def install_restservice(): utils.set_service_as_cloudify_service(runtime_props) rest_service_rpm_source_url = ctx_properties['rest_service_rpm_source_url'] rest_venv = join(HOME_DIR, 'env') agent_dir = join(utils.MANAGER_RESOURCES_HOME, 'cloudify_agent') ctx.logger.info('Installing REST Service...') utils.set_selinux_permissive() utils.copy_notice(SERVICE_NAME) utils.mkdir(HOME_DIR) utils.mkdir(LOG_DIR) utils.chown(utils.CLOUDIFY_USER, utils.CLOUDIFY_GROUP, LOG_DIR) utils.mkdir(utils.MANAGER_RESOURCES_HOME) utils.mkdir(agent_dir) runtime_props['rabbitmq_endpoint_ip'] = utils.get_rabbitmq_endpoint_ip() runtime_props['broker_cert_path'] = utils.INTERNAL_CA_CERT_PATH utils.yum_install(rest_service_rpm_source_url, service_name=SERVICE_NAME) _configure_dbus(rest_venv) install_optional(rest_venv) utils.logrotate(SERVICE_NAME) utils.deploy_sudo_command_script(script='/usr/bin/systemctl', description='Run systemctl') utils.deploy_sudo_command_script('set-manager-ssl.py', 'Script for setting manager SSL', SERVICE_NAME) utils.deploy_sudo_command_script(script='/usr/sbin/shutdown', description='Perform shutdown (reboot)')
def install_amqpinflux(): amqpinflux_rpm_source_url = \ ctx_properties['amqpinflux_rpm_source_url'] # injected as an input to the script ctx.instance.runtime_properties['influxdb_endpoint_ip'] = \ os.environ['INFLUXDB_ENDPOINT_IP'] rabbit_props = utils.ctx_factory.get('rabbitmq') ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip() ctx.instance.runtime_properties['rabbitmq_username'] = \ rabbit_props.get('rabbitmq_username') ctx.instance.runtime_properties['rabbitmq_password'] = \ rabbit_props.get('rabbitmq_password') amqpinflux_venv = '{0}/env'.format(HOME_DIR) ctx.logger.info('Installing AQMPInflux...') utils.set_selinux_permissive() utils.copy_notice(SERVICE_NAME) utils.mkdir(HOME_DIR) utils.yum_install(amqpinflux_rpm_source_url, service_name=SERVICE_NAME) _install_optional(amqpinflux_venv) ctx.logger.info('Configuring AMQPInflux...') utils.create_service_user(AMQPINFLUX_USER, AMQPINFLUX_GROUP, HOME_DIR) ctx.instance.runtime_properties['broker_cert_path'] = \ utils.INTERNAL_CERT_PATH utils.chown(AMQPINFLUX_USER, AMQPINFLUX_GROUP, HOME_DIR) utils.systemd.configure(SERVICE_NAME)
def install_amqpinflux(): amqpinflux_rpm_source_url = \ ctx_properties['amqpinflux_rpm_source_url'] # injected as an input to the script ctx.instance.runtime_properties['influxdb_endpoint_ip'] = \ os.environ['INFLUXDB_ENDPOINT_IP'] ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip( ctx_properties.get('rabbitmq_endpoint_ip')) amqpinflux_user = '******' amqpinflux_group = 'amqpinflux' amqpinflux_venv = '{0}/env'.format(AMQPINFLUX_HOME) ctx.logger.info('Installing AQMPInflux...') utils.set_selinux_permissive() utils.copy_notice(AMQPINFLUX_SERVICE_NAME) utils.mkdir(AMQPINFLUX_HOME) utils.yum_install(amqpinflux_rpm_source_url, service_name=AMQPINFLUX_SERVICE_NAME) _install_optional(amqpinflux_venv) utils.create_service_user(amqpinflux_user, AMQPINFLUX_HOME) _deploy_broker_configuration(amqpinflux_group) ctx.logger.info('Fixing permissions...') utils.chown(amqpinflux_user, amqpinflux_group, AMQPINFLUX_HOME) utils.systemd.configure(AMQPINFLUX_SERVICE_NAME)
def deploy_broker_configuration(): # Set broker port for rabbit broker_port_ssl = 5671 broker_port_no_ssl = 5672 # injected as an input to the script ctx.instance.runtime_properties['es_endpoint_ip'] = \ os.environ['ES_ENDPOINT_IP'] ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip() rabbitmq_ssl_enabled = ctx.node.properties['rabbitmq_ssl_enabled'] rabbitmq_cert_public = ctx.node.properties['rabbitmq_cert_public'] # Add certificate and select port, as applicable if rabbitmq_ssl_enabled: broker_cert_path = os.path.join(REST_SERVICE_HOME, 'amqp_pub.pem') utils.deploy_ssl_certificate('public', broker_cert_path, 'root', rabbitmq_cert_public) ctx.instance.runtime_properties['broker_cert_path'] = broker_cert_path # Use SSL port ctx.instance.runtime_properties['broker_port'] = broker_port_ssl else: # No SSL, don't use SSL port ctx.instance.runtime_properties['broker_port'] = broker_port_no_ssl if rabbitmq_cert_public is not None: ctx.logger.warn('Broker SSL cert supplied but SSL not enabled ' '(broker_ssl_enabled is False).')
