def configure_openldap(self): """Install and Configure Openldap over Non-SSL.""" # 1. Install and Configure Openldap over Non-SSL. # 2. Enable slapd logging in rsyslog config # 3. Set openldap-replication # 4. Check number of nodes in the cluster self.logger.info('Open ldap configuration started') cmd = [ '/opt/seagate/cortx/s3/install/ldap/setup_ldap.sh', '--ldapadminpasswd', f'{self.ldap_passwd}', '--rootdnpasswd', f'{self.rootdn_passwd}', '--forceclean', '--skipssl' ] handler = SimpleProcess(cmd) stdout, stderr, retcode = handler.run() self.logger.info(f'output of setup_ldap.sh: {stdout}') if retcode != 0: self.logger.error(f'error of setup_ldap.sh: {stderr}') raise S3PROVError( f"{cmd} failed with err: {stderr}, out: {stdout}, ret: {retcode}" ) else: self.logger.warning(f'warning of setup_ldap.sh: {stderr}') if os.path.isfile( "/opt/seagate/cortx/s3/install/ldap/rsyslog.d/slapdlog.conf"): try: os.makedirs("/etc/rsyslog.d") except OSError as e: if e.errno != errno.EEXIST: raise S3PROVError( f"mkdir /etc/rsyslog.d failed with errno: {e.errno}, exception: {e}" ) shutil.copy( '/opt/seagate/cortx/s3/install/ldap/rsyslog.d/slapdlog.conf', '/etc/rsyslog.d/slapdlog.conf') # restart rsyslog service try: self.logger.info("Restarting rsyslog service...") service_list = ["rsyslog"] self.restart_services(service_list) except Exception as e: self.logger.error(f'Failed to restart rsyslog service, error: {e}') raise e self.logger.info("Restarted rsyslog service...") # set openldap-replication self.configure_openldap_replication() self.logger.info('Open ldap configuration completed')
def configure_openldap(self): """Install and Configure Openldap over Non-SSL.""" # 1. Install and Configure Openldap over Non-SSL. # 2. Enable slapd logging in rsyslog config # 3. Set openldap-replication # 4. Check number of nodes in the cluster cmd = [ '/opt/seagate/cortx/s3/install/ldap/setup_ldap.sh', '--ldapadminpasswd', f'{self.ldap_passwd}', '--rootdnpasswd', f'{self.rootdn_passwd}', '--forceclean', '--skipssl' ] handler = SimpleProcess(cmd) stdout, stderr, retcode = handler.run() if retcode != 0: raise S3PROVError( f"{cmd} failed with err: {stderr}, out: {stdout}, ret: {retcode}\n" ) if os.path.isfile( "/opt/seagate/cortx/s3/install/ldap/rsyslog.d/slapdlog.conf"): try: os.makedirs("/etc/rsyslog.d") except OSError as e: if e.errno != errno.EEXIST: raise S3PROVError( f"mkdir /etc/rsyslog.d failed with errno: {e.errno}, exception: {e}\n" ) shutil.copy( '/opt/seagate/cortx/s3/install/ldap/rsyslog.d/slapdlog.conf', '/etc/rsyslog.d/slapdlog.conf') cmd = ['systemctl', 'restart', 'rsyslog'] handler = SimpleProcess(cmd) stdout, stderr, retcode = handler.run() if retcode != 0: raise S3PROVError( f"{cmd} failed with err: {stderr}, out: {stdout}, ret: {retcode}\n" ) # set openldap-replication self.configure_openldap_replication() cmd = ['systemctl', 'restart', 'slapd'] handler = SimpleProcess(cmd) stdout, stderr, retcode = handler.run() if retcode != 0: raise S3PROVError( f"{cmd} failed with err: {stderr}, out: {stdout}, ret: {retcode}\n" )
def configure_haproxy(self): """Configure haproxy service.""" cmd = ['s3haproxyconfig', '--path', f'{self._url}'] handler = SimpleProcess(cmd) stdout, stderr, retcode = handler.run() if retcode != 0: raise S3PROVError( f"{cmd} failed with err: {stderr}, out: {stdout}, ret: {retcode}\n" ) cmd = ['systemctl', 'restart', 'haproxy'] handler = SimpleProcess(cmd) stdout, stderr, retcode = handler.run() if retcode != 0: raise S3PROVError( f"{cmd} failed with err: {stderr}, out: {stdout}, ret: {retcode}\n" )
