Linux-Help
/
ovpn-admin
mirror of https://github.com/flant/ovpn-admin.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Code refactoring to singleton; Added metrics

Browse Source
pull/1/head 1.4.0
Ilya Sosnovsky 3 years ago
parent 7df1ea3a0d
commit bb257692af
5 changed files with 361 additions and 120 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      go.mod
  2. 11
      go.sum
  3. 13
      helpers.go
  4. 450
      main.go
  5. 2
      werf.yaml

5
go.mod
Unescape View File

@ -1,11 +1,8 @@
module openvpn-web-ui
module openvpn-admin
go 1.14
require (
github.com/Electronn/openvpn_exporter v0.0.0-20181005212047-37f639dc9c7d
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d // indirect
github.com/prometheus/client_golang v1.8.0
github.com/prometheus/common v0.15.0 // indirect
gopkg.in/alecthomas/kingpin.v2 v2.2.6

11
go.sum
Unescape View File

@ -1,8 +1,6 @@
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/Electronn/openvpn_exporter v0.0.0-20181005212047-37f639dc9c7d h1:OsbfZPacTMb2ljULx/g4Xt9mSbkVx/lfuYQQwbgkD5c=
github.com/Electronn/openvpn_exporter v0.0.0-20181005212047-37f639dc9c7d/go.mod h1:wcYOspX0l7/kR2Pd59EUppVpfzvVu/I+vBgMmDOmNH0=
github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
@ -44,6 +42,7 @@ github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfc
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
@ -92,6 +91,7 @@ github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
@ -143,8 +143,10 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
@ -201,6 +203,7 @@ github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
@ -256,6 +259,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
@ -353,6 +357,7 @@ golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtn
golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
@ -383,6 +388,7 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQ
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
@ -396,6 +402,7 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

13
helpers.go
Unescape View File

@ -10,13 +10,20 @@ import (
"time"
)
func indexTxtDateToHumanReadable(datetime string) string {
layout := "060102150405Z"
func parseDate(layout,datetime string) time.Time {
t, err := time.Parse(layout, datetime)
if err != nil {
log.Println(err)
}
return t.Format("2006-01-02 15:04:05")
return t
}
func parseDateToString(layout,datetime,format string) string {
return parseDate(layout, datetime).Format(format)
}
func parseDateToUnix(layout,datetime string) int64 {
return parseDate(layout, datetime).Unix()
}
func runBash(script string) string {

450
main.go
Unescape View File

@ -5,12 +5,15 @@ import (
"bytes"
"encoding/json"
"fmt"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promhttp"
"gopkg.in/alecthomas/kingpin.v2"
"log"
"net"
"net/http"
"os"
"regexp"
"strconv"
"strings"
"text/template"
"time"
@ -22,9 +25,13 @@ const (
downloadCcdApiUrl = "/api/data/ccd/download"
certsArchiveFileName = "certs.tar.gz"
ccdArchiveFileName = "ccd.tar.gz"
indexTxtDateLayout = "060102150405Z"
stringDateFormat = "2006-01-02 15:04:05"
ovpnStatusDateLayout = "Mon Jan 2 15:04:05 2006"
)
var (
listenHost = kingpin.Flag("listen.host","host for openvpn-admin").Default("0.0.0.0").String()
listenPort = kingpin.Flag("listen.port","port for openvpn-admin").Default("8080").String()
serverRole = kingpin.Flag("role","server role master or slave").Default("master").HintOptions("master", "slave").String()
@ -37,6 +44,7 @@ var (
openvpnNetwork = kingpin.Flag("ovpn.network","network for openvpn server").Default("172.16.100.0/24").String()
mgmtListenHost = kingpin.Flag("mgmt.host","host for openvpn server mgmt interface").Default("127.0.0.1").String()
mgmtListenPort = kingpin.Flag("mgmt.port","port for openvpn server mgmt interface").Default("8989").String()