def install_amqpinflux(): amqpinflux_rpm_source_url = \ ctx.node.properties['amqpinflux_rpm_source_url'] # injected as an input to the script ctx.instance.runtime_properties['influxdb_endpoint_ip'] = \ os.environ['INFLUXDB_ENDPOINT_IP'] ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip() amqpinflux_user = '******' amqpinflux_group = 'amqpinflux' amqpinflux_venv = '{0}/env'.format(AMQPINFLUX_HOME) ctx.logger.info('Installing AQMPInflux...') utils.set_selinux_permissive() utils.copy_notice('amqpinflux') utils.mkdir(AMQPINFLUX_HOME) utils.yum_install(amqpinflux_rpm_source_url) _install_optional(amqpinflux_venv) utils.create_service_user(amqpinflux_user, AMQPINFLUX_HOME) _deploy_broker_configuration(amqpinflux_group) ctx.logger.info('Fixing permissions...') utils.chown(amqpinflux_user, amqpinflux_group, AMQPINFLUX_HOME) utils.systemd.configure('amqpinflux')
def install_amqpinflux(): amqpinflux_rpm_source_url = \ ctx_properties['amqpinflux_rpm_source_url'] # injected as an input to the script ctx.instance.runtime_properties['influxdb_endpoint_ip'] = \ os.environ['INFLUXDB_ENDPOINT_IP'] rabbit_props = utils.ctx_factory.get('rabbitmq') ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip() ctx.instance.runtime_properties['rabbitmq_username'] = \ rabbit_props.get('rabbitmq_username') ctx.instance.runtime_properties['rabbitmq_password'] = \ rabbit_props.get('rabbitmq_password') ctx.instance.runtime_properties['rabbitmq_ssl_enabled'] = True amqpinflux_venv = '{0}/env'.format(HOME_DIR) ctx.logger.info('Installing AQMPInflux...') utils.set_selinux_permissive() utils.copy_notice(SERVICE_NAME) utils.mkdir(HOME_DIR) utils.yum_install(amqpinflux_rpm_source_url, service_name=SERVICE_NAME) _install_optional(amqpinflux_venv) ctx.logger.info('Configuring AMQPInflux...') utils.create_service_user(AMQPINFLUX_USER, AMQPINFLUX_GROUP, HOME_DIR) ctx.instance.runtime_properties['broker_cert_path'] = \ utils.INTERNAL_CERT_PATH utils.chown(AMQPINFLUX_USER, AMQPINFLUX_GROUP, HOME_DIR) utils.systemd.configure(SERVICE_NAME)
def install_riemann(): langohr_source_url = ctx_properties['langohr_jar_source_url'] daemonize_source_url = ctx_properties['daemonize_rpm_source_url'] riemann_source_url = ctx_properties['riemann_rpm_source_url'] # Needed for Riemann's config cloudify_resources_url = ctx_properties['cloudify_resources_url'] rabbitmq_username = ctx_properties['rabbitmq_username'] rabbitmq_password = ctx_properties['rabbitmq_password'] riemann_config_path = '/etc/riemann' riemann_log_path = '/var/log/cloudify/riemann' langohr_home = '/opt/lib' extra_classpath = '{0}/langohr.jar'.format(langohr_home) # Confirm username and password have been supplied for broker before # continuing. # Components other than logstash and riemann have this handled in code. # Note that these are not directly used in this script, but are used by the # deployed resources, hence the check here. if not rabbitmq_username or not rabbitmq_password: ctx.abort_operation( 'Both rabbitmq_username and rabbitmq_password must be supplied ' 'and at least 1 character long in the manager blueprint inputs.') rabbit_props = utils.ctx_factory.get('rabbitmq') ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip( rabbit_props.get('rabbitmq_endpoint_ip')) ctx.instance.runtime_properties['rabbitmq_username'] = \ rabbit_props.get('rabbitmq_username') ctx.instance.runtime_properties['rabbitmq_password'] = \ rabbit_props.get('rabbitmq_password') ctx.logger.info('Installing Riemann...') utils.set_selinux_permissive() utils.copy_notice(RIEMANN_SERVICE_NAME) utils.mkdir(riemann_log_path) utils.mkdir(langohr_home) utils.mkdir(riemann_config_path) utils.mkdir('{0}/conf.d'.format(riemann_config_path)) langohr = utils.download_cloudify_resource(langohr_source_url, RIEMANN_SERVICE_NAME) utils.sudo(['cp', langohr, extra_classpath]) ctx.logger.info('Applying Langohr permissions...') utils.sudo(['chmod', '644', extra_classpath]) utils.yum_install(daemonize_source_url, service_name=RIEMANN_SERVICE_NAME) utils.yum_install(riemann_source_url, service_name=RIEMANN_SERVICE_NAME) utils.logrotate(RIEMANN_SERVICE_NAME) ctx.logger.info('Downloading cloudify-manager Repository...') manager_repo = utils.download_cloudify_resource(cloudify_resources_url, RIEMANN_SERVICE_NAME) ctx.logger.info('Extracting Manager Repository...') utils.untar(manager_repo, '/tmp')
def install_riemann(): langohr_source_url = ctx_properties['langohr_jar_source_url'] daemonize_source_url = ctx_properties['daemonize_rpm_source_url'] riemann_source_url = ctx_properties['riemann_rpm_source_url'] utils.create_service_user(user=RIEMANN_USER, group=RIEMANN_GROUP, home=utils.CLOUDIFY_HOME_DIR) riemann_config_path = '/etc/riemann' riemann_log_path = '/var/log/cloudify/riemann' langohr_home = '/opt/lib' extra_classpath = '{0}/langohr.jar'.format(langohr_home) riemann_dir = '/opt/riemann' # Confirm username and password have been supplied for broker before # continuing. # Components other than logstash and riemann have this handled in code. # Note that these are not directly used in this script, but are used by the # deployed resources, hence the check here. rabbitmq_username = ctx_properties['rabbitmq_username'] rabbitmq_password = ctx_properties['rabbitmq_password'] if not rabbitmq_username or not rabbitmq_password: ctx.abort_operation( 'Both rabbitmq_username and rabbitmq_password must be supplied ' 'and at least 1 character long in the manager blueprint inputs.') runtime_props['rabbitmq_endpoint_ip'] = utils.get_rabbitmq_endpoint_ip() ctx.logger.info('Installing Riemann...') utils.set_selinux_permissive() utils.copy_notice(RIEMANN_SERVICE_NAME) utils.mkdir(riemann_log_path) utils.mkdir(langohr_home) utils.mkdir(riemann_config_path) utils.mkdir('{0}/conf.d'.format(riemann_config_path)) # utils.chown cannot be used as it will change both user and group utils.sudo(['chown', RIEMANN_USER, riemann_dir]) langohr = utils.download_cloudify_resource(langohr_source_url, RIEMANN_SERVICE_NAME) utils.sudo(['cp', langohr, extra_classpath]) ctx.logger.info('Applying Langohr permissions...') utils.sudo(['chmod', '644', extra_classpath]) utils.yum_install(daemonize_source_url, service_name=RIEMANN_SERVICE_NAME) utils.yum_install(riemann_source_url, service_name=RIEMANN_SERVICE_NAME) utils.chown(RIEMANN_USER, RIEMANN_GROUP, riemann_log_path) utils.logrotate(RIEMANN_SERVICE_NAME) files_to_remove = [ riemann_config_path, riemann_log_path, extra_classpath, riemann_dir ] runtime_props['files_to_remove'] = files_to_remove
