def user_to_group(username, groupname): cmd_list = [ 'usermod -G %s -a %s' % (groupname, username) ] completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: raise Exception(t("Error adding user to group!"))
def enable(vhost): cmd_list = [ "a2ensite %s" % vhost, ] completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: raise Exception(t("Error in vhost activation!"), vhost)
def create_group(groupname): cmd_list = [ 'groupadd %s' % groupname ] completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: raise Exception(t("Error in group creation!"))
def run(self): print "pre install" _install.run(self) #script link source = "%s/uwsas/uwsa.py" % self.install_lib link = "/usr/local/bin/uwsa" if not files.exists(link): files.symlink(source,link) files.chmod(link, u="rx",g="rx",o="rx") #validate v0.3.1 old path if files.exists("/usr/local/lib/uwsa") and \ inputs.get_input_yesno(t("The old uwsa path exists. Do you want to move its content to new destination?")): cmd_list = [ "bash -c 'mkdir -p /var/lib/uwsa'", "bash -c 'cp -fr /usr/local/lib/uwsa/* /var/lib/uwsa/'", ] completed, pinfo = core.exec_cmd_list(cmd_list) if completed: cmd_list = [ "bash -c 'mv /usr/local/lib/uwsa /usr/local/lib/uwsa_to_delete'", ] completed, pinfo = core.exec_cmd_list(cmd_list) files.replace_in('/etc/uwsa/uwsa.conf','/usr/local/lib/uwsa','/var/lib/uwsa') #validate v0.4 remove mysql_xxx in conf all_conf = files.ls("/var/lib/uwsa/site/*") for f in all_conf: if files.is_file(f): files.replace_in(f,'mysql_schema','schema') files.replace_in(f,'mysql_user','user') files.replace_in(f,'mysql_pass','pass') #install prereque dependencies = "python-ldap python-iniparse python-mysqldb" print t("Will install"), dependencies cmd_list = [ 'apt-get update', "bash -c 'DEBIAN_FRONTEND=noninteractive apt-get install -y %s'" % dependencies, ] completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: raise Exception(t("Cannot install uwsa dependencies! %s" % dependencies)) print t("post install DONE!")
def graceful(self, name): cmd_list = [ "a2enmod rewrite", "apache2ctl graceful", ] completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: raise Exception(t("Error in installation!"), name)
def fix_package(self, element): if element["fix_func"]: element["fix_func"](element) else: cmd = "bash -c 'DEBIAN_FRONTEND=noninteractive apt-get install -y %s'" % element["name"] completed, pinfo = core.exec_cmd_list([cmd]) if not completed: raise Exception(t("Error in installation!"), element["name"])
def graceful(): cmd_list = [ "apache2ctl graceful", ] completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: L.error(pinfo['stdout'] + '\n' + pinfo['stderr']) raise Exception(t("Error in site.graceful!"))
def fix_grub(self, element): files.replace_in(element['name'], '#GRUB_GFXMODE=640x480\n', 'GRUB_GFXMODE=1024x768\nGRUB_GFXPAYLOAD_LINUX=1024x768\n') cmd_list = [ "update-grub", ] completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: raise Exception(t("Error in installation!"), element['name'])
def fix_ssh(self, element): if not files.contains(element['name'], self.CHROOT_RULE): files.append(element['name'], "\n%s\n" % self.CHROOT_RULE) cmd_list = [ "service ssh restart", ] completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: raise Exception(t("Error in installation!"), element['name'])
def ldap_centrify_refresh(self, ldap_group=None, ldap_user=None): cmd_list = ['adflush','adreload','sleep 15','adinfo'] if ldap_user: cmd_list.append('adquery user -A %s' % ldap_user) if ldap_group: cmd_list.append('adquery group -A %s' % ldap_group) completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: L.error(t("Cannot reload AD after LDAP user/group creation!"))
