def generate(host): info = {} resolvers = lib.get_servers_for_node('eventdns', host) ips = lib.resolve_nodes_to_ip(resolvers) info['nameservers'] = [ips[x][0] for x in resolvers] info['icmp_target'] = 'ping.sunet.se' info['dns_target'] = 'slashdot.org.' return {'observer': info}
def generate(host, *args): access_node_ips = lib.resolve_nodes_to_ip( lib.get_nodes_with_layer('access')) dist_node_ips = lib.resolve_nodes_to_ip( lib.get_nodes_with_layer('dist')) core_node_ips = lib.resolve_nodes_to_ip( lib.get_nodes_with_layer('core')) firewall_node_ips = lib.resolve_nodes_to_ip( lib.get_nodes_with_layer('firewall')) partner_node_ips = lib.resolve_nodes_to_ip( lib.get_nodes_with_layer('partner')) access_ips = [] for node, addresses in access_node_ips.iteritems(): access_ips.append([node, addresses[0]]) dist_ips = [] for node, addresses in dist_node_ips.iteritems(): dist_ips.append([node, addresses[0]]) core_ips = [] for node, addresses in core_node_ips.iteritems(): core_ips.append([node, addresses[0]]) firewall_ips = [] for node, addresses in firewall_node_ips.iteritems(): firewall_ips.append([node, addresses[0]]) partner_ips = [] for node, addresses in partner_node_ips.iteritems(): partner_ips.append([node, addresses[0]]) info = {} info['access_ips'] = access_ips info['dist_ips'] = dist_ips info['core_ips'] = core_ips info['firewall_ips'] = firewall_ips info['partner_ips'] = partner_ips return {'radiusd': info}
def generate(host, *args): role = args[0] ircds = lib.get_nodes_with_package('ircd') peers = list() for ircd in ircds: if role in ircds[ircd]: continue v4 = lib.resolve_nodes_to_ip((ircd, ))[ircd][0] peer = dict() peer['fqdn'] = ircd peer['allowmask'] = v4 + "/32" peers.append(peer) info = {} info['peers'] = peers info['sid'] = args[1] return {'inspircd': info}
def generate(host, *args): my_environment = lib.get_environment(host) masters = sorted(lib.get_nodes_with_package('puppetmaster').keys()) # Do not install client agent files on master, it's managed by SVN instead if host in masters: return {} ipv4, _ = lib.resolve_nodes_to_ip((host, ))[host] info = {} info['sourceaddress'] = ipv4 info['master'] = sorted(masters)[0] info['environment'] = my_environment return {'puppet': info}
def generate(host, *args): my_domain = lib.get_domain(host) info = {} my_dns_domain = '.'.join(host.split('.')[1:]) info['domain'] = my_dns_domain # Some things (busybox? musl?) doesn't work well with multiple searchs. # Let's use only the primary one for now info['search'] = [my_dns_domain] if my_domain == 'EVENT': resolvers = lib.get_servers_for_node('eventdns', host) else: resolvers = lib.get_servers_for_node('dns', host) # Sort to lexographical order (e.g. ddns1 before ddns3) resolvers = sorted(resolvers) info['nameservers'] = [] # Do not use ourself if we are a resolver. if host in resolvers: resolvers.remove(host) # Use