def _settings():
grains = __grains__
pillar = __pillar__
local_conf = __salt__['mc_macros.get_local_registry'](
'mumble', registry_format='pack')
password = local_conf.setdefault('password', secure_password(8))
supassword = local_conf.setdefault('supassword', secure_password(32))
htpassword = local_conf.setdefault('htpassword', secure_password(32))
locations = __salt__['mc_locations.settings']()
fqdn = grains['id']
mumbleData = __salt__['mc_utils.defaults'](
'makina-states.services.sound.mumble', {
'default': {
'use_caps': 0,
'start': 1,
'nofile': 16384,
},
'murmur': {
'supassword': htpassword,
'uname': 'mumble-server',
'password': password,
'sendversion': 'True',
'allowhtml': 'True',
'port': 64738,
'ice': 'tcp -h 127.0.0.1 -p 6502',
'textmessagelength': 0,
'imagemessagelength': 0,
},
})
__salt__['mc_macros.update_local_registry']('mumble',
local_conf,
registry_format='pack')
return mumbleData
def _settings():
grains = __grains__
pillar = __pillar__
local_conf = __salt__['mc_macros.get_local_registry'](
'mumble', registry_format='pack')
password = local_conf.setdefault('password', secure_password(8))
supassword = local_conf.setdefault('supassword', secure_password(32))
htpassword = local_conf.setdefault('htpassword', secure_password(32))
locations = __salt__['mc_locations.settings']()
fqdn = grains['id']
mumbleData = __salt__['mc_utils.defaults'](
'makina-states.services.sound.mumble', {
'default': {
'use_caps': 0,
'start': 1,
'nofile': 16384,
},
'murmur': {
'supassword': htpassword,
'uname': 'mumble-server',
'password': password,
'sendversion': 'True',
'allowhtml': 'True',
'port': 64738,
'ice': 'tcp -h 127.0.0.1 -p 6502',
'textmessagelength': 0,
'imagemessagelength': 0,
},
}
)
__salt__['mc_macros.update_local_registry'](
'mumble', local_conf, registry_format='pack')
return mumbleData
def set_password(username, password, encrypted=False, role=None, crypt_salt=None, algorithm='sha256'):
'''
Set users password on switch
.. code-block:: bash
salt '*' nxos.cmd set_password admin TestPass
salt '*' nxos.cmd set_password admin \\
password='******' \\
encrypted=True
'''
password_line = get_user(username)
if encrypted is False:
if crypt_salt is None:
# NXOS does not like non alphanumeric characters. Using the random module from pycrypto
# can lead to having non alphanumeric characters in the salt for the hashed password.
crypt_salt = secure_password(8, use_random=False)
hashed_pass = gen_hash(crypt_salt=crypt_salt, password=password, algorithm=algorithm)
else:
hashed_pass = password
password_line = 'username {0} password 5 {1}'.format(username, hashed_pass)
if role is not None:
password_line += ' role {0}'.format(role)
try:
sendline('config terminal')
ret = sendline(password_line)
sendline('end')
sendline('copy running-config startup-config')
return '\n'.join([password_line, ret])
except TerminalException as e:
log.error(e)
return 'Failed to set password'
def set_password(username, password, encrypted=False, role=None, crypt_salt=None, algorithm='sha256'):
'''
Set users password on switch
.. code-block:: bash
salt '*' nxos.cmd set_password admin TestPass
salt '*' nxos.cmd set_password admin \\
password='******' \\
encrypted=True
'''
password_line = get_user(username)
if encrypted is False:
if crypt_salt is None:
# NXOS does not like non alphanumeric characters. Using the random module from pycrypto
# can lead to having non alphanumeric characters in the salt for the hashed password.
crypt_salt = secure_password(8, use_random=False)
hashed_pass = gen_hash(crypt_salt=crypt_salt, password=password, algorithm=algorithm)
else:
hashed_pass = password
password_line = 'username {0} password 5 {1}'.format(username, hashed_pass)
if role is not None:
password_line += ' role {0}'.format(role)
try:
sendline('config terminal')
ret = sendline(password_line)
sendline('end')
sendline('copy running-config startup-config')
return '\n'.join([password_line, ret])
except TerminalException as e:
log.error(e)
return 'Failed to set password'
def set_password(username,
password,
encrypted=False,
role=None,
crypt_salt=None,
algorithm='sha256',
**kwargs):
'''
Set users password on switch.
username
Username to configure
password
Password to configure for username
encrypted
Whether or not to encrypt the password
Default: False
role
Configure role for the username
Default: None
crypt_salt
Configure crypt_salt setting
Default: None
alogrithm
Encryption algorithm
Default: sha256
no_save_config
If True, don't save configuration commands to startup configuration.
If False, save configuration to startup configuration.
Default: False
.. code-block:: bash
salt '*' nxos.cmd set_password admin TestPass
salt '*' nxos.cmd set_password admin \\
password='******' \\
encrypted=True
'''
password_line = get_user(username, **kwargs)
if encrypted is False:
if crypt_salt is None:
# NXOS does not like non alphanumeric characters. Using the random module from pycrypto
# can lead to having non alphanumeric characters in the salt for the hashed password.
crypt_salt = secure_password(8, use_random=False)
hashed_pass = gen_hash(crypt_salt=crypt_salt,
password=password,
algorithm=algorithm)
else:
hashed_pass = password
password_line = 'username {0} password 5 {1}'.format(username, hashed_pass)
if role is not None:
password_line += ' role {0}'.format(role)
return config(password_line, **kwargs)
def find_password_for_vm(vm, default=None, pwlen=32, target=None):
'''
Return the vm password after creating it
the first time
'''
if target is None:
target = target_for_vm(vm)
password = get_conf_for_vm(vm, 'password', target=target)
if not password:
password = default
if not password:
password = secure_password(pwlen)
if not password:
raise Exception('Error while setting password '
'grain for {0}/{1}'.format(target, vm))
return password
def find_password_for_vm(target,
virt_type,
vm,
default=None,
pwlen=32):
'''Return the vm password after creating it
the first time
'''
password = get_conf_for_vm(target, virt_type, vm, 'password')
if not password:
password = default
if not password:
password = secure_password(pwlen)
if not password:
raise Exception('Error while setting password '
'grain for {0}/{1}'.format(target, vm))
return password
def _settings():
_g = __grains__
_p = __pillar__
locations = __salt__['mc_locations.settings']()
local_conf = __salt__['mc_macros.get_local_registry'](
'dhcpd', registry_format='pack')
cn_pass = local_conf.setdefault('cn_pass', secure_password(32))
pkgs = ['dhcp3-server']
if _g.get('os') in ['Ubuntu']:
if _g['osrelease'] >= 15.10:
pkgs = ['isc-dhcp-server']
dhcpdData = __salt__['mc_utils.defaults'](
'makina-states.services.dns.dhcpd6', {
'dhcpd_directory': "/etc/dhcpd",
'templates': {
'/etc/default/isc-dhcp-server6': {},
'/etc/systemd/system/isc-dhcp-server6.service': {},
'/etc/dhcp/dhcpd6.conf': {},
},
'extra_dirs': [],
'defaults': {
'INTERFACES': '',
'OPTIONS': '',
},
'subnets': {},
'hosts': {},
'conf': {
'ddns_update_style': 'none',
'domain_name': 'example.org',
'default_lease_time': '864000',
'max_lease_time': '864000',
'log_facility': 'local7',
'domain_name_servers':
('ns1.example.org, ns2.example.org'),
},
'pkgs': pkgs,
'service_name': 'isc-dhcp-server6'
})
return dhcpdData
def _settings():
salt = __salt__
local_conf = salt['mc_macros.get_local_registry'](
'burp', registry_format='pack')
ca_pass = local_conf.get('ca_pass', secure_password(32))
server_pass = local_conf.get('server_pass', secure_password(32))
timers = local_conf.setdefault('timers', OrderedDict())
local_conf['ca_pass'] = ca_pass
local_conf['server_pass'] = server_pass
grains = __grains__
pillar = __pillar__
locs = __salt__['mc_locations.settings']()
data = {}
data = __salt__['mc_utils.defaults'](
'makina-states.services.backup.burp', {
'ver': '1.3.48',
'user': '******',
'group': 'root',
'ssl_cert_ca': '/etc/burp/ssl_cert_ca.pem',
'server_conf': {
'fqdn': grains['id'],
'port': '4971',
'status_port': '7972',
'client_port': '4971',
'client_status_port': '7972',
'directory': '/data/burp',
'clientconfdir': '/etc/burp/clientconfdir',
'pidfile': '/var/run/burp.server.pid',
'hardlinked_archive': '1',
'working_dir_recovery_method': 'delete',
'max_children': '5',
'max_status_children': '5',
'umask': '0022',
'syslog': '1',
'stdout': '0',
'client_can_delete': '0',
'client_can_force_backup': '0',
'client_can_list': '1',
'client_can_restore': '1',
'client_can_verify': '1',
'version_warn': '1',
'keep': [7, 4, 6],
# s (sec), m (min), h (hours), d (day), w (week), n (month)
# Allow backups to start in the evenings and nights
# during weekdays
# Allow more hours at the weekend.
'timer_script': '/etc/burp/timer_script',
'timer_arg': ['20h',
('Mon,Tue,Wed,Thu,Fri,'
'00,01,02,03,04,05,19,20,21,22,23'),
('Sat,Sun,'
'00,01,02,03,04,05,06,07,08,'
'17,18,19,20,21,22,23')],
'ca_conf': '/etc/burp/CA.cnf',
'ca_name': 'burpCA',
'ca_server_name': grains['id'],
'ca_burp_ca': '/usr/sbin/burp_ca',
'ssl_cert': '/etc/burp/ssl_cert-server.pem',
'ssl_key': '/etc/burp/ssl_cert-server.key',
'ssl_key_password': server_pass,
'ssl_dhfile': '/etc/burp/dhfile.pem',
'notify_failure_script': '/etc/burp/notify_script',
'notify_failure_arg': [
'sendmail -t',
'To: root',
'From: "burp {0}" <*****@*****.**>'.format(grains['id']),
'Subject: %b failed: %c %w'],
'server_script_pre': None,
'server_script_pre_arg': None,
'server_script_pre_notify': '0',
'server_script_post': None,
'server_script_post_arg': None,
'server_script_post_run_on_fail': '0',
'server_script_post_notify': '0',
'restore_client': None,
},
'client_common': {
'dedup_group': 'linux',
'mode': 'client',
'port': '4971',
'pidfile': '/var/run/burp.client.pid',
'syslog': '0',
'stdout': '1',
'progress_counter': '1',
'ratelimit': None,
'network_timeout': '7200',
'autoupgrade_dir': None,
'autoupgrade_os': None,
'server_can_restore': '1',
'cross_filesystem': [],
'cross_all_filesystems': '0',
'encryption_password': None,
'ca_burp_ca': None,
'ca_csr_dir': None,
'ssl_cert': '/etc/burp/ssl_cert-client.pem',
'ssl_key': '/etc/burp/ssl_cert-client.key',
'ssl_ciphers': None,
'backup_script_pre': None,
'backup_script_post': None,
'restore_script_pre': None,
'restore_script_post': None,
'include': ['/'],
'exclude': None,
'exclude_ext': ['pyc',
'pyo'],
'exclude_regex': None,
'exclude_fs': ['sysfs', 'tmpfs'],
'min_file_size': None,
'max_file_size': None,
'nobackup': '.nobackup',
'read_fifo': None,
'read_all_fifos': None,
'read_blockdev': None,
'read_all_blockdevs': '0',
'exclude_comp': None,
'cron_periodicity': (
"* * * * *"
),
'cron_cmd': (
" {user} [ -x /usr/sbin/burp ] && "
" /usr/sbin/burp -a t "
" >>/var/log/burp-client 2>&1"
)
},
'clients': {
# mapping of clients confs (defined in pillar),
}
}
)
for k in ['user',
'group',
'ssl_cert_ca']:
data['server_conf'][k] = data['client_common'][k] = data[k]
data['client_common']['cron_cmd'].format(user=data['user'])
data['client_common'].setdefault('server',
data['server_conf']['fqdn'])
data['client_common'].setdefault(
'ssl_peer_cn', data['server_conf']['fqdn'])
data['clients'].setdefault(data['server_conf']['fqdn'], {})
hour = [0, 20, 40]
for cname in [a for a in data['clients']]:
cl = data['clients'][cname]
cl['cname'] = cname
ssh_port = cl.get('ssh_port', '')
if ssh_port:
ssh_port = '-p {0}'.format(ssh_port)