metricsPath = kingpin.Flag("metrics.path", "URL path for surfacing collected metrics").Default("/metrics").String()
easyrsaDirPath = kingpin.Flag("easyrsa.path", "path to easyrsa dir").Default("/mnt/easyrsa").String()
indexTxtPath = kingpin.Flag("easyrsa.index-path", "path to easyrsa index file.").Default("/mnt/easyrsa/pki/index.txt").String()
ccdDir = kingpin.Flag("ccd.path", "path to client-config-dir").Default("/mnt/ccd").String()
@ -45,11 +53,95 @@ var (
certsArchivePath = "/tmp/" + certsArchiveFileName
ccdArchivePath = "/tmp/" + ccdArchiveFileName
lastSyncTime = ""
lastSuccessfulSyncTime = ""
masterHostBasicAuth = false
)
var (
ovpnServerCertExpire = prometheus.NewGauge(prometheus.GaugeOpts{
Name: "ovpn_server_cert_expire",
Help: "openvpn server certificate expire time in days",
},
)
ovpnServerCaCertExpire = prometheus.NewGauge(prometheus.GaugeOpts{
Name: "ovpn_server_ca_cert_expire",
Help: "openvpn server CA certificate expire time in days",
},
)
ovpnClientsTotal = prometheus.NewGauge(prometheus.GaugeOpts{
Name: "ovpn_clients_total",
Help: "total openvpn users",
},
)
ovpnClientsRevoked = prometheus.NewGauge(prometheus.GaugeOpts{
Name: "ovpn_clients_revoked",
Help: "revoked openvpn users",
},
)
ovpnClientsExpired = prometheus.NewGauge(prometheus.GaugeOpts{
Name: "ovpn_clients_expired",
Help: "expired openvpn users",
},
)
ovpnClientsConnected = prometheus.NewGauge(prometheus.GaugeOpts{
Name: "ovpn_clients_connected",
Help: "connected openvpn users",
},
)
ovpnClientCertificateExpire = prometheus.NewGaugeVec(prometheus.GaugeOpts{
Name: "ovpn_client_cert_expire",
Help: "openvpn user certificate expire time in days",
},
[]string{"client"},
)
ovpnClientConnectionInfo = prometheus.NewGaugeVec(prometheus.GaugeOpts{
Name: "ovpn_client_connection_info",
Help: "openvpn user connection info. ip - assigned address from opvn network. value - last time when connection was refreshed in unix format",
},
[]string{"client", "ip"},
)
ovpnClientConnectionFrom = prometheus.NewGaugeVec(prometheus.GaugeOpts{
Name: "ovpn_client_connection_from",
Help: "openvpn user connection info. ip - from which address connection was initialized. value - time when connection was initialized in unix format",
},
[]string{"client", "ip"},
)
ovpnClientBytesReceived = prometheus.NewGaugeVec(prometheus.GaugeOpts{
Name: "ovpn_client_bytes_received",
Help: "openvpn user bytes received",
},
[]string{"client"},
)
ovpnClientBytesSent = prometheus.NewGaugeVec(prometheus.GaugeOpts{
Name: "ovpn_client_bytes_sent",
Help: "openvpn user bytes sent",
},
[]string{"client"},
)
)
type OpenvpnAdmin struct {
role string
lastSyncTime string
lastSuccessfulSyncTime string
masterHostBasicAuth bool
masterSyncToken string
clients []OpenvpnClient
activeClients []clientStatus
promRegistry *prometheus.Registry
}
type OpenvpnServer struct {
Host string
Port string
@ -101,23 +193,28 @@ type clientStatus struct {
ConnectedSince string
VirtualAddress string
LastRef string
ConnectedSinceFormated string
LastRefFormated string
ConnectedSinceFormatted string
LastRefFormatted string
}
func userListHandler(w http.ResponseWriter, r *http.Request) {
usersList, _ := json.Marshal(usersList())
func (oAdmin *OpenvpnAdmin) userListHandler(w http.ResponseWriter, r *http.Request) {
usersList, _ := json.Marshal(oAdmin.clients)
fmt.Fprintf(w, "%s", usersList)
}
func userCreateHandler(w http.ResponseWriter, r *http.Request) {
if *serverRole == "slave" {
func (oAdmin *OpenvpnAdmin) userStatisticHandler(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
userStatistic, _ := json.Marshal(oAdmin.getUserStatistic(r.FormValue("username")))
fmt.Fprintf(w, "%s", userStatistic)
}
func (oAdmin *OpenvpnAdmin) userCreateHandler(w http.ResponseWriter, r *http.Request) {
if oAdmin.role == "slave" {
