def install_node_exporter(state, host):
if not host.data.node_exporter_version:
raise DeployError(
'No node_exporter_version set for this host, refusing to install node_exporter!',
)
server.user(
name='Create the node_exporter user (Called prometheus by default)',
user='******',
shell='/sbin/nologin',
state=state,
host=host,
)
files.directory(
name='Ensure the node_exporter install directory exists',
path='{{ host.data.node_exporter_install_dir }}',
user=host.data.node_exporter_user,
group=host.data.node_exporter_user,
state=state,
host=host,
)
# Work out the filename
host.data.node_exporter_version_name = (
'node_exporter-{0}.linux-'
'amd64' if host.fact.arch == 'x86_64' else host.fact.arch).format(
host.data.node_exporter_version)
host.data.node_exporter_temp_filename = state.get_temp_filename(
'node_exporter-{0}'.format(host.data.node_exporter_version), )
download_node_exporter = files.download(
name='Download node_exporter',
src=('{{ host.data.node_exporter_download_base_url }}/'
'v{{ host.data.node_exporter_version }}/'
'{{ host.data.node_exporter_version_name }}.tar.gz'),
dest='{{ host.data.node_exporter_temp_filename }}',
state=state,
host=host,
)
# If we downloaded node_exporter, extract it!
if download_node_exporter.changed:
server.shell(
name='Extract node_exporter',
commands='tar -xzf {{ host.data.node_exporter_temp_filename }}'
' -C {{ host.data.node_exporter_install_dir }}',
state=state,
host=host,
)
files.link(
name='Symlink node_exporter to /usr/bin',
path='{{ host.data.node_exporter_bin_dir }}/node_exporter', # link
target='{{ host.data.node_exporter_install_dir }}/'
'{{ host.data.node_exporter_version_name }}/node_exporter',
state=state,
host=host,
)
def install_exporter(
state,
host,
ex_url,
ex_install_dir=None,
ex_user='******',
ex_bin_dir='/usr/local/bin',
):
if ex_install_dir is None:
ex_install_dir = '/usr/local'
ex_name, ex_bin_name = _get_names(ex_url)
server.user(
name='Create the node_exporter user (Called prometheus by default)',
user=ex_user,
shell='/sbin/nologin',
state=state,
host=host,
)
files.directory(
name='Ensure the node_exporter install directory exists',
path='{}/{}'.format(ex_install_dir, ex_name),
user=host.data.node_exporter_user,
group=host.data.node_exporter_user,
state=state,
host=host,
)
ex_temp_filename = state.get_temp_filename(ex_url, )
download_exporter = files.download(
name='Download exporter',
src=ex_url,
dest=ex_temp_filename,
state=state,
host=host,
)
# If we downloaded exporter, extract it!
if download_exporter.changed:
server.shell(
name='Extract exporter',
commands='tar -xzf {} -C {}/'.format(ex_temp_filename,
ex_install_dir),
state=state,
host=host,
)
files.link(
name='Symlink exporter to /usr/local/bin',
path='{}/{}'.format(ex_bin_dir, ex_name), # link
target='{}/{}/{}'.format(ex_install_dir, ex_name, ex_bin_name),
state=state,
host=host,
)
update=True,
upgrade=True,
sudo=True)
server.shell(name="Install autojump",
commands=["trizen -Syu --noconfirm autojump"])
git.repo(name="Clone Prezto",
src="https://github.com/sorin-ionescu/prezto.git",
dest=f"{home}/.zprezto",
update_submodules=True,
recursive_submodules=True)
for zfile in glob(f"{home}/.zprezto/runcoms/z*"):
zfile = basename(zfile)
files.link(name=f"Symlink {zfile}",
target=f"{home}/.zprezto/runcoms/{zfile}",
path=f"{home}/.{zfile}")
server.shell(name="Touch secret env vars",
