def sudoers_oper():
"""push sudoers file for giving rights to oper (apply_system_patches)"""
opersudoers = '/etc/sudoers.d/oper'
if not file_exists('/etc/sudoers.d', use_sudo=True):
print red('/etc/sudoers.d does not exist')
return 1
else:
if file_exists(opersudoers, use_sudo=True):
sudo('> ' + opersudoers, warn_only=True, quiet=True)
append(
opersudoers,
'oper,%UsrOperator ALL=(root) NOPASSWD: /usr/local/bin/apply_system_patches --reboot yes --monitoring yes',
use_sudo=True)
append(
opersudoers,
'oper,%UsrOperator ALL=(root) NOPASSWD: /usr/local/bin/apply_system_patches --reboot no --monitoring no',
use_sudo=True)
append(
opersudoers,
'oper,%UsrOperator ALL=(root) NOPASSWD: /bin/grep apply /var/log/messages',
use_sudo=True)
append(opersudoers,
'oper,%UsrOperator ALL=(root) NOPASSWD: /sbin/reboot',
use_sudo=True)
print green('oper sudoers file has been pushed')
def setup_ssh():
with settings(user='******'):
if file_exists('~/.ssh/id_rsa.pub'):
return
require.files.directory('~/.ssh', owner='ml', group='ml', mode='0700')
# Upload ssh key pair in the asserts directory, used by git push and ssh to other hosts
fabric.operations.put('./assets/id_rsa.pub', '~/.ssh/id_rsa.pub')
fabric.operations.put('./assets/id_rsa', '~/.ssh/id_rsa', mode="600")
def setup_external_disks():
require.files.directories(['/mnt/ml', '/mnt/data'], owner='ml')
if not file_exists('/dev/vdb1'):
run('parted -a optimal /dev/vdb mklabel gpt mkpart primary ext4 0% 100%'
)
run('mkfs.ext4 /dev/vdb1')
if file_exists('/dev/vdc') and not file_exists('/dev/vdc1'):
run('parted -a optimal /dev/vdc mkpart primary ext4 0% 100%')
run('mkfs.ext4 /dev/vdc1')
mount_disks()
require.files.directories(
['/mnt/ml/cache', '/mnt/ml/libs', '/mnt/ml/working'],
owner='ml',
)
def requirements():
"""Check requirements for Tripwire"""
if fabric.api.sudo("grep 'release 7' /etc/redhat-release",quiet=True).succeeded:
print blue("This is a Centos/RedHat 7 server. Please install AIDE.")
return 1
if not rpm_is_installed('glibc.*i686'):
print red("GlibC i686 is not installed")
if not file_exists("/usr/local/tripwire/tfs/bin/tripwire", use_sudo=True):
print red("Tripwire is not installed")
def check_shell():
"""Check if the apply_system_patches script is at the last version"""
if not file_exists('/usr/local/bin/apply_system_patches', use_sudo=True):
print yellow('ERROR - Apply_system_patches is not present !!!')
else:
x = sudo(
'''grep -sqi 'Christophe Villemont 06/01/17' /usr/local/bin/apply_system_patches''',
quiet=True)
if x.return_code > 0:
print yellow('ERROR - Old shell version !!!')
def check_path():
"""Check if apply_system_patches script has good path"""
if not file_exists('/usr/local/bin/apply_system_patches', use_sudo=True):
print yellow('Apply_system_patches is not present !!!')
else:
x = sudo(
'''grep -sqi 'PATH=$PATH:/sbin:/usr/sbin' /usr/local/bin/apply_system_patches''',
quiet=True)
if x.return_code > 0:
print yellow('Apply_system_patches has bad path !!!')
def setup_nvdia_driver():
if not file_exists('/etc/modprobe.d/blacklist-nouveau.conf'):
# Blacklist nouveau driver
put('assets/blacklist-nouveau.conf',
'/etc/modprobe.d/blacklist-nouveau.conf')
# Disable the Kernel nouveau
run('echo options nouveau modeset=0 | tee -a /etc/modprobe.d/nouveau-kms.conf'
)
run('update-initramfs -u')
run("shutdown -r +0")
mount_disks()
NVDIA_DRIVER_PATH = '/mnt/ml/cache/nvidia_driver.run'
if not file_exists('/usr/bin/nvidia-smi'):
with settings(user='******'):
download(
'http://us.download.nvidia.com/tesla/390.30/NVIDIA-Linux-x86_64-390.30.run',
NVDIA_DRIVER_PATH,
)
run('sh {} -q -a -n -s'.format(NVDIA_DRIVER_PATH))
def update_tripwire_check_ksh():
""" push a new tripwire_check.ksh file"""
source = os.path.join(DATA_DIR, 'tripwire')
checkfile = 'tripwire_check.ksh'
src = os.path.join(DATA_DIR, 'tripwire', checkfile)
dst = '/usr/local/tripwire/tfs/gentrip/tripwire_check.ksh'
if file_exists("/usr/local/tripwire/tfs/gentrip/tripwire_check.ksh", use_sudo=True):
put(local_path=src, remote_path=dst,use_sudo=True,mode=0755)
fabric.api.sudo('chown root:root /usr/local/tripwire/tfs/gentrip/tripwire_check.ksh')
else:
print red("Tripwire looks to be not installed")
def suivi_pci():
"""check if Tripwire is installed and scheduled"""
binary = "/usr/local/tripwire/tfs/bin/tripwire"
cron_file = "/etc/cron.d/tripwire"
cron_root = "/var/spool/cron/root"
# just make sure the binary is present
if file_exists(binary, use_sudo=True):
print "%s: Tripwire is installed" % env.host
else:
print red("%s: Tripwire is not installed" % env.host)
# make sure the integrity check is scheduled and active (not a comment)
# it is scheduled with cron and the file can be either in /etc/cron.d/tripwire
# or /var/spool/cron/root
if (file_exists(cron_file, use_sudo=True) and
file_contains(cron_file, '^[^#].*tripwire_check.ksh', use_sudo=True,escape=False)):
print "%s: Tripwire is scheduled" % env.host
elif (file_exists(cron_root, use_sudo=True) and
file_contains(cron_root, '^[^#].*tripwire_check.ksh', use_sudo=True,escape=False)):
print "%s: Tripwire is scheduled" % env.host
else:
print red("%s: Tripwire is not scheduled" % env.host)
def mount_disks():
"""
Mount external disk.
