def archive_setup_real_data(): """Set up cnxarchive database with real data """ if not _postgres_user_exists('cnxarchive'): prompts = [] prompts += fexpect.expect('Enter password for new role:', 'cnxarchive') prompts += fexpect.expect('Enter it again:', 'cnxarchive') with fexpect.expecting(prompts): fexpect.sudo( 'createuser --no-createdb --no-createrole --superuser --pwprompt cnxarchive', user='******') if _postgres_db_exists('cnxarchive'): sudo('dropdb cnxarchive', user='******') sudo('createdb -O cnxarchive cnxarchive', user='******') sudo('createlang plpythonu cnxarchive', user='******') run('zcat cnx-archive/repo_test_data.sql.gz >cnx-archive/repo_test_data.sql' ) prompts = fexpect.expect('Password for user cnxarchive:', 'cnxarchive') with fexpect.expecting(prompts): fexpect.run( 'psql -U cnxarchive cnxarchive -f cnx-archive/repo_test_data.sql') run('rm -rf cnx-archive/repo_test_data.sql') run('cnx-upgrade v1')
def test_install(image_name): with temporary_ec2_instance(ami_id=get_ami(image_name)): sudo('apt-get -y install python-software-properties') sudo('yes | apt-add-repository ppa:localwikidev/testing') sudo('apt-get update') with fexpect.expecting(prompts): fexpect.sudo('apt-get -y --force-yes install localwiki') # On Ubuntu 11.10, downgrade to psycopg2 v2.4.1 or else tests can't run # See https://code.djangoproject.com/ticket/16250 if image_name in ['ubuntu11.10', 'ubuntu12.04']: sudo('apt-get -y install python-dev libpq-dev') sudo('pip install psycopg2==2.4.1') # Give localwiki db user permission to create a database, for tests sudo('psql -c "ALTER ROLE localwiki WITH CREATEDB;"', user='******') sudo('localwiki-manage test pages maps tags versioning diff ckeditor redirects users')
def repo_setup(): """Set up rhaptos2.repo """ _setup() _install_postgresql() sudo('apt-get install --yes libxml2-dev libxslt1-dev') _install_nodejs() sudo('apt-get install --yes npm') if not _postgres_user_exists('rhaptos2repo'): prompts = [] prompts += fexpect.expect('Enter password for new role:', 'rhaptos2repo') prompts += fexpect.expect('Enter it again:', 'rhaptos2repo') with fexpect.expecting(prompts): fexpect.sudo('createuser --pwprompt --superuser rhaptos2repo', user='******') if _postgres_db_exists('rhaptos2repo'): sudo('dropdb rhaptos2repo', user='******') if _postgres_db_exists('rhaptos2users'): sudo('dropdb rhaptos2users', user='******') sudo('createdb -O rhaptos2repo rhaptos2repo', user='******') sudo('createdb -O rhaptos2repo rhaptos2users', user='******') if not fabric.contrib.files.exists('rhaptos2.common'): run('git clone [email protected]:Connexions/rhaptos2.common.git') with cd('rhaptos2.common'): sudo('python setup.py install') sudo('pip install -e .') if not fabric.contrib.files.exists('rhaptos2.repo'): run('git clone -b fix-install [email protected]:Connexions/rhaptos2.repo.git' ) with cd('rhaptos2.repo'): sudo('pip install -e .') if fabric.contrib.files.exists('repo-error.log'): sudo('chown karen:karen repo-error.log') sudo('rhaptos2repo-initdb develop.ini') with cd('rhaptos2.repo'): if not fabric.contrib.files.exists('atc'): run('git clone [email protected]:Connexions/atc.git') with cd('rhaptos2.repo/atc'): sudo('npm update -g bower', warn_only=True) run('npm install') sudo('easy_install-2.7 PasteScript PasteDeploy waitress')
