Index: /branches/amp_4_0/amp.spec =================================================================== --- /branches/amp_4_0/amp.spec (revision 2885) +++ /branches/amp_4_0/amp.spec (working copy) @@ -256,7 +256,7 @@ install -Dm 0644 src/openssh/sshd_config %{buildroot}/ca/etc/ install -Dm 0755 src/openssh/ssh-regenkey.sh %{buildroot}/ca/bin/ install -Dm 0755 src/webui/tftp/pulltftp %{buildroot}/ca/bin/ -install -Dm 0755 src/library/libpyexauth/_pyexauth.cpython-313-x86_64-linux-gnu.so %{buildroot}/usr/lib64/python3.13/site-packages/ +#install -Dm 0755 src/library/libpyexauth/_pyexauth.cpython-313-x86_64-linux-gnu.so %{buildroot}/usr/lib64/python3.13/site-packages/ install -Dm 0644 conf/array.conf %{buildroot}/etc/NetworkManager/conf.d/array.conf install -Dm 0755 scripts/check_build.py %{buildroot}/ca/bin/check_build.py install -Dm 0755 scripts/check_adc_ssl.py %{buildroot}/ca/bin/check_adc_ssl.py @@ -340,7 +340,7 @@ %attr (755,root,root)/ca/bin/ssh-regenkey.sh %attr (644,root,root)/ca/etc/sshd_config %attr (755,root,root)/ca/bin/pulltftp -%attr (755,root,root)/usr/lib64/python3.13/site-packages/_pyexauth.cpython-313-x86_64-linux-gnu.so +#%attr (755,root,root)/usr/lib64/python3.13/site-packages/_pyexauth.cpython-313-x86_64-linux-gnu.so %attr (644,root,root)/etc/NetworkManager/conf.d/array.conf %attr (755,root,root)/ca/bin/check_build.py %attr (755,root,root)/ca/bin/check_adc_ssl.py Index: /branches/amp_4_0/platform/tools/container/install_prerequisites.sh =================================================================== --- /branches/amp_4_0/platform/tools/container/install_prerequisites.sh (revision 2885) +++ /branches/amp_4_0/platform/tools/container/install_prerequisites.sh (working copy) @@ -87,13 +87,17 @@ # 1. Individual Checks (Fallbacks for Online Mode) - # Install Python 3 via custom script or dnf - if [ -f "$SETUP_DIR/install_python.sh" ]; then - echo "Invoking custom Python installer (install_python.sh)..." - sudo bash "$SETUP_DIR/install_python.sh" - elif ! check_cmd python3; then - echo "Installing Python3..." - sudo dnf install -y python3 + # Install Python 3.11 (Precompiled) + if ! check_cmd python3.11; then + echo "Installing Python 3.11 (Precompiled RPMs)..." + sudo dnf install -y python3.11 python3.11-devel python3.11-pip + + # Sets python3.11 as default python3 if alternatives command exists + if command -v alternatives >/dev/null 2>&1; then + sudo alternatives --set python3 /usr/bin/python3.11 2>/dev/null || true + fi + else + echo "✅ Python 3.11 is already installed." fi # Install Java via custom script or dnf Index: /branches/amp_4_0/platform/tools/container/manage_amp.sh =================================================================== --- /branches/amp_4_0/platform/tools/container/manage_amp.sh (revision 2904) +++ /branches/amp_4_0/platform/tools/container/manage_amp.sh (working copy) @@ -421,6 +421,19 @@ echo "✅ Log directory already exists: $LOG_DIR" fi + # Create amp-core required directories (required for bind mounts) + echo "" + echo "--- Creating amp-core directories ---" + for DIR in /ca/conf /ca/etc /ca/package "${AMP_LOG_ROOT:-/var/log/amp}/amp-core"; do + if [ ! -d "$DIR" ]; then + echo "Creating directory: $DIR" + sudo mkdir -p "$DIR" + echo "✅ Created $DIR" + else + echo "✅ Directory already exists: $DIR" + fi + done + # Configure Firewall Rules (if firewalld is available) if command -v firewall-cmd &> /dev/null; then echo "" @@ -1146,8 +1159,8 @@ # 1b. Create directories