def restart_services(self, method): tid = self.request.id servers = Server.query.filter(Server.redis.is_(True)).filter( Server.stunnel.is_(True)).all() appconf = AppConfiguration.query.first() chdir = "/opt/gluu-server-" + appconf.gluu_version ips = [] for server in servers: ips.append(server.ip) wlogger.log(tid, "(Re)Starting services ... ", "info", server_id=server.id) rc = __get_remote_client(server, tid) if not rc: continue def get_cmd(cmd): if server.gluu_server and not server.os == "CentOS 7": return 'chroot {0} /bin/bash -c "{1}"'.format(chdir, cmd) elif "CentOS 7" == server.os: parts = ["ssh", "-o IdentityFile=/etc/gluu/keys/gluu-console", "-o Port=60022", "-o LogLevel=QUIET", "-o StrictHostKeyChecking=no", "-o UserKnownHostsFile=/dev/null", "-o PubkeyAuthentication=yes", "root@localhost", "'{0}'".format(cmd)] return " ".join(parts) return cmd # Common restarts for all if server.os == 'CentOS 6': run_and_log(rc, 'service redis restart', tid, server.id) run_and_log(rc, 'service stunnel4 restart', tid, server.id) elif server.os == 'CentOS 7' or server.os == 'RHEL 7': run_and_log(rc, 'systemctl restart redis', tid, server.id) run_and_log(rc, 'systemctl restart stunnel', tid, server.id) else: run_and_log(rc, 'service redis-server restart', tid, server.id) run_and_log(rc, 'service stunnel4 restart', tid, server.id) # sometime apache service is stopped (happened in Ubuntu 16) # when install_cache_components task is executed; hence we also need to # restart the service run_and_log(rc, get_cmd('service apache2 restart'), tid, server.id) run_and_log(rc, get_cmd('service oxauth restart'), tid, server.id) run_and_log(rc, get_cmd('service identity restart'), tid, server.id) rc.close() if method != 'STANDALONE': wlogger.log(tid, "All services restarted.", "success") return host = appconf.nginx_host mock_server = Server() mock_server.hostname = host rc = __get_remote_client(mock_server, tid) if not rc: wlogger.log(tid, "Couldn't connect to proxy server to restart services" "fail") return mock_server.os = get_os_type(rc) if mock_server.os in ['Ubuntu 14', 'Ubuntu 16', 'CentOS 6']: run_and_log(rc, "service stunnel4 restart", tid, None) run_and_log(rc, "service nutcracker restart", tid, None) if mock_server.os in ["CentOS 7", "RHEL 7"]: run_and_log(rc, "systemctl restart stunnel", tid, None) run_and_log(rc, "systemctl restart nutcracker", tid, None) rc.close()
def app_configuration(): """This view provides application configuration forms""" # create forms conf_form = AppConfigForm() sch_form = SchemaForm() config = AppConfiguration.query.first() schemafiles = os.listdir(app.config['SCHEMA_DIR']) conf_form.gluu_archive.choices = [ (f, os.path.split(f)[1]) for f in glob.glob( os.path.join(app.config['GLUU_REPO'], 'gluu-server-*')) ] # If the form is submitted and password for replication user was not # not supplied, make password "**dummy**", so don't change # what we have before #external_lb_checked = False external_lb_checked = conf_form.external_load_balancer.data if request.method == 'POST': if conf_form.gluu_version.data < '3.1.4': conf_form.use_ldap_cache.data = False if config and not conf_form.replication_pw.data.strip(): conf_form.replication_pw.validators = [] conf_form.replication_pw_confirm.validators = [] if conf_form.external_load_balancer.data: conf_form.nginx_ip.validators = [] print "OFFLINE", conf_form.offline.data, conf_form.gluu_archive.data if not conf_form.offline.data: del conf_form._fields['gluu_archive'] if not config: #del conf_form.replication_pw #del conf_form.replication_pw_confirm config = AppConfiguration() db.session.add(config) # If form is submitted and validated process it if conf_form.update.data and conf_form.validate_on_submit(): if config.replication_pw: new_replication_passwd = conf_form.replication_pw.data.strip() if conf_form.replication_pw.data: c = None server = Server.query.first() if server: c = RemoteClient(server.hostname, ip=server.ip) try: c.startup() except Exception as e: flash( "Can't establish SSH connection to {}. " "Replication password is not changed".format( server.hostname), "warning") if c: installer = Installer(c, config.gluu_version, server.os) cmd = ( '/opt/opendj/bin/ldappasswordmodify --bindDN ' '\'cn=Directory Manager\' --bindPassword $\'{}\' ' '--port 4444 --newPassword $\'{}\' --authzID ' '\'cn=admin,cn=Administrators,cn=admin data\' ' '--trustAll --useSSL'.format( server.ldap_password.replace("'", "\\'"), new_replication_passwd.replace("'", "\\'"), )) result = installer.run(cmd) if result[1].strip() == \ 'The LDAP password modify operation was successful': flash("Replication password is changed", "success") config.replication_pw = new_replication_passwd config.gluu_version = conf_form.gluu_version.data.strip() config.nginx_host = conf_form.nginx_host.data.strip() config.nginx_ip = conf_form.nginx_ip.data.strip() config.modify_hosts = conf_form.modify_hosts.data config.ldap_update_period = conf_form.ldap_update_period.data config.ldap_update_period_unit = 's' config.external_load_balancer = conf_form.external_load_balancer.data config.use_ldap_cache = conf_form.use_ldap_cache.data if conf_form.offline.data: config.offline = True config.gluu_archive = conf_form.gluu_archive.data else: config.offline = False config.gluu_archive = '' if getattr(conf_form, 'replication_pw'): if conf_form.replication_pw_confirm.data: config.replication_pw = conf_form.replication_pw.data.strip() config.gluu_version = conf_form.gluu_version.data.strip() db.session.commit() flash( "Gluu Cluster Manager application configuration has been " "updated.", "success") elif sch_form.upload.data and sch_form.validate_on_submit(): f = sch_form.schema.data filename = secure_filename(f.filename) if any(filename in s for s in schemafiles): name, extension = os.path.splitext(filename) matches = [s for s in schemafiles if name in s] filename = name + "_" + str(len(matches)) + extension f.save(os.path.join(app.config['SCHEMA_DIR'], filename)) schemafiles.append(filename) flash( "Schema: {0} has been uploaded sucessfully. " "Please edit slapd.conf of primary server and " "re-deploy all servers.".format(filename), "success") # request.method == GET gets processed here if config: conf_form.nginx_host.data = config.nginx_host conf_form.modify_hosts.data = config.modify_hosts conf_form.nginx_ip.data = config.nginx_ip conf_form.external_load_balancer.data = config.external_load_balancer conf_form.use_ldap_cache.data = config.use_ldap_cache conf_form.offline.data = config.offline service_status_update_period = config.ldap_update_period if service_status_update_period and config.ldap_update_period_unit != 's': service_status_update_period = service_status_update_period * 60 conf_form.ldap_update_period.data = str(service_status_update_period) #conf_form.use_ip.data = config.use_ip if config.gluu_version: conf_form.gluu_version.data = config.gluu_version if not config.id: conf_form.use_ldap_cache.data = True #create fake remote class that provides the same interface with RemoteClient fc = FakeRemote() #Getermine local OS type localos = get_os_type(fc) app.jinja_env.globals['use_ldap_cache'] = config.use_ldap_cache return render_template( 'app_config.html', cform=conf_form, sform=sch_form, config=config, schemafiles=schemafiles, localos=localos, external_lb_checked=external_lb_checked, repo_dir=app.config['GLUU_REPO'], next=request.args.get('next'), )
