コード例 #1
0
ファイル: prep.py プロジェクト: SteveMcGrath/deploy
def epel():
    '''
    Installs the EPEL repository
    '''
    from base import get_dist
    opsys = get_dist()
    if opsys['dist'] == 'redhat':
        if run('rpm -qa epel-release') == '':
            sudo('yum -y install epel-release')
コード例 #2
0
ファイル: prep.py プロジェクト: SteveMcGrath/deploy
def epel():
    '''
    Installs the EPEL repository
    '''
    from base import get_dist
    opsys = get_dist()
    if opsys['dist'] == 'redhat':
        if run('rpm -qa epel-release') == '':
            sudo('yum -y install epel-release')
コード例 #3
0
ファイル: prep.py プロジェクト: SteveMcGrath/deploy
def update():
    '''
    Updates the OS to current
    '''
    from base import get_dist
    opsys = get_dist()
    if opsys['dist'] == 'redhat':
        sudo('yum -y update')
    elif opsys['dist'] in ['debian', 'ubuntu']:
        with settings(warn_only=True):
            sudo('apt-get update')
        sudo('apt-get -y upgrade')
コード例 #4
0
ファイル: prep.py プロジェクト: SteveMcGrath/deploy
def mosh():
    '''
    Installs Mosh binary.
    '''
    from base import get_dist
    opsys = get_dist()
    if opsys['dist'] == 'redhat':
        if run('rpm -qa mosh') == '':
            epel()
            sudo('yum -y install mosh')
    elif opsys['dist'] in ['debian', 'ubuntu']:
        sudo('apt-get -y install mosh')
コード例 #5
0
ファイル: prep.py プロジェクト: SteveMcGrath/deploy
def update():
    '''
    Updates the OS to current
    '''
    from base import get_dist
    opsys = get_dist()
    if opsys['dist'] == 'redhat':
        sudo('yum -y update')
    elif opsys['dist'] in ['debian', 'ubuntu']:
        with settings(warn_only=True):
            sudo('apt-get update')
        sudo('apt-get -y upgrade')
コード例 #6
0
ファイル: prep.py プロジェクト: SteveMcGrath/deploy
def mosh():
    '''
    Installs Mosh binary.
    '''
    from base import get_dist
    opsys = get_dist()
    if opsys['dist'] == 'redhat':
        if run('rpm -qa mosh') == '':
            epel()
            sudo('yum -y install mosh')
    elif opsys['dist'] in ['debian', 'ubuntu']:
        sudo('apt-get -y install mosh')
コード例 #7
0
ファイル: prep.py プロジェクト: SteveMcGrath/deploy
def rmate():
    '''
    Installs the rmate shell script into /usr/local/bin
    '''
    from base import get_dist
    opsys = get_dist()
    print opsys
    url = 'https://raw.githubusercontent.com/aurora/rmate/master/rmate'
    if opsys['dist'] == 'redhat':
        sudo('curl -o /usr/local/bin/rmate %s' % url)
    elif opsys['dist'] in ['debian', 'ubuntu']:
        sudo('wget -O /usr/local/bin/rmate %s' % url)
    sudo('chmod 755 /usr/local/bin/rmate')
コード例 #8
0
ファイル: prep.py プロジェクト: SteveMcGrath/deploy
def rmate():
    '''
    Installs the rmate shell script into /usr/local/bin
    '''
    from base import get_dist
    opsys = get_dist()
    print opsys
    url = 'https://raw.githubusercontent.com/aurora/rmate/master/rmate'
    if opsys['dist'] == 'redhat':
        sudo('curl -o /usr/local/bin/rmate %s' % url)
    elif opsys['dist'] in ['debian', 'ubuntu']:
        sudo('wget -O /usr/local/bin/rmate %s' % url)
    sudo('chmod 755 /usr/local/bin/rmate')
コード例 #9
0
ファイル: prep.py プロジェクト: SteveMcGrath/deploy
def yumcron():
    '''
    Installs and activates yum-cron
    '''
    from base import get_dist
    opsys = get_dist()
    if opsys['dist'] == 'redhat':
        if run('rpm -qa yum-cron') == '':
            sudo('yum -y install yum-cron')
            if files.exists('/etc/yum/yum-cron.conf'):
                files.sed('/etc/yum/yum-cron.conf', 
                            'apply_updates = no', 
                            'apply_updates = yes', 
                            use_sudo=True)
            sudo('chkconfig yum-cron on')
コード例 #10
0
ファイル: prep.py プロジェクト: SteveMcGrath/deploy
def yumcron():
    '''
    Installs and activates yum-cron
    '''
    from base import get_dist
    opsys = get_dist()
    if opsys['dist'] == 'redhat':
        if run('rpm -qa yum-cron') == '':
            sudo('yum -y install yum-cron')
            if files.exists('/etc/yum/yum-cron.conf'):
                files.sed('/etc/yum/yum-cron.conf', 
                            'apply_updates = no', 
                            'apply_updates = yes', 
                            use_sudo=True)
            sudo('chkconfig yum-cron on')
コード例 #11
0
ファイル: prep.py プロジェクト: SteveMcGrath/deploy
def sshkeys(keyfile=None):
    '''
    Pushes the management keys to remote server.
    '''
    from base import get_dist
    # This is needed for restorecon