an external resolver by default so we do not create deadlocks # when bootstrapping the environment from scratch. info['nameservers'].append('1.1.1.1') ips = lib.resolve_nodes_to_ip(resolvers) info['nameservers'].extend([ips[x][0] for x in resolvers]) # Default to Google DNS info['nameservers'].extend(['8.8.8.8', '8.8.4.4']) # Only three, no support for more in Linux info['nameservers'] = info['nameservers'][:3] return {'resolvconf': info}
def generate(host, *args): """Generate ldaplogin information. Args: *args: list(str): list of groups allowed to log in in addition to the default users. special keywords: - git: restrict non-sudo users to git-shell - otp: allow use of otp - [0-9]+: listen on given port """ my_domain = lib.get_domain(host) ldap_servers = lib.get_nodes_with_package('ldap', my_domain) ldap_replicas = sorted(k for k, v in ldap_servers.iteritems() if 'master' not in v) # We want to be able to mutate the list args = list(args) if not ldap_replicas: # If we don't have any LDAP servers, don't include this module return {} # We're only using the lowest two parts of the FQDN for identity. # LDAP doesn't allow period in group names, replace with slash. ident = '-'.join(host.split('.')[0:2]) info = {} # 'otp' is a special keyword to enable otp authentication on the host if 'otp' in args: args.remove('otp') info['use_otp'] = True # find numbers in args, use it for ports # 22 used by default, 2022 used for jumpgates info['ssh_ports'] = set([22, 2022]) for arg in args: if re.match('^[0-9]+$', arg): info['ssh_ports'].add(int(arg)) args.remove(arg) info['ssh_ports'] = list(info['ssh_ports']) # For sudo users we have two groups: # For event: services-event # For colo: services-colo # (.. and the ident-sudo group) info['sudo'] = [ident + '-sudo-access'] services_group = 'services-colo-team' if my_domain == 'EVENT': services_group = 'services-team' info['sudo'].append(services_group) groups = [] for arg in args: if arg.startswith('sudo'): _, group = arg.split(':', 2) info['sudo'].append(group) else: groups.append(arg) # 'git' is a special keyword to enable restricting users to git-shell if 'git' in args: args.remove('git') info['gitshell'] = ','.join(['!' + x for x in info['sudo']]) + ',*' # Who should be allowed to log in to this system? info['logon'] = [ (ident + '-access', 'ALL EXCEPT LOCAL'), ] # Allow sudo users to logon everywhere for group in info['sudo']: info['logon'].append((group, 'ALL')) # Add all explicit groups for group in groups: # Allow local logins as well to allow scripts to auth users formatted = group.format(event=lib.get_current_event()) info['logon'].append((formatted, 'ALL')) # LDAP settings info['ldap'] = {'servers': [], 'servers_ip': {}} for server in ldap_replicas: info['ldap']['servers'].append(server) (server_ipv4, server_ipv6), = lib.resolve_nodes_to_ip([server ]).values() info['ldap']['servers_ip'][server] = (server_ipv4, server_ipv6) info['ldap']['base'] = 'dc=tech,dc=dreamhack,dc=se' info['ldap']['mount'] = '/ldap' info['ca'] = lib.read_secret('ssh/config/ca')['public_key'] info['host_cert'] = sign_host_key(host) info['panic_users'] = sorted(grp.getgrnam(services_group).gr_mem) generate_borg_passphrase(host) return {'ldaplogin': info}