required for amp-core bind mounts echo "Creating required host directories for amp-core..." - sudo mkdir -p /ca/conf /ca/etc "${AMP_LOG_ROOT:-/var/log/amp}/amp-core" - echo "✅ Created /ca/conf, /ca/etc, ${AMP_LOG_ROOT:-/var/log/amp}/amp-core" + sudo mkdir -p /ca/conf /ca/etc /ca/package "${AMP_LOG_ROOT:-/var/log/amp}/amp-core" + echo "✅ Created /ca/conf, /ca/etc, /ca/package, ${AMP_LOG_ROOT:-/var/log/amp}/amp-core" # 2. Check if Certificates Exist echo "Checking for existing certificates..." Index: /branches/amp_4_0/platform/tools/container/services/amp-core/Dockerfile =================================================================== --- /branches/amp_4_0/platform/tools/container/services/amp-core/Dockerfile (revision 2903) +++ /branches/amp_4_0/platform/tools/container/services/amp-core/Dockerfile (working copy) @@ -1,17 +1,22 @@ FROM rockylinux:9 LABEL maintainer="Array Networks" \ - description="AMP Core Services - Backend and WebUI Agent" \ + description="AMP Core Services - Backend, WebUI Agent, and Python API" \ version="4.0.0" -# Install runtime dependencies for backend and webui_agent binaries +# Install runtime dependencies RUN dnf update -y && \ dnf install -y epel-release && \ dnf install -y --allowerasing \ + # Python 3.11 runtime (latest in EPEL for Rocky 9) + python3.11 \ + python3.11-pip \ # Network and crypto libraries libcurl \ + libcurl-devel \ libxml2 \ openssl-libs \ + openssl-devel \ # Terminal/UI libraries ncurses-libs \ # Database client library @@ -20,35 +25,72 @@ zlib \ # Process utilities procps-ng \ - # Process supervisor for managing multiple daemons (from EPEL) - supervisor \ + iproute \ && dnf clean all -# Create AMP directory structure (matching VM layout) +# Set python3.11 as default python3 +RUN ln -sf /usr/bin/python3.11 /usr/bin/python3 && \ + ln -sf /usr/bin/pip3.11 /usr/bin/pip3 + +# Create AMP directory structure RUN mkdir -p /ca/bin \ /ca/conf \ /ca/etc \ - /ca/webui \ + /ca/config/backup \ + /ca/webui/htdocs/new/src \ + /ca/package \ /var/log/amp \ - /var/log/supervisor + /var/log/supervisor \ + /tmp/webui_upload -# Copy pre-built binaries (built during CI/CD pipeline on build machine) +# NOTE: User accounts (test, admin, api users) must be created on the HOST +# because /etc/passwd and /etc/shadow are bind-mounted at runtime. +# The "test" user is required by backend's disable_test_account() function. +# Create on host: sudo useradd -r -s /sbin/nologin test + +# Install systemctl stub for container environment +# Backend calls "systemctl stop nginx" but nginx runs in a separate container +COPY systemctl_stub.sh /usr/bin/systemctl +RUN chmod +x /usr/bin/systemctl + +# Copy pre-built binaries COPY bin/backend /ca/bin/backend COPY bin/webui_agent /ca/bin/webui_agent COPY bin/ca_shell /ca/bin/ca_shell +COPY backend_wrapper.sh /ca/bin/backend_wrapper.sh # Make binaries executable -RUN chmod +x /ca/bin/backend /ca/bin/webui_agent /ca/bin/ca_shell +RUN chmod +x /ca/bin/backend /ca/bin/webui_agent /ca/bin/ca_shell /ca/bin/backend_wrapper.sh +# Copy Python application +COPY webui /ca/webui/htdocs/new/src/ + +# Copy dependent shared libraries for pyexauth (if available) +COPY lib/ /usr/local/lib/ +RUN ldconfig 2>/dev/null || true + +# Install Python dependencies and supervisor +RUN pip3 install --no-cache-dir supervisor cffi && \ + pip3 install --no-cache-dir -r /ca/webui/htdocs/new/src/requirements.txt + # Copy supervisord configuration COPY supervisord.conf /etc/supervisord.conf -# Expose webui_agent port (default 8889) -EXPOSE 8889 +# Environment variables for Django +ENV DJANGO_SETTINGS_MODULE=djproject.settings +ENV PYTHONPATH=/ca/webui/htdocs/new/src -# Health check - verify webui_agent is running (backend daemonizes separately) -HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \ - CMD supervisorctl status webui_agent | grep -q RUNNING || exit 1 +# Expose ports +EXPOSE 8889 +# 8889 - webui_agent +EXPOSE 8000 +# 8000 - Django API (Gunicorn) +EXPOSE 9993 +# 9993 - FTP Server -# Use supervisord as the main process to manage both backend and webui_agent -CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] +# Health check +HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \ + CMD supervisorctl status amp_api | grep -q RUNNING || exit 1 + +# Start supervisord (pip3 installs to /usr/local/bin) +CMD ["/usr/local/bin/supervisord", "-c", "/etc/supervisord.conf"] Index: /branches/amp_4_0/platform/tools/container/services/amp-core/backend_wrapper.sh =================================================================== --- /branches/amp_4_0/platform/tools/container/services/amp-core/backend_wrapper.sh (nonexistent) +++ /branches/amp_4_0/platform/tools/container/services/amp-core/backend_wrapper.sh (working copy) @@ -0,0 +1,26 @@ +#!/bin/bash +# Wrapper to satisfy Supervisord requirements for daemonizing backend process + +# 1. Clean up potential stale PID or logs +LOG_FILE="/var/log/amp/backend.log" +touch "$LOG_FILE" + +echo "Starting backend wrapper..." + +# 2. Launch backend (it will fork/daemonize) +/ca/bin/backend + +# 3. Check if it started +sleep 2 +if ! pgrep -x "backend" > /dev/null; then + echo "ERROR: Backend process failed to start." + exit 1 +fi + +echo "Backend started successfully (PID: $(pgrep -x backend))" + +# 4. Tail the log file to keep this script running (Foreground hack) +# We use tail -f --pid to exit if the backend process dies +BACKEND_PID=$(pgrep -x backend) +tail -f --pid=$BACKEND_PID "$LOG_FILE" + \ No newline at end of file Index: /branches/amp_4_0/platform/tools/container/services/amp-core/build.sh =================================================================== --- /branches/amp_4_0/platform/tools/container/services/amp-core/build.sh (revision 2903) +++ /branches/amp_4_0/platform/tools/container/services/amp-core/build.sh (working copy) @@ -1,7 +1,7 @@ #!/bin/bash # # Build script for amp-core Docker image -# This script copies pre-built binaries and builds the Docker image +# This script copies pre-built binaries, Python webui source, and builds the Docker image # # Usage: # ./build.sh [TAG] [REGISTRY] @@ -19,19 +19,22 @@ TAG="${1:-1.0.0}" REGISTRY="${2:-127.0.0.1:5000}" +WEBUI_SRC="${PROJECT_ROOT}/src/webui/webui/htdocs/new/src" + echo "==============================================" echo "Building amp-core Docker image" echo "Tag: ${TAG}" echo "Registry: ${REGISTRY}" echo "==============================================" -# Create bin directory if it doesn't exist +# Create directories if they don't exist mkdir -p "${SCRIPT_DIR}/bin" +mkdir -p "${SCRIPT_DIR}/webui" # Function to find and copy binary copy_binary() { local binary_name="$1" - local src_subdir="$2" # Subdirectory under src/ where the binary lives + local src_subdir="$2" local found=false # Priority 1: Check RPM build output (after 'make amp') @@ -53,7 +56,6 @@ if [ "$found" = false ]; then echo "ERROR: ${binary_name} binary not found!" - echo "Please build the project first using 