def user_setup(): """Set up cnx-user """ _setup() _install_postgresql() if not _postgres_user_exists('cnxuser'): prompts = [] prompts += fexpect.expect('Enter password for new role:', 'cnxuser') prompts += fexpect.expect('Enter it again:', 'cnxuser') with fexpect.expecting(prompts): fexpect.sudo( 'createuser --no-createdb --no-createrole --no-superuser --pwprompt cnxuser', user='******') if _postgres_db_exists('cnxuser'): sudo('dropdb cnxuser', user='******') sudo('createdb -O cnxuser cnxuser', user='******') if not fabric.contrib.files.exists('cnx-user'): run('git clone https://github.com/Connexions/cnx-user.git') if not fabric.contrib.files.exists('velruse'): run('git clone -b cnx-master https://github.com/pumazi/velruse.git') with cd('velruse'): sudo('python setup.py install') sudo('pip install -e .') _install_nodejs() sudo('apt-get install --yes npm') sudo('rm -rf ~/tmp') # ~/tmp is needed for npm sudo('npm install -g grunt-cli bower') # remove ~/tmp after a system npm install as ~/tmp is owned by root and # cannot be written as the user in the next step sudo('rm -rf ~/tmp') with cd('cnx-user/cnxuser/assets'): run('npm install') with cd('cnx-user'): # change velruse to use 1.0.3 which is the version from pumazmi/veruse if not fabric.contrib.files.contains('setup.py', 'velruse==1.0.3'): fabric.contrib.files.sed('setup.py', 'velruse', 'velruse==1.0.3') sudo('python setup.py install') sudo('pip install -e .') # httplib2 top_level.txt is not readable by the user for some reason # (while other top_level.txt are). This causes initialize_cnx-user_db # to fail with IOError permission denied sudo( 'chmod 644 /usr/local/lib/python2.7/dist-packages/httplib2-0.8-py2.7.egg/EGG-INFO/top_level.txt' ) run('initialize_cnx-user_db development.ini')
def repo_setup(): """Set up rhaptos2.repo """ _setup() _install_postgresql() sudo('apt-get install --yes libxml2-dev libxslt1-dev') _install_nodejs() sudo('apt-get install --yes npm') if not _postgres_user_exists('rhaptos2repo'): prompts = [] prompts += fexpect.expect('Enter password for new role:', 'rhaptos2repo') prompts += fexpect.expect('Enter it again:', 'rhaptos2repo') with fexpect.expecting(prompts): fexpect.sudo('createuser --pwprompt --superuser rhaptos2repo', user='******') if _postgres_db_exists('rhaptos2repo'): sudo('dropdb rhaptos2repo', user='******') if _postgres_db_exists('rhaptos2users'): sudo('dropdb rhaptos2users', user='******') sudo('createdb -O rhaptos2repo rhaptos2repo', user='******') sudo('createdb -O rhaptos2repo rhaptos2users', user='******') if not fabric.contrib.files.exists('rhaptos2.common'): run('git clone [email protected]:Connexions/rhaptos2.common.git') with cd('rhaptos2.common'): sudo('python setup.py install') sudo('pip install -e .') if not fabric.contrib.files.exists('rhaptos2.repo'): run('git clone -b fix-install [email protected]:Connexions/rhaptos2.repo.git') with cd('rhaptos2.repo'): sudo('pip install -e .') if fabric.contrib.files.exists('repo-error.log'): sudo('chown karen:karen repo-error.log') sudo('rhaptos2repo-initdb develop.ini') with cd('rhaptos2.repo'): if not fabric.contrib.files.exists('atc'): run('git clone [email protected]:Connexions/atc.git') with cd('rhaptos2.repo/atc'): sudo('npm update -g bower', warn_only=True) run('npm install') sudo('easy_install-2.7 PasteScript PasteDeploy waitress')
def user_setup(): """Set up cnx-user """ _setup() _install_postgresql() if not _postgres_user_exists('cnxuser'): prompts = [] prompts += fexpect.expect('Enter password for new role:', 'cnxuser') prompts += fexpect.expect('Enter it again:', 'cnxuser') with fexpect.expecting(prompts): fexpect.sudo('createuser --no-createdb --no-createrole --no-superuser --pwprompt cnxuser', user='******') if _postgres_db_exists('cnxuser'): sudo('dropdb cnxuser', user='******') sudo('createdb -O cnxuser cnxuser', user='******') if not fabric.contrib.files.exists('cnx-user'): run('git clone https://github.com/Connexions/cnx-user.git') if not fabric.contrib.files.exists('velruse'): run('git clone -b cnx-master https://github.com/pumazi/velruse.git') with cd('velruse'): sudo('python setup.py install') sudo('pip install -e .') _install_nodejs() sudo('apt-get install --yes npm') sudo('rm -rf ~/tmp') # ~/tmp is needed for npm sudo('npm install -g grunt-cli bower') # remove ~/tmp after a system npm install as ~/tmp is owned by root and # cannot be written as the user in the next step sudo('rm -rf ~/tmp') with cd('cnx-user/cnxuser/assets'): run('npm install') with cd('cnx-user'): # change velruse to use 1.0.3 which is the version from pumazmi/veruse if not fabric.contrib.files.contains('setup.py', 'velruse==1.0.3'): fabric.contrib.files.sed('setup.py', 'velruse', 'velruse==1.0.3') sudo('python setup.py install') sudo('pip install -e .') # httplib2 top_level.txt is not readable by the user for some reason # (while other top_level.txt are). This causes initialize_cnx-user_db # to fail with IOError permission denied sudo('chmod 644 /usr/local/lib/python2.7/dist-packages/httplib2-0.8-py2.7.egg/EGG-INFO/top_level.txt') run('initialize_cnx-user_db development.ini')
def import_mediawiki(url=None): import_prompts = [] if url: import_prompts += fexpect.expect('Enter the address of a MediaWiki site (ex: http://arborwiki.org/):', url) import_prompts += fexpect.expect('Continue import? (yes/no)', 'yes') with ec2_instance(ami_id=get_ami('ubuntu10.04')): sudo('apt-get -y install python-software-properties') sudo('yes | apt-add-repository ppa:localwiki') sudo('apt-get update') with fexpect.expecting(prompts): fexpect.sudo('apt-get -y --force-yes install localwiki') with cd('/usr/share/localwiki'): sudo('git clone git://github.com/mivanov/localwiki-importers.git') with cd('localwiki-importers/mediawiki'): sudo('source /usr/share/localwiki/env/bin/activate') sudo('pip install -r requirements.txt') sudo('deactivate') with fexpect.expecting(import_prompts): fexpect.sudo('python import_mediawiki.py')
def archive_setup_real_data(): """Set up cnxarchive database with real data """ if not _postgres_user_exists('cnxarchive'): prompts = [] prompts += fexpect.expect('Enter password for new role:', 'cnxarchive') prompts += fexpect.expect('Enter it again:', 'cnxarchive') with fexpect.expecting(prompts): fexpect.sudo('createuser --no-createdb --no-createrole --superuser --pwprompt cnxarchive', user='******') if _postgres_db_exists('cnxarchive'): sudo('dropdb cnxarchive', user='******') sudo('createdb -O cnxarchive cnxarchive', user='******') sudo('createlang plpythonu cnxarchive', user='******') run('zcat cnx-archive/repo_test_data.sql.gz >cnx-archive/repo_test_data.sql') prompts = fexpect.expect('Password for user cnxarchive:', 'cnxarchive') with fexpect.expecting(prompts): fexpect.run('psql -U cnxarchive cnxarchive -f cnx-archive/repo_test_data.sql') run('rm -rf cnx-archive/repo_test_data.sql') run('cnx-upgrade v1')
def instalar_pxp(): question = raw_input("La conexion se realizara por un proxy? (s/n) : ") if question == 's': question = raw_input( "Ingrese la cadena de conexion del servidor proxy (proxyuser:proxypwd@server:port o server:port) : " ) proxy = question else: proxy = "" run("yum -y install wget") version = run("grep -o release.. /etc/redhat-release") if (version == 'release 7'): # postgres de rpm de postgres 9.5# run("wget http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/pgdg-centos95-9.5-2.noarch.rpm" ) else: # postgres de rpm de postgres 9.5# run("wget http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/pgdg-redhat95-9.5-2.noarch.rpm" ) # configuraicon de archivos de centos-base.repo agregando una linea # s = open("/etc/yum.repos.d/CentOS-Base.repo", 'a') s.write("exclude=postgresql*\n\n") s.close() if (version == 'release 7'): run("rpm -Uvh --replacepkgs pgdg-centos95-9.5-2.noarch.rpm") else: run("rpm -Uvh --replacepkgs pgdg-redhat95-9.5-2.noarch.rpm") # instalacion de postgres y la primera