cl['rsh_cmd'] = 'ssh {1} {2} {0} {3}'.format(
'-oStrictHostKeyChecking=no',
# Set hosts key database path to /dev/null, ie, non-existing
'-oUserKnownHostsFile=/dev/null',
# Don't re-use the SSH connection. Less failures.
'-oControlPath=none',
ssh_port,
)
cl['rsh_dst'] = '{1}@{0}'.format(cname,
cl.get('ssh_user', 'root'))
cl['ssh_cmd'] = cl['rsh_cmd'] + '{1}@{0}'.format(
cname, cl.get('ssh_user', 'root'))
if 'ssh_gateway' in cl:
ssh_gateway_key = ''
if 'ssh_gateway_key' in cl:
ssh_gateway_key = '-i {0}'.format(cl['ssh_gateway_key'])
ssh_gateway = cl['ssh_gateway']
ssh_gateway_port = ''
if ':' in ssh_gateway:
ssh_gateway, ssh_gateway_port = ssh_gateway.split(':')
if ssh_gateway_port:
ssh_gateway_port = '-p {0}'.format(ssh_gateway_port)
# Setup ProxyCommand
proxy_cmd = (
' -oProxyCommand="'
'ssh {0} {1} {2} {3} {4}@{5} {6} '
'nc -q0 %h %p"'
).format(
'-oStrictHostKeyChecking=no',
# Set hosts key database path to /dev/null
'-oUserKnownHostsFile=/dev/null',
# Don't re-use the SSH connection. Less failures.
'-oControlPath=none',
ssh_gateway_key,
cl.get('ssh_gateway_user', 'root'),
ssh_gateway,
ssh_gateway_port
)
cl['ssh_cmd'] += proxy_cmd
cl['rsh_cmd'] += proxy_cmd
# backup host is only a client to query backups
# and restore
# we do not backup the backups locally
cl.setdefault('activated', True)
cl.setdefault('restore_client', '')
restore_clients = [a for a in cl['restore_client'].split(',')
if a.strip()]
if not data['server_conf']['fqdn'] in restore_clients:
restore_clients.append(data['server_conf']['fqdn'])
cl['restore_client'] = ','.join(restore_clients)
if cl['cname'] == data['server_conf']['fqdn']:
cl['activated'] = False
cl['port'] = data['server_conf']['client_port']
cl['status_port'] = data['server_conf']['client_status_port']
if not cl['activated']:
cl['include'] = []
cl['cross_all_filesystems'] = []
cl['exclude_regex'] = ['.*']
cpassk = ('clients_passwords.{0}'.format(cname))
cpass = local_conf.get(cpassk, secure_password(32))
local_conf[cpassk] = cpass
cl['ssl_key_password'] = cpass
cpassk = ('clients_clipasswords.{0}'.format(cname))
cpass = local_conf.get(cpassk, secure_password(32))
local_conf[cpassk] = cpass
cl['password'] = cpass
for k, val in data['client_common'].items():
# spray around the periodicity to spray the backup load
# all over the hour.
if k == 'cron_periodicity':
val = timers.get(cname, None)
# val = None
if not val:
per = hour[:]
for ix, item in enumerate(per[:]):
item = item + (
random.randint(0, 3) +
random.randint(0, 3) +
random.randint(0, 3) +
random.randint(0, 3) +
random.randint(0, 3) +
random.randint(0, 3)) # max 18 < 20m in
if item >= 60:
item = item - 60
per[ix] = item
val = '{0} * * * *'.format(','.join(
["{0}".format(t) for t in per]))
timers[cname] = val
cl.setdefault(k, val)
to_delete = [a for a in local_conf
if a.count('makina-states.local.burp.') >= 1]
for a in to_delete:
local_conf.pop(a, None)
salt['mc_macros.update_registry_params'](
'burp', local_conf, registry_format='pack')
return data
def _settings():
_s, _g = __salt__, __grains__
debmode = None
mc_pkgs = _s['mc_pkgs.settings']()
ppa = None
source = False
pkgs = ['burp']
fromrepo = None
if debmode == 'debsource':
pkgs = [
'librsync-dev', 'zlib1g-dev', 'libssl-dev', 'uthash-dev',
'rsync', 'build-essential', 'libncurses5-dev', 'libacl1-dev'
]
if _g['os'] in ['Ubuntu'] and _g['osrelease'] < '14.04':
ppa = ('deb'
' http://ppa.launchpad.net/bas-dikkenberg/'
'burp-stable/ubuntu'
' {udist} main').format(**mc_pkgs)
if _g['os'] in ['Debian']:
fromrepo = 'sid'
if _g['osrelease'][0] < '6':
source = True
local_conf = _s['mc_macros.get_local_registry']('burp',
registry_format='pack')
ca_pass = local_conf.get('ca_pass', secure_password(32))
server_pass = local_conf.get('server_pass', secure_password(32))
timers = local_conf.setdefault('timers_v2', OrderedDict())
local_conf['ca_pass'] = ca_pass
local_conf['server_pass'] = server_pass
data = _s['mc_utils.defaults'](
'makina-states.services.backup.burp',
{
'ppa': ppa,
'source': source,
'fromrepo': fromrepo,
'pkgs': pkgs,
'admins': 'root',
'cron_activated': True,
'cron_periodicity': '40 0,6,12,18 * * *',
'ver': '1.3.48',
'user': '******',
'group': 'root',
'ssl_cert_ca': '/etc/burp/ssl_cert_ca.pem',
'server_conf': {
'fqdn':
_g['id'],
'port':
'4971',
'status_port':
'7972',
'client_port':
'4971',
'client_status_port':
'7972',
'directory':
'/data/burp',
'clientconfdir':
'/etc/burp/clientconfdir',
'pidfile':
'/var/run/burp.server.pid',
'hardlinked_archive':
'1',
'working_dir_recovery_method':
'delete',
'max_children':
'5',
'max_status_children':
'5',
'umask':
'0022',
'syslog':
'1',
'stdout':
'0',
'client_can_delete':
'0',
'client_can_force_backup':
'0',
'client_can_list':
'1',
'client_can_restore':
'1',
'client_can_verify':
'1',
'version_warn':
'1',
'keep': [7, 4, 6],
# s (sec), m (min), h (hours), d (day), w (week), n (month)
# Allow backups to start in the evenings and nights
# during weekdays
# Allow more hours at the weekend.
'timer_script':
'/etc/burp/timer_script',
'timer_arg': [
'28h',
('Mon,Tue,Wed,Thu,Fri,'
'00,01,02,03,04,05,06,07,08,09,10,11,12,'
'13,14,15,16,17,18,19,20,21,22,23'),
('Sat,Sun,'
'00,01,02,03,04,05,06,07,08,09,10,11,12,'
'13,14,15,16,17,18,19,20,21,22,23')
],
'ca_conf':
'/etc/burp/CA.cnf',
'ca_name':
'burpCA',
'ca_server_name':
_g['id'],
'ca_burp_ca':
'/usr/sbin/burp_ca',
'ssl_cert':
'/etc/burp/ssl_cert-server.pem',
'ssl_key':
'/etc/burp/ssl_cert-server.key',
'ssl_key_password':
server_pass,
'ssl_dhfile':
'/etc/burp/dhfile.pem',
'notify_failure_script':
'/etc/burp/notify_script',
'notify_failure_arg': [
'sendmail -t', 'To: root',
'From: "burp {0}" <*****@*****.**>'.format(
_g['id']), 'Subject: %b failed: %c %w'
],
'server_script_pre':
None,
'server_script_pre_arg':
None,
'server_script_pre_notify':
'0',
'server_script_post':
None,
'server_script_post_arg':
None,
'server_script_post_run_on_fail':
'0',
'server_script_post_notify':
'0',
'restore_client':
None,
'restore_port':
'4973',
'restore_status_port':
'7974',
'restore_client_port':
'4973',
'restore_client_status_port':
'7974',
'restore_pidfile':
'/var/run/burp.restore.pid',
'restore_lockfile':
'/var/run/burp-server-restore.lock',
'lockfile':
'/var/run/burp-server.lock',
},
'client_common': {
'dedup_group': 'linux',
'mode': 'client',
'port': '4971',
'restore_port': '4973',
'restore_status_port': '4974',
'syslog': '0',
'pidfile': '/var/run/burp.client.pid',
'restore_pidfile': '/var/run/burp.clientrestore.pid',
'stdout': '1',
'progress_counter': '1',
'ratelimit': None,
'network_timeout': '7200',
'autoupgrade_dir': None,
'autoupgrade_os': None,
'server_can_restore': '1',
'cross_filesystem': [],
'cross_all_filesystems': '0',
'encryption_password': None,
'ca_burp_ca': None,
'ca_csr_dir': None,
'ssl_cert': '/etc/burp/ssl_cert-client.pem',
'ssl_key': '/etc/burp/ssl_cert-client.key',
'ssl_ciphers': None,
'backup_script_pre': None,
'backup_script_post': None,
'restore_script_pre': None,
'restore_script_post': None,
'include': ['/'],
'exclude': None,
'restore_lockfile': '/var/run/burp-client.restore.lock',
'lockfile': '/var/run/burp-client.lock',
'exclude_ext': ['pyc', 'pyo'],
'exclude_regex': None,
'exclude_fs': ['sysfs', 'tmpfs'],
'min_file_size': None,
'max_file_size': None,
'nobackup': '.nobackup',
'read_fifo': None,
'read_all_fifos': None,
'read_blockdev': None,
'read_all_blockdevs': '0',
'exclude_comp': None,
'cron_periodicity': ("* * * * *"),
'cron_cmd': (" {user} /etc/burp/cron.sh 1>/dev/null 2>&1")
},
'whitelist': [
# list of sources ip to allow connection
],
'clients': {
# mapping of clients confs (defined in pillar),
}
})
for k in ['user', 'group', 'ssl_cert_ca']:
data['server_conf'][k] = data['client_common'][k] = data[k]
data['client_common']['cron_cmd'].format(user=data['user'])
data['client_common'].setdefault('server', data['server_conf']['fqdn'])
data['client_common'].setdefault('ssl_peer_cn',
data['server_conf']['fqdn'])
data['clients'].setdefault(data['server_conf']['fqdn'], {})
tries_per_hour = 1
hour = [i * (60 / tries_per_hour) for i in range(tries_per_hour)]
removes = []
for cname in [a for a in data['clients']]:
cl = data['clients'][cname]
if not isinstance(cl, dict):
removes.append(cname)
continue
cl['cname'] = cname
ssh_port = cl.get('ssh_port', '')
if ssh_port:
ssh_port = '-p {0}'.format(ssh_port)
