def setup_mail_notification(admin_mail, sender_domain, relay): """Setup postfix as satellite system to send root mails to the admin""" # TODO more tests, so far tested on 14.04 only if not utils.is_installed('postfix'): sudo('debconf-set-selections <<< "postfix postfix/main_mailer_type ' 'string Satellite system"') sudo('debconf-set-selections <<< "postfix postfix/relayhost ' 'string {relay}"'.format(relay=relay)) sudo('debconf-set-selections <<< "postfix postfix/mailname ' 'string {mailname}"'.format(mailname=sender_domain)) utils.apt_get_update() sudo('apt-get install postfix -y') else: sudo('echo "{mailname}" > /etc/mailname'.format(mailname=sender_domain)) sed('/etc/postfix/main.cf', '^relayhost.*', 'relayhost = {relay}'.format(relay=relay), use_sudo=True) sudo('service postfix restart') for line in open(os.path.join(LUCHIZZ_DIR, 'files/aliases')).read().split('\n'): try: if line.split()[0] == 'root:': line = line.format(admin_mail=admin_mail) sed('/etc/aliases', 'root:.*', line, use_sudo=True) if not contains('/etc/aliases', line.split()[0]): append('/etc/aliases', line, use_sudo=True) except IndexError: pass sudo('newaliases')
def deploy_production_web(): def _sudo(command, *args, **kwargs): command = 'source %svirtualenv/bin/activate && %s' % (REMOTE_PROJECT_PATH, command) sudo(command, user='******', *args, **kwargs) def manage_py(command): _sudo('python %smanage.py %s' % (REMOTE_PROJECT_PATH, command)) # stop services run('supervisorctl stop mindmaptornado') run('supervisorctl stop uwsgi') # backup _sudo('%sdeployment/db_backup.sh' % (REMOTE_PROJECT_PATH)) _sudo('cd %s; git reset --hard production && git pull' % (REMOTE_PROJECT_PATH)) # install python modules _sudo('cd %s; source virtualenv/bin/activate; pip install -r REQUIREMENTS' % (REMOTE_PROJECT_PATH)) _sudo('rm -rf %sassets/static/' % (REMOTE_PROJECT_PATH)) manage_py('collectstatic --noinput') # run missing migrations manage_py('migrate') # force DEBUG = False files.sed('%ssettings.py' % (REMOTE_PROJECT_PATH), '^DEBUG\s*=\s*True$', 'DEBUG = False') # rm pyc files manage_py('clean_pyc') # start services run('supervisorctl start mindmaptornado') run('supervisorctl start uwsgi')
def sys_ssh_set_port(port=22): """ Set ssh port - Ex: (cmd:[port])""" sshd_config = '/etc/ssh/sshd_config' files.sed(sshd_config, before='\s*#\s*Port\s*[0-9]*', after='Port {0}'.format(port), use_sudo=True) files.sed(sshd_config, before='\s*Port\s*[0-9]*', after='Port {0}'.format(port), use_sudo=True) sudo('service ssh reload') sys_etc_git_commit('Configured ssh (Port={0})'.format(port))
def setup_cifs_connector(volume_name, devid, supervisor_host): """ Deploy an sfused cifs connector and SOFS accompanying volume. :param volume_name: the name of the SOFS volume to create and expose over cifs :type volume_name: string :param devid: device id to associate with the volume :type devid: int :param supervisor_host: hostname or ip of the supervisor for registration of connector and volume :type supervisor_host: string """ setup_connector('cifs', volume_name, devid, supervisor_host) install_packages('scality-cifs') conf_path = abspath('assets/connector/etc/samba/smb.conf') put(conf_path, '/etc/samba', use_sudo=True) sed( filename='/etc/default/sernet-samba', before='SAMBA_START_MODE="none"', after='SAMBA_START_MODE="classic"', use_sudo=True, ) sudo('mkdir -p /var/run/samba') sudo('testparm -s') # The sernet-samba-smbd init script is flaky: if the parent exits # to quickly, the smbd process does not have time to daemonize. sudo('/etc/init.d/sernet-samba-smbd start && sleep 5')
def dse_prepare(): node = get_node_info() vars = load_vars() broadcast_rpc_address_line = 'broadcast_rpc_address: %s' % node['host'] cluster_name = 'NODE' if 'cluster_name' in vars['dse']: cluster_name = vars['dse']['cluster_name'] opscenter_cluster_config_name = '/etc/opscenter/clusters/%s.conf' % cluster_name cluster_name_line = '%s CLUSTER' % cluster_name if ('solr' in vars['dse']) and vars['dse']['solr']: sed('/etc/default/dse',before='SOLR_ENABLED=0',after='SOLR_ENABLED=1',use_sudo=True, backup='') if ('spark' in vars['dse']) and vars['dse']['spark']: sed('/etc/default/dse',before='SPARK_ENABLED=0',after='SPARK_ENABLED=1',use_sudo=True, backup='') sed('/etc/dse/cassandra/cassandra.yaml',before="Test Cluster",after=cluster_name_line,use_sudo=True, backup='') sed('/etc/dse/cassandra/cassandra.yaml',before="rpc_address: localhost",after="rpc_address: 0.0.0.0",use_sudo=True, backup='') sed('/etc/dse/cassandra/cassandra.yaml',before="# broadcast_rpc_address: 1.2.3.4",after=broadcast_rpc_address_line,use_sudo=True, backup='') append('/var/lib/datastax-agent/conf/address.yaml','stomp_interface: 127.0.0.1',True) if not exists(opscenter_cluster_config_name,True): sudo('mkdir /etc/opscenter/clusters') append(opscenter_cluster_config_name,default_opscenter_cluster_config,True) time.sleep(8)
def installConfigureChrony(): msg='installing chrony on %s'% env.host sudo('yum -y install chrony') var1=run('rpm -qa |grep chrony ') printMessage("good", msg) logging.info(msg +" version "+ var1) if env.host == 'controller': sed ('/etc/chrony.conf', 'server 0.centos.pool.ntp.org iburst', 'server time1.srv.ualberta.ca iburst') sed ('/etc/chrony.conf', 'server 1.centos.pool.ntp.org iburst', 'server time2.srv.ualberta.ca iburst') sed ('/etc/chrony.conf', 'server 2.centos.pool.ntp.org iburst', 'server time3.srv.ualberta.ca iburst') sed ('/etc/chrony.conf', 'server 3.centos.pool.ntp.org iburst', '') sed("/etc/chrony.conf","#allow 192.168/16","allow 192.168/16") else: run('echo "server controller iburst" > /etc/chrony.conf') run('systemctl restart chronyd.service') result=run('systemctl status chronyd.service') if result.failed: logging.info(" starting Chrony on " +env.host) run('systemctl start chronyd.service') run('systemctl enable chronyd.service') else: logging.info(" restarting Chrony on " +env.host) run('systemctl restart chronyd.service') printMessage("good",msg) var1=run('systemctl status chronyd.service |grep Active') logging.info(env.host +" Chrony is "+ var1)
