def start_nagios(): ''' Starts Nagios on VM and sets up Nagios as upstart job. ''' cuisine.file_upload('/usr/local/nagios/etc/objects/commands.cfg','nrpe_commands.cfg', sudo=True) cuisine.sudo('ln -sf /etc/init.d/nagios /etc/rcS.d/S99nagios') cuisine.sudo('/etc/init.d/nagios start')
def tinc_stage3_private_key(): run("mkdir -pv /etc/tinc") cuisine.file_write("/etc/tinc/nets.boot", metadata.config["domain"]) run(""" DOMAIN="%s" mkdir -pv "/etc/tinc/${DOMAIN}/hosts" for CMD in up down; do touch "/etc/tinc/${DOMAIN}/tinc-${CMD}" chmod 0755 "/etc/tinc/${DOMAIN}/tinc-${CMD}" done PRIVKEY="/etc/tinc/${DOMAIN}/rsa_key.priv" """ % metadata.config["domain"]) cuisine.file_upload( "/etc/tinc/%s/rsa_key.priv" % metadata.config["domain"], "%s/%s/rsa_key.priv" % (os.environ["TMPDIR"], env.host_string)) run(""" chmod 0600 /etc/tinc/%s/rsa_key.priv """ % metadata.config["domain"])
def upload_file(remote_location, local_location, sudo=False): """ Fabric task to upload a file to a VM. """ cuisine.file_upload(remote_location, local_location, sudo=sudo) cuisine.file_ensure(remote_location)
def provision_file_upload(path, **kwargs): """ Find the file in the deploy dir, upload it and set attributes """ f = os.path.join(env.local_path, env.provision_dir, env.role, path[1:]) if not os.path.exists(f): abort('Local file not found: %s' % f) file_upload(path, f) file_attribs(path, **kwargs)
def install(filename, user="******", append=False): """ Installs crontab from a given cronfile """ new_crontab = fab.run("mktemp fabixcron.XXXX") cuisine.file_upload(new_crontab, filename) if append is True: # When user have no crontab, then crontab command returns 1 error code with fab.settings(warn_only=True): fab.sudo("crontab -u {} -l 2> /dev/null | awk '!x[$0]++{{print $0}}' >> {}".format(user, new_crontab)) fab.sudo("crontab -u {} {}".format(user, new_crontab))
def setup_apache(): # apache: vhost file_upload('/etc/apache2/sites-available/%s' % project_name, 'assets/vhost.conf') file_link('/etc/apache2/sites-available/%s' % project_name, '/etc/apache2/sites-enabled/%s' % project_name) # apache: enable mod_rewrite run('a2enmod rewrite') # apache: restart run('service apache2 restart')
def install(filename, user="******", append=False): """ Installs crontab from a given cronfile """ new_crontab = fab.run("mktemp fabixcron.XXXX") cuisine.file_upload(new_crontab, filename) if append is True: # When user have no crontab, then crontab command returns 1 error code with fab.settings(warn_only=True): fab.sudo( "crontab -u {} -l 2> /dev/null | awk '!x[$0]++{{print $0}}' >> {}" .format(user, new_crontab)) fab.sudo("crontab -u {} {}".format(user, new_crontab))
def copy_source(): local('git archive $(git symbolic-ref HEAD 2>/dev/null) ' '| bzip2 > /tmp/app_name.tar.bz2') remote_filename = '/tmp/app_name.tar.bz2' code_dir = '~/app_name' sudo('rm -rf %s' % code_dir) if cuisine.file_exists(remote_filename): sudo('rm %s' % remote_filename) cuisine.file_upload(remote_filename, '/tmp/app_name.tar.bz2') with cuisine.mode_sudo(): run('mkdir -p %s' % code_dir) cuisine.file_attribs(remote_filename) run('tar jxf %s -C %s' % (remote_filename, code_dir)) run('rm %s' % (remote_filename,))
