github-personal/sysadm
1
0
Fork 0
mirror of https://github.com/outbackdingo/sysadm.git synced 2026-01-27 10:20:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
382 Commits 2 Branches 3 Tags
cdbe769fe2fab783088598f9aba22d2cf9979050
Commit Graph

382 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ken Moore
cdbe769fe2 Fix up the new "State" event system a bit. 2016-02-23 14:52:45 -05:00
Ken Moore
dddfabaef2 Just in case, also specify the char* length on the server when loading it into the QByteArray. 2016-02-23 11:22:56 -05:00
Ken Moore
775ce5c337 Remove a lot of debugging and fix a possible crash with the SSL decrypt routine on the server. This now completely works. 2016-02-23 11:20:59 -05:00
Ken Moore
cab15e9137 Revert "Fix the crash of the server on SSL login attempt - still does not work reliably though." 
The encrypt/decrypt string method works better than the SSL hash/sign/verify routine from this commit.
This reverts commit 68a520bb48.
 2016-02-23 10:39:43 -05:00
Ken Moore
68a520bb48 Fix the crash of the server on SSL login attempt - still does not work reliably though. 2016-02-22 16:45:55 -05:00
Ken Moore
dfdc795bb2 Require that the SSL public key be base64 encoded when recieved for registration on the server. Also change the server SSL type flag to TLS 1.0 or later (instead of TLS 1.0 only) 2016-02-22 14:02:02 -05:00
Ken Moore
2e64d2d0a6 Fix the location of the SSL files used for the websocket server. 2016-02-22 13:13:47 -05:00
Kris Moore
b2cd436269 Flip the flags for -ws -> -rest 2016-02-22 12:56:48 -05:00
Ken Moore
6640762196 Fix up the timers in the event watcher. Due to the multi-threading, we need to create the timers in the start() function instead of the constructor. 2016-02-22 12:53:27 -05:00
Ken Moore
a6c76fbaa1 Add the new sysadm.conf.dist file to the project, and add it to the pkg-plist as well. 2016-02-22 12:33:18 -05:00
Ken Moore
8f1116719a Merge branch 'master' of github.com:pcbsd/sysadm 2016-02-22 12:27:22 -05:00
Ken Moore
7e230c5f5f Change the location of the sysadm server internal settings file (QSettings file), and add support for an optional sysadm.conf file which is loaded on server startup. 2016-02-22 12:25:52 -05:00
Kris Moore
69ebb9d435 Rename sysadm-websocket -> sysadm, and sysadm-restserver -> sysadm-rest 2016-02-22 11:53:30 -05:00
Ken Moore
9ebf28134e Merge branch 'master' of github.com:pcbsd/sysadm 2016-02-22 09:42:37 -05:00
Ken Moore
e8b65c04d2 Update the dispatcher class to return a pointer to the newly created DProcess object so that the requestor can connect to various process signals as needed. 2016-02-22 09:41:09 -05:00
dlavigne
0074c95e72 Add 4 modes for getjailsettings. 2016-02-22 08:13:40 -05:00
dlavigne
ab19e341d5 Doc halt and reboot actions. 2016-02-22 07:48:24 -05:00
Ken Moore
19618b7581 Get rid of the "toLatin1()" call when converting the base64 encrypted string to a bytearray. 2016-02-19 16:25:13 -05:00
Ken Moore
9bb9add1db Update the server to expect a base64 encoded string as the encrypted string (for JSON transport). 2016-02-19 16:07:39 -05:00
Ken Moore
2bd77b9882 Merge branch 'master' of github.com:pcbsd/sysadm 2016-02-19 15:15:56 -05:00
Ken Moore
767bf82ec8 Finish fixing up the new auth_ssl option (lots of debugging still enabled). The SSL encode/decode systems still are not working yet - looks like an inherent incompatibility with a text-base transport system (JSON), so we will need to find another method (acting on a file and sending the hash instead?). 2016-02-19 15:13:29 -05:00
Ken Moore
6cfaf6e597 Completely re-do the SSL authentication systems. Now it is a two-stage auth system, where the server generates a random string, sends it to the client for encryptions with their private SSL key, then gets sent back to the server where the new string is decrypted with the known SSL keys and compared to teh original for accuracy. 2016-02-18 17:01:09 -05:00
Kris Moore
80bcd67733 Add two new API calls, to shutdown/halt the system, and to 
reboot the system.

