Esempio n. 1
0
def _install_pnp4nagios():
    '''
    PNP4Nagios is design to work with Nagios - some hacking is needed to make it play nice with icinga, especially with file permissions
    creating files that the EPEL-package has missed. PNP4Nagios uses the NPCD-daemon to spool data from Icinga to Round Robin Databases. I.e
    using bulk mode, see http://docs.pnp4nagios.org/_detail/bulk.png

    '''
    # Get packages from epel repo
    install.epel_repo()
    x("yum install -y pnp4nagios icinga-web-module-pnp")

    # Pnp4 uses the nagios password file, which will not exist
    general.use_original_file("/etc/httpd/conf.d/pnp4nagios.conf")
    general.set_config_property("/etc/httpd/conf.d/pnp4nagios.conf",
                                "AuthName \"Nagios Access\"",
                                "AuthName \"Icinga Access\"", False)
    general.set_config_property("/etc/httpd/conf.d/pnp4nagios.conf",
                                "AuthUserFile /etc/nagios/passwd",
                                "AuthUserFile /etc/icinga/passwd", False)

    # NPCD config prepped to work with icinga instead of nagios
    x("cp {0}syco-private/var/nagios/npcd.cfg /etc/pnp4nagios/npcd.cfg".format(
        constant.SYCO_USR_PATH))
    x("chown icinga:icinga /etc/pnp4nagios/npcd.cfg")

    # Package-maker does create a log for process-perfdata. PBP goes bonkers if it can't find it
    x("touch /var/log/pnp4nagios/perfdata.log")

    # Since we are using icinga (not nagios) we need to change permissions.
    # Tried just adding icinga to nagios group but creates a dependency on PNP/Nagios package states which is not good.
    x("chown -R icinga:icinga /var/log/pnp4nagios")
    x("chown -R icinga:icinga /var/spool/pnp4nagios")
    x("chown -R icinga:icinga /var/lib/pnp4nagios")

    # Set npcd (bulk parser/spooler) to auto-start
    x(" /sbin/chkconfig --level 3 npcd on")

    # Setup LDAP-login for PNP4NAgios.
    general.use_original_file("/etc/httpd/conf.d/pnp4nagios.conf")
    x("rm -f /etc/httpd/conf.d/pnp4nagios.conf")
    x("cp -p {0}icinga/pnp4nagios.conf /etc/httpd/conf.d/".format(
        constant.SYCO_VAR_PATH))
    htconf = scopen.scOpen("/etc/httpd/conf.d/pnp4nagios.conf")
    htconf.replace("${BIND_DN}", "cn=sssd,%s" % config.general.get_ldap_dn())
    htconf.replace("${BIND_PASSWORD}", "%s" % app.get_ldap_sssd_password())
    htconf.replace(
        "${LDAP_URL}", "ldaps://%s:636/%s?uid" %
        (config.general.get_ldap_hostname(), config.general.get_ldap_dn()))

    # Restart everything
    x("service icinga restart")
    x("service httpd restart")
    x("service npcd restart")
Esempio n. 2
0
def _install_nrpe(args):
    """
    The nrpe installation is quite standard . Except that the stock NRPE.conf
    is replaced with a prepped one. Server only listens to this IP. Not super
    safe but better than nothing. Also, argument parsing is _disabled_.

    """
    # Initialize all used passwords at the beginning of the script.
    app.get_ldap_sssd_password()
    app.get_mysql_monitor_password()

    install.epel_repo()

    # Confusing that nagios-plugins-all does not really include all plugins
    # WARNING: nrpe in EPEL and nagios-nrpe in RPMForge are the same package. At
    # the moment EPEL has the latest version but RPMForge obsolete the EPEL
    # package. Because of that, exclude nagios-nrpe from RPMForge.
    app.print_verbose("Install required packages for NRPE")
    install_packages(
        "nagios-plugins-all nrpe nagios-plugins-nrpe php-ldap nagios-plugins-perl perl-Net-DNS "
        "perl-Proc-ProcessTable perl-Date-Calc policycoreutils-python")

