def update_hosts_file(name, ip):
files.line(
name='Add hosts to /etc/hosts',
path='/etc/hosts',
line=r' {}.example.com '.format(name),
replace='{} {}.example.com {}'.format(ip, name, name),
)
def update_hosts_file(name, ip):
files.line(
name="Add hosts to /etc/hosts",
path="/etc/hosts",
line=r" {}.example.com ".format(name),
replace="{} {}.example.com {}".format(ip, name, name),
)
def update_hosts_file(name, ip):
name = name.replace('@vagrant/', '')
files.line(
{'Add hosts to /etc/hosts'},
'/etc/hosts',
r' {}.example.com '.format(name),
replace='{} {}.example.com {}'.format(ip, name, name),
)
yum.packages(
name='Install chrony for Network Time Protocol (NTP)',
packages=['chrony'],
)
major = host.fact.linux_distribution['major']
yum.rpm(
name='Install Puppet Repo',
src='https://yum.puppet.com/puppet6-release-el-{}.noarch.rpm'.format(
major),
)
files.line(
name='Ensure SELINUX is disabled',
path='/etc/sysconfig/selinux',
line=r'SELINUX=.*',
replace='SELINUX=disabled',
)
# TODO: should reboot after SELINUX is disabled (how to check/easy way to reboot)
# TODO: how to determine when reboot is complete
# TODO: run sestatus
if host in masters:
install = yum.packages(
name='Install puppet server',
packages=['puppetserver'],
)
config = files.template(
dest=f'/etc/hostname.{WG_IF}',
mode='640')
server.shell(
name='Configure wireguard interface',
commands=[f'sh /etc/netstart ${WG_IF}'],
)
server.shell(
name='Enable IPv4 packet forwarding',
commands=['sysctl net.inet.ip.forwarding=1'],
)
files.line(
name='Persist IPv4 packet forwarding',
path='/etc/sysctl.conf',
line=r'^net.inet.ip.forwarding=',
replace='net.inet.ip.forwarding=1',
)
if IPV6NETWORK:
server.shell(
name='Enable IPv6 packet forwarding',
commands=['sysctl net.inet6.ip6.forwarding=1'],
)
files.line(
name='Persist IPv4 packet forwarding',
path='/etc/sysctl.conf',
line=r'^net.inet6.ip6.forwarding=',
replace='net.inet6.ip6.forwarding=1',
)
files.template(
name='Create index.html',
src='templates/index.html.j2',
dest='/web/index.html',
)
files.link(
name='Create link /web/index.htm that points to /web/index.html',
path='/web/index.htm',
target='/web/index.html',
)
# Note: Allowing sudo to python is not a very secure.
files.line(
name='Ensure myweb can run /usr/bin/python3 without password',
path='/etc/sudoers',
line=r'myweb .*',
replace='myweb ALL=(ALL) NOPASSWD: /usr/bin/python3',
)
server.shell(
name='Check that sudoers file is ok',
commands='visudo -c',
)
init.systemd(
name='Restart and enable myweb',
service='myweb',
running=True,
restarted=True,
enabled=True,
daemon_reload=True,
{'Ensure the directory `{}` exists'.format(dir)},
dir,
)
init.systemd(
{'Restart and enable dnsmasq'},
'dnsmasq',
running=True,
restarted=True,
enabled=True,
)
files.line(
{'Ensure /netboot/nfs is in /etc/exports'},
'/etc/exports',
r'/netboot/nfs .*',
replace='/netboot/nfs *(ro,sync,no_wdelay,insecure_locks,'
'no_root_squash,insecure,no_subtree_check)',
)
server.shell(
{'Make share available'},
'exportfs -a',
)
if not host.fact.file('/netboot/tftp/pxelinux.0'):
server.shell(
{'Copy pxelinux.0 '},
'cp -v /usr/lib/PXELINUX/pxelinux.0 /netboot/tftp/',
)
)
# prepare to do some maintenance
maintenance_line = "SYSTEM IS DOWN FOR MAINTENANCE"
