/**
* Return HTTPS certificate and private key
* @return DOMDocument
*/
protected function GetHttpsCertificate()
{
$ResponseDOMDocument = $this->CreateResponse();
if (in_array($this->DBServer->status, array(SERVER_STATUS::PENDING_TERMINATE, SERVER_STATUS::TERMINATED, SERVER_STATUS::TROUBLESHOOTING, SERVER_STATUS::SUSPENDED))) {
return $ResponseDOMDocument;
}
$hostName = $this->GetArg("hostname") ? " AND name=" . $this->qstr($this->GetArg("hostname")) : "";
if ($this->GetArg("id")) {
$sslInfo = Entity\SslCertificate::findPk($this->GetArg("id"));
if ($sslInfo->envId != $this->DBServer->envId) {
$sslInfo = null;
}
} else {
if ($this->DBServer->GetFarmRoleObject()->GetRoleObject()->hasBehavior(ROLE_BEHAVIORS::NGINX)) {
$vhost_info = $this->DB->GetRow("SELECT * FROM apache_vhosts WHERE farm_id=? AND is_ssl_enabled='1' {$hostName} LIMIT 1", array($this->DBServer->farmId));
} else {
$vhost_info = $this->DB->GetRow("SELECT * FROM apache_vhosts WHERE farm_roleid=? AND is_ssl_enabled='1' {$hostName} LIMIT 1", array($this->DBServer->farmRoleId));
}
if ($vhost_info) {
$sslInfo = Entity\SslCertificate::findPk($vhost_info['ssl_cert_id']);
if ($sslInfo->envId != $this->DBServer->envId) {
$sslInfo = null;
}
}
}
if ($sslInfo) {
$vhost = $ResponseDOMDocument->createElement("virtualhost");
$vhost->setAttribute("name", $sslInfo->name);
$vhost->appendChild($ResponseDOMDocument->createElement("cert", $sslInfo->certificate));
$vhost->appendChild($ResponseDOMDocument->createElement("pkey", $sslInfo->privateKey));
$vhost->appendChild($ResponseDOMDocument->createElement("ca_cert", $sslInfo->caBundle));
$ResponseDOMDocument->documentElement->appendChild($vhost);
}
return $ResponseDOMDocument;
}
/**
* Save certificate (create new or update existing).
*
* @param string $name
* @param int $id optional
* @param int $privateKeyClear optional
* @param int $certificateClear optional
* @param int $caBundleClear optional
* @param string $privateKeyPassword optional
* @throws Scalr_Exception_Core
* @throws Scalr_Exception_InsufficientPermissions
* @throws Scalr_UI_Exception_NotFound
* @throws \Scalr\Exception\ModelException
*/
public function xSaveAction($name, $id = null, $privateKeyClear = null, $certificateClear = null, $caBundleClear = null, $privateKeyPassword = null)
{
$this->request->restrictAccess(Acl::RESOURCE_SERVICES_SSL, Acl::PERM_SERVICES_SSL_MANAGE);
$flagNew = false;
if ($id) {
/* @var \Scalr\Model\Entity\SslCertificate $cert */
$cert = Entity\SslCertificate::findPk($id);
if (!$cert) {
throw new Scalr_UI_Exception_NotFound();
}
$this->user->getPermissions()->validate($cert);
} else {
$cert = new Entity\SslCertificate();
$cert->envId = $this->getEnvironmentId();
$flagNew = true;
}
$cert->name = $name;
if (!$cert->name) {
$this->request->addValidationErrors('name', 'Name can\'t be empty');
}
$criteria = [['name' => $cert->name], ['envId' => $cert->envId]];
if ($id) {
$criteria[] = ['id' => ['$ne' => $id]];
}
if (Entity\SslCertificate::findOne($criteria)) {
$this->request->addValidationErrors('name', 'Name must be unique.');
}
if (!empty($_FILES['privateKey']['tmp_name'])) {
$cert->privateKey = file_get_contents($_FILES['privateKey']['tmp_name']);
} elseif ($privateKeyClear) {
$cert->privateKey = null;
}
if ($privateKeyPassword) {
if (!$cert->privateKey) {
$this->request->addValidationErrors('privateKeyPassword', 'Private key password requires private key');
} else {
if ($privateKeyPassword != '******') {
$cert->privateKeyPassword = $privateKeyPassword;
}
}
} else {
$cert->privateKeyPassword = null;
}
if (!empty($_FILES['certificate']['tmp_name'])) {
$cr = file_get_contents($_FILES['certificate']['tmp_name']);
if (!openssl_x509_parse($cr, false)) {
$this->request->addValidationErrors('certificate', 'Not valid certificate');
} else {