cl['rsh_cmd'] = 'ssh {1} {2} {4} {0} {3}'.format(
'-oStrictHostKeyChecking=no',
# Set hosts key database path to /dev/null, ie, non-existing
'-oUserKnownHostsFile=/dev/null',
# Don't re-use the SSH connection. Less failures.
'-oControlPath=none',
ssh_port,
'-oPreferredAuthentications=publickey')
cl['rsh_dst'] = '{1}@{0}'.format(cname,
cl.get('ssh_username', 'root'))
cl['ssh_cmd'] = cl['rsh_cmd'] + '{1}@{0}'.format(
cname, cl.get('ssh_username', 'root'))
if 'ssh_gateway' in cl:
ssh_gateway_key = ''
if 'ssh_gateway_key' in cl:
ssh_gateway_key = '-i {0}'.format(cl['ssh_gateway_key'])
ssh_gateway = cl['ssh_gateway']
ssh_gateway_port = ''
if ':' in ssh_gateway:
ssh_gateway, ssh_gateway_port = ssh_gateway.split(':')
if ssh_gateway_port:
ssh_gateway_port = '-p {0}'.format(ssh_gateway_port)
# Setup ProxyCommand
proxy_cmd = (
' -oProxyCommand="'
'ssh {0} {1} {2} {7} {3} {4}@{5} {6} '
'nc -q0 %h %p"').format(
'-oStrictHostKeyChecking=no',
# Set hosts key database path to /dev/null
'-oUserKnownHostsFile=/dev/null',
# Don't re-use the SSH connection. Less failures.
'-oControlPath=none',
ssh_gateway_key,
cl.get('ssh_gateway_user', 'root'),
ssh_gateway,
ssh_gateway_port,
'-oPreferredAuthentications=publickey')
cl['ssh_cmd'] += proxy_cmd
cl['rsh_cmd'] += proxy_cmd
cl.setdefault('activated', True)
cl.setdefault('restore_client', '')
restore_clients = [
a for a in cl['restore_client'].split(',') if a.strip()
]
if not data['server_conf']['fqdn'] in restore_clients:
restore_clients.append(data['server_conf']['fqdn'])
cl['restore_client'] = ','.join(restore_clients)
if cl['cname'] == data['server_conf']['fqdn']:
# backup host is only a client to query backups
# and restore
# we usually do not backup the backups locally
excreg = cl.setdefault('exclude_regex', [])
if data['server_conf']['directory'] not in excreg:
excreg.append('{0}.*'.format(
data['server_conf']['directory'].replace('/', '.*')))
cl.setdefault('activated', True)
cl['port'] = data['server_conf']['client_port']
cl['status_port'] = data['server_conf']['client_status_port']
if not cl['activated']:
cl['include'] = []
cl['cross_all_filesystems'] = []
cl['exclude_regex'] = ['.*']
cpassk = ('clients_passwords.{0}'.format(cname))
cpass = local_conf.get(cpassk, secure_password(32))
local_conf[cpassk] = cpass
cl['ssl_key_password'] = cpass
cpassk = ('clients_clipasswords.{0}'.format(cname))
cpass = local_conf.get(cpassk, secure_password(32))
local_conf[cpassk] = cpass
cl['password'] = cpass
for k, val in data['client_common'].items():
# spray around the periodicity to spray the backup load
# all over the hour.
if k == 'cron_periodicity':
# val = None
try:
val = timers.get(cname, None)
tries = val.split()[0].split(',')
if not len(tries) == tries_per_hour:
val = None
except Exception:
val = None
if not val:
per = hour[:]
for ix, item in enumerate(per[:]):
rand = random.randint(0, (60 / tries_per_hour)) - 1
if rand < 0:
rand = 0
item = item + rand
if item >= 60:
item = item - 60
if item not in per:
per[ix] = item
per = _s['mc_utils.uniquify'](per)
val = '{0} */6 * * *'.format(','.join(
["{0}".format(t) for t in per]))
timers[cname] = val
cl.setdefault(k, val)
to_delete = [
a for a in local_conf if a.count('makina-states.local.burp.') >= 1
]
for a in to_delete:
local_conf.pop(a, None)
for i in removes:
data['clients'].pop(i, None)
_s['mc_macros.update_registry_params']('burp',
local_conf,
registry_format='pack')
return data
def _settings():
grains = __grains__
pillar = __pillar__
locations = __salt__['mc_locations.settings']()
local_conf = __salt__['mc_macros.get_local_registry'](
'slapd', registry_format='pack')
cn_pass = local_conf.setdefault('cn_pass', secure_password(32))
dn_pass = local_conf.setdefault('dn_pass', secure_password(32))
cn_config_files = OrderedDict([
('/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb/'
'olcOverlay={0}memberof.ldif', {}),
('/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb/'
'olcOverlay={1}syncprov.ldif', {}),
('/etc/ldap/slapd.d/cn=config/'
'cn=schema.ldif', {}),
('/etc/ldap/slapd.d/cn=config/'
'olcDatabase={1}hdb.ldif', {}),
('/etc/ldap/slapd.d/cn=config/'
'olcDatabase={-1}frontend.ldif', {}),
('/etc/ldap/slapd.d/cn=config/'
'olcDatabase={0}config.ldif', {}),
('/etc/default/slapd', {
'mode': '750'
}),
('/etc/ldap/slapd.d/cn=config/'
'cn=module{0}.ldif', {}),
])
data = __salt__['mc_utils.defaults'](
'makina-states.services.dns.slapd',
{
'slapd_directory':
"/etc/ldap/slapd.d",
'extra_dirs': [
'/etc/ldap',
'/var/lib/ldap',
],
'fd_ver':
'1.0.9.1',
'mode':
'master',
'writer_groups': ['ldapwriters'],
'reader_groups': ['ldapreaders'],
'admin_groups_acls':
'',
'pkgs':
['ldap-utils', 'ca-certificates', 'slapd', 'python-ldap'],
'user':
'******',
'group':
'openldap',
'service_name':
'slapd',
'SLAPD_CONF':
'/etc/ldap/slapd.d',
'SLAPD_PIDFILE':
'',
'SLAPD_SERVICES':
'ldaps:/// ldap:/// ldapi:///',
'SLAPD_NO_START':
'',
'SLAPD_SENTINEL_FILE':
'/etc/ldap/noslapd',
'SLAPD_OPTIONS':
'',
'init_ldif':
'salt://makina-states/files/etc/ldap/init.ldif',
'config_dn':
'cn=config',
'config_cn':
'config',
'cn_config_files':
cn_config_files,
'config_rootdn':
'cn=admin,cn=config',
'config_pw':
cn_pass,
'econfig_pw':
'',
'group_ou':
'Group',
'dn':
'dc=sample,dc=com',
'verify_client':
'never',
'root_dn':
None,
'root_pw':
dn_pass,
'eroot_pw':
'',
'loglevel':
'sync',
'non_anonymous':
True,
'syncprov':
True,
'syncrepl':
OrderedDict([
('starttls', 'yes'),
('tls_reqcert', 'allow'),
('timeout', 3),
# ('attrs', '*,+'),
('scope', 'sub'),
('retry', '5 5 5 +'),
('sizelimit', 'unlimited'),
('type', 'refreshAndPersist'),
('interval', '00:00:04:00')
]),
'olcloglevel':
'sync',
'cert_domain':
grains['id'],
'acls': [],
'acls_schema':
default_acl_schema,
'master_uri':
'',
'default_schema':
True,
'schemas': [],
'fd_schema':
True
})
data['syncrepl'].setdefault('searchbase', data['dn'])
local_conf['cn_pass'] = data['config_pw']
local_conf['dn_pass'] = data['root_pw']
for k in ['eroot_pw', 'econfig_pw']:
if not data[k]:
data[k] = sha_pw(data[k[1:]])
if not data['root_dn']:
data['root_dn'] = 'cn=admin,{0}'.format(data['dn'])
cn_config_files = data['cn_config_files']
schemas = data['schemas']
cn_config_files = data['cn_config_files']
if data['default_schema']:
for i in [
'/etc/ldap/slapd.d/cn=config.ldif',
'/etc/ldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif',
'/etc/ldap/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif',
('/etc/ldap/slapd.d/cn=config/'
'cn=schema/cn={2}inetorgperson.ldif'),
'/etc/ldap/slapd.d/cn=config/cn=schema/cn={3}misc.ldif',
# ('/etc/ldap/slapd.d/cn=config/'
# 'cn=schema/cn={21}rfc2307bis.ldif'),
('/etc/ldap/slapd.d/cn=config/'
'cn=schema/cn={4}nis.ldif'),
# '/etc/ldap/slapd.d/cn=config/cn=schema/cn={19}mozilla.ldif',
# '/etc/ldap/slapd.d/cn=config/cn=schema/cn={20}extension.ldif',
]:
if ('cn=schema/cn=' in i) and data['fd_schema']:
continue
if i not in schemas:
schemas.append(i)
if i not in cn_config_files:
cn_config_files[i] = {}
for mode, key in OrderedDict([('writer', 'manage'), (
'reader',
'read',
)]).items():
for group in data['{0}_groups'.format(mode)]:
match = 'cn={0},'.format(group)
if match in data['admin_groups_acls']:
continue
data['admin_groups_acls'] += (
" by group.exact=\"cn={0},ou={data[group_ou]},{data[dn]}\" {1}"
).format(group, key, data=data)
if data['non_anonymous']:
for ix in range(len(data['acls_schema'])):
acl = data['acls_schema'][ix]
if 'by anonymous' in acl:
for i in ['read', 'write', 'none', 'auth']:
acl.replace('by anonymous {0}'.format(i),
'by anonymous none')
elif 'by *' in acl and 'anonymous' not in acl:
acl = acl.replace('by *', 'by anonymous auth by *')
data['acls_schema'][ix] = acl
if not data['acls']:
acls = []
for a in data['acls_schema'][:]:
acl = a.format(data=data)
acls.append(acl)
data['acls'] = acls
s_aclchema = ''
if data['acls']:
s_aclchema = encode_ldap('olcAccess', data['acls'])
data['s_aclchema'] = s_aclchema
# deployed now via file.recurse
#if data['fd_schema']:
# for i in [
# ('/etc/ldap/slapd.d/cn=config/'
# 'cn=schema/cn={22}samba.ldif'),
# ('/etc/ldap/slapd.d/cn=config/'
# 'cn=schema/cn={23}core-fd.ldif'),
# ('/etc/ldap/slapd.d/cn=config/'
# 'cn=schema/cn={24}core-fd-conf.ldif'),
# ('/etc/ldap/slapd.d/cn=config/'
# 'cn=schema/cn={25}sudo-fd-conf.ldif'),
# ('/etc/ldap/slapd.d/cn=config/'
# 'cn=schema/cn={26}sudo.ldif'),
# ('/etc/ldap/slapd.d/cn=config/'
# 'cn=schema/cn={27}service-fd.ldif'),
# ('/etc/ldap/slapd.d/cn=config/'
# 'cn=schema/cn={28}systems-fd-conf.ldif'),
# ('/etc/ldap/slapd.d/cn=config/'
# 'cn=schema/cn={29}systems-fd.ldif'),
# ('/etc/ldap/slapd.d/cn=config/'
# 'cn=schema/cn={30}recovery-fd.ldif'),
# ('/etc/ldap/slapd.d/cn=config/'
# 'cn=schema/cn={31}mail-fd-conf.ldif'),
# ('/etc/ldap/slapd.d/cn=config/'
# 'cn=schema/cn={32}mail-fd.ldif'),
# ('/etc/ldap/slapd.d/cn=config/'
# 'cn=schema/cn={33}gpg-fd.ldif'),
# ('/etc/ldap/slapd.d/cn=config/'
# 'cn=schema/cn={34}ldapns.ldif'),
# ('/etc/ldap/slapd.d/cn=config/'
# 'cn=schema/cn={35}openssh-lpk.ldif'),
# ('/etc/ldap/slapd.d/cn=config/'
# 'cn=schema/cn={36}pgp-keyserver.ldif'),
# ('/etc/ldap/slapd.d/cn=config/'
# 'cn=schema/cn={37}pgp-recon.ldif'),
# ('/etc/ldap/slapd.d/cn=config/'
# 'cn=schema/cn={38}pgp-remte-prefs.ldif'),
# ]:
# if i not in schemas:
# schemas.append(i)
# if i not in cn_config_files:
# cn_config_files[i] = {}
srepl = ''
keys = [a for a in data['syncrepl']]
keys.sort(key=order_syncrepl)
if data['syncrepl'].get('provider', ''):
for k in keys:
val = data['syncrepl'][k]
srepl += ' {0}={1}'.format(k, sync_ldap_quote(k, val))
srepl = srepl.strip()
data['c_syncrepl'] = srepl
data['s_syncrepl'] = encode_ldap("olcSyncrepl", srepl)
__salt__['mc_macros.update_registry_params']('slapd',
local_conf,
registry_format='pack')
for cfg in data['cn_config_files']:
cdata = data['cn_config_files'][cfg]
cdata.setdefault(
'source', "salt://makina-states/files{0}".format(
cfg.replace(
'slapd.d/cn=config/cn=schema/',
'slapd.d/cn=config/cn=schema/{0}/'.format(
data['fd_ver']))))
return data
def salt_pw(pw):
salt = secure_password(8)
h = hashlib.sha1(pw)
h.update(salt)
return encode("{SSHA}" + encode(h.digest() + salt))
def generate_password(length=None):
return secure_password(length)
def create(vm_):
'''
Create a single VM from a data dict
'''
deploy = config.get_cloud_config_value('deploy', vm_, __opts__)
key_filename = config.get_cloud_config_value(
'ssh_key_file', vm_, __opts__, search_global=False, default=None
)
if key_filename is not None and not os.path.isfile(key_filename):
raise SaltCloudConfigError(
'The defined ssh_key_file {0!r} does not exist'.format(
key_filename
)
)
if deploy is True and key_filename is None and \
salt.utils.which('sshpass') is None:
raise SaltCloudSystemExit(
'Cannot deploy salt in a VM if the \'ssh_key_file\' setting '
'is not set and \'sshpass\' binary is not present on the '
'system for the password.'
