Beispiel #1
0
def configure_etcd(state, host, enable_service=True):
    # Setup etcd init
    generate_service = files.template(
        state,
        host,
        {'Upload the etcd systemd unit file'},
        get_template_path('etcd.service.j2'),
        '/etc/systemd/system/etcd.service',
    )

    # Configure etcd
    files.template(
        state,
        host,
        {'Upload the etcd env file'},
        get_template_path('etcd.conf.j2'),
        '{{ host.data.etcd_env_file }}',
        # Cluster (peers)
        cluster_node_urls=get_cluster_node_urls(state.inventory),
        get_urls=get_urls,
    )

    # Start (/enable) the etcd service
    op_name = 'Ensure etcd service is running'
    if enable_service:
        op_name = '{0} and enabled'.format(op_name)

    init.systemd(
        state,
        host,
        {op_name},
        'etcd',
        enabled=enable_service,
        daemon_reload=generate_service.changed,
    )
Beispiel #2
0
def configure_prometheus(state, host, enable_service=True):
    # Setup prometheus init
    generate_service = files.template(
        state,
        host,
        {'Upload the prometheus systemd unit file'},
        get_template_path('prometheus.service.j2'),
        '/etc/systemd/system/prometheus.service',
    )

    # Configure prometheus
    files.template(
        state,
        host,
        {'Upload the prometheus config file'},
        get_template_path('prometheus.yml.j2'),
        '/etc/default/prometheus.yml',
    )

    # Start (/enable) the prometheus service
    op_name = 'Ensure prometheus service is running'
    if enable_service:
        op_name = '{0} and enabled'.format(op_name)

    init.systemd(
        state,
        host,
        {op_name},
        'prometheus',
        restarted=True,
        enabled=enable_service,
        daemon_reload=generate_service.changed,
    )
Beispiel #3
0
def configure_node_exporter(state, host, enable_service=True, extra_args=None):

    op_name = 'Ensure node_exporter service is running'
    if enable_service:
        op_name = '{0} and enabled'.format(op_name)

    if host.fact.linux_distribution['major'] >= 16:
        # Setup node_exporter init
        generate_service = files.template(
            state,
            host,
            {'Upload the node_exporter systemd unit file'},
            get_template_path('node_exporter.service.j2'),
            '/etc/systemd/system/node_exporter.service',
            extra_args=extra_args,
        )

        init.systemd(
            state,
            host,
            {op_name},
            'node_exporter',
            running=True,
            restarted=generate_service.changed,
            daemon_reload=generate_service.changed,
            enabled=enable_service,
        )

    elif host.fact.linux_distribution['major'] == 14:
        generate_service = files.template(
            state,
            host,
            {'Upload the node_exporter init.d file'},
            get_template_path('init.d.j2'),
            '/etc/init.d/node_exporter',
            mode=755,
            ex_name='node_exporter',
            ex_bin_dir=host.data.node_exporter_bin_dir,
            ex_user=host.data.node_exporter_user,
            extra_args=extra_args,
        )
        # Start (/enable) the prometheus service
        init.d(
            state,
            host,
            {op_name},
            'node_exporter',
            running=True,
            restarted=generate_service.changed,
            reloaded=generate_service.changed,
            enabled=enable_service,
        )
def configure_node_exporter(state, host, enable_service=True):
    # Setup node_exporter init
    generate_service = files.template(
        state,
        host,
        {'Upload the node_exporter systemd unit file'},
        get_template_path('node_exporter.service.j2'),
        '/etc/systemd/system/node_exporter.service',
    )

    # Start (/enable) the node_exporter service
    op_name = 'Ensure node_exporter service is running'
    if enable_service:
        op_name = '{0} and enabled'.format(op_name)

    init.systemd(
        state,
        host,
        {op_name},
        'node_exporter',
        enabled=enable_service,
        daemon_reload=generate_service.changed,
    )
Beispiel #5
0
    # I think it should only show as changed if there really was a difference.
    # Might have to add a suffix to the sed -i option, then move file only if
    # there is a diff. Maybe?
    tune = files.line(
        {'Tune the puppet server jvm to only use 1gb'},
        '/etc/sysconfig/puppetserver',
        r'^JAVA_ARGS=.*$',
        replace='JAVA_ARGS=\\"-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.'
        'jruby_utils.jruby.Slf4jLogger\\"',
    )

    if install.changed or config.changed or tune.changed:
        init.systemd(
            {'Restart and enable puppetserver'},
            'puppetserver',
            running=True,
            restarted=True,
            enabled=True,
        )

if host in agents:

    yum.packages(
        {'Install puppet agent'},
        ['puppet-agent'],
    )