def install_logstash(): logstash_unit_override = '/etc/systemd/system/logstash.service.d' logstash_source_url = ctx_properties['logstash_rpm_source_url'] rabbitmq_username = ctx_properties['rabbitmq_username'] rabbitmq_password = ctx_properties['rabbitmq_password'] logstash_log_path = '/var/log/cloudify/logstash' logstash_conf_path = '/etc/logstash/conf.d' # injected as an input to the script ctx.instance.runtime_properties['es_endpoint_ip'] = \ os.environ.get('ES_ENDPOINT_IP') ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip( ctx_properties.get('rabbitmq_endpoint_ip')) # Confirm username and password have been supplied for broker before # continuing. # Components other than logstash and riemann have this handled in code. # Note that these are not directly used in this script, but are used by the # deployed resources, hence the check here. if not rabbitmq_username or not rabbitmq_password: utils.error_exit( 'Both rabbitmq_username and rabbitmq_password must be supplied ' 'and at least 1 character long in the manager blueprint inputs.') ctx.logger.info('Installing Logstash...') utils.set_selinux_permissive() utils.copy_notice(LOGSTASH_SERVICE_NAME) utils.yum_install(logstash_source_url, service_name=LOGSTASH_SERVICE_NAME) utils.mkdir(logstash_log_path) utils.chown('logstash', 'logstash', logstash_log_path) ctx.logger.info('Creating systemd unit override...') utils.mkdir(logstash_unit_override) utils.deploy_blueprint_resource( '{0}/restart.conf'.format(CONFIG_PATH), '{0}/restart.conf'.format(logstash_unit_override), LOGSTASH_SERVICE_NAME) ctx.logger.info('Deploying Logstash conf...') utils.deploy_blueprint_resource( '{0}/logstash.conf'.format(CONFIG_PATH), '{0}/logstash.conf'.format(logstash_conf_path), LOGSTASH_SERVICE_NAME) ctx.logger.info('Deploying Logstash sysconfig...') utils.deploy_blueprint_resource('{0}/logstash'.format(CONFIG_PATH), '/etc/sysconfig/logstash', LOGSTASH_SERVICE_NAME) utils.logrotate(LOGSTASH_SERVICE_NAME) utils.sudo(['/sbin/chkconfig', 'logstash', 'on']) utils.clean_var_log_dir(LOGSTASH_SERVICE_NAME)
def install_riemann(): langohr_source_url = ctx_properties['langohr_jar_source_url'] daemonize_source_url = ctx_properties['daemonize_rpm_source_url'] riemann_source_url = ctx_properties['riemann_rpm_source_url'] # Needed for Riemann's config cloudify_resources_url = ctx_properties['cloudify_resources_url'] rabbitmq_username = ctx_properties['rabbitmq_username'] rabbitmq_password = ctx_properties['rabbitmq_password'] riemann_config_path = '/etc/riemann' riemann_log_path = '/var/log/cloudify/riemann' langohr_home = '/opt/lib' extra_classpath = '{0}/langohr.jar'.format(langohr_home) # Confirm username and password have been supplied for broker before # continuing. # Components other than logstash and riemann have this handled in code. # Note that these are not directly used in this script, but are used by the # deployed resources, hence the check here. if not rabbitmq_username or not rabbitmq_password: ctx.abort_operation( 'Both rabbitmq_username and rabbitmq_password must be supplied ' 'and at least 1 character long in the manager blueprint inputs.') rabbit_props = utils.ctx_factory.get('rabbitmq') ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip( rabbit_props.get('rabbitmq_endpoint_ip')) ctx.instance.runtime_properties['rabbitmq_username'] = \ rabbit_props.get('rabbitmq_username') ctx.instance.runtime_properties['rabbitmq_password'] = \ rabbit_props.get('rabbitmq_password') ctx.logger.info('Installing Riemann...') utils.set_selinux_permissive() utils.copy_notice(RIEMANN_SERVICE_NAME) utils.mkdir(riemann_log_path) utils.mkdir(langohr_home) utils.mkdir(riemann_config_path) utils.mkdir('{0}/conf.d'.format(riemann_config_path)) langohr = utils.download_cloudify_resource(langohr_source_url, RIEMANN_SERVICE_NAME) utils.sudo(['cp', langohr, extra_classpath]) ctx.logger.info('Applying Langohr permissions...') utils.sudo(['chmod', '644', extra_classpath]) utils.yum_install(daemonize_source_url, service_name=RIEMANN_SERVICE_NAME) utils.yum_install(riemann_source_url, service_name=RIEMANN_SERVICE_NAME) utils.logrotate(RIEMANN_SERVICE_NAME) ctx.logger.info('Downloading cloudify-manager Repository...') manager_repo = utils.download_cloudify_resource(cloudify_resources_url, RIEMANN_SERVICE_NAME) ctx.logger.info('Extracting Manager Repository...') utils.untar(manager_repo, '/tmp')
def install_mgmtworker(): riemann_dir = '/opt/riemann' management_worker_rpm_source_url = \ ctx_properties['management_worker_rpm_source_url'] runtime_props['rabbitmq_endpoint_ip'] = utils.get_rabbitmq_endpoint_ip() # Fix possible injections in json of rabbit credentials # See json.org for string spec for key in ['rabbitmq_username', 'rabbitmq_password']: # We will not escape newlines or other control characters, # we will accept them breaking # things noisily, e.g. on newlines and backspaces. # TODO: add: # sed 's/"/\\"/' | sed 's/\\/\\\\/' | sed s-/-\\/- | sed 's/\t/\\t/' runtime_props[key] = ctx_properties[key] utils.set_service_as_cloudify_service(runtime_props) ctx.logger.info('Installing Management Worker...') utils.set_selinux_permissive() utils.copy_notice(SERVICE_NAME) utils.mkdir(HOME_DIR) utils.mkdir(join(HOME_DIR, 'config')) utils.mkdir(join(HOME_DIR, 'work')) utils.mkdir(LOG_DIR) utils.mkdir(riemann_dir) mgmtworker_venv = join(HOME_DIR, 'env') # used to run the sanity check runtime_props['python_executable'] = join(mgmtworker_venv, 'bin', 'python') # this create the mgmtworker_venv and installs the relevant # modules into it. utils.yum_install(management_worker_rpm_source_url, service_name=SERVICE_NAME) _install_optional(mgmtworker_venv) # Add certificate and select port, as applicable runtime_props['broker_cert_path'] = utils.INTERNAL_CA_CERT_PATH # Use SSL port runtime_props['broker_port'] = AMQP_SSL_PORT utils.chown(CLOUDIFY_USER, CLOUDIFY_GROUP, HOME_DIR) utils.chown(CLOUDIFY_USER, CLOUDIFY_GROUP, LOG_DIR) # Changing perms on workdir and venv in case they are put outside homedir utils.chown(CLOUDIFY_USER, CLOUDIFY_GROUP, mgmtworker_venv) # Prepare riemann dir. We will change the owner to riemann later, but the # management worker will still need access to it utils.chown(CLOUDIFY_USER, CLOUDIFY_GROUP, riemann_dir) utils.chmod('770', riemann_dir) ctx.logger.info("Using broker port: {0}".format( ctx.instance.runtime_properties['broker_port']))
def install_mgmtworker(): riemann_dir = '/opt/riemann' management_worker_rpm_source_url = \ ctx_properties['management_worker_rpm_source_url'] runtime_props['rabbitmq_endpoint_ip'] = utils.get_rabbitmq_endpoint_ip() # Fix possible injections in json of rabbit credentials # See json.org for string spec for key in ['rabbitmq_username', 'rabbitmq_password']: # We will not escape newlines or other control characters, # we will accept them breaking # things noisily, e.g. on newlines and backspaces. # TODO: add: # sed 's/"/\\"/' | sed 's/\\/\\\\/' | sed s-/-\\/- | sed 's/\t/\\t/' runtime_props[key] = ctx_properties[key] runtime_props['rabbitmq_ssl_enabled'] = True utils.set_service_as_cloudify_service(runtime_props) ctx.logger.info('Installing Management Worker...') utils.set_selinux_permissive() utils.copy_notice(SERVICE_NAME) utils.mkdir(HOME_DIR) utils.mkdir(join(HOME_DIR, 'config')) utils.mkdir(join(HOME_DIR, 'work')) utils.mkdir(LOG_DIR) utils.mkdir(riemann_dir) mgmtworker_venv = join(HOME_DIR, 'env') # this create the mgmtworker_venv and installs the relevant # modules into it. utils.yum_install(management_worker_rpm_source_url, service_name=SERVICE_NAME) _install_optional(mgmtworker_venv) # Add certificate and select port, as applicable runtime_props['broker_cert_path'] = utils.INTERNAL_CERT_PATH # Use SSL port runtime_props['broker_port'] = AMQP_SSL_PORT utils.chown(CLOUDIFY_USER, CLOUDIFY_GROUP, HOME_DIR) utils.chown(CLOUDIFY_USER, CLOUDIFY_GROUP, LOG_DIR) # Changing perms on workdir and venv in case they are put outside homedir utils.chown(CLOUDIFY_USER, CLOUDIFY_GROUP, mgmtworker_venv) # Prepare riemann dir. We will change the owner to riemann later, but the # management worker will still need access to it utils.chown(CLOUDIFY_USER, CLOUDIFY_GROUP, riemann_dir) utils.chmod('770', riemann_dir) ctx.logger.info("Using broker port: {0}".format( ctx.instance.runtime_properties['broker_port']))
