def install_mail_client(args): """ Installs a local postfix MTA which accepts email on localhost forwards relays everything to mailrelay-server. Also installs mailx. See line comments in install_mail_server """ if config.host(net.get_hostname()).has_command_re("install-postfix-server"): app.print_verbose("This server will later install the postfix server, abort client installation.") return version_obj = version.Version("Install-postfix-client", SCRIPT_VERSION) version_obj.check_executed() # Install required packages install.package("postfix") # Set config file parameters # general.use_original_file("/etc/postfix/main.cf") postfix_main_cf = scopen.scOpen("/etc/postfix/main.cf") postfix_main_cf.replace( "#myhostname = host.domain.tld", "myhostname = {0}.{1}".format(get_hostname(), config.general.get_resolv_domain()), ) # monitor.syco.com postfix_main_cf.replace( "#mydomain = domain.tld", "mydomain = {0}".format(config.general.get_resolv_domain()) ) # syco.com postfix_main_cf.replace("#myorigin = $mydomain", "myorigin = $myhostname") # Listen only on localhost postfix_main_cf.replace("inet_interfaces = localhost", "inet_interfaces = localhost") postfix_main_cf.replace("#mynetworks = 168.100.189.0/28, 127.0.0.0/8", "mynetworks = 127.0.0.1") postfix_main_cf.replace( "mydestination = $myhostname, localhost.$mydomain, localhost", "mydestination = $myhostname, localhost" ) # Relay everything not for local machine to mailrelay. postfix_main_cf.replace( "#relay_domains = $mydestination", "relay_domains = {0}".format(config.general.get_resolv_domain()) ) postfix_main_cf.replace( "#relayhost = $mydomain", "relayhost = [{0}]".format(config.general.get_mail_relay_domain_name()) ) postfix_main_cf.replace("#home_mailbox = Maildir/", "home_mailbox = Maildir/") postfix_main_cf.replace("inet_protocols = all", "inet_protocols = ipv4") # Install a simple mail CLI-tool install_mailx() # Tell iptables and nrpe that this server is configured as a mail-relay server. iptables.add_mail_relay_chain() iptables.save() # Restart postfix x("service postfix restart") # Send test mail to the syco admin send_test_mail((None, config.general.get_admin_email()))
def _install_glassfish(): ''' Installation of the glassfish application server. ''' x("yum install zip -y") if (not os.access(GLASSFISH_INSTALL_PATH + "/glassfish", os.F_OK)): os.chdir(app.INSTALL_DIR) if (not os.access(GLASSFISH_INSTALL_FILE, os.F_OK)): general.download_file(GLASSFISH_REPO_URL, user="******") # Set executeion permissions and run the installation. if ".zip" in GLASSFISH_INSTALL_FILE: install.package("unzip") x("unzip " + GLASSFISH_INSTALL_FILE + " -d /usr/local/") x("chown glassfish:glassfish -R "+GLASSFISH_INSTALL_PATH) else: raise Exception("Only installing zip version of glassfish") # Install the start script # It's possible to do this from glassfish with "asadmin create-service", # but our own script is a little bit better. It creates startup log files # and has a better "start user" functionality. x(GLASSFISH_INSTALL_PATH+"/bin/asadmin create-service") x("su glassfish " + GLASSFISH_INSTALL_PATH + "/bin/asadmin start-domain")
def install_mail_server(args): """ Installs a postfix-based mail relay MTA that listens on the DMZ, and relays towards the internet. Also possible to send from localhost. Also installs mailx. """ version_obj = version.Version("Install-postfix-server", SCRIPT_VERSION) version_obj.check_executed() app.print_verbose("Installing postfix-server version: {0}".format(SCRIPT_VERSION)) init_properties = PostFixProperties() # Install required packages install.package("postfix") # Set config file parameters # general.use_original_file("/etc/postfix/main.cf") postfix_main_cf = scopen.scOpen("/etc/postfix/main.cf") # Hostname is full canonical name of machine. postfix_main_cf.replace( "#myhostname = host.domain.tld", "myhostname = {0}".format(config.general.get_mail_relay_domain_name()) ) # mailrelay.syco.com postfix_main_cf.replace( "#mydomain = domain.tld", "mydomain = {0}".format(config.general.get_resolv_domain()) ) # syco.com postfix_main_cf.replace("#myorigin = $mydomain", "myorigin = $myhostname") # Accept email from frontnet and backnet postfix_main_cf.replace( "inet_interfaces = localhost", "inet_interfaces = 127.0.0.1,{0},{1}".format(init_properties.server_front_ip, init_properties.server_back_ip), ) postfix_main_cf.replace( "#mynetworks = 168.100.189.0/28, 127.0.0.0/8", "mynetworks = {0}, {1}, 127.0.0.0/8".format( init_properties.server_network_front, init_properties.server_network_back ), ) # Do not relay anywhere special, i.e straight to internet. postfix_main_cf.replace("#relay_domains = $mydestination", "relay_domains =") postfix_main_cf.replace("#home_mailbox = Maildir/", "home_mailbox = Maildir/") # Stop warning about IPv6. postfix_main_cf.replace("inet_protocols = all", "inet_protocols = ipv4") # Install a simple mail CLI-tool install_mailx() # Tell iptables and nrpe that this server is configured as a mail-relay server. iptables.add_mail_relay_chain() iptables.save() x("service postfix restart") # Send test mail to the syco admin send_test_mail((None, config.general.get_admin_email()))
