def setup_packages():
puts(green('Installing Packages'))
sudo ("rm -rf /var/www")
sudo ("ln -fs $HOME /var/www")
# rbenv
run('git clone https://github.com/sstephenson/rbenv.git ~/.rbenv');
run('git clone https://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build');
run('echo \'export PATH="$HOME/.rbenv/bin:$PATH"\' >> ~/.bash_profile');
run('echo \'eval "$(rbenv init -)"\' >> ~/.bash_profile');
run('source ~/.bash_profile');
# ruby
run('rbenv install 2.1.0');
run('rbenv global 2.1.0');
# rails
run('echo \'install: --no-rdoc --no-ri\' >> ~/.gemrc');
run('echo \'update : --no-rdoc --no-ri\' >> ~/.gemrc');
run('gem install rubygems-update')
run('update_rubygems')
run('gem install rails --version 4.2.0')
# other
cuisine.package_ensure('mysql-server-5.5')
cuisine.package_ensure('redis-server')
# nvm
run("git clone https://github.com/creationix/nvm.git ~/.nvm")
def stage7_midonet_tunnelzone_members():
metadata = Config(os.environ["CONFIGFILE"])
if cuisine.file_exists("/tmp/.%s.lck" % sys._getframe().f_code.co_name):
return
cuisine.package_ensure("expect")
for container_role in ['container_midonet_gateway', 'container_openstack_compute', 'container_openstack_neutron']:
if container_role in metadata.roles:
for container in metadata.containers:
if container in metadata.roles[container_role]:
puts(green("adding container %s as member to tunnel zones" % container))
add_host_to_tunnel_zone(metadata.config["debug"], container, metadata.containers[container]["ip"])
for physical_role in ['physical_midonet_gateway', 'physical_openstack_compute']:
if physical_role in metadata.roles:
for server in metadata.servers:
if server in metadata.roles[physical_role]:
puts(green("adding server %s as member to tunnel zones" % server))
#
# tinc can only work with MTU 1500
# we could use the approach from http://lartc.org/howto/lartc.cookbook.mtu-mss.html
# but instead we will disable rp_filter and use the physical interface ip
#
# server_ip = "%s.%s" % (metadata.config["vpn_base"], metadata.config["idx"][server])
#
server_ip = metadata.servers[server]["ip"]
add_host_to_tunnel_zone(metadata.config["debug"], server, server_ip)
cuisine.file_write("/tmp/.%s.lck" % sys._getframe().f_code.co_name, "xoxo")
def add_nrpe_port():
'''
Configures settings to permit incoming NRPE connections on port 5666.
'''
cuisine.package_ensure('xinetd')
sudo('echo "nrpe 5666/tcp" >> /etc/services')
sudo('iptables -A INPUT -p tcp --dport 5666 -j ACCEPT')
def apply(self, computer):
cuisine.package_ensure('shorewall')
cuisine.package_ensure('shorewall-doc')
self.push_package_file_set('shorewall', computer)
cuisine.sudo("service shorewall restart")
def install_python(version, force=False):
"""Install python"""
package_ensure('build-essential')
package_ensure('libcurl4-openssl-dev')
install_dir = os.path.join(_INSTALL_DIR, 'python', version)
python_bin = os.path.join(install_dir, 'bin', 'python')
if file_exists(python_bin):
if not force:
puts("Python {0} found, skipping installation".format(version))
return
else:
puts("Reinstalling Python {0} found".format(version))
src_dir = run('mktemp -d')
with cd(src_dir):
puts("Downloading python {0}".format(version))
run("wget -q '%s' -O - | tar xz" % PYTHON_DOWNLOAD_URL.format(version=version))
with cd('Python-{0}'.format(version)):
puts("Installing python {0}".format(version))
run("./configure --prefix=%s" % install_dir)
run("make")
sudo('make install')
run('rm -rf {0}'.format(src_dir))
def __configure_ubuntu_packages(root_pass="******"):
"""Configure mysql ubuntu packages"""
sudo("echo mysql-server-5.5 mysql-server/root_password password %s" " | debconf-set-selections" % root_pass)
sudo("echo mysql-server-5.5 mysql-server/root_password_again password %s" " | debconf-set-selections" % root_pass)
sudo("echo mysql-server-5.5 mysql-server/start_on_boot boolean true" " | debconf-set-selections")
package_ensure("mysql-server")
package_ensure("python-mysqldb")
def configure_chargeback(mysql_chargeback_username='******',
mysql_chargeback_password='******',
mysql_chargeback_host='localhost',
mysql_chargeback_port='3306',
mysql_chargeback_schema='chargeback',
mysql_activity_schema='activity',
mysql_chargeback_root_password='******',
service_chargeback_user='******',
service_chargeback_password='******',
admin_token='stackops',