def install_logstash(): logstash_unit_override = '/etc/systemd/system/logstash.service.d' logstash_source_url = ctx.node.properties['logstash_rpm_source_url'] rabbitmq_username = ctx.node.properties['rabbitmq_username'] rabbitmq_password = ctx.node.properties['rabbitmq_password'] logstash_log_path = '/var/log/cloudify/logstash' logstash_conf_path = '/etc/logstash/conf.d' # injected as an input to the script ctx.instance.runtime_properties['es_endpoint_ip'] = \ os.environ.get('ES_ENDPOINT_IP') ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip() # Confirm username and password have been supplied for broker before # continuing. # Components other than logstash and riemann have this handled in code. # Note that these are not directly used in this script, but are used by the # deployed resources, hence the check here. if not rabbitmq_username or not rabbitmq_password: utils.error_exit( 'Both rabbitmq_username and rabbitmq_password must be supplied ' 'and at least 1 character long in the manager blueprint inputs.') ctx.logger.info('Installing Logstash...') utils.set_selinux_permissive() utils.copy_notice('logstash') utils.yum_install(logstash_source_url) utils.mkdir(logstash_log_path) utils.chown('logstash', 'logstash', logstash_log_path) ctx.logger.info('Creating systemd unit override...') utils.mkdir(logstash_unit_override) utils.deploy_blueprint_resource( '{0}/restart.conf'.format(CONFIG_PATH), '{0}/restart.conf'.format(logstash_unit_override)) ctx.logger.info('Deploying Logstash conf...') utils.deploy_blueprint_resource( '{0}/logstash.conf'.format(CONFIG_PATH), '{0}/logstash.conf'.format(logstash_conf_path)) ctx.logger.info('Deploying Logstash sysconfig...') utils.deploy_blueprint_resource( '{0}/logstash'.format(CONFIG_PATH), '/etc/sysconfig/logstash') utils.logrotate('logstash') utils.sudo(['/sbin/chkconfig', 'logstash', 'on']) utils.clean_var_log_dir('logstash')
def deploy_broker_configuration(): # Set broker port for rabbit broker_port_ssl = 5671 broker_port_no_ssl = 5672 # injected as an input to the script ctx.instance.runtime_properties['es_endpoint_ip'] = \ os.environ['ES_ENDPOINT_IP'] es_props = utils.ctx_factory.get('elasticsearch') ctx.instance.runtime_properties['es_endpoint_port'] = \ es_props['es_endpoint_port'] rabbit_props = utils.ctx_factory.get('rabbitmq') ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip( rabbit_props.get('rabbitmq_endpoint_ip')) rabbitmq_ssl_enabled = rabbit_props['rabbitmq_ssl_enabled'] rabbitmq_cert_public = rabbit_props['rabbitmq_cert_public'] ctx.instance.runtime_properties['rabbitmq_ssl_enabled'] = \ rabbitmq_ssl_enabled ctx.instance.runtime_properties['rabbitmq_username'] = \ rabbit_props.get('rabbitmq_username') ctx.instance.runtime_properties['rabbitmq_password'] = \ rabbit_props.get('rabbitmq_password') ctx.logger.info('Retrieving postgresql input configuration') postgresql_props = utils.ctx_factory.get('postgresql-9.5') ctx.instance.runtime_properties['postgresql_db_name'] = \ postgresql_props.get('postgresql_db_name') ctx.instance.runtime_properties['postgresql_host'] = \ postgresql_props.get('postgresql_host') # Add certificate and select port, as applicable if rabbitmq_ssl_enabled: broker_cert_path = os.path.join(REST_SERVICE_HOME, 'amqp_pub.pem') utils.deploy_ssl_certificate('public', broker_cert_path, 'root', rabbitmq_cert_public) ctx.instance.runtime_properties['broker_cert_path'] = broker_cert_path # Use SSL port ctx.instance.runtime_properties['broker_port'] = broker_port_ssl else: # No SSL, don't use SSL port ctx.instance.runtime_properties['broker_port'] = broker_port_no_ssl if rabbitmq_cert_public is not None: ctx.logger.warn('Broker SSL cert supplied but SSL not enabled ' '(broker_ssl_enabled is False).')
def deploy_broker_configuration(): # injected as an input to the script rabbit_props = utils.ctx_factory.get('rabbitmq') ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip() ctx.instance.runtime_properties['rabbitmq_username'] = \ rabbit_props.get('rabbitmq_username') ctx.instance.runtime_properties['rabbitmq_password'] = \ rabbit_props.get('rabbitmq_password') ctx.logger.info('Retrieving postgresql input configuration') postgresql_props = utils.ctx_factory.get('postgresql-9.5') ctx.instance.runtime_properties['postgresql_db_name'] = \ postgresql_props.get('postgresql_db_name') ctx.instance.runtime_properties['postgresql_host'] = \ postgresql_props.get('postgresql_host') ctx.instance.runtime_properties['broker_cert_path'] = \ utils.INTERNAL_CERT_PATH
def deploy_broker_configuration(): # Set broker port for rabbit broker_port_ssl = 5671 broker_port_no_ssl = 5672 # injected as an input to the script rabbit_props = utils.ctx_factory.get('rabbitmq') ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip( rabbit_props.get('rabbitmq_endpoint_ip')) rabbitmq_ssl_enabled = rabbit_props['rabbitmq_ssl_enabled'] rabbitmq_cert_public = rabbit_props['rabbitmq_cert_public'] ctx.instance.runtime_properties['rabbitmq_ssl_enabled'] = \ rabbitmq_ssl_enabled ctx.instance.runtime_properties['rabbitmq_username'] = \ rabbit_props.get('rabbitmq_username') ctx.instance.runtime_properties['rabbitmq_password'] = \ rabbit_props.get('rabbitmq_password') ctx.logger.info('Retrieving postgresql input configuration') postgresql_props = utils.ctx_factory.get('postgresql-9.5') ctx.instance.runtime_properties['postgresql_db_name'] = \ postgresql_props.get('postgresql_db_name') ctx.instance.runtime_properties['postgresql_host'] = \ postgresql_props.get('postgresql_host') # Add certificate and select port, as applicable if rabbitmq_ssl_enabled: broker_cert_path = os.path.join(REST_SERVICE_HOME, 'amqp_pub.pem') utils.deploy_ssl_certificate( 'public', broker_cert_path, 'root', rabbitmq_cert_public) ctx.instance.runtime_properties['broker_cert_path'] = broker_cert_path # Use SSL port ctx.instance.runtime_properties['broker_port'] = broker_port_ssl else: # No SSL, don't use SSL port ctx.instance.runtime_properties['broker_port'] = broker_port_no_ssl if rabbitmq_cert_public is not None: ctx.logger.warn('Broker SSL cert supplied but SSL not enabled ' '(broker_ssl_enabled is False).')