def process(self): """Main processing function.""" sys.stdout.write(f"Processing {self.name} {self.url}\n") self.phase_prereqs_validate(self.name) try: # Configure openldap and ldap-replication self.configure_openldap() sys.stdout.write( "INFO: Successfully configured openldap on the node.\n") # Configure haproxy self.configure_haproxy() sys.stdout.write( "INFO: Successfully configured haproxy on the node.\n") # create topic for background delete bgdeleteconfig = CORTXS3Config() if bgdeleteconfig.get_messaging_platform() == MESSAGE_BUS: sys.stdout.write('INFO: Creating topic.\n') self.create_topic(bgdeleteconfig.get_msgbus_admin_id, bgdeleteconfig.get_msgbus_topic(), self.get_msgbus_partition_count()) sys.stdout.write('INFO:Topic creation successful.\n') except Exception as e: raise S3PROVError(f'process() failed with exception: {e}\n')
def configure_openldap_replication(self): """Configure openldap replication within a storage set.""" self.logger.info('Cleaning up old Openldap replication configuration') # Delete ldap replication cofiguration self.delete_replication_config() self.logger.info('Open ldap replication configuration started') storage_set_count = self.get_confvalue( self.get_confkey('CONFIG>CONFSTORE_STORAGE_SET_COUNT_KEY').replace( "cluster-id", self.cluster_id)) index = 0 while index < int(storage_set_count): server_nodes_list = self.get_confkey( 'CONFIG>CONFSTORE_STORAGE_SET_SERVER_NODES_KEY').replace( "cluster-id", self.cluster_id).replace("storage-set-count", str(index)) server_nodes_list = self.get_confvalue(server_nodes_list) if type(server_nodes_list) is str: # list is stored as string in the confstore file server_nodes_list = literal_eval(server_nodes_list) if len(server_nodes_list) > 1: self.logger.info( f'Setting ldap-replication for storage_set:{index}') Path(self.s3_tmp_dir).mkdir(parents=True, exist_ok=True) ldap_hosts_list_file = os.path.join( self.s3_tmp_dir, "ldap_hosts_list_file.txt") with open(ldap_hosts_list_file, "w") as f: for node_machine_id in server_nodes_list: private_fqdn = self.get_confvalue( f'server_node>{node_machine_id}>network>data>private_fqdn' ) f.write(f'{private_fqdn}\n') self.logger.info( f'output of ldap_hosts_list_file.txt: {private_fqdn}' ) cmd = [ '/opt/seagate/cortx/s3/install/ldap/replication/setupReplicationScript.sh', '-h', ldap_hosts_list_file, '-p', f'{self.rootdn_passwd}' ] handler = SimpleProcess(cmd) stdout, stderr, retcode = handler.run() self.logger.info( f'output of setupReplicationScript.sh: {stdout}') os.remove(ldap_hosts_list_file) if retcode != 0: self.logger.error( f'error of setupReplicationScript.sh: {stderr}') raise S3PROVError( f"{cmd} failed with err: {stderr}, out: {stdout}, ret: {retcode}" ) else: self.logger.warning( f'warning of setupReplicationScript.sh: {stderr}') index += 1 # TODO: set replication across storage-sets self.logger.info('Open ldap replication configuration completed')
def process(self): """Main processing function.""" self.logger.info(f"Processing {self.name}") try: self.logger.info("validations started") self.phase_prereqs_validate(self.name) self.logger.info("validations completed") # merge_configs() is imported from the merge.py # Upgrade config files self.logger.info("merge configs started") merge_configs() self.logger.info("merge configs completed") # Remove temporary .old files from S3 temporary location self.logger.info("Remove sample.old files started") regex = "*.sample.old" self.DeleteFileOrDirWithRegex(self.s3_tmp_dir, regex) self.logger.info("Remove sample.old files completed") # Validating config files after upgrade self.logger.info("config file validations started") self.validate_config_files(self.name) self.logger.info("config file validations completed") except Exception as e: raise S3PROVError( f'process: {self.name} failed with exception: {e}')