http.Error(w, `{"status":"error"}`, http.StatusLocked)
return
}
r.ParseForm()
userCreated, userCreateStatus := userCreate(r.FormValue("username"))
userCreated, userCreateStatus := oAdmin.userCreate(r.FormValue("username"))
if userCreated {
w.WriteHeader(http.StatusOK)
@ -128,44 +225,44 @@ func userCreateHandler(w http.ResponseWriter, r *http.Request) {
}
}
func userRevokeHandler(w http.ResponseWriter, r *http.Request) {
if *serverRole == "slave" {
func (oAdmin *OpenvpnAdmin) userRevokeHandler(w http.ResponseWriter, r *http.Request) {
if oAdmin.role == "slave" {
http.Error(w, `{"status":"error"}`, http.StatusLocked)
return
}
r.ParseForm()
fmt.Fprintf(w, "%s", userRevoke(r.FormValue("username")))
fmt.Fprintf(w, "%s", oAdmin.userRevoke(r.FormValue("username")))
}
func userUnrevokeHandler(w http.ResponseWriter, r *http.Request) {
if *serverRole == "slave" {
func (oAdmin *OpenvpnAdmin) userUnrevokeHandler(w http.ResponseWriter, r *http.Request) {
if oAdmin.role == "slave" {
http.Error(w, `{"status":"error"}`, http.StatusLocked)
return
}
r.ParseForm()
fmt.Fprintf(w, "%s", userUnrevoke(r.FormValue("username")))
fmt.Fprintf(w, "%s", oAdmin.userUnrevoke(r.FormValue("username")))
}
func userShowConfigHandler(w http.ResponseWriter, r *http.Request) {
func (oAdmin *OpenvpnAdmin) userShowConfigHandler(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
fmt.Fprintf(w, "%s", renderClientConfig(r.FormValue("username")))
fmt.Fprintf(w, "%s", oAdmin.renderClientConfig(r.FormValue("username")))
}
func userDisconnectHandler(w http.ResponseWriter, r *http.Request) {
func (oAdmin *OpenvpnAdmin) userDisconnectHandler(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
// fmt.Fprintf(w, "%s", userDisconnect(r.FormValue("username")))
fmt.Fprintf(w, "%s", r.FormValue("username"))
}
func userShowCcdHandler(w http.ResponseWriter, r *http.Request) {
func (oAdmin *OpenvpnAdmin) userShowCcdHandler(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
ccd, _ := json.Marshal(getCcd(r.FormValue("username")))
ccd, _ := json.Marshal(oAdmin.getCcd(r.FormValue("username")))
fmt.Fprintf(w, "%s", ccd)
}
func userApplyCcdHandler(w http.ResponseWriter, r *http.Request) {
if *serverRole == "slave" {
func (oAdmin *OpenvpnAdmin) userApplyCcdHandler(w http.ResponseWriter, r *http.Request) {
if oAdmin.role == "slave" {
http.Error(w, `{"status":"error"}`, http.StatusLocked)
return
}
@ -180,7 +277,7 @@ func userApplyCcdHandler(w http.ResponseWriter, r *http.Request) {
log.Println(err)
}
ccdApplied, applyStatus := modifyCcd(ccd)
ccdApplied, applyStatus := oAdmin.modifyCcd(ccd)
if ccdApplied {
w.WriteHeader(http.StatusOK)
@ -191,27 +288,27 @@ func userApplyCcdHandler(w http.ResponseWriter, r *http.Request) {
}
}
func serverRoleHandler(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, `{"status":"ok", "serverRole": "%s" }`, *serverRole)
func (oAdmin *OpenvpnAdmin) serverRoleHandler(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, `{"status":"ok", "serverRole": "%s" }`, oAdmin.role)
}
func lastSyncTimeHandler(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, lastSyncTime)
func (oAdmin *OpenvpnAdmin) lastSyncTimeHandler(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, oAdmin.lastSyncTime)
}
func lastSuccessfulSyncTimeHandler(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, lastSuccessfulSyncTime)
func (oAdmin *OpenvpnAdmin) lastSuccessfulSyncTimeHandler(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, oAdmin.lastSuccessfulSyncTime)
}
func downloadCertsHandler(w http.ResponseWriter, r *http.Request) {
if *serverRole == "slave" {
func (oAdmin *OpenvpnAdmin) downloadCertsHandler(w http.ResponseWriter, r *http.Request) {
if oAdmin.role == "slave" {
http.Error(w, `{"status":"error"}`, http.StatusLocked)
return
}
r.ParseForm()
