def configure_apache(): put("conf/matt_cv","/etc/apache2/sites-available/matt_cv",use_sudo=True) # Make sure port 8001 is enabled files.comment("/etc/apache2/ports.conf","NameVirtualHost *:8001",use_sudo=True) files.comment("/etc/apache2/ports.conf","Listen 8001",use_sudo=True)
def setup_kiosk(): """ set up kiosk parts based on https://www.danpurdy.co.uk/web-development/raspberry-pi-kiosk-screen-tutorial/ or http://www.raspberry-projects.com/pi/pi-operating-systems/raspbian/gui/auto-run-browser-on-startup """ with hide("running", "stderr"): #@xscreensaver -no-splash comment("/etc/xdg/lxsession/LXDE-pi/autostart", "@xscreensaver -no-splash", use_sudo=True) append("/etc/xdg/lxsession/LXDE-pi/autostart", "@xset s off", use_sudo=True, escape=True) append("/etc/xdg/lxsession/LXDE-pi/autostart", "@xset -dpms", use_sudo=True, escape=True) append("/etc/xdg/lxsession/LXDE-pi/autostart", "@xset s noblank", use_sudo=True, escape=True) append("/etc/xdg/lxsession/LXDE-pi/autostart", """@sed -i 's/"exited_cleanly": false/"exited_cleanly": true/' ~/.config/chromium/Default/Preferences""", use_sudo=True, escape=True) #auto start if not contains("/etc/xdg/lxsession/LXDE-pi/autostart", "@chromium --noerrdialogs --kiosk http://www.page-to.display --incognito", use_sudo=True, escape=True): append("/etc/xdg/lxsession/LXDE-pi/autostart", "@chromium --noerrdialogs --kiosk http://dashingdemo.herokuapp.com/sample --incognito", use_sudo=True, escape=True)
def oldVolumeDetach(self): env.use_ssh_config = True try: with settings(warn_only = True, host_string = self.ip): if not DRY and self.old_volume_id: sudo('umount {0}'.format(MOUNT_POINT)) ## comment out old record in fstab uuid = sudo('lsblk -l -o NAME,UUID,MOUNTPOINT |grep "{0}" | cut -f2 -d" "'.format(MOUNT_POINT)) if len(uuid) == 36: files.comment('/etc/fstab', 'UUID={0}.*'.format(uuid), use_sudo=True, char='# ') sudo('vgchange -an {0}'.format(VOLUME_DEFAULTS['vg_name'])) volume = self.conn.get_all_volumes(volume_ids=(self.old_volume_id))[0] volume.detach() if DELETEOLD: n = 0 while n < SLEEP: try: volume.delete() break except boto.exception.EC2ResponseError: n += 10 time.sleep(10) continue return volume.add_tags({'instance': self.name, 'date': time.strftime('%Y-%m-%d-%H:%M')}) except Exception as e: raise
def configure_postgres(): """Upload Postgres configuration from ``etc/`` and restart the server.""" version = sudo("psql --version | grep -ro '[8-9].[0-9]'") conf_dir_prefix = "/etc/postgresql/%s/" % version # pg_hba.conf comment('/etc/postgresql/%s/main/pg_hba.conf' % version, 'local all postgres ident', use_sudo=True) sed('/etc/postgresql/%s/main/pg_hba.conf' % version, 'local all all ident', 'local all all md5', use_sudo=True) # postgres.conf uncomment(conf_dir_prefix + 'main/postgresql.conf', '#autovacuum = on', use_sudo=True) uncomment(conf_dir_prefix + 'main/postgresql.conf', '#track_activities = on', use_sudo=True) uncomment(conf_dir_prefix + 'main/postgresql.conf', '#track_counts = on', use_sudo=True) sed(conf_dir_prefix + 'main/postgresql.conf', "#listen_addresses", "listen_addresses", use_sudo=True) # restart server sudo('/etc/init.d/postgresql-%s restart || /etc/init.d/postgresql restart ' % version)
def fab_criar_crons(self): ''' Insere tarefa definida em ../cron/cronconf no crontab do servidor ''' crontab_location = '/etc/crontab' with cd(env.code_root): if os.path.exists('cron'): from cron.cronconf import CRONS import re sudo('chmod 646 ' + crontab_location) for cron in CRONS: if cron['comando_de_projeto'] and not cron['django_management']: linha_cron = cron['tempo'] + ' ' + cron['usuario'] + ' ' + env.code_root +'/'+ cron['comando'] else: if cron['comando_de_projeto'] and cron['django_management']: linha_cron = cron['tempo'] + ' ' + cron['usuario'] + ' /usr/bin/python ' + env.code_root + '/' + cron['comando'] + ' --settings=med_alliance.settings.' + env.ambiente else: linha_cron = cron['tempo'] + ' ' + cron['usuario'] + ' ' + cron['comando'] if cron['ligado']: if not contains(crontab_location, re.escape(linha_cron)): append(crontab_location, linha_cron, use_sudo=False) else: uncomment(crontab_location, re.escape(linha_cron)) else: if contains(crontab_location, re.escape(linha_cron)): comment(crontab_location, re.escape(linha_cron)) sudo('chmod 644 ' + crontab_location)
def _decommission_host(host): files.comment( '/etc/nginx/sites-available/{}_commcare'.format(env.deploy_env), '^[ ]*server[ ]+{}'.format(host), use_sudo=True, ) _check_and_reload_nginx()
def base(): "Installs & configures Git / EtcKeeper / DenyHosts" with settings(hide('stdout')): # Require require.deb.packages([ 'etckeeper', 'git', 'denyhosts', ]) # git sudo('git config --global user.name "DevOp"') sudo('git config --global user.email admin@{}'.format(env.host)) # etckeeper conf_file = '/etc/etckeeper/etckeeper.conf' comment(conf_file, 'VCS="bzr"', use_sudo=True, backup='') uncomment(conf_file, 'VCS="git"', use_sudo=True, backup='') sudo('etckeeper init') sudo('etckeeper commit "Initial commit."') # denyhosts conf_file = '/etc/denyhosts.conf' comment(conf_file, 'BLOCK_SERVICE\s*=\s*sshd', use_sudo=True, backup='') uncomment(conf_file, 'BLOCK_SERVICE\s*=\s*ALL', use_sudo=True, backup='') sed(conf_file, 'DENY_THRESHOLD_INVALID\s*=\s*5' , 'DENY_THRESHOLD_INVALID = 3', use_sudo=True, backup='') sed(conf_file, 'DENY_THRESHOLD_VALID\s*=\s*10' , 'DENY_THRESHOLD_VALID = 3', use_sudo=True, backup='') sed(conf_file, 'DENY_THRESHOLD_ROOT\s*=\s*1' , 'DENY_THRESHOLD_ROOT = 3', use_sudo=True, backup='') sudo('etckeeper commit "Auto-config DenyHosts.conf."')