def fix_centrifydc(self, element): files.replace_in('/etc/apt/sources.list', '# deb http://archive.canonical.com/ubuntu precise partner', 'deb http://archive.canonical.com/ubuntu precise partner') cmd_list = [ 'apt-get update', "bash -c 'DEBIAN_FRONTEND=noninteractive apt-get install -y centrifydc'", ] completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: raise Exception(t("Error in installation!"), element['name'])
def fix_moved(self, element): if not files.realpath('/var/www') == '/data/www': cmd_list = [ "service apache2 stop", "mkdir -p /data", "mv /var/www/ /data/", "ln -s /data/www /var/www", "chown -h www-data:www-data /var/www", "service apache2 start", ] completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: raise Exception(t("Error in installation!"), element['name'])
def restore_bd(self, filename): schema = self.conf.get("mysql", "schema") user = self.conf.get("mysql", "user") password = self.conf.get("mysql", "pass") cmd_list = [ { "command": "bash -c 'mysql -u %s -p%s %s < %s'" % (user, password, schema, filename), "anonymous": "bash -c 'mysql -u %s -p%s %s < %s'" % (user, "XXXXX", schema, filename), } ] completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: L.error(t("Failed to restore schema %s!") % schema) return completed
def create_user(username, usermail, password=None): if password is None: password = inputs.gen_password(inputs.PASS_CHARS_UNIX) cmd_list = [ { 'command': 'bash -c "useradd -s /bin/bash -U -p $(mkpasswd \"%s\") %s"' % (password, username), 'anonymous': 'bash -c "useradd -s /bin/bash -U -p $(mkpasswd XXXXXX) %s"' % username, } ] completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: L.error(pinfo['stdout'] + '\n' + pinfo['stderr']) raise Exception(t("Error in user creation!")) return password
def move_mysql(self, element): if not files.contains('/etc/apparmor.d/usr.sbin.mysqld', '/data/mysql/'): files.replace_in('/etc/apparmor.d/usr.sbin.mysqld', '/var/lib/mysql/', '/data/mysql/') if not files.realpath('/var/lib/mysql/') == '/data/mysql': cmd_list = [ "/etc/init.d/mysql stop", "mv /var/lib/mysql/ /data/", "ln -s /data/mysql /var/lib/mysql", "chown -h mysql:mysql /var/lib/mysql", "service apparmor reload", "/etc/init.d/mysql start", ] completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: raise Exception(t("Error in installation!"), element['name'])
def dump_bd(self, filename): schema = self.conf.get("mysql", "schema") user = self.conf.get("mysql", "user") password = self.conf.get("mysql", "pass") cmd_list = [ { "command": "bash -c 'mysqldump -u%s -p%s --single-transaction --routines --triggers %s > %s'" % (user, password, schema, filename), "anonymous": "bash -c 'mysqldump -u%s -p%s --single-transaction --routines --triggers %s > %s'" % (user, "XXXXX", schema, filename), } ] completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: L.error(t("Failed to dump schema %s!") % schema) return completed
def try_acl_activation(self): unix_group = self.conf.get('access','unix_group') ldap_group = self.conf.get('access','ldap_group') cmd_list = [] if unix_group: #unix_acl = self.generate_acl(unix_group) cron_fullpath = "/etc/cron.acl/%s" % self.get_safe_name(unix_group) cmd_list.append(cron_fullpath) if ldap_group: #ldap_acl = self.generate_acl(ldap_group) cron_fullpath = "/etc/cron.acl/%s" % self.get_safe_name(ldap_group) cmd_list.append(cron_fullpath) if len(cmd_list) > 0: completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: L.error(t("ACL not applied properly, probably because centrify is not updated. " "You will need to apply them manually or wait the auto apply..."))