$cert->certificate = $cr;
}
} elseif ($certificateClear) {
$cert->certificate = null;
}
if (!empty($_FILES['caBundle']['tmp_name'])) {
$bn = file_get_contents($_FILES['caBundle']['tmp_name']);
if (!openssl_x509_parse($bn, false)) {
$this->request->addValidationErrors('caBundle', 'Not valid certificate chain');
} else {
$cert->caBundle = $bn;
}
} elseif ($caBundleClear) {
$cert->caBundle = null;
}
if (!$cert->certificate) {
$this->request->addValidationErrors('certificate', 'Certificate cannot be empty.');
}
if (!$cert->privateKey) {
$this->request->addValidationErrors('privateKey', 'Private key cannot be empty.');
}
if (!$this->request->isValid()) {
$this->response->data($this->request->getValidationErrors());
$this->response->failure();
} else {
$cert->save();
if ($id) {
try {
// Update existing servers
$res = $this->db->Execute("SELECT farm_roleid FROM farm_role_settings WHERE name='nginx.proxies' AND value LIKE '%ssl_certificate_id\":\"{$cert->id}%'");
while ($f = $res->FetchRow()) {
$dbFarmRole = DBFarmRole::LoadByID($f['farm_roleid']);
$servers = $dbFarmRole->GetServersByFilter(['status' => SERVER_STATUS::RUNNING]);
foreach ($servers as $server) {
$msg = new Scalr_Messaging_Msg_SSLCertificateUpdate();
$msg->id = $cert->id;
$msg->certificate = $cert->certificate;
$msg->cacertificate = $cert->caBundle;
$msg->privateKey = $cert->privateKey;
$server->SendMessage($msg, false, true);
}
}
// Update apache server
} catch (Exception $e) {
}
}
$this->response->success('Certificate was successfully saved');
if ($flagNew) {
$this->response->data(['cert' => $cert->getInfo()]);
}
}
}
public function xSaveAction()
{
$this->request->restrictAccess(Acl::RESOURCE_SERVICES_APACHE, Acl::PERM_SERVICES_APACHE_MANAGE);
$validator = new Scalr_Validator();
try {
if ($validator->validateDomain($this->getParam('domainName')) !== true) {
$err['domainName'] = _("Domain name is incorrect");
}
if (!$this->getParam('farmId')) {
$err['farmId'] = _("Farm required");
} else {
$dbFarm = DBFarm::LoadByID($this->getParam('farmId'));
$this->user->getPermissions()->validate($dbFarm);
}
if (!$this->getParam('farmRoleId')) {
$err['farmRoleId'] = _("Role required");
} else {
$dbFarmRole = DBFarmRole::LoadByID($this->getParam('farmRoleId'));
if ($dbFarmRole->FarmID != $dbFarm->ID) {
$err['farmRoleId'] = _("Role not found");
}
}
if ($validator->validateEmail($this->getParam('serverAdmin'), null, true) !== true) {
$err['serverAdmin'] = _("Server admin's email is incorrect or empty ");
}
if (!$this->getParam('documentRoot')) {
$err['documentRoot'] = _("Document root required");
}
if (!$this->getParam('logsDir')) {
$err['logsDir'] = _("Logs directory required");
}
if ($this->db->GetOne("SELECT id FROM apache_vhosts WHERE env_id=? AND `name` = ? AND id != ? AND farm_id = ? AND farm_roleid = ? LIMIT 1", array($this->getEnvironmentId(), $this->getParam('domainName'), $this->getParam('vhostId'), $this->getParam('farmId'), $this->getParam('farmRoleId')))) {
$err['domainName'] = "'{$this->getParam('domainName')}' virtualhost already exists";
}
} catch (Exception $e) {
$err[] = $e->getMessage();
}
if (count($err) == 0) {
$vHost = Scalr_Service_Apache_Vhost::init();
if ($this->getParam('vhostId')) {
$vHost->loadById($this->getParam('vhostId'));
$this->user->getPermissions()->validate($vHost);
} else {
$vHost->envId = $this->getEnvironmentId();
$vHost->clientId = $this->user->getAccountId();
}
$vHost->domainName = $this->getParam('domainName');
$isSslEnabled = $this->getParam('isSslEnabled') == 'on' ? true : false;
if ($vHost->farmRoleId && $vHost->farmRoleId != $this->getParam('farmRoleId')) {
$oldFarmRoleId = $vHost->farmRoleId;
}
$vHost->farmId = $this->getParam('farmId');
$vHost->farmRoleId = $this->getParam('farmRoleId');
$vHost->isSslEnabled = $isSslEnabled ? 1 : 0;
