def sudoers_oper(): """push sudoers file for giving rights to oper (apply_system_patches)""" opersudoers = '/etc/sudoers.d/oper' if not file_exists('/etc/sudoers.d', use_sudo=True): print red('/etc/sudoers.d does not exist') return 1 else: if file_exists(opersudoers, use_sudo=True): sudo('> ' + opersudoers, warn_only=True, quiet=True) append( opersudoers, 'oper,%UsrOperator ALL=(root) NOPASSWD: /usr/local/bin/apply_system_patches --reboot yes --monitoring yes', use_sudo=True) append( opersudoers, 'oper,%UsrOperator ALL=(root) NOPASSWD: /usr/local/bin/apply_system_patches --reboot no --monitoring no', use_sudo=True) append( opersudoers, 'oper,%UsrOperator ALL=(root) NOPASSWD: /bin/grep apply /var/log/messages', use_sudo=True) append(opersudoers, 'oper,%UsrOperator ALL=(root) NOPASSWD: /sbin/reboot', use_sudo=True) print green('oper sudoers file has been pushed')
def setup_ssh(): with settings(user='******'): if file_exists('~/.ssh/id_rsa.pub'): return require.files.directory('~/.ssh', owner='ml', group='ml', mode='0700') # Upload ssh key pair in the asserts directory, used by git push and ssh to other hosts fabric.operations.put('./assets/id_rsa.pub', '~/.ssh/id_rsa.pub') fabric.operations.put('./assets/id_rsa', '~/.ssh/id_rsa', mode="600")
def setup_external_disks(): require.files.directories(['/mnt/ml', '/mnt/data'], owner='ml') if not file_exists('/dev/vdb1'): run('parted -a optimal /dev/vdb mklabel gpt mkpart primary ext4 0% 100%' ) run('mkfs.ext4 /dev/vdb1') if file_exists('/dev/vdc') and not file_exists('/dev/vdc1'): run('parted -a optimal /dev/vdc mkpart primary ext4 0% 100%') run('mkfs.ext4 /dev/vdc1') mount_disks() require.files.directories( ['/mnt/ml/cache', '/mnt/ml/libs', '/mnt/ml/working'], owner='ml', )
def requirements(): """Check requirements for Tripwire""" if fabric.api.sudo("grep 'release 7' /etc/redhat-release",quiet=True).succeeded: print blue("This is a Centos/RedHat 7 server. Please install AIDE.") return 1 if not rpm_is_installed('glibc.*i686'): print red("GlibC i686 is not installed") if not file_exists("/usr/local/tripwire/tfs/bin/tripwire", use_sudo=True): print red("Tripwire is not installed")
def check_shell(): """Check if the apply_system_patches script is at the last version""" if not file_exists('/usr/local/bin/apply_system_patches', use_sudo=True): print yellow('ERROR - Apply_system_patches is not present !!!') else: x = sudo( '''grep -sqi 'Christophe Villemont 06/01/17' /usr/local/bin/apply_system_patches''', quiet=True) if x.return_code > 0: print yellow('ERROR - Old shell version !!!')
def check_path(): """Check if apply_system_patches script has good path""" if not file_exists('/usr/local/bin/apply_system_patches', use_sudo=True): print yellow('Apply_system_patches is not present !!!') else: x = sudo( '''grep -sqi 'PATH=$PATH:/sbin:/usr/sbin' /usr/local/bin/apply_system_patches''', quiet=True) if x.return_code > 0: print yellow('Apply_system_patches has bad path !!!')
def setup_nvdia_driver(): if not file_exists('/etc/modprobe.d/blacklist-nouveau.conf'): # Blacklist nouveau driver put('assets/blacklist-nouveau.conf', '/etc/modprobe.d/blacklist-nouveau.conf') # Disable the Kernel nouveau run('echo options nouveau modeset=0 | tee -a /etc/modprobe.d/nouveau-kms.conf' ) run('update-initramfs -u') run("shutdown -r +0") mount_disks() NVDIA_DRIVER_PATH = '/mnt/ml/cache/nvidia_driver.run' if not file_exists('/usr/bin/nvidia-smi'): with settings(user='******'): download( 'http://us.download.nvidia.com/tesla/390.30/NVIDIA-Linux-x86_64-390.30.run', NVDIA_DRIVER_PATH, ) run('sh {} -q -a -n -s'.format(NVDIA_DRIVER_PATH))
def update_tripwire_check_ksh(): """ push a new tripwire_check.ksh file""" source = os.path.join(DATA_DIR, 'tripwire') checkfile = 'tripwire_check.ksh' src = os.path.join(DATA_DIR, 'tripwire', checkfile) dst = '/usr/local/tripwire/tfs/gentrip/tripwire_check.ksh' if file_exists("/usr/local/tripwire/tfs/gentrip/tripwire_check.ksh", use_sudo=True): put(local_path=src, remote_path=dst,use_sudo=True,mode=0755) fabric.api.sudo('chown root:root /usr/local/tripwire/tfs/gentrip/tripwire_check.ksh') else: print red("Tripwire looks to be not installed")