def __configure_stunnel(tid, server, stunnel_conf, chdir, setup_props=None): """Sets up Stunnel with given configuration, init or service scripts, SSL certificate ...etc., for use in a server :param tid: task id for log identification :param server: :object:`clustermgr.models.Server` where stunnel needs to be setup :param stunnel_conf: list of lines for the stunnel config file :param chdir: chroot directory to find out the setup.properties file and extract the required values to generate a SSL certificate :param setup_props: Optional - location of setup.properties file to get the details for SSL Cert generation for Stunnel :return: boolean status fo the operation """ wlogger.log(tid, "Setting up stunnel", "info", server_id=server.id) rc = __get_remote_client(server, tid) if not rc: wlogger.log(tid, "Stunnel setup failed", "error", server_id=server.id) return False if not server.os: server.os = get_os_type(rc) wlogger.log(tid, "Adding init/service scripts of boot time startup", "info", server_id=server.id) # replace the /etc/default/stunnel4 to enable start on system startup local = os.path.join(app.root_path, 'templates', 'stunnel', 'stunnel4.default') remote = '/etc/default/stunnel4' rc.upload(local, remote) if 'CentOS 6' == server.os: local = os.path.join(app.root_path, 'templates', 'stunnel', 'centos.init') remote = '/etc/rc.d/init.d/stunnel4' rc.upload(local, remote) rc.run("chmod +x {0}".format(remote)) if 'CentOS 7' == server.os or 'RHEL 7' == server.os: local = os.path.join(app.root_path, 'templates', 'stunnel', 'stunnel.service') remote = '/lib/systemd/system/stunnel.service' rc.upload(local, remote) rc.run("mkdir -p /var/log/stunnel4") wlogger.log(tid, "Setup auto-start on system boot", "info", server_id=server.id) run_and_log(rc, 'systemctl enable redis', tid, server.id) run_and_log(rc, 'systemctl enable stunnel', tid, server.id) # setup the certificate file wlogger.log(tid, "Generating certificate for stunnel ...", "debug", server_id=server.id) prop_buffer = StringIO() if setup_props: propsfile = setup_props else: propsfile = os.path.join(chdir, "install", "community-edition-setup", "setup.properties.last") rc.sftpclient.getfo(propsfile, prop_buffer) prop_buffer.seek(0) props = dict() def prop_in(string): return string.split("=")[1].strip() for line in prop_buffer: if re.match('^countryCode', line): props['country'] = prop_in(line) if re.match('^state', line): props['state'] = prop_in(line) if re.match('^city', line): props['city'] = prop_in(line) if re.match('^orgName', line): props['org'] = prop_in(line) if re.match('^hostname', line): props['cn'] = prop_in(line) if re.match('^admin_email', line): props['email'] = prop_in(line) subject = "'/C={country}/ST={state}/L={city}/O={org}/CN={cn}" \ "/emailAddress={email}'".format(**props) cert_path = "/etc/stunnel/server.crt" key_path = "/etc/stunnel/server.key" pem_path = "/etc/stunnel/cert.pem" cmd = ["/usr/bin/openssl", "req", "-subj", subject, "-new", "-newkey", "rsa:2048", "-sha256", "-days", "365", "-nodes", "-x509", "-keyout", key_path, "-out", cert_path] rc.run(" ".join(cmd)) rc.run("cat {cert} {key} > {pem}".format(cert=cert_path, key=key_path, pem=pem_path)) # verify certificate cin, cout, cerr = rc.run("/usr/bin/openssl verify " + pem_path) if props['cn'] in cout and props['org'] in cout: wlogger.log(tid, "Certificate generated successfully", "success", server_id=server.id) else: wlogger.log(tid, "/usr/bin/openssl verify " + pem_path, "debug") wlogger.log(tid, cerr, "cerror") wlogger.log(tid, "Certificate generation failed. Add a SSL " "certificate at /etc/stunnel/cert.pem", "error", server_id=server.id) # Generate stunnel config wlogger.log(tid, "Setup stunnel listening and forwarding", "debug", server_id=server.id) rc.put_file("/etc/stunnel/stunnel.conf", "\n".join(stunnel_conf)) return True
def setup_proxied(tid): """Configures the servers to use the Twemproxy installed in proxy server for Redis caching securely via stunnel. :param tid: task id for log identification :return: None """ servers = Server.query.filter(Server.redis.is_(True)).filter( Server.stunnel.is_(True)).all() appconf = AppConfiguration.query.first() chdir = "/opt/gluu-server-" + appconf.gluu_version stunnel_base_conf = [ "cert = /etc/stunnel/cert.pem", "pid = /var/run/stunnel.pid", "output = /var/log/stunnel4/stunnel.log" ] proxy_stunnel_conf = stunnel_base_conf twemproxy_servers = [] proxy_ip = socket.gethostbyname(appconf.nginx_host) primary = Server.query.filter(Server.primary_server.is_(True)).first() if not primary: wlogger.log(tid, "Primary Server is not setup yet. Cannot setup " "clustered caching.", "error") # Setup Stunnel and Redis in each server for server in servers: __update_LDAP_cache_method(tid, server, 'localhost:7000', 'STANDALONE') stunnel_conf = [ "[redis-server]", "client = no", "accept = {0}:7777".format(server.ip), "connect = 127.0.0.1:6379", "[twemproxy]", "client = yes", "accept = 127.0.0.1:7000", "connect = {0}:8888".format(proxy_ip) ] stunnel_conf = stunnel_base_conf + stunnel_conf status = __configure_stunnel(tid, server, stunnel_conf, chdir) if not status: continue # if the setup was successful add the server to the list of stunnel # clients in the proxy server configuration client_conf = [ "[client{0}]".format(server.id), "client = yes", "accept = 127.0.0.1:{0}".format(7000+server.id), "connect = {0}:7777".format(server.ip) ] proxy_stunnel_conf.extend(client_conf) twemproxy_servers.append(" - 127.0.0.1:{0}:1".format(7000+server.id)) wlogger.log(tid, "Configuring the proxy server ...") # Setup Stunnel in the proxy server mock_server = Server() mock_server.hostname = appconf.nginx_host mock_server.ip = proxy_ip rc = __get_remote_client(mock_server, tid) if not rc: wlogger.log(tid, "Couldn't connect to proxy server. Twemproxy setup " "failed.", "error") return mock_server.os = get_os_type(rc) # Download the setup.properties file from the primary server local = os.path.join(app.instance_path, "setup.properties") remote = os.path.join("/opt/gluu-server-"+appconf.gluu_version, "install", "community-edition-setup", "setup.properties.last") prc = __get_remote_client(primary, tid) prc.download(remote, local) prc.close() rc.upload(local, "/tmp/setup.properties") twem_server_conf = [ "[twemproxy]", "client = no", "accept = {0}:8888".format(proxy_ip), "connect = 127.0.0.1:2222" ] proxy_stunnel_conf.extend(twem_server_conf) status = __configure_stunnel(tid, mock_server, proxy_stunnel_conf, None, "/tmp/setup.properties") if not status: return False # Setup Twemproxy wlogger.log(tid, "Writing Twemproxy configuration") twemproxy_conf = [ "alpha:", " listen: 127.0.0.1:2222", " hash: fnv1a_64", " distribution: ketama", " auto_eject_hosts: true", " redis: true", " server_failure_limit: 2", " timeout: 400", " preconnect: true", " servers:" ] twemproxy_conf.extend(twemproxy_servers) remote = "/etc/nutcracker/nutcracker.yml" rc.put_file(remote, "\n".join(twemproxy_conf)) wlogger.log(tid, "Configuration complete", "success")
def wizard_step1(self): """Celery task that collects information about server. :param self: the celery task :return: the number of servers where both stunnel and redis were installed successfully """ tid = self.request.id wlogger.log(tid, "Analayzing Current Server") server = Server.query.filter_by(primary_server=True).first() app_conf = AppConfiguration.query.first() c = RemoteClient(server.hostname, ip=server.ip) try: c.startup() wlogger.log(tid, "SSH connection established", 'success') except: wlogger.log(tid, "Can't establish SSH connection", 'fail') wlogger.log(tid, "Ending analyzation of server.", 'error') return os_type = get_os_type(c) server.os = os_type wlogger.log(tid, "OS type was determined as {}".format(os_type), 'debug') gluu_version = None #Determine if a version of gluu server was installed. r = c.listdir("/opt") if r[0]: for s in r[1]: m = re.search( 'gluu-server-(?P<gluu_version>(\d+).(\d+).(\d+)(.\d+)?)