def configure(self):
"""
[rbuilderstorage]
# optional list of ':' seperated dirs
relocate-paths = /srv:/var/rmake
"""
try:
blkdevmap = self.id.getBlockDeviceMapping()
except EC2DataRetrievalError:
return
cfg = self.ud.getSection("storage")
ephemeralDevs = []
for key, dev in blkdevmap.iteritems():
if "ephemeral" in key:
mntpnt = "/ephemeral/%s" % key[9:]
# ephemeral device names are not correct
# for our kernel
if not os.path.exists("/dev/%s" % dev):
dev = dev.replace("sd", "xvd")
ephemeralDevs.append(("/dev/%s" % dev, mntpnt))
relocatePaths = ["/srv", "/var/rmake"]
if "relocate-paths" in cfg:
relocatePaths = cfg["relocate-paths"].split(":")
# First ephemeral is scratch
scratchDev = ephemeralDevs[0][0]
os.system("pvcreate %s" % scratchDev)
os.system("vgcreate vg00 %s" % scratchDev)
# Second dev is for mass storage
(dev, mntpnt) = ephemeralDevs[1]
util.mkdirChain(mntpnt)
util.call(["mount", dev, mntpnt])
for relocPath in relocatePaths:
if os.path.exists(relocPath) and not os.path.islink(relocPath):
util.movetree(relocPath, "%s/%s" % (mntpnt, relocPath))
os.symlink("%s/%s" % (mntpnt, relocPath), relocPath)
def configure(self):
"""
[openvpn]
nameserver = 192.168.1.1
search = foo.example.com bar.example.com
server = myvpn.example.com
port = 1194
proto = tcp
ca = <compressed ca cert>
cert = <compressed cert>
key = <compressed cert>
"""
cfg = self.ud.getSection('openvpn')
template = """\
client
dev tun
proto %(proto)s
remote %(server)s %(port)s
resolv-retry infinite
nobind
#user nobody
#group nobody
persist-key
persist-tun
ca %(cafile)s
cert %(certfile)s
key %(keyfile)s
ns-cert-type server
cipher BF-CBC
comp-lzo
verb 3
"""
for key in ('server', 'port', 'ca', 'cert', 'key'):
if key not in cfg:
return
if 'proto' not in cfg:
cfg['proto'] = 'udp'
cfgdir = os.path.join('/', 'etc', 'openvpn', 'amiconfig')
util.mkdirChain(cfgdir)
cfg['cafile'] = os.path.join(cfgdir, 'ca.crt')
cfg['certfile'] = os.path.join(cfgdir, 'cert.crt')
cfg['keyfile'] = os.path.join(cfgdir, 'key.key')
util.urlgrab(cfg['ca'], filename=cfg['cafile'])
cert = util.decompress(util.decode(cfg['cert']))
key = util.decompress(util.decode(cfg['key']))
open(cfg['certfile'], 'w').write(cert)
open(cfg['keyfile'], 'w').write(key)
cfgfile = os.path.join('/', 'etc', 'openvpn', 'amiconfig.conf')
open(cfgfile, 'w').write(template % cfg)
if 'nameserver' in cfg:
resolv = open('/etc/resolv.conf', 'w')
if 'search' in cfg:
resolv.write('search %s\n' % cfg['search'])
resolv.write('nameserver %s\n' % cfg['nameserver'])
resolv.close()
def configure(self):
"""
[openvpn]
nameserver = 192.168.1.1
search = foo.example.com bar.example.com
server = myvpn.example.com
port = 1194
proto = tcp
ca = <compressed ca cert>
cert = <compressed cert>
key = <compressed cert>
"""
cfg = self.ud.getSection('openvpn')
template = """\
client
dev tun
proto %(proto)s
remote %(server)s %(port)s
resolv-retry infinite
nobind
#user nobody
#group nobody
persist-key
persist-tun
ca %(cafile)s
cert %(certfile)s
key %(keyfile)s
ns-cert-type server
cipher BF-CBC
comp-lzo
verb 3
"""
for key in ('server', 'port', 'ca', 'cert', 'key'):
if key not in cfg:
return
if 'proto' not in cfg:
cfg['proto'] = 'udp'
cfgdir = os.path.join('/', 'etc', 'openvpn', 'amiconfig')
util.mkdirChain(cfgdir)
cfg['cafile'] = os.path.join(cfgdir, 'ca.crt')
cfg['certfile'] = os.path.join(cfgdir, 'cert.crt')
cfg['keyfile'] = os.path.join(cfgdir, 'key.key')
util.urlgrab(cfg['ca'], filename=cfg['cafile'])
cert = util.decompress(util.decode(cfg['cert']))
key = util.decompress(util.decode(cfg['key']))
open(cfg['certfile'], 'w').write(cert)
