Exemple #1
0
func (pc *NodeController) getNodeAddAction(c *gin.Context) {

	basicAuth := env.Get("BASIC_AUTH")
	if auth := env.Get("BASIC_AUTH"); auth != "" {
		basicAuth = "-u " + auth + " "
	}

	c.HTML(http.StatusOK, "node_add.html", map[string]interface{}{
		"PublicHost": c.DefaultQuery("karhu_url", env.Get("PUBLIC_HOST")),
		"SshUser":    c.DefaultQuery("ssh_user", "root"),
		"SshPort":    c.DefaultQuery("ssh_port", "22"),
		"Monit":      c.DefaultQuery("monit", "1"),
		"BasicAuth":  basicAuth,
	})
}
Exemple #2
0
func (pc *NodeController) postNodeAddDOAction(c *gin.Context) {

	var form models.DONodeCreateForm
	if err := c.Bind(&form); err != nil {
		c.AbortWithStatus(http.StatusBadRequest)
		return
	}

	if err := form.Validate(); err != nil {
		log.Println("invalid", err)
		c.Redirect(http.StatusFound, c.Request.Referer())
		return
	}

	a, err := models.AccessMapper.FetchOne("do")
	if err != nil {
		panic(err)
	}

	if a == nil {
		c.Redirect(http.StatusFound, c.Request.Referer())
		return
	}

	basicAuth := env.Get("BASIC_AUTH")
	if auth := env.Get("BASIC_AUTH"); auth != "" {
		basicAuth = "-u " + auth + " "
	}

	keyFingerprint, err := ssh.GetFingerprint()
	if err != nil {
		panic(err)
	}

	oauthClient := oauth2.NewClient(oauth2.NoContext, &DOTokenSource{
		AccessToken: a.AccessKey,
	})
	client := godo.NewClient(oauthClient)

	// Register key
	key, _, err := client.Keys.GetByFingerprint(keyFingerprint)
	if err != nil && !strings.Contains(err.Error(), "404 The resource you were accessing could not be found") {
		panic(err)
	}

	if key == nil {
		publicKey, err := ssh.GetPublicKey()
		if err != nil {
			panic(err)
		}
		key, _, err = client.Keys.Create(&godo.KeyCreateRequest{
			Name:      "karhu",
			PublicKey: string(publicKey),
		})
		if err != nil && !strings.Contains(err.Error(), "SSH Key is already in use on your account") {
			panic(err)
		}
	}

	if _, _, err := client.Droplets.Create(&godo.DropletCreateRequest{
		Name:              form.Hostname,
		Region:            form.Region,
		Size:              form.InstanceType,
		Image:             godo.DropletCreateImage{Slug: "debian-8-x64"},
		SSHKeys:           []godo.DropletCreateSSHKey{{Fingerprint: keyFingerprint}},
		Backups:           form.Backups == "on",
		IPv6:              form.IpV6 == "on",
		PrivateNetworking: form.PrivateNetwork == "on",
		// 		UserData: fmt.Sprintf(`#!/bin/bash
		// sudo apt-get update && \
		// sudo apt-get install -y curl && \
		// curl %s"%s/api/nodes/register.sh?monit=1&ssh_port=22" | bash`, basicAuth, env.Get("PUBLIC_HOST")),
		UserData: fmt.Sprintf(`#cloud-config
repo_update: true
repo_upgrade: all

packages:
 - curl

runcmd:
 - curl %s"%s/api/nodes/register.sh?monit=1&ssh_port=22" | bash`, basicAuth, env.Get("PUBLIC_HOST")),
	}); err != nil {
		panic(err)
	}

	c.Redirect(http.StatusFound, "/nodes")
}
Exemple #3
0
func GetCert() ([]byte, error) {

	return ioutil.ReadFile(env.Get("LOGSTASH_TLS_CRT"))
}
Exemple #4
0
func (pc *NodeController) postNodeAddEc2Action(c *gin.Context) {

	var form models.EC2NodeCreateForm
	if err := c.Bind(&form); err != nil {
		c.AbortWithStatus(http.StatusBadRequest)
		return
	}

	if err := form.Validate(); err != nil {
		c.Redirect(http.StatusFound, c.Request.Referer())
		return
	}

