def prepare_sshd(src_priv_ip6, priv_ip6):
log.info('Preparing SSH daemon')
ex(['sed', '-i', 's/%s/%s/g' % (src_priv_ip6, priv_ip6), 'etc/ssh/sshd_config'])
log.debug('- rm /etc/ssh/ssh_host_*')
ex(['rm'] + glob.glob('etc/ssh/ssh_host_*'), quiet=True)
ex(['ssh-keygen', '-t', 'ed25519', '-f', 'etc/ssh/ssh_host_ed25519_key', '-N', ''])
ed25519_fp = ex(['ssh-keygen', '-lf', 'etc/ssh/ssh_host_ed25519_key'])[0]
log.info('ed25519 fingerprint: %s', ed25519_fp)
ex(['ssh-keygen', '-t', 'rsa', '-b', '4096', '-f', 'etc/ssh/ssh_host_rsa_key', '-N', ''])
log.info('rsa fingerprint: %s', ex(['ssh-keygen', '-lf', 'etc/ssh/ssh_host_rsa_key'])[0])
def update_macs(mac, mac_priv):
log.info("Update MAC addresses")
rules = 'etc/udev/rules.d/70-persistent-net.rules'
ex([
'sed', '-i',
'/NAME="eth0"/s/ATTR{address}=="[^"]*"/%s/g' % mac, rules
])
ex([
'sed', '-i',
'/NAME="eth1"/s/ATTR{address}=="[^"]*"/%s/g' % mac_priv, rules
])
def update_ips(*, src_public_ip4, public_ip4, src_priv_ip4, priv_ip4, src_public_ip6,
public_ip6, src_priv_ip6, priv_ip6):
log.info('Update IP addresses')
eth0 = 'etc/network/interfaces.d/eth0'
eth1 = 'etc/network/interfaces.d/eth1'
ex(['sed', '-i', 's/%s/%s/g' % (src_public_ip4, public_ip4), eth0])
ex(['sed', '-i', 's/%s/%s/g' % (src_priv_ip4, priv_ip4), eth1])
ex(['sed', '-i', 's/%s/%s/g' % (src_public_ip6, public_ip6), eth0])
ex(['sed', '-i', 's/%s/%s/g' % (src_priv_ip6, priv_ip6), eth1])
def update_ips(*, src_public_ip4, public_ip4, src_priv_ip4, priv_ip4,
src_public_ip6, public_ip6, src_priv_ip6, priv_ip6):
log.info('Update IP addresses')
eth0 = 'etc/network/interfaces.d/eth0'
eth1 = 'etc/network/interfaces.d/eth1'
ex(['sed', '-i', 's/%s/%s/g' % (src_public_ip4, public_ip4), eth0])
ex(['sed', '-i', 's/%s/%s/g' % (src_priv_ip4, priv_ip4), eth1])
ex(['sed', '-i', 's/%s/%s/g' % (src_public_ip6, public_ip6), eth0])
ex(['sed', '-i', 's/%s/%s/g' % (src_priv_ip6, priv_ip6), eth1])
def prepare_sshd(src_priv_ip6, priv_ip6):
log.info('Preparing SSH daemon')
ex([
'sed', '-i',
's/%s/%s/g' % (src_priv_ip6, priv_ip6), 'etc/ssh/sshd_config'
])
log.debug('- rm /etc/ssh/ssh_host_*')
ex(['rm'] + glob.glob('etc/ssh/ssh_host_*'), quiet=True)
ex([
'ssh-keygen', '-t', 'ed25519', '-f', 'etc/ssh/ssh_host_ed25519_key',
'-N', ''
])
ed25519_fp = ex(['ssh-keygen', '-lf', 'etc/ssh/ssh_host_ed25519_key'])[0]
log.info('ed25519 fingerprint: %s', ed25519_fp)
ex([
'ssh-keygen', '-t', 'rsa', '-b', '4096', '-f',
'etc/ssh/ssh_host_rsa_key', '-N', ''
])
log.info('rsa fingerprint: %s',
ex(['ssh-keygen', '-lf', 'etc/ssh/ssh_host_rsa_key'])[0])
def prepare_cga(frm, name):
log.info('Prepare cgabackup...')
cga_config = 'etc/cgabackup/client.conf'
ex(['sed', '-i', 's/backup-cga-%s/backup-cga-%s/' % (frm, name), cga_config])
ex(['sed', '-i', 's/\/backup\/cga\/%s/\/backup\/cga\/%s/' % (frm, name), cga_config])
# randomize the backup-time a bit:
hour = random.choice(range(1, 8))
minute = random.choice(range(0, 60))
ex(['sed', '-i', 's/^0 5/%s %s/' % (minute, hour), 'etc/cron.d/cgabackup'])
def prepare_cga(frm, name):
log.info('Prepare cgabackup...')