def build_client_certs(args): install.package("zip") os.chdir("/etc/openvpn/easy-rsa/keys") general.set_config_property( "/etc/cronjob", "01 * * * * root run-parts syco build_client_certs", "01 * * * * root run-parts syco build_client_certs") # Create client.conf clientConf = "/etc/openvpn/easy-rsa/keys/client.conf" x("cp " + app.SYCO_PATH + "/var/openvpn/client.conf %s" % clientConf) scOpen(clientConf).replace('${OPENVPN.HOSTNAME}', config.general.get_openvpn_hostname()) x("cp " + app.SYCO_PATH + "/doc/openvpn/install.txt .") for user in os.listdir("/home"): cert_already_installed = os.access( "/home/" + user + "/openvpn_client_keys.zip", os.F_OK) valid_file = "lost+found" not in user if valid_file and not cert_already_installed: os.chdir("/etc/openvpn/easy-rsa/") general.set_config_property("/etc/openvpn/easy-rsa/vars", '[\s]*export KEY_CN.*', 'export KEY_CN="' + user + '"') general.set_config_property("/etc/openvpn/easy-rsa/vars", '[\s]*export KEY_NAME.*', 'export KEY_NAME="' + user + '"') general.set_config_property( "/etc/openvpn/easy-rsa/build-key-pkcs12", '.*export EASY_RSA.*', 'source ./vars;export EASY_RSA="${EASY_RSA:-.}"') out = general.shell_exec( "./build-key-pkcs12 --batch " + user, cwd="/etc/openvpn/easy-rsa/", events={ '(?i)Enter Export Password:'******'\n', '(?i)Verifying - Enter Export Password:'******'\n' }) app.print_verbose(out) # Config client.crt general.set_config_property( "/etc/openvpn/easy-rsa/keys/client.conf", "^cert.*crt", "cert " + user + ".crt") general.set_config_property( "/etc/openvpn/easy-rsa/keys/client.conf", "^key.*key", "key " + user + ".key") os.chdir("/etc/openvpn/easy-rsa/keys") x("zip /home/" + user + "/openvpn_client_keys.zip ca.crt " + user + ".crt " + user + ".key " + user + ".p12 client.conf install.txt /etc/openvpn/ta.key") # Set permission for the user who now owns the file. os.chmod("/home/" + user + "/openvpn_client_keys.zip", stat.S_IRUSR | stat.S_IRGRP) general.shell_exec("chown " + user + ":users /home/" + user + "/openvpn_client_keys.zip ")
def _install_packages(): ''' Install all required packages and repositories. ''' install.atomic_repo() install.package("sqlite") install.package("openvas")
def install_mail_server(args): ''' Installs a postfix-based mail relay MTA that listens on the DMZ, and relays towards the internet. Also possible to send from localhost. Also installs mailx. ''' version_obj = version.Version("Install-postfix-server", SCRIPT_VERSION) version_obj.check_executed() app.print_verbose( "Installing postfix-server version: {0}".format(SCRIPT_VERSION)) # Install required packages install.package("postfix") # Set config file parameters # general.use_original_file("/etc/postfix/main.cf") postfix_main_cf = scopen.scOpen("/etc/postfix/main.cf") # Hostname is full canonical name of machine. postfix_main_cf.replace( "#myhostname = host.domain.tld", "myhostname = {0}".format( config.general.get_mail_relay_domain_name())) # mailrelay.syco.com postfix_main_cf.replace("#mydomain = domain.tld", "mydomain = {0}".format( config.general.get_resolv_domain())) # syco.com postfix_main_cf.replace("#myorigin = $mydomain", "myorigin = $myhostname") # Accept email from frontnet and backnet postfix_main_cf.replace( "inet_interfaces = localhost", "inet_interfaces = 127.0.0.1,{0},{1}".format(server_front_ip, server_back_ip)) postfix_main_cf.replace( "#mynetworks = 168.100.189.0/28, 127.0.0.0/8", "mynetworks = {0}, {1}, 127.0.0.0/8".format(server_front_network, server_back_network)) # Do not relay anywhere special, i.e straight to internet. postfix_main_cf.replace("#relay_domains = $mydestination", "relay_domains =") postfix_main_cf.replace("#home_mailbox = Maildir/", "home_mailbox = Maildir/") # Stop warning about IPv6. postfix_main_cf.replace("inet_protocols = all", "inet_protocols = ipv4") # Install a simple mail CLI-tool install_mailx() # Tell iptables and nrpe that this server is configured as a mail-relay server. iptables.add_mail_relay_chain() iptables.save() x("service postfix restart") # Send test mail to the syco admin send_test_mail((None, config.general.get_admin_email()))
def _configure_selinux(): """SELinux for redis is not configured correct in repo TODO: This might be removable in future """ install.package("policycoreutils") selinux.custom_module("%s/var/redis" % app.SYCO_PATH, "keepalived") selinux.custom_module("%s/var/redis" % app.SYCO_PATH, "redis")