token := r.Form.Get("token")
if token != *masterSyncToken {
if token != oAdmin.masterSyncToken {
http.Error(w, `{"status":"error"}`, http.StatusForbidden)
return
}
@ -221,15 +318,15 @@ func downloadCertsHandler(w http.ResponseWriter, r *http.Request) {
http.ServeFile(w,r, certsArchivePath)
}
func downloadCddHandler(w http.ResponseWriter, r *http.Request) {
if *serverRole == "slave" {
func (oAdmin *OpenvpnAdmin) downloadCddHandler(w http.ResponseWriter, r *http.Request) {
if oAdmin.role == "slave" {
http.Error(w, `{"status":"error"}`, http.StatusLocked)
return
}
r.ParseForm()
token := r.Form.Get("token")
if token != *masterSyncToken {
if token != oAdmin.masterSyncToken {
http.Error(w, `{"status":"error"}`, http.StatusForbidden)
return
}
@ -242,35 +339,54 @@ func downloadCddHandler(w http.ResponseWriter, r *http.Request) {
func main() {
kingpin.Parse()
ovpnAdmin := new(OpenvpnAdmin)
ovpnAdmin.lastSyncTime = "unknown"
ovpnAdmin.role = *serverRole
ovpnAdmin.lastSuccessfulSyncTime = "unknown"
ovpnAdmin.masterSyncToken = *masterSyncToken
ovpnAdmin.promRegistry = prometheus.NewRegistry()
ovpnAdmin.registerMetrics()
ovpnAdmin.setState()
go ovpnAdmin.updateState()
if *masterBasicAuthPassword != "" && *masterBasicAuthUser != "" {
masterHostBasicAuth = true
ovpnAdmin.masterHostBasicAuth = true
} else {
ovpnAdmin.masterHostBasicAuth = false
}
fmt.Println("Bind: http://" + *listenHost + ":" + *listenPort)
if *serverRole == "slave" {
syncDataFromMaster()
go syncWithMaster()
if ovpnAdmin.role == "slave" {
ovpnAdmin.syncDataFromMaster()
go ovpnAdmin.syncWithMaster()
}
fs := CacheControlWrapper(http.FileServer(http.Dir(*staticPath)))
http.Handle("/", fs)
http.HandleFunc("/api/server/role", serverRoleHandler)
http.HandleFunc("/api/users/list", userListHandler)
http.HandleFunc("/api/user/create", userCreateHandler)
http.HandleFunc("/api/user/revoke", userRevokeHandler)
http.HandleFunc("/api/user/unrevoke", userUnrevokeHandler)
http.HandleFunc("/api/user/config/show", userShowConfigHandler)
http.HandleFunc("/api/user/disconnect", userDisconnectHandler)
http.HandleFunc("/api/user/ccd", userShowCcdHandler)
http.HandleFunc("/api/user/ccd/apply", userApplyCcdHandler)
http.HandleFunc("/api/sync/last/try", lastSyncTimeHandler)
http.HandleFunc("/api/sync/last/successful", lastSuccessfulSyncTimeHandler)
http.HandleFunc(downloadCertsApiUrl, downloadCertsHandler)
http.HandleFunc(downloadCcdApiUrl, downloadCddHandler)
http.HandleFunc("/api/server/role", ovpnAdmin.serverRoleHandler)
http.HandleFunc("/api/users/list", ovpnAdmin.userListHandler)
http.HandleFunc("/api/user/create", ovpnAdmin.userCreateHandler)
http.HandleFunc("/api/user/revoke", ovpnAdmin.userRevokeHandler)
http.HandleFunc("/api/user/unrevoke", ovpnAdmin.userUnrevokeHandler)
http.HandleFunc("/api/user/config/show", ovpnAdmin.userShowConfigHandler)
http.HandleFunc("/api/user/disconnect", ovpnAdmin.userDisconnectHandler)
http.HandleFunc("/api/user/statistic", ovpnAdmin.userStatisticHandler)
http.HandleFunc("/api/user/ccd", ovpnAdmin.userShowCcdHandler)
http.HandleFunc("/api/user/ccd/apply", ovpnAdmin.userApplyCcdHandler)
http.HandleFunc("/api/sync/last/try", ovpnAdmin.lastSyncTimeHandler)
http.HandleFunc("/api/sync/last/successful", ovpnAdmin.lastSuccessfulSyncTimeHandler)
http.HandleFunc(downloadCertsApiUrl, ovpnAdmin.downloadCertsHandler)
http.HandleFunc(downloadCcdApiUrl, ovpnAdmin.downloadCddHandler)
http.Handle(*metricsPath, promhttp.HandlerFor(ovpnAdmin.promRegistry, promhttp.HandlerOpts{}))
http.HandleFunc("/ping", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "pong")
})
fmt.Println("Bind: http://" + *listenHost + ":" + *listenPort)
log.Fatal(http.ListenAndServe(*listenHost + ":" + *listenPort, nil))
}
@ -281,6 +397,38 @@ func CacheControlWrapper(h http.Handler) http.Handler {