corrida # S_pgsql = "service postgresql-9.5" I_pgsql = "postgresql95" sudo( "yum -y install postgresql95-server postgresql95-docs postgresql95-contrib postgresql95-plperl postgresql95-plpython postgresql95-pltcl postgresql95-test rhdb-utils gcc-objc postgresql95-devel " ) if (version == 'release 7'): run("/usr/pgsql-9.5/bin/postgresql95-setup initdb") run("systemctl start postgresql-9.5") run("systemctl enable postgresql-9.5") else: run("service postgresql-9.5 initdb") run("service postgresql-9.5 start") run("chkconfig postgresql-9.5 on") # instalacion del php y apache mas la primera corrida # sudo( "yum -y install httpd php mod_ssl mod_auth_pgsql php-pear php-bcmath php-mbstring php-cli php-ldap php-pdo php-pgsql php-gd" ) if (version == 'release 7'): run("systemctl start httpd") run("systemctl enable httpd") else: run("service httpd start") run("chkconfig httpd on") #Creacion de archivos para bitacoras archi = open("/usr/local/lib/phx.c", 'w') archi.write('#include "postgres.h"\n') archi.write('#include <string.h>\n') archi.write('#include "fmgr.h"\n') archi.write('#include "utils/geo_decls.h"\n') archi.write('#include <stdio.h>\n') archi.write('#ifdef PG_MODULE_MAGIC\n') archi.write('PG_MODULE_MAGIC;\n') archi.write('#endif\n') archi.write('/* by value */\n') archi.write('PG_FUNCTION_INFO_V1(monitor_phx);\n') archi.write('Datum\n') archi.write('monitor_phx(PG_FUNCTION_ARGS)\n') archi.write('{\n') archi.write(' int32 arg = PG_GETARG_INT32(0);\n') archi.write(' system("sudo /usr/local/lib/./phxbd.sh");\n') archi.write(' PG_RETURN_INT32(arg);\n') archi.write('}') archi.close() run("gcc -I /usr/local/include -I /usr/pgsql-9.5/include/server/ -fpic -c /usr/local/lib/phx.c" ) run("gcc -I /usr/local/include -I /usr/pgsql-9.5/include/server/ -shared -o /usr/local/lib/phx.so phx.o" ) run("chown root.postgres /usr/local/lib/phx.so") run("chmod 750 /usr/local/lib/phx.so") archi = open("/usr/local/lib/phxbd.sh", 'w') archi.write('!/bin/bash\n') archi.write( 'top -b -n 1 | grep -e postgres -e httpd | awk \'{print $1","$12","$2","$9","$10","$5""""}\' > /tmp/procesos.csv\n' ) archi.write('chown root.postgres /tmp/procesos.csv\n') archi.write('chmod 740 /tmp/procesos.csv') sudo("chown root.postgres /usr/local/lib/phxbd.sh") sudo("sudo chmod 700 /usr/local/lib/phxbd.sh") f = open("/etc/sudoers", 'r') chain = f.read() chain = chain.replace("Defaults requiretty", "#Defaults requiretty") chain = chain.replace( "root ALL=(ALL) ALL", "root ALL=(ALL) ALL\n postgres ALL=NOPASSWD: /usr/local/lib/phxbd.sh" ) f.close() f = open("/etc/sudoers", 'w') f.write(chain) f.close() #Instalacion de mcrypt para servicios rest if (version == 'release 7'): run("wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm" ) run("wget http://rpms.remirepo.net/enterprise/remi-release-7.rpm") run("rpm -Uvh remi-release-7*.rpm epel-release-7*.rpm") else: run("wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm" ) run("wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm") sudo("rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm") run("yum -y update") run("yum -y install php-mcrypt*") # cambio de los archivos pg_hba y postgres.config# archi = open("/var/lib/pgsql/9.5/data/pg_hba.conf", 'w') archi.write( "# TYPE DATABASE USER ADDRESS METHOD\n\n" ) archi.write("# 'local' is for Unix domain socket connections only\n") archi.write( "local all postgres,dbkerp_conexion trust\n") archi.write( "local all all md5\n" ) archi.write("# IPv4 local connections:\n") archi.write( "host all all 127.0.0.1/32 md5\n" ) archi.write( "host all all 192.168.0.0/16 md5\n" ) archi.write("# IPv6 local connections:\n") archi.write( "host all all ::1/128 md5\n" ) archi.close() f = open("/var/lib/pgsql/9.5/data/postgresql.conf", 