def mongodb(version='2.6.4'): deb.key('7F0CEB10', keyserver='keyserver.ubuntu.com') deb.source('mongodb', 'http://downloads-distro.mongodb.org/repo/ubuntu-upstart', 'dist', '10gen') deb.package('mongodb-org', version=version, update=False) comment("/etc/mongod.conf", "^bind_ip.*", char='#', use_sudo=True) run('sudo service mongod restart')
def set_maintanance_mode(self, on=True): settings_local_path = self.project_path + 'settings_local.py' if on: uncomment(settings_local_path, r'MAINTENANCE_MODE.*') else: comment(settings_local_path, r'MAINTENANCE_MODE.*')
def initialize_postgres(): """Initialize the main database.""" version = sudo("psql --version | grep -ro '[8-9].[0-9]'") conf_dir_prefix = "/etc/postgresql/%s/" % version # temporarily allow root access from localhost sudo('mv /etc/postgresql/%s/main/pg_hba.conf /etc/postgresql/%s/main/pg_hba.conf.bak' % (version, version)) sudo('echo "local all postgres ident" > /etc/postgresql/%s/main/pg_hba.conf' % version) sudo('cat /etc/postgresql/%s/main/pg_hba.conf.bak >> /etc/postgresql/%s/main/pg_hba.conf' % (version, version)) sudo('service postgresql-%s restart || /etc/init.d/postgresql restart ' % version) # set password password = prompt('Enter a new database password for user `postgres`:') sudo('psql template1 -c "ALTER USER postgres with encrypted password \'%s\';"' % password, user='******') # configure daily dumps of all databases with mode_sudo(): dir_ensure('/var/backups/postgresql', recursive=True) sudo("echo 'localhost:*:*:postgres:%s' > /root/.pgpass" % password) sudo('chmod 600 /root/.pgpass') sudo("echo '0 7 * * * pg_dumpall --username postgres --file /var/backups/postgresql/postgresql_$(date +%%Y-%%m-%%d).dump' > /etc/cron.d/pg_dump") # remove temporary root access comment('/etc/postgresql/%s/main/pg_hba.conf' % version, 'local all postgres ident', use_sudo=True) sudo('service postgresql%s restart || /etc/init.d/postgresql restart' % version)
def authorize_remove(username, publickeyfile): ''' args: (remote) username, (local) publickeyfile; remove publickeyfile entries from authorized_keys of user''' authorized_file = __get_authorized_file(username) keys = __get_authorized_keys(publickeyfile) for key in keys: if contains_exact(authorized_file, key, use_sudo=True): warn("public key exists, commeting it out") comment(authorized_file, key, use_sudo=True)
def config_ntp_chrony_sync(): sudo('apt-get -y install chrony') comment('/etc/chrony/chrony.conf', 'server ..debian.pool.ntp.org', use_sudo=True, char='#', backup='.bak') append('/etc/chrony/chrony.conf', ntpUsPool, True) sudo('service chrony restart')
def setup_etckeeper(): if not is_installed('etckeeper'): sudo('apt-get install git etckeeper -y') comment('/etc/etckeeper/etckeeper.conf', 'VCS="bzr"', use_sudo=True) uncomment('/etc/etckeeper/etckeeper.conf', 'VCS="git"', use_sudo=True) sudo('etckeeper init') sudo('etckeeper commit -m "Initial commit."') else: print("skip, etckeeper is already installed!")
def debug(param="on"): """Toogle DEBUG variable in local_settings.py""" with cd(env.path): config_path = '{vhost_path}/config/local_settings.py'.format(**env) if param == "on": uncomment(config_path, r'(DEBUG)') else: comment(config_path, r'^(DEBUG)') execute(restart_webserver)
def configure_postgresql(): pg_hba = "/etc/postgresql/8.4/main/pg_hba.conf" params = { "db_name": getattr(env, "db_name", env.project_name), "db_user": getattr(env, "db_user", env.project_name), } append(pg_hba, "local {db_name} {db_user} password".format(**params), use_sudo=True) comment(pg_hba, "local all all ident", use_sudo=True) sudo("service postgresql restart")
def node_config(): """ Basic system setup """ if not exists('/usr/sbin/ntpdate'): sudo('apt-get -y install ntpdate') if not exists('/usr/bin/sshfs'): # handy to copy files onto the cluster sudo('apt-get -y install sshfs') put('files/interfaces', '/etc/network/interfaces', use_sudo=True) upload_template('files/hadoop.sh', '/etc/profile.d/hadoop.sh', context={'hadoop_home': HADOOP_INSTALL}, use_sudo=True) run('mkdir -m 0755 -p ~/bin') upload_template('files/exec-all.sh', 'bin/exec-all', context={'slaves_list': ' '.join(SLAVES)}, mode=0755) if exists('python_games'): run('rm -rf python_games') if not exists('/usr/share/pam-configs/systemd'): sudo('apt-get -y install libpam-systemd') # Hadoop user if failure('egrep -q "^hadoop:" /etc/passwd'): sudo('adduser --system --shell=/bin/bash --home /home/hadoop --group --disabled-password hadoop') #sudo('chsh -s /bin/bash hadoop') sudo('grep -q "^supergroup" /etc/group || groupadd supergroup') sudo('usermod -a -G supergroup pi') sudo('usermod -a -G supergroup hadoop') # mount USB key (formatted "mkfs.ext4 -L HADOOP") append('/etc/fstab', 'LABEL=HADOOP /hadoop ext4 defaults,relatime,noauto 0 0', use_sudo=True) append('/etc/rc.local', 'mount /hadoop || true', use_sudo=True) append('/etc/rc.local', 'chown hadoop:hadoop /hadoop || true', use_sudo=True) comment('/etc/rc.local', '^exit 0', use_sudo=True) sudo('mkdir -p /hadoop') sudo('chown hadoop:hadoop /hadoop') # SSH keys if not os.path.isfile(install_file('hadoop_id_rsa')): local(cmd("ssh-keygen -t rsa -b 4096 -N '' -C 'cluster root key' -f %s", install_file('hadoop_id_rsa'))) sudo('mkdir -p -m 0700 /home/hadoop/.ssh') upload_template('files/ssh-config', '.ssh/config', context={'host_list': ' '.join(HOSTS)}, mode=0600) if not exists('/home/hadoop/.ssh/id_rsa'): put(install_file('hadoop_id_rsa.pub'), '/home/hadoop/.ssh/id_rsa.pub', mode=0644, use_sudo=True) put(install_file('hadoop_id_rsa.pub'), '/home/hadoop/.ssh/authorized_keys', mode=0644, use_sudo=True) put(install_file('hadoop_id_rsa'), '/home/hadoop/.ssh/id_rsa', mode=0600, use_sudo=True) sudo('chown -R hadoop:hadoop /home/hadoop/.ssh') # /etc/hosts dynamic reconfig (needed by zookeeper) if not exists('/etc/hosts.template'): sudo('(grep -v 127.0.1.1 /etc/hosts | grep -v "# auto"; echo "HOST # auto") > /etc/hosts.template') put('files/update-hosts.sh', '/etc/network/if-up.d/update-hosts.sh', mode=0755, use_sudo=True) # Java if not exists('/usr/bin/java'): sudo('apt-get -y install openjdk-8-jre')