def sys_easy_sudo(remote_configuration=None): """ Allow sudo to run without password for @sudo members. """ LOGGER.info("Installing sys_easy_sudo()…") if remote_configuration.is_osx: # GNU sed is needed for fabric `sed` command to succeed. pkg.brew_add("gnu-sed") symlink("/usr/local/bin/gsed", "/usr/local/bin/sed") sudoers = "/private/etc/sudoers" group = "admin" else: # Debian / Ubuntu sudoers = "/etc/sudoers" group = "sudo" with settings(hide("warnings", "running", "stdout", "stderr"), warn_only=True): sed( sudoers, "%%%s\s+ALL\s*=\s*\(ALL(:ALL)?\)\s+ALL" % group, "%%%s ALL = (ALL:ALL) NOPASSWD: ALL" % group, use_sudo=True, backup=".bak", )
def set_deployed_version(tag): with cd(app_base): run("rm -f {0}".format(currently_deployed_dir)) run("ln -s {0}/{1} {2}".format(deployments_dir, tag, currently_deployed_dir)) # Write version file which will get loaded by the application. sed(version_file, "development", tag)
def setup(): "Set up and bootstrap a new web server." # Install needed packages run('aptitude -y install git-core python-dev postgresql-dev postgresql-client build-essential libpq-dev apache2 libapache2-mod-wsgi') # Make the code directories, and go get the code run('mkdir -p %s' % os.path.join(env.web_root, "static")) with cd(env.web_root): run('git clone git://github.com/jacobian/django-deployment-workshop.git') # Bootstrap and buildout with cd(env.buildout_root): run('python bootstrap.py') run('./bin/buildout') # In the real world, the settings file would already contain the correct # DATABASE_HOST. Since this is a demo, we'll do something somewhat # hackish -- but cool -- and swap in the correct DATABASE_HOST at # bootstrap time. dbip = prompt("What's the private IP for DB1?") files.sed(os.path.join(env.buildout_root, "fski", "settings.py"), before = r"^DATABASE_HOST.*$", after = r'DATABASE_HOST = "%s"' % dbip.strip()) # Install the Apache conf with cd("/etc/apache2"): run('rm -rf apache2.conf conf.d/ httpd.conf magic mods-* sites-* ports.conf ') run('ln -s /home/web/django-deployment-workshop/apache/apache2.conf .') # Make the Python eggs directory. run('mkdir -m777 -p /var/www/.python-eggs') # Done - where! Now restart Apache. run('invoke-rc.d apache2 restart')
def config_exim(): """Set exim configuration type if defined by the user.""" if hasattr(conf, "EXIM_CONFIG_TYPE"): files.sed('/etc/exim4/update-exim4.conf.conf', 'local', conf.EXIM_CONFIG_TYPE or "local", limit="dc_eximconfig_configtype=", use_sudo=True) sudo("/etc/init.d/exim4 restart")
def config_apticron(): """ Adds sysadmin emails to the apticron config. """ emails = ' '.join(v['email'] for k,v in conf.SYSADMINS.items()) files.sed('/etc/apticron/apticron.conf', '"root"', '"%s"' % emails, limit="EMAIL=", use_sudo=True)
def harden_sshd(): """Security harden sshd. """ # Disable password authentication sed("/etc/ssh/sshd_config", "#PasswordAuthentication yes", "PasswordAuthentication no", use_sudo=True) # Deny root login sed("/etc/ssh/sshd_config", "PermitRootLogin yes", "PermitRootLogin no", use_sudo=True)
def config_sshd(): """Disables password-based and root logins. Make sure that you have some users created with ssh keys before running this.""" sshd_config = '/etc/ssh/sshd_config' files.sed(sshd_config, 'yes', 'no', limit='PermitRootLogin', use_sudo=True) files.sed(sshd_config, '#PasswordAuthentication yes', 'PasswordAuthentication no', use_sudo=True) sudo('/etc/init.d/ssh restart')
def _deployWhyQAScripts(w): workers = eval(env["workers"]["workers"]) worker = workers[w] deploypath = env["deploy"]["deploy.path"] + "/" run("mkdir -p {0}/{1}".format(deploypath, env["whyqapassage"]["whyqapassage.rootpath"])) with cd(deploypath): run("{0}".format(env["whyqapassage"]["whyqapassage.deploycmd"])) run( "sed -e 's#\\(INDEX=\\)\\(.*\\)#\\1{0}#g' ./{1} > ./{1}.work".format( env["whyqapassage"]["whyqapassage.index"], env["whyqapassage"]["whyqapassage.startsh"] ) ) run("cp ./{0}.work ./{0} && chmod u+x,g+x ./{0}".format(env["whyqapassage"]["whyqapassage.startsh"])) run("{0}".format(env["whyqapassage"]["rasc.deploycmd"])) if env["whyqapassage"].has_key("tinysvm.deploycmd") == True: run("{0}".format(env["whyqapassage"]["tinysvm.deploycmd"])) sedfiles = eval(env["whyqapassage"]["rasc.sedfiles"]) for s in sedfiles: print s["file"] for reg in s["regex"]: print reg["before"] print reg["after"] sed(s["file"], reg["before"], reg["after"]) # sed(env['whyqapassage']['whyqapassage.sed.file'], # before=env['whyqapassage']['whyqapassage.sed.before'], after=env['whyqapassage']['whyqapassage.sed.after'] , backup='') # run('cp {0} {1}'.format(env['whyqapassage']['rasc.servcexml.src'],env['whyqapassage']['rasc.servcexml.dst'])) run("chmod u+x,g+x {0}".format(env["whyqapassage"]["rasc.startsh"])) run("chmod u+x,g+x {0}".format(env["whyqapassage"]["rasc.stopsh"])) run("chmod u+x,g+x {0}".format(env["whyqapassage"]["whyqapassage.stopsh"]))
