YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Improve port diagnosis by adding a relation between ports and services

Browse source
This commit is contained in:
Alexandre Aubin 2019-11-08 22:29:21 +01:00
parent 64aff46421
commit a9dd701824
3 changed files with 25 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
data/hooks/diagnosis/14-ports.py
View file

@ -5,7 +5,7 @@ import requests
from yunohost.diagnosis import Diagnoser from yunohost.diagnosis import Diagnoser
from yunohost.utils.error import YunohostError from yunohost.utils.error import YunohostError
from yunohost.service import _get_services
class PortsDiagnoser(Diagnoser): class PortsDiagnoser(Diagnoser):
@ -15,16 +15,18 @@ class PortsDiagnoser(Diagnoser):
def run(self): def run(self):
# FIXME / TODO : in the future, maybe we want to report different # This dict is something like :
# things per port depending on how important they are # { 80: "nginx",
# (e.g. XMPP sounds to me much less important than other ports) # 25: "postfix",
# Ideally, a port could be related to a service... # 443: "nginx"
# FIXME / TODO : for now this list of port is hardcoded, might want # ... }
# to fetch this from the firewall.yml in /etc/yunohost/ ports = {}
ports = [22, 25, 53, 80, 443, 587, 993, 5222, 5269] for service, infos in _get_services().items():
for port in infos.get("needs_exposed_ports", []):
ports[port] = service
try: try:
r = requests.post('https://ynhdiagnoser.netlib.re/check-ports', json={'ports': ports}, timeout=30).json() r = requests.post('https://ynhdiagnoser.netlib.re/check-ports', json={'ports': ports.keys()}, timeout=30).json()
if "status" not in r.keys(): if "status" not in r.keys():
raise Exception("Bad syntax for response ? Raw json: %s" % str(r)) raise Exception("Bad syntax for response ? Raw json: %s" % str(r))
elif r["status"] == "error": elif r["status"] == "error":
@ -37,15 +39,17 @@ class PortsDiagnoser(Diagnoser):
except Exception as e: except Exception as e:
raise YunohostError("diagnosis_ports_could_not_diagnose", error=e) raise YunohostError("diagnosis_ports_could_not_diagnose", error=e)
for port in ports: for port, service in ports.items():
if r["ports"].get(str(port), None) is not True: if r["ports"].get(str(port), None) is not True:
yield dict(meta={"port": port}, yield dict(meta={"port": port, "needed_by": service},
status="ERROR", status="ERROR",
summary=("diagnosis_ports_unreachable", {"port": port})) summary=("diagnosis_ports_unreachable", {"port": port}),
details=[("diagnosis_ports_needed_by", (service,)), ("diagnosis_ports_forwarding_tip", ())])
else: else:
yield dict(meta={}, yield dict(meta={"port": port, "needed_by": service},
status="SUCCESS", status="SUCCESS",
summary=("diagnosis_ports_ok", {"port": port})) summary=("diagnosis_ports_ok", {"port": port}),
details=[("diagnosis_ports_needed_by", (service))])
def main(args, env, loggers): def main(args, env, loggers):

5
data/templates/yunohost/services.yml
View file

@ -1,6 +1,7 @@
nginx: nginx:
log: /var/log/nginx log: /var/log/nginx
test-conf: nginx -t test-conf: nginx -t
needs_exposed_ports: [80, 443]
avahi-daemon: avahi-daemon:
log: /var/log/daemon.log log: /var/log/daemon.log
dnsmasq: dnsmasq:
@ -9,9 +10,11 @@ fail2ban:
log: /var/log/fail2ban.log log: /var/log/fail2ban.log
dovecot: dovecot:
log: [/var/log/mail.log,/var/log/mail.err] log: [/var/log/mail.log,/var/log/mail.err]
needs_exposed_ports: [993]
postfix: postfix:
log: [/var/log/mail.log,/var/log/mail.err] log: [/var/log/mail.log,/var/log/mail.err]
test-status: systemctl show postfix@- | grep -q "^SubState=running" test-status: systemctl show postfix@- | grep -q "^SubState=running"
needs_exposed_ports: [25, 587]
rspamd: rspamd:
log: /var/log/rspamd/rspamd.log log: /var/log/rspamd/rspamd.log
redis-server: redis-server:
@ -22,8 +25,10 @@ mysql:
ssh: ssh:
log: /var/log/auth.log log: /var/log/auth.log
test-conf: sshd -t test-conf: sshd -t
needs_exposed_ports: [22]
metronome: metronome:
log: [/var/log/metronome/metronome.log,/var/log/metronome/metronome.err] log: [/var/log/metronome/metronome.log,/var/log/metronome/metronome.err]
needs_exposed_ports: [5222, 5269]
slapd: slapd:
log: /var/log/syslog log: /var/log/syslog
php7.0-fpm: php7.0-fpm:

2
locales/en.json
View file

@ -216,6 +216,8 @@
"diagnosis_ports_could_not_diagnose": "Could not diagnose if ports are reachable from outside. Error: {error}", "diagnosis_ports_could_not_diagnose": "Could not diagnose if ports are reachable from outside. Error: {error}",
"diagnosis_ports_unreachable": "Port {port} is not reachable from outside.", "diagnosis_ports_unreachable": "Port {port} is not reachable from outside.",
"diagnosis_ports_ok": "Port {port} is reachable from outside.", "diagnosis_ports_ok": "Port {port} is reachable from outside.",
"diagnosis_ports_needed_by": "Exposing this port is needed for service {0}",
"diagnosis_ports_forwarding_tip": "To fix this issue, most probably you need to configure port forwarding on your internet router as described in https://yunohost.org/port_forwarding",
"diagnosis_http_could_not_diagnose": "Could not diagnose if domain is reachable from outside. Error: {error}", "diagnosis_http_could_not_diagnose": "Could not diagnose if domain is reachable from outside. Error: {error}",
"diagnosis_http_ok": "Domain {domain} is reachable from outside.", "diagnosis_http_ok": "Domain {domain} is reachable from outside.",
"diagnosis_http_unreachable": "Domain {domain} is unreachable through HTTP from outside.", "diagnosis_http_unreachable": "Domain {domain} is unreachable through HTTP from outside.",