def configure_node_exporter(state, host, enable_service=True, extra_args=None):
op_name = 'Ensure node_exporter service is running'
if enable_service:
op_name = '{0} and enabled'.format(op_name)
if host.fact.linux_distribution['major'] >= 16:
# Setup node_exporter init
generate_service = files.template(
name='Upload the node_exporter systemd unit file',
src=get_template_path('node_exporter.service.j2'),
dest='/etc/systemd/system/node_exporter.service',
extra_args=extra_args,
state=state,
host=host,
)
init.systemd(
name=op_name,
service='node_exporter',
running=True,
restarted=generate_service.changed,
daemon_reload=generate_service.changed,
enabled=enable_service,
state=state,
host=host,
)
elif host.fact.linux_distribution['major'] == 14:
generate_service = files.template(
name='Upload the node_exporter init.d file',
src=get_template_path('init.d.j2'),
dest='/etc/init.d/node_exporter',
mode=755,
ex_name='node_exporter',
ex_bin_dir=host.data.node_exporter_bin_dir,
ex_user=host.data.node_exporter_user,
extra_args=extra_args,
state=state,
host=host,
)
# Start (/enable) the prometheus service
init.d(
name=op_name,
service='node_exporter',
running=True,
restarted=generate_service.changed,
reloaded=generate_service.changed,
enabled=enable_service,
state=state,
host=host,
)
def configure_prometheus(state, host, enable_service=True, extra_args=None):
# Configure prometheus
generate_config = files.template(
name='Upload the prometheus config file',
src=get_template_path('prometheus.yml.j2'),
dest='/etc/default/prometheus.yml',
state=state,
host=host,
)
op_name = 'Ensure prometheus service is running'
if enable_service:
op_name = '{0} and enabled'.format(op_name)
restart = generate_config.changed
if extra_args and ('--web.enable-lifecycle' in extra_args):
restart = False
hit_reload_endpoint = True
else:
hit_reload_endpoint = False
# Setup prometheus init
if host.fact.linux_distribution['major'] >= 16:
generate_service = files.template(
name='Upload the prometheus systemd unit file',
src=get_template_path('prometheus.service.j2'),
dest='/etc/systemd/system/prometheus.service',
extra_args=extra_args,
state=state,
host=host,
)
# Start (/enable) the prometheus service
init.systemd(
name=op_name,
service='prometheus',
running=True,
restarted=restart,
enabled=enable_service,
daemon_reload=generate_service.changed,
state=state,
host=host,
)
# This has to happen after the service reload
if hit_reload_endpoint:
server.shell(
commands='curl -X POST http://localhost:9090/-/reload',
state=state,
host=host,
)
elif host.fact.linux_distribution['major'] == 14:
generate_service = files.template(
name='Upload the prometheus init.d file',
src=get_template_path('init.d.j2'),
dest='/etc/init.d/prometheus',
extra_args=extra_args,
state=state,
host=host,
)
# Start (/enable) the prometheus service
init.d(
name=op_name,
service='prometheus',
running=True,
restarted=restart,
reloaded=generate_service.changed,
enabled=enable_service,
state=state,
host=host,
)
name='Ensure the `{}` exists'.format(grub_dir),
path=grub_dir,
)
files.template(
name='Create a templated file',
src='templates/grub.cfg.j2',
dest='{}/grub.cfg'.format(grub_dir),
)
# configure dnsmasq
files.template(
name='Create dnsmasq configuration file',
src='templates/dnsmasq.conf.j2',
dest='/etc/dnsmasq.conf',
pxe_server=pxe_server,
dns_server=dns_server,
interface=interface,
dhcp_start=dhcp_start,
dhcp_end=dhcp_end,
tftp_dir=tftp_dir,
)
init.systemd(
name='Restart and enable dnsmasq',
service='dnsmasq',
running=True,
restarted=True,
enabled=True,
)
def configure_exporter(
state,
host,
ex_url,
ex_user='******',
ex_bin_dir='/usr/local/bin',
enable_service=True,
extra_args=None,
):
ex_name, ex_bin_name = _get_names(ex_url)
# Start (/enable) the node_exporter service
op_name = 'Ensure exporter service is running'
if enable_service:
op_name = '{0} and enabled'.format(op_name)
if host.fact.linux_distribution['major'] >= 16:
# Setup node_exporter init
generate_service = files.template(
name='Upload the {} systemd unit file'.format(ex_name),
src=get_template_path('exporter.service.j2'),
dest='/etc/systemd/system/{}.service'.format(ex_bin_name),