    # Move object structure and prepare conf-file
    x("rm -rf /etc/nagios/nrpe.d")
    x("rm -rf /etc/nagios/nrpe.cfg")
    x("cp -r {0}syco-private/var/nagios/nrpe.d /etc/nagios/".format(
        constant.SYCO_USR_PATH))
    x("cp {0}syco-private/var/nagios/nrpe.cfg /etc/nagios/".format(
        constant.SYCO_USR_PATH))

    # Extra plugins installed
    _install_nrpe_plugins()

    # Allow only monitor to query NRPE
    monitor_server_front_ip = config.general.get_monitor_server_ip()
    app.print_verbose("Set monitor server: %s" % monitor_server_front_ip)
    nrpe_config = scopen.scOpen("/etc/nagios/nrpe.cfg")
    nrpe_config.replace("$(MONITORIP)", monitor_server_front_ip)

    # Set permissions for read/execute under nagios-user
    x("chown -R root:nrpe /etc/nagios/")

    # Allow nrpe to listen on UDP port 5666
    iptables.add_nrpe_chain()
    iptables.save()

    # Make nrpe-server startup stateful and restart
    x("/sbin/chkconfig --level 3 nrpe on")
    x("service nrpe restart")
Esempio n. 3
0
def _install_nrpe(args):
    """
    The nrpe installation is quite standard . Except that the stock NRPE.conf
    is replaced with a prepped one. Server only listens to this IP. Not super
    safe but better than nothing. Also, argument parsing is _disabled_.

    """
    # Initialize all used passwords at the beginning of the script.
    app.get_ldap_sssd_password()
    app.get_mysql_monitor_password()

    install.epel_repo()

    # Confusing that nagios-plugins-all does not really include all plugins
    # WARNING: nrpe in EPEL and nagios-nrpe in RPMForge are the same package. At
    # the moment EPEL has the latest version but RPMForge obsolete the EPEL
    # package. Because of that, exclude nagios-nrpe from RPMForge.
    x(
        "yum install -y nagios-plugins-all nrpe nagios-plugins-nrpe php-ldap "
        "nagios-plugins-perl perl-Net-DNS perl-Proc-ProcessTable"
        "perl-Date-Calc policycoreutils-python --exclude=nagios-nrpe"
    )

    # Move object structure and prepare conf-file
    x("rm -rf /etc/nagios/nrpe.d")
    x("rm -rf /etc/nagios/nrpe.cfg")
    x("cp -r {0}syco-private/var/nagios/nrpe.d /etc/nagios/".format(constant.SYCO_USR_PATH))
    x("cp {0}syco-private/var/nagios/nrpe.cfg /etc/nagios/".format(constant.SYCO_USR_PATH))

    # Extra plugins installed
    _install_nrpe_plugins()

    # Allow only monitor to query NRPE
    monitor_server_front_ip = config.general.get_monitor_server_ip()
    app.print_verbose("Set monitor server: %s" % monitor_server_front_ip)
    nrpe_config = scopen.scOpen("/etc/nagios/nrpe.cfg")
    nrpe_config.replace("$(MONITORIP)", monitor_server_front_ip)

    # Set permissions for read/execute under nagios-user
    x("chown -R root:nrpe /etc/nagios/")

    # Allow nrpe to listen on UDP port 5666
    iptables.add_nrpe_chain()
    iptables.save()

    # Make nrpe-server startup stateful and restart
    x("/sbin/chkconfig --level 3 nrpe on")
    x("service nrpe restart")
Esempio n. 4
0
def install_guests(args):
  '''

  '''
  guest_hostnames = get_hosts_to_install(args)

  install.epel_repo()
  install.package("koan")
  install.package("python-ethtool")
  _patch_bug_in_koan()