def install_backup(args): # Get the master password in the beginning of the script. # Is needed when installing the ssh key. app.get_master_password() install.rforge_repo() install.package("rsnapshot") _configure_rsnapshot() _setup_cronjob() _setup_backup_for_all_servers()
def _patch_bug_in_koan(): ''' Apply bug fix to koan, fixed in later koan version. https://github.com/cobbler/cobbler/commit/0db6b7dd829cc0e9c86411390267fea927021b2f ''' if "koan-2.2.3-2.el6.noarch" in x("rpm -q koan"): install.package("patch") x("patch -N /usr/lib/python2.6/site-packages/koan/virtinstall.py < %s/%s" % (app.SYCO_VAR_PATH, "koan/virtinstall.py.patch"))
def _install_glassfish(): ''' Installation of the glassfish application server. ''' if (not os.access(GLASSFISH_INSTALL_PATH + "/glassfish", os.F_OK)): os.chdir(app.INSTALL_DIR) if (not os.access(GLASSFISH_INSTALL_FILE, os.F_OK)): general.download_file(GLASSFISH_REPO_URL, user="******") # Create installation dir if (not os.access(GLASSFISH_INSTALL_PATH, os.F_OK)): x("mkdir -p " + GLASSFISH_INSTALL_PATH) x("chmod 770 " + GLASSFISH_INSTALL_PATH) x("chown 200:200 " + GLASSFISH_INSTALL_PATH) # Set executeion permissions and run the installation. if ".zip" in GLASSFISH_INSTALL_FILE: install.package("unzip") x("unzip " + GLASSFISH_INSTALL_FILE + " -d " + GLASSFISH_INSTALL_PATH, user="******") x("mv " + GLASSFISH_INSTALL_PATH + "glassfish3/* " + GLASSFISH_INSTALL_PATH, user="******") x("rm -rf " + GLASSFISH_INSTALL_PATH + "glassfish3", user="******") else: raise Exception("Only installing zip version of glassfish") # Install the start script # It's possible to do this from glassfish with "asadmin create-service", # but our own script is a little bit better. It creates startup log files # and has a better "start user" functionality. if (not os.access("/etc/init.d/" + GLASSFISH_VERSION, os.F_OK)): x("cp " + app.SYCO_PATH + "var/glassfish/" + GLASSFISH_VERSION + " /etc/init.d/" + GLASSFISH_VERSION) x("chmod 0755 " + "/etc/init.d/" + GLASSFISH_VERSION) x("/sbin/chkconfig --add " + GLASSFISH_VERSION) x("/sbin/chkconfig --level 3 " + GLASSFISH_VERSION + " on") scOpen("/etc/init.d/" + GLASSFISH_VERSION).replace( "${MYSQL_PRIMARY}", config.general.get_mysql_primary_master_ip()) scOpen("/etc/init.d/" + GLASSFISH_VERSION).replace( "${MYSQL_SECONDARY}", config.general.get_mysql_secondary_master_ip()) if (not os.access(GLASSFISH_DOMAINS_PATH + "domain1/config/domain.xml", os.F_OK)): raise Exception("Failed to install " + GLASSFISH_INSTALL_PATH) if (not os.access("/etc/init.d/" + GLASSFISH_VERSION, os.F_OK)): raise Exception("Failed to install /etc/init.d/" + GLASSFISH_VERSION)
def _patch_bug_in_koan(): ''' Apply bug fix to koan, fixed in later koan version. https://github.com/cobbler/cobbler/commit/0db6b7dd829cc0e9c86411390267fea927021b2f ''' if "koan-2.2.3-2.el6.noarch" in x("rpm -q koan") : install.package("patch") x( "patch -N /usr/lib/python2.6/site-packages/koan/virtinstall.py < %s/%s" % (app.SYCO_VAR_PATH, "koan/virtinstall.py.patch") )
def install_mail_client(args): """ Installs a local postfix MTA which accepts email on localhost forwards relays everything to mailrelay-server. Also installs mailx. See line comments in install_mail_server """ if config.host(net.get_hostname()).has_command_re("install-postfix-server"): app.print_verbose( "This server will later install the postfix server, abort client installation." ) return version_obj = version.Version("Install-postfix-client", SCRIPT_VERSION) version_obj.check_executed() # Install required packages install.package("postfix") # Set config file parameters # general.use_original_file("/etc/postfix/main.cf") postfix_main_cf = scopen.scOpen("/etc/postfix/main.cf") postfix_main_cf.replace("#myhostname = host.domain.tld", "myhostname = {0}.{1}".format(get_hostname(), config.general.get_resolv_domain())) # monitor.syco.com postfix_main_cf.replace("#mydomain = domain.tld", "mydomain = {0}".format(config.general.get_resolv_domain())) # syco.com postfix_main_cf.replace("#myorigin = $mydomain", "myorigin = $myhostname") # Listen only on localhost postfix_main_cf.replace("inet_interfaces = localhost", "inet_interfaces = localhost") postfix_main_cf.replace("#mynetworks = 168.100.189.0/28, 127.0.0.0/8", "mynetworks = 127.0.0.1") postfix_main_cf.replace("mydestination = $myhostname, localhost.$mydomain, localhost", "mydestination = $myhostname, localhost") # Relay everything not for local machine to mailrelay. postfix_main_cf.replace("#relay_domains = $mydestination", "relay_domains = {0}".format(config.general.get_resolv_domain())) postfix_main_cf.replace("#relayhost = $mydomain","relayhost = [{0}]".format(config.general.get_mail_relay_domain_name())) postfix_main_cf.replace("#home_mailbox = Maildir/","home_mailbox = Maildir/") postfix_main_cf.replace("inet_protocols = all","inet_protocols = ipv4") # Install a simple mail CLI-tool install_mailx() # Tell iptables and nrpe that this server is configured as a mail-relay server. iptables.add_mail_relay_chain() iptables.save() # Restart postfix x("service postfix restart") # Send test mail to the syco admin send_test_mail((None, config.general.get_admin_email()))
