Esempio n. 1
0
def create_cert():
    """
    Create SSL certificates.
    """

    etc_dir = "/etc/cozy"
    require.files.directory(etc_dir, use_sudo=True, owner="cozy")
    with cd(etc_dir):
        sudo("openssl genrsa -out ./server.key 1024")
        sudo("openssl req -new -x509 -days 3650 -key " + "./server.key -out ./server.crt  -batch")
        sudo("chmod 640 server.key")
        require.group("ssl-cert")
        sudo("chown cozy:ssl-cert ./server.key")
    print(green("Certificates successfully created."))
Esempio n. 2
0
def prepare_env():
    require.deb.package('sudo')
    require.group('supervisor')
    fabtools.user.modify(env.user, extra_groups=['supervisor', 'sudo'])
    #ElasticSearch
    fabtools.deb.add_apt_key(url='http://packages.elasticsearch.org/GPG-KEY-elasticsearch')
    require.deb.source('elasticsearch', 'http://packages.elasticsearch.org/elasticsearch/1.2/debian', 'stable', 'main')
    #MongoDB
    fabtools.deb.add_apt_key(keyid='7F0CEB10', keyserver='hkp://keyserver.ubuntu.com:80')
    require.deb.source('mongodb', 'http://downloads-distro.mongodb.org/repo/ubuntu-upstart', 'dist', '10gen')
    fabtools.deb.update_index
    require.deb.packages([
        'python-dev',
        'python-pip',
        'python-virtualenv',
        'build-essential',
        'git',
        'supervisor',
        'openjdk-7-jre-headless',
        'nginx',
        'elasticsearch',
        'libjpeg-dev',
        'zlib1g-dev',
        'libpng12-dev',
        'libfreetype6-dev',
        'gettext',
        'gettext-doc',
    ])
    require.deb.package('mongodb-org', version='2.6.4')
    fabtools.service.stop('mongod')
    #Mongod configuration
    sudo('sed -i "s/#replSet=setname/replSet=rs0/g" /etc/mongod.conf')
    sudo('sed -i "s/#oplogSize=1024/oplogSize=128/g" /etc/mongod.conf')
    sudo('grep smallfiles /etc/mongod.conf || echo "smallfiles = true" >> /etc/mongod.conf')
    #Make Elasticsearch start with boot
    sudo('update-rc.d elasticsearch defaults')
    #Plugins for ElasticSearch
    if not fabtools.files.is_dir('/usr/share/elasticsearch/plugins/mapper-attachments'):
        sudo('/usr/share/elasticsearch/bin/plugin --install elasticsearch/elasticsearch-mapper-attachments/2.3.1')
    if not fabtools.files.is_dir('/usr/share/elasticsearch/plugins/river-mongodb'):
        sudo('/usr/share/elasticsearch/bin/plugin --install com.github.richardwilly98.elasticsearch/elasticsearch-river-mongodb/2.0.1')
    # if not fabtools.files.is_dir('/usr/share/elasticsearch/plugins/jetty-1.2.1'):
    #     sudo('/usr/share/elasticsearch/bin/plugin -url https://oss-es-plugins.s3.amazonaws.com/elasticsearch-jetty/elasticsearch-jetty-1.2.1.zip -install elasticsearch-jetty-1.2.1')
    #Supervisor configuration
    fabtools.service.stop('supervisor')
    sudo('sed -i "s/chmod=0700.*/chmod=0770\\nchown=root:supervisor/g" /etc/supervisor/supervisord.conf')
    #Add security for elasticsearch
    sudo('iptables -A INPUT ! -s 127.0.0.1 -p tcp -m tcp --dport 9200 -j DROP')
    sudo('iptables -A INPUT ! -s 127.0.0.1 -p tcp -m tcp --dport 9300 -j DROP')
Esempio n. 3
0
def create_cert():
    '''
    Create SSL certificates.
    '''