def initialise_qgis_plugin_repo(): """Initialise a QGIS plugin repo where we host test builds.""" _all() fabtools.require.deb.package('libapache2-mod-wsgi') code_path = os.path.join(env.repo_path, env.repo_alias) local_path = '%s/scripts/test-build-repo' % code_path if not exists(env.plugin_repo_path): sudo('mkdir -p %s' % env.plugin_repo_path) sudo('chown %s.%s %s' % (env.user, env.user, env.plugin_repo_path)) run('cp %s/plugin* %s' % (local_path, env.plugin_repo_path)) run('cp %s/icon* %s' % (code_path, env.plugin_repo_path)) run('cp %(local_path)s/inasafe-test.conf.templ ' '%(local_path)s/inasafe-test.conf' % {'local_path': local_path}) sed('%s/inasafe-test.conf' % local_path, 'inasafe-test.linfiniti.com', env.repo_site_name) with cd('/etc/apache2/sites-available/'): if exists('inasafe-test.conf'): sudo('a2dissite inasafe-test.conf') fastprint('Removing old apache2 conf', False) sudo('rm inasafe-test.conf') sudo('ln -s %s/inasafe-test.conf .' % local_path) # Add a hosts entry for local testing - only really useful for localhost hosts = '/etc/hosts' if not contains(hosts, 'inasafe-test'): append(hosts, '127.0.0.1 %s' % env.repo_site_name, use_sudo=True) sudo('a2ensite inasafe-test.conf') sudo('service apache2 reload')
def rewrite_base_enable(path, base=None): """Change the RewriteBase variable on a Drupal site Args: parent: Path to the website base base: RewriteBase string to add to the .htaccess file (default: None) Usage: $ fab -H localhost rewrite_base_enable:'/path/to/web/dir/site-name','site-name' Will modify the .htaccess file at /path/to/web/dir/site-name/.htaccess adding this RewriteBase directive: RewriteBase /site-name $ fab -H localhost rewrite_base_enable:'/path/to/web/dir' Will modify the .htaccess file at /path/to/web/dir/.htaccess adding this RewriteBase directive: RewriteBase / """ htaccess = path + '/.htaccess' if htaccess_exists(path): if not rewrite_base_enabled(path): # sed the RewriteBase rule sed(htaccess, "^.*# RewriteBase /$", " RewriteBase " + base)
def install_jenkins(*args, **kwargs): home = run('echo $HOME') version = kwargs.get('version', 'latest') init = os.path.join(home,'init') jenkins_base_dir = os.path.join(home, 'jenkins') jenkins_init = os.path.join(init, 'jenkins') port = kwargs.get('port') if not exists(jenkins_base_dir): run('mkdir ' + jenkins_base_dir) if not exists(os.path.join(jenkins_base_dir, 'jenkins.war')): with hide('output'): run('wget http://mirrors.jenkins-ci.org/war/%s/jenkins.war -O ~/jenkins/jenkins.war' % version) if not exists(os.path.join(jenkins_base_dir, 'org.jenkinsci.main.modules.sshd.SSHD.xml')): with hide('output'): run('wget https://templates.wservices.ch/jenkins/org.jenkinsci.main.modules.sshd.SSHD.xml -O ~/jenkins/org.jenkinsci.main.modules.sshd.SSHD.xml') if not exists(init): run('mkdir ~/init') if not exists(jenkins_init): with hide('output'): run('wget https://templates.wservices.ch/jenkins/jenkins.init -O ~/init/jenkins') run('chmod 750 ~/init/jenkins') sed(jenkins_init, 'PORT=HTTP_PORT', 'PORT=%s' % port) run('~/init/jenkins start') else: run('~/init/jenkins restart')
def sys_ssh_enable_root_login(): """ Enable root login - Ex: (cmd)""" sshd_config = '/etc/ssh/sshd_config' files.sed(sshd_config, before='\s*#\s*\PermitRootLogin\s*(yes|no)', after='PermitRootLogin yes',use_sudo=True) files.sed(sshd_config, before='\s*PermitRootLogin\s*no', after='PermitRootLogin yes',use_sudo=True) sudo('service ssh reload') sys_etc_git_commit('Endabled root login')
def install(java_version=None): """ Install dependencies (curl and unzip) and Install GVM :: import fabtools # Install GVM fabtools.gvm.install() """ res = run('gvm help', quiet=True) if res.failed: family = distrib_family() packages = ['curl', 'unzip'] if family == 'debian': require_deb_packages(packages) elif family == 'redhat': require_rpm_packages(packages) elif family == 'sun': require_pkg_packages(packages) else: raise UnsupportedFamily(supported=['debian', 'redhat', 'sun']) if java_version is None: java() else: java(version=java_version) run('curl -s get.gvmtool.net | bash') user = run('whoami') run('source "/home/%s/.gvm/bin/gvm-init.sh"' % user) configFile = "/home/%s/.gvm/etc/config" % user sed(configFile, 'gvm_auto_answer=false', 'gvm_auto_answer=true')
def deploy(): install_deps() sudo('test -e /var/lib/pgsql/data/pg_hba.conf || postgresql-setup initdb') enable_services(['memcached', 'postgresql']) with settings(warn_only=True, sudo_user='******'): sudo('createuser {0}'.format(env.user)) sudo('createdb --owner={0} vmdb_development'.format(env.user)) run('type bundle 2>/dev/null || gem install bundler -v "~>1.3"') run('test -d manageiq || git clone https://github.com/ManageIQ/manageiq') with cd('manageiq/vmdb'): run('bundle install --without qpid') with cd('manageiq'): run('vmdb/bin/rake build:shared_objects') with cd('manageiq/vmdb'): run('bundle install --without qpid') run('cp config/database.pg.yml config/database.yml') sed('config/database.yml', 'username: root', 'username: {0}'.format(env.user)) run('bin/rake db:migrate') enable_tcp_ports([3000])
def set_hostname(hostname): # TODO: reload MTA if not hostname or hostname == 'None': hostname = env.host need_sudo = am_not_root() with settings(warn_only=True): hosts_entry = run('grep "^127\.0\.1\.1 " /etc/hosts') line_to_append = '127.0.1.1 %s' % hostname if hosts_entry == line_to_append: pass elif not hosts_entry: # TODO: this should be placed right under the line ^127.0.0.1 append('/etc/hosts', '127.0.1.1 %s' % hostname, use_sudo=need_sudo) else: sed('/etc/hosts', '^(127\.0\.1\.1) (.*)$', '\\1 %s \\2' % hostname, use_sudo=need_sudo) if distro_flavour() == 'redhat': sed('/etc/sysconfig/network', '^HOSTNAME=.*', 'HOSTNAME=%s' % hostname, use_sudo=need_sudo) _run('hostname %s' % hostname, use_sudo=need_sudo) else: _run('echo %s > /etc/hostname' % hostname, use_sudo=need_sudo) _run('hostname -F /etc/hostname', use_sudo=need_sudo) if exists('/etc/mailname'): _run('echo %s > /etc/mailname' % hostname, use_sudo=need_sudo) # Restart logging service servicename = 'rsyslog' if exists('/etc/init.d/%s' % servicename): _run('service %s restart' % servicename, use_sudo=need_sudo) else: # CentOS<6 and old Ubuntus and some Debians might not use 'rsyslog' print 'WARN: Could not identify syslogging service. Please restart manually.'
