, KeyName: "karhu", InstanceType: form.InstanceType, SecurityGroups: []ec2.SecurityGroup{{Id: form.SecurityGroup}}, // KernelId : string // RamdiskId : string UserData: []byte(fmt.Sprintf(`#!/bin/bash sudo apt-get update && \ sudo apt-get install -y curl && \ curl %s"%s/api/nodes/register.sh?monit=1&ssh_port=22" | sudo -i -u admin bash`, basicAuth, env.Get("PUBLIC_HOST"))), AvailabilityZone: "eu-west-1c", // Waiting for https://github.com/goamz/goamz/pull/112 // PlacementGroupName : string Tenancy: "default", Monitoring: form.Monitoring == "on", SubnetId: "subnet-425a4f27", // Waiting for https://github.com/goamz/goamz/pull/112 // DisableAPITermination : bool // ShutdownBehavior : string // PrivateIPAddress : string // IamInstanceProfile : IamInstanceProfile // BlockDevices : []BlockDeviceMapping // EbsOptimized : bool // AssociatePublicIpAddress :bool }); err != nil { panic(err) } c.Redirect(http.StatusFound, "/nodes") }
func (pc *NodeController) getRegisterSH(c *gin.Context) { publicKey, err := ssh.GetPublicKey() if err != nil { panic(err) } karhuHost := env.GetDefault("PUBLIC_HOST", "http://127.0.0.1:8080") logstashIP := env.GetDefault("LOGSTASH_IP", "127.0.0.1") collectdUser, collectdPassword, err := logstash.ReadAuthfile() if err != nil { panic(err) } log.Println("URL:", c.Request.URL) clientIP := c.ClientIP() basicAuth := "" if auth := env.Get("BASIC_AUTH"); auth != "" { basicAuth = `"-u ` + auth + `"` } c.String(http.StatusOK, fmt.Sprintf(` #!/bin/bash echo "Registering host on Karhu..."; echo KARHU_HOST=%s LOGSTASH_IP=%s PUBLIC_KEY='%s' LOGSTASH_CRT_URL=$KARHU_HOST/api/nodes/config/logstash.crt LOGSTASH_CRT_PATH=/etc/filebeat/certs/logstash.crt FILEBEAT_CONFIG_URL=$KARHU_HOST/api/nodes/config/filebeat.yml FILEBEAT_CONFIG_PATH=/etc/filebeat/filebeat.yml AUTHORIZED_KEYS_DIR=%s AUTHORIZED_KEYS_FILE=%s CLIENT_IP=%s SSH_PORT=%s SSH_USER=$(whoami) BASIC_AUTH=%s SETUP_MONITORING=%s INFLUXDB_COLLECTD_HOST=%s INFLUXDB_COLLECTD_PORT=%s COLLECTD_USERNAME=%s COLLECTD_PASSWORD=%s COLLECTD_CONFIG_PATH=/etc/collectd/collectd.conf.d/karhu.conf NO_REGISTER=%s SUDO= if [ "$SSH_USER" != "root" ]; then echo "Check sudo..." sudo -n true if [ "$?" != "0" ]; then echo "You need root access or sudo without password..." exit 1 fi SUDO=sudo fi if [ "$NO_REGISTER" != "1" ]; then if [ ! -d "$AUTHORIZED_KEYS_DIR" ]; then mkdir -p $AUTHORIZED_KEYS_DIR || exit 1 fi if [ ! -f "$AUTHORIZED_KEYS_FILE" ]; then touch $AUTHORIZED_KEYS_FILE || exit 1 fi echo "Setting up ssh keys..." grep -q -F "$(echo $PUBLIC_KEY)" $AUTHORIZED_KEYS_FILE || echo $PUBLIC_KEY >> $AUTHORIZED_KEYS_FILE echo "Registering node..." curl --fail $BASIC_AUTH -X POST $KARHU_HOST/api/nodes -d hostname=$(hostname) -d ip=$CLIENT_IP -d ssh_port=$SSH_PORT -d ssh_user=$SSH_USER || exit 1 echo fi if [ "$SETUP_MONITORING" = "1" ]; then echo "Setup logstash host" $SUDO sed '/ karhu$/{h;s/.*/'$LOGSTASH_IP' karhu/};${x;/^$/{s//'$LOGSTASH_IP' karhu/;H};x}' -i /etc/hosts echo "Setup monitoring..." if [ ! -f "$(which collectd)" ]; then $SUDO apt-get update || exit 1 $SUDO apt-get install -y --no-install-recommends collectd || exit 1 fi echo "LoadPlugin network <Plugin "network"> <Server \"karhu\" \"$INFLUXDB_COLLECTD_PORT\"> SecurityLevel "Encrypt" Username "$COLLECTD_USERNAME" Password "$COLLECTD_PASSWORD" </Server> </Plugin>" | $SUDO tee $COLLECTD_CONFIG_PATH || exit 1 echo "Restard collectd" $SUDO service collectd restart || exit 1 # Setup filebeat if [ ! -f "$(which filebeat)" ]; then echo "deb https://packages.elastic.co/beats/apt stable main" | $SUDO tee /etc/apt/sources.list.d/beats.list || exit 1 curl -L https://packages.elastic.co/GPG-KEY-elasticsearch | $SUDO apt-key add - || exit 1 $SUDO apt-get update || exit 1 $SUDO apt-get install -y filebeat || exit 1 fi if [ ! -d "$(dirname $LOGSTASH_CRT_PATH)" ]; then $SUDO mkdir -p $(dirname $LOGSTASH_CRT_PATH) || exit 1 fi # setup crt $SUDO curl $BASIC_AUTH -o $LOGSTASH_CRT_PATH $LOGSTASH_CRT_URL || exit 1 # setup config $SUDO curl $BASIC_AUTH -o $FILEBEAT_CONFIG_PATH $FILEBEAT_CONFIG_URL || exit 1 $SUDO service filebeat restart || exit 1 fi # Alerts $SUDO apt-get install -y nagios-plugins echo "Done."`, karhuHost, logstashIP, publicKey, ssh.SSH_AUTHORIZED_KEYS_DIR, ssh.AuthorizedKeysPath(), clientIP, c.DefaultQuery("ssh_port", "22") /*, c.DefaultQuery("ssh_user", "root") */, basicAuth, c.DefaultQuery("monit", "1"), env.Get("INFLUXDB_COLLECTD_HOST"), env.Get("INFLUXDB_COLLECTD_PORT"), collectdUser, collectdPassword, c.DefaultQuery("noreg", "0"))) }