def _install_custom_selinux_policy(): ''' Install customized SELinux policy for cobbler. ''' install.package("policycoreutils") te = app.SYCO_PATH + "/var/selinux/cobbler.te" mod = "/tmp/cobbler.te" pp = "/tmp/cobbler.te" x("checkmodule -M -m -o %s %s" % (mod, te)) x("semodule_package -o %s -m %s" % (pp, mod)) x("semodule -i %s" % pp) x("setsebool -P httpd_can_network_connect true")
def install_guests(args): ''' ''' guest_hostnames = get_hosts_to_install(args) install.epel_repo() install.package("koan") install.package("python-ethtool") _patch_bug_in_koan() # Wait to install guests until installation server is alive. wait_for_installation_server_to_start() guests = start_installation(guest_hostnames) wait_for_installation_to_complete(guests)
def _install_glassfish(): ''' Installation of the glassfish application server. ''' if (not os.access(GLASSFISH_INSTALL_PATH + "/glassfish", os.F_OK)): os.chdir(app.INSTALL_DIR) if (not os.access(GLASSFISH_INSTALL_FILE, os.F_OK)): general.download_file(GLASSFISH_REPO_URL, user="******") # Create installation dir if (not os.access(GLASSFISH_INSTALL_PATH, os.F_OK)): x("mkdir -p " + GLASSFISH_INSTALL_PATH) x("chmod 770 " + GLASSFISH_INSTALL_PATH) x("chown 200:200 " + GLASSFISH_INSTALL_PATH) # Set executeion permissions and run the installation. if ".zip" in GLASSFISH_INSTALL_FILE: install.package("unzip") x("unzip " + GLASSFISH_INSTALL_FILE + " -d " + GLASSFISH_INSTALL_PATH, user="******") x("mv " + GLASSFISH_INSTALL_PATH + "glassfish3/* " + GLASSFISH_INSTALL_PATH, user="******") x("rm -rf " + GLASSFISH_INSTALL_PATH + "glassfish3", user="******") else: raise Exception("Only installing zip version of glassfish") # Install the start script # It's possible to do this from glassfish with "asadmin create-service", # but our own script is a little bit better. It creates startup log files # and has a better "start user" functionality. if (not os.access("/etc/init.d/" + GLASSFISH_VERSION, os.F_OK)): x("cp " + app.SYCO_PATH + "var/glassfish/" + GLASSFISH_VERSION + " /etc/init.d/" + GLASSFISH_VERSION) x("chmod 0755 " + "/etc/init.d/" + GLASSFISH_VERSION) x("/sbin/chkconfig --add " + GLASSFISH_VERSION) x("/sbin/chkconfig --level 3 " + GLASSFISH_VERSION + " on") scOpen("/etc/init.d/" + GLASSFISH_VERSION).replace("${MYSQL_PRIMARY}", config.general.get_mysql_primary_master_ip()) scOpen("/etc/init.d/" + GLASSFISH_VERSION).replace("${MYSQL_SECONDARY}", config.general.get_mysql_secondary_master_ip()) if (not os.access(GLASSFISH_DOMAINS_PATH + "domain1/config/domain.xml", os.F_OK)): raise Exception("Failed to install " + GLASSFISH_INSTALL_PATH) if (not os.access("/etc/init.d/" + GLASSFISH_VERSION, os.F_OK)): raise Exception("Failed to install /etc/init.d/" + GLASSFISH_VERSION)
def build_client_certs(args): install.package("zip") os.chdir("/etc/openvpn/easy-rsa/keys") general.set_config_property("/etc/cronjob", "01 * * * * root run-parts syco build_client_certs", "01 * * * * root run-parts syco build_client_certs") # Create client.conf clientConf = "/etc/openvpn/easy-rsa/keys/client.conf" x("cp " + app.SYCO_PATH + "/var/openvpn/client.conf %s" % clientConf) x("echo auth-user-pass >> %s" % clientConf) scOpen(clientConf).replace('${OPENVPN.HOSTNAME}', config.general.get_openvpn_hostname()) x("cp " + app.SYCO_PATH + "/doc/openvpn/install.txt .") for user in os.listdir("/home"): cert_already_installed=os.access("/home/" + user +"/openvpn_client_keys.zip", os.F_OK) valid_file="lost+found" not in user if valid_file and not cert_already_installed: os.chdir("/etc/openvpn/easy-rsa/") general.set_config_property("/etc/openvpn/easy-rsa/vars", '[\s]*export KEY_CN.*', 'export KEY_CN="' + user + '"') general.set_config_property("/etc/openvpn/easy-rsa/vars", '[\s]*export KEY_NAME.*', 'export KEY_NAME="' + user + '"') general.set_config_property("/etc/openvpn/easy-rsa/build-key-pkcs12", '.*export EASY_RSA.*', 'source ./vars;export EASY_RSA="${EASY_RSA:-.}"') out = general.shell_exec("./build-key-pkcs12 --batch " + user, cwd="/etc/openvpn/easy-rsa/", events={'(?i)Enter Export Password:'******'\n', '(?i)Verifying - Enter Export Password:'******'\n'} ) app.print_verbose(out) # Config client.crt general.set_config_property("/etc/openvpn/easy-rsa/keys/client.conf", "^cert.