def host(ipaddress, hostnames, use_sudo=False): """ Add a ipadress and hostname(s) in /etc/hosts file Example:: from fabtools import require require.network.host('127.0.0.1','hostname-a hostname-b') """ res = run_as_root('cat /etc/hosts | egrep "^%(ipaddress)s"' % locals()) if res.succeeded: m = re.match('^%(ipaddress)s (.*)' % locals(), res) # If ipadress allready exists if m: toadd = list() hostnames = hostnames.split(' ') inthehosts = m.group(1).split(' ') for h in hostnames: if h not in inthehosts: toadd.append(h) if len(toadd) > 0: print "ADD: %s" % toadd print res hostline = "%s %s" % (res, ' '.join(toadd)) with hide('stdout', 'warnings'): sed('/etc/hosts', res, hostline, use_sudo=use_sudo) else: hostline = "%s %s" % (res, hostnames) append('/etc/hosts', hostline, use_sudo=use_sudo)
def set_locale(): sed( '/etc/sysconfig/i18n', 'LANG=.*', 'LANG="ja_JP.UTF-8"', use_sudo = True )
def super(): init_directory() with cd(env.CIHEUL_DIR): #sudo("x=$(echo `pwd`/start_django.sh | sed \"s/\//\\\//g\"); sed -i \"s/{{command}}/$x/g\" /etc/supervisor/conf.d/ciheul.conf") #x = run("echo `pwd`/start_django.sh | sed \"s/\//\\\//g\"") x = run("echo `pwd`/start_django.sh") sed("/etc/supervisor/conf.d/ciheul.conf", "replace_cmd_path", x, use_sudo=True)
def oracle(): """ compile and install oracle drivers """ setup_env_for_user(env.user) run('mkdir -p %(admin_home_dir)s/~build' % env) with cd(env.base): run('rm -fr oracle*') run('mkdir -p oracle') with cd('oracle'): arch = run('uname -i') if arch == 'x86_64': run('find %(packages_cache)s -name "instantclient*86-64*" -exec unzip "{}" \;' % env) elif arch == 'i386': run('find %(packages_cache)s -name "instantclient*" -name "*86-64*" -exec unzip "{}" \;' % env) with cd('instantclient_*'): run('ln -sf libclntsh.so.11.1 libclntsh.so') env.oracle_home = run('find $PWD -type d -iname "instant*"' % env) sed("~/.bash_profile", "export LD_LIBRARY_PATH=.*", "export LD_LIBRARY_PATH=$SITE_ENV/lib:%(oracle_home)s:" % env) sed("~/bin/activate", "export ORACLE_HOME=.*", "export ORACLE_HOME=%(oracle_home)s:" % env) assert exists('%(oracle_home)s/libclntsh.so' % env) run('pip install cx_Oracle') run('mkdir -p ~/logs/oracle') run('ln -s ~/logs/oracle %(base)s/oracle/instantclient_11_2/log' % env) # test out = run('python -c "import cx_Oracle;print(222)"') assert out.startswith("222")
def install_rkhunter(email=None): """ Install and configure RootKit Hunter Default section: admin :param email: Email to send reports :type email: str """ opts = dict( email=email or get_envvar('email',section='admin') or err('Email must be set'), ) # install RKHunter apt_get('rkhunter') # send emails on warnings uncomment('/etc/rkhunter.conf', '#MAIL-ON-WARNING=me@mydomain root@mydomain', use_sudo=True) sed('/etc/rkhunter.conf', 'me@mydomain root@mydomain', opts['email'], use_sudo=True) # ignore some Ubuntu specific files uncomment('/etc/rkhunter.conf', '#ALLOWHIDDENDIR=\/dev\/.udev', use_sudo=True) uncomment('/etc/rkhunter.conf', '#ALLOWHIDDENDIR=\/dev\/.static', use_sudo=True) uncomment('/etc/rkhunter.conf', '#ALLOWHIDDENDIR=\/dev\/.initramfs', use_sudo=True)
def disable_password_authentication(): """ Disables password authentication. """ configuration_file = '/etc/ssh/sshd_config' # ensure pubkey authentication is enabled if not contains(configuration_file, '^PubkeyAuthentication yes', escape=False): # patterns before = '^#?PubkeyAuthentication.*$' after = 'PubkeyAuthentication yes' sed(configuration_file, before, after, use_sudo=True) print(green('Pubkey authentication enabled.')) else: print(green('Pubkey authentication already enabled.')) # disable password authentication if not contains(configuration_file, '^PasswordAuthentication no', escape=False): # patterns before = '^#?PasswordAuthentication.*$' after = 'PasswordAuthentication no' sed(configuration_file, before, after, use_sudo=True) print(green('Password authentication disabled.')) else: print(green('Password authentication already disabled.'))