    files.template(
        {'Manage the puppet agent configuration'},
        'templates/agent_puppet.conf.j2',
        '/etc/puppetlabs/puppet/puppet.conf',
        '/netboot/nfs',
        '/netboot/tftp/pxelinux.cfg',
        '/mnt',
        '/netboot/nfs/ubuntu1804',
        '/netboot/tftp/ubuntu1804',
    ]
    for dir in dirs:
        files.directory(
            {'Ensure the directory `{}` exists'.format(dir)},
            dir,
        )

    init.systemd(
        {'Restart and enable dnsmasq'},
        'dnsmasq',
        running=True,
        restarted=True,
        enabled=True,
    )

    files.line(
        {'Ensure /netboot/nfs is in /etc/exports'},
        '/etc/exports',
        r'/netboot/nfs .*',
        replace='/netboot/nfs *(ro,sync,no_wdelay,insecure_locks,'
        'no_root_squash,insecure,no_subtree_check)',
    )

    server.shell(
        {'Make share available'},
        'exportfs -a',
Beispiel #7
0
        {'Ensure the `{}` exists'.format(grub_dir)},
        grub_dir,
    )

    files.template(
        {'Create a templated file'},
        'templates/grub.cfg.j2',
        '{}/grub.cfg'.format(grub_dir),
    )

    # configure dnsmasq
    files.template(
        {'Create dnsmasq configuration file'},
        'templates/dnsmasq.conf.j2',
        '/etc/dnsmasq.conf',
        pxe_server=pxe_server,
        dns_server=dns_server,
        interface=interface,
        dhcp_start=dhcp_start,
        dhcp_end=dhcp_end,
        tftp_dir=tftp_dir,
    )

    init.systemd(
        {'Restart and enable dnsmasq'},
        'dnsmasq',
        running=True,
        restarted=True,
        enabled=True,
    )
Beispiel #8
0
os.chdir(os.path.dirname('./' + __file__))
cwd = os.path.abspath('.')
project_root = os.path.abspath('../..')

apt.packages(
    {'Install prometheus'},
    ['prometheus'],
    latest=True,
    sudo=True,
)

files.put(
    {'Install prometheus config'},
    'prometheus.yml',
    '/etc/prometheus/prometheus.yml',
    mode='644',
    user='******',
    group='root',
    sudo=True,
)

init.systemd(
    {'Restart prometheus service'},
    'prometheus',
    running=True,
    restarted=True,
    enabled=True,
    sudo=True,
)
Beispiel #9
0
from pyinfra import host, inventory
from pyinfra.modules import init, puppet, server

SUDO = True
USE_SUDO_LOGIN = True

if host in inventory.get_group('master_servers'):
    server.script_template(
        {'Sign the agent, if needed'},
        'templates/sign_agent.bash.j2',
    )

if host in inventory.get_group('agent_servers'):

    init.systemd(
        {'Temp stop puppet agent so we can ensure a good run'},
        'puppet',
        running=False,
    )

    # Either 'USE_SUDO_LOGIN=True' or 'USE_SU_LOGIN=True' for
    # puppet.agent() as `puppet` is added to the path in
    # the .bash_profile.
    # We also expect a return code of:
    # 0=no changes or 2=changes applied
    puppet.agent(
        {'Run the puppet agent'},
        success_exit_codes=[0, 2],
    )
Beispiel #10
0
from pyinfra.modules import init, server

SUDO = True


init.systemd(
    {'Disable ufw'},
    'ufw',
    running=False,
    enabled=False,
)

server.reboot(
    {'Reboot the server'},
    delay=5,
    timeout=30,
)

server.shell(
    {'Ensure ufw is not running'},
    'systemctl status ufw',
    success_exit_codes=[3],
)
Beispiel #11
0
    latest=True,
    sudo=True,
)

postgresql.role(
    {'Create hockeypuck database role'},
    'hockeypuck',
    login=True,
    sudo=True,
    sudo_user='******',
)

postgresql.database(
    {'Create the hockeypuck database'},
    'hockeypuck',
    owner='hockeypuck',
    encoding='UTF8',
    sudo=True,
    sudo_user='******',
)

init.systemd(
    {'Start hockeypuck service'},
    'hockeypuck',
    running=True,
    restarted=True,
    enabled=True,
    daemon_reload=True,
    sudo=True,
)
Beispiel #12
0
        '/web/index.htm',
        '/web/index.html',
    )

    # Note: Allowing sudo to python is not a very secure.
    files.line(
        {'Ensure myweb can run /usr/bin/python3 without password'},
        '/etc/sudoers',
        r'myweb .*',
        replace='myweb ALL=(ALL) NOPASSWD: /usr/bin/python3',
    )

    server.shell(
        {'Check that sudoers file is ok'},
        'visudo -c',
    )

    init.systemd(
        {'Restart and enable myweb'},
        'myweb',
        running=True,
        restarted=True,
        enabled=True,
        daemon_reload=True,
    )

    server.wait(
        {'Wait until myweb starts'},
        port=80,
    )