)
vm_['key_filename'] = key_filename
salt.utils.cloud.fire_event(
'event',
'starting create',
'salt/cloud/{0}/creating'.format(vm_['name']),
{
'name': vm_['name'],
'profile': vm_['profile'],
'provider': vm_['provider'],
},
transport=__opts__['transport']
)
conn = get_conn()
if 'instance_id' in vm_:
# This was probably created via another process, and doesn't have
# things like salt keys created yet, so let's create them now.
if 'pub_key' not in vm_ and 'priv_key' not in vm_:
log.debug('Generating minion keys for {0[name]!r}'.format(vm_))
vm_['priv_key'], vm_['pub_key'] = salt.utils.cloud.gen_keys(
salt.config.get_cloud_config_value(
'keysize',
vm_,
__opts__
)
)
data = conn.server_show_libcloud(vm_['instance_id'])
if vm_['key_filename'] is None and 'change_password' in __opts__ and __opts__['change_password'] is True:
vm_['password'] = sup.secure_password()
conn.root_password(vm_['instance_id'], vm_['password'])
else:
# Put together all of the information required to request the instance,
# and then fire off the request for it
data, vm_ = request_instance(vm_)
# Pull the instance ID, valid for both spot and normal instances
vm_['instance_id'] = data.id
def __query_node_data(vm_, data):
try:
node = show_instance(vm_['name'], 'action')
log.debug(
'Loaded node data for {0}:\n{1}'.format(
vm_['name'],
pprint.pformat(node)
)
)
except Exception as err:
log.error(
'Failed to get nodes list: {0}'.format(
err
),
# Show the traceback if the debug logging level is enabled
exc_info_on_loglevel=logging.DEBUG
)
# Trigger a failure in the wait for IP function
return False
running = node['state'] == 'ACTIVE'
if not running:
# Still not running, trigger another iteration
return
if rackconnect(vm_) is True:
extra = node.get('extra', {})
rc_status = extra.get('metadata', {}).get(
'rackconnect_automation_status', '')
access_ip = extra.get('access_ip', '')
if rc_status != 'DEPLOYED':
log.debug('Waiting for Rackconnect automation to complete')
return
if managedcloud(vm_) is True:
extra = conn.server_show_libcloud(
node['id']
).extra
mc_status = extra.get('metadata', {}).get(
'rax_service_level_automation', '')
if mc_status != 'Complete':
log.debug('Waiting for managed cloud automation to complete')
return
result = []
if 'private_ips' not in node and 'public_ips' not in node and \
'access_ip' in node.get('extra', {}):
result = [node['extra']['access_ip']]
private = node.get('private_ips', [])
public = node.get('public_ips', [])
if private and not public:
log.warn(
'Private IPs returned, but not public... Checking for '
'misidentified IPs'
)
for private_ip in private:
private_ip = preferred_ip(vm_, [private_ip])
if salt.utils.cloud.is_public_ip(private_ip):
log.warn('{0} is a public IP'.format(private_ip))
data.public_ips.append(private_ip)
log.warn(
(
'Public IP address was not ready when we last'
' checked. Appending public IP address now.'
)
)
public = data.public_ips
else:
log.warn('{0} is a private IP'.format(private_ip))
ignore_ip = ignore_cidr(vm_, private_ip)
if private_ip not in data.private_ips and not ignore_ip:
result.append(private_ip)
if rackconnect(vm_) is True:
if ssh_interface(vm_) != 'private_ips':
data.public_ips = access_ip
return data
if result:
log.debug('result = {0}'.format(result))
data.private_ips = result
if ssh_interface(vm_) == 'private_ips':
return data
if public:
data.public_ips = public
if ssh_interface(vm_) != 'private_ips':
return data
try:
data = salt.utils.cloud.wait_for_ip(
__query_node_data,
update_args=(vm_, data),
timeout=config.get_cloud_config_value(
'wait_for_ip_timeout', vm_, __opts__, default=10 * 60),
interval=config.get_cloud_config_value(
'wait_for_ip_interval', vm_, __opts__, default=10),
)
except (SaltCloudExecutionTimeout, SaltCloudExecutionFailure) as exc:
try:
# It might be already up, let's destroy it!
destroy(vm_['name'])
except SaltCloudSystemExit:
pass
finally:
raise SaltCloudSystemExit(exc.message)
log.debug('VM is now running')
if ssh_interface(vm_) == 'private_ips':
ip_address = preferred_ip(vm_, data.private_ips)
elif rackconnect(vm_) is True and ssh_interface(vm_) != 'private_ips':
ip_address = data.public_ips
else:
ip_address = preferred_ip(vm_, data.public_ips)
log.debug('Using IP address {0}'.format(ip_address))
if not ip_address:
raise SaltCloudSystemExit('A valid IP address was not found')
vm_['ssh_host'] = ip_address
ret = salt.utils.cloud.bootstrap(vm_, __opts__)
ret.update(data.__dict__)
if 'password' in ret['extra']:
del ret['extra']['password']
log.info('Created Cloud VM {0[name]!r}'.format(vm_))
log.debug(
'{0[name]!r} VM creation details:\n{1}'.format(
vm_, pprint.pformat(data)
)
)
salt.utils.cloud.fire_event(
'event',
'created instance',
'salt/cloud/{0}/created'.format(vm_['name']),
{
'name': vm_['name'],
'profile': vm_['profile'],
'provider': vm_['provider'],
},
transport=__opts__['transport']
)
return ret
def create(vm_):
"""
Create a single VM from a data dict
"""
deploy = config.get_cloud_config_value("deploy", vm_, __opts__)
key_filename = config.get_cloud_config_value("ssh_key_file", vm_, __opts__, search_global=False, default=None)
if key_filename is not None and not os.path.isfile(key_filename):
raise SaltCloudConfigError("The defined ssh_key_file {0!r} does not exist".format(key_filename))
vm_["key_filename"] = key_filename
salt.utils.cloud.fire_event(
"event",
"starting create",
"salt/cloud/{0}/creating".format(vm_["name"]),
{"name": vm_["name"], "profile": vm_["profile"], "provider": vm_["provider"]},
transport=__opts__["transport"],
)
conn = get_conn()
if "instance_id" in vm_:
# This was probably created via another process, and doesn't have
# things like salt keys created yet, so let's create them now.
if "pub_key" not in vm_ and "priv_key" not in vm_:
log.debug("Generating minion keys for {0[name]!r}".format(vm_))
vm_["priv_key"], vm_["pub_key"] = salt.utils.cloud.gen_keys(
salt.config.get_cloud_config_value("keysize", vm_, __opts__)
)
data = conn.server_show_libcloud(vm_["instance_id"])
if vm_["key_filename"] is None and "change_password" in __opts__ and __opts__["change_password"] is True:
vm_["password"] = sup.secure_password()
conn.root_password(vm_["instance_id"], vm_["password"])
else:
# Put together all of the information required to request the instance,
# and then fire off the request for it
data, vm_ = request_instance(vm_)
# Pull the instance ID, valid for both spot and normal instances
vm_["instance_id"] = data.id
def __query_node_data(vm_, data):
try:
node = show_instance(vm_["name"], "action")
log.debug("Loaded node data for {0}:\n{1}".format(vm_["name"], pprint.pformat(node)))
except Exception as err:
log.error(
"Failed to get nodes list: {0}".format(err),
# Show the traceback if the debug logging level is enabled
exc_info_on_loglevel=logging.DEBUG,
)
# Trigger a failure in the wait for IP function
return False
running = node["state"] == "ACTIVE"
if not running:
# Still not running, trigger another iteration
return
if rackconnect(vm_) is True:
extra = node.get("extra", {})
rc_status = extra.get("metadata", {}).get("rackconnect_automation_status", "")
access_ip = extra.get("access_ip", "")
if rc_status != "DEPLOYED":
log.debug("Waiting for Rackconnect automation to complete")
return
if managedcloud(vm_) is True:
extra = conn.server_show_libcloud(node["id"]).extra
mc_status = extra.get("metadata", {}).get("rax_service_level_automation", "")
if mc_status != "Complete":
log.debug("Waiting for managed cloud automation to complete")
return
result = []
if "private_ips" not in node and "public_ips" not in node and "access_ip" in node.get("extra", {}):
result = [node["extra"]["access_ip"]]
private = node.get("private_ips", [])
public = node.get("public_ips", [])
if private and not public:
log.warn("Private IPs returned, but not public... Checking for " "misidentified IPs")
for private_ip in private:
private_ip = preferred_ip(vm_, [private_ip])
if salt.utils.cloud.is_public_ip(private_ip):
log.warn("{0} is a public IP".format(private_ip))
data.public_ips.append(private_ip)
log.warn(
("Public IP address was not ready when we last" " checked. Appending public IP address now.")