def stop_sendmail_logging(): """ Stop sendmail logging """ print '=== STOP SENDMAIL LOGGING' from fabric.contrib.files import append, comment comment('/etc/rsyslog.conf', 'mail', use_sudo=True) append('/etc/rsyslog.conf', 'mail.none', use_sudo=True) sudo('/etc/init.d/rsyslog restart')
def setup_hostname(): """ Reference: http://library.linode.com/getting-started#sph_set-the-hostname """ logger = logging.getLogger("%s.setup_hostname" % (APP_NAME, )) logger.debug("entry.") sudo("echo %s > /etc/hostname" % (REMOTE_HOSTNAME, )) sudo("hostname -F /etc/hostname") if exists("/etc/default/dhcpcd", use_sudo=True): comment("/etc/default/dhcpcd", "SET_HOSTNAME.*=.*yes", use_sudo=True)
def disable_ssh_passwords(): sshd_config = '/etc/ssh/sshd_config' comment(sshd_config, '^ *PasswordAuthentication', use_sudo=True) append(sshd_config, 'PasswordAuthentication no', use_sudo=True) print("========================================") print("Password authentication disabled for SSH.") print("Restart the SSH daemon by logging into the console and running:") print("sudo service ssh restart") print("Alternatively, reboot the server if console access isn't readily available.") print("========================================")
def ftp(): """ Установка vsftpd """ run('apt-get -y install vsftpd') upload_template('conf/vsftpd.conf', '/etc/vsftpd.conf', backup=False) comment('/etc/pam.d/vsftpd', 'auth required pam_shells.so', backup=False) run('service vsftpd restart')
def debug_uwsgi(): """ Task for un-daemonizing uwsgi, for debugging purposes """ with virtualenv(): with settings(warn_only=True): local('killall uwsgi') comment('%s/extras/uwsgi/phaidra.ini' % env.directory, r'^daemonize' ) restart_uwsgi()
def init_postfix(): """Install postfix, make it forward to Mark Lurie""" install_packages("postfix") enable_service("postfix") append("/etc/postfix/virtual", "@wonderhop.com [email protected]", use_sudo=True) sudo("postmap /etc/postfix/virtual") comment("/etc/postfix/main.cf", "^mydestination") append("/etc/postfix/main.cf", "virtual_alias_maps = hash:/etc/postfix/virtual", use_sudo=True) append("/etc/postfix/main.cf", "mydestination = wonderhop.com, localhost") service("postfix", "reload")
def default(): ''' example host ''' env.name = 'prod' env.user = '******' env.hosts = ['myhost'] sudo_nopasswd('joe') comment('/etc/ssh/sshd_config', '^PasswordAuthentication', use_sudo=True) sudo('service ssh reload')
def add_spark_slave(self, master, slave, configure): """ add spark slave :return: """ # go to master server, add config self.reset_server_env(master, configure) with cd(bigdata_conf.spark_home): if not exists('conf/spark-env.sh'): sudo('cp conf/spark-env.sh.template conf/spark-env.sh') spark_env = bigdata_conf.spark_env.format( spark_home=bigdata_conf.spark_home, hadoop_home=bigdata_conf.hadoop_home, host=env.host_string, SPARK_WORKER_MEMORY=configure[master].get( 'SPARK_WORKER_MEMORY', '512M' ) ) put(StringIO(spark_env), 'conf/spark-env.sh', use_sudo=True) if not exists('conf/slaves'): sudo('cp conf/slaves.template conf/slaves') # comment slaves localhost comment('{0}/conf/slaves'.format(bigdata_conf.spark_home), 'localhost', use_sudo=True) # add slave into config append('{0}/conf/slaves'.format(bigdata_conf.spark_home), '\n{0}'.format(configure[slave]['host']), use_sudo=True) run('scp -r {0} {1}@{2}:/opt'.format( bigdata_conf.spark_home, configure[slave]['user'], configure[slave]['host'] )) # go to slave server self.reset_server_env(slave, configure) append(bigdata_conf.global_env_home, 'export SPARK_LOCAL_IP={0}'.format( configure[slave]['host'] ), use_sudo=True) run('source {0}'.format(bigdata_conf.global_env_home)) # go to master server, restart server self.reset_server_env(master, configure) with cd(bigdata_conf.spark_home): run('./sbin/stop-master.sh') run('./sbin/stop-slaves.sh') run('./sbin/start-master.sh') run('./sbin/start-slaves.sh')
def configure_postgresql(): pg_hba = '/etc/postgresql/8.4/main/pg_hba.conf' params = {'db_name': getattr(env, 'db_name', env.project_name), 'db_user': getattr(env, 'db_user', env.project_name)} append(pg_hba, 'local {db_name} {db_user} password'.format(**params), use_sudo=True) comment(pg_hba, 'local all all ident', use_sudo=True) sudo('service postgresql restart')
def setup_etckeeper(): """Setup etckeeper tool with git backend""" if not utils.is_installed('etckeeper'): utils.apt_get_update() sudo('apt-get install git etckeeper -y') comment('/etc/etckeeper/etckeeper.conf', 'VCS="bzr"', use_sudo=True) uncomment('/etc/etckeeper/etckeeper.conf', 'VCS="git"', use_sudo=True) sudo('etckeeper init') sudo('etckeeper commit -m "Initial commit."') else: print("skip, etckeeper is already installed!")
