def tinc_stage3_routing(): for server in sorted(metadata.servers): if server <> env.host_string: cuisine.file_append( "/etc/tinc/%s/tinc.conf" % metadata.config["domain"], """ ConnectTo = %s """ % server) cuisine.file_append( "/etc/tinc/%s/tinc-up" % metadata.config["domain"], """ # # tinc routing configuration: forward packets for the docker network ips on server %s # VPN_BASE="%s" NET="%s" GW="${VPN_BASE}.%s" NETMASK="%s" if [[ "$(uname -o 2>/dev/null)" == "GNU/Linux" ]]; then /sbin/route add -net "${NET}" netmask "${NETMASK}" gw "${GW}" else /sbin/route add -net "${NET}" "${GW}" "${NETMASK}" fi """ % (server, metadata.config["vpn_base"], CIDR(metadata.servers[server]["dockernet"])[0], metadata.config["idx"][server], CIDR(metadata.servers[server]["dockernet"]).netmask))
def tinc_stage3_routing(): for server in sorted(metadata.servers): if server <> env.host_string: cuisine.file_append("/etc/tinc/%s/tinc.conf" % metadata.config["domain"], """ ConnectTo = %s """ % server) cuisine.file_append("/etc/tinc/%s/tinc-up" % metadata.config["domain"], """ # # tinc routing configuration: forward packets for the docker network ips on server %s # VPN_BASE="%s" NET="%s" GW="${VPN_BASE}.%s" NETMASK="%s" if [[ "$(uname -o 2>/dev/null)" == "GNU/Linux" ]]; then /sbin/route add -net "${NET}" netmask "${NETMASK}" gw "${GW}" else /sbin/route add -net "${NET}" "${GW}" "${NETMASK}" fi """ % ( server, metadata.config["vpn_base"], CIDR(metadata.servers[server]["dockernet"])[0], metadata.config["idx"][server], CIDR(metadata.servers[server]["dockernet"]).netmask ))
def hosts_conf(): notify('Writing hostname and hosts files.') cuisine.mode_sudo() sudo('echo "{NAME}" > /etc/hostname'.format(NAME=MACHINE['KEY'])) sudo('hostname -F /etc/hostname') hosts = cuisine.text_template(templates.hosts, MACHINE) cuisine.file_append('/etc/hosts', hosts)
def tinc_stage3_fip_routing(): # # do not run this code if you are working with physical midonet gateways for a demo # if "midonet_gateway" not in metadata.roles: return # # on all machines that do not host a midonet_gateway container: send the traffic to a machine hosting a midonet gw container # if env.host_string not in metadata.roles["midonet_gateway"]: for server in metadata.servers: if server in metadata.roles["midonet_gateway"]: fip_router_ip = "%s.%s" % (metadata.config["vpn_base"], metadata.config["idx"][server]) continue # # on all machines that host a midonet gateway container: send the traffic to the midonet_gateway container on this box # else: # # SNAT the fip network # run(""" FIP_BASE="%s" DEFAULT_GW_IFACE="$(ip route show | grep 'default via' | awk -Fdev '{print $2;}' | xargs -n1 echo)" iptables -t nat -I POSTROUTING -o "${DEFAULT_GW_IFACE}" -s "${FIP_BASE}.0/24" -j MASQUERADE for RFC1918 in "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16"; do iptables -t nat -I POSTROUTING -o "${DEFAULT_GW_IFACE}" -s "${FIP_BASE}.0/24" -d "${RFC1918}" -j ACCEPT done """ % metadata.config["fip_base"]) for container in metadata.containers: if metadata.containers[container]["server"] == env.host_string: if metadata.containers[container]["role"] == "midonet_gateway": fip_router_ip = metadata.containers[container]["ip"] continue cuisine.file_append("/etc/tinc/%s/tinc-up" % metadata.config["domain"], """ # # route FIP traffic to this local container # NET="%s" NETMASK="255.255.255.0" GW="%s" if [[ "$(uname -o 2>/dev/null)" == "GNU/Linux" ]]; then /sbin/route add -net "${NET}" netmask "${NETMASK}" gw "${GW}" else /sbin/route add -net "${NET}" "${GW}" "${NETMASK}" fi """ % (metadata.config["fip_base"], fip_router_ip))