*crt", "cert " + user + ".crt") general.set_config_property("/etc/openvpn/easy-rsa/keys/client.conf", "^key.*key", "key " + user + ".key") general.set_config_property( "/etc/openvpn/easy-rsa/keys/client.conf", "${OPENVPN.HOSTNAME}", config.general.get_openvpn_hostname() ) os.chdir("/etc/openvpn/easy-rsa/keys") x("zip /home/" + user +"/openvpn_client_keys.zip ca.crt " + user + ".crt " + user + ".key " + user + ".p12 client.conf install.txt") # Set permission for the user who now owns the file. os.chmod("/home/" + user +"/openvpn_client_keys.zip", stat.S_IRUSR | stat.S_IRGRP) general.shell_exec("chown " + user + ":users /home/" + user +"/openvpn_client_keys.zip ")
def _setup_network_interfaces(): """ Setup bonded network interfaces and bridges. Read more. http://serverfault.com/questions/316623/what-is-the-correct-way-to-setup-a-bonded-bridge-on-centos-6-for-kvm-guests http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge http://www.cyberciti.biz/faq/rhel-linux-kvm-virtualization-bridged-networking-with-libvirt/ http://www.linux-kvm.org/page/HOWTO_BONDING https://fedorahosted.org/cobbler/wiki/VirtNetworkingSetupForUseWithKoan http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt.html http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sec-Using_Channel_Bonding.html """ # Remove the virbr0, "NAT-interface". # http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/chap-Virtualization-Network_Configuration.html x("virsh net-destroy default") x("virsh net-undefine default") x("service libvirtd restart") # Install network bridge install.package("bridge-utils") general.set_config_property2("/etc/modprobe.d/syco.conf", "alias bond0 bonding") num_of_if = net.num_of_eth_interfaces() front_gw = config.general.get_front_gateway_ip() front_resolver = config.general.get_front_resolver_ip() front_netmask = config.general.get_front_netmask() front_ip = config.host(net.get_hostname()).get_front_ip() back_gw = config.general.get_back_gateway_ip() back_resolver = config.general.get_back_resolver_ip() back_netmask = config.general.get_back_netmask() back_ip = config.host(net.get_hostname()).get_back_ip() if (num_of_if >= 4): # Setup back-net _setup_bridge("br0", back_ip, back_netmask, back_gw, back_resolver) _setup_bond("bond0", "br0") _setup_eth("eth0", "bond0") _setup_eth("eth1", "bond0") # _setup front-net _setup_bridge("br1", front_ip, front_netmask, front_gw, front_resolver) _setup_bond("bond1", "br1") _setup_eth("eth2", "bond1") _setup_eth("eth3", "bond1") elif (num_of_if == 2): # Setup back-net _setup_bridge("br0", back_ip, back_netmask, back_gw, back_resolver) _setup_bond("bond0", "br0") _setup_eth("eth0", "bond0") # _setup front-net _setup_bridge("br1", front_ip, front_netmask, front_gw, front_resolver) _setup_bond("bond1", "br1") _setup_eth("eth1", "bond1") else: app.print_error("To few network interfaces: " + str(num_of_if)) _abort_kvm_host_installation()
from constant import * # Need to be after all constants. import options options = options.Options() import config config.load(SYCO_ETC_PATH, SYCO_USR_PATH) import install # Syco uses packages from the EPEL repo. # install.epel_repo() # Required yum package. install.package("gnupg2") install.package("python-crypto") # Include all password functions in app namespace. from password import * def print_error(message, verbose_level=1): ''' Print bold error text to stdout, affected by the verbolse level. All error print to screen done by syco should be done with this. ''' print_verbose(message, verbose_level=verbose_level, caption=BOLD + "Error: " + RESET) def print_verbose(message, verbose_level=1, caption=None, new_line=True, enable_caption=True):
__version__ = "1.0.0" __status__ = "Production" from constant import * # Need to be after all constants. import options options = options.Options() import config config.load(SYCO_ETC_PATH, SYCO_USR_PATH) import install # Required yum package. install.package("gnupg2") install.package("python-crypto") # Include all password functions in app namespace. from password import * def get_syco_plugin_paths(subfolder=None): """ Generator of full path to all syco plugins folders containing a specific sub folder or the root paths all plugins if no subfolder is specified subfolder -- Path starting with leading / relative to syco's plugin dir (/usr) """ if os.access(SYCO_USR_PATH, os.F_OK):
def net_setup_bond_br(args): """ Setup bonded network interfaces and bridges. This must work together with a virtual host using KVM. Read more. http://serverfault.com/questions/316623/what-is-the-correct-way-to-setup-a-bonded-bridge-on-centos-6-for-kvm-guests