})
}
func (oAdmin *OpenvpnAdmin) registerMetrics() {
oAdmin.promRegistry.MustRegister(ovpnServerCertExpire)
oAdmin.promRegistry.MustRegister(ovpnServerCaCertExpire)
oAdmin.promRegistry.MustRegister(ovpnClientsTotal)
oAdmin.promRegistry.MustRegister(ovpnClientsRevoked)
oAdmin.promRegistry.MustRegister(ovpnClientsConnected)
oAdmin.promRegistry.MustRegister(ovpnClientsExpired)
oAdmin.promRegistry.MustRegister(ovpnClientCertificateExpire)
oAdmin.promRegistry.MustRegister(ovpnClientConnectionInfo)
oAdmin.promRegistry.MustRegister(ovpnClientConnectionFrom)
oAdmin.promRegistry.MustRegister(ovpnClientBytesReceived)
oAdmin.promRegistry.MustRegister(ovpnClientBytesSent)
}
func (oAdmin *OpenvpnAdmin) setState() {
oAdmin.activeClients = oAdmin.mgmtGetActiveClients()
oAdmin.clients = oAdmin.usersList()
ovpnServerCaCertExpire.Set(float64(getOpvnCaCertExpireDate().Unix() - time.Now().Unix() / 3600 / 24))
}
func (oAdmin *OpenvpnAdmin) updateState() {
for {
time.Sleep(time.Duration(28) * time.Second)
ovpnClientBytesSent.Reset()
ovpnClientBytesReceived.Reset()
ovpnClientConnectionFrom.Reset()
ovpnClientConnectionInfo.Reset()
go oAdmin.setState()
}
}
func indexTxtParser(txt string) []indexTxtLine {
var indexTxt []indexTxtLine
@ -298,6 +446,7 @@ func indexTxtParser(txt string) []indexTxtLine {
}
}
}
return indexTxt
}
@ -315,7 +464,7 @@ func renderIndexTxt(data []indexTxtLine) string {
return indexTxt
}
func renderClientConfig(username string) string {
func (oAdmin *OpenvpnAdmin) renderClientConfig(username string) string {
if checkUserExist(username) {
var hosts []OpenvpnServer
@ -333,18 +482,21 @@ func renderClientConfig(username string) string {
t, _ := template.ParseFiles("client.conf.tpl")
var tmp bytes.Buffer
t.Execute(&tmp, conf)
err := t.Execute(&tmp, conf)
if err != nil {
log.Printf("WARNING: something goes wrong during rendering config for %s", username )
}
hosts = nil
fmt.Printf("%+v\n", tmp.String())
return (fmt.Sprintf("%+v\n", tmp.String()))
return fmt.Sprintf("%+v\n", tmp.String())
}
fmt.Printf("User \"%s\" not found", username)
return fmt.Sprintf("User \"%s\" not found", username)
}
func parseCcd(username string) Ccd {
func (oAdmin *OpenvpnAdmin) parseCcd(username string) Ccd {
ccd := Ccd{}
ccd.User = username
ccd.ClientAddress = "dynamic"
@ -367,7 +519,7 @@ func parseCcd(username string) Ccd {
return ccd
}
func modifyCcd(ccd Ccd) (bool, string) {
func (oAdmin *OpenvpnAdmin) modifyCcd(ccd Ccd) (bool, string) {
ccdErr := "something goes wrong"
if fCreate(*ccdDir + "/" + ccd.User) {
@ -446,14 +598,14 @@ func validateCcd(ccd Ccd) (bool, string) {
return true, ccdErr
}
func getCcd(username string) Ccd {
func (oAdmin *OpenvpnAdmin) getCcd(username string) Ccd {
ccd := Ccd{}
ccd.User = username
ccd.ClientAddress = "dynamic"
ccd.CustomRoutes = []ccdRoute{}
if fCreate(*ccdDir + "/" + username) {
ccd = parseCcd(username)
ccd = oAdmin.parseCcd(username)
}
return ccd
}
@ -481,33 +633,64 @@ func checkUserExist(username string) bool {
return false
}
func usersList() []OpenvpnClient {
func (oAdmin *OpenvpnAdmin) usersList() []OpenvpnClient {
var users []OpenvpnClient
activeClients := mgmtGetActiveClients()
totalCerts := 0
validCerts := 0
revokedCerts := 0
expiredCerts := 0
connectedUsers := 0
apochNow := time.Now().Unix()
for _, line := range indexTxtParser(fRead(*indexTxtPath)) {
if line.Identity != "server" {
ovpnClient := OpenvpnClient{Identity: line.Identity, ExpirationDate: indexTxtDateToHumanReadable(line.ExpirationDate)}
totalCerts += 1
ovpnClient := OpenvpnClient{Identity: line.Identity, ExpirationDate: parseDateToString(indexTxtDateLayout, line.ExpirationDate, stringDateFormat)}
switch {
case line.Flag == "V":
ovpnClient.AccountStatus = "Active"
case line.Flag == "R":