commands=[f"touch {home}/.config/.secrets"])
files.rsync(
name="Install Prezto theme",
src="dotfiles/.zprezto/modules/prompt/functions/prompt_kyoto_setup",
dest=f"{home}/.zprezto/modules/prompt/functions/prompt_kyoto_setup")
git.repo(name="Clone zsh-git-prompt",
src="https://github.com/blankaex/zsh-git-prompt",
dest=f"{home}/.local/src/zsh-git-prompt")
from pyinfra.operations import pacman
home = host.get_fact(Home)
pacman.packages(
name="Install ranger",
packages=[
"ranger",
"sxiv"
],
update=True,
upgrade=True,
sudo=True
)
git.repo(
name="Clone ranger-autojump",
src="https://github.com/fdw/ranger-autojump",
dest=f"{home}/.local/src/ranger-autojump"
)
files.link(
name="Symlink autojump plugin",
target=f"{home}/.local/src/ranger-autojump/autojump.py",
path=f"{home}/.config/ranger/plugins/autojump.py"
)
yum.packages(
name="Install pip3 so you can install virtualenv",
packages=["python3-pip", "python3-devel", "gcc-c++", "make"],
)
if host.get_fact(LinuxName) in ["Ubuntu"]:
apt.packages(
name="Install pip3 so you can install virtualenv",
packages="python3-pip",
update=True,
)
if not host.get_fact(File, path="/usr/bin/pip"):
files.link(
name="Create link /usr/bin/pip that points to /usr/bin/pip3",
path="/usr/bin/pip",
target="/usr/bin/pip3",
)
pip.packages(
name="Install virtualenv using pip",
packages="virtualenv",
)
pip.virtualenv(
name="Create a virtualenv",
path="/usr/local/bin/venv",
)
# use that virtualenv to install pyinfra
pip.packages(
src='templates/myweb.service.j2',
dest='/etc/systemd/system/myweb.service',
mode='755',
user='******',
group='root',
)
files.template(
name='Create index.html',
src='templates/index.html.j2',
dest='/web/index.html',
)
files.link(
name='Create link /web/index.htm that points to /web/index.html',
path='/web/index.htm',
target='/web/index.html',
)
# Note: Allowing sudo to python is not a very secure.
files.line(
name='Ensure myweb can run /usr/bin/python3 without password',
path='/etc/sudoers',
line=r'myweb .*',
replace='myweb ALL=(ALL) NOPASSWD: /usr/bin/python3',
)
server.shell(
name='Check that sudoers file is ok',
commands='visudo -c',
)
def install_prometheus(state, host):
if not host.data.prometheus_version:
raise DeployError(
'No prometheus_version set for this host, refusing to install prometheus!',
)
server.user(
name='Create the prometheus user',
user='******',
shell='/sbin/nologin',
state=state,
host=host,
)
files.directory(
name='Ensure the prometheus data directory exists',
path='{{ host.data.prometheus_data_dir }}',
user=host.data.prometheus_user,
group=host.data.prometheus_user,
state=state,
host=host,
)
files.directory(
name='Ensure the prometheus install directory exists',
path='{{ host.data.prometheus_install_dir }}',
user=host.data.prometheus_user,
group=host.data.prometheus_user,
state=state,
host=host,
)
# Work out the filename
host.data.prometheus_version_name = ('prometheus-{0}.linux-'
'amd64' if host.fact.arch == 'x86_64'
else host.fact.arch).format(
host.data.prometheus_version)
host.data.prometheus_temp_filename = state.get_temp_filename(
'prometheus-{0}'.format(host.data.prometheus_version), )
download_prometheus = files.download(
name='Download prometheus',
src=('{{ host.data.prometheus_download_base_url }}/'
'v{{ host.data.prometheus_version }}/'
'{{ host.data.prometheus_version_name }}.tar.gz'),
dest='{{ host.data.prometheus_temp_filename }}',
state=state,
host=host,
)