auth_host='127.0.0.1',
auth_port='35357',
auth_protocol='http',
auth_uri='/v2.0'):
"""Generate chargeback configuration. Execute on both servers"""
sudo('echo stackops-chargeback stackops-chargeback/mysql-usr string %s | debconf-set-selections' % mysql_chargeback_username)
sudo('echo stackops-chargeback stackops-chargeback/mysql-password password %s | debconf-set-selections' % mysql_chargeback_password)
sudo('echo stackops-chargeback stackops-chargeback/mysql-schema string %s | debconf-set-selections' % mysql_chargeback_schema)
sudo('echo stackops-chargeback stackops-chargeback/mysql-activity-schema string %s | debconf-set-selections' % mysql_activity_schema)
sudo('echo stackops-chargeback stackops-chargeback/mysql-host string %s | debconf-set-selections' % mysql_chargeback_host)
sudo('echo stackops-chargeback stackops-chargeback/mysql-port string %s | debconf-set-selections' % mysql_chargeback_port)
sudo('echo stackops-chargeback stackops-chargeback/mysql-admin-password password %s | debconf-set-selections' % mysql_chargeback_root_password)
sudo('echo stackops-chargeback stackops-chargeback/mysql-purgedb boolean true | debconf-set-selections')
sudo('echo stackops-chargeback stackops-chargeback/present-stackops-license boolean true | debconf-set-selections')
sudo('echo stackops-chargeback stackops-chargeback/keystone-usr string %s | debconf-set-selections' % service_chargeback_user)
sudo('echo stackops-chargeback stackops-chargeback/keystone-password password %s | debconf-set-selections' % service_chargeback_password)
sudo('echo stackops-chargeback stackops-chargeback/keystone-url string %s://%s:%s%s | debconf-set-selections' % (auth_protocol,auth_host,auth_port,auth_uri))
sudo('echo stackops-chargeback stackops-chargeback/keystone-admin-token string %s | debconf-set-selections' % admin_token)
package_ensure('stackops-chargeback')
def _extra_packages():
"""
Install extra utils packages.
"""
print blue("Installing extra packages.")
cuisine.package_ensure('tree')
cuisine.package_ensure('figlet')
def php():
cuisine.package_ensure([
'php5',
'php5-cli',
'php5-curl',
'php5-dev',
'php5-gd',
'php5-imap',
'php5-memcached',
'php5-mcrypt',
'php5-mysqlnd',
'php5-sqlite',
'php5-tidy',
'php5-xdebug',
'php5-xmlrpc',
'php5-xsl'
])
if not cuisine.file_exists('/etc/php5/conf.d/custom.ini'):
custom = 'date.timezone = "Europe/Paris"\n \
error_reporting = E_ALL\n \
display_errors = On\n \
display_startup_errors = On\n \
short_open_tag = Off'
cuisine.file_write('/etc/php5/conf.d/custom.ini', custom, 644, 'root', 'root')
if not package_installed('php-pear'):
cuisine.package_ensure('php-pear')
cuisine.run('pear channel-update pear.php.net')
cuisine.run('pear upgrade pear')
if package_installed('php5-suhosin'):
cuisine.run('apt-get purge php5-suhosin -y')
def cloud_repository(self):
run("rm -rf /etc/apt/sources.list.d/cloudarchive-*")
cuisine.package_ensure(["python-software-properties", "software-properties-common", "ubuntu-cloud-keyring"])
self.dist_upgrade()
if self._metadata.config["container_os_release_codename"] == "precise":
if self._metadata.config["openstack_release"] in ["icehouse", "juno"]:
run("add-apt-repository --yes cloud-archive:%s" % self._metadata.config["openstack_release"])
if self._metadata.config["container_os_release_codename"] == "trusty":
if self._metadata.config["openstack_release"] in ["juno", "kilo"]:
run("add-apt-repository --yes cloud-archive:%s" % self._metadata.config["openstack_release"])
run("""
OPENSTACK_RELEASE="%s"
APT_CACHER="%s"
SOURCES_LIST="/etc/apt/sources.list.d/cloudarchive-${OPENSTACK_RELEASE}.list"
test -f "${SOURCES_LIST}" && \
sed -i 's,http://ubuntu-cloud.archive.canonical.com,'"${APT_CACHER}"'/ubuntu-cloud.archive.canonical.com,g;' "${SOURCES_LIST}"
exit 0
""" % (
self._metadata.config["openstack_release"],
self._metadata.config["apt-cacher"]
))
self.dist_upgrade()
def setup_packages():
cuisine.select_package('apt')
puts(green('Installing Ubuntu packages'))
with cuisine.mode_sudo():
cuisine.package_update()
cuisine.package_upgrade()
cuisine.package_ensure([
"aptitude",
"build-essential",
"curl",
"git",
"guake",
"haskell-platform",
"htop",
"ibux-mozc",
"libclang-dev",
'libncursesw5-dev',
"libssl-dev",
"paco",
"python3-dev",
"tmux",
"tree",
"wget",
"zip",
"zsh",
])
def install_gunicorn(self):