def build_statics(env, version): code_path = get_code_path(env, version) # build player skin with cd(code_path): for subsite in SUBSITES: loc = subsite.location def getPath(path): return "{project}/{subsite}/static/{path}".format(project=PROJECTNAME, subsite=loc, path=path) style = subsite.styles if not files.exists(getPath("css")): run("mkdir -p {}".format(getPath("css"))) if style.hasBuster: files.sed(getPath("less/cachebuster.less"), "CACHEBUSTTOKEN", '"{}"'.format(getShortToken(version))) for stylesheet in style.list: run("~/node_modules/less/bin/lessc {project}/{subsite}/static/less/{stylesheet} --yui-compress {project}/{subsite}/static/css/{outname}.min.css".format(project=PROJECTNAME, subsite=loc, stylesheet=stylesheet, outname = stylesheet.rsplit(".")[0])) for subsite in SUBSITES: if subsite.scripts: if not files.exists("{project}/{subsite}/static/scripts/build/".format(project=PROJECTNAME, subsite=subsite.location)): run("mkdir -p {project}/{subsite}/static/scripts/build/".format(project=PROJECTNAME, subsite=subsite.location)) customs = " ".join(["{project}/{subsite}/static/scripts/{script}".format(project=PROJECTNAME, subsite=subsite.location, script = script) for script in subsite.scripts]) run("java -jar ~/resources/compiler.jar --compilation_level SIMPLE_OPTIMIZATIONS \ --js {customs} \ --warning_level QUIET --js_output_file {project}/{subsite}/static/scripts/build/site.js".format(project=PROJECTNAME, subsite=subsite.location, customs = customs)) run("echo {} > ./VERSION_TOKEN".format(getShortToken(version)))
def ensure_hostname(self, hostname): """ Ensure a fixed hostname <em>Parameters</em> hostname - Hostname to be created <em>Sample usage</em> class MySampleRole(Role): def provision(self): with self.using(HostNameRole) as role: role.ensure_hostname('rabbit') """ path = "/etc/sysconfig/network" file = self.read_remote_file(path) hostname_line = "HOSTNAME={0}".format(hostname) if hostname == self.execute("hostname"): return False self.log("Setting up hostname") if "HOSTNAME" not in file: self.ensure_line(hostname_line, stdout=False, sudo=True) else: with settings(hide("warnings", "running", "stdout")): sed(path, "HOSTNAME=.*", hostname_line, use_sudo=True) self.execute('hostname "{0}"'.format(hostname), stdout=False, sudo=True) self.log("Hostname %s added" % hostname) return True
def sys_ssh_disable_password_authentication(): """ Diable password authentication - Ex: (cmd)""" sshd_config = '/etc/ssh/sshd_config' files.sed(sshd_config, before='\s*#\s*\sPasswordAuthentication\s*(yes|no)', after='PasswordAuthentication no',use_sudo=True) files.sed(sshd_config, before='\s*PasswordAuthentication\s*yes', after='PasswordAuthentication no',use_sudo=True) sudo('service ssh reload') sys_etc_git_commit('Disable password authentication')
def _update_settings(source_folder, site_name): settings_path = source_folder + '/superlists/settings.py' sed(settings_path, "DEBUG = True", "DEBUG = False") sed(settings_path, 'ALLOWED_HOSTS =.+$', 'ALLOWED_HOSTS = ["%s"]' % (site_name, )) secret_key_file = source_folder + '/superlists/secret_key.py' if not exists(secret_key_file): chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)' key = ''.join(random.SystemRandom().choice(chars) for _ in range(50)) append(secret_key_file, "SECRET_KEY = '%s'" % (key, )) append(settings_path, '\nfrom .secret_key import SECRET_KEY')
def _update_settings(source_folder, site_name): settings_path = source_folder + '/tutorial/settings.py' sed(settings_path, 'DEBUG = True', 'DEBUG = False') sed(settings_path, 'ALLOWED_HOSTS =.+$', f'ALLOWED_HOSTS = ["{site_name}"]') secret_key_file = source_folder + '/tutorial/secret_key.py' if not exists(secret_key_file): chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)' key = ''.join(random.SystemRandom().choice(chars) for _ in range(50)) append(secret_key_file, f'SECRET_KEY = "{key}"') append(settings_path, '\nfrom .secret_key import SECRET_KEY')
def _update_settings(source_folder, site_name): """обновить настройки""" settings_path = source_folder + "/superlists/settings.py" sed(settings_path, "DEBUG = True", "DEBUG = False") sed(settings_path, "ALLOWED_HOSTS = .+$", f"ALLOWED_HOSTS = [\"{site_name}\"]") secret_key_file = source_folder + "/superlists/secret_key.py" if not exists(secret_key_file): chars = "abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)" key = "".join(random.SystemRandom().choice(chars) for _ in range(50)) append(secret_key_file, f"SECRET_KEY = \"{key}\"") append(settings_path, "\nfrom .secret_key import SECRET_KEY")
def _update_settings(mconf): src_dir = '%s/source' % (mconf['app_path']) settings_path = '%s/%s/settings.py' % (src_dir, mconf['module_name']) sed(settings_path, 'DEBUG = True', 'DEBUG = False') sed(settings_path, 'ALLOWED_HOSTS =.+$', 'ALLOWED_HOSTS = ["%s"]' % (mconf['site_name'], )) secret_key_file = '%s/%s/secret_key.py' % (src_dir, mconf['module_name']) if not exists(secret_key_file): chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)' key = ''.join(random.SystemRandom().choice(chars) for _ in range(50)) append(secret_key_file, "SECRET_KEY = '%s'" % (key, )) append(settings_path, '\nfrom .secret_key import SECRET_KEY')
def fix_plugins_1(): """run some fix plugins""" # copie des plugins corriges put('/srv/awl_bfi_fabric/data/checktool/l_pci_clamav.sh', '/usr/lib/checktoolV2/plugins/l_pci_clamav.sh', use_sudo=True, mode=0755) put('/srv/awl_bfi_fabric/data/checktool/l_pci_yumupdate.sh', '/usr/lib/checktoolV2/plugins/l_pci_yumupdate.sh', use_sudo=True, mode=0755) put('/srv/awl_bfi_fabric/data/checktool/l_pci_rsyslog.sh', '/usr/lib/checktoolV2/plugins/l_pci_rsyslog.sh', use_sudo=True, mode=0755) put('/srv/awl_bfi_fabric/data/checktool/l_pci_ssh_access.sh', '/usr/lib/checktoolV2/plugins/l_pci_ssh_access.sh', use_sudo=True, mode=0755) put('/srv/awl_bfi_fabric/data/checktool/l_pci_auditd.sh', '/usr/lib/checktoolV2/plugins/l_pci_auditd.sh', use_sudo=True, mode=0755) # Application des droits pour les plugins corriges sudo('chown root:root /usr/lib/checktoolV2/plugins/l_pci_clamav.sh') sudo('chown root:root /usr/lib/checktoolV2/plugins/l_pci_yumupdate.sh') sudo('chown root:root /usr/lib/checktoolV2/plugins/l_pci_rsyslog.sh') sudo('chown root:root /usr/lib/checktoolV2/plugins/l_pci_ssh_access.sh') sudo('chown root:root /usr/lib/checktoolV2/plugins/l_pci_auditd.sh') sed('/etc/nagios/nrpe.cfg', before='dont_blame_nrpe=1', after='dont_blame_nrpe=0', use_sudo=True, backup='.bak', flags='', shell=False) # relance du service nrpe if sudo('''cat /etc/redhat-release | grep 'release 7' ''', quiet=True): x = sudo("systemctl restart nrpe.service") if x.succeeded: print 'NRPE service restarted' else: print 'NRPE service failed' else: x = sudo("service nrpe reload") if x.succeeded: print 'NRPE service reloaded' else: print 'NRPE service failed'