# If we downloaded prometheus, extract it!
if download_prometheus.changed:
server.shell(
name='Extract prometheus',
commands='tar -xzf {{ host.data.prometheus_temp_filename }}'
' -C {{ host.data.prometheus_install_dir }}',
state=state,
host=host,
)
files.link(
name='Symlink prometheus to /usr/bin',
path='{{ host.data.prometheus_bin_dir }}/prometheus', # link
target=
'{{ host.data.prometheus_install_dir }}/{{ host.data.prometheus_version_name }}/prometheus',
state=state,
host=host,
)
dest="/etc/consul-template/config/00-base.hcl",
mode="644",
vault_url=host.data.vault_url,
vault_token=generate_vault_token() if is_vault_core else None,
)
if host.get_fact(LinuxName) == "Alpine":
server.packages(
name="Ensure Consul Template is installed.",
packages=["consul-template"],
present=True,
)
files.link(
name="Symlink consul-template.hcl to config.hcl",
path="/etc/consul-template/consul-template.hcl",
target="/etc/consul-template/configs",
)
else:
# lol systemd
files.put(
name="Install Consul Template binary.",
src="files/consul-template",
dest="/usr/local/sbin/consul-template",
mode="755",
)
files.put(
name="Create Consul Template service.",
src="files/consul-template.service",
dest="/etc/systemd/system/consul-template.service",
home = host.get_fact(Home)
pacman.packages(
name="Install nvim",
packages=[
"neovim"
],
update=True,
upgrade=True,
sudo=True
)
files.link(
name="Symlink vim -> nvim",
target="/usr/bin/nvim",
path="/usr/bin/vim",
sudo=True
)
server.shell(
name="Install vim-plug",
commands=[
f"sh -c 'curl -fLo {home}/.local/share/nvim/site/autoload/plug.vim --create-dirs \
https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim'"
]
)
name="Download a file from a remote",
src="/etc/os-release",
dest="/tmp/whocares",
)
foo_variable = "This is some foo variable contents"
files.template(
name="Create a templated file",
src="templates/foo.j2",
dest="/tmp/foo",
foo_variable=foo_variable,
)
files.link(
name="Create link /etc/issue2 that points to /etc/issue",
path="/etc/issue2",
target="/etc/issue",
)
# Note: The directory /tmp/secret will get created with the default umask.
files.file(
name="Create /tmp/secret/file",
path="/tmp/secret/file",
mode="600",
user="******",
group="root",
touch=True,
create_remote_dir=True,
)
files.directory(
src="templates/myweb.service.j2",
dest="/etc/systemd/system/myweb.service",
mode="755",
user="******",
group="root",
)
files.template(
name="Create index.html",
src="templates/index.html.j2",
dest="/web/index.html",
)
files.link(
name="Create link /web/index.htm that points to /web/index.html",
path="/web/index.htm",
target="/web/index.html",
)
# Note: Allowing sudo to python is not a very secure.
files.line(
name="Ensure myweb can run /usr/bin/python3 without password",
path="/etc/sudoers",
line=r"myweb .*",
replace="myweb ALL=(ALL) NOPASSWD: /usr/bin/python3",
)
server.shell(
name="Check that sudoers file is ok",
commands="visudo -c",
)
{'Download a file from a remote'},
'/etc/os-release',
'/tmp/whocares',
)
foo_variable = 'This is some foo variable contents'
files.template(
{'Create a templated file'},
'templates/foo.j2',
'/tmp/foo',
foo_variable=foo_variable,
)
files.link(
{'Create link /etc/issue2 that points to /etc/issue'},
'/etc/issue2',
'/etc/issue',
)
# Note: The directory /tmp/secret will get created with the default umask.
files.file(
{'Create /tmp/secret/file'},
'/tmp/secret/file',
mode='600',
user='******',
group='root',
touch=True,
create_remote_dir=True,
)
files.directory(
'templates/myweb.service.j2',
'/etc/systemd/system/myweb.service',
mode='755',
user='******',
group='root',
)
files.template(
{'Create index.html'},
'templates/index.html.j2',
'/web/index.html',
)
files.link(
{'Create link /web/index.htm that points to /web/index.html'},
'/web/index.htm',
'/web/index.html',
)