ovpnClientCertificateExpire.WithLabelValues(line.Identity).Set(float64(parseDateToUnix(indexTxtDateLayout, line.ExpirationDate) - apochNow / 3600 / 24))
validCerts += 1
case line.Flag == "R":
ovpnClient.AccountStatus = "Revoked"
ovpnClient.RevocationDate = indexTxtDateToHumanReadable(line.RevocationDate)
ovpnClient.RevocationDate = parseDateToString(indexTxtDateLayout, line.RevocationDate, stringDateFormat)
ovpnClientCertificateExpire.WithLabelValues(line.Identity).Set(float64(parseDateToUnix(indexTxtDateLayout, line.ExpirationDate) - apochNow / 3600 / 24))
revokedCerts += 1
case line.Flag == "E":
ovpnClient.AccountStatus = "Expired"
ovpnClientCertificateExpire.WithLabelValues(line.Identity).Set(float64(parseDateToUnix(indexTxtDateLayout, line.ExpirationDate) - apochNow / 3600 / 24))
expiredCerts += 1
}
if isUserConnected(line.Identity, activeClients) {
if isUserConnected(line.Identity, oAdmin.activeClients) {
ovpnClient.ConnectionStatus = "Connected"
connectedUsers += 1
}
users = append(users, ovpnClient)
}
} else {
ovpnServerCertExpire.Set(float64(parseDateToUnix(indexTxtDateLayout,line.ExpirationDate) - apochNow / 3600 / 24))
}
}
otherCerts := totalCerts - validCerts - revokedCerts - expiredCerts
if otherCerts != 0 {
log.Printf("WARNING: there are %d otherCerts", otherCerts)
}
ovpnClientsTotal.Set(float64(totalCerts))
ovpnClientsRevoked.Set(float64(revokedCerts))
ovpnClientsExpired.Set(float64(expiredCerts))
ovpnClientsConnected.Set(float64(connectedUsers))
return users
}
func userCreate(username string) (bool, string) {
ucErr := ""
func (oAdmin *OpenvpnAdmin) userCreate(username string) (bool, string) {
ucErr := fmt.Sprintf("User \"%s\" created", username)
// TODO: add password for user cert . priority=low
if validateUsername(username) == false {
ucErr = fmt.Sprintf("Username \"%s\" incorrect, you can use only %s\n", username, usernameRegexp)
@ -525,21 +708,35 @@ func userCreate(username string) (bool, string) {
}
o := runBash(fmt.Sprintf("date +%%Y-%%m-%%d\\ %%H:%%M:%%S && cd %s && easyrsa build-client-full %s nopass", *easyrsaDirPath, username))
fmt.Println(o)
return true, fmt.Sprintf("User \"%s\" created", username)
if *debug {
log.Printf("INFO: user created: %s", username)
}
oAdmin.clients = oAdmin.usersList()
return true, ucErr
}
func userRevoke(username string) string {
func (oAdmin *OpenvpnAdmin) getUserStatistic(username string) clientStatus {
for _, u := range oAdmin.activeClients {
if u.CommonName == username {
return u
}
}
return clientStatus{}
}
func (oAdmin *OpenvpnAdmin) userRevoke(username string) string {
if checkUserExist(username) {
// check certificate valid flag 'V'
o := runBash(fmt.Sprintf("date +%%Y-%%m-%%d\\ %%H:%%M:%%S && cd %s && echo yes | easyrsa revoke %s && easyrsa gen-crl", *easyrsaDirPath, username))
crlFix()
oAdmin.clients = oAdmin.usersList()
return fmt.Sprintln(o)
}
fmt.Printf("User \"%s\" not found", username)
return fmt.Sprintf("User \"%s\" not found", username)
}
func userUnrevoke(username string) string {
func (oAdmin *OpenvpnAdmin) userUnrevoke(username string) string {
if checkUserExist(username) {
// check certificate revoked flag 'R'
usersFromIndexTxt := indexTxtParser(fRead(*indexTxtPath))
@ -549,18 +746,20 @@ func userUnrevoke(username string) string {
usersFromIndexTxt[i].Flag = "V"
usersFromIndexTxt[i].RevocationDate = ""
o := runBash(fmt.Sprintf("cd %s && cp pki/revoked/certs_by_serial/%s.crt pki/issued/%s.crt", *easyrsaDirPath, usersFromIndexTxt[i].SerialNumber, username))
fmt.Println(o)
//fmt.Println(o)
o = runBash(fmt.Sprintf("cd %s && cp pki/revoked/certs_by_serial/%s.crt pki/certs_by_serial/%s.pem", *easyrsaDirPath, usersFromIndexTxt[i].SerialNumber, usersFromIndexTxt[i].SerialNumber))
fmt.Println(o)
//fmt.Println(o)