def _update_settings(source_folder, site_name): settings_path = source_folder + '/superlists/settings.py' sed(settings_path, 'DEBUG = True', 'DEBUG = False') sed(settings_path, 'ALLOWED_HOSTS =.+$', 'ALLOWED_HOSTS = ["%s"]' % site_name) # I'm not convinced about this key generating files. secret_key_file = source_folder + '/superlists/secret_key.py' if not exists(secret_key_file): chars = 'arbitrary_chars_for_randomness' key = ''.join(random.SystemRandom().choice(chars) for _ in range(50)) append(secret_key_file, "SECRET_KEY = '%s'" % key) append(settings_path, '\nfrom .secret_key import SECRET_KEY')
def deploy_project(project): # Put apps....change settings to get project apps automagically put(project,PYLIBS,use_sudo=True) with fab_settings(warn_only=True): for projdir in filter(os.path.isdir,glob.glob('*')): if projdir != 'shared' and projdir != 'data': put(projdir,PYLIBS,use_sudo=True) put('requirements.txt',GEONODEDIR,use_sudo=True) with cd(GEONODEDIR), prefix(ACT): sudo('pip install -r requirements.txt') sudo('rm requirements.txt') put('%s/%s.apache' % (project,project),'/etc/apache2/sites-available/%s' % project, use_sudo=True) sed('/etc/apache2/sites-available/%s' % project, 'REPLACE_WITH_SITEDIR', PYLIBS, use_sudo=True)
def _update_settings(site_name): settings_path = 'abiesmerger/settings.py' sed(settings_path, "DEBUG = True", "DEBUG = False") sed(settings_path, 'ALLOWED_HOSTS =.+$', f'ALLOWED_HOSTS = ["{site_name}"]' ) secret_key_file = 'abiesmerger/secret_key.py' if not exists(secret_key_file): chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)' key = ''.join(random.SystemRandom().choices(chars, k=50)) append(secret_key_file, f'SECRET_KEY = "{key}"') append(settings_path, '\nfrom .secret_key import SECRET_KEY')
def update_settings(self): settings_path = self.superlists_folder + "/superlists/settings.py" sed(settings_path, "DEBUG = True", "DEBUG = False") sed(settings_path, "DOMAIN = \"localhost\"", "DOMAIN = \"%s\"" % self.host) secret_key_file = self.superlists_folder + "/superlists/secret_key.py" if not exists(secret_key_file): chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)' key = ''.join(random.SystemRandom().choice(chars) for _ in range(50)) append(secret_key_file, "SECRET_KEY = '%s'" % key) append(settings_path, "\nfrom .secret_key import SECRET_KEY")
def _update_settings(source_folder, host, project_name): settings_file = f'{source_folder}/{project_name}/settings/production.py' # sed(settings_file, 'DEBUG = True', 'DEBUG = False') sed(settings_file, 'ALLOWED_HOSTS = .+$', f'ALLOWED_HOSTS = ["{host}"]' ) # Secret key secret_key_file = f'{source_folder}/{project_name}/settings/secret_key.py' if not exists(secret_key_file): chars = "abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)" secret_key = ''.join(random.SystemRandom().choice(chars) for _ in range(50)) append(secret_key_file, f'SECRET_KEY = "{secret_key}"')
def _update_settings(source_folder, site_name): settings_path = source_folder + '/superlists/settings.py' static_folder = f'/home/{env.user}/sites/{env.host}/static/' sed(settings_path, "DEBUG = True", "DEBUG = False") sed(settings_path, 'ALLOWED_HOSTS = .+$', f'ALLOWED_HOSTS = ["{site_name}"]') secret_key_file = source_folder + '/superlists/secret_key.py' if not exists(secret_key_file): chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)' key = ''.join(random.SystemRandom().choice(chars) for _ in range(50)) append(secret_key_file, f'SECRET_KEY = "{key}"') append(settings_path, '\nfrom .secret_key import SECRET_KEY') append(settings_path, f'STATIC_ROOT = "{static_folder}"')
def deploy(revision=None): if revision is not None and env.name != 'production': sudo( 'curl -sL 169.254.169.254/latest/user-data | egrep -v \'chef-run|apt-get|pip|opscode.com\' | sudo bash' ) sed('/tmp/node.json', '("revision":)[^\,]*(\,)?', '\\1 "%s"\\2' % revision, use_sudo=True) sudo('chef-solo -c /tmp/solo.rb | tee /tmp/chef-run.log') else: run('curl -sL 169.254.169.254/latest/user-data | egrep -v \'apt-get|pip|opscode.com\' | sudo bash' )
def harden_sshd(): """Security harden sshd. """ # Disable password authentication sed('/etc/ssh/sshd_config', '#PasswordAuthentication yes', 'PasswordAuthentication no', use_sudo=True) # Deny root login sed('/etc/ssh/sshd_config', 'PermitRootLogin yes', 'PermitRootLogin no', use_sudo=True)
def _update_settings(): settings_path = project_folder + '/{}/settings.py'.format(PROJECT_NAME) sed(settings_path, "DEBUG = True", "DEBUG = False") sed(settings_path, 'ALLOWED_HOSTS = .+$', 'ALLOWED_HOSTS = ["%s"]' % (REMOTE_HOST,) ) secret_key_file = project_folder + '/{}/secret_key.py'.format(PROJECT_NAME) if not exists(secret_key_file): chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)' key = ''.join(random.SystemRandom().choice(chars) for _ in range(50)) append(secret_key_file, "SECRET_KEY = '%s'" % (key,)) append(settings_path, '\nfrom .secret_key import SECRET_KEY')
def masquerade(): """Set up masquerading so that a box with two NICs can act as a router. """ # Set up masquerade so that one host can act as a NAT gateway for a network # of hosts. #http://forums.fedoraforum.org/archive/index.php/t-178224.html rc_file = '/etc/rc.local' rule_1 = '/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE' rule_2 = 'echo 1 > /proc/sys/net/ipv4/ip_forward' if not contains(rc_file, rule_1): sed(rc_file, '^exit 0', '#exit 0', use_sudo=True) append(rc_file, rule_1, use_sudo=True) append(rc_file, rule_2, use_sudo=True)