def setPulsarConfig(): with cd("/home/%s/%s/" % (user, pulsar_project)): run("cp server.ini.sample server.ini") sed( "/home/koala/pulsar/server.ini", before="8913", # before='8000', after="%s" % port_http, use_sudo=True, ) comment("/home/koala/pulsar/server.ini", regex="host = localhost", use_sudo=True)
def _update_settings(source_folder, site_name): settings_path = source_folder + '/django/sailtrail/settings/' secret_key_file = settings_path + 'secret_key.py' if not exists(secret_key_file): chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)' key = ''.join(random.SystemRandom().choice(chars) for _ in range(50)) append(secret_key_file, "SECRET_KEY = '%s'" % (key, )) settings_file = settings_path + '__init__.py' comment(settings_file, r'from') append(settings_file, '\nfrom .common import *') append(settings_file, '\nfrom .secret_key import SECRET_KEY')
def _setup_wins(): wins_packages = [ 'samba', 'smbclient', 'winbind', ] _install_packages(wins_packages) sudo('sed -i s/\'hosts:.*/hosts: files dns wins/\' /etc/nsswitch.conf') resolved_config = '/etc/systemd/resolved.conf' comment(resolved_config, '^ *Domains', use_sudo=True) append(resolved_config, 'Domains=localdomain', use_sudo=True) sudo('service systemd-resolved restart')
def configure_postgresql(): pg_hba = '/etc/postgresql/8.4/main/pg_hba.conf' params = { 'db_name': getattr(env, 'db_name', env.project_name), 'db_user': getattr(env, 'db_user', env.project_name) } append(pg_hba, 'local {db_name} {db_user} password'.format(**params), use_sudo=True) comment(pg_hba, 'local all all ident', use_sudo=True) sudo('service postgresql restart')
def nginx_relog(reload=True): ts = datetime.datetime.now().strftime('%Y%m%d_%H%M%S') sudo('cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.{ts}'.format(ts=ts)) comment('/etc/nginx/nginx.conf', '^\s*[^#]\s*access_log /var/log/nginx/access.log', use_sudo=True) # comment('/etc/nginx/nginx.conf','\s*[^#]\s*error_log /var/log/nginx/error.log',use_sudo=True) put('conf/nginx.logs.conf', '/etc/nginx/conf.d/nginx.logs.conf', use_sudo=True) if reload: sudo('nginx -t') sudo('service nginx start') sudo('service nginx reload')
def ntp_configuration(): sudo('/etc/init.d/ntp stop') files.comment('/etc/ntp.conf', r'^server [0123]\.ubuntu\.pool\.ntp\.org$', use_sudo=True) files.comment('/etc/ntp.conf', r'^server ntp\.ubuntu\.com$', use_sudo=True) files.append('/etc/ntp.conf', ['', '# KAT NTP servers', 'server ff-ntp.karoo.kat.ac.za prefer minpoll 4 maxpoll 6', 'server katfs.kat.ac.za minpoll 4 maxpoll 6'], use_sudo=True) sudo('/etc/init.d/ntp start')
def base(): "Installs & configures Git / EtcKeeper / DenyHosts" with settings(hide('stdout')): # Require require.deb.packages([ 'etckeeper', 'git', 'denyhosts', ]) # git sudo('git config --global user.name "DevOp"') sudo('git config --global user.email admin@{}'.format(env.host)) # etckeeper conf_file = '/etc/etckeeper/etckeeper.conf' comment(conf_file, 'VCS="bzr"', use_sudo=True, backup='') uncomment(conf_file, 'VCS="git"', use_sudo=True, backup='') sudo('etckeeper init') sudo('etckeeper commit "Initial commit."') # denyhosts conf_file = '/etc/denyhosts.conf' comment(conf_file, 'BLOCK_SERVICE\s*=\s*sshd', use_sudo=True, backup='') uncomment(conf_file, 'BLOCK_SERVICE\s*=\s*ALL', use_sudo=True, backup='') sed(conf_file, 'DENY_THRESHOLD_INVALID\s*=\s*5', 'DENY_THRESHOLD_INVALID = 3', use_sudo=True, backup='') sed(conf_file, 'DENY_THRESHOLD_VALID\s*=\s*10', 'DENY_THRESHOLD_VALID = 3', use_sudo=True, backup='') sed(conf_file, 'DENY_THRESHOLD_ROOT\s*=\s*1', 'DENY_THRESHOLD_ROOT = 3', use_sudo=True, backup='') sudo('etckeeper commit "Auto-config DenyHosts.conf."')