def reset_root_password(password): cmd_list = [ "/etc/init.d/mysql stop", { "command":"bash -c 'mysqld_safe --user=mysql --skip-grant-tables &'","wait":False }, "sleep 5", { 'command': "mysql -u root mysql -e \"update user set password=PASSWORD('%s') where User='******';\"" % password, 'anonymous': "mysql -u root mysql -e \"update user set password=PASSWORD('%s') where User='******';\"" % 'XXXXXXXXX', }, "pkill mysqld_safe", "/etc/init.d/mysql start", ] completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: L.error(t("Failed to change root password! The database is down!")) return completed
def do(self, args=[]): completed = InstallCommand.do(self,args) if inputs.get_input_yesno(t("Do you want to configure centrify/ldap now?")): if inputs.get_input_yesno(t("Will this machine use Active Directory?")): domain_name = inputs.get_input_string(t("What is the domain name?"), CONF_MAP('ldap','domain')) domain_controller = inputs.get_input_string(t("What is the address of the domain controller?"), CONF_MAP('ldap','dc')) domain_read_user = inputs.get_input_string(t("What is the ldap reader username?"), CONF_MAP('ldap','ldap_reader')) domain_read_pass = inputs.get_password(t("What is the ldap reader password?"),validate=False) domain_default_ou = inputs.get_input_string(t("What is the ldap default OU for uwsa?"), CONF_MAP('ldap','uwsa_ou')) CONFIG.mod('ldap','enabled', True) CONFIG.mod('ldap','domain', domain_name) CONFIG.mod('ldap','dc', domain_controller) CONFIG.mod('ldap','ldap_reader', domain_read_user) CONFIG.mod('ldap','ldap_reader_pass', domain_read_pass) CONFIG.mod('ldap','uwsa_ou', domain_default_ou) if not CONF_MAP('centrify', 'joined') and inputs.get_input_yesno(t("Do you want to join the Active Directory now?")): domain_admin_user = inputs.get_input_string(t("What is the domain admin username?")) domain_admin_pass = inputs.get_password(t("What is the domain admin password?"),confirm=False, validate=False) cmd_list = [ {'command' : 'adjoin -w --force --user %s --password %s %s' % (domain_admin_user, domain_admin_pass, domain_name), 'anonymous' : 'adjoin -w --force --user %s --password XXXXXXXXXXXXX %s' % (domain_admin_user, domain_name), 'success_code' : [0,8], }, 'service centrifydc start', ] completed, pinfo = core.exec_cmd_list(cmd_list) L.info(pinfo['stdout']) if not completed: raise Exception(t("Error in installation!"), self.NAME) CONFIG.mod('centrify','joined', "True" ) CONFIG.save() return completed
def install_mysql(self, element): cmd = "bash -c 'DEBIAN_FRONTEND=noninteractive apt-get install -y %s'" % self.packages completed = core.exec_cmd_list([cmd]) if not completed: raise Exception(t("Error in installation!"), element['name'])
if __name__ == '__main__': site_name = "${site_name}" site_path = "${site_path}" ldap_group = "${ldap_group}" ldap_dev_team = CONF_MAP('site','ldap_dev_team') unix_group = "${unix_group}" pam_user = os.getenv('PAM_USER') site_home_path = "/home/%s/%s" % (pam_user, site_name) is_member = False if ldap_group: is_member |= ldap.is_member_of(pam_user,ldap_group) if ldap_dev_team: is_member |= ldap.is_member_of(pam_user,ldap_dev_team,'') #L.info("%s, is_member:%s of %s" % (pam_user,is_member,ldap_dev_team)) if unix_group: is_member |= unix.is_member_of(pam_user,unix_group) if is_member: files.mkdir(site_home_path) files.chown(site_home_path) cmd_list = [ 'mount --bind %s %s' % (site_path, site_home_path), ] if not files.contains("/proc/mounts", site_home_path): core.exec_cmd_list(cmd_list)