def process(self, configure_only_openldap=False, configure_only_haproxy=False): """Main processing function.""" self.logger.info(f"Processing {self.name} {self.url}") self.logger.info("validations started") self.phase_prereqs_validate(self.name) self.phase_keys_validate(self.url, self.name) self.validate_config_files(self.name) self.logger.info("validations completed") try: self.logger.info("update motr max units per request started") self.update_motr_max_units_per_request() self.logger.info("update motr max units per request completed") # disable S3server, S3authserver, haproxy, BG delete services on reboot as # it will be managed by HA self.logger.info('Disable services on reboot started') services_list = [ "haproxy", "s3backgroundproducer", "s3backgroundconsumer", "s3server@*", "s3authserver" ] self.disable_services(services_list) self.logger.info('Disable services on reboot completed') self.logger.info('create auth jks password started') self.create_auth_jks_password() self.logger.info('create auth jks password completed') if configure_only_openldap == True: # Configure openldap only self.configure_openldap() elif configure_only_haproxy == True: # Configure haproxy only self.configure_haproxy() else: # Configure both openldap and haproxy self.configure_openldap() self.configure_haproxy() # create topic for background delete bgdeleteconfig = CORTXS3Config() if bgdeleteconfig.get_messaging_platform() == MESSAGE_BUS: self.logger.info('Create topic started') self.create_topic(bgdeleteconfig.get_msgbus_admin_id, bgdeleteconfig.get_msgbus_topic(), self.get_msgbus_partition_count()) self.logger.info('Create topic completed') # create background delete account self.logger.info("create background delete account started") self.create_bgdelete_account() self.logger.info("create background delete account completed") except Exception as e: raise S3PROVError(f'process() failed with exception: {e}')
def __init__(self, config: str): """Constructor.""" try: super(ConfigCmd, self).__init__(config) self.update_cluster_id() self.read_ldap_credentials() except Exception as e: raise S3PROVError(f'exception: {e}\n')
def process(self): """Main processing function.""" self.logger.info(f"Processing {self.name} {self.url}") try: self.logger.info("validations started") self.phase_prereqs_validate(self.name) self.phase_keys_validate(self.url, self.name) self.validate_config_files(self.name) self.logger.info("validations completed") except Exception as e: raise S3PROVError( f'process: {self.name} failed with exception: {e}')
def update_motr_max_units_per_request(self): """ update S3_MOTR_MAX_UNITS_PER_REQUEST in the s3config file based on VM/OVA/HW S3_MOTR_MAX_UNITS_PER_REQUEST = 8 for VM/OVA S3_MOTR_MAX_UNITS_PER_REQUEST = 32 for HW """ # get the motr_max_units_per_request count from the config file motr_max_units_per_request = self.get_confvalue( self.get_confkey('CONFIG>CONFSTORE_S3_MOTR_MAX_UNITS_PER_REQUEST')) self.logger.info( f'motr_max_units_per_request: {motr_max_units_per_request}') #validate min and max unit should be between 1 to 128 if 2 <= int(motr_max_units_per_request) <= 128: if math.log2(int(motr_max_units_per_request)).is_integer(): self.logger.info( "motr_max_units_per_request is in valid range") else: raise S3PROVError( "motr_max_units_per_request should be power