def setup(): """ Main setup""" puts(green('-> Configuring SSHD')) cuisine.sudo('sed -i "s/LoginGraceTime 120/LoginGraceTime 30/g" /etc/ssh/sshd_config') cuisine.sudo('sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config') puts(green('-> Restart SSHD')) cuisine.sudo('/etc/init.d/ssh restart') if cuisine.user_check('vagrant') and not cuisine.file_exists('/home/vagrant/.tmux.conf'): puts(green('-> Creating tmux config')) cuisine.file_upload('/home/vagrant/.tmux.conf', './provision/config/tmux.conf', sudo='vagrant')
def install_nagiosbpi(): cuisine.sudo('rm -rf /tmp/nagios-nagiosbpi') cuisine.run('git clone git://git.code.sf.net/p/nagios/nagiosbpi /tmp/nagios-nagiosbpi') cuisine.run('cp -R /tmp/nagios-nagiosbpi/nagiosbpi /usr/local/nagios/share') cuisine.sudo('mkdir -p /usr/local/nagios/share/nagiosbpi/tmp') chmod_file('o+rx', '/usr/local/nagios/share/nagiosbpi/config_functions') chmod_file('o+rx', '/usr/local/nagios/share/nagiosbpi/functions') chmod_file('o+rx', '/usr/local/nagios/share/nagiosbpi/images') chmod_file('o+rx', '/usr/local/nagios/share/nagiosbpi/tmp') chmod_file('o+rxw', '/usr/local/nagios/share/nagiosbpi/tmp') cuisine.file_upload('/usr/local/nagios/share/nagiosbpi/constants.conf', 'constants.conf', sudo=True) chmod_file('+x', '/usr/local/nagios/share/nagiosbpi/set_bpi_perms.sh') chmod_file('777', '/usr/local/nagios/share/nagiosbpi/bpi.conf') chmod_file('-R 777', '/usr/local/nagios/share/nagiosbpi/tmp') chmod_file('+x', '/usr/local/nagios/share/nagiosbpi/check_bpi.php')
def copy_source(): '''archive the git source and copy it''' local('git archive $(git symbolic-ref HEAD 2>/dev/null)' ' | bzip2 > /tmp/%s.tar.bz2' % APP_NAME) remote_filename = '/tmp/%s.tar.bz2' % APP_NAME code_dir = '/home/%s/CODE' % APP_NAME sudo('rm -rf %s' % code_dir) if cuisine.file_exists(remote_filename): sudo('rm %s' % remote_filename) cuisine.file_upload( remote_filename, '/tmp/%s.tar.bz2' % APP_NAME) with cuisine.mode_sudo(): run('mkdir -p %s' % code_dir) cuisine.file_attribs(remote_filename) run('tar jxf %s -C %s' % (remote_filename, code_dir)) run('rm %s' % (remote_filename,))
def utils_ssl_cert_install(): """ Create the ssl directory, upload the certs and create a combined cert """ source_dir = prompt("ssl key file directory") dest_dir = "/svr/ssl" source_file_list = local("ls {}".format(source_dir), capture=True).split("\n") cmd_crt_comb = "cat {dest_dir}/{site_name}.crt {}/geo_trust_intermediate.crt > {dest_dir}/{site_name}.crt" with cuisine.mode_sudo(): cuisine.dir_ensure("/svr/ssl/", recursive=True) cuisine.dir_attribs(dest_dir, mode="0400") for fl in source_file_list: cuisine.file_upload(dest_dir, "{}/{}".format(source_dir, fl)) cuisine.file_attribs("{}/{}".format(dest_dir, fl), mode="0400") sudo(cmd_crt_comb.format(dest_dir=dest_dir, site_name=env.site_name))
