def install_mysql_replication(args): ''' Setup and start the database replication in master-master mode. This function should be executed on the secondary master, after the primary master has been configured. ''' app.print_verbose("Install mysql replication version: %d" % SCRIPT_VERSION) version_obj = version.Version("install-mysql-replication", SCRIPT_VERSION) version_obj.check_executed() general.wait_for_server_to_start(config.general.get_mysql_primary_master_ip(), "3306") repl_password=general.generate_password(20) for ip in [config.general.get_mysql_primary_master_ip(), config.general.get_mysql_secondary_master_ip()]: mysql_exec("stop slave;", True, ip) mysql_exec("delete from mysql.user where User = '******';", True, ip) mysql_exec("flush privileges;", True, ip) mysql_exec("GRANT REPLICATION SLAVE ON *.* TO 'repl'@'" + config.general.get_mysql_primary_master_ip() + "' IDENTIFIED BY '" + repl_password + "';", True, ip) mysql_exec("GRANT REPLICATION SLAVE ON *.* TO 'repl'@'" + config.general.get_mysql_secondary_master_ip() + "' IDENTIFIED BY '" + repl_password + "';", True, ip) if (ip==config.general.get_mysql_primary_master_ip()): mysql_exec("CHANGE MASTER TO MASTER_HOST='" + config.general.get_mysql_secondary_master_ip() + "', MASTER_USER='******', MASTER_PASSWORD='******'", True, ip) else: mysql_exec("CHANGE MASTER TO MASTER_HOST='" + config.general.get_mysql_primary_master_ip() + "', MASTER_USER='******', MASTER_PASSWORD='******'", True, ip) mysql_exec("start slave;", True, ip) version_obj.mark_executed()
def _setup_radius_client(name, ip): ''' Setup radius client config file. And generating password and iptables rules ''' o = open("/etc/raddb/clients.conf","a") o.write ("client " + name +" {" "\n") o.write ("\tipaddr = {0}\n".format(ip)) o.write ("\tsecret = {0}\n".format(generate_password(20, string.letters + string.digits))) o.write ("\tnastype = other\n") o.write ("\t}\n\n") o.close()
def _setup_radius_client(name, ip): ''' Setup radius client config file. And generating password and iptables rules ''' o = open("/etc/raddb/clients.conf", "a") o.write("client " + name + " {" "\n") o.write("\tipaddr = {0}\n".format(ip)) o.write("\tsecret = {0}\n".format( generate_password(20, string.letters + string.digits))) o.write("\tnastype = other\n") o.write("\t}\n\n") o.close()
def install_purge_db(): ''' Install a script that purges mysql from old rows every hour. ''' # Setup user for purge script. sql_password = generate_password(20, string.letters + string.digits) mysqlUtils.drop_user('purgelogdb') mysqlUtils.create_user('purgelogdb', sql_password, 'Syslog', 'SELECT, DELETE') # Script should be executed once every hour. fn = "/etc/cron.hourly/purge-db.sh" x("cp -f {0}var/rsyslog/purge-db.sh {1}".format(app.SYCO_PATH, fn)) x("chmod +x {0}".format(fn)) logSql = scOpen(fn) logSql.replace("${MYSQL_PASSWORD}", sql_password)
def install_mysql_replication(args): ''' Setup and start the database replication in master-master mode. This function should be executed on the secondary master, after the primary master has been configured. ''' app.print_verbose("Install mysql replication version: %d" % SCRIPT_VERSION) version_obj = version.Version("install-mysql-replication", SCRIPT_VERSION) version_obj.check_executed() general.wait_for_server_to_start( config.general.get_mysql_primary_master_ip(), "3306") repl_password = general.generate_password(20) for ip in [ config.general.get_mysql_primary_master_ip(), config.general.get_mysql_secondary_master_ip() ]: mysql_exec("stop slave;", True, ip) mysql_exec("delete from mysql.user where User = '******';", True, ip) mysql_exec("flush privileges;", True, ip) mysql_exec( "GRANT REPLICATION SLAVE ON *.* TO 'repl'@'" + config.general.get_mysql_primary_master_ip() + "' IDENTIFIED BY '" + repl_password + "';", True, ip) mysql_exec( "GRANT REPLICATION SLAVE ON *.* TO 'repl'@'" + config.general.get_mysql_secondary_master_ip() + "' IDENTIFIED BY '" + repl_password + "';", True, ip) if (ip == config.general.get_mysql_primary_master_ip()): mysql_exec( "CHANGE MASTER TO MASTER_HOST='" + config.general.get_mysql_secondary_master_ip() + "', MASTER_USER='******', MASTER_PASSWORD='******'", True, ip) else: mysql_exec( "CHANGE MASTER TO MASTER_HOST='" + config.general.get_mysql_primary_master_ip() + "', MASTER_USER='******', MASTER_PASSWORD='******'", True, ip) mysql_exec("start slave;", True, ip) version_obj.mark_executed()