def switchRS(self, enabled=None, disabled=None): env.use_ssh_config = True try: with settings(hide('warnings', 'running', 'stdout', 'stderr'), warn_only=True, host_string=self.ip): if disabled: if not DRY: files.comment('/etc/mongod.conf', '.*replSetName\:.*', use_sudo=True, backup='.bak') files.comment('/etc/mongod.conf', '.*security\:.*', use_sudo=True, backup='') files.comment('/etc/mongod.conf', '.*authorization\:.*', use_sudo=True, backup='') files.comment('/etc/mongod.conf', '.*keyFile\:.*', use_sudo=True, backup='') print 'Disabled replicaset in config on %s' % self.name elif enabled: if not DRY: sudo('mv /etc/mongod.conf.bak /etc/mongod.conf') print 'Enabled replicaset in config on %s' % self.name except Exception as e: raise
def setup_hostname(): """ Reference: http://library.linode.com/getting-started#sph_set-the-hostname """ logger = logging.getLogger("%s.setup_hostname" % (APP_NAME, )) logger.debug("entry.") sudo("echo %s > /etc/hostname" % (REMOTE_HOSTNAME, )) sudo("hostname -F /etc/hostname") if exists("/etc/default/dhcpcd", use_sudo = True): comment("/etc/default/dhcpcd", "SET_HOSTNAME.*=.*yes", use_sudo = True) sudo("echo %s %s >> /etc/hosts" % (REMOTE_IP_ADDRESS, REMOTE_HOSTNAME))
def update_locale(): """ Setup en_US.UTF-8 system locale """ check_sudo() check_os() comment('/etc/locale.gen', r'^[^#]', use_sudo=True) uncomment('/etc/locale.gen', r'en_US\.UTF\-8', use_sudo=True, backup='') sudo('locale-gen') sudo('echo \'LANGUAGE="en_US.UTF-8"\' > /etc/default/locale' ) # will be locale warning. it's ok sudo('echo \'LANG="en_US.UTF-8"\' >> /etc/default/locale') sudo('echo \'LC_ALL="en_US.UTF-8"\' >> /etc/default/locale') disconnect_all()
def redis_configure(self, bind=None, loglevel=None): if bind is None: bind = self.redis_bind if loglevel is None: loglevel = self.redis_loglevel if bind == '': # all interfaces files.comment(self.redis_conf, self.redis_bind_pattern, use_sudo=True) else: files.sed(self.redis_conf, self.redis_bind_pattern, bind, use_sudo=True) loglevel = 'loglevel {0}'.format(loglevel) files.sed(self.redis_conf, self.redis_loglevel_pattern, loglevel, use_sudo=True) self.redis_service('restart')
def _configure_supervisord(daemons): for daemon in daemons: config_file_path = os.path.join(PYPLN_DEPLOY_ROOT, "server_config/{}.conf".format(daemon)) sudo("ln -sf {} /etc/supervisor/conf.d/".format(config_file_path)) # Commenting out the path to the socket that supervisorctl uses should make # it fallback to it's default of connecting on localhost:9001. This should # allow non-root users to control the running processes. supervisor_conf = "/etc/supervisor/supervisord.conf" comment(supervisor_conf, "^serverurl=unix:///var/run/supervisor.sock .*", use_sudo=True, char=";") append(supervisor_conf, ["[inet_http_server]", "port=127.0.0.1:9001"], use_sudo=True) _restart_supervisord()
def jsl_acer_inspireone_fix(): """ Fix for Acer Aspire One netbook - set xorg modesetting - disable numlock in notebook """ xorgconf = '/etc/X11/xorg.conf.d/20-gpudriver.conf' if not is_dir(xorgconf): append(xorgconf, 'Section "Device"') append(xorgconf, ' Identifier "gma500_gfx"') append(xorgconf, ' Driver "modesetting"') append(xorgconf, ' Option "SWCursor" "ON"') append(xorgconf, 'EndSection') # Configure slim slim_file = '/etc/slim.conf' comment(slim_file, '^numlock.*')
def _update_settings(source_folder, site_name): settings_path = source_folder + '/webtranslate/settings.py' sed(settings_path, "DEBUG = True", "DEBUG = False") allowed_host = site_name # hack to allow www.example.com a domain to also match example.com if allowed_host.startswith('www'): allowed_host = allowed_host[ 3:] # remove the 'www' so its just '.example.com' sed(settings_path, 'ALLOWED_HOSTS =.+$', 'ALLOWED_HOSTS = ["%s"]' % (allowed_host, )) comment(settings_path, "SECRET_KEY =") _comment_databases_setting(settings_path) secrets_file = source_folder + '/webtranslate/secrets.py' if not exists(secrets_file): _create_secrets_file(secrets_file, site_name) append(settings_path, '\nfrom .secrets import SECRET_KEY') append(settings_path, '\nfrom .secrets import DATABASES')
def setup_kiosk(): """ set up kiosk parts based on https://www.danpurdy.co.uk/web-development/raspberry-pi-kiosk-screen-tutorial/ or http://www.raspberry-projects.com/pi/pi-operating-systems/raspbian/gui/auto-run-browser-on-startup """ with hide("running", "stderr"): #@xscreensaver -no-splash comment("/etc/xdg/lxsession/LXDE-pi/autostart", "@xscreensaver -no-splash", use_sudo=True) append("/etc/xdg/lxsession/LXDE-pi/autostart", "@xset s off", use_sudo=True, escape=True) append("/etc/xdg/lxsession/LXDE-pi/autostart", "@xset -dpms", use_sudo=True, escape=True) append("/etc/xdg/lxsession/LXDE-pi/autostart", "@xset s noblank", use_sudo=True, escape=True) append( "/etc/xdg/lxsession/LXDE-pi/autostart", """@sed -i 's/"exited_cleanly": false/"exited_cleanly": true/' ~/.config/chromium/Default/Preferences""", use_sudo=True, escape=True) #auto start if not contains( "/etc/xdg/lxsession/LXDE-pi/autostart", "@chromium --noerrdialogs --kiosk http://www.page-to.display --incognito", use_sudo=True, escape=True): append( "/etc/xdg/lxsession/LXDE-pi/autostart", "@chromium --noerrdialogs --kiosk http://dashingdemo.herokuapp.com/sample --incognito", use_sudo=True, escape=True)