def deploy_bundle(local_path, deploy_path, file_name='bunle', branch='master', remote='bundle'): """ deploys Git bundle and setup repository usage from command line: fab deploy_bundle:<local-path>,<deploy-path> """ mode_local() local_bundle_dir = os.path.join(os.path.join(local_path, 'temp')) local_bundle_file = os.path.join(local_bundle_dir, file_name) bundle_file_names = git_bundle(local_path, local_bundle_file) if not bundle_file_names: return mode_remote() remote_bundle_dir = os.path.join(deploy_path, 'temp') dir_ensure(remote_bundle_dir) main_bundle_file = None for bundle_file_name in bundle_file_names: local_bundle_file = os.path.join(local_bundle_dir, bundle_file_name) remote_bundle_file = os.path.join(remote_bundle_dir, bundle_file_name) if not main_bundle_file: main_bundle_file = remote_bundle_file file_upload(remote_bundle_file, local_bundle_file) git_unbundle(main_bundle_file, deploy_path, branch, force=True, remote=remote)
def install(): """ Install git packages """ puts(green('-> Installing gitolite')) cuisine.package_ensure('gitolite') puts(green('-> Creating git user')) cuisine.user_ensure('git') puts(green('-> Uploading admin public key')) public_key = raw_input('Enter path of your public key: ') cuisine.file_upload('/tmp/admin.pub', public_key) puts(green('-> Configuring gitolite')) puts(red('== Options for wizard ')) puts(red('== user -> git ')) puts(red('== path -> /home/git/ ')) puts(red('== key -> /tmp/admin.pub ')) raw_input('Press enter to continue') cuisine.sudo('dpkg-reconfigure gitolite')
def setup_yokozuna(): packages_install('java-1.7.0-openjdk-devel') cuisine.dir_ensure('src') with cd('src'): filename = 'riak-yokozuna-0.6.0-src.tar.gz' if not os.path.exists(filename): local('curl -O http://data.riakcs.net:8080/yokozuna/riak-yokozuna-0.6.0-src.tar.gz') cuisine.file_upload(filename, filename) run('tar zxvf riak-yokozuna-0.6.0-src.tar.gz') with cd('riak-yokozuna-0.6.0-src'): run('make') run('make stage') run("sed -e '/{yokozuna,/,/]}/{s/{enabled, false}/{enabled, true}/;}' -i.back rel/riak/etc/app.config")
def install_nginx_site_conf(version, nginx_file, context=None): """Install nginx config per site.""" if not os.path.exists(nginx_file): abort("Nginx conf {0} not found".format(nginx_file)) site_name = os.path.basename(nginx_file) install_dir = os.path.join(_INSTALL_DIR, 'nginx', version) conf_file = os.path.join(install_dir, 'conf', 'sites-enabled', site_name) if context: tpl_content = open(nginx_file, 'rb').read() content = text_template(tpl_content, context) with mode_sudo(): file_write(conf_file, content) else: with mode_sudo(): file_upload(conf_file, nginx_file)
def put_site_conf(nginx_file, context=None): """Install nginx config per site.""" version = get_config()['version'] if not os.path.exists(nginx_file): fab.abort("Nginx conf {0} not found".format(nginx_file)) site_name = os.path.basename(nginx_file) install_dir = os.path.join(_INSTALL_DIR, 'nginx', version) conf_file = os.path.join(install_dir, 'conf', 'sites-enabled', site_name) if context: tpl_content = open(nginx_file, 'rb').read() content = cuisine.text_template(tpl_content, context) with cuisine.mode_sudo(): cuisine.file_write(conf_file, content) else: with cuisine.mode_sudo(): cuisine.file_upload(conf_file, nginx_file)