and unix.is_notunix_user(pam_user) and CONF_MAP("ldap", "enabled") and CONF_MAP("centrify", "pam_allow_workaround") ): is_allowed_to_login = False with open("/etc/centrifydc/groups.allow", "r") as f: for group in f: group = group.strip() if group: print pam_user, group, ldap.is_member_of(pam_user, group, "") is_allowed_to_login |= ldap.is_member_of(pam_user, group, "") if not is_allowed_to_login: L.error(t("%s is not allowed here! Bye!") % pam_user) exit(1) if not is_admin: cmd_list = [ "mkdir -p /home/%(user)s" % {"user": pam_user}, "chown root:%(user)s /home/%(user)s" % {"user": pam_user}, "chmod g+rx /home/%(user)s" % {"user": pam_user}, "run-parts --report %s" % CONF_MAP("libpam_script", "auto_mount_dir"), ] completed, pinfo = core.exec_cmd_list(cmd_list) # if not completed: # L.error(t("Chrooting is NOT working! %s") % pinfo) else: print t("Hi!") except Exception as e: L.exception(t("Critical problem in %s") % __file__)
def create_wordpress(self): if self.conf.get('wordpress','enabled'): site_path, root_path, log_path, upload_tmp_path = self.generate_dir() wp_tpl_webroot = CONF_MAP('site','wordpress_template_path') + "/webroot" wp_tpl_schema = CONF_MAP('site','wordpress_template_path') + "/schema/wordpress_tpl_schema.sql" wp_webroot_conf = root_path + "/wp-config.php" mysql_user = self.conf.get('mysql','user') mysql_pass = self.conf.get('mysql','pass') mysql_schema = self.conf.get('mysql','schema') site_name = self.conf.get('main','site_name') if inputs.get_input_noyes(t("Do you want deploy the default wordpress template under %s?") % root_path): if files.exists(wp_tpl_webroot): cmd_list = [ "bash -c 'cp -fr %s/* %s/'" % (wp_tpl_webroot, root_path), ] completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: L.error(t("Cannot deploy the template.")) else: L.info(t("There is no template under %s") % wp_tpl_webroot) elif inputs.get_input_yesno(t("Do you want to only deploy default plugins?")): if files.exists(wp_tpl_webroot): cmd_list = [ "bash -c 'mkdir -p %s/wp-content/plugins'" % root_path, "bash -c 'cp -fr %s/wp-content/plugins/* %s/wp-content/plugins/'" % (wp_tpl_webroot, root_path), ] completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: L.error(t("Cannot deploy plugins.")) else: L.info(t("There is no template under %s") % wp_tpl_webroot) if files.exists(wp_webroot_conf): params_dict = { 'DB_NAME': mysql_schema, 'DB_USER': mysql_user, 'DB_PASSWORD': mysql_pass, 'DB_HOST':'localhost', } for key in params_dict: pattern = "define\(\s*?['\"]%s['\"].*;" % key target = "define('%s', '%s');" % (key, params_dict[key]) files.re_replace_in(wp_webroot_conf, pattern, target) else: L.info(t("There is no wp-config.php under %s") % root_path) if files.exists(wp_tpl_schema) and inputs.get_input_noyes(t("Do you want to restore default database?")): L.info(t("Restoring default schema %s.") % mysql_schema) tmp_file = "/tmp/uwsa_wp_schema_%s" % uuid.uuid4() files.cp(wp_tpl_schema, tmp_file) files.re_replace_in(tmp_file,'UWSA_SCHEMA_NAME', mysql_schema) files.replace_in_php_database(tmp_file,'UWSA_SITE_NAME', site_name) cmd_list = [ { 'command': "bash -c 'mysql -u %s -p%s %s < %s'" % (mysql_user, mysql_pass, mysql_schema, tmp_file), 'anonymous': "bash -c 'mysql -u %s -p%s %s < %s'" % (mysql_user, "XXXXX", mysql_schema, tmp_file), }, ] completed, pinfo = core.exec_cmd_list(cmd_list) if not completed: L.error(t("Failed to restore schema %s!") % mysql_schema) os.remove(tmp_file)