'r') chain = f.read() chain = chain.replace("pg_catalog.english", "pg_catalog.spanish") chain = chain.replace("log_destination = 'stderr'", "log_destination = 'csvlog'") chain = chain.replace("log_filename = 'postgresql-%a.log'", "log_filename = 'postgresql-%Y-%m-%d.log'") chain = chain.replace("log_truncate_on_rotation = on", "log_truncate_on_rotation = off") chain = chain.replace("#log_error_verbosity = default", "log_error_verbosity = verbose") chain = chain.replace("#log_statement = 'none'", "log_statement = 'mod'") chain = chain.replace("iso, mdy", "iso, dmy") f.close() otro = open("/var/lib/pgsql/9.5/data/postgresql.conf", 'w') otro.write(chain) otro.close() s = open("/var/lib/pgsql/9.5/data/postgresql.conf", 'a') s.write("listen_addresses = '*'\n") s.write("bytea_output = 'escape'\n") s.close() db_pass = "******" sudo('psql -c "ALTER USER postgres WITH ENCRYPTED PASSWORD E\'%s\'"' % (db_pass), user='******') sudo('psql -c "CREATE DATABASE dbkerp WITH ENCODING=\'UTF-8\';"', user='******') sudo( 'psql -c "CREATE USER dbkerp_conexion WITH PASSWORD \'dbkerp_conexion\';"', user='******') sudo('psql -c "ALTER ROLE dbkerp_conexion SUPERUSER;"', user='******') sudo( 'psql -c "CREATE USER dbkerp_admin WITH PASSWORD \'a1a69c4e834c5aa6cce8c6eceee84295\';"', user='******') sudo('psql -c "ALTER ROLE dbkerp_admin SUPERUSER;"', user='******') if (version == 'release 7'): run('systemctl restart postgresql-9.5') else: run('service postgresql-9.5 restart') # instalacion de git para poder bajar el repositoriio pxp y moviendo a la carpeta /var/www/html/kerp/# sudo("yum -y install git-core") run("mkdir /var/www/html/kerp") run("mkdir /var/www/html/kerp/pxp") #Si existe proxy se configura github para el proxy if (proxy != ""): run("git config --global http.proxy http://" + proxy) run("git config --global https.proxy https://" + proxy) run("git clone https://github.com/kplian/pxp.git /var/www/html/kerp/pxp") run("chown -R apache.apache /var/www/html/kerp/") run("chmod 700 -R /var/www/html/kerp/") # haciendo una copia de datosgenerales.samples.php y modificando archivo# f = open("/var/www/html/kerp/pxp/lib/DatosGenerales.sample.php") g = open("/var/www/html/kerp/pxp/lib/DatosGenerales.php", "w") linea = f.readline() while linea != "": g.write(linea) linea = f.readline() g.close() f.close() #TODO VOLVER VARIABLE LA CARPETA PRINCIPAL KERP f = open("/var/www/html/kerp/pxp/lib/DatosGenerales.php", 'r') chain = f.read() chain = chain.replace("/web/lib/lib_control/", "/kerp/pxp/lib/lib_control/") chain = chain.replace("/kerp-boa/", "/kerp/") chain = chain.replace("/var/lib/pgsql/9.1/data/pg_log/", "/var/lib/pgsql/9.5/data/pg_log/") f.close() otro = open("/var/www/html/kerp/pxp/lib/DatosGenerales.php", 'w') otro.write(chain) otro.close() run("ln -s /var/www/html/kerp/pxp/lib /var/www/html/kerp/lib") run("ln -s /var/www/html/kerp/pxp/index.php /var/www/html/kerp/index.php") run("ln -s /var/www/html/kerp/pxp/sis_generador /var/www/html/kerp/sis_generador" ) run("ln -s /var/www/html/kerp/pxp/sis_organigrama /var/www/html/kerp/sis_organigrama" ) run("ln -s /var/www/html/kerp/pxp/sis_parametros /var/www/html/kerp/sis_parametros" ) run("ln -s /var/www/html/kerp/pxp/sis_seguridad /var/www/html/kerp/sis_seguridad" ) run("ln -s /var/www/html/kerp/pxp/sis_workflow /var/www/html/kerp/sis_workflow" ) archi = open('/var/www/html/kerp/sistemas.txt', 'w') archi.close() run("mkdir /var/www/html/kerp/reportes_generados") sudo("setfacl -R -m u:apache:wrx /var/www/html/kerp/reportes_generados") # sudo("yum -y install rpm-build") sudo("setfacl -R -m u:postgres:wrx /var/www/html") sudo("chcon -Rv --type=httpd_sys_rw_content_t /var/www/html/kerp/") sudo("setsebool -P httpd_can_network_connect_db=1") # iptables