Shutdown API call

REST Request:
-------------------------------
PUT /sysadm/systemmanager
{
   "action" : "halt"
}

WebSocket Request:
-------------------------------
{
   "id" : "fooid",
   "args" : {
      "action" : "halt"
   },
   "name" : "systemmanager",
   "namespace" : "sysadm"
}

Response:
-------------------------------
{
  "args": {
    "halt": {
      "response": "true"
    }
  },
  "id": "fooid",
  "name": "response",
  "namespace": "sysadm"
}

Reboot API call

REST Request:
-------------------------------
PUT /sysadm/systemmanager
{
   "action" : "reboot"
}

WebSocket Request:
-------------------------------
{
   "id" : "fooid",
   "args" : {
      "action" : "reboot"
   },
   "name" : "systemmanager",
   "namespace" : "sysadm"
}

Response:
-------------------------------
{
  "args": {
    "reboot": {
      "response": "true"
    }
  },
  "id": "fooid",
  "name": "response",
  "namespace": "sysadm"
}
 2016-02-17 13:08:12 -05:00
Kris Moore
cd72cb1308 Fix location of sysadm-general.h 2016-02-12 12:58:04 -05:00
Kris Moore
a1593e759a Add initial Event watcher for system health, needs fixing since 
QTimer isn't working at the moment, kenmoore will investigate
 2016-02-12 12:54:45 -05:00
dlavigne
cc5ecf1f65 Doc umountbe action. 2016-02-12 10:24:11 -05:00
dlavigne
14923ef541 Update mountbe example. 2016-02-12 10:13:40 -05:00
JoshDW19
d3d32b15c5 New API call for unmounting a boot environment. This will specify the -f flag which will force unmount even if the BE is busy. 
REST Request:
-------------------------------
PUT /sysadm/beadm
{
   "action" : "umountbe",
   "be" : "green"
}

WebSocket Request:
-------------------------------
{
   "name" : "beadm",
   "namespace" : "sysadm",
   "id" : "fooid",
   "args" : {
      "be" : "green",
      "action" : "umountbe"
   }
}

Response:
-------------------------------
{
  "args": {
    "umountbe": {
      "be": "green"
    }
  },
  "id": "fooid",
  "name": "response",
  "namespace": "sysadm"
}
 2016-02-11 14:49:14 -05:00
JoshDW19
6152e7d5f4 Merge branch 'master' of https://github.com/pcbsd/sysadm 2016-02-11 13:15:12 -05:00
JoshDW19
a95927e28d Fixed a bug where a response was not being returned on the mountbe API call. Updated example below. 
REST Request:
-------------------------------
PUT /sysadm/beadm
{
   "action" : "mountbe",
   "be" : "green",
   "mountpoint" : "/tmp/mountdir"
}

WebSocket Request:
-------------------------------
{
   "id" : "fooid",
   "name" : "beadm",
   "args" : {
      "action" : "mountbe",
      "be" : "green",
      "mountpoint" : "/tmp/mountdir"
   },
   "namespace" : "sysadm"
}

Response:
-------------------------------
{
  "args": {
    "mountbe": {
      "be": "green",
      "mountpoint": "/tmp/mountdir"
    }
  },
  "id": "fooid",
  "name": "response",
  "namespace": "sysadm"
}
 2016-02-11 13:14:16 -05:00
dlavigne
f351f85f74 Doc mountbe action. 2016-02-11 12:47:38 -05:00
dlavigne
cfb7537d78 Doc execjail action. 2016-02-11 12:35:37 -05:00
dlavigne
37b55c6f8f Doc df action. 2016-02-11 12:06:36 -05:00
dlavigne
231fb7e044 Doc destroyjail action. 2016-02-11 11:58:39 -05:00
dlavigne
2776a69095 Doc createjail action. 2016-02-11 11:44:01 -05:00
JoshDW19
cb64b84ed0 Merge branch 'master' of https://github.com/pcbsd/sysadm 2016-02-11 11:12:47 -05:00
JoshDW19
e645840496 API call for mounting a boot environment. Can be passed the additional argument below of mountpoint to set a specific 
mount point directory set by the user.