def generate(host, mgmt_fqdn, *args): """Arg format is domain:host. The OS of the host is used to get the backend type. """ vault_prefix = '' if lib.get_domain(host) == 'EVENT': vault_prefix = '%s-' % lib.get_current_event() vault_mount = '%sservices' % vault_prefix deploy_domain = lib.get_domain(host) deploy_gw, _ = lib.get_network_gateway(deploy_domain + '@DEPLOY') deploy_networks, _ = lib.get_networks_with_name(deploy_domain + '@DEPLOY') deploy_network, deploy_prefix = deploy_networks.split('/', 2) deploy_conf = { 'gateway': deploy_gw, 'network': deploy_network, 'prefix': deploy_prefix } info = { 'esxi': [], 'c7000': [], 'vault_mount': vault_mount, 'domain': lib.get_domain(host).lower(), 'deploy_conf': deploy_conf, 'ocp': False, 'ocp_domain': 'ocp-' + lib.get_domain(host).lower(), 'ocp_machines': [] } if mgmt_fqdn != 'no-rfc1918': mgmt_network, _ = lib.get_ipv4_network(mgmt_fqdn) _, mgmt_prefix = mgmt_network.split('/', 2) mgmt_ip = lib.resolve_nodes_to_ip([mgmt_fqdn]) info['mgmt_if'] = {'ip': mgmt_ip[mgmt_fqdn][0], 'prefix': mgmt_prefix} for arg in args: if arg == 'ocp': info['ocp'] = True ocp_macs = [{ 'name': 'r0a0', 'mac': 'E41D2DFC296A', 'mgmt-mac': 'E41D2DFC296C' }, { 'name': 'r0a1', 'mac': 'E41D2DFC2826', 'mgmt-mac': 'E41D2DFC2828' }, { 'name': 'r0a2', 'mac': 'E41D2DFC5F58', 'mgmt-mac': 'E41D2DFC5F60' }, { 'name': 'r0a3', 'mac': 'E41D2DFC4554', 'mgmt-mac': 'E41D2DFC4556' }, { 'name': 'r0a4', 'mac': '7CFE904142EE', 'mgmt-mac': '7CFE904142F0' }, { 'name': 'r0a5', 'mac': '7CFE9041826C', 'mgmt-mac': '7CFE9041826E' }, { 'name': 'r0a6', 'mac': '7CFE90413FE8', 'mgmt-mac': '7CFE90413FEA' }, { 'name': 'r0a7', 'mac': 'E41D2DD3C842', 'mgmt-mac': 'E41D2DD3C844' }, { 'name': 'r0a8', 'mac': 'E41D2DFC2B08', 'mgmt-mac': 'E41D2DFC2B0A' }, { 'name': 'r0a9', 'mac': '7CFE9041327A', 'mgmt-mac': '7CFE9041327C' }, { 'name': 'r0b0', 'mac': '7CFE904103EE', 'mgmt-mac': '7CFE904103F0' }, { 'name': 'r0b1', 'mac': 'E41D2DFC2B50', 'mgmt-mac': 'E41D2DFC2B52' }, { 'name': 'r0b2', 'mac': '7CFE904136A0', 'mgmt-mac': '7CFE904136A2' }, { 'name': 'r0b3', 'mac': 'E41D2DFC4164', 'mgmt-mac': 'E41D2DFC4164' }, { 'name': 'r0b4', 'mac': '7CFE90428E2C', 'mgmt-mac': '7CFE90428E2E' }, { 'name': 'r0b5', 'mac': '7CFE9041FE08', 'mgmt-mac': '7CFE9041FE0A' }, { 'name': 'r0b6', 'mac': 'E41D2DFC177C', 'mgmt-mac': 'E41D2DFC177E' }, { 'name': 'r0b7', 'mac': 'E41D2DFCC594', 'mgmt-mac': 'E41D2DFCC596' }, { 'name': 'r0b8', 'mac': 'E41D2DFC2A30', 'mgmt-mac': 'E41D2DFC2A32' }, { 'name': 'r0b9', 