'make amp' in the project root." echo "Searched locations:" echo " - ${PROJECT_ROOT}/build/array/BUILD/amp-4.0.0/src/${src_subdir}/${binary_name}" echo " - /ca/bin/${binary_name}" @@ -69,11 +71,96 @@ echo "Copying binaries..." copy_binary "backend" "backend" || exit 1 copy_binary "webui_agent" "webui_agent" || exit 1 +# Copy backend wrapper script +if [ -f "${SCRIPT_DIR}/backend_wrapper.sh" ]; then + cp "${SCRIPT_DIR}/backend_wrapper.sh" "${SCRIPT_DIR}/bin/backend_wrapper.sh" + chmod +x "${SCRIPT_DIR}/bin/backend_wrapper.sh" + echo "✓ backend_wrapper.sh copied" +else + echo "ERROR: backend_wrapper.sh not found!" + exit 1 +fi +# Copy ca_shell (optional - may not exist in all builds) +if copy_binary "ca_shell" "cli"; then + echo "✓ ca_shell copied" +else + echo "⚠️ ca_shell not found - creating placeholder" + echo '#!/bin/bash' > "${SCRIPT_DIR}/bin/ca_shell" + echo 'echo "ca_shell not available in this build"' >> "${SCRIPT_DIR}/bin/ca_shell" + chmod +x "${SCRIPT_DIR}/bin/ca_shell" +fi +# Copy avxlog_conf_update.sh (required by backend) +if [ -f "${PROJECT_ROOT}/scripts/avxlog_conf_update.sh" ]; then + cp "${PROJECT_ROOT}/scripts/avxlog_conf_update.sh" "${SCRIPT_DIR}/bin/avxlog_conf_update.sh" + chmod +x "${SCRIPT_DIR}/bin/avxlog_conf_update.sh" + echo "✓ avxlog_conf_update.sh copied" +else + echo "⚠️ scripts/avxlog_conf_update.sh not found!" +fi + +# Copy Python webui source echo "" +echo "Copying Python webui source..." +if [ -d "${WEBUI_SRC}" ]; then + # Clean previous copy + rm -rf "${SCRIPT_DIR}/webui"/* + + # Copy required Python directories and files + cp -r "${WEBUI_SRC}/djproject" "${SCRIPT_DIR}/webui/" + cp -r "${WEBUI_SRC}/hive" "${SCRIPT_DIR}/webui/" + cp -r "${WEBUI_SRC}/cm" "${SCRIPT_DIR}/webui/" + cp -r "${WEBUI_SRC}/lib" "${SCRIPT_DIR}/webui/" + cp -r "${WEBUI_SRC}/tools" "${SCRIPT_DIR}/webui/" 2>/dev/null || true + cp -r "${WEBUI_SRC}/locale" "${SCRIPT_DIR}/webui/" 2>/dev/null || true + cp -r "${WEBUI_SRC}/nds" "${SCRIPT_DIR}/webui/" 2>/dev/null || true + cp -r "${WEBUI_SRC}/vclient" "${SCRIPT_DIR}/webui/" 2>/dev/null || true + cp "${WEBUI_SRC}/manage.py" "${SCRIPT_DIR}/webui/" + cp "${WEBUI_SRC}/requirements.txt" "${SCRIPT_DIR}/webui/" + + # Copy tests if exists (optional) + [ -d "${WEBUI_SRC}/tests" ] && cp -r "${WEBUI_SRC}/tests" "${SCRIPT_DIR}/webui/" + + echo "✓ Copied Python webui source to ${SCRIPT_DIR}/webui/" +else + echo "ERROR: webui source not found at ${WEBUI_SRC}" + exit 1 +fi + +# Copy pyexauth authentication module (.so file) +echo "" +echo "Copying pyexauth authentication module..." +# Search in source dir first (fresh builds), then fall back to build dir +PYEXAUTH_SO=$(find "${PROJECT_ROOT}/src/library/libpyexauth" -name "_pyexauth*.so" 2>/dev/null | head -1) +if [ -z "${PYEXAUTH_SO}" ]; then + PYEXAUTH_SO=$(find "${PROJECT_ROOT}/build" -name "_pyexauth*.so" 2>/dev/null | head -1) +fi +if [ -n "${PYEXAUTH_SO}" ] && [ -f "${PYEXAUTH_SO}" ]; then + cp "${PYEXAUTH_SO}" "${SCRIPT_DIR}/webui/hive/" + echo "✓ Copied $(basename ${PYEXAUTH_SO}) from $(dirname ${PYEXAUTH_SO})" +else + echo "⚠️ pyexauth .so not found - authentication may fall back to local mode" +fi + +# Copy dependent shared libraries for pyexauth +echo "" +echo "Copying dependent libraries..." +mkdir -p "${SCRIPT_DIR}/lib" +for lib_name in libexauth libpyauth libavxlog; do + LIB_SO=$(find "${PROJECT_ROOT}/build" -name "${lib_name}*.so*" 2>/dev/null | head -1) + if [ -n "${LIB_SO}" ] && [ -f "${LIB_SO}" ]; then + cp "${LIB_SO}" "${SCRIPT_DIR}/lib/" + echo "✓ Copied $(basename ${LIB_SO})" + fi +done + +echo "" echo "Building Docker image..." docker build -t "${REGISTRY}/amp/amp-core:${TAG}" "${SCRIPT_DIR}" +# Cleanup copied source (optional - can be left for debugging) +# rm -rf "${SCRIPT_DIR}/webui" + echo "" echo "==============================================" echo "✅ Successfully built: ${REGISTRY}/amp/amp-core:${TAG}" @@ -84,6 +171,10 @@ echo "" echo "To run locally for testing:" echo " docker run -d --name amp-core-test \\" +echo " -e DB_HOST=host.docker.internal \\" +echo " -e DB_PASSWORD=your_password \\" echo " -v /ca/conf:/ca/conf \\" echo " -v /ca/etc:/ca/etc:ro \\" +echo " -v /ca/package:/ca/package \\" +echo " --add-host host.docker.internal:host-gateway \\" echo " ${REGISTRY}/amp/amp-core:${TAG}" Index: /branches/amp_4_0/platform/tools/container/services/amp-core/supervisord.conf =================================================================== --- /branches/amp_4_0/platform/tools/container/services/amp-core/supervisord.conf (revision 2903) +++ /branches/amp_4_0/platform/tools/container/services/amp-core/supervisord.conf (working copy) @@ -8,11 +8,9 @@ ; ============================================================ ; Backend Service - Main AMP Daemon -; NOTE: Backend calls daemon() and forks to background. -; We use startsecs=0 and autorestart=false since it daemonizes. ; ============================================================ [program:backend] -command=/ca/bin/backend +command=/ca/bin/backend_wrapper.sh directory=/ca autostart=true autorestart=false @@ -47,6 +45,66 @@ priority=200 ; ============================================================ +; AMP API Service - Python Backend API via Gunicorn +; ============================================================ +[program:amp_api] +command=gunicorn --bind 0.0.0.0:8000 --workers 4 --timeout 120 djproject.wsgi:application +directory=/ca/webui/htdocs/new/src +environment=DJANGO_SETTINGS_MODULE="djproject.settings",PYTHONPATH="/ca/webui/htdocs/new/src:/ca/webui/htdocs/new/src/hive" +autostart=true +autorestart=true +startsecs=5 +startretries=3 +stopwaitsecs=30 +stdout_logfile=/var/log/amp/amp_api.log +stdout_logfile_maxbytes=50MB +stdout_logfile_backups=3 +stderr_logfile=/var/log/amp/amp_api-error.log +stderr_logfile_maxbytes=50MB +stderr_logfile_backups=3 +priority=300 + +; ============================================================ +; FTP Server - Package Upload Service (Port 9993) +; ============================================================ +[program:ftp_server] +command=python3 /ca/webui/htdocs/new/src/cm/lib/init_ftp_server.py +directory=/ca/webui/htdocs/new/src +environment=PYTHONPATH="/ca/webui/htdocs/new/src" +autostart=true +autorestart=true +startsecs=3 +startretries=3 +stopwaitsecs=10 +stdout_logfile=/var/log/amp/ftp_server.log +stdout_logfile_maxbytes=10MB +stdout_logfile_backups=2 +stderr_logfile=/var/log/amp/ftp_server-error.log +stderr_logfile_maxbytes=10MB +stderr_logfile_backups=2 +priority=400 + +; ============================================================ +; TFTP Server - Device Firmware Transfer (Port 69) +; ============================================================ +[program:tftp_server] +command=python3 /ca/webui/htdocs/new/src/cm/lib/init_tftp_server.py +directory=/ca/webui/htdocs/new/src +environment=PYTHONPATH="/ca/webui/htdocs/new/src" +autostart=true +autorestart=true +startsecs=3 +startretries=3 +stopwaitsecs=10 +stdout_logfile=/var/log/amp/tftp_server.log +stdout_logfile_maxbytes=10MB +stdout_logfile_backups=2 +stderr_logfile=/var/log/amp/tftp_server-error.log +stderr_logfile_maxbytes=10MB +stderr_logfile_backups=2 +priority=500 + +; ============================================================ ; Supervisor Control Interface ; ============================================================ [supervisorctl] Index: /branches/amp_4_0/platform/tools/container/services/nginx/conf.d/app.conf =================================================================== --- /branches/amp_4_0/platform/tools/container/services/nginx/conf.d/app.conf (revision 2885) +++ /branches/amp_4_0/platform/tools/container/services/nginx/conf.d/app.conf (working copy) @@ -111,12 +111,10 @@ } # --- Backend API Proxy at /api/v2/ --- - # Assuming backend runs on host or another container. - # For Docker, if backend is on host, use host.docker.internal or extra_hosts + # amp-core uses host networking, so we use host.docker.internal (from extra_hosts) + # NOTE: Using static proxy_pass (not variable) so nginx reads /etc/hosts location ^~ /api/v2/ { - # Using host.docker.internal to reach host service from inside container (Docker Desktop/standard setup) - set $backend "http://backend:8888"; - proxy_pass $backend; + proxy_pass http://host.docker.internal:8000/; proxy_http_version 1.1; proxy_set_header Host $host; Index: /branches/amp_4_0/platform/tools/container/stack.yml.template =================================================================== --- /branches/amp_4_0/platform/tools/container/stack.yml.template (revision 2904) +++ /branches/amp_4_0/platform/tools/container/stack.yml.template (working copy) @@ -447,8 +447,11 @@ environment: - DB_HOST=host.docker.internal - DB_PORT=5432 + - DB_NAME=${POSTGRES_DB_CM:-cm} - DB_USER=${POSTGRES_USER:-postgres} - DB_PASSWORD=${POSTGRES_PASSWORD:-Arr@y2050} + - DJANGO_SETTINGS_MODULE=djproject.settings + - PYTHONPATH=/ca/webui/htdocs/new/src volumes: # Mount configuration directories from host - type: bind @@ -458,10 +461,27 @@ source: /ca/etc target: /ca/etc read_only: true + # Mount package directory for FTP uploads + - type: bind + source: /ca/package + target: /ca/package # Mount log directory - type: bind source: ${AMP_LOG_ROOT:-/var/log/amp}/amp-core target: /var/log/amp + # Mount host user database for authentication (pyexauth needs these) + - type: bind + source: /etc/passwd + target: /etc/passwd + read_only: true + - type: bind + source: /etc/shadow + target: /etc/shadow + read_only: true + - type: bind + source: /etc/group + target: /etc/group + read_only: true extra_hosts: - "host.docker.internal:host-gateway" networks: @@ -470,6 +490,12 @@ - target: 8889 published: ${AMP_WEBUI_AGENT_PORT:-8889} mode: host + - target: 8000 + published: ${AMP_DJANGO_API_PORT:-8000} + mode: host + - target: 9993 + published: ${AMP_FTP_PORT:-9993} + mode: host volumes: opensearch-data: Index: /branches/amp_4_0/scripts/avxlog_conf_update.sh =================================================================== --- /branches/amp_4_0/scripts/avxlog_conf_update.sh (revision 2885) +++ /branches/amp_4_0/scripts/avxlog_conf_update.sh (working copy) @@ -17,7 +17,7 @@ CONF_FULL= -SYSLOG_RESTART="yes" #Change to "no" if don't need to restart rsyslog +SYSLOG_RESTART="no" #Change to "no" if don't need to restart rsyslog if [ $1 == $OP_ADD_FILTER ] && [ $# -eq 9 ] then Index: /branches/amp_4_0/src/library/libpyexauth/Makefile =================================================================== --- /branches/amp_4_0/src/library/libpyexauth/Makefile (revision 2885) +++ /branches/amp_4_0/src/library/libpyexauth/Makefile (working copy) @@ -5,7 +5,7 @@ all: _pyexauth.so _pyexauth.so: - cd ./$(.CURDIR) && python3.13 pyexauth_build.py + cd ./$(.CURDIR) && python3.11 pyexauth_build.py install: install -m 755 ./$(.CURDIR)/_pyexauth.so ./$(.CURDIR)/../../webui/webui/htdocs/new/src/hive Index: /branches/amp_4_0/src/library/libpyexauth/pyexauth_build.py =================================================================== --- /branches/amp_4_0/src/library/libpyexauth/pyexauth_build.py (revision 2885) +++ /branches/amp_4_0/src/library/libpyexauth/pyexauth_build.py (working copy) @@ -27,8 +27,8 @@ exauth_conf_t *shm_p = NULL; """, include_dirs=[f"{library_dir}/libexauth", f"{library_dir}/libpyauth"], - library_dirs=[f"{library_dir}/libexauth",f"{library_dir}/avx_log",f"{library_dir}/libpyauth"], - libraries=["exauth", "avxlog", "ssl", "pyauth", "crypt"]) + library_dirs=[f"{library_dir}/libexauth",f"{library_dir}/avx_log",f"{library_dir}/libpyauth", "/usr/lib64", "/usr/local/lib64"], + libraries=["exauth", "avxlog", "ssl", "crypto", "pyauth", "crypt"]) if __name__ == "__main__": ffi.compile() Index: /branches/amp_4_0/src/webui/webui/htdocs/new/src/cm/lib/postgres_db.py =================================================================== --- /branches/amp_4_0/src/webui/webui/htdocs/new/src/cm/lib/postgres_db.py (revision 2885) +++ /branches/amp_4_0/src/webui/webui/htdocs/new/src/cm/lib/postgres_db.py (working copy) @@ -1,8 +1,12 @@ +import os import psycopg2 -AN_DB_NAME = "cm" -AN_USER = "amp_admin" -AN_USER_PASSWORD = "Array@123$" +# Database configuration from environment variables (with defaults for backward compatibility) +AN_DB_NAME = os.environ.get('DB_NAME', 'cm') +AN_USER = os.environ.get('DB_USER', 'amp_admin') +AN_USER_PASSWORD = os.environ.get('DB_PASSWORD', 'Array@123$') +AN_DB_HOST = os.environ.get('DB_HOST', '127.0.0.1') +AN_DB_PORT = os.environ.get('DB_PORT', '5432') class DB(object): @@ -14,8 +18,8 @@ conn = psycopg2.connect(database=AN_DB_NAME, user=AN_USER, password=AN_USER_PASSWORD, - host="127.0.0.1", - port="5432") + host=AN_DB_HOST, + port=AN_DB_PORT) return DB(conn) if conn else None def get_cursor(self): Index: /branches/amp_4_0/src/webui/webui/htdocs/new/src/djproject/settings.py =================================================================== --- /branches/amp_4_0/src/webui/webui/htdocs/new/src/djproject/settings.py (revision 2885) +++ /branches/amp_4_0/src/webui/webui/htdocs/new/src/djproject/settings.py (working copy) @@ -1,6 +1,7 @@ # Django settings for djproject project. +import os -DEBUG = False +DEBUG = os.environ.get('DJANGO_DEBUG', 'False').lower() == 'true' # DEBUG = True #DEVMODE TEMPLATE_DEBUG = DEBUG ALLOWED_HOSTS = ['*'] # for django 1.5+ @@ -13,12 +14,12 @@ DATABASES = { 'default': { - 'ENGINE': 'django.db.backends.postgresql', # Add 'postgresql', 'mysql', 'sqlite3' or 'oracle'. - 'NAME': 'cm', # Or path to a database file if using sqlite3. - 'USER': 'amp_admin', # Not used with sqlite3. - 'PASSWORD': 'Array@123$', # Not used with sqlite3. - 'HOST': '127.0.0.1', # Set to empty string for localhost. Not used with sqlite3. - 'PORT': '5432', # Set to empty string by default. Not used with sqlite3. + 'ENGINE': 'django.db.backends.postgresql', + 'NAME': os.environ.get('DB_NAME', 'cm'), + 'USER': os.environ.get('DB_USER', 'amp_admin'), + 