def configure(self): """ [rbuilderstorage] # optional list of ':' seperated dirs relocate-paths = /srv:/var/rmake """ try: blkdevmap = self.id.getBlockDeviceMapping() except EC2DataRetrievalError: return cfg = self.ud.getSection("storage") ephemeralDevs = [] for key, dev in blkdevmap.iteritems(): if "ephemeral" in key: mntpnt = "/ephemeral/%s" % key[9:] # ephemeral device names are not correct # for our kernel if not os.path.exists("/dev/%s" % dev): dev = dev.replace("sd", "xvd") ephemeralDevs.append(("/dev/%s" % dev, mntpnt)) relocatePaths = ["/srv", "/var/rmake"] if "relocate-paths" in cfg: relocatePaths = cfg["relocate-paths"].split(":") # First ephemeral is scratch scratchDev = ephemeralDevs[0][0] os.system("pvcreate %s" % scratchDev) os.system("vgcreate vg00 %s" % scratchDev) # Second dev is for mass storage (dev, mntpnt) = ephemeralDevs[1] util.mkdirChain(mntpnt) util.call(["mount", dev, mntpnt]) for relocPath in relocatePaths: if os.path.exists(relocPath) and not os.path.islink(relocPath): util.movetree(relocPath, "%s/%s" % (mntpnt, relocPath)) os.symlink("%s/%s" % (mntpnt, relocPath), relocPath)
def configure(self): """ [openvpn] nameserver = 192.168.1.1 search = foo.example.com bar.example.com server = myvpn.example.com port = 1194 proto = tcp ca = <compressed ca cert> cert = <compressed cert> key = <compressed cert> """ cfg = self.ud.getSection('openvpn') template = """\ client dev tun proto %(proto)s remote %(server)s %(port)s resolv-retry infinite nobind #user nobody #group nobody persist-key persist-tun ca %(cafile)s cert %(certfile)s key %(keyfile)s ns-cert-type server cipher BF-CBC comp-lzo verb 3 """ for key in ('server', 'port', 'ca', 'cert', 'key'): if key not in cfg: return if 'proto' not in cfg: cfg['proto'] = 'udp' cfgdir = os.path.join('/', 'etc', 'openvpn', 'amiconfig') util.mkdirChain(cfgdir) cfg['cafile'] = os.path.join(cfgdir, 'ca.crt') cfg['certfile'] = os.path.join(cfgdir, 'cert.crt') cfg['keyfile'] = os.path.join(cfgdir, 'key.key') util.urlgrab(cfg['ca'], filename=cfg['cafile']) cert = util.decompress(util.decode(cfg['cert'])) key = util.decompress(util.decode(cfg['key'])) open(cfg['certfile'], 'w').write(cert) open(cfg['keyfile'], 'w').write(key) cfgfile = os.path.join('/', 'etc', 'openvpn', 'amiconfig.conf') open(cfgfile, 'w').write(template % cfg) if 'nameserver' in cfg: resolv = open('/etc/resolv.conf', 'w') if 'search' in cfg: resolv.write('search %s\n' % cfg['search']) resolv.write('nameserver %s\n' % cfg['nameserver']) resolv.close()
def configure(self): """ [storage] # disable the spacedaemon daemon = False # size in GB pre-allocated-space = 20 # list of ':' seperated dirs relocate-paths = /srv/rmake-builddir:/srv/mysql """ try: blkdevmap = self.id.getBlockDeviceMapping() except errors.EC2DataRetrievalError: return cfg = self.ud.getSection('storage') # Always mount swap if 'swap' in blkdevmap: swap = blkdevmap['swap'] util.call(['swapon', swap]) ephemeralDevs = [] for key, dev in blkdevmap.iteritems(): if 'ephemeral' in key: mntpnt = '/ephemeral/%s' % key[9:] ephemeralDevs.append(('/dev/%s' % dev, mntpnt)) relocatePaths = [] if 'relocate-paths' in cfg: relocatePaths = cfg['relocate-paths'].split(':') ephemeralDevsCount = len(ephemeralDevs) relocatePathsCount = len(relocatePaths) if ephemeralDevsCount < 1: return pathsPerDev = relocatePathsCount if ephemeralDevsCount > 1 and relocatePathsCount > 1: pathsPerDev = math.ceil(relocatePathsCount / float(ephemeralDevsCount)) # The ephemeral space is a sparse file on an independent spindle. To # increase performance you want to create a file under the ephemeral # mout point to pre allocate the sparse file. size = 0 if 'pre-allocated-space' in cfg: # size is in GB size = int(cfg['pre-allocated-space']) # Get daemon configuration. daemon = True if 'daemon' in cfg: daemon = bool(cfg['daemon']) paths = [] for i, (dev, mntpnt) in enumerate(ephemeralDevs): util.mkdirChain(mntpnt) util.call(['mount', dev, mntpnt]) if daemon: paths.append(mntpnt) else: fh = util.createUnlinkedTmpFile(mntpnt) util.growFile(fh, size * 1024) fh.close() for j in range((i+1) * pathsPerDev): if relocatePathsCount > j and os.path.exists(relocatePaths[j]) \ and not os.path.islink(relocatePaths[j]): util.movetree(relocatePaths[j], '%s/%s' % (mntpnt, relocatePaths[j])) os.symlink('%s/%s' % (mntpnt, relocatePaths[j]), relocatePaths[j]) if daemon and len(paths) > 0: exe = spacedaemon.__file__ if exe.endswith('.pyc'): exe = exe[:-1] cmd = [ exe, str(size * 1024) ] cmd.extend(paths) util.call(cmd)
def configure(self): """ [cernvm] # entitlement key entitlement_key = 289a919c-9a97-44a9-a07d-473850bd5730 # contextualization key contextualization_key = de4248a0-3fc9-463b-a66f-88f7bc935b11 # path to contextualization command contextualization_command = /path/to/script.sh # url to retrieve initial CernVM configuration # config_url = <url> # list of ',' seperated organisations/experiments organisations = alice,atlas # install group profile group_profile = group-<org>[-desktop] # list of ',' seperated repositories repositories = alice,atlas,grid # extra repositories, comma-separated; each field has: # name|server|<base64_encoded_pubkey> extra_repositories = name|server|<base64_encoded_pubkey>,name2|server2|<base64_encoded_pubkey2> # CernVM user name:group:password users = testalice:alice:12345test,testatlas:atlas:12345atlas # CernVM user shell </bin/bash|/bin/tcsh> shell = /bin/bash # Automatically login CernVM user to GUI auto_login = on # CVMFS HTTP proxy http://<host>:<port>;DIRECT proxy = DIRECT # list of ',' seperated services to start services = <list> # extra environment variables to define environment = CMS_SITECONFIG=CERN,CMS_ROOT=/opt/cms # CernVM edition Basic|Desktop edition = Basic # CernVM screen Resolution screenRes = 1024x768 # Start XDM on boot on|off startXDM = off # Keyboard keyboard = us # GRID UI version gridUiVersion = default """ cfg = self.ud.getSection('cernvm') group_profile = '' if 'group_profile' in cfg: group_profile = cfg['group_profile'] call(['/etc/cernvm/config', '-g', '%s' % (group_profile)]) entitlement_key = '' if 'entitlement_key' in cfg: entitlement_key = cfg['entitlement_key'] self.writeConfigToFile( "/etc/cvmfs/site.conf", 'CVMFS_ENTITLEMENT_KEY',entitlement_key,"=") contextualization_key = '' if 'contextualization_key' in cfg: contextualization_key = cfg['contextualization_key'] self.writeConfigToFile( "/etc/cernvm/site.conf", 