'mac': 'E41D2DFCC180', 'mgmt-mac': 'E41D2DFCC182' }, { 'name': 'r0c0', 'mac': 'E41D2DFCC648', 'mgmt-mac': 'E41D2DFCC64A' }, { 'name': 'r0c1', 'mac': '7CFE90428088', 'mgmt-mac': '7CFE9042808A' }, { 'name': 'r0c2', 'mac': '7CFE904182EA', 'mgmt-mac': '7CFE904182EC' }, { 'name': 'r0c3', 'mac': 'E41D2DFC890A', 'mgmt-mac': 'E41D2DFC890C' }, { 'name': 'r0c4', 'mac': '7CFE90418224', 'mgmt-mac': '7CFE90418226' }, { 'name': 'r0c5', 'mac': 'E41D2DFC2838', 'mgmt-mac': 'E41D2DFC283A' }, { 'name': 'r0c6', 'mac': '7CFE90428E98', 'mgmt-mac': '7CFE90428E9A' }, { 'name': 'r0c7', 'mac': '7CFE90429C60', 'mgmt-mac': '7CFE90429C62' }, { 'name': 'r0c8', 'mac': '7CFE90429CF0', 'mgmt-mac': '7CFE90429CF2' }, { 'name': 'r0c9', 'mac': '7CFE9041AAC8', 'mgmt-mac': '7CFE9041AACA' }, { 'name': 'r1a0', 'mac': 'E41D2DFC17D6', 'mgmt-mac': 'E41D2DFC17D8' }, { 'name': 'r1a1', 'mac': '248A07907064', 'mgmt-mac': '248A07907066' }, { 'name': 'r1a2', 'mac': '7CFE9041328C', 'mgmt-mac': '7CFE9041328E' }, { 'name': 'r1a3', 'mac': 'E41D2DFC16B6', 'mgmt-mac': 'E41D2DFC16B8' }, { 'name': 'r1a4', 'mac': '7CFE90423F24', 'mgmt-mac': '7CFE90423F26' }, { 'name': 'r1a5', 'mac': '7CFE9041CE02', 'mgmt-mac': '7CFE9041CE04' }, { 'name': 'r1a6', 'mac': '7CFE9041102A', 'mgmt-mac': '7CFE9041102C' }, { 'name': 'r1a7', 'mac': '7CFE9042C53A', 'mgmt-mac': '7CFE9042C53C' }, { 'name': 'r1a8', 'mac': '7CFE9042C6A2', 'mgmt-mac': '7CFE9042C6A4' }, { 'name': 'r1a9', 'mac': '7CFE90423DF2', 'mgmt-mac': '7CFE90423DF4' }, { 'name': 'r1b0', 'mac': 'E41D2DFC7F7A', 'mgmt-mac': 'E41D2DFC7F7C' }, { 'name': 'r1b1', 'mac': '248A079070AC', 'mgmt-mac': '248A079070AE' }, { 'name': 'r1b2', 'mac': 'E41D2DFC8E86', 'mgmt-mac': 'E41D2DFC8E88' }, { 'name': 'r1b3', 'mac': '7CFE90428F5E', 'mgmt-mac': '7CFE90428F60' }, { 'name': 'r1b4', 'mac': 'E41D2D54019C', 'mgmt-mac': 'E41D2D54019E' }, { 'name': 'r1b5', 'mac': '7CFE9042E1B4', 'mgmt-mac': '7CFE9042E1B6' }, { 'name': 'r1b6', 'mac': '7CFE9041FEF2', 'mgmt-mac': '7CFE9041FEF4' }, { 'name': 'r1b7', 'mac': '7CFE90412B3C', 'mgmt-mac': '7CFE90412B3E' }, { 'name': 'r1b8', 'mac': '7CFE90410ED4', 'mgmt-mac': '7CFE90410ED6' }, { 'name': 'r1b9', 'mac': '7CFE9041A516', 'mgmt-mac': '7CFE9041A518' }, { 'name': 'r1c0', 'mac': 'E41D2DFC2A8A', 'mgmt-mac': 'E41D2DFC2A8C' }, { 'name': 'r1c1', 'mac': 'E41D2D53FF5C', 'mgmt-mac': 'E41D2D53FF5E' }, { 'name': 'r1c2', 'mac': '7CFE90424188', 'mgmt-mac': '7CFE9042418A' }, { 'name': 'r1c3', 'mac': 'E41D2DFCCE28', 'mgmt-mac': 'E41D2DFCCE2A' }, { 'name': 'r1c4', 'mac': '7CFE90422946', 'mgmt-mac': '7CFE90422948' }, { 'name': 'r1c5', 'mac': '7CFE9042E340', 'mgmt-mac': '7CFE9042E342' }, { 'name': 'r1c6', 'mac': '7CFE9041354A', 'mgmt-mac': '7CFE9041354C' }, { 'name': 'r1c7', 'mac': '7CFE9041AB34', 'mgmt-mac': '7CFE9041AB36' }, { 'name': 'r1c8', 'mac': '7CFE9042CB34', 'mgmt-mac': '7CFE9042CB36' }, { 'name': 'r1c9', 'mac': 'E41D2DFC2A66', 