)
public = data.public_ips
else:
log.warn("{0} is a private IP".format(private_ip))
ignore_ip = ignore_cidr(vm_, private_ip)
if private_ip not in data.private_ips and not ignore_ip:
result.append(private_ip)
if rackconnect(vm_) is True:
if ssh_interface(vm_) != "private_ips":
data.public_ips = access_ip
return data
if result:
log.debug("result = {0}".format(result))
data.private_ips = result
if ssh_interface(vm_) == "private_ips":
return data
if public:
data.public_ips = public
if ssh_interface(vm_) != "private_ips":
return data
try:
data = salt.utils.cloud.wait_for_ip(
__query_node_data,
update_args=(vm_, data),
timeout=config.get_cloud_config_value("wait_for_ip_timeout", vm_, __opts__, default=10 * 60),
interval=config.get_cloud_config_value("wait_for_ip_interval", vm_, __opts__, default=10),
)
except (SaltCloudExecutionTimeout, SaltCloudExecutionFailure) as exc:
try:
# It might be already up, let's destroy it!
destroy(vm_["name"])
except SaltCloudSystemExit:
pass
finally:
raise SaltCloudSystemExit(str(exc))
log.debug("VM is now running")
if ssh_interface(vm_) == "private_ips":
ip_address = preferred_ip(vm_, data.private_ips)
elif rackconnect(vm_) is True and ssh_interface(vm_) != "private_ips":
ip_address = data.public_ips
else:
ip_address = preferred_ip(vm_, data.public_ips)
log.debug("Using IP address {0}".format(ip_address))
if not ip_address:
raise SaltCloudSystemExit("A valid IP address was not found")
vm_["ssh_host"] = ip_address
ret = salt.utils.cloud.bootstrap(vm_, __opts__)
ret.update(data.__dict__)
if "password" in ret["extra"]:
del ret["extra"]["password"]
log.info("Created Cloud VM {0[name]!r}".format(vm_))
log.debug("{0[name]!r} VM creation details:\n{1}".format(vm_, pprint.pformat(data)))
salt.utils.cloud.fire_event(
"event",
"created instance",
"salt/cloud/{0}/created".format(vm_["name"]),
{"name": vm_["name"], "profile": vm_["profile"], "provider": vm_["provider"]},
transport=__opts__["transport"],
)
return ret
def create(vm_):
'''
Create a single VM from a data dict
'''
deploy = config.get_cloud_config_value('deploy', vm_, __opts__)
key_filename = config.get_cloud_config_value('ssh_key_file',
vm_,
__opts__,
search_global=False,
default=None)
if key_filename is not None and not os.path.isfile(key_filename):
raise SaltCloudConfigError(
'The defined ssh_key_file {0!r} does not exist'.format(
key_filename))
if deploy is True and key_filename is None and \
salt.utils.which('sshpass') is None:
raise SaltCloudSystemExit(
'Cannot deploy salt in a VM if the \'ssh_key_file\' setting '
'is not set and \'sshpass\' binary is not present on the '
'system for the password.')
vm_['key_filename'] = key_filename
salt.utils.cloud.fire_event('event',
'starting create',
'salt/cloud/{0}/creating'.format(vm_['name']),
{
'name': vm_['name'],
'profile': vm_['profile'],
'provider': vm_['provider'],
},
transport=__opts__['transport'])
conn = get_conn()
if 'instance_id' in vm_:
# This was probably created via another process, and doesn't have
# things like salt keys created yet, so let's create them now.
if 'pub_key' not in vm_ and 'priv_key' not in vm_:
log.debug('Generating minion keys for {0[name]!r}'.format(vm_))
vm_['priv_key'], vm_['pub_key'] = salt.utils.cloud.gen_keys(
salt.config.get_cloud_config_value('keysize', vm_, __opts__))
data = conn.server_show_libcloud(vm_['instance_id'])
if vm_['key_filename'] is None and 'change_password' in __opts__ and __opts__[
'change_password'] is True:
vm_['password'] = sup.secure_password()
conn.root_password(vm_['instance_id'], vm_['password'])
else:
# Put together all of the information required to request the instance,
# and then fire off the request for it
data, vm_ = request_instance(vm_)
# Pull the instance ID, valid for both spot and normal instances
vm_['instance_id'] = data.id
def __query_node_data(vm_, data):
try:
node = show_instance(vm_['name'], 'action')
log.debug('Loaded node data for {0}:\n{1}'.format(
vm_['name'], pprint.pformat(node)))
except Exception as err:
log.error(
'Failed to get nodes list: {0}'.format(err),
# Show the traceback if the debug logging level is enabled
exc_info_on_loglevel=logging.DEBUG)
# Trigger a failure in the wait for IP function
return False
running = node['state'] == 'ACTIVE'
if not running:
# Still not running, trigger another iteration
return
if rackconnect(vm_) is True:
extra = node.get('extra', {})
rc_status = extra.get('metadata',
{}).get('rackconnect_automation_status', '')
access_ip = extra.get('access_ip', '')
if rc_status != 'DEPLOYED':
log.debug('Waiting for Rackconnect automation to complete')
return
if managedcloud(vm_) is True:
extra = conn.server_show_libcloud(node['id']).extra
mc_status = extra.get('metadata',
{}).get('rax_service_level_automation', '')
if mc_status != 'Complete':
log.debug('Waiting for managed cloud automation to complete')
return
result = []
if 'private_ips' not in node and 'public_ips' not in node and \
'access_ip' in node.get('extra', {}):
result = [node['extra']['access_ip']]
private = node.get('private_ips', [])
public = node.get('public_ips', [])
if private and not public:
log.warn('Private IPs returned, but not public... Checking for '
'misidentified IPs')
for private_ip in private:
private_ip = preferred_ip(vm_, [private_ip])
if salt.utils.cloud.is_public_ip(private_ip):
log.warn('{0} is a public IP'.format(private_ip))
data.public_ips.append(private_ip)
log.warn(('Public IP address was not ready when we last'
' checked. Appending public IP address now.'))
public = data.public_ips
else:
log.warn('{0} is a private IP'.format(private_ip))
ignore_ip = ignore_cidr(vm_, private_ip)
if private_ip not in data.private_ips and not ignore_ip:
result.append(private_ip)
if rackconnect(vm_) is True:
if ssh_interface(vm_) != 'private_ips':
data.public_ips = access_ip
return data
if result:
log.debug('result = {0}'.format(result))
data.private_ips = result
if ssh_interface(vm_) == 'private_ips':
return data
if public:
data.public_ips = public
if ssh_interface(vm_) != 'private_ips':
return data
try:
data = salt.utils.cloud.wait_for_ip(
__query_node_data,
update_args=(vm_, data),
timeout=config.get_cloud_config_value('wait_for_ip_timeout',
vm_,
__opts__,
default=10 * 60),
interval=config.get_cloud_config_value('wait_for_ip_interval',
vm_,
__opts__,
default=10),
)
except (SaltCloudExecutionTimeout, SaltCloudExecutionFailure) as exc:
try:
# It might be already up, let's destroy it!
destroy(vm_['name'])
except SaltCloudSystemExit:
pass
finally:
raise SaltCloudSystemExit(exc.message)
log.debug('VM is now running')
if ssh_interface(vm_) == 'private_ips':
ip_address = preferred_ip(vm_, data.private_ips)
elif rackconnect(vm_) is True and ssh_interface(vm_) != 'private_ips':
ip_address = data.public_ips
else:
ip_address = preferred_ip(vm_, data.public_ips)
log.debug('Using IP address {0}'.format(ip_address))
if get_salt_interface(vm_) == 'private_ips':
salt_ip_address = preferred_ip(vm_, data.private_ips)
log.info('Salt interface set to: {0}'.format(salt_ip_address))
elif rackconnect(vm_) is True and get_salt_interface(vm_) != 'private_ips':
salt_ip_address = data.public_ips
else:
salt_ip_address = preferred_ip(vm_, data.public_ips)
log.debug('Salt interface set to: {0}'.format(salt_ip_address))
if not ip_address:
raise SaltCloudSystemExit('A valid IP address was not found')
vm_['ssh_host'] = ip_address
vm_['salt_host'] = salt_ip_address
ret = salt.utils.cloud.bootstrap(vm_, __opts__)
ret.update(data.__dict__)
if 'password' in ret['extra']:
del ret['extra']['password']
log.info('Created Cloud VM {0[name]!r}'.format(vm_))
log.debug('{0[name]!r} VM creation details:\n{1}'.format(
vm_, pprint.pformat(data)))
salt.utils.cloud.fire_event('event',
'created instance',
'salt/cloud/{0}/created'.format(vm_['name']), {
'name': vm_['name'],
'profile': vm_['profile'],
'provider': vm_['provider'],
},
transport=__opts__['transport'])
return ret
def create(vm_):
'''
Create a single VM from a data dict
'''
try:
# Check for required profile parameters before sending any API calls.
if vm_['profile'] and config.is_profile_configured(
__opts__,
__active_provider_name__ or 'nova',
vm_['profile'],
vm_=vm_) is False:
return False
except AttributeError:
pass
deploy = config.get_cloud_config_value('deploy', vm_, __opts__)
key_filename = config.get_cloud_config_value('ssh_key_file',
vm_,
__opts__,
search_global=False,
default=None)
if key_filename is not None and not os.path.isfile(key_filename):
raise SaltCloudConfigError(
'The defined ssh_key_file \'{0}\' does not exist'.format(
key_filename))
vm_['key_filename'] = key_filename
__utils__['cloud.fire_event'](
'event',
'starting create',
'salt/cloud/{0}/creating'.format(vm_['name']),
args=__utils__['cloud.filter_event'](
'creating', vm_, ['name', 'profile', 'provider', 'driver']),
sock_dir=__opts__['sock_dir'],
transport=__opts__['transport'])
conn = get_conn()
if 'instance_id' in vm_:
# This was probably created via another process, and doesn't have
# things like salt keys created yet, so let's create them now.
if 'pub_key' not in vm_ and 'priv_key' not in vm_:
log.debug('Generating minion keys for \'{0[name]}\''.format(vm_))
vm_['priv_key'], vm_['pub_key'] = salt.utils.cloud.gen_keys(
salt.config.get_cloud_config_value('keysize', vm_, __opts__))
data = conn.server_show_libcloud(vm_['instance_id'])
if vm_['key_filename'] is None and 'change_password' in __opts__ and __opts__[
'change_password'] is True:
vm_['password'] = sup.secure_password()
conn.root_password(vm_['instance_id'], vm_['password'])
else:
# Put together all of the information required to request the instance,
# and then fire off the request for it
data, vm_ = request_instance(vm_)
# Pull the instance ID, valid for both spot and normal instances
vm_['instance_id'] = data.id
def __query_node_data(vm_, data):
try:
node = show_instance(vm_['name'], 'action')
log.debug('Loaded node data for {0}:\n{1}'.format(
vm_['name'], pprint.pformat(node)))
except Exception as err:
log.error(
'Failed to get nodes list: {0}'.format(err),
# Show the traceback if the debug logging level is enabled
exc_info_on_loglevel=logging.DEBUG)
# Trigger a failure in the wait for IP function
return False
running = node['state'] == 'ACTIVE'
if not running:
# Still not running, trigger another iteration
return
if rackconnect(vm_) is True:
extra = node.get('extra', {})
rc_status = extra.get('metadata',
{}).get('rackconnect_automation_status', '')
if rc_status != 'DEPLOYED':
log.debug('Waiting for Rackconnect automation to complete')
return
if managedcloud(vm_) is True:
extra = conn.server_show_libcloud(node['id']).extra
mc_status = extra.get('metadata',
{}).get('rax_service_level_automation', '')
if mc_status != 'Complete':
log.debug('Waiting for managed cloud automation to complete')
return
access_ip = node.get('extra', {}).get('access_ip', '')
rcv3 = rackconnectv3(vm_) in node['addresses']
sshif = ssh_interface(vm_) in node['addresses']
if any((rcv3, sshif)):
networkname = rackconnectv3(vm_) if rcv3 else ssh_interface(vm_)
for network in node['addresses'].get(networkname, []):
if network['version'] is 4:
access_ip = network['addr']
break
vm_['cloudnetwork'] = True
# Conditions to pass this
#
# Rackconnect v2: vm_['rackconnect'] = True
# If this is True, then the server will not be accessible from the ipv4 addres in public_ips.
# That interface gets turned off, and an ipv4 from the dedicated firewall is routed to the
# server. In this case we can use the private_ips for ssh_interface, or the access_ip.
#
# Rackconnect v3: vm['rackconnectv3'] = <cloudnetwork>
# If this is the case, salt will need to use the cloud network to login to the server. There
# is no ipv4 address automatically provisioned for these servers when they are booted. SaltCloud
# also cannot use the private_ips, because that traffic is dropped at the hypervisor.
#
# CloudNetwork: vm['cloudnetwork'] = True
# If this is True, then we should have an access_ip at this point set to the ip on the cloud
# network. If that network does not exist in the 'addresses' dictionary, then SaltCloud will
# use the initial access_ip, and not overwrite anything.
if any((cloudnetwork(vm_),
rackconnect(vm_))) and (ssh_interface(vm_) != 'private_ips'
or rcv3) and access_ip != '':
data.public_ips = [
access_ip,
]
return data
result = []
if 'private_ips' not in node and 'public_ips' not in node and \
'floating_ips' not in node and 'fixed_ips' not in node and \
'access_ip' in node.get('extra', {}):
result = [node['extra']['access_ip']]
private = node.get('private_ips', [])
public = node.get('public_ips', [])
fixed = node.get('fixed_ips', [])
floating = node.get('floating_ips', [])
if private and not public:
log.warning('Private IPs returned, but not public... Checking for '
'misidentified IPs')
for private_ip in private:
private_ip = preferred_ip(vm_, [private_ip])
if private_ip is False:
continue
if salt.utils.cloud.is_public_ip(private_ip):
log.warning('{0} is a public IP'.format(private_ip))
data.public_ips.append(private_ip)
log.warning(
('Public IP address was not ready when we last'
' checked. Appending public IP address now.'))