if (version == 'release 6'): run("iptables --flush") run("iptables -P INPUT ACCEPT") run("iptables -P OUTPUT ACCEPT") run("iptables -P FORWARD ACCEPT") #Interfaz local aceptar run("iptables -A INPUT -i lo -j ACCEPT") #Comunicaciones establecidas aceptar run("iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT") #Ping Aceptar run("iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT") #Ssh Aceptar run("iptables -A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT" ) #http y https aceptar run("iptables -A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT" ) run("iptables -A INPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT" ) #postgres aceptar run("iptables -A INPUT -p tcp --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT" ) run("iptables -P INPUT DROP") run("service iptables save") run("service iptables restart") else: run("firewall-cmd --permanent --add-port=22/tcp") run("firewall-cmd --permanent --add-port=80/tcp") run("firewall-cmd --permanent --add-port=5432/tcp") run("firewall-cmd --reload") prompts = [] prompts += expect('Ingrese una opcion.*', '1') prompts += expect('Ingrese el nombre de la BD.*', 'dbkerp') prompts += expect('Desea obtener un backup de la BD.*', 'NO') prompts += expect('los datos de prueba.*', 'n') with expecting(prompts): sudo( "/var/www/html/kerp/pxp/utilidades/restaurar_bd/./restaurar_todo.py", user="******")
def instalar_pxp(): question = raw_input("La conexion se realizara por un proxy? (s/n) : ") if question == 's' : question = raw_input("Ingrese la cadena de conexion del servidor proxy (proxyuser:proxypwd@server:port o server:port) : ") proxy = question else : proxy = "" run("yum -y install wget") version = run("grep -o release.. /etc/redhat-release") if(version == 'release 7'): # postgres de rpm de postgres 9.5# run("wget http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/pgdg-centos95-9.5-2.noarch.rpm") else: # postgres de rpm de postgres 9.5# run("wget http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/pgdg-redhat95-9.5-2.noarch.rpm") # configuraicon de archivos de centos-base.repo agregando una linea # s = open("/etc/yum.repos.d/CentOS-Base.repo",'a') s.write("exclude=postgresql*\n\n") s.close() if(version == 'release 7'): run("rpm -Uvh --replacepkgs pgdg-centos95-9.5-2.noarch.rpm") else: run("rpm -Uvh --replacepkgs pgdg-redhat95-9.5-2.noarch.rpm") # instalacion de postgres y la primera corrida # S_pgsql="service postgresql-9.5" I_pgsql="postgresql95" sudo("yum -y install postgresql95-server postgresql95-docs postgresql95-contrib postgresql95-plperl postgresql95-plpython postgresql95-pltcl postgresql95-test rhdb-utils gcc-objc postgresql95-devel ") if(version == 'release 7'): run("/usr/pgsql-9.5/bin/postgresql95-setup initdb") run("systemctl start postgresql-9.5") run("systemctl enable postgresql-9.5") else: run("service postgresql-9.5 initdb") run("service postgresql-9.5 start") run("chkconfig postgresql-9.5 on") # instalacion del php y apache mas la primera corrida # sudo("yum -y install httpd php mod_ssl mod_auth_pgsql php-pear php-bcmath php-mbstring php-cli php-ldap php-pdo php-pgsql php-gd") if(version == 'release 7'): run("systemctl start httpd") run("systemctl enable httpd") else: run("service httpd start") run("chkconfig httpd on") #Creacion de archivos para bitacoras archi = open("/usr/local/lib/phx.c",'w') archi.write('#include "postgres.h"\n') archi.write('#include <string.h>\n') archi.write('#include "fmgr.h"\n') archi.write('#include "utils/geo_decls.h"\n') archi.write('#include <stdio.h>\n') archi.write('#ifdef PG_MODULE_MAGIC\n') archi.write('PG_MODULE_MAGIC;\n') archi.write('#endif\n') archi.write('/* by value */\n') archi.write('PG_FUNCTION_INFO_V1(monitor_phx);\n') archi.write('Datum\n') archi.write('monitor_phx(PG_FUNCTION_ARGS)\n') archi.write('{\n') archi.write(' int32 arg = PG_GETARG_INT32(0);\n') archi.write(' system("sudo /usr/local/lib/./phxbd.sh");\n') archi.write(' PG_RETURN_INT32(arg);\n') archi.write('}') archi.close() run("gcc -I /usr/local/include -I /usr/pgsql-9.5/include/server/ -fpic -c /usr/local/lib/phx.c") run("gcc -I /usr/local/include -I /usr/pgsql-9.5/include/server/ -shared -o /usr/local/lib/phx.so phx.o") run("chown root.postgres /usr/local/lib/phx.so") run("chmod 750 /usr/local/lib/phx.so") archi = open("/usr/local/lib/phxbd.sh",'w') archi.write('!/bin/bash\n') archi.write('top -b -n 1 | grep -e postgres -e httpd | awk \'{print $1","$12","$2","$9","$10","$5""""}\' > /tmp/procesos.csv\n') archi.write('chown root.postgres /tmp/procesos.csv\n') archi.write('chmod 740 /tmp/procesos.csv') sudo("chown root.postgres /usr/local/lib/phxbd.sh") sudo("sudo chmod 700 /usr/local/lib/phxbd.sh") f = open("/etc/sudoers",'r') chain = f.read() chain = chain.replace("Defaults requiretty","#Defaults requiretty") chain = chain.replace("root ALL=(ALL) ALL","root ALL=(ALL) ALL\n postgres ALL=NOPASSWD: /usr/local/lib/phxbd.sh") f.close() f = open("/etc/sudoers",'w') f.write(chain) f.close() #Instalacion de mcrypt para servicios rest if(version == 'release 7'): run("wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm") run("wget http://rpms.remirepo.net/enterprise/remi-release-7.rpm") run("rpm -Uvh remi-release-7*.rpm epel-release-7*.rpm") else: run("wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm") run("wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm") sudo("rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm") run("yum -y update") run("yum -y install php-mcrypt*") # cambio de los archivos pg_hba y postgres.config# archi=open("/var/lib/pgsql/9.5/data/pg_hba.conf",'w') archi.write("# TYPE DATABASE USER ADDRESS METHOD\n\n") archi.write("# 'local' is for Unix domain socket connections only\n") archi.write("local all postgres,dbkerp_conexion trust\n") archi.write("local all all md5\n") archi.write("# IPv4 local connections:\n") archi.write("host all all 127.0.0.1/32 md5\n") archi.write("host all all 192.168.0.0/16 md5\n") archi.write("# IPv6 local connections:\n") archi.write("host all all ::1/128 md5\n") archi.close() f = open("/var/lib/pgsql/9.5/data/postgresql.conf",'r') chain = f.read() chain = chain.replace("pg_catalog.english","pg_catalog.spanish") chain = chain.replace("log_destination = 'stderr'","log_destination = 'csvlog'") chain = chain.replace("log_filename = 'postgresql-%a.log'","log_filename = 'postgresql-%Y-%m-%d.log'") chain = chain.replace("log_truncate_on_rotation = on","log_truncate_on_rotation = off") chain = chain.replace("#log_error_verbosity = default","log_error_verbosity = verbose") chain = chain.replace("#log_statement = 'none'","log_statement = 'mod'") chain = chain.replace("iso, mdy","iso, dmy") f.close() otro = open("/var/lib/pgsql/9.5/data/postgresql.conf",'w') otro.write(chain) otro.close() s = open("/var/lib/pgsql/9.5/data/postgresql.conf",'a') s.write("listen_addresses = '*'\n") s.write("bytea_output = 'escape'\n") s.close() db_pass = "******" sudo('psql -c "ALTER USER postgres WITH ENCRYPTED PASSWORD E\'%s\'"' % (db_pass), user='******') sudo('psql -c "CREATE DATABASE dbkerp WITH ENCODING=\'UTF-8\';"', user='******') sudo('psql -c "CREATE USER dbkerp_conexion WITH PASSWORD \'dbkerp_conexion\';"', user='******') sudo('psql -c "ALTER ROLE dbkerp_conexion SUPERUSER;"', user='******') sudo('psql -c "CREATE USER dbkerp_admin WITH PASSWORD \'a1a69c4e834c5aa6cce8c6eceee84295\';"', user='******') sudo('psql -c "ALTER ROLE dbkerp_admin SUPERUSER;"', user='******') if(version == 'release 7'): run('systemctl restart postgresql-9.5') else: run('service postgresql-9.5 restart') # instalacion de git para poder bajar el repositoriio pxp y moviendo a la carpeta /var/www/html/kerp/# sudo("yum -y install git-core") run("mkdir /var/www/html/kerp") run("mkdir /var/www/html/kerp/pxp") #Si existe proxy se configura github para el proxy if (proxy != ""): run("git config --global http.proxy http://" + proxy) run("git config --global https.proxy https://" + proxy) run("git clone https://github.com/kplian/pxp.git /var/www/html/kerp/pxp") run("chown -R apache.apache /var/www/html/kerp/") run("chmod 700 -R /var/www/html/kerp/") # haciendo una copia de datosgenerales.samples.php y modificando archivo# f = open("/var/www/html/kerp/pxp/lib/DatosGenerales.sample.php") g = open("/var/www/html/kerp/pxp/lib/DatosGenerales.php","w") linea = f.readline() while linea != "": g.write(linea) linea = f.readline() g.close() f.close() #TODO VOLVER VARIABLE LA CARPETA PRINCIPAL KERP f = open("/var/www/html/kerp/pxp/lib/DatosGenerales.php",'r') chain = f.read() chain = chain.replace("/web/lib/lib_control/","/kerp/pxp/lib/lib_control/") chain = chain.replace("/kerp-boa/","/kerp/") chain = chain.replace("/var/lib/pgsql/9.1/data/pg_log/","/var/lib/pgsql/9.5/data/pg_log/") f.close() otro = open("/var/www/html/kerp/pxp/lib/DatosGenerales.php",'w') otro.write(chain) otro.close() run("ln -s /var/www/html/kerp/pxp/lib /var/www/html/kerp/lib") run("ln -s /var/www/html/kerp/pxp/index.php /var/www/html/kerp/index.php") run("ln -s /var/www/html/kerp/pxp/sis_generador /var/www/html/kerp/sis_generador") run("ln -s /var/www/html/kerp/pxp/sis_organigrama /var/www/html/kerp/sis_organigrama") run("ln -s /var/www/html/kerp/pxp/sis_parametros /var/www/html/kerp/sis_parametros") run("ln -s /var/www/html/kerp/pxp/sis_seguridad /var/www/html/kerp/sis_seguridad") run("ln -s /var/www/html/kerp/pxp/sis_workflow /var/www/html/kerp/sis_workflow") archi=open('/var/www/html/kerp/sistemas.txt','w') archi.close() run("mkdir /var/www/html/kerp/reportes_generados") sudo("setfacl -R -m u:apache:wrx /var/www/html/kerp/reportes_generados") # sudo("yum -y install rpm-build") sudo("setfacl -R -m u:postgres:wrx /var/www/html") sudo("chcon -Rv --type=httpd_sys_rw_content_t /var/www/html/kerp/") sudo("setsebool -P httpd_can_network_connect_db=1") # iptables if(version == 'release 6'): run("iptables --flush") run("iptables -P INPUT ACCEPT") run("iptables -P OUTPUT ACCEPT") run("iptables -P FORWARD ACCEPT") #Interfaz local aceptar run("iptables -A INPUT -i lo -j ACCEPT") #Comunicaciones establecidas aceptar run("iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT") #Ping Aceptar run("iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT") #Ssh Aceptar run("iptables -A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT") #http y https aceptar run("iptables -A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT") run("iptables -A INPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT") #postgres aceptar run("iptables -A INPUT -p tcp --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT") run("iptables -P INPUT DROP") run("service iptables save") run("service iptables restart") else: run("firewall-cmd --permanent --add-port=22/tcp") run("firewall-cmd --permanent --add-port=80/tcp") run("firewall-cmd --permanent --add-port=5432/tcp") run("firewall-cmd --reload") prompts = [] prompts += expect('Ingrese una opcion.*','1') prompts += expect('Ingrese el nombre de la BD.*','dbkerp') prompts += expect('Desea obtener un backup de la BD.*','NO') prompts += expect('los datos de prueba.*','n') with expecting(prompts): sudo("/var/www/html/kerp/pxp/utilidades/restaurar_bd/./restaurar_todo.py" , user="******")