'mgmt-mac': 'E41D2DFC2A68' }] # Building dhcp static lease configuration for dhcpd. leases = [] lastoctet = 100 for line in ocp_macs: t = iter(line['mgmt-mac']) mgmt_mac = ':'.join(a + b for a, b in zip(t, t)) d = {} d['name'] = line['name'] d['mac'] = line['mac'] d['macshort'] = line['mac'] d['mgmt-mac'] = mgmt_mac d['ip'] = '10.32.12.' + str(lastoctet) lastoctet += 1 leases.append(d) info['ocp_machines'].extend(leases) continue domain, host = arg.split(':', 2) os = lib.get_os(host) ip = lib.resolve_nodes_to_ip([host]) backend = {'ip': ip[host][0], 'fqdn': host, 'domain': domain} if os == 'vcenter' or os == 'esxi': info['esxi'].append(backend) elif os == 'c7000': info['c7000'].append(backend) return {'provision': info}
def generate(host, *args): # Decide if we are the active node: if 'active' in args: active = 1 else: active = 0 # Get fqdn of active node active_node = 'dhcp1.event.dreamhack.se' for (k, v) in lib.get_nodes_with_package('dhcpd', lib.get_domain(host)).items(): if v == [u'active']: active_node = k break # Fetch DHCP scopes scopes = lib.sqlite2dhcp_scope.App(['-', '/etc/ipplan.db', '-']).run_from_puppet() # Get the subnet the dhcpd lives at in CIDR notation local_subnet_cidr = lib.get_ipv4_network(host)[0] local_subnet = local_subnet_cidr.split('/')[0] local_cidr = int(local_subnet_cidr.split('/')[1]) # Convert CIDR to netmask bitmask = 0xffffffff ^ (1 << 32 - local_cidr) - 1 local_netmask = inet_ntop(AF_INET, pack('!I', bitmask)) # Set ntp-servers ntp_servers = ", ".join(lib.get_servers_for_node('ntpd', host)) if not ntp_servers: ntp_servers = ('0.pool.ntp.org, ' '1.pool.ntp.org, ' '2.pool.ntp.org, ' '3.pool.ntp.org') # Set domain-name-servers resolver_ipv4_addresses = [] for hostname, addresses in lib.resolve_nodes_to_ip( lib.get_servers_for_node('resolver', host)).iteritems(): resolver_ipv4_addresses.append(addresses[0]) resolver_ipv4_addresses.sort() domain_name_servers = ", ".join(resolver_ipv4_addresses) if not domain_name_servers: domain_name_servers = '8.8.8.8, 8.8.4.4' # Set tftp-server-name tftp_server_name_address = lib.resolve_nodes_to_ip( ['pxe.event.dreamhack.se']) tftp_server_name = tftp_server_name_address['pxe.event.dreamhack.se'][0] # Set next-server next_server_addresses = lib.resolve_nodes_to_ip(['pxe.event.dreamhack.se']) next_server = next_server_addresses['pxe.event.dreamhack.se'][0] # Get current event, used to decide name of dhcpinfo database current_event = lib.get_current_event() info = {} info['active'] = active info['active_node'] = active_node info['scopes'] = scopes info['ntp_servers'] = ntp_servers info['domain_name_servers'] = domain_name_servers info['tftp_server_name'] = tftp_server_name info['next_server'] = next_server info['local_subnet'] = local_subnet info['local_netmask'] = local_netmask info['current_event'] = current_event return {'dhcpd': info}