def install_syco(args):
"""
Install/configure this script on the current computer.
"""
app.print_verbose("Install syco version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallSYCO", SCRIPT_VERSION)
version_obj.check_executed()
app.print_verbose("Install required packages for syco")
x("yum install pexpect python-crypto augeas -y")
app.print_verbose("Create symlink /sbin/syco")
set_syco_permissions()
if not os.path.exists('/sbin/syco'):
os.symlink('%sbin/syco.py' % SYCO_PATH, '/sbin/syco')
x("cat %syum/CentOS-Base.repo > /etc/yum.repos.d/CentOS-Base.repo" %
app.SYCO_VAR_PATH)
#Use augeas to set max kernels to 2 since more won't fit on /boot
from augeas import Augeas
augeas = Augeas(x)
augeas.set_enhanced("/files/etc/yum.conf/main/installonly_limit", "2")
version_obj.mark_executed()
def install_syco(args):
"""
Install/configure this script on the current computer.
"""
app.print_verbose("Install syco version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallSYCO", SCRIPT_VERSION)
version_obj.check_executed()
#Override base repo to one that works
x("cat %syum/CentOS-Base.repo > /etc/yum.repos.d/CentOS-Base.repo" % app.SYCO_VAR_PATH)
#Set Swappiness to 0 on all hosts to avoid excessive swapping
x('sysctl vm.swappiness=0')
app.print_verbose("Install required packages for syco")
x("yum install augeas -y")
app.print_verbose("Create symlink /sbin/syco")
set_syco_permissions()
if not os.path.exists('/sbin/syco'):
os.symlink('%sbin/syco.py' % SYCO_PATH, '/sbin/syco')
#Use augeas to set max kernels to 2 since more won't fit on /boot
from augeas import Augeas
augeas = Augeas(x)
augeas.set_enhanced("/files/etc/yum.conf/main/installonly_limit", "2")
version_obj.mark_executed()
def _libvirt_init_config():
x("yum install augeas -y")
#Initialize augeas
augeas = Augeas(x)
augeas.set_enhanced("/files/etc/sysconfig/libvirt-guests/ON_SHUTDOWN","shutdown")
def epel_repo():
"""
Setup EPEL repository.
"""
# Check if epel is already installed and enabled
augeas = Augeas(x)
epel_enabled = augeas.find_values('/files/etc/yum.repos.d/epel.repo/epel/enabled')
if len(epel_enabled) != 1 or epel_enabled[0] != '1':
x("yum install -y epel-release")
augeas.set_enhanced('/files/etc/yum.repos.d/epel.repo/epel/enabled', '1')
def setup_clam_and_freshclam():
#
# Setup clamav and freshclam
#
app.print_verbose("Setup clamav and freshclam")
app.print_verbose(" Setup config files.")
x("cp /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.conf")
clamd = scOpen("/usr/local/etc/clamd.conf")
clamd.replace("^[#]\?Example.*", "#Example")
clamd.replace("^[#]\?LogFileMaxSize.*", "LogFileMaxSize 100M")
clamd.replace("^[#]\?LogFile.*", "LogFile /var/log/clamav/clamd.log")
clamd.replace("^[#]\?LogTime.*", "LogTime yes")
clamd.replace("^[#]\?LogSyslog.*", "LogSyslog yes")
clamd.replace("^[#]\?TCPSocket.*", "TCPSocket 3310")
clamd.replace("^[#]\?TCPAddr.*", "TCPAddr 127.0.0.1")
clamd.replace("^[#]\?ExcludePath.*/proc.*", "ExcludePath ^/proc")
clamd.replace("^[#]\?ExcludePath.*/sys.*", "ExcludePath ^/sys")
clamd.replace("^[#]\?User.*", "User clamav")
clamd.replace("^[#]\?LocalSocket.*", "LocalSocket /var/run/clamav/clamd.socket")
clamd.replace("^[#]\?PidFile.*", "PidFile /var/run/clamav/clamd.pid")
clamd.replace("^[#]\?DatabaseDirectory.*", "DatabaseDirectory /var/lib/clamav")
x("cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf")
freshclam = scOpen("/usr/local/etc/freshclam.conf")
freshclam.replace("^[#]\?Example.*", "#Example")
freshclam.replace("^[#]\?LogFileMaxSize.*", "LogFileMaxSize 100M")
freshclam.replace("^[#]\?LogTime.*", "LogTime yes")
freshclam.replace("^[#]\?LogSyslog.*", "LogSyslog yes")
freshclam.replace("^[#]\?DatabaseOwner.*", "DatabaseOwner clamav")
freshclam.replace("^[#]\?PidFile.*", "PidFile /var/run/clamav/freshclam.pid")
freshclam.replace("^[#]\?DatabaseMirror.*", "DatabaseMirror db.northeu.clamav.net")
freshclam.replace("^[#]\?UpdateLogFile.*", "UpdateLogFile /var/log/clamav/freshclam.log")
freshclam.replace("^[#]\?DatabaseDirectory.*", "DatabaseDirectory /var/lib/clamav")
#TODO: Change replace statements above to augeas since that tends to be more stable.