def push_file(self, local_name, remote_name, owner, group, perms=None): ''' Copy a file to a remote server if the file is different or doesn't exist. :type local_name: string :param local_name: path within packages dir of file to upload (path + filename) :type remote_name: string :param remote_name: remote path to write file to (path + filename) :type owner: string :param owner: owner of the file :type group: string :param group: group of the file :type perms: string :param perms: permissions for the file, ie. '655' ''' local_name = os.path.join(self.settings["package_dir"], local_name) cuisine.file_upload(remote_name, local_name) if not perms: perms = self.get_local_file_perms(local_name) cuisine.file_attribs( remote_name, mode=perms, owner=owner, group=group)
def _upload(local, remote): if not os.path.isfile(local): return False cuisine.file_upload(remote, local) puts(yellow('Upload: %s ==> %s' % (local, remote))) return True
def upload_file(remote_location, local_location, sudo=False): cuisine.file_upload(remote_location, local_location, sudo=sudo) cuisine.file_ensure(remote_location)
def upload_erlang(version): filename = 'otp_src_{0}.tar.gz'.format(version) if not os.path.exists(filename): local('curl -O http://download.basho.co.jp.cs-ap-e1.ycloud.jp/download/otp_src_{0}.tar.gz'.format(version)) cuisine.file_upload(filename, filename)
def stage7_test_connectivity(): metadata = Config(os.environ["CONFIGFILE"]) if cuisine.file_exists("/tmp/.%s.lck" % sys._getframe().f_code.co_name): return if not "container_midonet_gateway" in metadata.roles: if "connect_script" in metadata.config: if not cuisine.file_exists("/tmp/.%s.connect_script.lck" % sys._getframe().f_code.co_name): cuisine.file_upload( "/tmp/%s" % metadata.config["connect_script"], "%s/../conf/%s" % (os.environ["TMPDIR"], metadata.config["connect_script"])) puts( green("running connect script: %s" % metadata.config["connect_script"])) run("/bin/bash /tmp/%s" % metadata.config["connect_script"]) cuisine.file_write( "/tmp/.%s.connect_script.lck" % sys._getframe().f_code.co_name, "xoxo") run(""" if [[ "%s" == "True" ]] ; then set -x; fi FIP_BASE="%s" source /etc/keystone/KEYSTONERC_ADMIN 2>/dev/null || source /etc/keystone/admin-openrc.sh neutron floatingip-list | grep "${FIP_BASE}" || neutron floatingip-create public FIP_ID="$(neutron floatingip-list | grep "${FIP_BASE}" | awk -F'|' '{print $2;}' | xargs -n1 echo)" INSTANCE_IP="" for i in $(seq 1 100); do INSTANCE_ALIVE="$(nova list | grep test | grep ACTIVE)" if [[ "" == "${INSTANCE_ALIVE}" ]]; then sleep 1 else break fi done if [[ "" == "${INSTANCE_ALIVE}" ]]; then echo "instance not alive after 100 seconds, this is not good." exit 1 fi INSTANCE_IP="$(nova list --field name | grep test | awk -F'|' '{print $2;}' | xargs -n1 echo | xargs -n1 nova show | grep 'internal network' | awk -F'|' '{print $3;}' | xargs -n1 echo)" NOVA_PORT_ID="$(neutron port-list --field id --field fixed_ips | grep "${INSTANCE_IP}" | awk -F'|' '{print $2;}' | xargs -n1 echo)" neutron floatingip-list --field fixed_ip_address | grep "${INSTANCE_IP}" || neutron floatingip-associate "${FIP_ID}" "${NOVA_PORT_ID}" neutron floatingip-list """ % (metadata.config["debug"], metadata.config["fip_base"])) run(""" source /etc/keystone/KEYSTONERC_ADMIN 2>/dev/null || source /etc/keystone/admin-openrc.sh FIP="$(neutron floatingip-list --field floating_ip_address --format csv --quote none | grep -v ^floating_ip_address)" for i in $(seq 1 120); do </dev/null ssh -q -o BatchMode=yes -o StrictHostKeyChecking=no -o ConnectTimeout=2 -i /root/.ssh/id_rsa_nova "cirros@${FIP}" uptime && break || true sleep 1 done ping -c9 "${FIP}" """) cxx = [] cxx.append('wget -O/dev/null http://www.midokura.com') cxx.append('ping -c3 www.midokura.com') cxx.append('ping -c3 www.google.com') for cxc in cxx: puts(green("trying to run command [%s] in testvm" % cxc)) run(""" source /etc/keystone/KEYSTONERC_ADMIN 2>/dev/null || source /etc/keystone/admin-openrc.sh FIP="$(neutron floatingip-list --field floating_ip_address --format csv --quote none | grep -v ^floating_ip_address | head -n1)" </dev/null ssh -o BatchMode=yes -o StrictHostKeyChecking=no -o ConnectTimeout=5 -i /root/.ssh/id_rsa_nova "cirros@${FIP}" -- %s """ % cxc) cuisine.file_write("/tmp/.%s.lck" % sys._getframe().f_code.co_name, "xoxo")
def stage7_test_connectivity(): metadata = Config(os.environ["CONFIGFILE"]) if cuisine.file_exists("/tmp/.%s.lck" % sys._getframe().f_code.co_name): return if not "container_midonet_gateway" in metadata.roles: if "connect_script" in metadata.config: if not cuisine.file_exists("/tmp/.%s.connect_script.lck" % sys._getframe().f_code.co_name): cuisine.file_upload("/tmp/%s" % metadata.config["connect_script"], "%s/../conf/%s" % (os.environ["TMPDIR"], metadata.config["connect_script"])) puts(green("running connect script: %s" % metadata.config["connect_script"])) run("/bin/bash /tmp/%s" % metadata.config["connect_script"]) cuisine.file_write("/tmp/.%s.connect_script.lck" % sys._getframe().f_code.co_name, "xoxo") run(""" if [[ "%s" == "True" ]] ; then set -x; fi FIP_BASE="%s" source /etc/keystone/KEYSTONERC_ADMIN 2>/dev/null || source /etc/keystone/admin-openrc.sh neutron floatingip-list | grep "${FIP_BASE}" || neutron floatingip-create public FIP_ID="$(neutron floatingip-list | grep "${FIP_BASE}" | awk -F'|' '{print $2;}' | xargs -n1 echo)" INSTANCE_IP="" for i in $(seq 1 100); do INSTANCE_ALIVE="$(nova list | grep test | grep ACTIVE)" if [[ "" == "${INSTANCE_ALIVE}" ]]; then sleep 1 else break fi done if [[ "" == "${INSTANCE_ALIVE}" ]]; then echo "instance not alive after 100 seconds, this is not good." exit 1 fi INSTANCE_IP="$(nova list --field name | grep test | awk -F'|' '{print $2;}' | xargs -n1 echo | xargs -n1 nova show | grep 'internal network' | awk -F'|' '{print $3;}' | xargs -n1 echo)" NOVA_PORT_ID="$(neutron port-list --field id --field fixed_ips | grep "${INSTANCE_IP}" | awk -F'|' '{print $2;}' | xargs -n1 echo)" neutron floatingip-list --field fixed_ip_address | grep "${INSTANCE_IP}" || neutron floatingip-associate "${FIP_ID}" "${NOVA_PORT_ID}" neutron floatingip-list """ % ( metadata.config["debug"], metadata.config["fip_base"] )) run(""" source /etc/keystone/KEYSTONERC_ADMIN 2>/dev/null || source /etc/keystone/admin-openrc.sh FIP="$(neutron floatingip-list --field floating_ip_address --format csv --quote none | grep -v ^floating_ip_address)" for i in $(seq 1 120); do </dev/null