def _update_settings(source_folder, site_name): settings_path = source_folder + '/webtranslate/settings.py' sed(settings_path, "DEBUG = True", "DEBUG = False") allowed_host = site_name # hack to allow www.example.com a domain to also match example.com if allowed_host.startswith('www'): allowed_host = allowed_host[3:] # remove the 'www' so its just '.example.com' sed(settings_path, 'ALLOWED_HOSTS =.+$', 'ALLOWED_HOSTS = ["%s"]' % (allowed_host,) ) comment(settings_path, "SECRET_KEY =") _comment_databases_setting(settings_path) secrets_file = source_folder + '/webtranslate/secrets.py' if not exists(secrets_file): _create_secrets_file(secrets_file, site_name) append(settings_path, '\nfrom .secrets import SECRET_KEY') append(settings_path, '\nfrom .secrets import DATABASES')
def install_ntp(): """ Install ntp daemon """ check_sudo() check_os() if not confirm('Do you want install NTP client?'): return print_green('INFO: Install ntp...') apt_install('ntp ntpdate', noconfirm=True) print_red( "Go to http://www.pool.ntp.org/ and select servers in your server's country.\n" "For example (Ukraine):\n" " 0.ua.pool.ntp.org\n" " 1.ua.pool.ntp.org\n" " 2.ua.pool.ntp.org\n" " 3.ua.pool.ntp.org") def read_ntp_servers(): ntp_server_list = [] while True: t = prompt('Set NTP-server host. (Set empty string to continue)', default='').strip() if not t: break ntp_server_list.append(t) return ntp_server_list while True: ntp_servers = read_ntp_servers() print_yellow('You wrote following NTP-server list:\n {}'.format( '\n '.join(ntp_servers or ('-empty-', )))) if confirm('Are you confirm this NTP-server list?'): break if ntp_servers: ntp_conf_fn = '/etc/ntp.conf' comment(ntp_conf_fn, r'^server\s', use_sudo=True) for ntp_server in ntp_servers: append(ntp_conf_fn, 'server {} iburst'.format(ntp_server), use_sudo=True) print_green('INFO: Install ntp... OK')
def initialize_postgres(): """Initialize the main database.""" version = sudo("psql --version | grep -ro '[8-9].[0-9]'") conf_dir_prefix = "/etc/postgresql/%s/" % version # temporarily allow root access from localhost sudo( 'mv /etc/postgresql/%s/main/pg_hba.conf /etc/postgresql/%s/main/pg_hba.conf.bak' % (version, version)) sudo( 'echo "local all postgres ident" > /etc/postgresql/%s/main/pg_hba.conf' % version) sudo( 'cat /etc/postgresql/%s/main/pg_hba.conf.bak >> /etc/postgresql/%s/main/pg_hba.conf' % (version, version)) sudo('service postgresql-%s restart || /etc/init.d/postgresql restart ' % version) # set password password = prompt('Enter a new database password for user `postgres`:') sudo( 'psql template1 -c "ALTER USER postgres with encrypted password \'%s\';"' % password, user='******') # configure daily dumps of all databases with mode_sudo(): dir_ensure('/var/backups/postgresql', recursive=True) sudo("echo 'localhost:*:*:postgres:%s' > /root/.pgpass" % password) sudo('chmod 600 /root/.pgpass') sudo( "echo '0 7 * * * pg_dumpall --username postgres --file /var/backups/postgresql/postgresql_$(date +%%Y-%%m-%%d).dump' > /etc/cron.d/pg_dump" ) # remove temporary root access comment('/etc/postgresql/%s/main/pg_hba.conf' % version, 'local all postgres ident', use_sudo=True) sudo('service postgresql%s restart || /etc/init.d/postgresql restart' % version)
def prepare_boot(): """ Install boot """ # Prepare mkinitcpio config_file = '/mnt/etc/mkinitcpio.conf' comment(config_file, '^HOOKS') with watch(config_file): append(config_file, 'HOOKS="base udev autodetect modconf block keyboard lvm2 encrypt filesystems fsck"') run_on_archroot('mkinitcpio -p linux') # Prepare syslinux config_file = '/mnt/boot/syslinux/syslinux.cfg' with watch(config_file): sed(config_file, 'root=/dev/sda3', 'root=/dev/vg/root') run_on_archroot('syslinux-install_update -iam') # Configure home encrypted mount config_file = '/mnt/etc/crypttab' with watch(config_file): append(config_file, 'home /dev/vg/home', 'root=/dev/vg/root')
def oldVolumeDetach(self): env.use_ssh_config = True try: with settings(warn_only=True, host_string=self.ip): if not DRY and self.old_volume_id: sudo('umount {0}'.format(MOUNT_POINT)) ## comment out old record in fstab uuid = sudo( 'lsblk -l -o NAME,UUID,MOUNTPOINT |grep "{0}" | cut -f2 -d" "' .format(MOUNT_POINT)) if len(uuid) == 36: files.comment('/etc/fstab', 'UUID={0}.*'.format(uuid), use_sudo=True, char='# ') sudo('vgchange -an {0}'.format(VOLUME_DEFAULTS['vg_name'])) volume = self.conn.get_all_volumes( volume_ids=(self.old_volume_id))[0] volume.detach() if DELETEOLD: n = 0 while n < SLEEP: try: volume.delete() break except boto.exception.EC2ResponseError: n += 10 time.sleep(10) continue return volume.add_tags({ 'instance': self.name, 'date': time.strftime('%Y-%m-%d-%H:%M') }) except Exception as e: raise
def memcached_configure(self, **kwargs): for key, (opt, pat) in self.memcached_conf_patterns.iteritems(): if key in kwargs: val = kwargs[key] else: val = getattr(self, 'memcached_{0}'.format(key), None) if val is None: continue full_pat = '^#?\s*{0}\s+{1}'.format(opt, pat) full_val = '{0} {1}'.format(opt, val) # we don't know if the config file contains the line or not, so # comment it out if it does and then add a new line with the date files.comment(self.memcached_conf, full_pat, use_sudo=True) if val != '': date = datetime.datetime.now().strftime('%Y-%m-%d') message = '\n# {0}; added by fabulaws {1}\n{2}'\ ''.format(key, date, full_val) files.append(self.memcached_conf, message, use_sudo=True) if self.memcached_ulimit is not None: ulimit = 'ulimit -n {0}'.format(self.memcached_ulimit) files.append(self.memcached_init_default, ulimit, use_sudo=True) self.memcached_service('restart')