public = data.public_ips
else:
log.warning('{0} is a private IP'.format(private_ip))
ignore_ip = ignore_cidr(vm_, private_ip)
if private_ip not in data.private_ips and not ignore_ip:
result.append(private_ip)
# populate return data with private_ips
# when ssh_interface is set to private_ips and public_ips exist
if not result and ssh_interface(vm_) == 'private_ips':
for private_ip in private:
ignore_ip = ignore_cidr(vm_, private_ip)
if private_ip not in data.private_ips and not ignore_ip:
result.append(private_ip)
non_private_ips = []
if public:
data.public_ips = public
if ssh_interface(vm_) == 'public_ips':
non_private_ips.append(public)
if floating:
data.floating_ips = floating
if ssh_interface(vm_) == 'floating_ips':
non_private_ips.append(floating)
if fixed:
data.fixed_ips = fixed
if ssh_interface(vm_) == 'fixed_ips':
non_private_ips.append(fixed)
if non_private_ips:
log.debug('result = {0}'.format(non_private_ips))
data.private_ips = result
if ssh_interface(vm_) != 'private_ips':
return data
if result:
log.debug('result = {0}'.format(result))
data.private_ips = result
if ssh_interface(vm_) == 'private_ips':
return data
try:
data = salt.utils.cloud.wait_for_ip(
__query_node_data,
update_args=(vm_, data),
timeout=config.get_cloud_config_value('wait_for_ip_timeout',
vm_,
__opts__,
default=10 * 60),
interval=config.get_cloud_config_value('wait_for_ip_interval',
vm_,
__opts__,
default=10),
)
except (SaltCloudExecutionTimeout, SaltCloudExecutionFailure) as exc:
try:
# It might be already up, let's destroy it!
destroy(vm_['name'])
except SaltCloudSystemExit:
pass
finally:
raise SaltCloudSystemExit(str(exc))
log.debug('VM is now running')
if ssh_interface(vm_) == 'private_ips':
ip_address = preferred_ip(vm_, data.private_ips)
elif ssh_interface(vm_) == 'fixed_ips':
ip_address = preferred_ip(vm_, data.fixed_ips)
elif ssh_interface(vm_) == 'floating_ips':
ip_address = preferred_ip(vm_, data.floating_ips)
else:
ip_address = preferred_ip(vm_, data.public_ips)
log.debug('Using IP address {0}'.format(ip_address))
if salt.utils.cloud.get_salt_interface(vm_, __opts__) == 'private_ips':
salt_ip_address = preferred_ip(vm_, data.private_ips)
log.info('Salt interface set to: {0}'.format(salt_ip_address))
elif salt.utils.cloud.get_salt_interface(vm_, __opts__) == 'fixed_ips':
salt_ip_address = preferred_ip(vm_, data.fixed_ips)
log.info('Salt interface set to: {0}'.format(salt_ip_address))
elif salt.utils.cloud.get_salt_interface(vm_, __opts__) == 'floating_ips':
salt_ip_address = preferred_ip(vm_, data.floating_ips)
log.info('Salt interface set to: {0}'.format(salt_ip_address))
else:
salt_ip_address = preferred_ip(vm_, data.public_ips)
log.debug('Salt interface set to: {0}'.format(salt_ip_address))
if not ip_address:
raise SaltCloudSystemExit('A valid IP address was not found')
vm_['ssh_host'] = ip_address
vm_['salt_host'] = salt_ip_address
ret = __utils__['cloud.bootstrap'](vm_, __opts__)
ret.update(data.__dict__)
if 'password' in ret['extra']:
del ret['extra']['password']
log.info('Created Cloud VM \'{0[name]}\''.format(vm_))
log.debug('\'{0[name]}\' VM creation details:\n{1}'.format(
vm_, pprint.pformat(data.__dict__)))
event_data = {
'name': vm_['name'],
'profile': vm_['profile'],
'provider': vm_['driver'],
'instance_id': vm_['instance_id'],
'floating_ips': data.floating_ips,
'fixed_ips': data.fixed_ips,
'private_ips': data.private_ips,
'public_ips': data.public_ips
}
__utils__['cloud.fire_event'](
'event',
'created instance',
'salt/cloud/{0}/created'.format(vm_['name']),
args=__utils__['cloud.filter_event']('created', event_data,
event_data.keys()),
sock_dir=__opts__['sock_dir'],
transport=__opts__['transport'])
__utils__['cloud.cachedir_index_add'](vm_['name'], vm_['profile'], 'nova',
vm_['driver'])
return ret
def _settings():
grains = __grains__
pillar = __pillar__
locations = __salt__['mc_locations.settings']()
local_conf = __salt__['mc_macros.get_local_registry'](
'slapd', registry_format='pack')
cn_pass = local_conf.setdefault('cn_pass', secure_password(32))
dn_pass = local_conf.setdefault('dn_pass', secure_password(32))
cn_config_files = [
('/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb/'
'olcOverlay={0}memberof.ldif'),
('/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb/'
'olcOverlay={1}syncprov.ldif'),
'/etc/ldap/slapd.d/cn=config/cn=schema.ldif',
'/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif',
#'/etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif',
'/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif',
'/etc/ldap/slapd.d/cn=config/cn=module{0}.ldif',
]
slapdData = __salt__['mc_utils.defaults'](
'makina-states.services.dns.slapd', {
'slapd_directory': "/etc/ldap/slapd.d",
'extra_dirs': [
'/etc/ldap',
'/var/lib/ldap',
],
'cn_config_files': [],
'mode': 'master',
'pkgs': ['ldap-utils', 'ca-certificates',
'slapd', 'python-ldap'],
'user': '******',
'group': 'openldap',
'service_name': 'slapd',
'SLAPD_CONF': '/etc/ldap/slapd.d',
'SLAPD_PIDFILE': '',
'SLAPD_SERVICES': 'ldaps:/// ldap:/// ldapi:///',
'SLAPD_NO_START': "",
'SLAPD_SENTINEL_FILE': '/etc/ldap/noslapd',
'SLAPD_OPTIONS': '',
'init_ldif': 'salt://makina-states/files/etc/ldap/init.ldif',
'config_dn': 'cn=config',
'config_cn': 'config',
'cn_config_files': cn_config_files,
'config_rootdn': 'cn=admin,cn=config',
'config_pw': cn_pass,
'econfig_pw': '',
'dn': 'dc=sample,dc=com',
'verify_client': 'never',
'root_dn': None,
'root_pw': dn_pass,
'eroot_pw': '',
'loglevel': 'sync',
'syncprov': True,
'syncrepl': None,
'olcloglevel': "sync",
'tls_cacert': '',
'tls_cert': '',
'tls_key': '',
'acls': [],
'acls_schema': default_acl_schema,
'master_uri': '',
'cert_domain': grains['id'],
'default_schema': True,
'fd_schema': True,
})
local_conf['cn_pass'] = slapdData['config_pw']
local_conf['dn_pass'] = slapdData['root_pw']
for k in ['eroot_pw', 'econfig_pw']:
if not slapdData[k]:
slapdData[k] = sha_pw(slapdData[k[1:]])
if not slapdData['root_dn']:
slapdData['root_dn'] = 'cn=admin,{0}'.format(slapdData['dn'])
cn_config_files = slapdData['cn_config_files']
if not slapdData['tls_cert']:
info = __salt__['mc_ssl.ca_ssl_certs'](slapdData['cert_domain'])[0]
slapdData['tls_cacert'] = info[0]
slapdData['tls_cert'] = info[1]
slapdData['tls_key'] = info[2]
cn_config_files = slapdData['cn_config_files']
if slapdData['default_schema']:
for i in [
'/etc/ldap/slapd.d/cn=config.ldif',
'/etc/ldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif',
'/etc/ldap/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif',
('/etc/ldap/slapd.d/cn=config/'
'cn=schema/cn={2}inetorgperson.ldif'),
'/etc/ldap/slapd.d/cn=config/cn=schema/cn={3}misc.ldif',
'/etc/ldap/slapd.d/cn=config/cn=schema/cn={4}rfc2307bis.ldif',
'/etc/ldap/slapd.d/cn=config/cn=schema/cn={8}samba.ldif',
'/etc/ldap/slapd.d/cn=config/cn=schema/cn={11}ldapns.ldif',
'/etc/ldap/slapd.d/cn=config/cn=schema/cn={19}mozilla.ldif',
'/etc/ldap/slapd.d/cn=config/cn=schema/cn={15}sudo.ldif',
('/etc/ldap/slapd.d/cn=config/'
'cn=schema/cn={17}openssh-lpk.ldif'),
'/etc/ldap/slapd.d/cn=config/cn=schema/cn={20}extension.ldif',
]:
if i not in cn_config_files:
cn_config_files.append(i)
if not slapdData['acls']:
acls = [a.format(data=slapdData)
for a in slapdData['acls_schema'][:]]
slapdData['acls'] = acls
if slapdData['fd_schema']:
for i in [
'/etc/ldap/slapd.d/cn=config/cn=schema/cn={5}service-fd.ldif',
('/etc/ldap/slapd.d/cn=config/'
'cn=schema/cn={6}systems-fd-conf.ldif'),
'/etc/ldap/slapd.d/cn=config/cn=schema/cn={7}systems-fd.ldif',
'/etc/ldap/slapd.d/cn=config/cn=schema/cn={9}core-fd.ldif',
('/etc/ldap/slapd.d/cn=config/cn=schema/'
'cn={10}core-fd-conf.ldif'),
('/etc/ldap/slapd.d/cn=config/cn=schema/'
'cn={12}recovery-fd.ldif'),
'/etc/ldap/slapd.d/cn=config/cn=schema/cn={13}mail-fd.ldif',
('/etc/ldap/slapd.d/cn=config/cn=schema/'
'cn={14}mail-fd-conf.ldif'),
('/etc/ldap/slapd.d/cn=config/cn=schema/'
'cn={16}sudo-fd-conf.ldif'),
'/etc/ldap/slapd.d/cn=config/cn=schema/cn={18}gpg-fd.ldif',
]:
if i not in cn_config_files:
cn_config_files.append(i)
__salt__['mc_macros.update_registry_params'](
'slapd', local_conf, registry_format='pack')
return slapdData
def salt_pw(pw):
salt = secure_password(8)
h = hashlib.sha1(pw)
h.update(salt)
return encode("{SSHA}" + encode(h.digest() + salt))
def generate_password(length=None):
if length is None:
length = 16
return secure_password(length)
def create(vm_):
'''
Create a single VM from a data dict
'''
try:
# Check for required profile parameters before sending any API calls.
if vm_['profile'] and config.is_profile_configured(
__opts__,
__active_provider_name__ or 'openstack',
vm_['profile'],
vm_=vm_) is False:
return False
except AttributeError:
pass
deploy = config.get_cloud_config_value('deploy', vm_, __opts__)
key_filename = config.get_cloud_config_value('ssh_key_file',
vm_,
__opts__,
search_global=False,
default=None)
if key_filename is not None:
key_filename = os.path.expanduser(key_filename)
if not os.path.isfile(key_filename):
raise SaltCloudConfigError(
'The defined ssh_key_file \'{0}\' does not exist'.format(
key_filename))
vm_['key_filename'] = key_filename
__utils__['cloud.fire_event']('event',
'starting create',
'salt/cloud/{0}/creating'.format(
vm_['name']),
args={
'name': vm_['name'],
'profile': vm_['profile'],
'provider': vm_['driver'],
},
sock_dir=__opts__['sock_dir'],
transport=__opts__['transport'])
conn = get_conn()
if 'instance_id' in vm_:
# This was probably created via another process, and doesn't have
# things like salt keys created yet, so let's create them now.
if 'pub_key' not in vm_ and 'priv_key' not in vm_:
log.debug('Generating minion keys for \'{0[name]}\''.format(vm_))
vm_['priv_key'], vm_['pub_key'] = salt.utils.cloud.gen_keys(
salt.config.get_cloud_config_value('keysize', vm_, __opts__))
data = conn.ex_get_node_details(vm_['instance_id'])
if vm_['key_filename'] is None and 'change_password' in __opts__ and __opts__[
'change_password'] is True:
vm_['password'] = sup.secure_password()
conn.ex_set_password(data, vm_['password'])
networks(vm_)
else:
# Put together all of the information required to request the instance,
# and then fire off the request for it
data, vm_ = request_instance(vm_)
# Pull the instance ID, valid for both spot and normal instances
vm_['instance_id'] = data.id
def __query_node_data(vm_, data, floating):
try:
node = show_instance(vm_['name'], 'action')
log.debug('Loaded node data for {0}:\n{1}'.format(
vm_['name'], pprint.pformat(node)))
except Exception as err:
log.error(
'Failed to get nodes list: {0}'.format(err),
# Show the traceback if the debug logging level is enabled
exc_info_on_loglevel=logging.DEBUG)
# Trigger a failure in the wait for IP function
return False
running = node['state'] == NodeState.RUNNING
if not running:
# Still not running, trigger another iteration
return
if rackconnect(vm_) is True:
check_libcloud_version((0, 14, 0), why='rackconnect: True')
extra = node.get('extra')
rc_status = extra.get('metadata',
{}).get('rackconnect_automation_status', '')
access_ip = extra.get('access_ip', '')
if rc_status != 'DEPLOYED':
log.debug('Waiting for Rackconnect automation to complete')
return
if managedcloud(vm_) is True:
extra = node.get('extra')
mc_status = extra.get('metadata',
{}).get('rax_service_level_automation', '')
if mc_status != 'Complete':
log.debug('Waiting for managed cloud automation to complete')
return
public = node['public_ips']
if floating:
try:
name = data.name
ip = floating[0].ip_address
conn.ex_attach_floating_ip_to_node(data, ip)
log.info(
'Attaching floating IP \'{0}\' to node \'{1}\''.format(
ip, name))
data.public_ips.append(ip)
public = data.public_ips
except Exception:
# Note(pabelanger): Because we loop, we only want to attach the
# floating IP address one. So, expect failures if the IP is
# already attached.
pass
result = []
private = node['private_ips']
if private and not public:
log.warning('Private IPs returned, but not public... Checking for '
'misidentified IPs')
for private_ip in private:
private_ip = preferred_ip(vm_, [private_ip])
if salt.utils.cloud.is_public_ip(private_ip):
log.warning('{0} is a public IP'.format(private_ip))
data.public_ips.append(private_ip)
log.warning(
'Public IP address was not ready when we last checked.'
' Appending public IP address now.')
public = data.public_ips
else:
log.warning('{0} is a private IP'.format(private_ip))
ignore_ip = ignore_cidr(vm_, private_ip)
if private_ip not in data.private_ips and not ignore_ip:
result.append(private_ip)
if rackconnect(vm_) is True and ssh_interface(vm_) != 'private_ips':
data.public_ips = access_ip
return data
# populate return data with private_ips
# when ssh_interface is set to private_ips and public_ips exist
if not result and ssh_interface(vm_) == 'private_ips':
for private_ip in private:
ignore_ip = ignore_cidr(vm_, private_ip)
if private_ip not in data.private_ips and not ignore_ip:
result.append(private_ip)
if result:
log.debug('result = {0}'.format(result))
data.private_ips = result
if ssh_interface(vm_) == 'private_ips':
return data
if public:
data.public_ips = public
if ssh_interface(vm_) != 'private_ips':
return data
try:
data = salt.utils.cloud.wait_for_ip(
__query_node_data,
update_args=(vm_, data, vm_['floating']),
timeout=config.get_cloud_config_value('wait_for_ip_timeout',
vm_,
__opts__,
default=10 * 60),
interval=config.get_cloud_config_value('wait_for_ip_interval',
vm_,
__opts__,
default=10),
)
except (SaltCloudExecutionTimeout, SaltCloudExecutionFailure) as exc:
try:
# It might be already up, let's destroy it!
destroy(vm_['name'])
except SaltCloudSystemExit:
pass
finally:
raise SaltCloudSystemExit(str(exc))
log.debug('VM is now running')
if ssh_interface(vm_) == 'private_ips':
ip_address = preferred_ip(vm_, data.private_ips)
elif rackconnect(vm_) is True and ssh_interface(vm_) != 'private_ips':
ip_address = data.public_ips
else:
ip_address = preferred_ip(vm_, data.public_ips)
log.debug('Using IP address {0}'.format(ip_address))
if salt.utils.cloud.get_salt_interface(vm_, __opts__) == 'private_ips':
salt_ip_address = preferred_ip(vm_, data.private_ips)
log.info('Salt interface set to: {0}'.format(salt_ip_address))
else:
salt_ip_address = preferred_ip(vm_, data.public_ips)
log.debug('Salt interface set to: {0}'.format(salt_ip_address))
if not ip_address:
raise SaltCloudSystemExit('A valid IP address was not found')
vm_['salt_host'] = salt_ip_address
vm_['ssh_host'] = ip_address
ret = __utils__['cloud.bootstrap'](vm_, __opts__)
ret.update(data.__dict__)
if hasattr(data, 'extra') and 'password' in data.extra:
del data.extra['password']
log.info('Created Cloud VM \'{0[name]}\''.format(vm_))
log.debug('\'{0[name]}\' VM creation details:\n{1}'.format(
vm_, pprint.pformat(data.__dict__)))
__utils__['cloud.fire_event']('event',
'created instance',
'salt/cloud/{0}/created'.format(vm_['name']),
args={
'name': vm_['name'],
'profile': vm_['profile'],
'provider': vm_['driver'],
},
sock_dir=__opts__['sock_dir'],
transport=__opts__['transport'])
return ret
def create(vm_):
'''
Create a single VM from a data dict
'''
try:
# Check for required profile parameters before sending any API calls.
if config.is_profile_configured(__opts__,
__active_provider_name__ or 'openstack',
vm_['profile']) is False:
return False
except AttributeError:
pass
# Since using "provider: <provider-engine>" is deprecated, alias provider
# to use driver: "driver: <provider-engine>"
if 'provider' in vm_:
vm_['driver'] = vm_.pop('provider')
deploy = config.get_cloud_config_value('deploy', vm_, __opts__)
key_filename = config.get_cloud_config_value(
'ssh_key_file', vm_, __opts__, search_global=False, default=None
)
if key_filename is not None:
key_filename = os.path.expanduser(key_filename)
if not os.path.isfile(key_filename):
raise SaltCloudConfigError(
'The defined ssh_key_file {0!r} does not exist'.format(
key_filename
)
)
vm_['key_filename'] = key_filename
salt.utils.cloud.fire_event(
'event',
'starting create',
'salt/cloud/{0}/creating'.format(vm_['name']),
{
'name': vm_['name'],
'profile': vm_['profile'],
'provider': vm_['driver'],
},
transport=__opts__['transport']
)
conn = get_conn()
if 'instance_id' in vm_:
# This was probably created via another process, and doesn't have
# things like salt keys created yet, so let's create them now.
if 'pub_key' not in vm_ and 'priv_key' not in vm_:
log.debug('Generating minion keys for {0[name]!r}'.format(vm_))
vm_['priv_key'], vm_['pub_key'] = salt.utils.cloud.gen_keys(
salt.config.get_cloud_config_value(
'keysize',
vm_,
__opts__
)
)
data = conn.ex_get_node_details(vm_['instance_id'])
if vm_['key_filename'] is None and 'change_password' in __opts__ and __opts__['change_password'] is True:
vm_['password'] = sup.secure_password()
conn.ex_set_password(data, vm_['password'])
networks(vm_)
else:
# Put together all of the information required to request the instance,
# and then fire off the request for it
data, vm_ = request_instance(vm_)
# Pull the instance ID, valid for both spot and normal instances
vm_['instance_id'] = data.id
def __query_node_data(vm_, data, floating):
try:
node = show_instance(vm_['name'], 'action')
log.debug(
'Loaded node data for {0}:\n{1}'.format(
vm_['name'],
pprint.pformat(node)
)
)
except Exception as err:
log.error(
'Failed to get nodes list: {0}'.format(
err
),
# Show the traceback if the debug logging level is enabled
exc_info_on_loglevel=logging.DEBUG
)
# Trigger a failure in the wait for IP function
return False
running = node['state'] == NodeState.RUNNING
if not running:
# Still not running, trigger another iteration
return
if rackconnect(vm_) is True:
check_libcloud_version((0, 14, 0), why='rackconnect: True')
extra = node.get('extra')
rc_status = extra.get('metadata', {}).get(
'rackconnect_automation_status', '')
access_ip = extra.get('access_ip', '')
if rc_status != 'DEPLOYED':
log.debug('Waiting for Rackconnect automation to complete')
return
if managedcloud(vm_) is True:
extra = node.get('extra')
mc_status = extra.get('metadata', {}).get(
'rax_service_level_automation', '')
if mc_status != 'Complete':
log.debug('Waiting for managed cloud automation to complete')
return
public = node['public_ips']
if floating:
try:
name = data.name
ip = floating[0].ip_address
conn.ex_attach_floating_ip_to_node(data, ip)
log.info(
'Attaching floating IP {0!r} to node {1!r}'.format(
ip, name
)
)
data.public_ips.append(ip)
public = data.public_ips
except Exception:
# Note(pabelanger): Because we loop, we only want to attach the
# floating IP address one. So, expect failures if the IP is
# already attached.
pass
result = []
private = node['private_ips']
if private and not public:
log.warn(
'Private IPs returned, but not public... Checking for '
'misidentified IPs'
)
for private_ip in private:
private_ip = preferred_ip(vm_, [private_ip])
if salt.utils.cloud.is_public_ip(private_ip):
log.warn('{0} is a public IP'.format(private_ip))
data.public_ips.append(private_ip)
log.warn(
'Public IP address was not ready when we last checked.'
' Appending public IP address now.'
