def install(self, node, ajp_port, java_opts):
""" Installs Tomcat and the monitoring tools using Chef """
# Tomcat manager configuration
with open("%s/tomcat-users.json" % self.__templatedir) as f:
tomcat_users = DataBag.builder() \
.name("tomcat_users") \
.item("abiquo", f.read()) \
.build()
# Node configuration
with open("%s/tomcat-node.json" % self.__templatedir) as f:
attrs = f.read() % {
'javaopts': java_opts,
'ajpport': ajp_port,
'jvmroute': "node%d" % ajp_port,
'bprobe_org': self._boundary_org,
'bprobe_key': self._boundary_key,
'newrelic_key': self._newrelic_key
}
# Recipes to install
runlist = RunList.builder() \
.recipe("java") \
.recipe("tomcat") \
.recipe("tomcat::users") \
.recipe("bprobe") \
.recipe("newrelic") \
.build()
chef = ChefSolo.builder() \
.defineDataBag(tomcat_users) \
.jsonAttributes(attrs) \
.runlist(runlist) \
.build()
return [git.install()] + self._clone_required_cookbooks() + [chef]
def install(idp_fqdn=FQDN):
"""
Installe un serveur d'indentité disponible à *idp_fqdn*.
"""
# DEPS
lasso.install()
mysql.install()
ssl.install()
git.install()
apache.install()
apache.add_mod_rewrite()
apache.add_mod_ssl()
apache.add_mod_wsgi()
venv.install_virtualenv()
runcmd('apt-get install -y python-ldap')
runcmd('apt-get install -y python-mysqldb --force-yes')
# DB
db_name = idp_fqdn.replace('.', '_')
mysql.setup_db(db_name)
# WEB
ssl.create_certificats(idp_fqdn)
extra = {'venv': venv.get_path(idp_fqdn), }
apache.add_vhost(idp_fqdn, 'idp_vhost.txt', extra)
# SOURCE
git.clone('git://git.auf.org/authentic2', idp_fqdn)
git.checkout(idp_fqdn, 'master')
# VIRTUALENV
venv.mkenv(idp_fqdn)
bin_pip = venv.get_bin_pip(idp_fqdn)
with cd(git.home(idp_fqdn)):
git.sudo("%s install -r requirements.txt" % bin_pip)
git.sudo("%s install django-auth-ldap" % bin_pip)
# WSGI
data = {
'project_path': git.home(idp_fqdn),
'venv': venv.get_path(idp_fqdn),
}
filename = os.path.join(TPL_DIR, 'idp_wsgi.txt')
destination = os.path.join(venv.get_bin_path(idp_fqdn), 'idp_wsgi.py')
upload_template(
filename,
destination,
context=data,
use_sudo=True,)
runcmd('chown %s:%s %s' % (git.GIT_USER, git.GIT_GROUP, destination,))
runcmd('chmod 644 %s' % (destination, ))
# LOG file
log_file = os.path.join(git.home(idp_fqdn), 'log.log')
runcmd('touch %s' % log_file)
runcmd('chmod g+w %s' % log_file)
runcmd('chown %s:www-data %s' % (git.GIT_USER, log_file))
# CONF
data.update({
'db_name': db_name,
'db_user': db_name,
'db_password': db_name,
})
filename = os.path.join(TPL_DIR, 'idp_local_settings.txt')
destination = os.path.join(
git.home(idp_fqdn),
'aufcustom',
'local_settings.py')
upload_template(
filename,
destination,
context=data,
use_sudo=True,)
runcmd('chown %s:%s %s' % (git.GIT_USER, git.GIT_GROUP, destination,))
# manage.py
data.update({
'venv': venv.get_path(idp_fqdn),
})
filename = os.path.join(TPL_DIR, 'idp_manage.txt')
destination = os.path.join(
git.home(idp_fqdn),
'manage.py')
upload_template(
filename,
destination,
context=data,
use_sudo=True,)
runcmd('chown %s:%s %s' % (git.GIT_USER, git.GIT_GROUP, destination,))
runcmd('chmod +x %s' % (destination,))
git.sudo('%s syncdb --migrate --noinput' % (destination,))
git.sudo('%s collectstatic --noinput' % (destination,))
apache.restart()
def setup_server4(hostname=None, domain=None, pc="1", forge_modules=["puppetlabs/stdlib", "puppetlabs/concat", "puppetlabs/firewall", "puppetlabs/apt"]):
"""Setup Puppet 4 server"""
import package, util, git, service
# Local files to copy over
basedir = "/etc/puppetlabs"
local_master_conf = "files/puppet-master.conf"
remote_master_conf = basedir+"/puppet/puppet.conf"
local_hiera_yaml = "files/hiera.yaml"
remote_hiera_yaml = basedir+"/code/hiera.yaml"
local_fileserver_conf = "files/fileserver.conf"
remote_fileserver_conf = basedir+"/puppet/fileserver.conf"
local_environments = "files/environments"
remote_codedir = basedir+"/code"
local_gitignore = "files/gitignore"
remote_gitignore = basedir+"/.gitignore"
modules_dir = basedir+"/code/environments/production/modules"
# Verify that all the local files are in place
try:
open(local_master_conf)
open(local_hiera_yaml)
except IOError:
print "ERROR: some local config files were missing!"