'PASSWORD': os.environ.get('DB_PASSWORD', 'Array@123$'), + 'HOST': os.environ.get('DB_HOST', '127.0.0.1'), + 'PORT': os.environ.get('DB_PORT', '5432'), } } Index: /branches/amp_4_0/src/webui/webui/htdocs/new/src/hive/auth.py =================================================================== --- /branches/amp_4_0/src/webui/webui/htdocs/new/src/hive/auth.py (revision 2885) +++ /branches/amp_4_0/src/webui/webui/htdocs/new/src/hive/auth.py (working copy) @@ -5,6 +5,13 @@ def auth_cm(username, password, api=False): + # Ensure current directory is in sys.path so we can import _pyexauth.so + import os + import sys + current_dir = os.path.dirname(os.path.abspath(__file__)) + if current_dir not in sys.path: + sys.path.append(current_dir) + try: from _pyexauth import ffi, lib sent_user = ffi.new("char[]", username.encode("utf-8")) @@ -14,7 +21,12 @@ return AUTH_ENABLE if ret == 3: return AUTH_CONFIG - except ImportError as error: + except ImportError: return 0 + except Exception as error: + print(f"Auth error: {error}") + import traceback + traceback.print_exc() + return 0 return 0 Index: /branches/amp_4_0/src/webui/webui/htdocs/new/src/hive/session.py =================================================================== --- /branches/amp_4_0/src/webui/webui/htdocs/new/src/hive/session.py (revision 2885) +++ /branches/amp_4_0/src/webui/webui/htdocs/new/src/hive/session.py (working copy) @@ -51,12 +51,20 @@ def login(self, enable_password): if an_settings.LEGACY_CLI_AGENT: - self.cli = ANCLIConn.get_conn(self._username, sessid=self._sessid, address=an_settings.LEGACY_CLI_AGENT_IP) - self.cli.set_enable_pass(enable_password) try: - self.cli.set_enable(force=True) - except CLIEnablePassError: - return None + self.cli = ANCLIConn.get_conn(self._username, sessid=self._sessid, address=an_settings.LEGACY_CLI_AGENT_IP) + self.cli.set_enable_pass(enable_password) + try: + self.cli.set_enable(force=True) + except CLIEnablePassError: + return None + except Exception as e: + # Log error but allow login to proceed if CLI agent fails + print(f"WARNING: Legacy CLI connection failed: {e}") + import traceback + traceback.print_exc() + # If critical for your app, you might want to return None here. + # For now, we assume we can proceed without CLI connectivity. """ for name, app in get_apps().iteritems(): Index: /branches/amp_4_0/src/webui/webui/htdocs/new/src/requirements.txt =================================================================== --- /branches/amp_4_0/src/webui/webui/htdocs/new/src/requirements.txt (nonexistent) +++ /branches/amp_4_0/src/webui/webui/htdocs/new/src/requirements.txt (working copy) @@ -0,0 +1,61 @@ +# AMP Backend Python Dependencies +# Complete list from codebase import analysis + +# Web Framework +Django>=4.2,<5.0 +gunicorn>=21.0 + +# Database +psycopg2-binary>=2.9 +pymongo>=4.6 +influxdb>=5.3 + +# Template Engine +Jinja2>=3.1 +MarkupSafe>=2.1 + +# Search Engine Clients +opensearch-py>=2.4 +elasticsearch>=8.0 +whoosh>=2.7 + +# FTP/TFTP Servers +pyftpdlib>=1.5 +tftpy>=0.8 + +# XML Processing +dicttoxml>=1.7 +xmltodict>=0.13 + +# Date/Time utilities +python-dateutil>=2.8 + +# Task Scheduler +APScheduler>=3.10 + +# Configuration +toml>=0.10 + +# HTTP Client +requests>=2.31 +urllib3>=2.0 +httpx>=0.27 +pycurl>=7.45 + +# Cryptography +pycryptodomex>=3.19 + +# Babel (i18n) +babel>=2.13 + +# PDF Generation (for reports) +reportlab>=4.0 + +# Paramiko (SSH/SFTP) +paramiko>=3.4 + +# JWT tokens +PyJWT>=2.8 + +# YAML parsing +PyYAML>=6.0