def suivi_pci(): """check if Tripwire is installed and scheduled""" binary = "/usr/local/tripwire/tfs/bin/tripwire" cron_file = "/etc/cron.d/tripwire" cron_root = "/var/spool/cron/root" # just make sure the binary is present if file_exists(binary, use_sudo=True): print "%s: Tripwire is installed" % env.host else: print red("%s: Tripwire is not installed" % env.host) # make sure the integrity check is scheduled and active (not a comment) # it is scheduled with cron and the file can be either in /etc/cron.d/tripwire # or /var/spool/cron/root if (file_exists(cron_file, use_sudo=True) and file_contains(cron_file, '^[^#].*tripwire_check.ksh', use_sudo=True,escape=False)): print "%s: Tripwire is scheduled" % env.host elif (file_exists(cron_root, use_sudo=True) and file_contains(cron_root, '^[^#].*tripwire_check.ksh', use_sudo=True,escape=False)): print "%s: Tripwire is scheduled" % env.host else: print red("%s: Tripwire is not scheduled" % env.host)
def mount_disks(): """ Mount external disk. It should be called after every restart """ has_2_disks = file_exists('/dev/vdc') if has_2_disks: if not fabtools.disk.ismounted('/dev/vdb1'): fabtools.disk.mount('/dev/vdb1', '/mnt/data') fabtools.disk.mount('/dev/vdc1', '/mnt/ml') else: if not fabtools.disk.ismounted('/dev/vdb1'): fabtools.disk.mount('/dev/vdb1', '/mnt/ml')
def update_vmware_tools_51(): """update the VMware tools""" with hide('stdout', 'stderr'): # update rpm sudo('yum -y --enablerepo=vmware-5.1 update vmware-tools-esx-nox') # bug vmware-tools : rename the library libtimeSync.so # http://communities.vmware.com/thread/423709?start=0&tstart=0 # http://www.chriscolotti.us/vmware/workaround-for-vsphere-5-1-guest-unable-to-collect-ipv4-routing-table/ bug_file = '/usr/lib/vmware-tools/plugins/vmsvc/libtimeSync.so' bug_rename = '/usr/lib/vmware-tools/plugins/vmsvc/libtimeSync.so-' if file_exists(bug_file): sudo('mv %s %s' % (bug_file, bug_rename))
def install_python_pypy(version, replace=False, pypy_home='/opt/python-pypy', mode='755'): """ installs python pypy """ dir_ensure(pypy_home, mode=mode, use_sudo=True) pypy_path = "%s/%s/bin/pypy" % (pypy_home, version) pathname = "pypy-%s-linux_x86_64-portable" % version tgz = "%s.tar.bz2" % pathname url = "https://bitbucket.org/squeaky/portable-pypy/downloads/%s" % tgz if not file_exists(pypy_path): with cd(pypy_home): sudo('wget -c %s' % url) sudo('tar xjf %s' % tgz) sudo('mv %s %s' % (pathname, version)) sudo('ln -s %s /usr/local/bin/pypy' % pypy_path)
def setup_sys_packages(): """ Install and config common system packages, like vim, tmx, git ... machine learning interrelated packages are not included """ fabtools.require.deb.uptodate_index(max_age={'day': 1}) require.deb.packages([ 'htop', 'vim', 'unzip', 'p7zip-full', 'tree', 'curl', 'iftop', 'iotop', 'unrar-free', 'bzip2', 'bc', 'ack-grep', 'tmux', 'git', ]) # set vim as default editor run('update-alternatives --set editor /usr/bin/vim.basic') with settings(user='******'): if file_exists('/home/ml/.tmux.conf'): return # tmux conf put('assets/tmux.conf', '~/.tmux.conf') # git config git_user = os.environ.get('GIT_USER') or prompt( 'Enter your git username') git_email = os.environ.get('GIT_EMAIL') or prompt( 'Enter your git email') upload_template('assets/gitconfig', '~/.gitconfig', context={ 'git_user': git_user, 'git_email': git_email, })
def backup_files(site_name, path, tmpdir='/tmp'): from time import gmtime, strftime with cd(path): date = strftime("%Y.%m.%d", gmtime()) gpg_file = 'files-%s.tgz.gpg' % date local_file = "%s/vakap-%s" % (tmpdir, gpg_file) s3_dest = "s3://%s/%s/%s" % (env.s3_bucket, site_name, gpg_file) if s3_file_exists(s3_dest): print " - File exists: %s. Skipping" % s3_dest return else: print " - Taring and gziping directory: %s => %s" % (path, tmpdir) if file_exists('current'): run("tar czh current | gpg --encrypt --recipient %s > %s" % (env.gpg_key, local_file)) else: run("tar czh . | gpg --encrypt --recipient %s > %s" % (env.gpg_key, local_file)) s3_upload(local_file, s3_dest)
def awl_script_is_installed(): """Check if /usr/sbin/awl_sw_register_client_base.sh is installed.""" return file_exists('/usr/sbin/awl_sw_register_client_base.sh')