self.run_virtualenv('pip -q install gunicorn')
with mode_sudo():
dir_ensure('/var/log/gunicorn/',
owner=self.user_name,
group=self.group_name,
)
if self.util.get_package_manager() == 'apt':
operations.put(
'gunicorn.conf',
'/etc/init/',
use_sudo=True, mode=644)
with mode_sudo():
file_attribs('/etc/init/gunicorn.conf',
mode=700,
owner='root',
group='root',
)
with settings(warn_only=True):
sed('/etc/init/gunicorn.conf',
'\{virtualenv\}',
self.virtualenv_dir,
use_sudo = True,
)
operations.put(
'gunicorn-launcher.sh',
self.virtualenv_dir + '/bin/',
use_sudo=True, mode=750)
with mode_sudo():
file_attribs(self.virtualenv_dir + '/bin/gunicorn-launcher.sh',
mode=700,
owner=self.user_name,
group=self.group_name,
)
with settings(warn_only=True):
sed(self.virtualenv_dir + '/bin/gunicorn-launcher.sh',
'\{virtualenv\}',
self.virtualenv_dir,
use_sudo = True,
)
sed(self.virtualenv_dir + '/bin/gunicorn-launcher.sh',
'\{project\}',
self.www_dir,
use_sudo = True,
)
# install gevent. This is non-critical and might fail so we go to
# warn-only mode
with settings(warn_only=True):
package_ensure('libevent-dev')
self.run_virtualenv('pip -q install gevent')
# # TODO: add -k gevent to gunicorn launcher script
# TODO
upstart_ensure('gunicorn')
def configure_activity(mysql_activity_username='******',
mysql_activity_password='******',
mysql_activity_host='localhost',
mysql_activity_port='3306',
mysql_activity_schema='activity',
mysql_activity_root_password='******',
service_activity_user='******',
service_activity_pass='******',
rabbit_username='******',
rabbit_password='******',
rabbit_host='localhost',
rabbit_port='5672',
admin_token='password',
auth_host='127.0.0.1',
auth_port='35357',
auth_protocol='http',
auth_uri='/v2.0',
license_token="SUhIsoHOLNFjt6Drz7W26NrNs"):
"""Generate activity configuration. Execute on both servers"""
sudo('echo stackops-activity stackops-activity/mysql-usr string '
'%s | debconf-set-selections' % mysql_activity_username)
sudo('echo stackops-activity stackops-activity/mysql-password password %s '
'| debconf-set-selections' % mysql_activity_password)
sudo('echo stackops-activity stackops-activity/mysql-schema string %s '
'| debconf-set-selections' % mysql_activity_schema)
sudo('echo stackops-activity stackops-activity/mysql-host string %s '
'| debconf-set-selections' % mysql_activity_host)
sudo('echo stackops-activity stackops-activity/mysql-port string %s '
'| debconf-set-selections' % mysql_activity_port)
sudo('echo stackops-activity stackops-activity/mysql-admin-password '
'password %s | debconf-set-selections' % mysql_activity_root_password)
sudo('echo stackops-activity stackops-activity/mysql-purgedb boolean true '
'| debconf-set-selections')
sudo('echo stackops-activity stackops-activity/present-stackops-license '
'boolean true | debconf-set-selections')
sudo('echo stackops-activity stackops-activity/rabbit-usr string %s '
'| debconf-set-selections' % rabbit_username)
sudo('echo stackops-activity stackops-activity/rabbit-password password '
'%s | debconf-set-selections' % rabbit_password)
sudo('echo stackops-activity stackops-activity/rabbit-host string %s '
'| debconf-set-selections' % rabbit_host)
sudo('echo stackops-activity stackops-activity/rabbit-port string %s '
'| debconf-set-selections' % rabbit_port)
sudo('echo stackops-activity stackops-activity/keystone-usr string %s '
'| debconf-set-selections' % service_activity_user)
sudo('echo stackops-activity stackops-activity/keystone-password password '
'%s | debconf-set-selections' % service_activity_pass)
sudo('echo stackops-activity stackops-activity/keystone-url string '
'%s://%s:%s%s | debconf-set-selections' % (auth_protocol,
auth_host,
auth_port, auth_uri))
sudo('echo stackops-activity stackops-activity/keystone-admin-token '
'string %s | debconf-set-selections' % admin_token)
package_ensure('stackops-activity')
sudo('''mysql -h%s -u%s --password=%s %s -e "UPDATE
ACT_SETTINGS SET PROPERTY_VALUE='%s' WHERE
PROPERTY_KEE='license.manager.token';"''' %
(mysql_activity_host, mysql_activity_username,
mysql_activity_password, mysql_activity_schema, license_token))
package_ensure('stackops-activity-portal-plugin')
def postgresql_ensure(name, username, path, db_password, venv_path='.venv'):
with virtualenv(path, venv_path):