of 2") else: raise S3PROVError( "motr_max_units_per_request should be between 2 to 128") # update the S3_MOTR_MAX_UNITS_PER_REQUEST in s3config.yaml file s3configfile = self.get_confkey('S3_CONFIG_FILE') if path.isfile(f'{s3configfile}') == False: self.logger.error(f'{s3configfile} file is not present') raise S3PROVError(f'{s3configfile} file is not present') else: motr_max_units_per_request_key = 'S3_MOTR_CONFIG>S3_MOTR_MAX_UNITS_PER_REQUEST' s3configfileconfstore = S3CortxConfStore( f'yaml://{s3configfile}', 'write_s3_motr_max_unit_idx') s3configfileconfstore.set_config(motr_max_units_per_request_key, int(motr_max_units_per_request), True) self.logger.info( f'Key {motr_max_units_per_request_key} updated successfully in {s3configfile}' )
def process(self): """Main processing function.""" self.logger.info(f"Processing {self.name}") try: self.logger.info("validations started") self.phase_prereqs_validate(self.name) self.logger.info("validations completed") # Backing up .sample config file to .old self.logger.info("Backup .sample to .old started") self.backup_sample_file() self.logger.info("Backup .sample to .old completed") except Exception as e: raise S3PROVError( f'process: {self.name} failed with exception: {e}')
def process(self): """Main processing function.""" sys.stdout.write(f"Processing {self.name} {self.url}\n") try: # Configure openldap and ldap-replication self.configure_openldap() sys.stdout.write( "INFO: Successfully configured openldap on the node.\n") # Configure haproxy self.configure_haproxy() sys.stdout.write( "INFO: Successfully configured haproxy on the node.\n") except Exception as e: raise S3PROVError(f'process() failed with exception: {e}\n')
def validate_ldap_account_cleanup(self): """Validate ldap data is cleaned.""" account_count = 0 try: self.logger.info("Validating ldap account entries") ldap_action_obj = LdapAccountAction(self.ldap_user, self.ldap_passwd) account_count = ldap_action_obj.get_account_count() except Exception as e: self.logger.error( f"ERROR: Failed to find total count of ldap account, error: {str(e)}" ) raise e if account_count > 1: raise S3PROVError( "Stale account entries found in ldap !!!! hence reset needs to be performed before cleanup can be processed" ) self.logger.info("Validation of ldap account entries successful.")
def detect_if_reset_done(self): """Validate if reset phase has done or not, throw exception.""" sys.stdout.write(f"Processing {self.name} detect_if_reset_done\n") # Validate log file cleanup. log_files = [ '/var/log/seagate/auth/server/app.log', '/var/log/seagate/s3/s3server-*/s3server.INFO' ] for fpath in log_files: if os.path.exists(fpath): raise S3PROVError( "Stale log files found in system!!!! hence reset needs to be performed before cleanup can be processed\n" ) # Validate ldap entry cleanup. self.validate_ldap_account_cleanup() sys.stdout.write( f"Processing {self.name} detect_if_reset_done completed successfully..\n" )
def create_auth_jks_password(self): """Create random password for auth jks keystore.""" cmd = [ 'sh', '/opt/seagate/cortx/auth/scripts/create_auth_jks_password.sh' ] handler = SimpleProcess(cmd) stdout, stderr, retcode = handler.run() self.logger.info(f'output of create_auth_jks_password.sh: {stdout}') if retcode != 0: self.logger.error( f'error of create_auth_jks_password.sh: {stderr}') raise S3PROVError( f"{cmd} failed with err: {stderr}, out: {stdout}, ret: {retcode}" ) else: self.logger.warning( f'warning of create_auth_jks_password.sh: {stderr}') self.logger.info(' Successfully set auth JKS keystore password.')