def install_amqpinflux(): amqpinflux_rpm_source_url = \ ctx_properties['amqpinflux_rpm_source_url'] # injected as an input to the script ctx.instance.runtime_properties['influxdb_endpoint_ip'] = \ os.environ['INFLUXDB_ENDPOINT_IP'] rabbit_props = utils.ctx_factory.get('rabbitmq') ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip( rabbit_props.get('rabbitmq_endpoint_ip')) ctx.instance.runtime_properties['rabbitmq_username'] = \ rabbit_props.get('rabbitmq_username') ctx.instance.runtime_properties['rabbitmq_password'] = \ rabbit_props.get('rabbitmq_password') ctx.instance.runtime_properties['rabbitmq_ssl_enabled'] = \ rabbit_props.get('rabbitmq_ssl_enabled') amqpinflux_user = '******' amqpinflux_group = 'amqpinflux' amqpinflux_venv = '{0}/env'.format(AMQPINFLUX_HOME) ctx.logger.info('Installing AQMPInflux...') utils.set_selinux_permissive() utils.copy_notice(AMQPINFLUX_SERVICE_NAME) utils.mkdir(AMQPINFLUX_HOME) utils.yum_install(amqpinflux_rpm_source_url, service_name=AMQPINFLUX_SERVICE_NAME) _install_optional(amqpinflux_venv) utils.create_service_user(amqpinflux_user, AMQPINFLUX_HOME) _deploy_broker_configuration(amqpinflux_group) ctx.logger.info('Fixing permissions...') utils.chown(amqpinflux_user, amqpinflux_group, AMQPINFLUX_HOME) utils.systemd.configure(AMQPINFLUX_SERVICE_NAME)
def deploy_broker_configuration(): # injected as an input to the script rabbit_props = utils.ctx_factory.get('rabbitmq') ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip() ctx.instance.runtime_properties['rabbitmq_ssl_enabled'] = True ctx.instance.runtime_properties['rabbitmq_username'] = \ rabbit_props.get('rabbitmq_username') ctx.instance.runtime_properties['rabbitmq_password'] = \ rabbit_props.get('rabbitmq_password') ctx.logger.info('Retrieving postgresql input configuration') postgresql_props = utils.ctx_factory.get('postgresql-9.5') ctx.instance.runtime_properties['postgresql_db_name'] = \ postgresql_props.get('postgresql_db_name') ctx.instance.runtime_properties['postgresql_host'] = \ postgresql_props.get('postgresql_host') # Add certificate and select port, as applicable ctx.instance.runtime_properties['broker_cert_path'] = \ utils.INTERNAL_CERT_PATH # Use SSL port ctx.instance.runtime_properties['broker_port'] = 5671
def install_riemann(): langohr_source_url = ctx_properties['langohr_jar_source_url'] daemonize_source_url = ctx_properties['daemonize_rpm_source_url'] riemann_source_url = ctx_properties['riemann_rpm_source_url'] # Needed for Riemann's config cloudify_resources_url = ctx_properties['cloudify_resources_url'] rabbitmq_username = ctx_properties['rabbitmq_username'] rabbitmq_password = ctx_properties['rabbitmq_password'] riemann_config_path = '/etc/riemann' riemann_log_path = '/var/log/cloudify/riemann' langohr_home = '/opt/lib' extra_classpath = '{0}/langohr.jar'.format(langohr_home) # Confirm username and password have been supplied for broker before # continuing. # Components other than logstash and riemann have this handled in code. # Note that these are not directly used in this script, but are used by the # deployed resources, hence the check here. if not rabbitmq_username or not rabbitmq_password: ctx.abort_operation( 'Both rabbitmq_username and rabbitmq_password must be supplied ' 'and at least 1 character long in the manager blueprint inputs.') rabbit_props = utils.ctx_factory.get('rabbitmq') ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip( rabbit_props.get('rabbitmq_endpoint_ip')) ctx.instance.runtime_properties['rabbitmq_username'] = \ rabbit_props.get('rabbitmq_username') ctx.instance.runtime_properties['rabbitmq_password'] = \ rabbit_props.get('rabbitmq_password') ctx.logger.info('Installing Riemann...') utils.set_selinux_permissive() utils.copy_notice(RIEMANN_SERVICE_NAME) utils.mkdir(riemann_log_path) utils.mkdir(langohr_home) utils.mkdir(riemann_config_path) utils.mkdir('{0}/conf.d'.format(riemann_config_path)) langohr = utils.download_cloudify_resource(langohr_source_url, RIEMANN_SERVICE_NAME) utils.sudo(['cp', langohr, extra_classpath]) ctx.logger.info('Applying Langohr permissions...') utils.sudo(['chmod', '644', extra_classpath]) utils.yum_install(daemonize_source_url, service_name=RIEMANN_SERVICE_NAME) utils.yum_install(riemann_source_url, service_name=RIEMANN_SERVICE_NAME) utils.logrotate(RIEMANN_SERVICE_NAME) ctx.logger.info('Downloading cloudify-manager Repository...') manager_repo = utils.download_cloudify_resource(cloudify_resources_url, RIEMANN_SERVICE_NAME) ctx.logger.info('Extracting Manager Repository...') utils.untar(manager_repo, '/tmp') ctx.logger.info('Deploying Riemann manager.config...') utils.move( '/tmp/plugins/riemann-controller/riemann_controller/resources/manager.config', # NOQA '{0}/conf.d/manager.config'.format(riemann_config_path)) ctx.logger.info('Deploying Riemann conf...') utils.deploy_blueprint_resource( '{0}/main.clj'.format(CONFIG_PATH), '{0}/main.clj'.format(riemann_config_path), RIEMANN_SERVICE_NAME) # our riemann configuration will (by default) try to read these environment # variables. If they don't exist, it will assume # that they're found at "localhost" # export MANAGEMENT_IP="" # export RABBITMQ_HOST="" # we inject the management_ip for both of these to Riemann's systemd # config. # These should be potentially different # if the manager and rabbitmq are running on different hosts. utils.systemd.configure(RIEMANN_SERVICE_NAME) utils.clean_var_log_dir(RIEMANN_SERVICE_NAME)
def install_riemann(): langohr_source_url = ctx_properties['langohr_jar_source_url'] daemonize_source_url = ctx_properties['daemonize_rpm_source_url'] riemann_source_url = ctx_properties['riemann_rpm_source_url'] # Needed for Riemann's config cloudify_resources_url = ctx_properties['cloudify_resources_url'] rabbitmq_username = ctx_properties['rabbitmq_username'] rabbitmq_password = ctx_properties['rabbitmq_password'] riemann_config_path = '/etc/riemann' riemann_log_path = '/var/log/cloudify/riemann' langohr_home = '/opt/lib' extra_classpath = '{0}/langohr.jar'.format(langohr_home) # Confirm username and password have been supplied for broker before # continuing. # Components other than logstash and riemann have this handled in code. # Note that these are not directly used in this script, but are used by the # deployed resources, hence the check here. if not rabbitmq_username or not rabbitmq_password: ctx.abort_operation( 'Both rabbitmq_username and rabbitmq_password must be supplied ' 'and at least 1 character long in the manager blueprint inputs.') rabbit_props = utils.ctx_factory.get('rabbitmq') ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip( rabbit_props.get('rabbitmq_endpoint_ip')) ctx.instance.runtime_properties['rabbitmq_username'] = \ rabbit_props.get('rabbitmq_username') ctx.instance.runtime_properties['rabbitmq_password'] = \ rabbit_props.get('rabbitmq_password') ctx.logger.info('Installing Riemann...') utils.set_selinux_permissive() utils.copy_notice(RIEMANN_SERVICE_NAME) utils.mkdir(riemann_log_path) utils.mkdir(langohr_home) utils.mkdir(riemann_config_path) utils.mkdir('{0}/conf.d'.format(riemann_config_path)) langohr = utils.download_cloudify_resource(langohr_source_url, RIEMANN_SERVICE_NAME) utils.sudo(['cp', langohr, extra_classpath]) ctx.logger.info('Applying Langohr permissions...') utils.sudo(['chmod', '644', extra_classpath]) utils.yum_install(daemonize_source_url, service_name=RIEMANN_SERVICE_NAME) utils.yum_install(riemann_source_url, service_name=RIEMANN_SERVICE_NAME) utils.logrotate(RIEMANN_SERVICE_NAME) ctx.logger.info('Downloading cloudify-manager Repository...') manager_repo = utils.download_cloudify_resource(cloudify_resources_url, RIEMANN_SERVICE_NAME) ctx.logger.info('Extracting Manager Repository...') utils.untar(manager_repo, '/tmp') ctx.logger.info('Deploying Riemann manager.config...') utils.move( '/tmp/plugins/riemann-controller/riemann_controller/resources/manager.config', # NOQA '{0}/conf.d/manager.config'.format(riemann_config_path)) ctx.logger.info('Deploying Riemann conf...') utils.deploy_blueprint_resource('{0}/main.clj'.format(CONFIG_PATH), '{0}/main.clj'.format(riemann_config_path), RIEMANN_SERVICE_NAME) # our riemann configuration will (by default) try to read these environment # variables. If they don't exist, it will assume # that they're found at "localhost" # export MANAGEMENT_IP="" # export RABBITMQ_HOST="" # we inject the management_ip for both of these to Riemann's systemd # config. # These should be potentially different # if the manager and rabbitmq are running on different hosts. utils.systemd.configure(RIEMANN_SERVICE_NAME) utils.clean_var_log_dir(RIEMANN_SERVICE_NAME)
def install_logstash(): logstash_unit_override = '/etc/systemd/system/logstash.service.d' logstash_source_url = ctx_properties['logstash_rpm_source_url'] rabbitmq_username = ctx_properties['rabbitmq_username'] rabbitmq_password = ctx_properties['rabbitmq_password'] logstash_log_path = '/var/log/cloudify/logstash' logstash_conf_path = '/etc/logstash/conf.d' # injected as an input to the script ctx.instance.runtime_properties['es_endpoint_ip'] = \ os.environ['ES_ENDPOINT_IP'] elasticsearch_props = utils.ctx_factory.get('elasticsearch') ctx.instance.runtime_properties['es_endpoint_port'] = \ elasticsearch_props['es_endpoint_port'] rabbit_props = utils.ctx_factory.get('rabbitmq') ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip( rabbit_props.get('rabbitmq_endpoint_ip')) ctx.instance.runtime_properties['rabbitmq_username'] = \ rabbit_props['rabbitmq_username'] ctx.instance.runtime_properties['rabbitmq_password'] = \ rabbit_props['rabbitmq_password'] # Confirm username and password have been supplied for broker before # continuing. # Components other than logstash and riemann have this handled in code. # Note that these are not directly used in this script, but are used by the # deployed resources, hence the check here. if not rabbitmq_username or not rabbitmq_password: ctx.abort_operation( 'Both rabbitmq_username and rabbitmq_password must be supplied ' 'and at least 1 character long in the manager blueprint inputs.') ctx.logger.info('Installing Logstash...') utils.set_selinux_permissive() utils.copy_notice(LOGSTASH_SERVICE_NAME) utils.yum_install(logstash_source_url, service_name=LOGSTASH_SERVICE_NAME) utils.mkdir(logstash_log_path) utils.chown('logstash', 'logstash', logstash_log_path) ctx.logger.debug('Creating systemd unit override...') utils.mkdir(logstash_unit_override) utils.deploy_blueprint_resource( '{0}/restart.conf'.format(CONFIG_PATH), '{0}/restart.conf'.format(logstash_unit_override), LOGSTASH_SERVICE_NAME) ctx.logger.info('Deploying Logstash configuration...') utils.deploy_blueprint_resource( '{0}/logstash.conf'.format(CONFIG_PATH), '{0}/logstash.conf'.format(logstash_conf_path), LOGSTASH_SERVICE_NAME) # Due to a bug in the handling of configuration files, # configuration files with the same name cannot be deployed. # Since the logrotate config file is called `logstash`, # we change the name of the logstash env vars config file # from logstash to cloudify-logstash to be consistent with # other service env var files. init_file = '/etc/init.d/logstash' utils.replace_in_file('sysconfig/\$name', 'sysconfig/cloudify-$name', init_file) utils.chmod('755', init_file) utils.chown('root', 'root', init_file) ctx.logger.debug('Deploying Logstash sysconfig...') utils.deploy_blueprint_resource( '{0}/cloudify-logstash'.format(CONFIG_PATH), '/etc/sysconfig/cloudify-logstash', LOGSTASH_SERVICE_NAME) utils.logrotate(LOGSTASH_SERVICE_NAME) utils.sudo(['/sbin/chkconfig', 'logstash', 'on']) utils.clean_var_log_dir(LOGSTASH_SERVICE_NAME)
def install_mgmtworker(): management_worker_rpm_source_url = \ ctx_properties['management_worker_rpm_source_url'] # these must all be exported as part of the start operation. # they will not persist, so we should use the new agent # don't forget to change all localhosts to the relevant ips mgmtworker_home = '/opt/mgmtworker' mgmtworker_venv = '{0}/env'.format(mgmtworker_home) celery_work_dir = '{0}/work'.format(mgmtworker_home) celery_log_dir = "/var/log/cloudify/mgmtworker" broker_port_ssl = '5671' broker_port_no_ssl = '5672' rabbitmq_ssl_enabled = ctx_properties['rabbitmq_ssl_enabled'] ctx.logger.info("rabbitmq_ssl_enabled: {0}".format(rabbitmq_ssl_enabled)) rabbitmq_cert_public = ctx_properties['rabbitmq_cert_public'] ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip( ctx_properties.get('rabbitmq_endpoint_ip')) # Fix possible injections in json of rabbit credentials # See json.org for string spec for key in ['rabbitmq_username', 'rabbitmq_password']: # We will not escape newlines or other control characters, # we will accept them breaking # things noisily, e.g. on newlines and backspaces. # TODO: add: # sed 's/"/\\"/' | sed 's/\\/\\\\/' | sed s-/-\\/- | sed 's/\t/\\t/' ctx.instance.runtime_properties[key] = ctx_properties[key] # Make the ssl enabled flag work with json (boolean in lower case) # TODO: check if still needed: # broker_ssl_enabled = "$(echo ${rabbitmq_ssl_enabled} | tr '[:upper:]' '[:lower:]')" # NOQA ctx.instance.runtime_properties['rabbitmq_ssl_enabled'] = \ rabbitmq_ssl_enabled ctx.logger.info('Installing Management Worker...') utils.set_selinux_permissive() utils.copy_notice(MGMT_WORKER_SERVICE_NAME) utils.mkdir(mgmtworker_home) utils.mkdir('{0}/config'.format(mgmtworker_home)) utils.mkdir(celery_log_dir) utils.mkdir(celery_work_dir) # this