def _setup_icinga_web_mysql(): ''' Set up a mysql database for icinga-web ''' # Generate a random password and add the icinga_web user web_sqlpassword = generate_password(40, chars=string.letters+string.digits) mysqlUtils.create_user('icinga-web', web_sqlpassword, 'icinga_web') # Build database tables from supplied schema x("mysql --user='******' --password='******' -e 'CREATE DATABASE icinga_web'".format("icinga-web",re.escape(web_sqlpassword))) x("mysql icinga_web --user='******' --password='******' < /usr/share/doc/icinga-web-{2}/schema/mysql.sql".format("icinga-web",re.escape(web_sqlpassword),_get_icinga_version())) # Append a login password for "icingaadmin". x("mysql --user='******' --password='******' < {2}syco-private/var/nagios/{3}".format("icinga-web",re.escape(web_sqlpassword), constant.SYCO_USR_PATH,"icinga_password.sql")) return web_sqlpassword
def install_mariadb_replication(args): """ Setup and start the database replication in master-master mode. This function should be executed on the secondary master, after the primary master has been configured. """ app.print_verbose( "Install MariaDB replication version: %d" % SCRIPT_VERSION ) version_obj = version.Version("install-mariadb-replication", SCRIPT_VERSION) version_obj.check_executed() current_host_config = config.host(net.get_hostname()) repl_peer = current_host_config.get_option("repl_peer") general.wait_for_server_to_start(repl_peer, "3306") repl_password = general.generate_password(20) front_ip = current_host_config.get_front_ip() for ip in ["127.0.0.1", repl_peer]: mysql_exec("stop slave;", True, ip) mysql_exec("delete from mysql.user where User = '******'", True, ip) mysql_exec("flush privileges;", True, ip) mysql_exec( "GRANT REPLICATION SLAVE ON *.* TO " + "'repl'@'%s' IDENTIFIED BY '%s'," % (repl_peer, repl_password) + "'repl'@'%s' IDENTIFIED BY '%s'" % (front_ip, repl_password), True, ip) if ip == "127.0.0.1": mysql_exec( "CHANGE MASTER TO MASTER_HOST='%s', " % repl_peer + "MASTER_USER='******', MASTER_PASSWORD='******'" % repl_password, True, ip ) else: mysql_exec( "CHANGE MASTER TO MASTER_HOST='%s', " % front_ip + "MASTER_USER='******', MASTER_PASSWORD='******'" % repl_password, True, ip ) mysql_exec("start slave;", True, ip) version_obj.mark_executed()
def install_rsyslogd(args): ''' Install rsyslogd on the server. ''' app.print_verbose("Install rsyslogd.") version_obj = version.Version("InstallRsyslogd", SCRIPT_VERSION) version_obj.check_executed() # Initialize all passwords used by the script app.init_mysql_passwords() # Setup syco dependencies. if not os.path.exists('/etc/init.d/mysqld'): install_mysql(["", "1", "1G"]) # Installing packages x("yum install rsyslog rsyslog-gnutls rsyslog-mysql gnutls-utils -y") # Autostart rsyslog at boot x("chkconfig rsyslog on") # Generation new certs if no certs exsists if not os.path.exists('/etc/pki/rsyslog/ca.crt'): rsyslog_newcerts(args) sql_password = generate_password(20, string.letters + string.digits) _setup_database(sql_password) _setup_rsyslogd(sql_password) # Add iptables chains iptables.add_rsyslog_chain("server") iptables.save() # Restarting service x("/etc/init.d/rsyslog restart") install_purge_db() install_compress_logs() # Configure logrotate installLogrotate.install_logrotate(args) version_obj.mark_executed()