open(cfg['keyfile'], 'w').write(key)
cfgfile = os.path.join('/', 'etc', 'openvpn', 'amiconfig.conf')
open(cfgfile, 'w').write(template % cfg)
if 'nameserver' in cfg:
resolv = open('/etc/resolv.conf', 'w')
if 'search' in cfg:
resolv.write('search %s\n' % cfg['search'])
resolv.write('nameserver %s\n' % cfg['nameserver'])
resolv.close()
def configure(self):
"""
[storage]
# disable the spacedaemon
daemon = False
# size in GB
pre-allocated-space = 20
# list of ':' seperated dirs
relocate-paths = /srv/rmake-builddir:/srv/mysql
"""
try:
blkdevmap = self.id.getBlockDeviceMapping()
except errors.EC2DataRetrievalError:
return
cfg = self.ud.getSection('storage')
# Always mount swap
if 'swap' in blkdevmap:
swap = blkdevmap['swap']
util.call(['swapon', swap])
ephemeralDevs = []
for key, dev in blkdevmap.iteritems():
if 'ephemeral' in key:
mntpnt = '/ephemeral/%s' % key[9:]
ephemeralDevs.append(('/dev/%s' % dev, mntpnt))
relocatePaths = []
if 'relocate-paths' in cfg:
relocatePaths = cfg['relocate-paths'].split(':')
ephemeralDevsCount = len(ephemeralDevs)
relocatePathsCount = len(relocatePaths)
if ephemeralDevsCount < 1:
return
pathsPerDev = relocatePathsCount
if ephemeralDevsCount > 1 and relocatePathsCount > 1:
pathsPerDev = math.ceil(relocatePathsCount /
float(ephemeralDevsCount))
# The ephemeral space is a sparse file on an independent spindle. To
# increase performance you want to create a file under the ephemeral
# mout point to pre allocate the sparse file.
size = 0
if 'pre-allocated-space' in cfg:
# size is in GB
size = int(cfg['pre-allocated-space'])
# Get daemon configuration.
daemon = True
if 'daemon' in cfg:
daemon = bool(cfg['daemon'])
paths = []
for i, (dev, mntpnt) in enumerate(ephemeralDevs):
util.mkdirChain(mntpnt)
util.call(['mount', dev, mntpnt])
if daemon:
paths.append(mntpnt)
else:
fh = util.createUnlinkedTmpFile(mntpnt)
util.growFile(fh, size * 1024)
fh.close()
for j in range((i+1) * pathsPerDev):
if relocatePathsCount > j and os.path.exists(relocatePaths[j]) \
and not os.path.islink(relocatePaths[j]):
util.movetree(relocatePaths[j],
'%s/%s' % (mntpnt, relocatePaths[j]))
os.symlink('%s/%s' % (mntpnt, relocatePaths[j]),
relocatePaths[j])
if daemon and len(paths) > 0:
exe = spacedaemon.__file__
if exe.endswith('.pyc'):
exe = exe[:-1]
cmd = [ exe, str(size * 1024) ]
cmd.extend(paths)
util.call(cmd)
def configure(self):
"""
[cernvm]
# entitlement key
entitlement_key = 289a919c-9a97-44a9-a07d-473850bd5730
# contextualization key
contextualization_key = de4248a0-3fc9-463b-a66f-88f7bc935b11
# path to contextualization command
contextualization_command = /path/to/script.sh
# url to retrieve initial CernVM configuration
# config_url = <url>
# list of ',' seperated organisations/experiments
organisations = alice,atlas
# install group profile
group_profile = group-<org>[-desktop]
# list of ',' seperated repositories
repositories = alice,atlas,grid
# extra repositories, comma-separated; each field has:
# name|server|<base64_encoded_pubkey>
extra_repositories = name|server|<base64_encoded_pubkey>,name2|server2|<base64_encoded_pubkey2>
# CernVM user name:group:password
users = testalice:alice:12345test,testatlas:atlas:12345atlas
# CernVM user shell </bin/bash|/bin/tcsh>
shell = /bin/bash
# Automatically login CernVM user to GUI
auto_login = on
# CVMFS HTTP proxy http://<host>:<port>;DIRECT
proxy = DIRECT
# list of ',' seperated services to start
services = <list>
# extra environment variables to define
environment = CMS_SITECONFIG=CERN,CMS_ROOT=/opt/cms
# CernVM edition Basic|Desktop
edition = Basic