def _condition_centos_network(self): for iface in self.interfaces['add']: file_path = "/mnt/etc/sysconfig/network-scripts/ifcfg-" + iface bootp = self.interfaces['add'][iface]['bootp'] if bootp == 'dhcp': text = text_strip_margin(""" |#TEEFAA-BEGIN |# The contents below are automatically generated by Teefaa. Do not modify. |DEVICE="{iface}" |BOOTPROTO="dhcp" |NM_CONTROLLED="no" |ONBOOT="yes" |TYPE="Ethernet" |#TEEFAA-END |""".format(iface=iface)) with mode_sudo(): file_write(file_path, text) elif bootp == 'static': address = self.interfaces['add'][iface]['address'] netmask = self.interfaces['add'][iface]['netmask'] text = text_strip_margin(""" |# The contents below are automatically generated by Teefaa. Do not modify. |NM_CONTROLLED=no |BOOTPROTO=none |ONBOOT=yes |IPADDR={addr} |NETMASK={mask} |DEVICE={iface} |PEERDNS=no |""".format(iface=iface, addr=address, mask=netmask)) with mode_sudo(): file_write(file_path, text) try: gateway = self.interfaces['add'][iface]['gateway'] text = "GATEWAY=" + gateway + '\n' with mode_sudo(): file_append(file_path, text) except: pass try: dnsserver = self.interfaces['add'][iface]['dnsserver'] except: dnsserver = None if dnsserver: text = "DNS1={d}\n".format(d=dnsserver) with mode_sudo(): file_append(file_path, text)
def initialize(): """Log in to the server as root and create the initial user/group""" env.user = '******' mode_user() group_ensure(env.remote_group) user_ensure(env.remote_user, shell='/bin/bash') group_user_ensure(env.remote_user, env.remote_group) # copy local public key to user's authorized_keys for convenience if os.path.exists('~/.ssh/id_rsa.pub'): f = open('~/.ssh/id_rsa.pub', 'rb') ssh_authorize(env.remote_user, f.read()) f.close() file_append("/etc/sudoers", "%(remote_user)s ALL=(ALL) NOPASSWD:ALL\n" % env)
def ssh_pam_config(): puts(green('Setup PAM for SSHD')) # setting PAM pam_ssh = '/etc/pam.d/sshd' if not 'pam_access.so' in cuisine.file_read(pam_ssh): cuisine.file_append(pam_ssh, 'account required pam_access.so') # check SSHD config if not 'UsePAM yes' in cuisine.file_read('/etc/ssh/sshd_config'): puts(yellow('\'UserPAM no\' in sshd_config ')) # Upload download_and_upload('ssh/%s-access.conf', '/etc/security/access.conf') puts(green('Success'))
def _append_data_dir_fstab(self, file_path, device, data_num): try: data_format = self.disk_config['data']['format'] data_dir = self.disk_config['data']['dir'] if data_format == 'xfs': line = "{dev}{num} {d} xfs defaults,noatime 0 0".format( dev=device,num=data_num,d=data_dir) elif data_format in ['ext3', 'ext4']: line = "{dev}{num} {d} {f} defaults 0 0".format( dev=device,num=data_num,d=data_dir,f=data_format) else: line = "#Data partition is not mounted by Teefaa." with mode_sudo(): file_append(file_path, line+'\n') except: pass
def _condition_ubuntu_network(self): text = text_strip_margin(""" |# This file describes the network interfaces available on your system |# and how to activate them. For more information, see interfaces(5). | |# The loopback network interface |auto lo |iface lo inet loopback |""") file_path = "/mnt/etc/network/interfaces" with mode_sudo(): file_write(file_path, text) for iface in self.interfaces['add']: bootp = self.interfaces['add'][iface]['bootp'] if bootp == 'dhcp': text = text_strip_margin(""" |# {iface} |auto {iface} |iface {iface} inet dhcp |""".format(iface=iface)) with mode_sudo(): file_append(file_path, text) elif bootp == 'static': address = self.interfaces['add'][iface]['address'] netmask = self.interfaces['add'][iface]['netmask'] text = text_strip_margin(""" |# {iface} |auto {iface} |iface {iface} inet static | address {addr} | netmask {mask} |""".format(iface=iface, addr=address, mask=netmask)) with mode_sudo(): file_append(file_path, text) try: gateway = self.interfaces['add'][iface]['gateway'] except: gateway = None if gateway: text = " gateway {g}\n".format(g=gateway) with mode_sudo(): file_append(file_path, text) try: dnsserver = self.interfaces['add'][iface]['dnsserver'] except: dnsserver = None if dnsserver: text = " dns-nameservers {d}\n".format(d=dnsserver) with mode_sudo(): file_append(file_path, text) else: raise TypeError("network_config: {0} is not supported.\n".format(iface))
def upgrade_agent(): puts(green('Upgrade Agent')) # Prepare upgrade_common() # Upgrade proxy(sudo, 'yum upgrade cloudstack-agent -y') # Verify path = '/etc/cloudstack/agent/environment.properties' str = 'paths.script=/usr/share/cloudstack-common' if not str in cuisine.file_read(path): cuisine.file_append(path, '\n%s\n' % str) # Restart cuisine.upstart_stop('cloudstack-agent') sudo('killall jsvc', warn_only=True) cuisine.upstart_ensure('cloudstack-agent') puts(green('Success'))