package_ensure('postgresql postgresql-contrib libpq-dev')
python_package_ensure('psycopg2')
postgresql_role_ensure(username, db_password, createdb=True)
postgresql_database_ensure(name, owner=username,
locale='en_US.utf8', template='template0', encoding='UTF8')
def tilde():
# Set up authorization to back up
public_key = ssh.ensure_key('/var/local/germinate-backup', use_sudo=True)
with settings(user='******', host_string='germinate'):
files.append('/home/xenu-linux/.ssh/authorized_keys',
public_key,
use_sudo=True)
sudo("mkdir -p /root/.ssh")
util.put_file("config/backup/sshconfig-xenu",
"/root/.ssh/config",
user='******')
# Set up backup
package_ensure(["rsync"])
util.put_file("config/backup/generic-backup.sh",
"/var/local/generic-backup.sh",
mode='755',
user='******')
util.put_file("config/backup/backup-exclude-tilde",
"/var/local/backup-exclude",
mode='644',
user='******')
util.put_file("config/backup/backup-tilde.sh",
"/etc/cron.daily/backup",
mode='755',
user='******')
def setup_os():
with cuisine.mode_sudo():
cuisine.ssh_authorize( "matze" , cuisine.file_local_read("./cuisine_id.pub"))
for _ in PACKAGE_ENSURE: cuisine.package_ensure(_)
cuisine.run("a2enmod rewrite")
# TODO enable AllowOverride none => all for /var/www
cuisine.run("service apache2 restart")
def add_nrpe_port():
'''
Configures settings to permit incoming NRPE connections on port 5666.
'''
cuisine.package_ensure('xinetd')
sudo('echo "nrpe 5666/tcp" >> /etc/services')
sudo('iptables -A INPUT -p tcp --dport 5666 -j ACCEPT')
def setup_devtools():
puts(green('Installing Devtools'))
packages = '''
vim curl wget build-essential tmux screen zsh make sqlite3 tig tree locate git-core python-software-properties unzip
'''.split()
for pkg in packages:
cuisine.package_ensure(pkg)
def setup_devtools():
puts(green('Installing Devtools'))
packages = '''
vim curl wget build-essential tmux screen zsh make sqlite3 tig tree locate git-core python-software-properties libsqlite3-dev jq libmysqlclient15-dev
'''.split()
for pkg in packages:
cuisine.package_ensure(pkg)
def solr_ensure(project_path, venv_path='.venv'):
with mode_sudo():
package_ensure('openjdk-7-jdk libxml2-dev libxslt1-dev python-dev')
dir_ensure('/usr/java')
file_link('/usr/lib/jvm/java-7-openjdk-amd64', '/usr/java/default')
package_ensure('solr-tomcat')
with virtualenv(project_path, venv_path):
python_package_ensure('pysolr lxml cssselect')
def sudo_ensure():
"""Ensure the 'sudo' command is installed"""
select_package("apt")
with mode_user():
# The below works but is too slow
# run("apt-get update")
# run("apt-get install sudo")
package_ensure(["sudo"]) # No idea why this didn't work
def update_git():
current_version=run('git --version | cut -d" " -f3')
if current_version == GIT_VERSION:
return
package_remove("git")
if CENTOS=True:
for git_dependency in git_dependencies:
package_ensure(CENTOS_GIT_DEPENDENCIES)
def sudo_ensure():
"""Ensure the 'sudo' command is installed"""
select_package("apt")
with mode_user():
# The below works but is too slow
#run("apt-get update")
#run("apt-get install sudo")
package_ensure(["sudo"]) # No idea why this didn't work
def virtualenv_ensure(project_path, venv_path='.venv', packages_file='requirements.txt', restart=False):
package_ensure('python-dev python-pip python-virtualenv')
with virtualenv(project_path, venv_path):
dir_ensure('downloads')
if restart:
run('rm -rf %s' % venv_path)
if not dir_exists(venv_path):
run('virtualenv --no-site-packages --distribute %s' % venv_path)
run('pip install --download-cache downloads -r ' + packages_file)
def apply(self, computer):
cuisine.package_ensure('nginx-extras')
cuisine.dir_ensure('/srv/www/', mode='755')
tmp_env = {"name": computer}
self.push_package_file_set('nginx', computer, tmp_env)
cuisine.sudo("service nginx restart")
def mongodb_ensure():
with mode_sudo():
if not run("cat /etc/apt/sources.list | grep '%s'" % (MONGO_REPO),
warn_only=True).succeeded:
run("apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10"
)
run("add-apt-repository '%s'" % (MONGO_REPO))
package_update()
package_ensure("mongodb-org")
def jenkins():
_update_git()
_openjdk()
_get_repo()
package_ensure("jenkins")
nginx()
with shell_env():
sudo("/etc/init.d/jenkins start")
sudo("chkconfig jenkins on")
def _setup_ubuntu():
"""
Update packages and install basic packages.