# CernVM screen Resolution
screenRes = 1024x768
# Start XDM on boot on|off
startXDM = off
# Keyboard
keyboard = us
# GRID UI version
gridUiVersion = default
"""
cfg = self.ud.getSection('cernvm')
group_profile = ''
if 'group_profile' in cfg:
group_profile = cfg['group_profile']
call(['/etc/cernvm/config',
'-g',
'%s' % (group_profile)])
entitlement_key = ''
if 'entitlement_key' in cfg:
entitlement_key = cfg['entitlement_key']
self.writeConfigToFile(
"/etc/cvmfs/site.conf",
'CVMFS_ENTITLEMENT_KEY',entitlement_key,"=")
contextualization_key = ''
if 'contextualization_key' in cfg:
contextualization_key = cfg['contextualization_key']
self.writeConfigToFile(
"/etc/cernvm/site.conf",
'CERNVM_CONTEXTUALIZATION_KEY',contextualization_key,"=")
contextualization_cmd = ''
if 'contextualization_command' in cfg:
contextualization_cmd = cfg['contextualization_command']
self.writeConfigToFile(
"/etc/cernvm/site.conf",
'CERNVM_CONTEXTUALIZATION_COMMAND',
contextualization_cmd,"=")
organisations = ''
if 'organisations' in cfg:
organisations = cfg['organisations']
self.writeConfigToFile(
"/etc/cernvm/site.conf",
'CERNVM_ORGANISATION',organisations,"=")
repositories = ''
if 'repositories' in cfg:
repositories = cfg['repositories']
self.writeConfigToFile(
"/etc/cvmfs/site.conf",
'CVMFS_REPOSITORIES',repositories,"=")
extra_repositories = cfg.get('extra_repositories', None)
if extra_repositories is not None:
for entry in extra_repositories.split(','):
parsed_entry = entry.split('|')
if len(parsed_entry) == 3:
r_name, r_serv, r_key_b64 = parsed_entry
try:
r_key = base64.b64decode(r_key_b64)
except Exception:
# malformed b64
continue
# Write configuration
f = None
try:
try:
f = open('/etc/cvmfs/config.d/%s.conf'%r_name, 'w')
f.write( 'CVMFS_SERVER_URL=http://%s/cvmfs/%s\n' % (r_serv, r_name) )
f.write( 'CVMFS_HTTP_PROXY=DIRECT\n' )
except IOError, e:
print "Cannot write configuration for CVMFS repo %s" % r_name
pass
finally:
if f is not None: f.close()
# Write key
f = None
try:
try:
f = open('/etc/cvmfs/keys/%s.pub'%r_name, 'w')
f.write(r_key)
f.write('\n')
except IOError, e:
print "Cannot write pubkey for CVMFS repo %s" % r_name
pass
finally:
if f is not None: f.close()
screenRes = ''
if 'screenres' in cfg:
screenRes = cfg['screenres']
self.writeConfigToFile(
"/etc/cernvm/site.conf",
'CERNVM_SCREEN_RES',screenRes,"=")
startXDM = ''
if 'startxdm' in cfg:
startXDM = cfg['startxdm']
self.writeConfigToFile(
"/etc/cernvm/site.conf",
'CERNVM_START_XDM',startXDM,"=")
edition = ''
if 'edition' in cfg:
edition = cfg['edition']
self.writeConfigToFile(
"/etc/cernvm/site.conf",
'CERNVM_EDITION',edition,"=")
keyboard = ''
if 'keyboard' in cfg:
keyboard = cfg['keyboard']
self.writeConfigToFile(
"/etc/cernvm/site.conf",
'CERNVM_KEYBOARD',keyboard,"=")
gridUiVersion = ''
if 'griduiversion' in cfg:
gridUiVersion = cfg['griduiversion']
self.writeConfigToFile(
"/etc/cernvm/site.conf",
'CERNVM_GRID_UI_VERSION',gridUiVersion,"=")
#config_url = ''
#if 'config_url' in cfg:
# config_url = cfg['config_url']
# self.writeConfigToFile(
# "/etc/cernvm/site.conf",
# 'CERNVM_CONFIG_URL',config_url,"=")
proxy = ''
if 'proxy' in cfg:
proxy = cfg['proxy']
self.writeConfigToFile(
"/etc/cvmfs/site.conf",
'CVMFS_HTTP_PROXY',proxy,"=")
services = ''
if 'services' in cfg:
services = cfg['services']
self.writeConfigToFile(
"/etc/cernvm/site.conf",
'CERNVM_SERVICES',services,"=")
shell = '/bin/bash'
if 'shell' in cfg:
shell = cfg['shell']
self.writeConfigToFile(
"/etc/cernvm/site.conf",
'CERNVM_USER_SHELL',shell,"=")
autoLogin = '******'
if 'auto_login' in cfg:
autoLogin = cfg['auto_login']
self.writeConfigToFile(
"/etc/cernvm/site.conf",
'CERNVM_AUTOLOGIN',autoLogin,"=")
if 'desktop_icons' in cfg:
desktopIcons = cfg['desktop_icons']
self.writeConfigToFile(
"/etc/cernvm/site.conf",
'CERNVM_DESKTOP_ICONS', desktopIcons, "=")
util.call(['/etc/cernvm/config','-y'])
environment = ''
vars = ''
if 'environment' in cfg:
environment = cfg['environment']
for entry in environment.split(','):
(var,val) = entry.split('=')
self.writeConfigToFile(
"/etc/cernvm/environment.conf",var,val,"=")
vars += '+' + var
self.writeConfigToFile(
"/etc/cernvm/site.conf",'CERNVM_ENVIRONMENT_VARS',vars,'=')
users = ''
first = 1
eosUser = None
x509User = None
if 'users' in cfg:
users = cfg['users']
for entry in users.split(','):
(username,group,password) = entry.split(':')
if not len(password):
password = ''.join(random.choice(string.ascii_uppercase +
string.digits +
string.ascii_lowercase)
for x in range(8))
if first:
self.writeConfigToFile(
"/etc/cernvm/site.conf",
'CERNVM_USER',username,"=")
self.writeConfigToFile(
"/etc/cernvm/site.conf",
'CERNVM_USER_GROUP',group,"=")
first = 0
x509User = username
eosUser = username
call(['/etc/cernvm/config',
'-u',
'%s' % (username),
'%s' % (shell),
'%s' % (password),
'%s' % (group)])
certUserField = 'x509-user'
if certUserField in cfg:
x509User = cfg[certUserField]
if x509User is None:
# Fallback to root
x509User = '******'
certFileField = 'x509-cert-file'
if certFileField in cfg and x509User is not None:
pw = pwd.getpwnam(x509User)
x509CertFile = '/tmp/x509up_u' + str(pw.pw_uid)
eosx509CertFile = x509CertFile
shutil.copy2(cfg[certFileField], x509CertFile)
os.chmod(x509CertFile,stat.S_IREAD|stat.S_IWRITE)
os.chown(x509CertFile,pw.pw_uid,pw.pw_gid)
certField = 'x509-cert'
if certField in cfg and x509User is not None:
x509Cert = cfg[certField]
try:
x509Cert = base64.decodestring(x509Cert)
except:
# Malformed base64 data. We ignore it.
return
pw = pwd.getpwnam(x509User)
x509CertFile = '/tmp/x509up_u' + str(pw.pw_uid)
eosx509CertFile = x509CertFile
file(x509CertFile, "w").write(x509Cert)
os.chmod(x509CertFile,stat.S_IREAD|stat.S_IWRITE)
os.chown(x509CertFile,pw.pw_uid,pw.pw_gid)
eosUserField = 'eos-user'
if eosUserField in cfg:
eosUser = cfg[eosUserField]
eosCertField = 'eos-x509-cert'
if eosCertField in cfg:
eosx509Cert = cfg[eosCertField]
try:
eosx509Cert = base64.decodestring(eosx509Cert)
except:
# Malformed base64 data. We ignore it.
return
pw = pwd.getpwnam(eosUser)
eosx509CertFile = '/tmp/x509up_u' + str(pw.pw_uid) + '.eos'
file(eosx509CertFile, "w").write(eosx509Cert)
os.chmod(eosx509CertFile,stat.S_IREAD|stat.S_IWRITE)
os.chown(x509CertFile,pw.pw_uid,pw.pw_gid)
field = 'eos-readaheadsize'
eosReadAheadSize = 4000000
if field in cfg:
eosReadAheadSize = cfg[field]
field = 'eos-readcachesize'
eosReadCacheSize = 16000000
if field in cfg:
eosReadCacheSize = cfg[field]
srvField = 'eos-server'
if srvField in cfg and eosUser is not None:
server = cfg[srvField]
util.mkdirChain('/eos')
util.call(['/bin/chown',eosUser,'/eos'])
util.call(['/sbin/modprobe','fuse'])
cmd='/usr/bin/env X509_CERT_DIR=/cvmfs/grid.cern.ch/etc/grid-security/certificates X509_USER_PROXY=%s EOS_READAHEADSIZE=%s EOS_READCACHESIZE=%s /usr/bin/eosfsd /eos -oallow_other,kernel_cache,attr_timeout=30,entry_timeout=30,max_readahead=131072,max_write=4194304,fsname=eos root://%s//eos/' % (eosx509CertFile,eosReadAheadSize,eosReadCacheSize,server)
util.call(cmd.split())
if edition == 'Desktop':
util.call(['/etc/cernvm/config','-x'])
util.call(['/sbin/telinit','5'])
util.call(['/sbin/service cernvm start'])