)
public = data.public_ips
else:
log.warn('{0} is a private IP'.format(private_ip))
ignore_ip = ignore_cidr(vm_, private_ip)
if private_ip not in data.private_ips and not ignore_ip:
result.append(private_ip)
if rackconnect(vm_) is True:
if ssh_interface(vm_) != 'private_ips':
data.public_ips = access_ip
return data
# populate return data with private_ips
# when ssh_interface is set to private_ips and public_ips exist
if not result and ssh_interface(vm_) == 'private_ips':
for private_ip in private:
ignore_ip = ignore_cidr(vm_, private_ip)
if private_ip not in data.private_ips and not ignore_ip:
result.append(private_ip)
if result:
log.debug('result = {0}'.format(result))
data.private_ips = result
if ssh_interface(vm_) == 'private_ips':
return data
if public:
data.public_ips = public
if ssh_interface(vm_) != 'private_ips':
return data
try:
data = salt.utils.cloud.wait_for_ip(
__query_node_data,
update_args=(vm_, data, vm_['floating']),
timeout=config.get_cloud_config_value(
'wait_for_ip_timeout', vm_, __opts__, default=10 * 60),
interval=config.get_cloud_config_value(
'wait_for_ip_interval', vm_, __opts__, default=10),
)
except (SaltCloudExecutionTimeout, SaltCloudExecutionFailure) as exc:
try:
# It might be already up, let's destroy it!
destroy(vm_['name'])
except SaltCloudSystemExit:
pass
finally:
raise SaltCloudSystemExit(str(exc))
log.debug('VM is now running')
if ssh_interface(vm_) == 'private_ips':
ip_address = preferred_ip(vm_, data.private_ips)
elif rackconnect(vm_) is True and ssh_interface(vm_) != 'private_ips':
ip_address = data.public_ips
else:
ip_address = preferred_ip(vm_, data.public_ips)
log.debug('Using IP address {0}'.format(ip_address))
if salt.utils.cloud.get_salt_interface(vm_, __opts__) == 'private_ips':
salt_ip_address = preferred_ip(vm_, data.private_ips)
log.info('Salt interface set to: {0}'.format(salt_ip_address))
else:
salt_ip_address = preferred_ip(vm_, data.public_ips)
log.debug('Salt interface set to: {0}'.format(salt_ip_address))
if not ip_address:
raise SaltCloudSystemExit('A valid IP address was not found')
vm_['salt_host'] = salt_ip_address
vm_['ssh_host'] = ip_address
ret = salt.utils.cloud.bootstrap(vm_, __opts__)
ret.update(data.__dict__)
if hasattr(data, 'extra') and 'password' in data.extra:
del data.extra['password']
log.info('Created Cloud VM {0[name]!r}'.format(vm_))
log.debug(
'{0[name]!r} VM creation details:\n{1}'.format(
vm_, pprint.pformat(data.__dict__)
)
)
salt.utils.cloud.fire_event(
'event',
'created instance',
'salt/cloud/{0}/created'.format(vm_['name']),
{
'name': vm_['name'],
'profile': vm_['profile'],
'provider': vm_['driver'],
},
transport=__opts__['transport']
)
return ret
def create(vm_):
'''
Create a single VM from a data dict
'''
try:
# Check for required profile parameters before sending any API calls.
if vm_['profile'] and config.is_profile_configured(
__opts__,
__active_provider_name__ or 'nova',
vm_['profile'],
vm_=vm_) is False:
return False
except AttributeError:
pass
deploy = config.get_cloud_config_value('deploy', vm_, __opts__)
key_filename = config.get_cloud_config_value('ssh_key_file',
vm_,
__opts__,
search_global=False,
default=None)
if key_filename is not None and not os.path.isfile(key_filename):
raise SaltCloudConfigError(
'The defined ssh_key_file \'{0}\' does not exist'.format(
key_filename))
vm_['key_filename'] = key_filename
__utils__['cloud.fire_event'](
'event',
'starting create',
'salt/cloud/{0}/creating'.format(vm_['name']),
args=__utils__['cloud.filter_event'](
'creating', vm_, ['name', 'profile', 'provider', 'driver']),
sock_dir=__opts__['sock_dir'],
transport=__opts__['transport'])
conn = get_conn()
if 'instance_id' in vm_:
# This was probably created via another process, and doesn't have
# things like salt keys created yet, so let's create them now.
if 'pub_key' not in vm_ and 'priv_key' not in vm_:
log.debug('Generating minion keys for \'{0[name]}\''.format(vm_))
vm_['priv_key'], vm_['pub_key'] = salt.utils.cloud.gen_keys(
salt.config.get_cloud_config_value('keysize', vm_, __opts__))
data = conn.server_show_libcloud(vm_['instance_id'])
if vm_['key_filename'] is None and 'change_password' in __opts__ and __opts__[
'change_password'] is True:
vm_['password'] = sup.secure_password()
conn.root_password(vm_['instance_id'], vm_['password'])
else:
# Put together all of the information required to request the instance,
# and then fire off the request for it
data, vm_ = request_instance(vm_)
# Pull the instance ID, valid for both spot and normal instances
vm_['instance_id'] = data.id
try:
data = salt.utils.cloud.wait_for_ip(
_query_node_data,
update_args=(vm_, data, conn),
timeout=config.get_cloud_config_value('wait_for_ip_timeout',
vm_,
__opts__,
default=10 * 60),
interval=config.get_cloud_config_value('wait_for_ip_interval',
vm_,
__opts__,
default=10),
)
except (SaltCloudExecutionTimeout, SaltCloudExecutionFailure) as exc:
try:
# It might be already up, let's destroy it!
destroy(vm_['name'])
except SaltCloudSystemExit:
pass
finally:
raise SaltCloudSystemExit(str(exc))
log.debug('VM is now running')
if ssh_interface(vm_) == 'private_ips':
ip_address = preferred_ip(vm_, data.private_ips)
elif ssh_interface(vm_) == 'fixed_ips':
ip_address = preferred_ip(vm_, data.fixed_ips)
elif ssh_interface(vm_) == 'floating_ips':
ip_address = preferred_ip(vm_, data.floating_ips)
else:
ip_address = preferred_ip(vm_, data.public_ips)
log.debug('Using IP address {0}'.format(ip_address))
if salt.utils.cloud.get_salt_interface(vm_, __opts__) == 'private_ips':
salt_ip_address = preferred_ip(vm_, data.private_ips)
log.info('Salt interface set to: {0}'.format(salt_ip_address))
elif salt.utils.cloud.get_salt_interface(vm_, __opts__) == 'fixed_ips':
salt_ip_address = preferred_ip(vm_, data.fixed_ips)
log.info('Salt interface set to: {0}'.format(salt_ip_address))
elif salt.utils.cloud.get_salt_interface(vm_, __opts__) == 'floating_ips':
salt_ip_address = preferred_ip(vm_, data.floating_ips)
log.info('Salt interface set to: {0}'.format(salt_ip_address))
else:
salt_ip_address = preferred_ip(vm_, data.public_ips)
log.debug('Salt interface set to: {0}'.format(salt_ip_address))
if not ip_address:
raise SaltCloudSystemExit('A valid IP address was not found')
vm_['ssh_host'] = ip_address
vm_['salt_host'] = salt_ip_address
ret = __utils__['cloud.bootstrap'](vm_, __opts__)
ret.update(data.__dict__)
if 'password' in ret['extra']:
del ret['extra']['password']
log.info('Created Cloud VM \'{0[name]}\''.format(vm_))
log.debug('\'{0[name]}\' VM creation details:\n{1}'.format(
vm_, pprint.pformat(data.__dict__)))
event_data = {
'name': vm_['name'],
'profile': vm_['profile'],
'provider': vm_['driver'],
'instance_id': vm_['instance_id'],
'floating_ips': data.floating_ips,
'fixed_ips': data.fixed_ips,
'private_ips': data.private_ips,
'public_ips': data.public_ips
}
__utils__['cloud.fire_event']('event',
'created instance',
'salt/cloud/{0}/created'.format(vm_['name']),
args=__utils__['cloud.filter_event'](
'created', event_data, list(event_data)),
sock_dir=__opts__['sock_dir'],
transport=__opts__['transport'])
__utils__['cloud.cachedir_index_add'](vm_['name'], vm_['profile'], 'nova',
vm_['driver'])
return ret
def _settings():
grains = __grains__
pillar = __pillar__
local_conf = __salt__['mc_macros.get_local_registry'](
'nginx', registry_format='pack')
naxsi_ui_pass = local_conf.get('naxsi_pass', secure_password(32))
locations = __salt__['mc_locations.settings']()
nbcpus = __grains__.get('num_cpus', '4')
epoll = False
if 'linux' in __grains__.get('kernel', '').lower():
epoll = True
ulimit = "65536"
is_rp = is_reverse_proxied()
reverse_proxy_addresses = []
if is_rp:
gw = grains.get('makina.default_route', {}).get('gateway', '').strip()
if gw and gw not in reverse_proxy_addresses:
reverse_proxy_addresses.append(gw)
logformat = '$remote_addr - $remote_user [$time_local] '
logformat += '"$request" $status $bytes_sent "$http_referer" '
logformat += '"$http_user_agent" "$gzip_ratio"'
logformats = {
'custom_combined': logformat
}
www_reg = __salt__['mc_www.settings']()
nginxData = __salt__['mc_utils.defaults'](
'makina-states.services.http.nginx', {
'rotate': '365',
'is_reverse_proxied': is_rp,
'reverse_proxy_addresses': reverse_proxy_addresses,
'default_vhost': True,
'use_real_ip': True,
'use_naxsi': False,
'use_naxsi_secrules': True,
'naxsi_ui_user': '******',
'naxsi_ui_pass': naxsi_ui_pass,
'naxsi_ui_host': '127.0.01',
'naxsi_ui_intercept_port': '18080',
'naxsi_ui_extract_port': '18081',
'use_naxsi_learning': True,
'naxsi_denied_url': "/RequestDenied",
'real_ip_header': 'X-Forwarded-For',
'logformat': 'custom_combined',
'logformats': logformats,
'v6': False,
'allowed_hosts': [],
'ulimit': ulimit,
'client_max_body_size': www_reg[
'upload_max_filesize'],
'open_file_cache': 'max=200000 inactive=5m',
'open_file_cache_valid': '6m',
'open_file_cache_min_uses': '2',
'open_file_cache_errors': 'on',
'epoll': epoll,
'default_type': 'application/octet-stream',
'worker_processes': nbcpus,
'worker_connections': '1024',
'multi_accept': True,
'user': '******',
'server_names_hash_bucket_size': '64',
'loglevel': 'crit',
'ldap_cache': True,
'logdir': '/var/log/nginx',
'access_log': '{logdir}/access.log',
'sendfile': True,
'tcp_nodelay': True,
'tcp_nopush': True,
'reset_timedout_connection': 'on',
'client_body_timeout': '10',
'send_timeout': '2',
'keepalive_requests': '100000',
'keepalive_timeout': '30',
'types_hash_max_size': '2048',
'server_tokens': False,
'server_name_in_redirect': False,
'error_log': '{logdir}/error.log',
'virtualhosts': {},
'gzip': True,
'redirect_aliases': True,
'port': '80',
'default_domains': ['localhost'],
'sshl_port': '443',
'default_activation': True,
'package': 'nginx',
'docdir': '/usr/share/doc/nginx',
'doc_root': www_reg['doc_root'],
'service': 'nginx',
'basedir': locations['conf_dir'] + '/nginx',
'confdir': locations['conf_dir'] + '/nginx/conf.d',
'logdir': locations['var_log_dir'] + '/nginx',
'wwwdir': locations['srv_dir'] + '/www',
'vhost_default_template': (
'salt://makina-states/files/'
'etc/nginx/sites-available/vhost.conf'),
'vhost_wrapper_template': (
'salt://makina-states/files/'
'etc/nginx/sites-available/vhost.conf'),
'vhost_default_content': (
'salt://makina-states/files/'
'etc/nginx/sites-available/default.conf'),
'vhost_top_template': (
'salt://makina-states/files/'
'etc/nginx/sites-available/vhost.top.conf'),
'vhost_content_template': (
'salt://makina-states/files/'
'etc/nginx/sites-available/vhost.content.conf'),
}
)
__salt__['mc_macros.update_local_registry'](
'nginx', local_conf, registry_format='pack')
return nginxData