  # Wait to install guests until installation server is alive.
  wait_for_installation_server_to_start()

  guests = start_installation(guest_hostnames)
  wait_for_installation_to_complete(guests)
Esempio n. 5
0
def _install_pnp4nagios():
    '''
    PNP4Nagios is design to work with Nagios - some hacking is needed to make it play nice with icinga, especially with file permissions
    creating files that the EPEL-package has missed. PNP4Nagios uses the NPCD-daemon to spool data from Icinga to Round Robin Databases. I.e
    using bulk mode, see http://docs.pnp4nagios.org/_detail/bulk.png

    '''
    # Get packages from epel repo
    install.epel_repo()
    x("yum install -y pnp4nagios icinga-web-module-pnp")

    # Pnp4 uses the nagios password file, which will not exist
    general.use_original_file("/etc/httpd/conf.d/pnp4nagios.conf")
    general.set_config_property("/etc/httpd/conf.d/pnp4nagios.conf","AuthName \"Nagios Access\"","AuthName \"Icinga Access\"", False)
    general.set_config_property("/etc/httpd/conf.d/pnp4nagios.conf","AuthUserFile /etc/nagios/passwd","AuthUserFile /etc/icinga/passwd",False)

    # NPCD config prepped to work with icinga instead of nagios
    x("cp {0}syco-private/var/nagios/npcd.cfg /etc/pnp4nagios/npcd.cfg".format(constant.SYCO_USR_PATH))
    x("chown icinga:icinga /etc/pnp4nagios/npcd.cfg")

    # Package-maker does create a log for process-perfdata. PBP goes bonkers if it can't find it
    x("touch /var/log/pnp4nagios/perfdata.log")

    # Since we are using icinga (not nagios) we need to change permissions.
    # Tried just adding icinga to nagios group but creates a dependency on PNP/Nagios package states which is not good.
    x("chown -R icinga:icinga /var/log/pnp4nagios")
    x("chown -R icinga:icinga /var/spool/pnp4nagios")
    x("chown -R icinga:icinga /var/lib/pnp4nagios")

    # Set npcd (bulk parser/spooler) to auto-start
    x(" /sbin/chkconfig --level 3 npcd on")

    # Setup LDAP-login for PNP4NAgios.
    general.use_original_file("/etc/httpd/conf.d/pnp4nagios.conf")
    x("rm -f /etc/httpd/conf.d/pnp4nagios.conf")
    x("cp -p {0}icinga/pnp4nagios.conf /etc/httpd/conf.d/".format(constant.SYCO_VAR_PATH))
    htconf = scopen.scOpen("/etc/httpd/conf.d/pnp4nagios.conf")
    htconf.replace("${BIND_DN}","cn=sssd,%s" % config.general.get_ldap_dn() )
    htconf.replace("${BIND_PASSWORD}","%s" % app.get_ldap_sssd_password() )
    htconf.replace("${LDAP_URL}","ldaps://%s:636/%s?uid" % (config.general.get_ldap_hostname(),config.general.get_ldap_dn()) )

    # Restart everything
    x("service icinga restart")
    x("service httpd restart")
    x("service npcd restart")
Esempio n. 6
0
def _install_nrpe(args):
    """
    The nrpe installation is quite standard - except that the stock NRPE.conf is replaced with a prepped one.
    Server only listens to this IP. Not super safe but better than nothing. Also, argument parsing is _disabled_.

    """
    # Initialize all passwords at the beginning of the script.
    app.get_ldap_sssd_password()
    app.get_mysql_monitor_password()

    install.epel_repo()

    # Confusing that nagios-plugins-all does not really include all plugins
    x(
        "yum install nagios-plugins-all nrpe nagios-plugins-nrpe php-ldap nagios-plugins-perl perl-Net-DNS perl-Proc-ProcessTable perl-Date-Calc -y"
    )

    # Move object structure and prepare conf-file
    x("rm -rf /etc/nagios/nrpe.d")
    x("rm -rf /etc/nagios/nrpe.cfg")
    x("cp -r {0}syco-private/var/nagios/nrpe.d /etc/nagios/".format(constant.SYCO_USR_PATH))
    x("cp {0}syco-private/var/nagios/nrpe.cfg /etc/nagios/".format(constant.SYCO_USR_PATH))