def fab_criar_crons(self): ''' Insere tarefa definida em ../cron/cronconf no crontab do servidor ''' crontab_location = '/etc/crontab' with cd(env.code_root): if os.path.exists('cron'): from cron.cronconf import CRONS import re sudo('chmod 646 ' + crontab_location) for cron in CRONS: if cron['comando_de_projeto'] and not cron[ 'django_management']: linha_cron = cron['tempo'] + ' ' + cron[ 'usuario'] + ' ' + env.code_root + '/' + cron[ 'comando'] else: if cron['comando_de_projeto'] and cron[ 'django_management']: linha_cron = cron['tempo'] + ' ' + cron[ 'usuario'] + ' /usr/bin/python ' + env.code_root + '/' + cron[ 'comando'] + ' --settings=med_alliance.settings.' + env.ambiente else: linha_cron = cron['tempo'] + ' ' + cron[ 'usuario'] + ' ' + cron['comando'] if cron['ligado']: if not contains(crontab_location, re.escape(linha_cron)): append(crontab_location, linha_cron, use_sudo=False) else: uncomment(crontab_location, re.escape(linha_cron)) else: if contains(crontab_location, re.escape(linha_cron)): comment(crontab_location, re.escape(linha_cron)) sudo('chmod 644 ' + crontab_location)
def install_vpn(): sudo('apt-get -qy install pptpd') files.append('/etc/pptpd.conf', 'localip 192.168.240.1', use_sudo=True) files.append('/etc/pptpd.conf', 'remoteip 192.168.240.2-102', use_sudo=True) files.append('/etc/ppp/pptpd-options', 'ms-dns 8.8.8.8', use_sudo=True) files.append('/etc/ppp/pptpd-options', 'ms-dns 8.8.4.4', use_sudo=True) files.append('/etc/ppp/chap-secrets', '%(username)s pptpd %(password)s *' % ({ 'username': VPN_USER, 'password': VPN_PASS, }), use_sudo=True) sudo('/etc/init.d/pptpd restart') files.uncomment('/etc/sysctl.conf', 'net\.ipv4\.ip_forward=1', use_sudo=True) sudo('sysctl -p') sudo('iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE') if not files.contains( '/etc/rc.local', 'iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE', use_sudo=True): files.comment('/etc/rc.local', 'exit 0', use_sudo=True) files.append('/etc/rc.local', 'iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE', use_sudo=True) files.append('/etc/rc.local', 'exit 0', use_sudo=True)
def setup_db(): require.deb.uptodate_index() require.deb.package("software-properties-common") sudo( "apt-key adv --recv-keys" " --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db") sudo( "sudo add-apt-repository" " 'deb http://mariadb.bytenet.in//repo/10.0/ubuntu trusty main'") require.deb.uptodate_index() require.deb.package("mariadb-server") run("mysql_secure_installation") put(env.mariadb_cnf_file, env.mariadb_cnf_path, use_sudo=True) sudo("service mysql restart") password = raw_input("Please Enter password: "******"CREATE DATABASE %s;" % env.project sql = 'CREATE USER "' + env.deploy_user + '"@"%" ' \ + ' IDENTIFIED BY "' + password + '";' \ + ' GRANT ALL PRIVILEGES ON *.* TO "' + env.deploy_user + '"@"%";' \ + ' FLUSH PRIVILEGES;' run(mysql_cmd % create_sql) run(mysql_cmd % sql) files.comment(env.mariadb_cnf_path, "skip-grant-tables", use_sudo=True) sudo("service mysql restart")
def configure_smtp(): main_cf = '/etc/postfix/main.cf' comment(main_cf, "^inet_interfaces = all$", use_sudo=True) append(main_cf, "inet_interfaces = loopback-only", use_sudo=True)
def pogs_install(with_db): """ Perform the tasks to install the whole BOINC server on a single machine """ # Get the packages sudo('yum --assumeyes --quiet install {0}'.format(YUM_BOINC_PACKAGES)) # Setup Users for user in env.list_of_users: sudo('useradd {0}'.format(user)) sudo('mkdir /home/{0}/.ssh'.format(user)) sudo('chmod 700 /home/{0}/.ssh'.format(user)) sudo('chown {0}:{0} /home/{0}/.ssh'.format(user)) sudo('mv /home/ec2-user/{0}.pub /home/{0}/.ssh/authorized_keys'.format( user)) sudo('chmod 700 /home/{0}/.ssh/authorized_keys'.format(user)) sudo('chown {0}:{0} /home/{0}/.ssh/authorized_keys'.format(user)) # Add them to the sudoers sudo( '''su -l root -c 'echo "{0} ALL = NOPASSWD: ALL" >> /etc/sudoers' ''' .format(user)) nfs_mkdir('archive') nfs_mkdir('boinc-magphys') nfs_mkdir('galaxies') nfs_mkdir('projects') nfs_mkdir('logs_ami') run('mkdir -p /home/ec2-user/archive/to_store') # Clone our code if env.branch == '': run('git clone git://github.com/ICRAR/boinc-magphys.git') else: run('git clone -b {0} git://github.com/ICRAR/boinc-magphys.git'.format( env.branch)) # Create the .boto file run('''echo "[Credentials] aws_access_key_id = {0} aws_secret_access_key = {1}" >> /home/ec2-user/.boto'''.format( env.aws_access_key_id, env.aws_secret_access_key)) # Setup the S3 environment if to_boolean(env.create_s3): with cd('/home/ec2-user/boinc-magphys/machine-setup/boinc-pogs'): run('fab --set project_name={0} create_s3'.format( env.project_name)) if with_db: # Activate the DB sudo('mysql_install_db') sudo('chown -R mysql:mysql /var/lib/mysql/*') sudo('chkconfig mysqld --add') sudo('chkconfig mysqld on') sudo('service