app.print_verbose(" Install augeas and add clam lens that is not available on CentOS 6")
x("yum install -y augeas")
x("cp %s/augeas/lenses/clamav.aug /usr/share/augeas/lenses/dist/" % app.SYCO_VAR_PATH)
#Help augeas find freshclam.conf
if x("readlink /etc/freshclam.conf").find("/usr/local/etc/freshclam.conf") == -1:
x("rm -f /etc/freshclam.conf")
x("ln -s /usr/local/etc/freshclam.conf /etc/")
#Initialize augeas
augeas = Augeas(x)
if config.general.get_proxy_host() and config.general.get_proxy_port():
app.print_verbose(" Configure proxy for freshclam")
augeas.set_enhanced("/files/etc/freshclam.conf/HTTPProxyPort", "%s" % config.general.get_proxy_port())
augeas.set_enhanced("/files/etc/freshclam.conf/HTTPProxyServer", "%s" % config.general.get_proxy_host())
def epel_repo():
"""
Setup EPEL repository.
"""
# Check if epel is already installed and enabled
augeas = Augeas(x)
epel_enabled = augeas.find_values(
'/files/etc/yum.repos.d/epel.repo/epel/enabled')
if len(epel_enabled) != 1 or epel_enabled[0] != '1':
x("yum install -y epel-release")
augeas.set_enhanced('/files/etc/yum.repos.d/epel.repo/epel/enabled',
'1')
def _configure_keepalived():
"""
* Keepalived needs the possibility to bind on non local adresses.
* It will replace the variables in the config file with the hostname.
* It is not environmental dependent and can be installed on any server.
"""
augeas = Augeas(x)
augeas.set_enhanced("/files/etc/sysctl.conf/net.ipv4.ip_nonlocal_bind", "1")
x("sysctl -p")
x("mv {0}keepalived.conf {0}org.keepalived.conf".format(KA_CONF_DIR))
x("cp {0}/{1}.keepalived.conf {2}keepalived.conf".format(SYCO_PLUGIN_PATH, ka_env, KA_CONF_DIR))
scopen.scOpen(KA_CONF_DIR + "keepalived.conf").replace("${KA_SERVER_NAME_UP}", socket.gethostname().upper())
scopen.scOpen(KA_CONF_DIR + "keepalived.conf").replace("${KA_SERVER_NAME_DN}", socket.gethostname().lower())
_chkconfig("keepalived","on")
_service("keepalived","restart")
def _configure_keepalived():
"""
* Keepalived needs the possibility to bind on non local adresses.
* It will replace the variables in the config file with the hostname.
* It is not environmental dependent and can be installed on any server.
"""
augeas = Augeas(x)
augeas.set_enhanced("/files/etc/sysctl.conf/net.ipv4.ip_nonlocal_bind",
"1")
x("sysctl -p")
x("mv {0}keepalived.conf {0}org.keepalived.conf".format(KA_CONF_DIR))
x("cp {0}/{1}.keepalived.conf {2}keepalived.conf".format(
SYCO_PLUGIN_PATH, ka_env, KA_CONF_DIR))
scopen.scOpen(KA_CONF_DIR + "keepalived.conf").replace(
"${KA_SERVER_NAME_UP}",
socket.gethostname().upper())
scopen.scOpen(KA_CONF_DIR + "keepalived.conf").replace(
"${KA_SERVER_NAME_DN}",
socket.gethostname().lower())
_chkconfig("keepalived", "on")
_service("keepalived", "restart")
def install_syco(args):
"""
Install/configure this script on the current computer.
"""
app.print_verbose("Install syco version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallSYCO", SCRIPT_VERSION)
version_obj.check_executed()
# Override base repo to one that works
x("cat %syum/CentOS-Base.repo > /etc/yum.repos.d/CentOS-Base.repo" %
app.SYCO_VAR_PATH)
# Run all yum updates through proxy if available
proxy_host = config.general.get_proxy_host()
proxy_port = config.general.get_proxy_port()
if proxy_host and proxy_port:
x('echo proxy=%s >> /etc/yum.conf' % "http://%s:%s" %
(proxy_host, proxy_port))
app.print_verbose("Install required packages for syco")
install_packages("augeas")
app.print_verbose("Create symlink /sbin/syco")
set_syco_permissions()
if not os.path.exists('/sbin/syco'):
os.symlink('%sbin/syco.py' % SYCO_PATH, '/sbin/syco')
# Use augeas to set max kernels to 2 since more won't fit on /boot
from augeas import Augeas
augeas = Augeas(x)
augeas.set_enhanced("/files/etc/yum.conf/main/installonly_limit", "2")
# Set Swappiness to 0 on all hosts to avoid excessive swapping
augeas.set_enhanced("/files/etc/sysctl.conf/vm.swappiness", "0")
if proxy_host and proxy_port:
# Set proxy again with augeas to ensure there are no duplicates/inconsistencies
augeas.set_enhanced("/files/etc/yum.conf/main/proxy",
"http://%s:%s" % (proxy_host, proxy_port))
version_obj.mark_executed()
def install_syco(args):
"""
Install/configure this script on the current computer.