def _update_settings(source_folder, site_name): settings_path = source_folder + '/superlists/settings.py' sed(settings_path, "DEBUG = True", "DEBUG = False") sed(settings_path, 'ALLOWED_HOSTS = .+$', f'ALLOWED_HOSTS = ["{site_name}"]') secret_key_file = source_folder + '/superlists/secret_key.py' if not exists(secret_key_file): chars = string.ascii_lowercase + string.digits + '!@#$%^&*(-_=+)' key = ''.join(random.SystemRandom().choice(chars) for _ in range(50)) append(secret_key_file, f'SECRET_KEY = "{key}"') append(settings_path, '\nfrom .secret_key import SECRET_KEY')
def _update_settings(site_name): settings_path = 'superlists/settings.py' sed(settings_path, "DEBUG = True", "DEBUG = False") sed(settings_path, 'ALLOWED_HOSTS =.+$', f'ALLOWED_HOSTS = ["{site_name}"]') secret_key_file = 'superlists/secret_key.py' if not exists(secret_key_file): chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)' key = ''.join(random.SystemRandom().choices(chars, k=50)) append(secret_key_file, f'SECRET_KEY = "{key}"') append( settings_path, '\nfrom .secret_key import SECRET_KEY' ) # append - adds a line to the end of a file (won't do that if the line is already there)
def run_services( host, settings_dict, envs=None, verbose=None, ): """ Install OS with COI on control and compute servers :param conf: configuration of lab boxes :param settings_dict: settings dictionary for Fabric :param envs: environment variables to inject when executing job :param verbose: if to hide all output or print everything """ envs = envs or {} verbose = verbose or [] if settings_dict['user'] != 'root': run_func = sudo use_sudo_flag = True else: run_func = run use_sudo_flag = False print >> sys.stderr, "FABRIC connecting to", settings_dict["host_string"], with settings(**settings_dict), hide(*verbose), shell_env(**envs): with cd("/root/"): update_time(run_func) run_func("apt-get update") run_func('DEBIAN_FRONTEND=noninteractive apt-get -y ' '-o Dpkg::Options::="--force-confdef" -o ' 'Dpkg::Options::="--force-confold" dist-upgrade') run_func("apt-get install -y git") run_func( "git clone -b icehouse https://github.com/CiscoSystems/puppet_openstack_builder" ) ## run the latest, not i.0 release sed("/root/puppet_openstack_builder/install-scripts/cisco.install.sh", "icehouse/snapshots/i.0", "icehouse-proposed", use_sudo=use_sudo_flag) sed("/root/puppet_openstack_builder/data/hiera_data/vendor/cisco_coi_common.yaml", "/snapshots/i.0", "-proposed", use_sudo=use_sudo_flag) with cd("/root/puppet_openstack_builder/install-scripts"): warn_if_fail(run_func("./setup.sh")) warn_if_fail(run_func('puppet agent --enable')) warn_if_fail( run_func( "puppet agent -td --server=build-server.domain.name --pluginsync" )) collect_logs(run_func=run_func, hostname=host["hostname"])
def _install_nginx(env): """Nginx open source web server. http://www.nginx.org/ """ version = "1.2.0" url = "http://nginx.org/download/nginx-%s.tar.gz" % version install_dir = os.path.join(env.install_dir, "nginx") remote_conf_dir = os.path.join(install_dir, "conf") # Skip install if already present if exists(remote_conf_dir) and contains(os.path.join(remote_conf_dir, "nginx.conf"), "/cloud"): env.logger.debug("Nginx already installed; not installing it again.") return with _make_tmp_dir() as work_dir: with contextlib.nested(cd(work_dir), settings(hide('stdout'))): modules = _get_nginx_modules(env) module_flags = " ".join(["--add-module=../%s" % x for x in modules]) run("wget %s" % url) run("tar xvzf %s" % os.path.split(url)[1]) with cd("nginx-%s" % version): run("./configure --prefix=%s --with-ipv6 %s " "--user=galaxy --group=galaxy --with-debug " "--with-http_ssl_module --with-http_gzip_static_module" % (install_dir, module_flags)) sed("objs/Makefile", "-Werror", "") run("make") sudo("make install") sudo("cd %s; stow nginx" % env.install_dir) defaults = {"galaxy_home": "/mnt/galaxyTools/galaxy-central"} _setup_conf_file(env, os.path.join(remote_conf_dir, "nginx.conf"), "nginx.conf", defaults=defaults) nginx_errdoc_file = 'nginx_errdoc.tar.gz' url = os.path.join(REPO_ROOT_URL, nginx_errdoc_file) remote_errdoc_dir = os.path.join(install_dir, "html") with cd(remote_errdoc_dir): sudo("wget --output-document=%s/%s %s" % (remote_errdoc_dir, nginx_errdoc_file, url)) sudo('tar xvzf %s' % nginx_errdoc_file) sudo("mkdir -p %s" % env.install_dir) if not exists("%s/nginx" % env.install_dir): sudo("ln -s %s/sbin/nginx %s/nginx" % (install_dir, env.install_dir)) # If the guessed symlinking did not work, force it now cloudman_default_dir = "/opt/galaxy/sbin" if not exists(cloudman_default_dir): sudo("mkdir -p %s" % cloudman_default_dir) if not exists(os.path.join(cloudman_default_dir, "nginx")): sudo("ln -s %s/sbin/nginx %s/nginx" % (install_dir, cloudman_default_dir)) env.logger.debug("Nginx {0} installed to {1}".format(version, install_dir))
def install_postgresql(ver=None): """ Install PostgreSQL server """ # simple settings helper http://pgtune.leopard.in.ua/ assert ver in SUPPORT_POSTGRESQL_VERSIONS or ver is None check_sudo() check_os() if not confirm('Do you want to install PostreSQL{}?'.format( ' {}'.format(ver) if ver else '')): return allow_versions = ', '.join(SUPPORT_POSTGRESQL_VERSIONS) while ver not in SUPPORT_POSTGRESQL_VERSIONS: ver = prompt( 'Write PostgreSQL version you need ({}):'.format(allow_versions), default=SUPPORT_POSTGRESQL_VERSIONS[-1]) print_green('INFO: Install PostreSQL {}...'.format(ver)) set_apt_repositories(POSTGRESQL_REPOSITORIES, POSTGRESQL_REPOS_INSTALL_KEYS_COMMANDS, subconf_name='postgres') apt_update() apt_install( 'postgresql-{ver} postgresql-server-dev-{ver} libpq-dev'.format( ver=ver), noconfirm=True) set_postgresql_user_password( 'postgres', password_prompt('Set password to superuser postgres')) la = prompt( 'Set listen_addresses (hostname or ip, comma separated; set * for all)', default='localhost', validate='[\w\.