REST Request:
-------------------------------
PUT /sysadm/beadm
{
   "mountpoint" : "/tmp/mounteddir/",
   "action" : "mountbe",
   "be" : "green"
}

WebSocket Request:
-------------------------------
{
   "id" : "fooid",
   "namespace" : "sysadm",
   "name" : "beadm",
   "args" : {
      "mountpoint" : "/tmp/mounteddir/",
      "be" : "green",
      "action" : "mountbe"
   }
}

Response:
-------------------------------
{
  "args": {
    "mountbe": {
      "be": "green",
      "mountpoint": ""
    }
  },
  "id": "fooid",
  "name": "response",
  "namespace": "sysadm"
}
 2016-02-11 10:57:57 -05:00
Ken Moore
750f7c8c85 Turn off some debugging which was pringting the user/pass combo to the log file. 2016-02-11 09:18:09 -05:00
Brandon Schneider
621b2d6233 Change iocage API call getjailsettings to align better with iocage syntax. 
The new behavior has 4 modes. The user can specify a prop + jail, -r and a prop, all + jail, or just jail.

For prop + jail:

REST Request:
-------------------------------
PUT /sysadm/iocage
{
   "jail" : "test",
   "action" : "getjailsettings",
   "prop" : "vnet"
}

WebSocket Request:
-------------------------------
{
   "name" : "iocage",
   "id" : "fooid",
   "namespace" : "sysadm",
   "args" : {
      "prop" : "vnet",
      "action" : "getjailsettings",
      "jail" : "test"
   }
}

Response:
-------------------------------
{
  "args": {
    "getjailsettings": {
      "test": {
        "vnet": "off"
      }
    }
  },
  "id": "fooid",
  "name": "response",
  "namespace": "sysadm"
}

-r and a prop:

REST Request:
-------------------------------
PUT /sysadm/iocage
{
   "switches" : "-r",
   "prop" : "vnet",
   "action" : "getjailsettings"
}

WebSocket Request:
-------------------------------
{
   "name" : "iocage",
   "namespace" : "sysadm",
   "args" : {
      "prop" : "vnet",
      "action" : "getjailsettings",
      "switches" : "-r"
   },
   "id" : "fooid"
}

Response:
-------------------------------
{
  "args": {
    "getjailsettings": {
      "9b8e1033-d065-11e5-8209-d05099728dbf": {
        "TAG": "test",
        "vnet": "off"
      },
      "b67065a9-cfb9-11e5-8209-d05099728dbf": {
        "TAG": "2016-02-09@23:47:04",
        "vnet": "off"
      }
    }
  },
  "id": "fooid",
  "name": "response",
  "namespace": "sysadm"
}

all + jail (or just jail, they are identical outputs.) :

REST Request:
-------------------------------
PUT /sysadm/iocage
{
   "jail" : "test",
   "action" : "getjailsettings",
   "prop" : "all"
}

WebSocket Request:
-------------------------------
{
   "id" : "fooid",
   "name" : "iocage",
   "namespace" : "sysadm",
   "args" : {
      "jail" : "test",
      "action" : "getjailsettings",
      "prop" : "all"
   }
}