def management(): puts(green('Setup Management Server')) # Install install_package('cloudstack-management') # Load File config = ConfigParser.SafeConfigParser() config.read(config_read_path('./config/management/db.ini')) user = config.get('cloud', 'user') password = config.get('cloud', 'password') deploy_user = config.get('deploy', 'user') deploy_password = config.get('deploy', 'password') server = config.get('deploy', 'server') if None in [ user, password, deploy_user, deploy_password, server ]: abort('Check config/agent/db.ini') # Initialize run('cloudstack-setup-databases "%s:%s@%s" "--deploy-as=%s:%s"' % (user, password, server, deploy_user, deploy_password)) tmp = 'Defaults:cloud !requiretty' if not '\n' + tmp in cuisine.file_read('/etc/sudoers'): cuisine.file_append('/etc/sudoers', '\nDefaults:cloud !requiretty\n') run('cloudstack-setup-management') sudo('chkconfig cloudstack-management on') sudo('chown cloud:cloud /var/log/cloudstack/management/catalina.out') # NFS Client for service in [ 'rpcbind', 'nfs' ]: cuisine.upstart_ensure(service) sudo('chkconfig %s on' % service) # Setting Storage cuisine.dir_ensure('/mnt/primary', recursive=True) cuisine.dir_ensure('/mnt/secondary', recursive=True) config.read(config_read_path('./config/management/nfs.ini')) nfs_primary_path = config.get('primary', 'path') nfs_primary_ip = config.get('primary', 'ipaddr') nfs_secondary_path = config.get('secondary', 'path') nfs_secondary_ip = config.get('secondary', 'ipaddr') if None in [ nfs_primary_path, nfs_primary_ip, nfs_secondary_path, nfs_secondary_ip ]: abort('Check config/agent/nfs.ini') sudo('mount -t nfs %s:%s /mnt/primary' % (nfs_primary_ip, nfs_primary_path)) sleep(5) sudo('mount -t nfs %s:%s /mnt/secondary' % (nfs_secondary_ip, nfs_secondary_path)) sleep(5) sudo('rm -rf /mnt/primary/*') sudo('rm -rf /mnt/secondary/*') proxy(sudo, '/usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt -m /mnt/secondary -u http://d21ifhcun6b1t2.cloudfront.net/templates/4.2/systemvmtemplate-2013-06-12-master-kvm.qcow2.bz2 -h kvm -F') sudo('sync') for dir in [ '/mnt/primary', '/mnt/secondary' ]: sudo('umount %s' % dir) sudo('rmdir %s' % dir) puts(green('Success'))
def tinc_stage3_fip_routing(): # # do not run this code if you are working with physical midonet gateways for a demo # if "midonet_gateway" not in metadata.roles: return # # on all machines that do not host a midonet_gateway container: send the traffic to a machine hosting a midonet gw container # if env.host_string not in metadata.roles["midonet_gateway"]: for server in metadata.servers: if server in metadata.roles["midonet_gateway"]: fip_router_ip = "%s.%s" % (metadata.config["vpn_base"], metadata.config["idx"][server]) continue # # on all machines that host a midonet gateway container: send the traffic to the midonet_gateway container on this box # else: # # SNAT the fip network # run(""" FIP_BASE="%s" DEFAULT_GW_IFACE="$(ip route show | grep 'default via' | awk -Fdev '{print $2;}' | xargs -n1 echo)" iptables -t nat -I POSTROUTING -o "${DEFAULT_GW_IFACE}" -s "${FIP_BASE}.0/24" -j MASQUERADE for RFC1918 in "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16"; do iptables -t nat -I POSTROUTING -o "${DEFAULT_GW_IFACE}" -s "${FIP_BASE}.0/24" -d "${RFC1918}" -j ACCEPT done """ % metadata.config["fip_base"]) for container in metadata.containers: if metadata.containers[container]["server"] == env.host_string: if metadata.containers[container]["role"] == "midonet_gateway": fip_router_ip = metadata.containers[container]["ip"] continue cuisine.file_append( "/etc/tinc/%s/tinc-up" % metadata.config["domain"], """ # # route FIP traffic to this local container # NET="%s" NETMASK="255.255.255.0" GW="%s" if [[ "$(uname -o 2>/dev/null)" == "GNU/Linux" ]]; then /sbin/route add -net "${NET}" netmask "${NETMASK}" gw "${GW}" else /sbin/route add -net "${NET}" "${GW}" "${NETMASK}" fi """ % (metadata.config["fip_base"], fip_router_ip))
def profile_conf(): notify('Configuring .profile settings.') profile = cuisine.text_template(templates.profile, MACHINE) cuisine.file_append(MACHINE['OWNER_PROFILE'], profile) run('source ' + MACHINE['OWNER_PROFILE'])