cga_config = 'etc/cgabackup/client.conf'
ex([
'sed', '-i',
's/backup-cga-%s/backup-cga-%s/' % (frm, name), cga_config
])
ex([
'sed', '-i',
's/\/backup\/cga\/%s/\/backup\/cga\/%s/' % (frm, name), cga_config
])
# randomize the backup-time a bit:
hour = random.choice(range(1, 8))
minute = random.choice(range(0, 60))
ex(['sed', '-i', 's/^0 5/%s %s/' % (minute, hour), 'etc/cron.d/cgabackup'])
def lvs():
stdout, stderr = ex(['lvs', '--noheadings', '--separator', ';', '--units=b'], quiet=True,
dry=True)
return [LV(*line.strip().split(';')) for line in stdout.decode('utf-8').split()]
# replace disk in template
domain.replaceDisk(path, new_path)
if transfer_from:
transfer_to = config.get(args.section, 'transfer-to')
transfer_source = config.get(args.section, 'transfer-source')
log.warn('Copy disk by executing on %s', transfer_from)
log.warn(" dd if=%s bs=4096 | pv | gzip | ssh %s 'gzip -d | dd of=%s bs=4096'",
transfer_source or path, transfer_to, new_path)
log.warn("Press enter when done.")
if not settings.DRY:
input()
else:
# copy data from local volume
log.info("Copying LV %s to %s", path, new_path)
ex(['dd', 'if=%s' % path, 'of=%s' % new_path, 'bs=4M'])
############################
# Define domain in libvirt #
############################
log.info('Load new libvirt XML configuration')
if not settings.DRY:
conn.loadXML(domain.xml)
#####################
# MODIFY FILESYSTEM #
#####################
sed_ex = 's/%s/%s/g' % (src_guest, args.name)
bootdisk = domain.getBootDisk()
def mount(frm, lv_name, bootdisk, bootdisk_path):
if not settings.DRY:
os.makedirs(settings.CHROOT)
log.info('Detecting logical volumes')
with setting(SLEEP=3):
ex(['kpartx', '-s', '-a', bootdisk]) # Discover partitions on bootdisk
ex(['vgrename', 'vm_%s' % frm, lv_name]) # Rename volume group
ex(['vgchange', '-a', 'y', lv_name]) # Activate volume group
log.info('Mounting logical volumes...')
mounted = []
ex(['mount', os.path.join('/dev', lv_name, 'root'), settings.CHROOT])
mounted.append(settings.CHROOT)
for dir in ['boot', 'home', 'usr', 'var', 'tmp']:
dev = '/dev/%s/%s' % (lv_name, dir)
if os.path.exists(dev):
mytarget = os.path.join(settings.CHROOT, dir)
ex(['mount', dev, mytarget])
mounted.append(mytarget)
# mount dev and proc
log.info('Mounting /dev, /dev/pts, /proc, /sys')
pseudo_filesystems = (
('sysfs', 'sysfs', os.path.join(settings.CHROOT, 'sys')),
('devtmpfs', 'udev', os.path.join(settings.CHROOT, 'dev')),
('devpts', 'devpts', os.path.join(settings.CHROOT, 'dev', 'pts')),
('proc', 'proc', os.path.join(settings.CHROOT, 'proc')),
)
for typ, dev, target in pseudo_filesystems:
ex(['mount', '-t', typ, dev, target])
mounted.append(target)
# create symlink for grub
ex(['ln', '-s', bootdisk, bootdisk_path])
policy_d = 'usr/sbin/policy-rc.d'
log.debug('- echo -e "#!/bin/sh\\nexit 101" > %s', policy_d)
if not settings.DRY:
os.chdir(settings.CHROOT) # just while we're at it :-)
with open(policy_d, 'w') as f:
f.write("#!/bin/sh\nexit 101")
ex(['chmod', 'a+rx', policy_d])
# execute code in context
try:
yield
finally:
# remove files
ex(['rm', policy_d, bootdisk_path])
# chdir back to /root
if not settings.DRY:
os.chdir('/root')
# unmount filesystems
for mount in reversed(mounted):
ex(['umount', mount])
# deactivate volume group
with setting(SLEEP=3):
ex(['vgchange', '-a', 'n', lv_name])
ex(['kpartx', '-s', '-d', bootdisk])
if not settings.DRY:
log.debug('- rmdir %s', settings.CHROOT)
os.removedirs(settings.CHROOT)
def update_grub(sed_ex):
log.info('Update GRUB')
# update-grub is suspected to cause problems, so we just replace the hsotname manually
# chroot(['update-grub'])
ex(['sed', '-i', sed_ex, 'boot/grub/grub.cfg'])
chroot(['update-initramfs', '-u', '-k', 'all'])
def prepare_munin_tls(key, pem):
path = 'etc/munin/munin-node.conf'
ex(['sed', '-i', 's/^#tls/tls/', path])
ex(['sed', '-i', 's~^tls_private_key.*~tls_private_key %s~' % key, path])
ex(['sed', '-i', 's~^tls_certificate.*~tls_certificate %s~' % pem, path])
def prepare_munin(src_priv_ip6, priv_ip6):
log.info('Preparing munin-node')
path = 'etc/munin/munin-node.conf'
ex(['sed', '-i', 's/^host %s/host %s/g' % (src_priv_ip6, priv_ip6), path])
def update_macs(mac, mac_priv):
log.info("Update MAC addresses")
rules = 'etc/udev/rules.d/70-persistent-net.rules'
ex(['sed', '-i', '/NAME="eth0"/s/ATTR{address}=="[^"]*"/%s/g' % mac, rules])
ex(['sed', '-i', '/NAME="eth1"/s/ATTR{address}=="[^"]*"/%s/g' % mac_priv, rules])
def mount(frm, lv_name, bootdisk, bootdisk_path):
if not settings.DRY:
os.makedirs(settings.CHROOT)
log.info('Detecting logical volumes')
with setting(SLEEP=3):
ex(['kpartx', '-s', '-a', bootdisk]) # Discover partitions on bootdisk
ex(['vgrename', 'vm_%s' % frm, lv_name]) # Rename volume group
ex(['vgchange', '-a', 'y', lv_name]) # Activate volume group
log.info('Mounting logical volumes...')