Response:
-------------------------------
{
  "args": {
    "getjailsettings": {
      "test": {
        "allow_chflags": "0",
        "allow_mount": "0",
        "allow_mount_devfs": "0",
        "allow_mount_nullfs": "0",
        "allow_mount_procfs": "0",
        "allow_mount_tmpfs": "0",
        "allow_mount_zfs": "0",
        "allow_quotas": "0",
        "allow_raw_sockets": "0",
        "allow_set_hostname": "1",
        "allow_socket_af": "0",
        "allow_sysvipc": "0",
        "available": "83.4G",
        "boot": "off",
        "bpf": "off",
        "branch": "-",
        "children_max": "0",
        "compression": "lz4",
        "compressratio": "2.27x",
        "coredumpsize": "off",
        "count": "1",
        "cpuset": "off",
        "cputime": "off",
        "datasize": "off",
        "dedup": "off",
        "defaultrouter": "none",
        "defaultrouter6": "none",
        "devfs_ruleset": "4",
        "dhcp": "off",
        "enforce_statfs": "2",
        "exec_clean": "1",
        "exec_fib": "0",
        "exec_jail_user": "root",
        "exec_poststart": "/usr/bin/true",
        "exec_poststop": "/usr/bin/true",
        "exec_prestart": "/usr/bin/true",
        "exec_prestop": "/usr/bin/true",
        "exec_start": "/bin/sh /etc/rc",
        "exec_stop": "/bin/sh /etc/rc.shutdown",
        "exec_system_jail_user": "0",
        "exec_system_user": "root",
        "exec_timeout": "60",
        "ftpdir": "-",
        "ftpfiles": "-",
        "ftphost": "-",
        "ftplocaldir": "-",
        "gitlocation": "https",
        "hack88": "0",
        "host_domainname": "none",
        "host_hostname": "9b8e1033-d065-11e5-8209-d05099728dbf",
        "host_hostuuid": "9b8e1033-d065-11e5-8209-d05099728dbf",
        "hostid": "a60db2df-3c0e-11e5-8986-d05099728dbf",
        "interfaces": "vnet0",
        "ip4": "new",
        "ip4_addr": "none",
        "ip4_autoend": "none",
        "ip4_autostart": "none",
        "ip4_autosubnet": "none",
        "ip4_saddrsel": "1",
        "ip6": "new",
        "ip6_addr": "none",
        "ip6_saddrsel": "1",
        "istemplate": "no",
        "jail_zfs": "off",
        "jail_zfs_dataset": "iocage/jails/9b7f1420-d065-11e5-8209-d05099728dbf/data",
        "jail_zfs_mountpoint": "none",
        "last_started": "2016-02-10_20",
        "login_flags": "-f root",
        "maxproc": "off",
        "memorylocked": "off",
        "memoryuse": "8G",
        "mount_devfs": "1",
        "mount_fdescfs": "1",
        "mount_linprocfs": "0",
        "mount_procfs": "0",
        "mountpoint": "/iocage/jails/9b8e1033-d065-11e5-8209-d05099728dbf",
        "msgqqueued": "off",
        "msgqsize": "off",
        "nmsgq": "off",
        "notes": "none",
        "nsemop": "off",
        "nshm": "off",
        "nthr": "off",
        "openfiles": "off",
        "origin": "-",
        "owner": "root",
        "pcpu": "off",
        "pkglist": "none",
        "priority": "99",
        "pseudoterminals": "off",
        "quota": "none",
        "release": "10.2-RELEASE",
        "reservation": "none",
        "resolver": "none",
        "rlimits": "off",
        "securelevel": "2",
        "shmsize": "off",
        "stacksize": "off",
        "start": "-",
        "stop_timeout": "30",
        "swapuse": "off",
        "sync_stat": "-",
        "sync_target": "none",
        "sync_tgt_zpool": "none",
        "tag": "test",
        "template": "-",
        "type": "basejail",
        "used": "1.76M",
        "vmemoryuse": "off",
        "vnet": "off",
        "vnet0_mac": "none",
        "vnet1_mac": "none",
        "vnet2_mac": "none",
        "vnet3_mac": "none",
        "wallclock": "off"
      }
    }
  },
  "id": "fooid",
  "name": "response",
  "namespace": "sysadm"
}
 2016-02-10 21:49:26 -06:00
Brandon Schneider
9e3ab39de4 Add new iocage API call to execute a process on a jail. 
REST Request:
-------------------------------
PUT /sysadm/iocage
{
   "action" : "execjail",
   "jail" : "test",
   "command" : "echo hi",
   "user" : "root"
}