# files.line(
# name='Add the down-for-maintenance line in /etc/motd',
# '/etc/motd',
# maintenance_line,
# )
# do some maintenance...
# Then, after the maintenance is done, remove the maintenance line
files.line(
name="Remove the down-for-maintenance line in /etc/motd",
path="/etc/motd",
line=maintenance_line,
replace="",
present=False,
)
files.replace(
name="Change part of a line in a file",
path="/etc/motd",
match="verboten",
replace="forbidden",
)
# Sync local files/tempdir to remote /tmp/tempdir
files.sync(
name="Sync a local directory with remote",
src="files/tempdir",
yum.packages(
name="Install chrony for Network Time Protocol (NTP)",
packages=["chrony"],
)
major = host.get_fact(LinuxDistribution)["major"]
yum.rpm(
name="Install Puppet Repo",
src="https://yum.puppet.com/puppet6-release-el-{}.noarch.rpm".format(
major),
)
files.line(
name="Ensure SELINUX is disabled",
path="/etc/sysconfig/selinux",
line=r"SELINUX=.*",
replace="SELINUX=disabled",
)
# TODO: should reboot after SELINUX is disabled (how to check/easy way to reboot)
# TODO: how to determine when reboot is complete
# TODO: run sestatus
if host in masters:
install = yum.packages(
name="Install puppet server",
packages=["puppetserver"],
)
config = files.template(
files.template(
name="Create index.html",
src="templates/index.html.j2",
dest="/web/index.html",
)
files.link(
name="Create link /web/index.htm that points to /web/index.html",
path="/web/index.htm",
target="/web/index.html",
)
# Note: Allowing sudo to python is not a very secure.
files.line(
name="Ensure myweb can run /usr/bin/python3 without password",
path="/etc/sudoers",
line=r"myweb .*",
replace="myweb ALL=(ALL) NOPASSWD: /usr/bin/python3",
)
server.shell(
name="Check that sudoers file is ok",
commands="visudo -c",
)
init.systemd(
name="Restart and enable myweb",
service="myweb",
running=True,
restarted=True,
enabled=True,
daemon_reload=True,
)
# prepare to do some maintenance
maintenance_line = 'SYSTEM IS DOWN FOR MAINTENANCE'
# files.line(
# {'Add the down-for-maintenance line in /etc/motd'},
# '/etc/motd',
# maintenance_line,
# )
# do some maintenance...
# Then, after the maintenance is done, remove the maintenance line
files.line(
{'Remove the down-for-maintenance line in /etc/motd'},
'/etc/motd',
maintenance_line,
replace='',
present=False,
)
files.replace(
{'Change part of a line in a file'},
'/etc/motd',
'verboten',
'forbidden',
)
# Sync local files/tempdir to remote /tmp/tempdir
files.sync(
{'Sync a local directory with remote'},
'files/tempdir',
name="Ensure the directory `{}` exists".format(dir),
path=dir,
)
init.systemd(
name="Restart and enable dnsmasq",
service="dnsmasq",
running=True,
restarted=True,
enabled=True,
)
files.line(
name="Ensure /netboot/nfs is in /etc/exports",
path="/etc/exports",
line=r"/netboot/nfs .*",
replace="/netboot/nfs *(ro,sync,no_wdelay,insecure_locks,"
"no_root_squash,insecure,no_subtree_check)",
)
server.shell(
name="Make share available",
commands="exportfs -a",
)
if not host.get_fact(File, path="/netboot/tftp/pxelinux.0"):
server.shell(
name="Copy pxelinux.0 ",
commands="cp -v /usr/lib/PXELINUX/pxelinux.0 /netboot/tftp/",
)
from pyinfra import config
from pyinfra.operations import files
config.SUDO = True
# Run: pyinfra @docker/ubuntu files_line_with_quotes.py
line = 'QUOTAUSER=""'
results = files.line(
name='Example with double quotes (")',
path="/etc/adduser.conf",
line="^{}$".format(line),
replace=line,
)
print(results.changed)
from pyinfra.operations import files
SUDO = True
# Run: pyinfra @docker/ubuntu files_line_with_quotes.py
line = 'QUOTAUSER=""'
results = files.line(
{'Example with double quotes (")'},
'/etc/adduser.conf',
'^{}$'.format(line),
replace=line,
)
print(results.changed)
from pyinfra.operations import files, server
ssh_keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVk9i7FG7dc9r4ixwAJT7uPLH3UuqbwIgeZ7Ytmnpvv erin",
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7FGLD5qvvoCoNpBtj1r6IWNhLh8tauLDUyMLQIYy8i ave@blur",
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK934lz+iT1NRyo6E6wbTxvfLI04bV0OX7aWuzVoMNPR luna@moon",
]
for key in ssh_keys:
files.line(
"/root/.ssh/authorized_keys",
key,
present=True,
)
)
# prepare to do some maintenance
maintenance_line = 'SYSTEM IS DOWN FOR MAINTENANCE'
# files.line(
# name='Add the down-for-maintenance line in /etc/motd',
# '/etc/motd',
# maintenance_line,
# )
# do some maintenance...
# Then, after the maintenance is done, remove the maintenance line
files.line(
name='Remove the down-for-maintenance line in /etc/motd',
path='/etc/motd',
line=maintenance_line,
replace='',
present=False,
)
files.replace(
name='Change part of a line in a file',
path='/etc/motd',
match='verboten',
replace='forbidden',
)
# Sync local files/tempdir to remote /tmp/tempdir
files.sync(
name='Sync a local directory with remote',
src='files/tempdir',