ex_name=ex_name,
ex_bin_dir=ex_bin_dir,
ex_user=ex_user,
extra_args=extra_args,
state=state,
host=host,
)
init.systemd(
name=op_name,
service=ex_bin_name,
running=True,
restarted=generate_service.changed,
reloaded=generate_service.changed,
enabled=enable_service,
daemon_reload=generate_service.changed,
state=state,
host=host,
)
elif host.fact.linux_distribution['major'] == 14:
generate_service = files.template(
name='Upload the {} init.d file'.format(ex_name),
src=get_template_path('init.d.j2'),
dest='/etc/init.d/{}'.format(ex_name),
mode=755,
ex_name=ex_name,
ex_bin_dir=ex_bin_dir,
ex_user=ex_user,
extra_args=extra_args,
state=state,
host=host,
)
# Start (/enable) the prometheus service
init.d(
name=op_name,
service=ex_name,
running=True,
restarted=generate_service.changed,
reloaded=generate_service.changed,
enabled=enable_service,
state=state,
host=host,
)
'/netboot/nfs',
'/netboot/tftp/pxelinux.cfg',
'/mnt',
'/netboot/nfs/ubuntu1804',
'/netboot/tftp/ubuntu1804',
]
for dir in dirs:
files.directory(
{'Ensure the directory `{}` exists'.format(dir)},
dir,
)
init.systemd(
{'Restart and enable dnsmasq'},
'dnsmasq',
running=True,
restarted=True,
enabled=True,
)
files.line(
{'Ensure /netboot/nfs is in /etc/exports'},
'/etc/exports',
r'/netboot/nfs .*',
replace='/netboot/nfs *(ro,sync,no_wdelay,insecure_locks,'
'no_root_squash,insecure,no_subtree_check)',
)
server.shell(
{'Make share available'},
'exportfs -a',
# I think it should only show as changed if there really was a difference.
# Might have to add a suffix to the sed -i option, then move file only if
# there is a diff. Maybe?
tune = files.line(
{'Tune the puppet server jvm to only use 1gb'},
'/etc/sysconfig/puppetserver',
r'^JAVA_ARGS=.*$',
replace='JAVA_ARGS=\\"-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.'
'jruby_utils.jruby.Slf4jLogger\\"',
)
if install.changed or config.changed or tune.changed:
init.systemd(
{'Restart and enable puppetserver'},
'puppetserver',
running=True,
restarted=True,
enabled=True,
)
if host in agents:
yum.packages(
{'Install puppet agent'},
['puppet-agent'],
)
files.template(
{'Manage the puppet agent configuration'},
'templates/agent_puppet.conf.j2',
'/etc/puppetlabs/puppet/puppet.conf',
# I think it should only show as changed if there really was a difference.
# Might have to add a suffix to the sed -i option, then move file only if
# there is a diff. Maybe?
tune = files.line(
name='Tune the puppet server jvm to only use 1gb',
path='/etc/sysconfig/puppetserver',
line=r'^JAVA_ARGS=.*$',
replace='JAVA_ARGS=\\"-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.'
'jruby_utils.jruby.Slf4jLogger\\"',
)
if install.changed or config.changed or tune.changed:
init.systemd(
name='Restart and enable puppetserver',
service='puppetserver',
running=True,
restarted=True,
enabled=True,
)
if host in agents:
yum.packages(
name='Install puppet agent',
packages=['puppet-agent'],
)
files.template(
name='Manage the puppet agent configuration',
src='templates/agent_puppet.conf.j2',
dest='/etc/puppetlabs/puppet/puppet.conf',
from pyinfra.operations import init, server
SUDO = True
init.systemd(
name='Disable ufw',
service='ufw',
running=False,
enabled=False,
)
server.reboot(
name='Reboot the server',
delay=5,
timeout=30,
)
server.shell(
name='Ensure ufw is not running',
commands='systemctl status ufw',
success_exit_codes=[3],
)
from pyinfra.operations import init, server
init.systemd(
name="Disable ufw",
service="ufw",
running=False,
enabled=False,
)
server.reboot(
name="Reboot the server",
delay=5,
timeout=30,
)
server.shell(
name="Ensure ufw is not running",
commands="systemctl status ufw",
success_exit_codes=[3],
)
from pyinfra import config, host, inventory
from pyinfra.operations import init, puppet, server
config.SUDO = True
config.USE_SUDO_LOGIN = True
if host in inventory.get_group("master_servers"):
server.script_template(
name="Sign the agent, if needed",
src="templates/sign_agent.bash.j2",
)
if host in inventory.get_group("agent_servers"):
init.systemd(
name="Temp stop puppet agent so we can ensure a good run",
service="puppet",
running=False,
)