def configure_openldap_replication(self): """Configure openldap replication within a storage set.""" storage_set_count = self.get_confvalue( self.get_confkey('CONFSTORE_STORAGE_SET_COUNT_KEY').format( self.cluster_id)) index = 0 while index < int(storage_set_count): server_nodes_list = self.get_confvalue( self.get_confkey( 'CONFSTORE_STORAGE_SET_SERVER_NODES_KEY').format( self.cluster_id, index)) if type(server_nodes_list) is str: # list is stored as string in the confstore file server_nodes_list = literal_eval(server_nodes_list) if len(server_nodes_list) > 1: sys.stdout.write( f'\nSetting ldap-replication for storage_set:{index}\n\n') with open("hosts_list_file.txt", "w") as f: for node_machine_id in server_nodes_list: hostname = self.get_confvalue( f'server_node>{node_machine_id}>hostname') f.write(f'{hostname}\n') cmd = [ '/opt/seagate/cortx/s3/install/ldap/replication/setupReplicationScript.sh', '-h', 'hosts_list_file.txt', '-p', f'{self.rootdn_passwd}' ] handler = SimpleProcess(cmd) stdout, stderr, retcode = handler.run() os.remove("hosts_list_file.txt") if retcode != 0: raise S3PROVError( f"{cmd} failed with err: {stderr}, out: {stdout}, ret: {retcode}\n" ) index += 1
def __init__(self, config: str = None): """Constructor.""" try: super(PostInstallCmd, self).__init__(config) except Exception as e: raise S3PROVError(f'exception: {e}')
def configure_openldap(self): """Install and Configure Openldap over Non-SSL.""" # 1. Install and Configure Openldap over Non-SSL. # 2. Enable slapd logging in rsyslog config # 3. Set openldap-replication # 4. Check number of nodes in the cluster cmd = [ '/opt/seagate/cortx/s3/install/ldap/setup_ldap.sh', '--ldapadminpasswd', f'{self.ldap_passwd}', '--rootdnpasswd', f'{self.rootdn_passwd}', '--forceclean', '--skipssl' ] handler = SimpleProcess(cmd) stdout, stderr, retcode = handler.run() if retcode != 0: raise S3PROVError( f"{cmd} failed with err: {stderr}, out: {stdout}, ret: {retcode}\n" ) if os.path.isfile( "/opt/seagate/cortx/s3/install/ldap/rsyslog.d/slapdlog.conf"): try: os.makedirs("/etc/rsyslog.d") except OSError as e: if e.errno != errno.EEXIST: raise S3PROVError( f"mkdir /etc/rsyslog.d failed with errno: {e.errno}, exception: {e}\n" ) shutil.copy( '/opt/seagate/cortx/s3/install/ldap/rsyslog.d/slapdlog.conf', '/etc/rsyslog.d/slapdlog.conf') cmd = ['systemctl', 'restart', 'rsyslog'] handler = SimpleProcess(cmd) stdout, stderr, retcode = handler.run() if retcode != 0: raise S3PROVError( f"{cmd} failed with err: {stderr}, out: {stdout}, ret: {retcode}\n" ) if self.server_nodes_count > 1: sys.stdout.write( f"INFO: Setting ldap-replication as the cluster node_count {self.server_nodes_count} is greater than 2.\n" ) with open("hosts_list_file.txt", "w") as f: for host in self.hosts_list: f.write(f"{host}\n") sys.stdout.write( "setting ldap-replication on all cluster nodes..\n") cmd = [ '/opt/seagate/cortx/s3/install/ldap/replication/setupReplicationScript.sh', '-h', 'hosts_list_file.txt', '-p', f'{self.rootdn_passwd}' ] handler = SimpleProcess(cmd) stdout, stderr, retcode = handler.run() if retcode != 0: raise S3PROVError( f"{cmd} failed with err: {stderr}, out: {stdout}, ret: {retcode}\n" ) os.remove("hosts_list_file.txt") cmd = ['systemctl', 'restart', 'slapd'] handler = SimpleProcess(cmd) stdout, stderr, retcode = handler.run() if retcode != 0: raise S3PROVError( f"{cmd} failed with err: {stderr}, out: {stdout}, ret: {retcode}\n" )