def configure():
'''configure the Pantheon system.'''
log = logger.logging.getLogger('pantheon.configure.configure')
server = pantheon.PantheonServer()
try:
_test_for_previous_run()
_check_connectivity(server)
_configure_certificates()
_configure_server(server)
_configure_postfix(server)
_restart_services(server)
_configure_iptables(server)
_configure_git_repo()
_mark_incep(server)
_report()
except:
log.exception('Configuration was unsuccessful.')
raise
else:
log.info('Configuration was successful.')
print('\n\n--- LOCAL CONFIGURATION ---')
print('MERCURY_BRANCH: %s' % MERCURY_BRANCH)
print('API_HOST: %s' % API_HOST)
print('API_PORT: %s' % API_PORT)
print('VM_CERTIFICATE: %s' % VM_CERTIFICATE)
result = ygg._api_request('POST', '/sites/self/legacy-phone-home?phase=pantheon_config')
def _initialize_solr(server=pantheon.PantheonServer()):
"""Download Apache Solr.
"""
temp_dir = tempfile.mkdtemp()
with cd(temp_dir):
local(
'wget http://apache.osuosl.org/lucene/solr/1.4.1/apache-solr-1.4.1.tgz'
)
local('tar xvzf apache-solr-1.4.1.tgz')
local('mkdir -p /var/solr')
local(
'mv apache-solr-1.4.1/dist/apache-solr-1.4.1.war /var/solr/solr.war'
)
local('chown -R ' + server.tomcat_owner + ':root /var/solr/')
local('rm -rf ' + temp_dir)
def initialize(vps=None, bcfg2_host='config.getpantheon.com'):
'''Initialize the Pantheon system.'''
server = pantheon.PantheonServer()
server.bcfg2_host = bcfg2_host
_initialize_fabric()
_initialize_root_certificate()
_initialize_package_manager(server)
_initialize_bcfg2(server)
_initialize_iptables(server)
_initialize_drush()
_initialize_solr(server)
_initialize_sudoers(server)
_initialize_acl(server)
_initialize_jenkins(server)
_initialize_apache(server)
def configure():
'''configure the Pantheon system.'''
server = pantheon.PantheonServer()
try:
_test_for_previous_run()
_check_connectivity(server)
_configure_certificates()
_configure_server(server)
_configure_postfix(server)
_restart_services(server)
_configure_iptables(server)
_configure_git_repo()
_mark_incep(server)
_report()
except:
jenkinstools.junit_error(traceback.format_exc(), 'Configure')
raise
else:
jenkinstools.junit_pass('Configure successful.', 'Configure')
def configure_permissions(base_domain="example.com",
require_group=None,
server_host=None):
try:
server = pantheon.PantheonServer()
if not server_host:
server_host = "auth." + base_domain
ldap_domain = _ldap_domain_to_ldap(base_domain)
values = {'ldap_domain': ldap_domain, 'server_host': server_host}
template = pantheon.get_template('ldap-auth-config.preseed.cfg')
ldap_auth_conf = pantheon.build_template(template, values)
with tempfile.NamedTemporaryFile() as temp_file:
temp_file.write(ldap_auth_conf)
temp_file.seek(0)
local("sudo debconf-set-selections " + temp_file.name)
# /etc/ldap/ldap.conf
template = pantheon.get_template('openldap.ldap.conf')
openldap_conf = pantheon.build_template(template, values)
with open('/etc/ldap/ldap.conf', 'w') as f:
f.write(openldap_conf)
# /etc/ldap.conf
template = pantheon.get_template('pam.ldap.conf')
ldap_conf = pantheon.build_template(template, values)
with open('/etc/ldap.conf', 'w') as f:
f.write(ldap_conf)
# Restrict by group
allow = ['root', 'sudo', 'hermes']
if require_group:
allow.append(require_group)
with open('/etc/ssh/sshd_config', 'a') as f:
f.write('\nAllowGroups %s\n' % (' '.join(allow)))
f.write('UseLPK yes\n')
f.write('LpkLdapConf /etc/ldap.conf\n')
local("auth-client-config -t nss -p lac_ldap")
with open('/etc/sudoers.d/002_pantheon_users', 'w') as f:
f.write("# This file was generated by PANTHEON.\n")
f.write("# PLEASE DO NOT EDIT THIS FILE DIRECTLY.\n#\n")
f.write("# Additional sudoer directives can be added in: " + \
"/etc/sudoers.d/003_pantheon_extra\n")
f.write("\n%" + '%s ALL=(ALL) ALL' % require_group)
local('chmod 0440 /etc/sudoers.d/002_pantheon_users')
# Add LDAP user to www-data, and ssl-cert groups.
ssl_group = "ssl-cert"
local('usermod -aG %s,%s %s' %
(server.web_group, ssl_group, require_group))
# Use sed because usermod may fail if the user does not already exist.
#local('sudo sed -i "s/' + ssl_group + ':x:[0-9]*:/\\0' + require_group + ',/g" /etc/group')
# Restart after ldap is configured so openssh-lpk doesn't choke.
local("/etc/init.d/ssh restart")
# Write the group to a file for later reference.
server.set_ldap_group(require_group)
# Make the git repo and www directories writable by the group
local("chown -R %s:%s /var/git/projects" %
(require_group, require_group))
local("chmod -R g+w /var/git/projects")
# Make the git repo and www directories writable by the group
local("chown -R %s:%s /var/www" % (require_group, require_group))
local("chmod -R g+w /var/www")
# Set ACLs
set_acl_groupwritability(require_group, '/var/www')
set_acl_groupwritability(require_group, '/var/git/projects')
except:
jenkinstools.junit_error(traceback.format_exc(), 'ConfigPermissions')
raise
else:
jenkinstools.junit_pass('Configuration completed.',
'ConfigurePermissions')