http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge http://www.cyberciti.biz/faq/rhel-linux-kvm-virtualization-bridged-networking-with-libvirt/ http://www.linux-kvm.org/page/HOWTO_BONDING https://fedorahosted.org/cobbler/wiki/VirtNetworkingSetupForUseWithKoan http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt.html http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sec-Using_Channel_Bonding.html """ app.print_verbose("Install bonded bridges host version: %d" % SCRIPT_VERSION) version_obj = version.Version("NetSetupBondBr", SCRIPT_VERSION) version_obj.check_executed() # app.print_verbose( "Install yum package with all tools that is required to setup bridges." ) install.package("bridge-utils") # print_verbose( "Setup modprobe alias for bonding, don't know exactly why we need to " + "do that. Maybe because the ifcfg files referars to bond0 instead of " + "bonding, or because it loads the module bonding at the same time as " + "the alias is created." ) sycoConf = scOpen("/etc/modprobe.d/syco.conf") sycoConf.remove("alias bond.*") sycoConf.add("alias bond0 bonding") # Get all parameters from syco config. num_of_if = net.num_of_eth_interfaces() front_ip = config.host(net.get_hostname()).get_front_ip() front_netmask = config.general.get_front_netmask() front_gw = config.general.get_front_gateway_ip() front_resolver = config.general.get_front_resolver_ip() back_ip = config.host(net.get_hostname()).get_back_ip() back_netmask = config.general.get_back_netmask() back_gw = config.general.get_back_gateway_ip() back_resolver = config.general.get_back_resolver_ip() if (num_of_if >= 4): app.print_verbose( "{0} network interfaces was found, and 2 eth interfaces per bond " + "will be configured." ) # Setup back-net setup_bridge("br0", back_ip, back_netmask, back_gw, back_resolver) setup_bond("bond0", "br0") setup_eth("eth0", "bond0") setup_eth("eth1", "bond0") # _setup front-net setup_bridge("br1", front_ip, front_netmask, front_gw, front_resolver) setup_bond("bond1", "br1") setup_eth("eth2", "bond1") setup_eth("eth3", "bond1") elif (num_of_if == 2): app.print_verbose( "2 network interfaces was found, and 1 eth interfaces per bond " + "will be configured. There is no point in bonding in this case, " + "except that we have the same kind of configuration on all hosts. " ) # Setup back-net setup_bridge("br0", back_ip, back_netmask, back_gw, back_resolver) setup_bond("bond0", "br0") setup_eth("eth0", "bond0") # _setup front-net setup_bridge("br1", front_ip, front_netmask, front_gw, front_resolver) setup_bond("bond1", "br1") setup_eth("eth1", "bond1") else: app.print_error("To few network interfaces: " + str(num_of_if)) raise Exception("To few network interfaces: " + str(num_of_if)) # app.print_verbose( "Restart the network service so all changes will be applied." ) x("service network restart") # version_obj.mark_executed()
def install_mailx(): ''' Installs mailx for classic "mail -s "subject" destemail" from terminal. ''' install.package("mailx")
def install_kvmhost(args): ''' The actual installation of the kvm host. ''' app.print_verbose("Install kvm host version: %d" % SCRIPT_VERSION) version_obj = version.Version("InstallKvmHost", SCRIPT_VERSION) version_obj.check_executed() if (not general.grep("/proc/cpuinfo", "vmx|svm")): app.print_error("CPU doesn't support virtualization.") _abort_kvm_host_installation() if (not general.grep("/proc/cpuinfo", "constant_tsc")): app.print_error("CPU doesn't have a constant Time Stamp Counter.") _abort_kvm_host_installation() # Install the kvm packages install.package("qemu-kvm") install.package("libvirt") install.package("libguestfs-tools") install.package("avahi") # Provides the virt-install command for creating virtual machines. install.package("python-virtinst") # Before libvirtd starts, create a snapshot partion for qemu. _create_kvm_snapshot_partition() # Start services libvirtd depends on. x("service messagebus restart") x("service avahi-daemon start") x("chkconfig avahi-daemon on") # Start virsh x("service libvirtd start") _enable_ksm() # Looks like we need to wait for the libvirtd to start, otherwise # the virsh nodeinfo below doesn't work. time.sleep(1) # Set selinux x("setenforce 1") # Is virsh started? result = x("virsh nodeinfo") if "CPU model:" not in result: app.print_error("virsh not installed.") _abort_kvm_host_installation() result = x("virsh -c qemu:///system list") if "Id" not in result and "Name" not in result: app.print_error("virsh not installed.") _abort_kvm_host_installation() _remove_kvm_virt_networking() iptables.add_kvm_chain() iptables.save() _libvirt_init_config() version_obj.mark_executed() # Set selinux x("reboot") # Wait for the reboot to be executed, so the script # doesn't proceed to next command in install.cfg time.sleep(1000)