mysqld start') # Wait for it to start up time.sleep(5) # Setup the database for recording WU's run('mysql --user=root < /home/ec2-user/boinc-magphys/server/src/database/create_database.sql' ) # Make the BOINC project with cd('/home/ec2-user/boinc/tools'): run('./make_project -v --no_query --url_base http://{0} --db_user root {1}' .format(env.hosts[0], env.project_name)) run('''echo '# DB Settings databaseUserid = "root" databasePassword = "" databaseHostname = "localhost" databaseName = "magphys" boincDatabaseName = "{0}"' > /home/ec2-user/boinc-magphys/server/src/config/pogs.settings''' .format(env.project_name)) else: # Setup the database for recording WU's run('mysql --user={0} --host={1} --password={2} < /home/ec2-user/boinc-magphys/server/src/database/create_database.sql' .format(env.db_username, env.db_host_name, env.db_password)) # Make the BOINC project with cd('/home/ec2-user/boinc/tools'): run('./make_project -v --no_query --drop_db_first --url_base http://{0} --db_user {1} --db_host={2} --db_passwd={3} {4}' .format(env.hosts[0], env.db_username, env.db_host_name, env.db_password, env.project_name)) run('''echo '# DB Settings databaseUserid = "{0}" databasePassword = "******" databaseHostname = "{2}" databaseName = "magphys" boincDatabaseName = "{3}"' > /home/ec2-user/boinc-magphys/server/src/config/pogs.settings''' .format(env.db_username, env.db_password, env.db_host_name, env.project_name)) run('''echo '# Work Generation settings min_pixels_per_file = "15" row_height = "7" threshold = "1000" high_water_mark = "400" report_deadline = "7" # Archive settings delete_delay = "5" boinc_statistics_delay = "2" # AWS settings ami_id = "XXX" instance_type = "m1.small" key_name = "XXX" security_groups = "XXX","YYY" subnet_ids = "XXX","YYY" # POGS Settings tmp = "/tmp" boinc_project_root = "/home/ec2-user/projects/{0}" project_name = "{0}"' >> /home/ec2-user/boinc-magphys/server/src/config/pogs.settings''' .format(env.project_name)) # Copy the config files run('cp /home/ec2-user/boinc-magphys/server/config/boinc_files/db_dump_spec.xml /home/ec2-user/projects/{0}/db_dump_spec.xml' .format(env.project_name)) run('cp /home/ec2-user/boinc-magphys/server/config/boinc_files/html/user/* /home/ec2-user/projects/{0}/html/user/' .format(env.project_name)) run('cp /home/ec2-user/boinc-magphys/server/config/boinc_files/hr_info.txt /home/ec2-user/projects/{0}/hr_info.txt' .format(env.project_name)) run('cp /home/ec2-user/boinc-magphys/server/config/boinc_files/project_files.xml /home/ec2-user/projects/{0}/project_files.xml' .format(env.project_name)) run('mkdir -p /home/ec2-user/projects/{0}/html/stats_archive'.format( env.project_name)) run('mkdir -p /home/ec2-user/projects/{0}/html/stats_tmp'.format( env.project_name)) comment('/home/ec2-user/projects/{0}/html/ops/create_forums.php'.format( env.project_name), '^die', char='// ') run('mkdir -p /home/ec2-user/projects/{0}/html/user/logos'.format( env.project_name)) run('cp /home/ec2-user/boinc-magphys/server/logos/* /home/ec2-user/projects/{0}/html/user/logos/' .format(env.project_name)) # Build the validator with cd('/home/ec2-user/boinc-magphys/server/src/magphys_validator'): run('make') # Setup the ops area password with cd('/home/ec2-user/projects/{0}/html/ops'.format(env.project_name)): run('htpasswd -bc .htpasswd {0} {1}'.format(env.ops_username, env.ops_password)) with cd('/home/ec2-user/boinc-magphys/machine-setup/boinc-pogs'): run('fab --set project_name={0},gmail_account={1} setup_postfix'. format(env.project_name, env.gmail_account)) run('fab --set project_name={0} edit_files'.format(env.project_name)) sudo('fab --set project_name={0} setup_website'.format( env.project_name)) # This is needed because the files that Apache serve are inside the user's home directory. run('chmod 711 /home/ec2-user') run('chmod -R oug+r /home/ec2-user/projects/{0}'.format(env.project_name)) run('chmod -R oug+x /home/ec2-user/projects/{0}/html'.format( env.project_name)) run('chmod ug+w /home/ec2-user/projects/{0}/log_*'.format( env.project_name)) run('chmod ug+wx /home/ec2-user/projects/{0}/upload'.format( env.project_name)) # Setup the forums with cd('/home/ec2-user/projects/{0}/html/ops'.format(env.project_name)): run('php create_forums.php') # Save the instance as an AMI puts("Stopping the instance") env.ec2_connection.stop_instances(env.ec2_instance.id, force=True) while not env.ec2_instance.update() == 'stopped': fastprint('.') time.sleep(5) puts( "The AMI is being created. Don't forget to terminate the instance if not needed" ) env.ec2_connection.create_image(env.ec2_instance.id, env.ami_name, description='The base MAGPHYS AMI') puts('All done')
def comment_saltmaster_topfile(): # hacky method to ensure we don't apply logging on our test-monkey salt masters comment('/srv/lbaas-staging-salt/top.sls', ' - common_logging', use_sudo=True)
def load(): files.comment('/etc/rc.local', 'exit 0') sudo('. /etc/rc.local') files.append('/etc/rc.local', 'exit 0')
def fix_sshd_config(): '''root needs an actual shell, so fix the sshd_config.''' config_file = '/etc/ssh/sshd_config' uncomment(config_file, r'^.*PermitRootLogin yes', use_sudo=True) comment(config_file, r'^PermitRootLogin forced-commands-only', use_sudo=True)