WebSocket Request:
-------------------------------
{
   "namespace" : "sysadm",
   "name" : "iocage",
   "args" : {
      "user" : "root",
      "action" : "execjail",
      "jail" : "test",
      "command" : "echo hi"
   },
   "id" : "fooid"
}

Response:
-------------------------------
{
  "args": {
    "execjail": {
      "success": {
        "hi": ""
      }
    }
  },
  "id": "fooid",
  "name": "response",
  "namespace": "sysadm"
}
 2016-02-10 20:24:53 -06:00
Brandon Schneider
76dec01bb4 Add new iocage API call to list resource usage for jails. 
REST Request:
-------------------------------
PUT /sysadm/iocage
{
   "action" : "df"
}

WebSocket Request:
-------------------------------
{
   "namespace" : "sysadm",
   "name" : "iocage",
   "id" : "fooid",
   "args" : {
      "action" : "df"
   }
}

Response:
-------------------------------
{
  "args": {
    "df": {
      "f250ab25-d062-11e5-8209-d05099728dbf": {
        "ava": "83.4G",
        "crt": "2.30x",
        "qta": "none",
        "res": "none",
        "tag": "test",
        "use": "1.69M"
      },
      "f39318ae-d064-11e5-8209-d05099728dbf": {
        "ava": "83.4G",
        "crt": "2.30x",
        "qta": "none",
        "res": "none",
        "tag": "test2",
        "use": "1.69M"
      }
    }
  },
  "id": "fooid",
  "name": "response",
  "namespace": "sysadm"
}
 2016-02-10 20:14:03 -06:00
Brandon Schneider
e2cede4fa0 Add new iocage API call to destroy jails. 
This uses the `force` switch to bypass interaction.

REST Request:
-------------------------------
PUT /sysadm/iocage
{
   "action" : "destroyjail",
   "jail" : "test"
}

WebSocket Request:
-------------------------------
{
   "args" : {
      "action" : "destroyjail",
      "jail" : "test"
   },
   "name" : "iocage",
   "id" : "fooid",
   "namespace" : "sysadm"
}

Response:
-------------------------------
{
  "args": {
    "destroyjail": {
      "success": {
        "Destroying": " 3030c554-d05e-11e5-8209-d05099728dbf"
      }
    }
  },
  "id": "fooid",
  "name": "response",
  "namespace": "sysadm"
}
 2016-02-10 19:56:43 -06:00
Brandon Schneider
4eaa321034 Add new iocage API call to create jails. 
The `switches` object is only for specifying empty jails currently, but kept it vague as more may eventually happen.
There are 2 different outputs depending on if a switch is supplied.

Without any switches:

REST Request:
-------------------------------
PUT /sysadm/iocage
{
   "action" : "createjail",
   "props" : "tag=test release=10.2-RELEASE"
}

WebSocket Request:
-------------------------------
{
   "args" : {
      "props" : "tag=test release=10.2-RELEASE",
      "action" : "createjail"
   },
   "namespace" : "sysadm",
   "name" : "iocage",
   "id" : "fooid"
}

Response:
-------------------------------
{
  "args": {
    "createjail": {
      "props": "tag=test release=10.2-RELEASE",
      "success": {
        "Successfully created": " 3030c554-d05e-11e5-8209-d05099728dbf (test)"
      },
      "switches": ""
    }
  },
  "id": "fooid",
  "name": "response",
  "namespace": "sysadm"
}

With switches:

REST Request:
-------------------------------
PUT /sysadm/iocage
{
   "switches" : "-e",
   "action" : "createjail",
   "props" : "tag=emptytest"
}

WebSocket Request:
-------------------------------
{
   "namespace" : "sysadm",
   "args" : {
      "props" : "tag=emptytest",
      "action" : "createjail",
      "switches" : "-e"
   },
   "name" : "iocage",
   "id" : "fooid"
}