\-\*]+').strip() t = BytesIO() postgresql_conf = '/etc/postgresql/{}/main/postgresql.conf'.format(ver) get(postgresql_conf, local_path=t, use_sudo=True) t = BytesIO( re.sub(br"#listen_addresses = 'localhost'", r"listen_addresses = '{}'".format(la).encode(), t.getvalue())) put(t, postgresql_conf, use_sudo=True) sudo('chown postgres:postgres {}'.format(postgresql_conf)) sudo('chmod 644 {}'.format(postgresql_conf)) hba = '/etc/postgresql/{}/main/pg_hba.conf'.format(ver) sed(hba, r'(local\s+all\s+all\s+)peer', r'\1md5', use_sudo=True) if confirm('Do you want to allow connect to PostgreSQL from out?'): append( hba, 'host all all 0.0.0.0/0 md5', use_sudo=True) install_postgis(postgres_ver=ver) if confirm('Do you want to restart PostgreSQL?'): service_restart('postgresql') print_green('INFO: Install PostreSQL {}... OK'.format(ver))
def _update_settings(source_folder, site_domain): settings_path = source_folder + '/' + APP_NAME + '/settings.py' sed(settings_path, "DEBUG = True", "DEBUG = False") sed( settings_path, 'ALLOWED_HOSTS =.+$', # 'ALLOWED_HOSTS = ["{}"]'.format("*") 'ALLOWED_HOSTS = ["{}"]'.format(site_domain)) secret_key_file = source_folder + '/' + APP_NAME + '/secret_key.py' if not exists(secret_key_file): chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)' key = ''.join(random.SystemRandom().choice(chars) for _ in range(50)) append(secret_key_file, "SECRET_KEY = '{}'".format(key)) append(settings_path, '\nfrom .secret_key import SECRET_KEY')
def _update_settings(source_folder, site_name): """ Update django settings for allowed hosts, debug mode and secret key. """ settings_path = source_folder + '/superlists/settings.py' sed(settings_path, "DEBUG = True", "DEBUG = False") sed(settings_path, 'ALLOWED_HOSTS = .+$', f'ALLOWED_HOSTS = ["{site_name}"]') secret_key_file = source_folder + '/superlists/secret_key.py' if not exists(secret_key_file): chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)' key = ''.join(random.SystemRandom().choice(chars) for _ in range(50)) append(secret_key_file, f'SECRET_KEY = "{key}"') append(settings_path, '\nfrom .secret_key import SECRET_KEY')
def configure_ssh(): """ Change sshd_config defaults: Change default port Disable root login Disable password login Restrict to only login group """ ssh_config = u'/etc/ssh/sshd_config' files.sed(ssh_config, u"Port 22$", u"Port %s" % env.ssh_port, use_sudo=True) files.sed(ssh_config, u"PermitRootLogin yes", u"PermitRootLogin no", use_sudo=True) files.append(ssh_config, u"AllowGroups login", use_sudo=True) files.append(ssh_config, u"PasswordAuthentication no", use_sudo=True) service_command(u'ssh', u'reload')
def nginx_config(projectID='2345', template='McGraw-Demo', domain='mydemo.com'): env.user = env.not_root env.password = env.not_root_passwd virtualenv_path = '/home/%s/virtualenvs/%s' % (env.user, projectID) project_path = os.path.join(virtualenv_path, template) nginx_conf_path = os.path.join('/etc/nginx/sites-available', projectID) upload_template(os.path.join(env.local_template_dir, 'nginx_site_config'), nginx_conf_path, use_sudo=True) sed(nginx_conf_path, '\$\{domain\}', domain, use_sudo=True) sed(nginx_conf_path, '\$\{projectID\}', projectID, use_sudo=True) sed(nginx_conf_path, '\$\{virtualenv_path\}', virtualenv_path, use_sudo=True) sed(nginx_conf_path, '\$\{project_path\}', project_path, use_sudo=True) sudo('rm %s.bak' % (nginx_conf_path)) sudo('ln -s /etc/nginx/sites-available/%s /etc/nginx/sites-enabled/%s' % (projectID, projectID)) sudo('/etc/init.d/nginx stop') sudo('/etc/init.d/nginx start')
def disable_root_login(): """ Disables root login authentication over SSH. """ configuration_file = '/etc/ssh/sshd_config' if not contains(configuration_file, '^PermitRootLogin no', escape=False): # patterns before = '^#?PermitRootLogin.*$' after = 'PermitRootLogin no' sed(configuration_file, before, after, use_sudo=True) print(green('Root login disabled.')) else: print(green('Root login already disabled.'))
def userSetup(): _new_user(env.not_root, env.not_root_passwd) env.user = env.not_root env.password = env.not_root_passwd append( "~/.bashrc", "export WORKON_HOME=$HOME/virtualenvs\n\ export PROJECT_HOME=$HOME/projects\n\ source /usr/local/bin/virtualenvwrapper.sh") with cd("/home/%s" % (env.user)): upload_template('/home/kevin/McGraw/templates/bashprofile_template', '.bash_profile') sed('.bash_profile', '\{\{!USER!\}\}', env.user) run("source .bashrc")
def _agentip(config): ''' Use this task to control what IP is used for opscenter ''' src_file = "configs/{}/address.yaml".format(config) dest_file = "/var/lib/datastax-agent/conf/address.yaml" put(src_file, dest_file, use_sudo=True) aftertext = 'hosts: ["{}"]'.format(env.host_string) sed(dest_file, before='hosts: \["\$HOST"\]', after=aftertext, use_sudo=True, backup='')
def create_redirects(): remote = '%(basepath)s/releases/%(release)s/redirects.conf' % env remoteblog = '%(basepath)s/releases/%(release)s/blogredirects.conf' % env if os.access("redirects.txt", os.R_OK): put("redirects.txt", remote) sed(remote, '^(.*[^;]);?$', 'rewrite \\1 redirect;') else: warn(yellow(">>> File redirects.txt not found -- removing all redirections")) run('touch %s' % remote) put("blogredirects.txt", remoteblog) sed(remoteblog, '^(.*[^;]);?$', '\\1;')
def _expand_template(self, fp, use_sudo=False, flags='i', **mappings): fmappings = { '<usr>': self.ctx.user, '<host>': self.ctx.host, '<site>': self.ctx.site, '<project>': self.ctx.project } fmappings.update(mappings) for before, after in fmappings.items(): files.sed(fp, before, after, use_sudo=use_sudo or False, flags=flags or 'i')
def remove(option): """ Remove option line from remote settings.ini """ option = option.lower() before = '%s = .*' % option after = '' if contains(env.PROJECT.settings, before): sed(env.PROJECT.settings, before, after, backup='') # sanity check assert not contains(env.PROJECT.settings, '%s.*' % option), 'Config found: "%s"' % option