# Either 'USE_SUDO_LOGIN=True' or 'USE_SU_LOGIN=True' for
# puppet.agent() as `puppet` is added to the path in
# the .bash_profile.
# We also expect a return code of:
# 0=no changes or 2=changes applied
puppet.agent(
name="Run the puppet agent",
success_exit_codes=[0, 2],
)
'/web/index.htm',
'/web/index.html',
)
# Note: Allowing sudo to python is not a very secure.
files.line(
{'Ensure myweb can run /usr/bin/python3 without password'},
'/etc/sudoers',
r'myweb .*',
replace='myweb ALL=(ALL) NOPASSWD: /usr/bin/python3',
)
server.shell(
{'Check that sudoers file is ok'},
'visudo -c',
)
init.systemd(
{'Restart and enable myweb'},
'myweb',
running=True,
restarted=True,
enabled=True,
daemon_reload=True,
)
server.wait(
{'Wait until myweb starts'},
port=80,
)
'/netboot/nfs',
'/netboot/tftp/pxelinux.cfg',
'/mnt',
'/netboot/nfs/ubuntu1804',
'/netboot/tftp/ubuntu1804',
]
for dir in dirs:
files.directory(
name='Ensure the directory `{}` exists'.format(dir),
path=dir,
)
init.systemd(
name='Restart and enable dnsmasq',
service='dnsmasq',
running=True,
restarted=True,
enabled=True,
)
files.line(
name='Ensure /netboot/nfs is in /etc/exports',
path='/etc/exports',
line=r'/netboot/nfs .*',
replace='/netboot/nfs *(ro,sync,no_wdelay,insecure_locks,'
'no_root_squash,insecure,no_subtree_check)',
)
server.shell(
name='Make share available',
commands='exportfs -a',
"/netboot/nfs",
"/netboot/tftp/pxelinux.cfg",
"/mnt",
"/netboot/nfs/ubuntu1804",
"/netboot/tftp/ubuntu1804",
]
for dir in dirs:
files.directory(
name="Ensure the directory `{}` exists".format(dir),
path=dir,
)
init.systemd(
name="Restart and enable dnsmasq",
service="dnsmasq",
running=True,
restarted=True,
enabled=True,
)
files.line(
name="Ensure /netboot/nfs is in /etc/exports",
path="/etc/exports",
line=r"/netboot/nfs .*",
replace="/netboot/nfs *(ro,sync,no_wdelay,insecure_locks,"
"no_root_squash,insecure,no_subtree_check)",
)
server.shell(
name="Make share available",
commands="exportfs -a",
path='/web/index.htm',
target='/web/index.html',
)
# Note: Allowing sudo to python is not a very secure.
files.line(
name='Ensure myweb can run /usr/bin/python3 without password',
path='/etc/sudoers',
line=r'myweb .*',
replace='myweb ALL=(ALL) NOPASSWD: /usr/bin/python3',
)
server.shell(
name='Check that sudoers file is ok',
commands='visudo -c',
)
init.systemd(
name='Restart and enable myweb',
service='myweb',
running=True,
restarted=True,
enabled=True,
daemon_reload=True,
)
server.wait(
name='Wait until myweb starts',
port=80,
)
# I think it should only show as changed if there really was a difference.
# Might have to add a suffix to the sed -i option, then move file only if
# there is a diff. Maybe?
tune = files.line(
name="Tune the puppet server jvm to only use 1gb",
path="/etc/sysconfig/puppetserver",
line=r"^JAVA_ARGS=.*$",
replace='JAVA_ARGS=\\"-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.'