o = runBash(fmt.Sprintf("cd %s && cp pki/revoked/private_by_serial/%s.key pki/private/%s.key", *easyrsaDirPath, usersFromIndexTxt[i].SerialNumber, username))
fmt.Println(o)
//fmt.Println(o)
o = runBash(fmt.Sprintf("cd %s && cp pki/revoked/reqs_by_serial/%s.req pki/reqs/%s.req", *easyrsaDirPath, usersFromIndexTxt[i].SerialNumber, username))
fmt.Println(o)
//fmt.Println(o)
fWrite(*indexTxtPath, renderIndexTxt(usersFromIndexTxt))
fmt.Print(renderIndexTxt(usersFromIndexTxt))
//fmt.Print(renderIndexTxt(usersFromIndexTxt))
o = runBash(fmt.Sprintf("cd %s && easyrsa gen-crl", *easyrsaDirPath))
fmt.Println(o)
//fmt.Println(o)
crlFix()
o = ""
fmt.Println(o)
break
}
}
@ -568,6 +767,7 @@ func userUnrevoke(username string) string {
fWrite(*indexTxtPath, renderIndexTxt(usersFromIndexTxt))
fmt.Print(renderIndexTxt(usersFromIndexTxt))
crlFix()
oAdmin.clients = oAdmin.usersList()
return fmt.Sprintf("{\"msg\":\"User %s successfully unrevoked\"}", username)
}
return fmt.Sprintf("{\"msg\":\"User \"%s\" not found\"}", username)
@ -579,14 +779,14 @@ func userChangePassword(username string, newPassword string) bool {
return false
}
func ovpnMgmtRead(conn net.Conn) string {
func (oAdmin *OpenvpnAdmin) mgmtRead(conn net.Conn) string {
buf := make([]byte, 32768)
bufLen, _ := conn.Read(buf)
s := string(buf[:bufLen])
return s
}
func mgmtConnectedUsersParser(text string) []clientStatus {
func (oAdmin *OpenvpnAdmin) mgmtConnectedUsersParser(text string) []clientStatus {
var u []clientStatus
isClientList := false
isRouteTable := false
@ -611,7 +811,20 @@ func mgmtConnectedUsersParser(text string) []clientStatus {
}
if isClientList {
user := strings.Split(txt, ",")
u = append(u, clientStatus{CommonName: user[0], RealAddress: user[1], BytesReceived: user[2], BytesSent: user[3], ConnectedSince: user[4]})
userName := user[0]
userAddress := user[1]
userBytesRecieved:= user[2]
userBytesSent:= user[3]
userConnectedSince := user[4]
userStatus := clientStatus{CommonName: userName, RealAddress: userAddress, BytesReceived: userBytesRecieved, BytesSent: userBytesSent, ConnectedSince: userConnectedSince}
u = append(u, userStatus)
bytesSent, _ := strconv.Atoi(userBytesSent)
bytesReceive, _ := strconv.Atoi(userBytesRecieved)
ovpnClientConnectionFrom.WithLabelValues(userName, userAddress).Set(float64(parseDateToUnix(ovpnStatusDateLayout, userConnectedSince)))
ovpnClientBytesSent.WithLabelValues(userName).Set(float64(bytesSent))
ovpnClientBytesReceived.WithLabelValues(userName).Set(float64(bytesReceive))
}
if isRouteTable {
user := strings.Split(txt, ",")
@ -619,6 +832,7 @@ func mgmtConnectedUsersParser(text string) []clientStatus {
if u[i].CommonName == user[1] {
u[i].VirtualAddress = user[0]
u[i].LastRef = user[3]
ovpnClientConnectionInfo.WithLabelValues(user[1], user[0]).Set(float64(parseDateToUnix(ovpnStatusDateLayout, user[3])))
break
}
}
@ -627,27 +841,27 @@ func mgmtConnectedUsersParser(text string) []clientStatus {
return u
}
func mgmtKillUserConnection(username string) {
func (oAdmin *OpenvpnAdmin) mgmtKillUserConnection(username string) {
conn, err := net.Dial("tcp", *mgmtListenHost+":"+*mgmtListenPort)
if err != nil {
log.Println("ERROR: openvpn mgmt interface is not reachable")
return
}
ovpnMgmtRead(conn) // read welcome message
oAdmin.mgmtRead(conn) // read welcome message
conn.Write([]byte(fmt.Sprintf("kill %s\n", username)))
fmt.Printf("%v", ovpnMgmtRead(conn))
fmt.Printf("%v", oAdmin.mgmtRead(conn))
conn.Close()
}
func mgmtGetActiveClients() []clientStatus {
func (oAdmin *OpenvpnAdmin) mgmtGetActiveClients() []clientStatus {
conn, err := net.Dial("tcp", *mgmtListenHost+":"+*mgmtListenPort)
if err != nil {
log.Println("ERROR: openvpn mgmt interface is not reachable")
return []clientStatus{}
}
ovpnMgmtRead(conn) // read welcome message
oAdmin.mgmtRead(conn) // read welcome message
conn.Write([]byte("status\n"))