"""
print blue("Updating System")
sudo('apt-get update', quiet=True)
print blue("Installing Basic Packages")
cuisine.package_ensure('build-essential')
cuisine.package_ensure('git-core')
def install_python_dev():
'''
Install python development libraries
'''
family = distro_family()
if family == 'debian':
package_ensure('python-dev')
elif family == 'redhat':
package_ensure('python-devel')
def install_prerequisites():
'''
Installs prerequisites for running Nagios on VM.
'''
cuisine.package_ensure('apache2')
cuisine.package_ensure('libapache2-mod-php5')
cuisine.package_ensure('build-essential')
cuisine.package_ensure('libgd2-xpm-dev')
cuisine.package_ensure('libssl-dev')
def install_prerequisites():
'''
Installs prerequisites for running Nagios on VM.
'''
cuisine.package_ensure('apache2')
cuisine.package_ensure('libapache2-mod-php5')
cuisine.package_ensure('build-essential')
cuisine.package_ensure('libgd2-xpm-dev')
cuisine.package_ensure('libssl-dev')
def _setup_percona_repository():
# https://www.percona.com/doc/percona-server/5.7/installation/apt_repo.html
cuisine.package_ensure('wget')
if not cuisine.file_exists('/etc/apt/sources.list.d/percona-ps-80-release.list'):
run('wget https://repo.percona.com/apt/percona-release_latest.$(lsb_release -sc)_all.deb')
sudo('dpkg -i percona-release_latest.$(lsb_release -sc)_all.deb')
run('rm percona-release_latest.$(lsb_release -sc)_all.deb')
sudo('percona-release setup ps80')
def _install_scala_and_sbt():
cuisine.package_ensure('openjdk-7-jdk')
run("wget http://www.scala-lang.org/files/archive/scala-2.11.2.deb")
run("wget http://dl.bintray.com/sbt/debian/sbt-0.13.6.deb")
sudo("dpkg -i scala-2.11.2.deb")
sudo("dpkg -i sbt-0.13.5.deb")
sudo("apt-get update")
sudo("apt-get install scala")
sudo("apt-get install sbt")
def install(cluster=False):
"""Generate neutron configuration. Execute on both servers"""
"""Configure openvwsitch and neutron packages"""
package_ensure('python-amqp')
package_ensure('neutron-server')
package_ensure('neutron-plugin-openvswitch')
package_ensure('python-pyparsing')
package_ensure('python-mysqldb')
if cluster:
stop()
def gunicorn_supervisor_ensure(project_path, project_name, template, key_env):
with mode_sudo(), cd(project_path):
config = '/etc/supervisor/conf.d/%s.conf' % project_name
package_ensure('supervisor')
python_package_ensure('setproctitle')
run("cp %s %s" % (template, config))
file_update(config, lambda x: text_template(x,key_env))
run("supervisorctl reread")
run("supervisorctl update")
run("supervisorctl restart %s" % (project_name))
def __configure_ubuntu_packages(root_pass='******'):
"""Configure mysql ubuntu packages"""
sudo('echo mysql-server-5.5 mysql-server/root_password password %s'
' | debconf-set-selections' % root_pass)
sudo('echo mysql-server-5.5 mysql-server/root_password_again password %s'
' | debconf-set-selections' % root_pass)
sudo('echo mysql-server-5.5 mysql-server/start_on_boot boolean true'
' | debconf-set-selections')
package_ensure('mysql-server')
package_ensure('python-mysqldb')
def setup_ghost_dev():
cuisine.package_ensure("ruby")
cuisine.package_ensure("rubygems")
sudo("gem install bundler")
sudo("gem install sass")
sudo("gem install bourbon")
sudo("npm install -g grunt-cli")
with cd("~/data/apps/ghost"):
run("grunt init")
run("grunt prod")
def setup_ghost_dev():
cuisine.package_ensure("ruby")
cuisine.package_ensure("rubygems")
sudo("gem install bundler")
sudo("gem install sass")
sudo("gem install bourbon")
sudo("npm install -g grunt-cli")
with cd("~/data/apps/ghost"):
run("grunt init")