'jruby_utils.jruby.Slf4jLogger\\"',
)
if install.changed or config.changed or tune.changed:
init.systemd(
name="Restart and enable puppetserver",
service="puppetserver",
running=True,
restarted=True,
enabled=True,
)
if host in agents:
yum.packages(
name="Install puppet agent",
packages=["puppet-agent"],
)
files.template(
name="Manage the puppet agent configuration",
src="templates/agent_puppet.conf.j2",
dest="/etc/puppetlabs/puppet/puppet.conf",
from pyinfra import host, inventory
from pyinfra.operations import init, puppet, server
SUDO = True
USE_SUDO_LOGIN = True
if host in inventory.get_group('master_servers'):
server.script_template(
name='Sign the agent, if needed',
src='templates/sign_agent.bash.j2',
)
if host in inventory.get_group('agent_servers'):
init.systemd(
name='Temp stop puppet agent so we can ensure a good run',
service='puppet',
running=False,
)
# Either 'USE_SUDO_LOGIN=True' or 'USE_SU_LOGIN=True' for
# puppet.agent() as `puppet` is added to the path in
# the .bash_profile.
# We also expect a return code of:
# 0=no changes or 2=changes applied
puppet.agent(
name='Run the puppet agent',
success_exit_codes=[0, 2],
)
sudo=True,
peers=host.data.peers,
)
postgresql.role(
name='Create hockeypuck database role',
role='hockeypuck',
login=True,
sudo=True,
sudo_user='******',
)
postgresql.database(
name='Create the hockeypuck database',
database='hockeypuck',
owner='hockeypuck',
encoding='UTF8',
sudo=True,
sudo_user='******',
)
init.systemd(
name='Start hockeypuck service',
service='hockeypuck',
running=True,
restarted=True,
enabled=True,
daemon_reload=True,
sudo=True,
)
name="Ensure the `{}` exists".format(grub_dir),
path=grub_dir,
)
files.template(
name="Create a templated file",
src="templates/grub.cfg.j2",
dest="{}/grub.cfg".format(grub_dir),
)
# configure dnsmasq
files.template(
name="Create dnsmasq configuration file",
src="templates/dnsmasq.conf.j2",
dest="/etc/dnsmasq.conf",
pxe_server=pxe_server,
dns_server=dns_server,
interface=interface,
dhcp_start=dhcp_start,
dhcp_end=dhcp_end,
tftp_dir=tftp_dir,
)
init.systemd(
name="Restart and enable dnsmasq",
service="dnsmasq",
running=True,
restarted=True,
enabled=True,
)
{'Ensure the `{}` exists'.format(grub_dir)},
grub_dir,
)
files.template(
{'Create a templated file'},
'templates/grub.cfg.j2',
'{}/grub.cfg'.format(grub_dir),
)
# configure dnsmasq
files.template(
{'Create dnsmasq configuration file'},
'templates/dnsmasq.conf.j2',
'/etc/dnsmasq.conf',
pxe_server=pxe_server,
dns_server=dns_server,
interface=interface,
dhcp_start=dhcp_start,
dhcp_end=dhcp_end,
tftp_dir=tftp_dir,
)
init.systemd(
{'Restart and enable dnsmasq'},
'dnsmasq',
running=True,
restarted=True,
enabled=True,
)
from pyinfra import host, inventory
from pyinfra.operations import init, puppet, server
SUDO = True
USE_SUDO_LOGIN = True
if host in inventory.get_group('master_servers'):
server.script_template(
{'Sign the agent, if needed'},
'templates/sign_agent.bash.j2',
)
if host in inventory.get_group('agent_servers'):
init.systemd(
{'Temp stop puppet agent so we can ensure a good run'},
'puppet',
running=False,
)
# Either 'USE_SUDO_LOGIN=True' or 'USE_SU_LOGIN=True' for
# puppet.agent() as `puppet` is added to the path in
# the .bash_profile.
# We also expect a return code of:
# 0=no changes or 2=changes applied
puppet.agent(
{'Run the puppet agent'},
success_exit_codes=[0, 2],
)
from pyinfra.operations import init, server
SUDO = True
init.systemd(
{'Disable ufw'},
'ufw',
running=False,
enabled=False,
)
server.reboot(
{'Reboot the server'},
delay=5,
timeout=30,
)
server.shell(
{'Ensure ufw is not running'},
'systemctl status ufw',
success_exit_codes=[3],
)