    etc_dir = '/etc/cozy'
    require.files.directory(etc_dir, use_sudo=True, owner='cozy')
    with cd(etc_dir):
        sudo('openssl genrsa -out ./server.key 1024')
        sudo('openssl req -new -x509 -days 3650 -key ' +
             './server.key -out ./server.crt  -batch')
        sudo('chmod 640 server.key')
        require.group('ssl-cert')
        sudo('chown cozy:ssl-cert ./server.key')
    print(green('Certificates successfully created.'))
Esempio n. 4
0
def create_cert():
    '''
    Create SSL certificates.
    '''

    etc_dir = '/etc/cozy'
    require.files.directory(etc_dir, use_sudo=True, owner='cozy')
    with cd(etc_dir):
        sudo('openssl genrsa -out ./server.key 1024')
        sudo(
            'openssl req -new -x509 -days 3650 -key ' +
            './server.key -out ./server.crt  -batch')
        sudo('chmod 640 server.key')
        require.group('ssl-cert')
        sudo('chown cozy:ssl-cert ./server.key')
    print(green('Certificates successfully created.'))
Esempio n. 5
0
def _require_nightly_production_script():
    '''Create a script to backup openerp databases and plan execution 
    '''
    require.group(OPENERP_BACKUP_GROUP)
    require.directory(
        OPENERP_BACKUP_PATH, 
        owner=ADMIN_USER, group=OPENERP_BACKUP_GROUP, mode='755', use_sudo=True
    )
    command_pg_dump_lines , command_move_lines, command_put_ftp_lines = '', '', ''
    for database in OPENERP_DATABASES:
        command_pg_dump_lines += 'su - postgres -c "pg_dump --format=c %s --file=/tmp/postgres_%s.dump"\n' %(database, database)
        command_move_lines += 'mv /tmp/postgres_%s.dump $aRepertoireArchive' %(database)
        command_put_ftp_lines += 'put postgres_%s.dump' %(database)
    params = {
        'EMAIL_ADMIN' : EMAIL_ADMIN,
        'SERVER_HOSTNAME' : SERVER_HOSTNAME,
        'OPENERP_BACKUP_PATH' : OPENERP_BACKUP_PATH,
        'OPENERP_BACKUP_MAX_DAY' : OPENERP_BACKUP_MAX_DAY,
        'OPENERP_BACKUP_MAIL' : OPENERP_BACKUP_MAIL,
        'ADMIN_USER' : ADMIN_USER,
        'OPENERP_BACKUP_GROUP' : OPENERP_BACKUP_GROUP,
        'command_pg_dump_lines' : command_pg_dump_lines,
        'command_move_lines' : command_move_lines,
        'command_put_ftp_lines' : command_put_ftp_lines,
        'EXTERNAL_BACKUP_HOST' : EXTERNAL_BACKUP_HOST,
        'EXTERNAL_BACKUP_PORT' : EXTERNAL_BACKUP_PORT,
        'EXTERNAL_BACKUP_LOGIN' : EXTERNAL_BACKUP_LOGIN,
        'EXTERNAL_BACKUP_PASSWORD' : EXTERNAL_BACKUP_PASSWORD,
        'EXTERNAL_BACKUP_ROOT_FOLDER' : EXTERNAL_BACKUP_ROOT_FOLDER,
        'OPENERP_ERROR_LOG_NAME' : OPENERP_ERROR_LOG_NAME,
        'OPENERP_ERROR_LOG_PATH' : OPENERP_ERROR_LOG_PATH,
    }
    require.directory('/home/' + ADMIN_USER +'/scripts/',  mode='755', use_sudo=True)
    require.files.template_file(
        path = '/home/' + ADMIN_USER +'/scripts/nightly_production.sh',
        template_source = 'files/home/admin_user/scripts/nightly_production.sh',
        context = params,
        owner=ADMIN_USER, group=ADMIN_GROUP, mode='755', use_sudo = True,
    )
    cron.add_task('nightly_production', OPENERP_BACKUP_TIMESPEC, 'root', '/home/' + ADMIN_USER +'/scripts/nightly_production.sh')
    
    require.user(SYSTEM_BACKUP_USER,
        password=SYSTEM_BACKUP_PWD,
        group=OPENERP_BACKUP_GROUP, 
        create_group=False,
        home=OPENERP_BACKUP_PATH,
        )