    # The first thing we need to do is build the public keys array.  This array
    # will be the basis for the authorized_keys file down the road.
    pubkeys = list()
    for root, d, f in os.walk(config.public_keys_path):
        for key in f:
            with open(os.path.join(root, key)) as keyfile:
                pubkeys.append(keyfile.read())

    # Now lets check to see if the .ssh folder exists for the root user.  if it
    # doesn't, then we will need to create it.
    if not files.exists('/root/.ssh', use_sudo=True):
        sudo('mkdir /root/.ssh')

    # Next up we need to see if the authorized_keys file exists.  If it doesn't
    # then we will touch the file.
    auth_keys = '/root/.ssh/authorized_keys'
    if files.exists(auth_keys, use_sudo=True):
        sudo('rm -f %s' % auth_keys)
    sudo('touch %s' % auth_keys)

    # Now we check to see if the authorized_keys file already has the public key
    # that we are trying to push.  If it does, then we wont need to do anything.
    # if it doesn't, then lets append the ssh key into the file.
    files.append(auth_keys, '\n'.join(pubkeys), use_sudo=True)

    # Now, we need to perform some cleanup.  Mainly make sure the permissions on
    # the .ssh directory and the authorized_keys files are setup properly and
    # run restorecon to make RHEL play nice with our changes.
    sudo('chmod 0700 /root/.ssh')
    sudo('chmod 0600 /root/.ssh/authorized_keys')
    if get_dist()['dist'] == 'redhat':
        with settings(warn_only=True):
            sudo('restorecon -R -v /root/.ssh')
コード例 #12
0
ファイル: prep.py プロジェクト: SteveMcGrath/deploy
def sshkeys(keyfile=None):
    '''
    Pushes the management keys to remote server.
    '''
    from base import get_dist
    # This is needed for restorecon

    # The first thing we need to do is build the public keys array.  This array
    # will be the basis for the authorized_keys file down the road.
    pubkeys = list()
    for root, d, f in os.walk(config.public_keys_path):
        for key in f:
            with open(os.path.join(root, key)) as keyfile:
                pubkeys.append(keyfile.read())

    # Now lets check to see if the .ssh folder exists for the root user.  if it
    # doesn't, then we will need to create it.
    if not files.exists('/root/.ssh', use_sudo=True):
        sudo('mkdir /root/.ssh')

    # Next up we need to see if the authorized_keys file exists.  If it doesn't
    # then we will touch the file.
    auth_keys = '/root/.ssh/authorized_keys'
    if files.exists(auth_keys, use_sudo=True):
        sudo('rm -f %s' % auth_keys)
    sudo('touch %s' % auth_keys)

    # Now we check to see if the authorized_keys file already has the public key
    # that we are trying to push.  If it does, then we wont need to do anything.
    # if it doesn't, then lets append the ssh key into the file.
    files.append(auth_keys, '\n'.join(pubkeys), use_sudo=True)