'CERNVM_CONTEXTUALIZATION_KEY',contextualization_key,"=") contextualization_cmd = '' if 'contextualization_command' in cfg: contextualization_cmd = cfg['contextualization_command'] self.writeConfigToFile( "/etc/cernvm/site.conf", 'CERNVM_CONTEXTUALIZATION_COMMAND', contextualization_cmd,"=") organisations = '' if 'organisations' in cfg: organisations = cfg['organisations'] self.writeConfigToFile( "/etc/cernvm/site.conf", 'CERNVM_ORGANISATION',organisations,"=") repositories = '' if 'repositories' in cfg: repositories = cfg['repositories'] self.writeConfigToFile( "/etc/cvmfs/site.conf", 'CVMFS_REPOSITORIES',repositories,"=") extra_repositories = cfg.get('extra_repositories', None) if extra_repositories is not None: for entry in extra_repositories.split(','): parsed_entry = entry.split('|') if len(parsed_entry) == 3: r_name, r_serv, r_key_b64 = parsed_entry try: r_key = base64.b64decode(r_key_b64) except Exception: # malformed b64 continue # Write configuration f = None try: try: f = open('/etc/cvmfs/config.d/%s.conf'%r_name, 'w') f.write( 'CVMFS_SERVER_URL=http://%s/cvmfs/%s\n' % (r_serv, r_name) ) f.write( 'CVMFS_HTTP_PROXY=DIRECT\n' ) except IOError, e: print "Cannot write configuration for CVMFS repo %s" % r_name pass finally: if f is not None: f.close() # Write key f = None try: try: f = open('/etc/cvmfs/keys/%s.pub'%r_name, 'w') f.write(r_key) f.write('\n') except IOError, e: print "Cannot write pubkey for CVMFS repo %s" % r_name pass finally: if f is not None: f.close() screenRes = '' if 'screenres' in cfg: screenRes = cfg['screenres'] self.writeConfigToFile( "/etc/cernvm/site.conf", 'CERNVM_SCREEN_RES',screenRes,"=") startXDM = '' if 'startxdm' in cfg: startXDM = cfg['startxdm'] self.writeConfigToFile( "/etc/cernvm/site.conf", 'CERNVM_START_XDM',startXDM,"=") edition = '' if 'edition' in cfg: edition = cfg['edition'] self.writeConfigToFile( "/etc/cernvm/site.conf", 'CERNVM_EDITION',edition,"=") keyboard = '' if 'keyboard' in cfg: keyboard = cfg['keyboard'] self.writeConfigToFile( "/etc/cernvm/site.conf", 'CERNVM_KEYBOARD',keyboard,"=") gridUiVersion = '' if 'griduiversion' in cfg: gridUiVersion = cfg['griduiversion'] self.writeConfigToFile( "/etc/cernvm/site.conf", 'CERNVM_GRID_UI_VERSION',gridUiVersion,"=") #config_url = '' #if 'config_url' in cfg: # config_url = cfg['config_url'] # self.writeConfigToFile( # "/etc/cernvm/site.conf", # 'CERNVM_CONFIG_URL',config_url,"=") proxy = '' if 'proxy' in cfg: proxy = cfg['proxy'] self.writeConfigToFile( "/etc/cvmfs/site.conf", 'CVMFS_HTTP_PROXY',proxy,"=") services = '' if 'services' in cfg: services = cfg['services'] self.writeConfigToFile( "/etc/cernvm/site.conf", 'CERNVM_SERVICES',services,"=") shell = '/bin/bash' if 'shell' in cfg: shell = cfg['shell'] self.writeConfigToFile( "/etc/cernvm/site.conf", 'CERNVM_USER_SHELL',shell,"=") autoLogin = '******' if 'auto_login' in cfg: autoLogin = cfg['auto_login'] self.writeConfigToFile( "/etc/cernvm/site.conf", 'CERNVM_AUTOLOGIN',autoLogin,"=") if 'desktop_icons' in cfg: desktopIcons = cfg['desktop_icons'] self.writeConfigToFile( "/etc/cernvm/site.conf", 'CERNVM_DESKTOP_ICONS', desktopIcons, "=") util.call(['/etc/cernvm/config','-y']) environment = '' vars = '' if 'environment' in cfg: environment = cfg['environment'] for entry in environment.split(','): (var,val) = entry.split('=') self.writeConfigToFile( "/etc/cernvm/environment.conf",var,val,"=") vars += '+' + var self.writeConfigToFile( "/etc/cernvm/site.conf",'CERNVM_ENVIRONMENT_VARS',vars,'=') users = '' first = 1 eosUser = None x509User = None if 'users' in cfg: users = cfg['users'] for entry in users.split(','): (username,group,password) = entry.split(':') if not len(password): password = ''.join(random.choice(string.ascii_uppercase + string.digits + string.ascii_lowercase) for x in range(8)) if first: self.writeConfigToFile( "/etc/cernvm/site.conf", 'CERNVM_USER',username,"=") self.writeConfigToFile( "/etc/cernvm/site.conf", 'CERNVM_USER_GROUP',group,"=") first = 0 x509User = username eosUser = username call(['/etc/cernvm/config', '-u', '%s' % (username), '%s' % (shell), '%s' % (password), '%s' % (group)]) certUserField = 'x509-user' if certUserField in cfg: x509User = cfg[certUserField] if x509User is None: # Fallback to root x509User = '******' certFileField = 'x509-cert-file' if certFileField in cfg and x509User is not None: pw = pwd.getpwnam(x509User) x509CertFile = '/tmp/x509up_u' + str(pw.pw_uid) eosx509CertFile = x509CertFile shutil.copy2(cfg[certFileField], x509CertFile) os.chmod(x509CertFile,stat.S_IREAD|stat.S_IWRITE) os.chown(x509CertFile,pw.pw_uid,pw.pw_gid) certField = 'x509-cert' if certField in cfg and x509User is not None: x509Cert = cfg[certField] try: x509Cert = base64.decodestring(x509Cert) except: # Malformed base64 data. We ignore it. return pw = pwd.getpwnam(x509User) x509CertFile = '/tmp/x509up_u' + str(pw.pw_uid) eosx509CertFile = x509CertFile file(x509CertFile, "w").write(x509Cert) os.chmod(x509CertFile,stat.S_IREAD|stat.S_IWRITE) os.chown(x509CertFile,pw.pw_uid,pw.pw_gid) eosUserField = 'eos-user' if eosUserField in cfg: eosUser = cfg[eosUserField] eosCertField = 'eos-x509-cert' if eosCertField in cfg: eosx509Cert = cfg[eosCertField] try: eosx509Cert = base64.decodestring(eosx509Cert) except: # Malformed base64 data. We ignore it. return pw = pwd.getpwnam(eosUser) eosx509CertFile = '/tmp/x509up_u' + str(pw.pw_uid) + '.eos' file(eosx509CertFile, "w").write(eosx509Cert) os.chmod(eosx509CertFile,stat.S_IREAD|stat.S_IWRITE) os.chown(x509CertFile,pw.pw_uid,pw.pw_gid) field = 'eos-readaheadsize' eosReadAheadSize = 4000000 if field in cfg: eosReadAheadSize = cfg[field] field = 'eos-readcachesize' eosReadCacheSize = 16000000 if field in cfg: eosReadCacheSize = cfg[field] srvField = 'eos-server' if srvField in cfg and eosUser is not None: server = cfg[srvField] util.mkdirChain('/eos') util.call(['/bin/chown',eosUser,'/eos']) util.call(['/sbin/modprobe','fuse']) cmd='/usr/bin/env X509_CERT_DIR=/cvmfs/grid.cern.ch/etc/grid-security/certificates X509_USER_PROXY=%s EOS_READAHEADSIZE=%s EOS_READCACHESIZE=%s /usr/bin/eosfsd /eos -oallow_other,kernel_cache,attr_timeout=30,entry_timeout=30,max_readahead=131072,max_write=4194304,fsname=eos root://%s//eos/' % (eosx509CertFile,eosReadAheadSize,eosReadCacheSize,server) util.call(cmd.split()) if edition == 'Desktop': util.call(['/etc/cernvm/config','-x']) util.call(['/sbin/telinit','5']) util.call(['/sbin/service cernvm start'])