run("grunt prod")
def _dovecot(database_password):
select_package("apt")
package_ensure(["dovecot-imapd", "dovecot-lmtpd", "dovecot-pgsql", "dovecot-sieve", "dovecot-managesieved"]) # On debian will automatically be enabled
crypto.put_cert('config/certs/imap.za3k.com.pem')
crypto.put_key('config/keys/imap.za3k.com.key')
put('config/dovecot/dovecot.conf', '/etc/dovecot/dovecot.conf', mode='644')
put('config/dovecot/dovecot-sql.conf', '/etc/dovecot/dovecot-sql.conf', mode='600')
_replace('/etc/dovecot/dovecot-sql.conf', 'DOVECOT_DATABASE_PASSWORD', database_password)
dir_ensure("/etc/dovecot/sieve.d")
run("chown vmail:vmail /etc/dovecot/sieve.d")
def __configure_ubuntu_packages(root_pass='******'):
"""Configure mysql ubuntu packages"""
sudo('echo mysql-server-5.5 mysql-server/root_password password %s'
' | debconf-set-selections' % root_pass)
sudo('echo mysql-server-5.5 mysql-server/root_password_again password %s'
' | debconf-set-selections' % root_pass)
sudo('echo mysql-server-5.5 mysql-server/start_on_boot boolean true'
' | debconf-set-selections')
package_ensure('mysql-server')
package_ensure('python-mysqldb')
def postgresql_ensure(name, username, path, db_password, venv_path='.venv'):
package_ensure('postgresql postgresql-contrib libpq-dev')
with virtualenv(path, venv_path):
python_package_ensure('psycopg2')
postgresql_role_ensure(username, db_password, createdb=True)
postgresql_database_ensure(name,
owner=username,
locale='en_US.utf8',
template='template0',
encoding='UTF8')
def nginx_ensure(name, template):
with mode_sudo():
package_ensure('nginx')
run("cp %s /etc/nginx/sites-available/%s" % (template, name))
file_update('/etc/nginx/sites-available/%s' % name, lambda x: text_template(x,env))
if not file_exists("/etc/nginx/sites-enabled/%s" % name):
run("ln -s -t /etc/nginx/sites-enabled /etc/nginx/sites-available/%s " % (
env.project_name))
file_unlink('/etc/nginx/sites-enabled/default')
run("service nginx restart")
def virtualenv_ensure(project_path, venv_path='.venv', packages_file='requirements.txt', restart=False):
package_ensure('python-dev python-pip python-virtualenv')
with cd(project_path):
dir_ensure('downloads')
if restart:
run('rm -rf %s' % venv_path)
if not dir_exists(venv_path):
run('virtualenv --no-site-packages --distribute %s' % venv_path)
with virtualenv(project_path, venv_path):
run('pip install --download-cache downloads -r ' + packages_file)
def install(cluster=False):
"""Generate neutron configuration. Execute on both servers"""
"""Configure openvwsitch and neutron packages"""
package_ensure('python-amqp')
package_ensure('neutron-server')
package_ensure('neutron-plugin-openvswitch')
package_ensure('python-pyparsing')
package_ensure('python-mysqldb')
if cluster:
stop()
def _setup_kataribe():
cuisine.package_ensure('wget')
cuisine.package_ensure('unzip')
if not cuisine.file_exists('/usr/local/bin/kataribe'):
run('wget https://github.com/matsuu/kataribe/releases/download/v0.4.1/kataribe-v0.4.1_linux_amd64.zip')
run('echo "34da63eb1696b964d30d9fac3b6c2778b9797eb4 kataribe-v0.4.1_linux_amd64.zip" | sha1sum -c -')
run('unzip kataribe-v0.4.1_linux_amd64.zip kataribe')
sudo('mv ./kataribe /usr/local/bin')
run('rm kataribe-v0.4.1_linux_amd64.zip')
def invent():
"""Invent is a raspberry pi that connects to the printer. It's LAN only"""
# Set up logging
logs.setup()
# Set up the firewall
#util.put_file("config/firewalls/invent.sh", "/etc/firewall.sh", mode='755', user='******')
#sudo("sh /etc/firewall.sh")
#util.put_file("config/firewalls/iptables", "/etc/network/if-pre-up.d/iptables", mode='755', user='******')