	a, err := models.AccessMapper.FetchOne("ec2")
	if err != nil {
		panic(err)
	}

	if a == nil {
		c.Redirect(http.StatusFound, c.Request.Referer())
		return
	}

	basicAuth := env.Get("BASIC_AUTH")
	if auth := env.Get("BASIC_AUTH"); auth != "" {
		basicAuth = "-u " + auth + " "
	}

	auth, err := aws.GetAuth(a.AccessKey, a.PrivateKey, "", time.Now().Add(time.Hour))
	if err != nil {
		panic(err)
	}
	awsec2 := ec2.New(auth, aws.Regions[form.AvailabilityZone])
	// Create public key
	// Waiting for merge pull request https://github.com/goamz/goamz/pull/111
	// {
	// key, err := ssh.GetPublicKey()
	// 	if err != nil {
	// 		panic(err)
	// 	}
	// 	if _, err := awsec2.ImportKeyPair(&ImportKeyPairOptions{
	// 		KeyName:           "karhu",
	// 		PublicKeyMaterial: string(key),
	// 	}); err != nil {
	// 		panic(err)
	// 	}
	// }

	if _, err := awsec2.RunInstances(&ec2.RunInstancesOptions{
		ImageId:        "ami-e31a6594",
		MinCount:       1,
		MaxCount:       0,
		KeyName:        "karhu",
		InstanceType:   form.InstanceType,
		SecurityGroups: []ec2.SecurityGroup{{Id: form.SecurityGroup}},
		// KernelId               :  string
		// RamdiskId              :  string
		UserData: []byte(fmt.Sprintf(`#!/bin/bash
sudo apt-get update && \
sudo apt-get install -y curl && \
curl %s"%s/api/nodes/register.sh?monit=1&ssh_port=22" | sudo -i -u admin bash`, basicAuth, env.Get("PUBLIC_HOST"))),
		AvailabilityZone: "eu-west-1c", // Waiting for https://github.com/goamz/goamz/pull/112
		// PlacementGroupName     :  string
		Tenancy:    "default",
		Monitoring: form.Monitoring == "on",
		SubnetId:   "subnet-425a4f27", // Waiting for https://github.com/goamz/goamz/pull/112
		// DisableAPITermination  :  bool
		// ShutdownBehavior       :  string
		// PrivateIPAddress       :  string
		// IamInstanceProfile      : IamInstanceProfile
		// BlockDevices            : []BlockDeviceMapping
		// EbsOptimized            : bool
		// AssociatePublicIpAddress :bool
	}); err != nil {
		panic(err)
	}

	c.Redirect(http.StatusFound, "/nodes")
}
Exemple #5
0
func (pc *NodeController) getRegisterSH(c *gin.Context) {

	publicKey, err := ssh.GetPublicKey()
	if err != nil {
		panic(err)
	}

	karhuHost := env.GetDefault("PUBLIC_HOST", "http://127.0.0.1:8080")
	logstashIP := env.GetDefault("LOGSTASH_IP", "127.0.0.1")
	collectdUser, collectdPassword, err := logstash.ReadAuthfile()
	if err != nil {
		panic(err)
	}

	log.Println("URL:", c.Request.URL)

	clientIP := c.ClientIP()

	basicAuth := ""
	if auth := env.Get("BASIC_AUTH"); auth != "" {
		basicAuth = `"-u ` + auth + `"`
	}

	c.String(http.StatusOK, fmt.Sprintf(`
#!/bin/bash
echo "Registering host on Karhu..."; echo
KARHU_HOST=%s
LOGSTASH_IP=%s
PUBLIC_KEY='%s'
LOGSTASH_CRT_URL=$KARHU_HOST/api/nodes/config/logstash.crt
LOGSTASH_CRT_PATH=/etc/filebeat/certs/logstash.crt
FILEBEAT_CONFIG_URL=$KARHU_HOST/api/nodes/config/filebeat.yml
FILEBEAT_CONFIG_PATH=/etc/filebeat/filebeat.yml
AUTHORIZED_KEYS_DIR=%s
AUTHORIZED_KEYS_FILE=%s
CLIENT_IP=%s
SSH_PORT=%s
SSH_USER=$(whoami)
BASIC_AUTH=%s
SETUP_MONITORING=%s
INFLUXDB_COLLECTD_HOST=%s
INFLUXDB_COLLECTD_PORT=%s
COLLECTD_USERNAME=%s
COLLECTD_PASSWORD=%s
COLLECTD_CONFIG_PATH=/etc/collectd/collectd.conf.d/karhu.conf
NO_REGISTER=%s