Response:
-------------------------------
{
  "args": {
    "createjail": {
      "props": "tag=emptytest",
      "success": {
        "uuid": "1325b8bc-d05e-11e5-8209-d05099728dbf"
      },
      "switches": "-e"
    }
  },
  "id": "fooid",
  "name": "response",
  "namespace": "sysadm"
}
 2016-02-10 19:27:30 -06:00
Ken Moore
06edd43945 Add API call for list/register/revoke SSL Certificate management (auth system: alternate for the user/password combo). I don't have a way to test this just yet (still need to write the other side of the system in the client first), but here is the expected inputs: 
Namespace: "sysadm"
Name: "settings"
Arguments structure needs the "action" variable/value for all calls:

Action: "list_ssl_certs"
 - No additional input needed: will list the known/registered certificates organized by <username> : { <public_key> : <certificate as text> }

Action: "register_ssl_cert"
Example Payload: {"action" : "register_ssl_cert", "pub_key" : <public_key> }
The <public_key> string needs to match the public key of one of the certificates currently loaded into the server/client connection. This will register that certificate on the server and allow that user to authenticate without a password as long as that same certificate is loaded up in any future connections. No special outputs are send back (just overall error/ok status).

Action: "revoke_ssl_cert"
Example Payload: {"action" : "revoke_ssl_cert", "pub_key" : <public_key>, "user" : <optional-username> }
The <public_key> string needs to match one of the keys given by the list function (does not need to match any currently-loaded certs). The "user" field is optional, and allows a connection with full admin privileges to revoke certs belonging to other users.

Note about current user/connection permissions level:
If the current user has full admin access, the "list_ssl_certs" API call will return the registered certificates for all users on the system - otherwise it will only return the certificates for the current user. Similarly, the "revoke_ssl_cert" may be used to remove certs registered to other users only if the current user/connection has full admin access - otherwise it may only be used to manage the current user's certificates.
 2016-02-10 13:26:46 -05:00
Ken Moore
bea5f61858 Merge branch 'master' of github.com:pcbsd/sysadm 2016-02-10 12:44:59 -05:00
Ken Moore
edbef3e759 Add a full chain of SSL Certificate management fucntions to the authorization manager, and setup the main "auth" API call to use the cert system if no password was supplied for authorization. 
While here, also move the location of the server config file to /usr/local/etc/sysadm.conf, and print out that location in the main server log file.
 2016-02-10 12:43:06 -05:00
dlavigne
04020c8a8c Doc clonejail action. 2016-02-10 09:38:58 -05:00
Brandon Schneider
2adb8537e1 Add new iocage API call to clone jails. 
If you supply props your output will look like this:

REST Request:
-------------------------------
PUT /sysadm/iocage
{
   "props" : "tag=newtest",
   "jail" : "test",
   "action" : "clonejail"
}

WebSocket Request:
-------------------------------
{
   "namespace" : "sysadm",
   "name" : "iocage",
   "args" : {
      "action" : "clonejail",
      "jail" : "test",
      "props" : "tag=newtest"
   },
   "id" : "fooid"
}

Response:
-------------------------------
{
  "args": {
    "clonejail": {
      "jail": "test",
      "props": "tag=newtest",
      "success": {
        "Successfully created": " 5e1fe97e-cfba-11e5-8209-d05099728dbf (newtest)"
      }
    }
  },
  "id": "fooid",
  "name": "response",
  "namespace": "sysadm"
}

Otherwise iocage will populate it's own values and the props returned by the API will be empty:

REST Request:
-------------------------------
PUT /sysadm/iocage
{
   "action" : "clonejail",
   "jail" : "test"
}

WebSocket Request:
-------------------------------
{
   "args" : {
      "jail" : "test",
      "action" : "clonejail"
   },
   "name" : "iocage",
   "namespace" : "sysadm",
   "id" : "fooid"
}

Response:
-------------------------------
{
  "args": {
    "clonejail": {
      "jail": "test",
      "props": "",
      "success": {
        "Successfully created": " 89e78032-cfba-11e5-8209-d05099728dbf (2016-02-09@23"
      }
    }
  },
  "id": "fooid",
  "name": "response",
  "namespace": "sysadm"
}
 2016-02-09 23:55:18 -06:00
dlavigne
9af28e5369 Doc start action. 2016-02-09 15:38:53 -05:00
dlavigne
e2cea7b05b Doc stop action. 2016-02-09 15:23:54 -05:00