    # Set permissions for read/execute under NRPE-user
    x("chown -R root:nrpe /etc/nagios/")

    # Extra plugins installed
    _install_nrpe_plugins()

    # Allow only monitor to query NRPE
    monitor_server_front_ip = config.host(config.general.get_monitor_server()).get_front_ip()
    app.print_verbose("Setting monitor server:" + monitor_server_front_ip)
    nrpe_config = scopen.scOpen("/etc/nagios/nrpe.cfg")
    nrpe_config.replace("$(MONITORIP)", monitor_server_front_ip)

    # Allow nrpe to listen on UDP port 5666
    iptables.add_nrpe_chain()
    iptables.save()

    # Make nrpe-server startup stateful and restart
    x("/sbin/chkconfig --level 3 nrpe on")
    x("service nrpe restart")
Esempio n. 7
0
def _install_cobbler():
    #
    # Install cobbler
    #
    # See http://linux.die.net/man/1/cobbler
    # See https://fedorahosted.org/cobbler/wiki/DownloadInstructions
    # See https://fedorahosted.org/cobbler/wiki/UsingCobblerImport
    # See http://www.ithiriel.com/content/2010/02/22/installing-linux-vms-under-kvm-cobbler-and-koan

    # Cobbler packages are in the EPEL repo.
    install.epel_repo()

    # To get cobbler and kvm work correct.
    x("yum -y install cobbler koan httpd dhcp createrepo mkisofs mod_wsgi " +
      "python-cheetah python-netaddr python-simplejson python-urlgrabber " +
      "PyYAML rsync tftp-server yum-utils pykickstart")

    # Cobbler web only has one other requirement besides cobbler itself
    x("yum -y install Django")

    # Autostart services
    x("/sbin/chkconfig httpd on")
    x("/sbin/chkconfig cobblerd on")
    x("/sbin/chkconfig dhcpd on")

    # This allows the Apache httpd server to connect to the network
    x('/usr/sbin/semanage fcontext -a -t public_content_rw_t "/var/lib/tftpboot/.*"'
      )
    x('/usr/sbin/semanage fcontext -a -t public_content_rw_t "/var/www/cobbler/images/.*"'
      )
    x('/usr/sbin/semanage fcontext -a -t httpd_sys_content_rw_t "/var/lib/cobbler/webui_sessions/.*"'
      )
    x('restorecon -R -v "/var/lib/tftpboot/"')
    x('restorecon -R -v "/var/www/cobbler/images"')
    x('restorecon -R -v "/var/lib/cobbler/webui_sessions/"')

    # Enables cobbler to read/write public_content_rw_t
    x('/usr/sbin/setsebool -P cobbler_anon_write on')

    # Enable httpd to connect to cobblerd (optional, depending on if web interface is installed)
    # Notice: If you enable httpd_can_network_connect_cobbler and you should switch httpd_can_network_connect off
    x('/usr/sbin/setsebool -P httpd_can_network_connect off')
    x('/usr/sbin/setsebool -P httpd_can_network_connect_cobbler on')

    #Enabled cobbler to use rsync etc.. (optional)
    x('/usr/sbin/setsebool -P cobbler_can_network_connect on')

    #Enable cobbler to use CIFS based filesystems (optional)
    #x('/usr/sbin/setsebool -P cobbler_use_cifs on')

    # Enable cobbler to use NFS based filesystems (optional)
    #x('/usr/sbin/setsebool -P cobbler_use_nfs on')

    _install_custom_selinux_policy()