    # Now, we need to perform some cleanup.  Mainly make sure the permissions on
    # the .ssh directory and the authorized_keys files are setup properly and
    # run restorecon to make RHEL play nice with our changes.
    sudo('chmod 0700 /root/.ssh')
    sudo('chmod 0600 /root/.ssh/authorized_keys')
    if get_dist()['dist'] == 'redhat':
        with settings(warn_only=True):
            sudo('restorecon -R -v /root/.ssh')
コード例 #13
0
ファイル: prep.py プロジェクト: SteveMcGrath/deploy
def ssh_remove_weak_ciphers():
    from base import get_dist
    opsys = get_dist()
    ciphers = 'Ciphers aes128-ctr,aes192-ctr,aes256-ctr,blowfish-cbc'
    hmacs = 'MACs hmac-sha1,hmac-ripemd160'
    ssh_config = '\n'.join(['',
        '# default is aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,',
        '# aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,',
        '# aes256-cbc,arcfour',
        '# you can remove the cbc ciphers by adding the line\n',
        '%s\n' % ciphers,
        '# default is hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96',
        '# you can remove the hmac-md5 MACs with\n',
        '%s\n' % hmacs,
    ]), 
    if not files.contains('/etc/ssh/sshd_config', 'you can remove the hmac-md5', use_sudo=True):   
        files.append('/etc/ssh/sshd_config', ssh_config, use_sudo=True)
    else:
        files.sed('/etc/ssh/sshd_config', '^Ciphers.*', ciphers, use_sudo=True)
        files.sed('/etc/ssh/sshd_config', '^MACs.*', hmacs, use_sudo=True)
    if opsys['dist'] == 'redhat':
        run('service sshd restart')
コード例 #14
0
ファイル: prep.py プロジェクト: SteveMcGrath/deploy
def ssh_remove_weak_ciphers():
    from base import get_dist
    opsys = get_dist()
    ciphers = 'Ciphers aes128-ctr,aes192-ctr,aes256-ctr,blowfish-cbc'
    hmacs = 'MACs hmac-sha1,hmac-ripemd160'
    ssh_config = '\n'.join(['',
        '# default is aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,',
        '# aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,',
        '# aes256-cbc,arcfour',
        '# you can remove the cbc ciphers by adding the line\n',
        '%ss\n' % ciphers,
        '# default is hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96',
        '# you can remove the hmac-md5 MACs with\n',
        hmacs,
    ]), 
    if not files.contains('/etc/ssh/sshd_config', 'you can remove the hmac-md5', use_sudo=True):   
        files.append('/etc/ssh/sshd_config', ssh_config, use_sudo=True)
    else:
        files.sed('/etc/ssh/sshd_config', '^Ciphers.*', ciphers, use_sudo=True)
        files.sed('/etc/ssh/sshd_config', '^MACs.*', hmacs, use_sudo=True)
    if opsys['dist'] == 'redhat':
        run('service sshd restart')
コード例 #15
0
ファイル: adhoc.py プロジェクト: SteveMcGrath/deploy
def sshkeys(keyfile=None):
    '''
    Pushes the management keys to remote server.
    '''
    from base import get_dist
    # This is needed for restorecon

    # First thing, lets go ahead and read the public key into memory.
    if not keyfile:
        keyfile = config.public_key_filename
    pubkey = open(keyfile).read()

    # Now lets check to see if the .ssh folder exists for the root user.  if it
    # doesn't, then we will need to create it.
    if not files.exists('/root/.ssh', use_sudo=True):
        sudo('mkdir /root/.ssh')

    # Next up we need to see if the authorized_keys file exists.  If it doesn't
    # then we will touch the file.
    auth_keys = '/root/.ssh/authorized_keys'
    if not files.exists(auth_keys, use_sudo=True):
        sudo('touch %s' % auth_keys)

    # Now we check to see if the authorized_keys file already has the public key
    # that we are trying to push.  If it does, then we wont need to do anything.
    # if it doesn't, then lets append the ssh key into the file.
    if not files.contains(auth_keys, pubkey, use_sudo=True):
        files.append(auth_keys, pubkey, use_sudo=True)

    # Now, we need to perform some cleanup.  Mainly make sure the permissions on
    # the .ssh directory and the authorized_keys files are setup properly and
    # run restorecon to make RHEL play nice with our changes.
    sudo('chmod 0700 /root/.ssh')
    sudo('chmod 0600 /root/.ssh/authorized_keys')
    if get_dist()['dist'] == 'redhat':
        with settings(warn_only=True):
            sudo('restorecon -R -v /root/.ssh')
コード例 #16
0
ファイル: adhoc.py プロジェクト: SteveMcGrath/deploy
def sshkeys(keyfile=None):
    '''
    Pushes the management keys to remote server.
    '''
    from base import get_dist
    # This is needed for restorecon

    # First thing, lets go ahead and read the public key into memory.
    if not keyfile:
        keyfile = config.public_key_filename
    pubkey = open(keyfile).read()

    # Now lets check to see if the .ssh folder exists for the root user.  if it
    # doesn't, then we will need to create it.
    if not files.exists('/root/.ssh', use_sudo=True):
        sudo('mkdir /root/.ssh')

    # Next up we need to see if the authorized_keys file exists.  If it doesn't
    # then we will touch the file.
    auth_keys = '/root/.ssh/authorized_keys'
    if not files.exists(auth_keys, use_sudo=True):
        sudo('touch %s' % auth_keys)

    # Now we check to see if the authorized_keys file already has the public key
    # that we are trying to push.  If it does, then we wont need to do anything.
    # if it doesn't, then lets append the ssh key into the file.
    if not files.contains(auth_keys, pubkey, use_sudo=True):
        files.append(auth_keys, pubkey, use_sudo=True)

    # Now, we need to perform some cleanup.  Mainly make sure the permissions on
    # the .ssh directory and the authorized_keys files are setup properly and
    # run restorecon to make RHEL play nice with our changes.
    sudo('chmod 0700 /root/.ssh')
    sudo('chmod 0600 /root/.ssh/authorized_keys')
    if get_dist()['dist'] == 'redhat':
        with settings(warn_only=True):
            sudo('restorecon -R -v /root/.ssh')