def net_setup_bond_br(args): """ Setup bonded network interfaces and bridges. This must work together with a virtual host using KVM. Read more. http://serverfault.com/questions/316623/what-is-the-correct-way-to-setup-a-bonded-bridge-on-centos-6-for-kvm-guests http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge http://www.cyberciti.biz/faq/rhel-linux-kvm-virtualization-bridged-networking-with-libvirt/ http://www.linux-kvm.org/page/HOWTO_BONDING https://fedorahosted.org/cobbler/wiki/VirtNetworkingSetupForUseWithKoan http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt.html http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sec-Using_Channel_Bonding.html """ app.print_verbose("Install bonded bridges host version: %d" % SCRIPT_VERSION) version_obj = version.Version("NetSetupBondBr", SCRIPT_VERSION) version_obj.check_executed() # app.print_verbose( "Install yum package with all tools that is required to setup bridges." ) install.package("bridge-utils") # print_verbose( "Setup modprobe alias for bonding, don't know exactly why we need to " + "do that. Maybe because the ifcfg files referars to bond0 instead of " + "bonding, or because it loads the module bonding at the same time as " + "the alias is created." ) sycoConf = scOpen("/etc/modprobe.d/syco.conf") sycoConf.remove("alias bond.*") sycoConf.add("alias bond0 bonding") # Get all parameters from syco config. # Check if interfaces are defined, otherwise fall back to autodetecting front_interfaces = config.host(net.get_hostname()).get_front_interfaces() back_interfaces = config.host(net.get_hostname()).get_back_interfaces() num_of_if = len(front_interfaces) + len(back_interfaces) if num_of_if == 0: # Autodetect num_of_if = net.num_of_eth_interfaces() front_ip = config.host(net.get_hostname()).get_front_ip() front_netmask = config.general.get_front_netmask() front_gw = config.general.get_front_gateway_ip() front_resolver = config.general.get_front_resolver_ip() net_count = 1 if config.general.is_back_enabled(): back_ip = config.host(net.get_hostname()).get_back_ip() back_netmask = config.general.get_back_netmask() back_gw = config.general.get_back_gateway_ip() back_resolver = config.general.get_back_resolver_ip() net_count += 1 eth_count = 0; if len(front_interfaces) < 1: # Use default eth interfaces # Also, if you don't specify front net interfaces, you may not specify back net interfaces. if_per_net_count = int(math.floor(num_of_if / net_count)) if net_count > 1: back_interfaces = [] for i in range(if_per_net_count): back_interfaces.append("eth" + str(eth_count)) eth_count += 1 front_interfaces = [] for i in range(if_per_net_count): front_interfaces.append("eth" + str(eth_count)) eth_count += 1 app.print_verbose("Configuring front net bond bond1 with interfaces: {0}".format(front_interfaces)) setup_bridge("br1", front_ip, front_netmask, front_gw, front_resolver) setup_bond("bond1", "br1") for front_interface in front_interfaces: setup_eth(front_interface, "bond1") if net_count == 2: app.print_verbose("Found back-net configuration, configuring second bond bond0 with interfaces: {0}".format(back_interfaces)) setup_bridge("br0", back_ip, back_netmask, back_gw, back_resolver) setup_bond("bond0", "br0") for back_interface in back_interfaces: setup_eth(back_interface, "bond0") # app.print_verbose( "Restart the network service so all changes will be applied." ) x("service network restart") x("echo \"nameserver 8.8.8.8\" > /etc/resolv.conf") # version_obj.mark_executed()
def install_kvmhost(args): """ The actual installation of the kvm host. """ app.print_verbose("Install kvm host version: %d" % SCRIPT_VERSION) version_obj = version.Version("InstallKvmHost", SCRIPT_VERSION) version_obj.check_executed() if not general.grep("/proc/cpuinfo", "vmx|svm"): app.print_error("CPU don't support virtualization.") _abort_kvm_host_installation() if not general.grep("/proc/cpuinfo", "constant_tsc"): app.print_error("CPU don't have a constant Time Stamp Counter.") _abort_kvm_host_installation() # Install the kvm packages install.package("qemu-kvm") install.package("libvirt") install.package("libguestfs-tools") install.package("avahi") # Provides the virt-install command for creating virtual machines. install.package("python-virtinst") # Before libvirtd starts, create a snapshot partion for qemu. _create_kvm_snapshot_partition() # Start services libvirtd depends on. x("service messagebus restart") x("service avahi-daemon start") x("chkconfig avahi-daemon on") # Start virsh x("service libvirtd start") _enable_ksm() # Looks like we need to wait for the libvirtd to start, otherwise # the virsh nodeinfo below doesn't work. time.sleep(1) # Set selinux x("setenforce 1") # Is virsh started? result = x("virsh nodeinfo") if "CPU model:" not in result: app.print_error("virsh not installed.") _abort_kvm_host_installation() result = x("virsh -c qemu:///system list") if "Id" not in result and "Name" not in result: app.print_error("virsh not installed.") _abort_kvm_host_installation() _remove_kvm_virt_networking() iptables.add_kvm_chain() iptables.save() version_obj.mark_executed() # Set selinux x("reboot") # Wait for the reboot to be executed, so the script # doesn't proceed to next command in install.cfg time.sleep(1000)