# Note: Allowing sudo to python is not a very secure.
files.line(
{'Ensure myweb can run /usr/bin/python3 without password'},
'/etc/sudoers',
r'myweb .*',
replace='myweb ALL=(ALL) NOPASSWD: /usr/bin/python3',
)
server.shell(
{'Check that sudoers file is ok'},
'visudo -c',
)
def install_concourse(concourse_config: ConcourseBaseConfig,
state=None,
host=None):
# Create a Concourse system user
server.user(
name="Create the Concourse system user",
user=concourse_config.user,
present=True,
home=concourse_config.deploy_directory,
ensure_home=False,
shell="/bin/false", # noqa: S604
system=True,
state=state,
host=host,
)
installation_directory = (
f"{concourse_config.deploy_directory}-{concourse_config.version}")
if not host.fact.directory(installation_directory):
# Download latest Concourse release from GitHub
concourse_archive = f"https://github.com/concourse/concourse/releases/download/v{concourse_config.version}/concourse-{concourse_config.version}-linux-amd64.tgz" # noqa: E501
concourse_archive_hash = f"https://github.com/concourse/concourse/releases/download/v{concourse_config.version}/concourse-{concourse_config.version}-linux-amd64.tgz.sha1" # noqa: E501
concourse_archive_path = (
f"/tmp/concourse-{concourse_config.version}.tgz" # noqa: S108
)
files.download(
name="Download the Concourse release archive",
src=concourse_archive,
dest=concourse_archive_path,
sha1sum=httpx.get(concourse_archive_hash).read().decode(
"utf8").split()[0],
state=state,
host=host,
)
# Unpack Concourse to /opt/concourse
server.shell(
name="Extract the Concourse release archive.",
commands=[
f"tar -xvzf {concourse_archive_path}",
f"mv concourse {installation_directory}",
],
state=state,
host=host,
)
# Verify ownership of Concourse directory
files.directory(
name="Set ownership of Concourse directory",
path=installation_directory,
user=concourse_config.user,
state=state,
host=host,
)
# Link Concourse installation to target directory
active_installation_path = files.link(
name="Link Concourse installation to target directory",
path=concourse_config.deploy_directory,
target=f"{installation_directory}",
user=concourse_config.user,
symbolic=True,
present=True,
state=state,
host=host,
)
return active_installation_path.changed
yum.packages(
name='Install pip3 so you can install virtualenv',
packages='python3-pip',
)
if host.fact.linux_name in ['Ubuntu']:
apt.packages(
name='Install pip3 so you can install virtualenv',
packages='python3-pip',
update=True,
)
if not host.fact.file('/usr/bin/pip'):
files.link(
name='Create link /usr/bin/pip that points to /usr/bin/pip3',
path='/usr/bin/pip',
target='/usr/bin/pip3',
)
pip.packages(
name='Install virtualenv using pip',
packages='virtualenv',
)
pip.virtualenv(
name='Create a virtualenv',
path='/usr/local/bin/venv',
)
# use that virtualenv to install pyinfra
pip.packages(
files.file(path="/somefile", )
# Add/remove/add same directory
files.directory(path="/somedir", )
files.directory(
path="/somedir",
present=False,
)
files.directory(path="/somedir", )
# Add/remove/add same link
files.link(
path="/somelink",
target="/elsewhere",
)
files.link(
path="/somelink",
present=False,
)
files.link(
path="/somelink",
target="/elsewhere",
)
# Add/remove/add same user
server.user(user="******", )
name='Download a file from a remote',
src='/etc/os-release',
dest='/tmp/whocares',
)
foo_variable = 'This is some foo variable contents'
files.template(
name='Create a templated file',
src='templates/foo.j2',
dest='/tmp/foo',
foo_variable=foo_variable,
)
files.link(
name='Create link /etc/issue2 that points to /etc/issue',
path='/etc/issue2',
target='/etc/issue',
)
# Note: The directory /tmp/secret will get created with the default umask.
files.file(
name='Create /tmp/secret/file',
path='/tmp/secret/file',
mode='600',
user='******',
group='root',
touch=True,
create_remote_dir=True,
)
files.directory(