    # Double check your choices
    x('getsebool -a|grep cobbler')

    app.print_verbose("Update xinetd config files")
    general.set_config_property("/etc/xinetd.d/tftp", '[\s]*disable[\s]*[=].*',
                                "        disable                 = no")
    general.set_config_property("/etc/xinetd.d/rsync",
                                '[\s]*disable[\s]*[=].*',
                                "        disable         = no")
    x("/etc/init.d/xinetd restart")
Esempio n. 8
0
def _install_netifaces():

    install.epel_repo()
    install_packages("python-netifaces")
Esempio n. 9
0
def _install_cobbler():
  #
  # Install cobbler
  #
  # See http://linux.die.net/man/1/cobbler
  # See https://fedorahosted.org/cobbler/wiki/DownloadInstructions
  # See https://fedorahosted.org/cobbler/wiki/UsingCobblerImport
  # See http://www.ithiriel.com/content/2010/02/22/installing-linux-vms-under-kvm-cobbler-and-koan

  # Cobbler packages are in the EPEL repo.
  install.epel_repo()

  # To get cobbler and kvm work correct.
  x(
    "yum -y install cobbler koan httpd dhcp createrepo mkisofs mod_wsgi " +
    "python-cheetah python-netaddr python-simplejson python-urlgrabber " +
    "PyYAML rsync tftp-server yum-utils pykickstart"
  )

  # Cobbler web only has one other requirement besides cobbler itself
  x("yum -y install Django")

  # Autostart services
  x("/sbin/chkconfig httpd on")
  x("/sbin/chkconfig cobblerd on")
  x("/sbin/chkconfig dhcpd on")

  # This allows the Apache httpd server to connect to the network
  x('/usr/sbin/semanage fcontext -a -t public_content_rw_t "/var/lib/tftpboot/.*"')
  x('/usr/sbin/semanage fcontext -a -t public_content_rw_t "/var/www/cobbler/images/.*"')
  x('/usr/sbin/semanage fcontext -a -t httpd_sys_content_rw_t "/var/lib/cobbler/webui_sessions/.*"')
  x('restorecon -R -v "/var/lib/tftpboot/"')
  x('restorecon -R -v "/var/www/cobbler/images"')
  x('restorecon -R -v "/var/lib/cobbler/webui_sessions/"')

  # Enables cobbler to read/write public_content_rw_t
  x('/usr/sbin/setsebool -P cobbler_anon_write on')

  # Enable httpd to connect to cobblerd (optional, depending on if web interface is installed)
  # Notice: If you enable httpd_can_network_connect_cobbler and you should switch httpd_can_network_connect off
  x('/usr/sbin/setsebool -P httpd_can_network_connect off')
  x('/usr/sbin/setsebool -P httpd_can_network_connect_cobbler on')

  #Enabled cobbler to use rsync etc.. (optional)
  x('/usr/sbin/setsebool -P cobbler_can_network_connect on')

  #Enable cobbler to use CIFS based filesystems (optional)
  #x('/usr/sbin/setsebool -P cobbler_use_cifs on')

  # Enable cobbler to use NFS based filesystems (optional)
  #x('/usr/sbin/setsebool -P cobbler_use_nfs on')

  _install_custom_selinux_policy()

  # Double check your choices
  x('getsebool -a|grep cobbler')

  app.print_verbose("Update xinetd config files")
  general.set_config_property("/etc/xinetd.d/tftp", '[\s]*disable[\s]*[=].*', "        disable                 = no")
  general.set_config_property("/etc/xinetd.d/rsync", '[\s]*disable[\s]*[=].*', "        disable         = no")
  x("/etc/init.d/xinetd restart")
Esempio n. 10
0
def install_rabbit():
    """Install and setup the rabbit mq server."""
    install.epel_repo()
    x("yum install erlang -y")
    x("rpm --import http://www.rabbitmq.com/rabbitmq-signing-key-public.asc")
    x("yum install rabbitmq-server -y")
Esempio n. 11
0
def _install_netifaces():

    install.epel_repo()
    install_packages("python-netifaces")
Esempio n. 12
0
def install_rabbit():
    """Install and setup the rabbit mq server."""
    install.epel_repo()
    x('yum install erlang -y')
    x('rpm --import http://www.rabbitmq.com/rabbitmq-signing-key-public.asc')
    x('yum install rabbitmq-server -y')