"""
app.print_verbose("Install syco version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallSYCO", SCRIPT_VERSION)
version_obj.check_executed()
# Override base repo to one that works
x("cat %syum/CentOS-Base.repo > /etc/yum.repos.d/CentOS-Base.repo" % app.SYCO_VAR_PATH)
# Run all yum updates through proxy if available
proxy_host = config.general.get_proxy_host()
proxy_port = config.general.get_proxy_port()
if proxy_host and proxy_port:
x('echo proxy=%s >> /etc/yum.conf' % "http://%s:%s" % (proxy_host,proxy_port))
app.print_verbose("Install required packages for syco")
install_packages("augeas")
app.print_verbose("Create symlink /sbin/syco")
set_syco_permissions()
if not os.path.exists('/sbin/syco'):
os.symlink('%sbin/syco.py' % SYCO_PATH, '/sbin/syco')
# Use augeas to set max kernels to 2 since more won't fit on /boot
from augeas import Augeas
augeas = Augeas(x)
augeas.set_enhanced("/files/etc/yum.conf/main/installonly_limit", "2")
# Set Swappiness to 0 on all hosts to avoid excessive swapping
augeas.set_enhanced("/files/etc/sysctl.conf/vm.swappiness", "0")
if proxy_host and proxy_port:
# Set proxy again with augeas to ensure there are no duplicates/inconsistencies
augeas.set_enhanced("/files/etc/yum.conf/main/proxy", "http://%s:%s" % (proxy_host,proxy_port))
version_obj.mark_executed()
def install_mail_server(args):
"""
Installs a postfix-based mail relay MTA that listens on the DMZ, and relays
towards the internet. Also possible to send from localhost. Also installs mailx.
"""
version_obj = version.Version("Install-postfix-server", SCRIPT_VERSION)
version_obj.check_executed()
app.print_verbose("Installing postfix-server version: {0}".format(SCRIPT_VERSION))
init_properties = PostFixProperties()
# Install required packages
x("yum install -y postfix augeas")
#Initialize augeas
augeas = Augeas(x)
# Set config file parameters
#
general.use_original_file("/etc/postfix/main.cf")
postfix_main_cf = scopen.scOpen("/etc/postfix/main.cf")
# Hostname is full canonical name of machine.
postfix_main_cf.replace("#myhostname = host.domain.tld", "myhostname = {0}".format(config.general.get_mail_relay_domain_name())) # mailrelay.syco.com
postfix_main_cf.replace("#mydomain = domain.tld", "mydomain = {0}".format(config.general.get_resolv_domain())) # syco.com
postfix_main_cf.replace("#myorigin = $mydomain", "myorigin = $myhostname")
# Accept email from all IP addresses for this server
augeas.set_enhanced("/files/etc/postfix/main.cf/inet_interfaces", ",".join(init_properties.server_ips))
#Allow networks
augeas.set_enhanced("/files/etc/postfix/main.cf/mynetworks", ",".join(init_properties.server_networks))
# Do not relay anywhere special, i.e straight to internet.
postfix_main_cf.replace("#relay_domains = $mydestination", "relay_domains =")
postfix_main_cf.replace("#home_mailbox = Maildir/", "home_mailbox = Maildir/")
# Stop warning about IPv6.
postfix_main_cf.replace("inet_protocols = all", "inet_protocols = ipv4")
#Set virtual_alias_maps and virtual_alias_domains in main.cf
augeas.set("/files/etc/postfix/main.cf/virtual_alias_maps", "hash:/etc/postfix/virtual")
if init_properties.virtual_alias_domains:
augeas.set("/files/etc/postfix/main.cf/virtual_alias_domains", init_properties.virtual_alias_domains)
#Add virtual aliases if they do not already exist
for virt_alias_from, virt_alias_to in init_properties.virtual_aliases.iteritems():
existing = augeas.find_entries("/files/etc/postfix/virtual/pattern[. = '%s']" % virt_alias_from)
if len(existing) == 0:
x("echo \"%s %s\" >> /etc/postfix/virtual" % (virt_alias_from, virt_alias_to))
else:
augeas.set_enhanced("/files/etc/postfix/virtual/pattern[. = '%s']/destination" % virt_alias_from,
virt_alias_to)
if len(init_properties.virtual_aliases) > 0:
x("postmap /etc/postfix/virtual")
# Install a simple mail CLI-tool
install_mailx()
# Tell iptables and nrpe that this server is configured as a mail-relay server.
iptables.add_mail_relay_chain()
iptables.save()
x("service postfix restart")
# Send test mail to the syco admin
# and to any virtual alias emails
send_test_mail((None, config.general.get_admin_email()),
init_properties.virtual_aliases.keys())