''' __author__ = "*****@*****.**" __copyright__ = "Copyright 2011, The System Console project" __maintainer__ = "Daniel Lindh" __email__ = "*****@*****.**" __credits__ = ["???"] __license__ = "???" __version__ = "1.0.0" __status__ = "Production" import subprocess, time import app, install install.package("pexpect") import pexpect import pxssh class spawn(pexpect.spawn): # What verbose level should be used with print_verbose verbose_level = 2 def enable_output(self): self.verbose_level = 2 def disable_output(self): self.verbose_level = 10
def net_setup_bond_br(args): """ Setup bonded network interfaces and bridges. This must work together with a virtual host using KVM. Read more. http://serverfault.com/questions/316623/what-is-the-correct-way-to-setup-a-bonded-bridge-on-centos-6-for-kvm-guests http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge http://www.cyberciti.biz/faq/rhel-linux-kvm-virtualization-bridged-networking-with-libvirt/ http://www.linux-kvm.org/page/HOWTO_BONDING https://fedorahosted.org/cobbler/wiki/VirtNetworkingSetupForUseWithKoan http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt.html http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sec-Using_Channel_Bonding.html """ app.print_verbose("Install bonded bridges host version: %d" % SCRIPT_VERSION) version_obj = version.Version("NetSetupBondBr", SCRIPT_VERSION) version_obj.check_executed() # app.print_verbose( "Install yum package with all tools that is required to setup bridges." ) install.package("bridge-utils") # print_verbose( "Setup modprobe alias for bonding, don't know exactly why we need to " + "do that. Maybe because the ifcfg files referars to bond0 instead of " + "bonding, or because it loads the module bonding at the same time as " + "the alias is created.") sycoConf = scOpen("/etc/modprobe.d/syco.conf") sycoConf.remove("alias bond.*") sycoConf.add("alias bond0 bonding") # Get all parameters from syco config. # Check if interfaces are defined, otherwise fall back to autodetecting front_interfaces = config.host(net.get_hostname()).get_front_interfaces() back_interfaces = config.host(net.get_hostname()).get_back_interfaces() num_of_if = len(front_interfaces) + len(back_interfaces) if num_of_if == 0: # Autodetect num_of_if = net.num_of_eth_interfaces() front_ip = config.host(net.get_hostname()).get_front_ip() front_netmask = config.general.get_front_netmask() front_gw = config.general.get_front_gateway_ip() front_resolver = config.general.get_front_resolver_ip() net_count = 1 if config.general.is_back_enabled(): back_ip = config.host(net.get_hostname()).get_back_ip() back_netmask = config.general.get_back_netmask() back_gw = config.general.get_back_gateway_ip() back_resolver = config.general.get_back_resolver_ip() net_count += 1 eth_count = 0 if len(front_interfaces) < 1: # Use default eth interfaces # Also, if you don't specify front net interfaces, you may not specify back net interfaces. if_per_net_count = int(math.floor(num_of_if / net_count)) if net_count > 1: back_interfaces = [] for i in range(if_per_net_count): back_interfaces.append("eth" + str(eth_count)) eth_count += 1 front_interfaces = [] for i in range(if_per_net_count): front_interfaces.append("eth" + str(eth_count)) eth_count += 1 app.print_verbose( "Configuring front net bond bond1 with interfaces: {0}".format( front_interfaces)) setup_bridge("br1", front_ip, front_netmask, front_gw, front_resolver) setup_bond("bond1", "br1") for front_interface in front_interfaces: setup_eth(front_interface, "bond1") if net_count == 2: app.print_verbose( "Found back-net configuration, configuring second bond bond0 with interfaces: {0}" .format(back_interfaces)) setup_bridge("br0", back_ip, back_netmask, back_gw, back_resolver) setup_bond("bond0", "br0") for back_interface in back_interfaces: setup_eth(back_interface, "bond0") # app.print_verbose( "Restart the network service so all changes will be applied.") x("service network restart") x("echo \"nameserver 8.8.8.8\" > /etc/resolv.conf") # version_obj.mark_executed()