ssh -q -o BatchMode=yes -o StrictHostKeyChecking=no -o ConnectTimeout=2 -i /root/.ssh/id_rsa_nova "cirros@${FIP}" uptime && break || true sleep 1 done ping -c9 "${FIP}" """) cxx=[] cxx.append('wget -O/dev/null http://www.midokura.com') cxx.append('ping -c3 www.midokura.com') cxx.append('ping -c3 www.google.com') for cxc in cxx: puts(green("trying to run command [%s] in testvm" % cxc)) run(""" source /etc/keystone/KEYSTONERC_ADMIN 2>/dev/null || source /etc/keystone/admin-openrc.sh FIP="$(neutron floatingip-list --field floating_ip_address --format csv --quote none | grep -v ^floating_ip_address | head -n1)" </dev/null ssh -o BatchMode=yes -o StrictHostKeyChecking=no -o ConnectTimeout=5 -i /root/.ssh/id_rsa_nova "cirros@${FIP}" -- %s """ % cxc) cuisine.file_write("/tmp/.%s.lck" % sys._getframe().f_code.co_name, "xoxo")
def upload_config(config_path, target_path): file_upload(target_path, config_path)
def install_nagiosgraph(): cuisine.run('svn checkout --force http://svn.code.sf.net/p/nagiosgraph/code/trunk /tmp/nagiosgraph-code') cuisine.sudo('mkdir -p /opt/nagiosgraph/etc') cuisine.sudo('cp /tmp/nagiosgraph-code/nagiosgraph/lib/insert.pl /usr/local/nagios/libexec/insert.pl') cuisine.sudo('chown nagios.nagios /usr/local/nagios/libexec/insert.pl') cuisine.sudo('cp /tmp/nagiosgraph-code/nagiosgraph/cgi/*.cgi /usr/local/nagios/sbin') cuisine.sudo('chown -R nagios.nagios /usr/local/nagios/sbin') cuisine.sudo('cp /tmp/nagiosgraph-code/nagiosgraph/share/nagiosgraph.css /usr/local/nagios/share') cuisine.sudo('cp /tmp/nagiosgraph-code/nagiosgraph/share/nagiosgraph.js /usr/local/nagios/share') cuisine.sudo('chown -R nagios.nagios /usr/local/nagios/share') cuisine.sudo('cp /tmp/nagiosgraph-code/nagiosgraph/etc/* /opt/nagiosgraph/etc') # cuisine.sudo('mkdir -p /opt/nagiosgraph/etc/map') # cuisine.sudo('cp -r /tmp/nagiosgraph-code/nagiosgraph/etc/map/* /opt/nagiosgraph/etc/map') cuisine.file_upload('/opt/nagiosgraph/etc/nagiosgraph.conf','nagiosgraph.conf',sudo=True) cuisine.file_upload('/usr/local/nagios/etc/nagios.cfg','nagios.cfg',sudo=True) cuisine.file_upload('/usr/local/nagios/etc/objects/commands.cfg','commands.cfg',sudo=True) cuisine.file_upload('/usr/local/nagios/etc/objects/graphed_service.cfg','graphed_service.cfg',sudo=True) cuisine.sudo('mkdir -p /var/nagios') cuisine.sudo('chown nagios.nagios /var/nagios') cuisine.sudo('chmod 775 /var/nagios') cuisine.sudo('mkdir -p /var/nagios/rrd') cuisine.sudo('chown nagios.nagios /var/nagios/rrd') cuisine.sudo('chmod 775 /var/nagios/rrd') cuisine.sudo('touch /var/log/nagiosgraph.log') cuisine.sudo('chown nagios.nagios /var/log/nagiosgraph.log') cuisine.sudo('chmod 664 /var/log/nagiosgraph.log') cuisine.sudo('touch /var/log/nagiosgraph-cgi.log') cuisine.sudo('chown nagios.nagios /var/log/nagiosgraph-cgi.log') cuisine.sudo('chmod 664 /var/log/nagiosgraph-cgi.log') cuisine.sudo('cp /tmp/nagiosgraph-code/nagiosgraph/share/graph.gif /usr/local/nagios/share/images/action.gif') cuisine.file_upload('/usr/local/nagios/share/ssi/common-header.ssi', 'common-header.ssi', sudo=True) cuisine.file_upload('/usr/local/nagios/share/side.php', 'side.php', sudo=True)