# Set up authorization to back up to germinate
public_key = ssh.ensure_key('/var/local/germinate-backup', use_sudo=True)
with settings(user='******', host_string='germinate'):
files.append('/home/invent/.ssh/authorized_keys',
public_key,
use_sudo=True)
# TODO: Actually, make /root/.ssh first
util.put_file("config/backup/sshconfig-invent",
"/root/.ssh/config",
user='******',
mode='600')
# Set up backup
package_ensure(["rsync"])
util.put_file("config/backup/generic-backup.sh",
"/var/local/generic-backup.sh",
mode='755',
user='******')
util.put_file("config/backup/backup-exclude-base",
"/var/local/backup-exclude",
mode='644',
user='******')
util.put_file("config/backup/backup-invent.sh",
"/etc/cron.daily/backup-invent",
mode='755',
user='******')
# github-backup setup is manual. Look on github and at cron entry. Backs up to germinate:/data/github
# Start a webserver
already_installed = nginx.ensure()
#nginx.remove_default_sites()
if not already_installed:
nginx.restart() # IPv[46] listener only changes on restart
letsencrypt.ensure()
# invent.za3k.com
nginx.ensure_site(
'config/nginx/invent.za3k.com'
) # read-only boot and LetsEncrypt are not easy to make work together, but no TLS is okay for a LAN-only site
util.put_dir('data/invent/public', '/var/www', mode='755', user='******')
nginx.restart()
def nginx_ensure(project_path, name, template, key_env):
with mode_sudo(), cd(project_path):
package_ensure('nginx')
run("cp %s /etc/nginx/sites-available/%s" % (template, name))
file_update('/etc/nginx/sites-available/%s' % name,
lambda x: text_template(x,key_env))
if not file_exists("/etc/nginx/sites-enabled/%s" % name):
run("ln -s -t /etc/nginx/sites-enabled /etc/nginx/sites-available/%s " % (
name))
file_unlink('/etc/nginx/sites-enabled/default')
run("service nginx restart")
def configure_all_schemas(root_pass='******',
password='******',
mysql_host='127.0.0.1',
host_allowed='127.0.0.1'):
package_ensure('mysql-client')
setup_schema(username='******',
schema_name='portal',
root_pass=root_pass,
password=password,
mysql_host=mysql_host,
host=host_allowed)
setup_schema(username='******',
schema_name='keystone',
root_pass=root_pass,
password=password,
mysql_host=mysql_host,
host=host_allowed)
setup_schema(username='******',
schema_name='glance',
root_pass=root_pass,
password=password,
mysql_host=mysql_host,
host=host_allowed)
setup_schema(username='******',
schema_name='nova',
root_pass=root_pass,
password=password,
mysql_host=mysql_host,
host=host_allowed)
setup_schema(username='******',
schema_name='cinder',
root_pass=root_pass,
password=password,
mysql_host=mysql_host,
host=host_allowed)
setup_schema(username='******',
schema_name='neutron',
root_pass=root_pass,
password=password,
mysql_host=mysql_host,
host=host_allowed)
setup_schema(username='******',
schema_name='accounting',
root_pass=root_pass,
password=password,
mysql_host=mysql_host,
host=host_allowed)
setup_schema(username='******',
schema_name='chargeback',
root_pass=root_pass,
password=password,
mysql_host=mysql_host,
host=host_allowed)
def install_nginx():
"""Install nginx + uwsgi on the web servers."""
#sudo('apt-add-repository ppa:nginx/stable')
#sudo('sudo apt-get update')
sudo('apt-get install nginx --assume-yes')
# needed to compile uwsgi
cuisine.package_ensure('libxml2-dev')
pip('http://projects.unbit.it/downloads/uwsgi-latest.tar.gz')
if exists('/etc/nginx/sites-enabled/default'):
sudo('rm /etc/nginx/sites-enabled/default')
def install_supervisor():
"""Install supervisor on the web servers."""