create the mgmtworker_venv and installs the relevant # modules into it. utils.yum_install(management_worker_rpm_source_url, service_name=MGMT_WORKER_SERVICE_NAME) _install_optional(mgmtworker_venv) # Add certificate and select port, as applicable if rabbitmq_ssl_enabled: broker_cert_path = '{0}/amqp_pub.pem'.format(mgmtworker_home) utils.deploy_ssl_certificate('public', broker_cert_path, 'root', rabbitmq_cert_public) ctx.instance.runtime_properties['broker_cert_path'] = broker_cert_path # Use SSL port ctx.instance.runtime_properties['broker_port'] = broker_port_ssl else: # No SSL, don't use SSL port ctx.instance.runtime_properties['broker_port'] = broker_port_no_ssl if rabbitmq_cert_public is not None: ctx.logger.warn('Broker SSL cert supplied but SSL not enabled ' '(broker_ssl_enabled is False).') ctx.logger.info("broker_port: {0}".format( ctx.instance.runtime_properties['broker_port'])) ctx.logger.info('Configuring Management worker...') # Deploy the broker configuration # TODO: This will break interestingly if mgmtworker_venv is empty. # Some sort of check for that would be sensible. # To sandy: I don't quite understand this check... # there is no else here.. # for python_path in ${mgmtworker_venv}/lib/python*; do if os.path.isfile(os.path.join(mgmtworker_venv, 'bin/python')): broker_conf_path = os.path.join(celery_work_dir, 'broker_config.json') utils.deploy_blueprint_resource( '{0}/broker_config.json'.format(CONFIG_PATH), broker_conf_path, MGMT_WORKER_SERVICE_NAME) # The config contains credentials, do not let the world read it utils.sudo(['chmod', '440', broker_conf_path]) utils.systemd.configure(MGMT_WORKER_SERVICE_NAME) utils.logrotate(MGMT_WORKER_SERVICE_NAME)
def install_logstash(): logstash_unit_override = '/etc/systemd/system/logstash.service.d' logstash_source_url = ctx_properties['logstash_rpm_source_url'] rabbitmq_username = ctx_properties['rabbitmq_username'] rabbitmq_password = ctx_properties['rabbitmq_password'] logstash_log_path = '/var/log/cloudify/logstash' logstash_conf_path = '/etc/logstash/conf.d' # injected as an input to the script ctx.instance.runtime_properties['es_endpoint_ip'] = \ os.environ['ES_ENDPOINT_IP'] elasticsearch_props = utils.ctx_factory.get('elasticsearch') ctx.instance.runtime_properties['es_endpoint_port'] = \ elasticsearch_props['es_endpoint_port'] rabbit_props = utils.ctx_factory.get('rabbitmq') ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip( rabbit_props.get('rabbitmq_endpoint_ip')) ctx.instance.runtime_properties['rabbitmq_username'] = \ rabbit_props['rabbitmq_username'] ctx.instance.runtime_properties['rabbitmq_password'] = \ rabbit_props['rabbitmq_password'] # Confirm username and password have been supplied for broker before # continuing. # Components other than logstash and riemann have this handled in code. # Note that these are not directly used in this script, but are used by the # deployed resources, hence the check here. if not rabbitmq_username or not rabbitmq_password: ctx.abort_operation( 'Both rabbitmq_username and rabbitmq_password must be supplied ' 'and at least 1 character long in the manager blueprint inputs.') ctx.logger.info('Installing Logstash...') utils.set_selinux_permissive() utils.copy_notice(LOGSTASH_SERVICE_NAME) utils.yum_install(logstash_source_url, service_name=LOGSTASH_SERVICE_NAME) utils.mkdir(logstash_log_path) utils.chown('logstash', 'logstash', logstash_log_path) ctx.logger.info('Creating systemd unit override...') utils.mkdir(logstash_unit_override) utils.deploy_blueprint_resource( '{0}/restart.conf'.format(CONFIG_PATH), '{0}/restart.conf'.format(logstash_unit_override), LOGSTASH_SERVICE_NAME) ctx.logger.info('Deploying Logstash conf...') utils.deploy_blueprint_resource( '{0}/logstash.conf'.format(CONFIG_PATH), '{0}/logstash.conf'.format(logstash_conf_path), LOGSTASH_SERVICE_NAME) # Due to a bug in the handling of configuration files, # configuration files with the same name cannot be deployed. # Since the logrotate config file is called `logstash`, # we change the name of the logstash env vars config file # from logstash to cloudify-logstash to be consistent with # other service env var files. init_file = '/etc/init.d/logstash' utils.replace_in_file( 'sysconfig/\$name', 'sysconfig/cloudify-$name', init_file) utils.chmod('755', init_file) utils.chown('root', 'root', init_file) ctx.logger.info('Deploying Logstash sysconfig...') utils.deploy_blueprint_resource( '{0}/cloudify-logstash'.format(CONFIG_PATH), '/etc/sysconfig/cloudify-logstash', LOGSTASH_SERVICE_NAME) utils.logrotate(LOGSTASH_SERVICE_NAME) utils.sudo(['/sbin/chkconfig', 'logstash', 'on']) utils.clean_var_log_dir(LOGSTASH_SERVICE_NAME)
def install_riemann(): langohr_source_url = ctx_properties['langohr_jar_source_url'] daemonize_source_url = ctx_properties['daemonize_rpm_source_url'] riemann_source_url = ctx_properties['riemann_rpm_source_url'] rabbitmq_username = ctx_properties['rabbitmq_username'] rabbitmq_password = ctx_properties['rabbitmq_password'] utils.create_service_user( user=RIEMANN_USER, group=RIEMANN_GROUP, home=utils.CLOUDIFY_HOME_DIR ) riemann_config_path = '/etc/riemann' riemann_log_path = '/var/log/cloudify/riemann' langohr_home = '/opt/lib' extra_classpath = '{0}/langohr.jar'.format(langohr_home) riemann_dir = '/opt/riemann' # Confirm username and password have been supplied for broker before # continuing. # Components other than logstash and riemann have this handled in code. # Note that these are not directly used in this script, but are used by the # deployed resources, hence the check here. if not rabbitmq_username or not rabbitmq_password: ctx.abort_operation( 'Both rabbitmq_username and rabbitmq_password must be supplied ' 'and at least 1 character long in the manager blueprint inputs.') rabbit_props = utils.ctx_factory.get('rabbitmq') runtime_props['rabbitmq_endpoint_ip'] = utils.get_rabbitmq_endpoint_ip() runtime_props['rabbitmq_username'] = rabbit_props.get('rabbitmq_username') runtime_props['rabbitmq_password'] = rabbit_props.get('rabbitmq_password') ctx.logger.info('Installing Riemann...') utils.set_selinux_permissive() utils.copy_notice(RIEMANN_SERVICE_NAME) utils.mkdir(riemann_log_path) utils.mkdir(langohr_home) utils.mkdir(riemann_config_path) utils.mkdir('{0}/conf.d'.format(riemann_config_path)) # utils.chown cannot be used as it will change both user and group utils.sudo(['chown', RIEMANN_USER, riemann_dir]) langohr = utils.download_cloudify_resource(langohr_source_url, RIEMANN_SERVICE_NAME) utils.sudo(['cp', langohr, extra_classpath]) ctx.logger.info('Applying Langohr permissions...') utils.sudo(['chmod', '644', extra_classpath]) utils.yum_install(daemonize_source_url, service_name=RIEMANN_SERVICE_NAME) utils.yum_install(riemann_source_url, service_name=RIEMANN_SERVICE_NAME) utils.chown(RIEMANN_USER, RIEMANN_GROUP, riemann_log_path) utils.logrotate(RIEMANN_SERVICE_NAME) files_to_remove = [riemann_config_path, riemann_log_path, extra_classpath, riemann_dir] runtime_props['files_to_remove'] = files_to_remove