SUDO=
if [ "$SSH_USER" != "root" ]; then
	echo "Check sudo..."
	sudo -n true
	if [ "$?" != "0" ]; then
		echo "You need root access or sudo without password..."
		exit 1
	fi
	SUDO=sudo
fi

if [ "$NO_REGISTER" != "1" ]; then

	if [ ! -d "$AUTHORIZED_KEYS_DIR" ]; then
		mkdir -p $AUTHORIZED_KEYS_DIR || exit 1
	fi

	if [ ! -f "$AUTHORIZED_KEYS_FILE" ]; then
		touch $AUTHORIZED_KEYS_FILE || exit 1
	fi

	echo "Setting up ssh keys..."
	grep -q -F "$(echo $PUBLIC_KEY)" $AUTHORIZED_KEYS_FILE || echo $PUBLIC_KEY >> $AUTHORIZED_KEYS_FILE

	echo "Registering node..."
	curl --fail $BASIC_AUTH -X POST $KARHU_HOST/api/nodes -d hostname=$(hostname) -d ip=$CLIENT_IP -d ssh_port=$SSH_PORT -d ssh_user=$SSH_USER || exit 1
	echo
fi
if [ "$SETUP_MONITORING" = "1" ]; then

	echo "Setup logstash host"
	$SUDO sed '/ karhu$/{h;s/.*/'$LOGSTASH_IP' karhu/};${x;/^$/{s//'$LOGSTASH_IP' karhu/;H};x}' -i /etc/hosts

	echo "Setup monitoring..."
	if [ ! -f "$(which collectd)" ]; then
		$SUDO apt-get update || exit 1
		$SUDO apt-get install -y --no-install-recommends collectd || exit 1
	fi
	echo "LoadPlugin network
<Plugin "network">
    <Server \"karhu\" \"$INFLUXDB_COLLECTD_PORT\">
		SecurityLevel "Encrypt"
		Username "$COLLECTD_USERNAME"
		Password "$COLLECTD_PASSWORD"
	</Server>
</Plugin>" | $SUDO tee $COLLECTD_CONFIG_PATH || exit 1
	echo "Restard collectd"
	$SUDO service collectd restart || exit 1

	# Setup filebeat
	if [ ! -f "$(which filebeat)" ]; then
		echo "deb https://packages.elastic.co/beats/apt stable main" |  $SUDO tee /etc/apt/sources.list.d/beats.list || exit 1
		curl -L https://packages.elastic.co/GPG-KEY-elasticsearch | $SUDO apt-key add - || exit 1
		$SUDO apt-get update || exit 1
		$SUDO apt-get install -y filebeat || exit 1
	fi

	if [ ! -d "$(dirname $LOGSTASH_CRT_PATH)" ]; then
		$SUDO mkdir -p $(dirname $LOGSTASH_CRT_PATH) || exit 1
	fi

	# setup crt
	$SUDO curl $BASIC_AUTH -o $LOGSTASH_CRT_PATH $LOGSTASH_CRT_URL || exit 1
	# setup config
	$SUDO curl $BASIC_AUTH -o $FILEBEAT_CONFIG_PATH $FILEBEAT_CONFIG_URL || exit 1

	$SUDO service filebeat restart || exit 1
fi

# Alerts
$SUDO apt-get install -y nagios-plugins

echo "Done."`, karhuHost, logstashIP, publicKey, ssh.SSH_AUTHORIZED_KEYS_DIR, ssh.AuthorizedKeysPath(), clientIP, c.DefaultQuery("ssh_port", "22") /*, c.DefaultQuery("ssh_user", "root") */, basicAuth, c.DefaultQuery("monit", "1"), env.Get("INFLUXDB_COLLECTD_HOST"), env.Get("INFLUXDB_COLLECTD_PORT"), collectdUser, collectdPassword, c.DefaultQuery("noreg", "0")))
}