sys.exit(1)
# Autodetect hostname and domain from env.host, if they're not overridden
# with method parameters
if not hostname:
hostname = util.get_hostname()
if not domain:
domain = util.get_domain()
# Ensure that clock is correct before doing anything else, like creating SSL
# certificates.
util.set_clock()
# Start the install
install_puppetlabs_release_package(pc)
package.install("puppetserver")
util.put_and_chown(local_master_conf, remote_master_conf)
util.put_and_chown(local_hiera_yaml, remote_hiera_yaml)
util.put_and_chown(local_fileserver_conf, remote_fileserver_conf)
util.put_and_chown(local_gitignore, remote_gitignore)
util.add_to_path("/opt/puppetlabs/bin")
util.set_hostname(hostname + "." + domain)
# "facter fqdn" return a silly name on EC2 without this
util.add_host_entry("127.0.1.1", hostname, domain)
# Copy over template environments
util.put_and_chown(local_environments, remote_codedir)
# Add modules from Puppet Forge. These should in my experience be limited to
# those which provide new types and providers. In particular puppetlabs'
# modules which control some daemon (puppetdb, postgresql, mysql) are
# extremely complex, very prone to breakage and nasty to debug.
for module in forge_modules:
add_forge_module(module)
# Git setup
git.install()
git.init(basedir)
if not exists(modules_dir):
sudo("mkdir "+modules_dir)
git.init(modules_dir)
git.add_submodules(basedir=modules_dir)
git.add_all(basedir)
git.commit(basedir, "Initial commit")
# Link hieradata and manifests from production to testing. This keeps the
# testing environment identical to the production environment. The modules
# directory in testing is separate and may (or may not) contain modules that
# override or complement those in production.
util.symlink(remote_codedir+"/environments/production/hieradata", remote_codedir+"/environments/testing/hieradata")
util.symlink(remote_codedir+"/environments/production/manifests", remote_codedir+"/environments/testing/manifests")
# Start puppetserver to generate the CA and server certificates/keys
service.start("puppetserver")
run_agent(noop="False")
def setup_server4(hostname=None,
domain=None,
pc="1",
forge_modules=[
"puppetlabs/stdlib", "puppetlabs/concat",
"puppetlabs/firewall", "puppetlabs/apt"
]):
"""Setup Puppet 4 server"""
import package, util, git, service
# Local files to copy over
basedir = "/etc/puppetlabs"
local_master_conf = "files/puppet-master.conf"
remote_master_conf = basedir + "/puppet/puppet.conf"
local_hiera_yaml = "files/hiera.yaml"
remote_hiera_yaml = basedir + "/code/hiera.yaml"
local_fileserver_conf = "files/fileserver.conf"
remote_fileserver_conf = basedir + "/puppet/fileserver.conf"
local_environments = "files/environments"
remote_codedir = basedir + "/code"
local_gitignore = "files/gitignore"
remote_gitignore = basedir + "/.gitignore"
modules_dir = basedir + "/code/environments/production/modules"
# Verify that all the local files are in place
try:
open(local_master_conf)
open(local_hiera_yaml)
except IOError:
print "ERROR: some local config files were missing!"
sys.exit(1)
# Autodetect hostname and domain from env.host, if they're not overridden
# with method parameters
if not hostname:
hostname = util.get_hostname()
if not domain:
domain = util.get_domain()
# Ensure that clock is correct before doing anything else, like creating SSL
# certificates.
util.set_clock()
# Start the install
install_puppetlabs_release_package(pc)
package.install("puppetserver")
util.put_and_chown(local_master_conf, remote_master_conf)
util.put_and_chown(local_hiera_yaml, remote_hiera_yaml)
util.put_and_chown(local_fileserver_conf, remote_fileserver_conf)
util.put_and_chown(local_gitignore, remote_gitignore)
util.add_to_path("/opt/puppetlabs/bin")
util.set_hostname(hostname + "." + domain)
# "facter fqdn" return a silly name on EC2 without this
util.add_host_entry("127.0.1.1", hostname, domain)
# Copy over template environments
util.put_and_chown(local_environments, remote_codedir)
# Add modules from Puppet Forge. These should in my experience be limited to
# those which provide new types and providers. In particular puppetlabs'
# modules which control some daemon (puppetdb, postgresql, mysql) are
# extremely complex, very prone to breakage and nasty to debug.
for module in forge_modules:
add_forge_module(module)
# Git setup
git.install()
git.init(basedir)
if not exists(modules_dir):
sudo("mkdir " + modules_dir)
git.init(modules_dir)
git.add_submodules(basedir=modules_dir)
git.add_all(basedir)
git.commit(basedir, "Initial commit")
# Link hieradata and manifests from production to testing. This keeps the
# testing environment identical to the production environment. The modules
# directory in testing is separate and may (or may not) contain modules that
# override or complement those in production.
util.symlink(remote_codedir + "/environments/production/hieradata",
remote_codedir + "/environments/testing/hieradata")
util.symlink(remote_codedir + "/environments/production/manifests",
remote_codedir + "/environments/testing/manifests")
# Start puppetserver to generate the CA and server certificates/keys
service.start("puppetserver")
run_agent(noop="False")