activeClients := mgmtConnectedUsersParser(ovpnMgmtRead(conn))
activeClients := oAdmin.mgmtConnectedUsersParser(oAdmin.mgmtRead(conn))
conn.Close()
return activeClients
}
@ -661,11 +875,11 @@ func isUserConnected(username string, connectedUsers []clientStatus) bool {
return false
}
func downloadCerts() bool {
func (oAdmin *OpenvpnAdmin) downloadCerts() bool {
if fExist(certsArchivePath) {
fDelete(certsArchivePath)
}
err := fDownload(certsArchivePath, *masterHost + downloadCertsApiUrl + "?token=" + *masterSyncToken, masterHostBasicAuth)
err := fDownload(certsArchivePath, *masterHost + downloadCertsApiUrl + "?token=" + oAdmin.masterSyncToken, oAdmin.masterHostBasicAuth)
if err != nil {
log.Println(err)
return false
@ -674,12 +888,12 @@ func downloadCerts() bool {
return true
}
func downloadCcd() bool {
func (oAdmin *OpenvpnAdmin) downloadCcd() bool {
if fExist(ccdArchivePath) {
fDelete(ccdArchivePath)
}
err := fDownload(ccdArchivePath, *masterHost + downloadCcdApiUrl + "?token=" + *masterSyncToken, masterHostBasicAuth)
err := fDownload(ccdArchivePath, *masterHost + downloadCcdApiUrl + "?token=" + oAdmin.masterSyncToken, oAdmin.masterHostBasicAuth)
if err != nil {
log.Println(err)
return false
@ -710,19 +924,17 @@ func unArchiveCcd() {
fmt.Println(o)
}
func syncDataFromMaster() {
log.Println("Downloading archives from master")
func (oAdmin *OpenvpnAdmin) syncDataFromMaster() {
retryCountMax := 3
certsDownloadFailed := true
ccdDownloadFailed := true
certsDownloadRetries := 0
ccdDownloadRetries := 0
for certsDownloadFailed && certsDownloadRetries < retryCountMax {
certsDownloadRetries += 1
if downloadCerts() {
log.Printf("Downloading certs archive from master. Attempt %d", certsDownloadRetries)
if oAdmin.downloadCerts() {
certsDownloadFailed = false
log.Println("Decompression certs archive from master")
unArchiveCerts()
@ -733,7 +945,8 @@ func syncDataFromMaster() {
for ccdDownloadFailed && ccdDownloadRetries < retryCountMax {
ccdDownloadRetries += 1
if downloadCcd() {
log.Printf("Downloading ccd archive from master. Attempt %d", ccdDownloadRetries)
if oAdmin.downloadCcd() {
ccdDownloadFailed = false
log.Println("Decompression ccd archive from master")
unArchiveCcd()
@ -742,24 +955,41 @@ func syncDataFromMaster() {
}
}
lastSyncTime = time.Now().Format("2006-01-02 15:04:05")
oAdmin.lastSyncTime = time.Now().Format("2006-01-02 15:04:05")
if !ccdDownloadFailed && !certsDownloadFailed {
lastSuccessfulSyncTime = time.Now().Format("2006-01-02 15:04:05")
oAdmin.lastSuccessfulSyncTime = time.Now().Format("2006-01-02 15:04:05")
}
}
func syncWithMaster() {
func (oAdmin *OpenvpnAdmin) syncWithMaster() {
for {
time.Sleep(time.Duration(*masterSyncFrequency) * time.Second)
syncDataFromMaster()
oAdmin.syncDataFromMaster()
}
}
func getOpvnCaCertExpireDate() time.Time {
caCertPath := *easyrsaDirPath + "/pki/ca.crt"
caCertExpireDate := runBash(fmt.Sprintf("openssl x509 -in %s -noout -enddate | awk -F \"=\" {'print $2'}", caCertPath))
dateLayout := "Jan 2 15:04:05 2006 MST"
t, err := time.Parse(dateLayout, strings.TrimSpace(caCertExpireDate))
if err != nil {
log.Printf("WARNING: can`t parse expire date for CA cert: %v", err)
return time.Now()
}
return t
}
// https://community.openvpn.net/openvpn/ticket/623
func crlFix() {
os.Chmod(*easyrsaDirPath + "/pki", 0755)
err := os.Chmod(*easyrsaDirPath + "/pki/crl.pem", 0644)
if err != nil {
log.Println(err)
err1 := os.Chmod(*easyrsaDirPath + "/pki", 0755)
if err1 != nil {
log.Println(err1)
}
err2 := os.Chmod(*easyrsaDirPath + "/pki/crl.pem", 0644)
if err2 != nil {
log.Println(err2)
}
}
}

2
werf.yaml
Unescape View File

@ -1,4 +1,4 @@
project: openvpn-web-ui
project: openvpn-admin
configVersion: 1
deploy:
helmRelease: "[[ project ]]-[[ env ]]"

Write Preview
Loading…
Cancel
Save