from .django import pip
# ubuntu 11.04 has a bad version
pip('elementtree')
cuisine.package_ensure('supervisor')
# We want to use the /init.d/ scripts
with settings(warn_only=True):
sudo('pkill supervisord')
execute(stop_supervisor)
execute(update_supervisor)
def apply(self, computer):
with prefix('export DEBIAN_FRONTEND=noninteractive'):
cuisine.package_ensure('postfix')
cuisine.package_ensure('mailutils')
tmp_env = {"name": computer}
if "name" in self.settings["params"]:
tmp_env["name"] = self.settings["params"]["name"]
self.push_package_file_set('postfix', computer, tmp_env)
cuisine.sudo("/usr/bin/newaliases")
cuisine.sudo("service postfix restart")
def prepare_system(admin_user, admin_group='admin'):
provision_user(admin_user, admin_group)
inject_ssl_pubkey(admin_user)
firewall()
select_package('apt')
package_update()
prepare_devenv()
prepare_rbenvs(admin_user)
package_ensure('nginx')
package_ensure('python-pip')
sudo('pip install supervisor')
def _setup_kataribe():
cuisine.package_ensure('wget')
cuisine.package_ensure('unzip')
temp_dir = run('mktemp -d')
with cd(temp_dir):
run('wget https://github.com/matsuu/kataribe/releases/download/v0.3.3/linux_amd64.zip'
)
run('echo "9c4a4fe72651e33b1a6ef55f5e672fa38b755d48 linux_amd64.zip" | sha1sum -c -'
)
run('unzip linux_amd64.zip kataribe')
sudo('mv ./kataribe /usr/local/bin')
run('rm -r %s' % temp_dir)
def repo_rpm_init():
''' initialize package repo '''
package_ensure('createrepo')
for dist, package_format in PACKAGE_FORMAT.items():
if package_format == 'rpm':
dir_ensure('{0}/archive/{1}'.format(env.repo_rpm_root, dist),
recursive=True)
for component in RPM_COMPONENTS:
for arch in RPM_ARCHS:
path = pj(env.repo_rpm_root, dist, component, arch)
dir_ensure(path, recursive=True)
run('createrepo {}'.format(path))
def install_prerequisites():
'''
Installs prerequisites on monitored VMs.
'''
cuisine.package_ensure('gcc')
cuisine.package_ensure('build-essential')
cuisine.package_ensure('libssl-dev')
cuisine.package_ensure('iptables-persistent')
def _spamassassin():
select_package("apt")
package_ensure(["spamassassin"])
run("sa-update || true")
put("config/dovecot/spamassassin.sieve",
"/etc/dovecot/sieve.d",
mode='644')
with cd("/etc/dovecot/sieve.d"):
run("sievec spamassassin.sieve")
put("config/spamassassin/spamassassin", "/etc/default", mode='644')
put("config/spamassassin/spamassassin-localspam",
"/etc/cron.daily",
mode='755')
put("config/spamassassin/local.cf", "/etc/spamassassin", mode='644')
run("update-rc.d spamassassin enable")
run("systemctl restart spamassassin")
def _dovecot(database_password):
select_package("apt")
package_ensure([
"dovecot-imapd", "dovecot-lmtpd", "dovecot-pgsql", "dovecot-sieve",
"dovecot-managesieved"
]) # On debian will automatically be enabled
crypto.put_cert('config/certs/imap.za3k.com.pem')
crypto.put_key('config/keys/imap.za3k.com.key')
put('config/dovecot/dovecot.conf', '/etc/dovecot/dovecot.conf', mode='644')
put('config/dovecot/dovecot-sql.conf',
'/etc/dovecot/dovecot-sql.conf',
mode='600')
_replace('/etc/dovecot/dovecot-sql.conf', 'DOVECOT_DATABASE_PASSWORD',
database_password)
dir_ensure("/etc/dovecot/sieve.d")
run("chown vmail:vmail /etc/dovecot/sieve.d")
def stage7_container_midonet_cli():
metadata = Config(os.environ["CONFIGFILE"])
if cuisine.file_exists("/tmp/.%s.lck" % sys._getframe().f_code.co_name):
return
cuisine.package_ensure([
"python-midonetclient", "python-keystoneclient", "python-glanceclient",
"python-novaclient", "python-neutronclient"
])
run("""
if [[ "%s" == "True" ]] ; then set -x; fi
#
# initialize the password cache
#
%s
API_IP="%s"
API_URI="%s"
OPENSTACK_RELEASE="%s"
source /etc/keystone/KEYSTONERC_ADMIN 2>/dev/null || source /etc/keystone/admin-openrc.sh
if [[ "kilo" == "${OPENSTACK_RELEASE}" || "liberty" == "${OPENSTACK_RELEASE}" ]]; then
ADMIN_TENANT_ID="$(openstack project list --format csv | sed 's,",,g;' | grep -v ^ID | grep ',admin' | awk -F',' '{print $1;}' | xargs -n1 echo)"
else
ADMIN_TENANT_ID="$(keystone tenant-list | grep admin | awk -F'|' '{print $2;}' | xargs -n1 echo)"
fi
cat >/root/.midonetrc<<EOF
[cli]
api_url = http://${API_IP}:${API_URI}
username = admin
password = ${ADMIN_PASS}
tenant = ${ADMIN_TENANT_ID}
project_id = admin
EOF
""" % (metadata.config["debug"], open(os.environ["PASSWORDCACHE"]).read(),
metadata.containers[metadata.roles["container_midonet_api"][0]]["ip"],
metadata.services["midonet"]["internalurl"],
metadata.config["openstack_release"]))
cuisine.file_write("/tmp/.%s.lck" % sys._getframe().f_code.co_name, "xoxo")