It should be called after every restart
"""
has_2_disks = file_exists('/dev/vdc')
if has_2_disks:
if not fabtools.disk.ismounted('/dev/vdb1'):
fabtools.disk.mount('/dev/vdb1', '/mnt/data')
fabtools.disk.mount('/dev/vdc1', '/mnt/ml')
else:
if not fabtools.disk.ismounted('/dev/vdb1'):
fabtools.disk.mount('/dev/vdb1', '/mnt/ml')
def update_vmware_tools_51():
"""update the VMware tools"""
with hide('stdout', 'stderr'):
# update rpm
sudo('yum -y --enablerepo=vmware-5.1 update vmware-tools-esx-nox')
# bug vmware-tools : rename the library libtimeSync.so
# http://communities.vmware.com/thread/423709?start=0&tstart=0
# http://www.chriscolotti.us/vmware/workaround-for-vsphere-5-1-guest-unable-to-collect-ipv4-routing-table/
bug_file = '/usr/lib/vmware-tools/plugins/vmsvc/libtimeSync.so'
bug_rename = '/usr/lib/vmware-tools/plugins/vmsvc/libtimeSync.so-'
if file_exists(bug_file):
sudo('mv %s %s' % (bug_file, bug_rename))
def install_python_pypy(version,
replace=False,
pypy_home='/opt/python-pypy',
mode='755'):
""" installs python pypy """
dir_ensure(pypy_home, mode=mode, use_sudo=True)
pypy_path = "%s/%s/bin/pypy" % (pypy_home, version)
pathname = "pypy-%s-linux_x86_64-portable" % version
tgz = "%s.tar.bz2" % pathname
url = "https://bitbucket.org/squeaky/portable-pypy/downloads/%s" % tgz
if not file_exists(pypy_path):
with cd(pypy_home):
sudo('wget -c %s' % url)
sudo('tar xjf %s' % tgz)
sudo('mv %s %s' % (pathname, version))
sudo('ln -s %s /usr/local/bin/pypy' % pypy_path)
def setup_sys_packages():
"""
Install and config common system packages, like vim, tmx, git ...
machine learning interrelated packages are not included
"""
fabtools.require.deb.uptodate_index(max_age={'day': 1})
require.deb.packages([
'htop',
'vim',
'unzip',
'p7zip-full',
'tree',
'curl',
'iftop',
'iotop',
'unrar-free',
'bzip2',
'bc',
'ack-grep',
'tmux',
'git',
])
# set vim as default editor
run('update-alternatives --set editor /usr/bin/vim.basic')
with settings(user='******'):
if file_exists('/home/ml/.tmux.conf'):
return
# tmux conf
put('assets/tmux.conf', '~/.tmux.conf')
# git config
git_user = os.environ.get('GIT_USER') or prompt(
'Enter your git username')
git_email = os.environ.get('GIT_EMAIL') or prompt(
'Enter your git email')
upload_template('assets/gitconfig',
'~/.gitconfig',
context={
'git_user': git_user,
'git_email': git_email,
})
def backup_files(site_name, path, tmpdir='/tmp'):
from time import gmtime, strftime
with cd(path):
date = strftime("%Y.%m.%d", gmtime())
gpg_file = 'files-%s.tgz.gpg' % date
local_file = "%s/vakap-%s" % (tmpdir, gpg_file)
s3_dest = "s3://%s/%s/%s" % (env.s3_bucket, site_name, gpg_file)
if s3_file_exists(s3_dest):
print " - File exists: %s. Skipping" % s3_dest
return
else:
print " - Taring and gziping directory: %s => %s" % (path, tmpdir)
if file_exists('current'):
run("tar czh current | gpg --encrypt --recipient %s > %s" %
(env.gpg_key, local_file))
else:
run("tar czh . | gpg --encrypt --recipient %s > %s" %
(env.gpg_key, local_file))
s3_upload(local_file, s3_dest)
def awl_script_is_installed():
"""Check if /usr/sbin/awl_sw_register_client_base.sh is installed."""
return file_exists('/usr/sbin/awl_sw_register_client_base.sh')