$vHost->httpdConf = $this->getParam("nonSslTemplate", true);
$vHost->templateOptions = serialize(array("document_root" => trim($this->getParam('documentRoot')), "logs_dir" => trim($this->getParam('logsDir')), "server_admin" => trim($this->getParam('serverAdmin')), "server_alias" => trim($this->getParam('serverAlias'))));
//SSL stuff
if ($isSslEnabled) {
$cert = Entity\SslCertificate::findPk($this->getParam('sslCertId'));
$this->user->getPermissions()->validate($cert);
$vHost->sslCertId = $cert->id;
$vHost->httpdConfSsl = $this->getParam("sslTemplate", true);
} else {
$vHost->sslCertId = 0;
$vHost->httpdConfSsl = "";
}
$vHost->save();
$servers = $dbFarm->GetServersByFilter(array('status' => array(SERVER_STATUS::INIT, SERVER_STATUS::RUNNING)));
foreach ($servers as $dBServer) {
if ($dBServer->GetFarmRoleObject()->GetRoleObject()->hasBehavior(ROLE_BEHAVIORS::NGINX) || $dBServer->GetFarmRoleObject()->GetRoleObject()->hasBehavior(ROLE_BEHAVIORS::APACHE) && $dBServer->farmRoleId == $vHost->farmRoleId) {
$dBServer->SendMessage(new Scalr_Messaging_Msg_VhostReconfigure());
}
}
if ($oldFarmRoleId) {
$oldFarmRole = DBFarmRole::LoadByID($oldFarmRoleId);
$servers = $oldFarmRole->GetServersByFilter(array('status' => array(SERVER_STATUS::INIT, SERVER_STATUS::RUNNING)));
foreach ($servers as $dBServer) {
$dBServer->SendMessage(new Scalr_Messaging_Msg_VhostReconfigure());
}
}
$this->response->success(_('Virtualhost successfully saved'));
} else {
$this->response->failure();
$this->response->data(array('errors' => $err));
}
}
public function getConfiguration(DBServer $dbServer)
{
$configuration = new stdClass();
$configuration->keyfile = $dbServer->GetFarmRoleObject()->GetSetting(self::ROLE_KEYFILE);
$configuration->volumeConfig = $this->getVolumeConfig($dbServer->GetFarmRoleObject(), $dbServer);
$configuration->snapshotConfig = $this->getSnapshotConfig($dbServer->GetFarmRoleObject(), $dbServer);
$configuration->password = $dbServer->GetFarmRoleObject()->GetSetting(self::ROLE_PASSWORD);
$configuration->replicaSetIndex = $dbServer->GetProperty(self::SERVER_REPLICA_SET_INDEX);
$configuration->shardIndex = $dbServer->GetProperty(self::SERVER_SHARD_INDEX);
$configuration->shardsTotal = $dbServer->GetFarmRoleObject()->GetSetting(self::ROLE_SHARDS_COUNT);
$configuration->replicasPerShard = $dbServer->GetFarmRoleObject()->GetSetting(self::ROLE_REPLICAS_COUNT);
$configuration->cfgServerStorageSize = 5;
$mmsApiKey = $dbServer->GetFarmRoleObject()->GetSetting(self::ROLE_MMS_API_KEY);
if ($mmsApiKey) {
$configuration->mms = new stdClass();
$configuration->mms->apiKey = $mmsApiKey;
$configuration->mms->secretKey = $dbServer->GetFarmRoleObject()->GetSetting(self::ROLE_MMS_SECRET_KEY);
}
if ($dbServer->GetFarmRoleObject()->GetSetting(self::ROLE_SSL_ENABLED) == 1) {
$cert = Entity\SslCertificate::findPk($dbServer->GetFarmRoleObject()->GetSetting(self::ROLE_SSL_CERT_ID));
$configuration->ssl = new stdClass();
$configuration->ssl->privateKey = $cert->privateKey;
$configuration->ssl->certificate = $cert->certificate;
$configuration->ssl->privateKeyPassword = $cert->privateKeyPassword;
}
$configServers = $this->db->GetAll("SELECT * FROM services_mongodb_config_servers WHERE\n `farm_role_id` = ?\n ", array($dbServer->farmRoleId));
if (count($configServers) > 0) {
$configuration->config_servers = array();
foreach ($configServers as $cs) {
$itm = new stdClass();
$itm->id = $cs['config_server_index'];
$itm->replicaSetIndex = $cs['replica_set_index'];
$itm->shardIndex = $cs['shard_index'];
try {
$volume = Scalr_Storage_Volume::init()->loadById($cs['volume_id']);
$volumeConfig = $volume->getConfig();
} catch (Exception $e) {
}
$itm->volume = $volumeConfig;
$configuration->config_servers[] = $itm;
}
}
return $configuration;
}