mounted = []
ex(['mount', os.path.join('/dev', lv_name, 'root'), settings.CHROOT])
mounted.append(settings.CHROOT)
for dir in ['boot', 'home', 'usr', 'var', 'tmp']:
dev = '/dev/%s/%s' % (lv_name, dir)
if os.path.exists(dev):
mytarget = os.path.join(settings.CHROOT, dir)
ex(['mount', dev, mytarget])
mounted.append(mytarget)
# mount dev and proc
log.info('Mounting /dev, /dev/pts, /proc, /sys')
pseudo_filesystems = (
('sysfs', 'sysfs', os.path.join(settings.CHROOT, 'sys')),
('devtmpfs', 'udev', os.path.join(settings.CHROOT, 'dev')),
('devpts', 'devpts', os.path.join(settings.CHROOT, 'dev', 'pts')),
('proc', 'proc', os.path.join(settings.CHROOT, 'proc')),
)
for typ, dev, target in pseudo_filesystems:
ex(['mount', '-t', typ, dev, target])
mounted.append(target)
# create symlink for grub
ex(['ln', '-s', bootdisk, bootdisk_path])
policy_d = 'usr/sbin/policy-rc.d'
log.debug('- echo -e "#!/bin/sh\\nexit 101" > %s', policy_d)
if not settings.DRY:
os.chdir(settings.CHROOT) # just while we're at it :-)
with open(policy_d, 'w') as f:
f.write("#!/bin/sh\nexit 101")
ex(['chmod', 'a+rx', policy_d])
# execute code in context
try:
yield
finally:
# remove files
ex(['rm', policy_d, bootdisk_path])
# chdir back to /root
if not settings.DRY:
os.chdir('/root')
# unmount filesystems
for mount in reversed(mounted):
ex(['umount', mount])
# deactivate volume group
with setting(SLEEP=3):
ex(['vgchange', '-a', 'n', lv_name])
ex(['kpartx', '-s', '-d', bootdisk])
if not settings.DRY:
log.debug('- rmdir %s', settings.CHROOT)
os.removedirs(settings.CHROOT)
def update_grub(sed_ex):
log.info('Update GRUB')
# update-grub is suspected to cause problems, so we just replace the hsotname manually
# chroot(['update-grub'])
ex(['sed', '-i', sed_ex, 'boot/grub/grub.cfg'])
chroot(['update-initramfs', '-u', '-k', 'all'])
def prepare_munin_tls(key, pem):
path = 'etc/munin/munin-node.conf'
ex(['sed', '-i', 's/^#tls/tls/', path])
ex(['sed', '-i', 's~^tls_private_key.*~tls_private_key %s~' % key, path])
ex(['sed', '-i', 's~^tls_certificate.*~tls_certificate %s~' % pem, path])
def lvdisplay(path):
stdout, stderr = ex(['lvdisplay', '--noheadings', '--separator', ';', '--units=b', '-C', path],
quiet=True, dry=True)
return LV(*stdout.decode('utf-8').strip().split(';'))
def lvcreate(vg, name, size):
log.info('Create LV %s on VG %s', name, vg)
ex(['lvcreate', '-L', size, '-n', name, vg])
def prepare_munin(src_priv_ip6, priv_ip6):
log.info('Preparing munin-node')
path = 'etc/munin/munin-node.conf'
ex(['sed', '-i', 's/^host %s/host %s/g' % (src_priv_ip6, priv_ip6), path])