def install_mgmtworker(): management_worker_rpm_source_url = \ ctx_properties['management_worker_rpm_source_url'] # these must all be exported as part of the start operation. # they will not persist, so we should use the new agent # don't forget to change all localhosts to the relevant ips mgmtworker_home = '/opt/mgmtworker' mgmtworker_venv = '{0}/env'.format(mgmtworker_home) celery_work_dir = '{0}/work'.format(mgmtworker_home) celery_log_dir = "/var/log/cloudify/mgmtworker" broker_port_ssl = '5671' broker_port_no_ssl = '5672' rabbit_props = utils.ctx_factory.get('rabbitmq') rabbitmq_ssl_enabled = rabbit_props['rabbitmq_ssl_enabled'] ctx.logger.info("rabbitmq_ssl_enabled: {0}".format(rabbitmq_ssl_enabled)) rabbitmq_cert_public = rabbit_props['rabbitmq_cert_public'] ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip( rabbit_props.get('rabbitmq_endpoint_ip')) # Fix possible injections in json of rabbit credentials # See json.org for string spec for key in ['rabbitmq_username', 'rabbitmq_password']: # We will not escape newlines or other control characters, # we will accept them breaking # things noisily, e.g. on newlines and backspaces. # TODO: add: # sed 's/"/\\"/' | sed 's/\\/\\\\/' | sed s-/-\\/- | sed 's/\t/\\t/' ctx.instance.runtime_properties[key] = ctx_properties[key] # Make the ssl enabled flag work with json (boolean in lower case) # TODO: check if still needed: # broker_ssl_enabled = "$(echo ${rabbitmq_ssl_enabled} | tr '[:upper:]' '[:lower:]')" # NOQA ctx.instance.runtime_properties['rabbitmq_ssl_enabled'] = \ rabbitmq_ssl_enabled ctx.logger.info('Installing Management Worker...') utils.set_selinux_permissive() utils.copy_notice(MGMT_WORKER_SERVICE_NAME) utils.mkdir(mgmtworker_home) utils.mkdir('{0}/config'.format(mgmtworker_home)) utils.mkdir(celery_log_dir) utils.mkdir(celery_work_dir) # this create the mgmtworker_venv and installs the relevant # modules into it. utils.yum_install(management_worker_rpm_source_url, service_name=MGMT_WORKER_SERVICE_NAME) _install_optional(mgmtworker_venv) # Add certificate and select port, as applicable if rabbitmq_ssl_enabled: broker_cert_path = '{0}/amqp_pub.pem'.format(mgmtworker_home) utils.deploy_ssl_certificate( 'public', broker_cert_path, 'root', rabbitmq_cert_public) ctx.instance.runtime_properties['broker_cert_path'] = broker_cert_path # Use SSL port ctx.instance.runtime_properties['broker_port'] = broker_port_ssl else: # No SSL, don't use SSL port ctx.instance.runtime_properties['broker_port'] = broker_port_no_ssl if rabbitmq_cert_public is not None: ctx.logger.warn('Broker SSL cert supplied but SSL not enabled ' '(broker_ssl_enabled is False).') ctx.logger.info("broker_port: {0}".format( ctx.instance.runtime_properties['broker_port'])) ctx.logger.info('Configuring Management worker...') # Deploy the broker configuration # TODO: This will break interestingly if mgmtworker_venv is empty. # Some sort of check for that would be sensible. # To sandy: I don't quite understand this check... # there is no else here.. # for python_path in ${mgmtworker_venv}/lib/python*; do if os.path.isfile(os.path.join(mgmtworker_venv, 'bin/python')): broker_conf_path = os.path.join(celery_work_dir, 'broker_config.json') utils.deploy_blueprint_resource( '{0}/broker_config.json'.format(CONFIG_PATH), broker_conf_path, MGMT_WORKER_SERVICE_NAME) # The config contains credentials, do not let the world read it utils.sudo(['chmod', '440', broker_conf_path]) utils.systemd.configure(MGMT_WORKER_SERVICE_NAME) utils.logrotate(MGMT_WORKER_SERVICE_NAME)
def install_mgmtworker(): management_worker_rpm_source_url = \ ctx_properties['management_worker_rpm_source_url'] # these must all be exported as part of the start operation. # they will not persist, so we should use the new agent # don't forget to change all localhosts to the relevant ips mgmtworker_home = '/opt/mgmtworker' mgmtworker_venv = '{0}/env'.format(mgmtworker_home) celery_work_dir = '{0}/work'.format(mgmtworker_home) celery_log_dir = "/var/log/cloudify/mgmtworker" broker_port_ssl = '5671' broker_port_no_ssl = '5672' rabbit_props = utils.ctx_factory.get('rabbitmq') rabbitmq_ssl_enabled = rabbit_props['rabbitmq_ssl_enabled'] ctx.logger.info("rabbitmq_ssl_enabled: {0}".format(rabbitmq_ssl_enabled)) rabbitmq_cert_public = rabbit_props['rabbitmq_cert_public'] ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \ utils.get_rabbitmq_endpoint_ip( rabbit_props.get('rabbitmq_endpoint_ip')) # Fix possible injections in json of rabbit credentials # See json.org for string spec for key in ['rabbitmq_username', 'rabbitmq_password']: # We will not escape newlines or other control characters, # we will accept them breaking # things noisily, e.g. on newlines and backspaces. # TODO: add: # sed 's/"/\\"/' | sed 's/\\/\\\\/' | sed s-/-\\/- | sed 's/\t/\\t/' ctx.instance.runtime_properties[key] = ctx_properties[key] # Make the ssl enabled flag work with json (boolean in lower case) # TODO: check if still needed: # broker_ssl_enabled = "$(echo ${rabbitmq_ssl_enabled} | tr '[:upper:]' '[:lower:]')" # NOQA ctx.instance.runtime_properties['rabbitmq_ssl_enabled'] = \ rabbitmq_ssl_enabled ctx.logger.info('Installing Management Worker...') utils.set_selinux_permissive() utils.copy_notice(MGMT_WORKER_SERVICE_NAME) utils.mkdir(mgmtworker_home) utils.mkdir('{0}/config'.format(mgmtworker_home)) utils.mkdir(celery_log_dir) utils.mkdir(celery_work_dir) # this create the mgmtworker_venv and installs the relevant # modules into it. utils.yum_install(management_worker_rpm_source_url, service_name=MGMT_WORKER_SERVICE_NAME) _install_optional(mgmtworker_venv) # Add certificate and select port, as applicable if rabbitmq_ssl_enabled: broker_cert_path = '{0}/amqp_pub.pem'.format(mgmtworker_home) utils.deploy_ssl_certificate('public', broker_cert_path, 'root', rabbitmq_cert_public) ctx.instance.runtime_properties['broker_cert_path'] = broker_cert_path # Use SSL port ctx.instance.runtime_properties['broker_port'] = broker_port_ssl else: # No SSL, don't use SSL port ctx.instance.runtime_properties['broker_port'] = broker_port_no_ssl if rabbitmq_cert_public is not None: ctx.logger.warn('Broker SSL cert supplied but SSL not enabled ' '(broker_ssl_enabled is False).') ctx.logger.info("broker_port: {0}".format( ctx.instance.runtime_properties['broker_port']))