def install_rsyslogd(args): ''' Install rsyslogd on the server. ''' app.print_verbose("Install rsyslogd.") version_obj = version.Version("InstallRsyslogd", SCRIPT_VERSION) version_obj.check_executed() # Initialize all passwords used by the script app.init_mysql_passwords() # Setup syco dependencies. if not os.path.exists('/etc/init.d/mysqld'): install_mysql(["","1","1G"]) # Installing packages x("yum install rsyslog rsyslog-gnutls rsyslog-mysql gnutls-utils -y") # Autostart rsyslog at boot x("chkconfig rsyslog on") # Generation new certs if no certs exsists if not os.path.exists('/etc/pki/rsyslog/ca.crt'): rsyslog_newcerts(args) sql_password = generate_password(20, string.letters + string.digits) _setup_database(sql_password) _setup_rsyslogd(sql_password) # Add iptables chains iptables.add_rsyslog_chain("server") iptables.save() # Restarting service x("/etc/init.d/rsyslog restart") install_purge_db() install_compress_logs() # Configure logrotate installLogrotate.install_logrotate(args) version_obj.mark_executed()
def _setup_icinga_mysql(): ''' Set up a mysql database for icinga ''' # Create and configure. Install hardened MySQL if needed. if not os.path.exists('/etc/init.d/mysqld'): install_mysql(["","1","1G"]) sqlpassword = generate_password(40,chars=string.letters+string.digits) # Create MySQL icinga user mysqlUtils.drop_user('icinga') mysqlUtils.create_user('icinga', sqlpassword, 'icinga') # Create MySQL database schema for icinga. x("mysql --user='******' --password='******' -e 'CREATE DATABASE icinga'".format("icinga",re.escape(sqlpassword))) x("mysql icinga --user='******' --password='******' < /usr/share/doc/icinga-idoutils-libdbi-mysql-{2}/db/mysql/mysql.sql".format("icinga",re.escape(sqlpassword), _get_icinga_version())) return sqlpassword
def _setup_icinga_mysql(): ''' Set up a mysql database for icinga ''' # Create and configure. Install hardened MySQL if needed. if not os.path.exists('/etc/init.d/mysqld'): install_mysql(["", "1", "1G"]) sqlpassword = generate_password(40, chars=string.letters + string.digits) # Create MySQL icinga user mysqlUtils.drop_user('icinga') mysqlUtils.create_user('icinga', sqlpassword, 'icinga') # Create MySQL database schema for icinga. x("mysql --user='******' --password='******' -e 'CREATE DATABASE icinga'".format( "icinga", re.escape(sqlpassword))) x("mysql icinga --user='******' --password='******' < /usr/share/doc/icinga-idoutils-libdbi-mysql-{2}/db/mysql/mysql.sql" .format("icinga", re.escape(sqlpassword), _get_icinga_version())) return sqlpassword
def install_loganalyzer(args): ''' Install and configure adiscon.com loganalyzer. ''' app.print_verbose("Install loganalyzer version: %d" % SCRIPT_VERSION) version_obj = version.Version("InstallLoganalyzer", SCRIPT_VERSION) version_obj.check_executed() # Initialize all passwords used by the script app.init_mysql_passwords() _install_packages(args) _download_loganalyzer() sql_password = general.generate_password(20, string.letters + string.digits) _create_db_user(sql_password) _configure_loganalyzer(sql_password) _configure_apache() _set_permissions() version_obj.mark_executed()
def _setup_icinga_web_mysql(): ''' Set up a mysql database for icinga-web ''' # Generate a random password and add the icinga_web user web_sqlpassword = generate_password(40, chars=string.letters + string.digits) mysqlUtils.create_user('icinga-web', web_sqlpassword, 'icinga_web') # Build database tables from supplied schema x("mysql --user='******' --password='******' -e 'CREATE DATABASE icinga_web'". format("icinga-web", re.escape(web_sqlpassword))) x("mysql icinga_web --user='******' --password='******' < /usr/share/doc/icinga-web-{2}/schema/mysql.sql" .format("icinga-web", re.escape(web_sqlpassword), _get_icinga_web_version())) # Append a login password for "icingaadmin". x("mysql --user='******' --password='******' < {2}syco-private/var/nagios/{3}". format("icinga-web", re.escape(web_sqlpassword), constant.SYCO_USR_PATH, "icinga_password.sql")) return web_sqlpassword