$', s) if m: gluu_version = m.group("gluu_version") app_conf.gluu_version = gluu_version wlogger.log( tid, "Gluu version was determined as {}".format(gluu_version), 'debug') if not gluu_version: wlogger.log(tid, "Gluu server was not installed on this server", 'fail') wlogger.log(tid, "Ending analyzation of server.", 'error') return gluu_path = '/opt/gluu-server-{}'.format(gluu_version) server.gluu_server = True setup_properties_last = os.path.join( gluu_path, 'install/community-edition-setup/setup.properties.last') setup_properties_local = os.path.join(Config.DATA_DIR, 'setup.properties') result = c.download(setup_properties_last, setup_properties_local) prop = get_setup_properties() prop['hostname'] = app_conf.nginx_host write_setup_properties_file(prop) if not result.startswith('Download successful'): wlogger.log(tid, result, 'fail') wlogger.log(tid, "Ending analyzation of server.", 'error') return wlogger.log(tid, "setup.properties file was downloaded", 'debug') server.ldap_password = prop['ldapPass'] wlogger.log(tid, "LDAP Bind password was identifed", 'success') db.session.commit()
def install_cache_components(self, method): """Celery task that installs the redis, stunnel and twemproxy applications in the required servers. Redis and stunnel are installed in all the servers in the cluster. Twemproxy is installed in the load-balancer/proxy server :param self: the celery task :param method: either STANDALONE, SHARDED :return: the number of servers where both stunnel and redis were installed successfully """ tid = self.request.id installed = 0 servers = Server.query.all() for server in servers: wlogger.log(tid, "Installing Redis in server {0}".format( server.hostname), "info", server_id=server.id) ri = RedisInstaller(server, tid) redis_installed = ri.install() if redis_installed: server.redis = True wlogger.log(tid, "Redis install successful", "success", server_id=server.id) else: server.redis = False wlogger.log(tid, "Redis install failed", "fail", server_id=server.id) wlogger.log(tid, "Installing Stunnel", "info", server_id=server.id) si = StunnelInstaller(server, tid) stunnel_installed = si.install() if stunnel_installed: server.stunnel = True wlogger.log(tid, "Stunnel install successful", "success", server_id=server.id) else: server.stunnel = False wlogger.log(tid, "Stunnel install failed", "fail", server_id=server.id) # Save the redis and stunnel install situation to the db db.session.commit() if redis_installed and stunnel_installed: installed += 1 if method != 'STANDALONE': # No need to install twemproxy for "SHARDED" configuration return True # Install twemproxy in the Nginx load balancing proxy server app_conf = AppConfiguration.query.first() host = app_conf.nginx_host rc = RemoteClient(host) try: rc.startup() except Exception as e: wlogger.log(tid, "Could not connect to {0}".format(e), "error") return False server_os = get_os_type(rc) mock_server = Server() mock_server.hostname = host wlogger.log(tid, "Installing Stunnel in proxy server") si = StunnelInstaller(mock_server, tid) stunnel_installed = si.install() if stunnel_installed: wlogger.log(tid, "Stunnel install successful", "success") else: wlogger.log(tid, "Stunnel install failed", "fail") wlogger.log(tid, "Cluster manager will now try to build Twemproxy") # 1. Setup the development tools for installation if server_os in ["Ubuntu 16", "Ubuntu 14"]: run_and_log(rc, "apt-get update", tid) run_and_log(rc, "apt-get install -y build-essential autoconf libtool", tid) elif server_os in ["CentOS 6", "CentOS 7", "RHEL 7"]: run_and_log(rc, "yum install -y wget", tid) run_and_log(rc, "yum groupinstall -y 'Development tools'", tid) if server_os == "CentOS 6": run_and_log(rc, "wget http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz", tid) run_and_log(rc, "tar xvfvz autoconf-2.69.tar.gz", tid) run_and_log(rc, "cd autoconf-2.69 && ./configure", tid) run_and_log(rc, "cd autoconf-2.69 && make", tid) run_and_log(rc, "cd autoconf-2.69 && make install", tid) # 2. Get the source, build & install the nutcracker binaries run_and_log(rc, "wget https://github.com/twitter/twemproxy/archive/v0.4.1.tar.gz", tid) run_and_log(rc, "tar -xf v0.4.1.tar.gz", tid) run_and_log(rc, "cd twemproxy-0.4.1", tid) run_and_log(rc, "cd twemproxy-0.4.1 && autoreconf -fvi", tid) run_and_log(rc, "cd twemproxy-0.4.1 && ./configure --prefix=/usr", tid) run_and_log(rc, "cd twemproxy-0.4.1 && make", tid) run_and_log(rc, "cd twemproxy-0.4.1 && make install", tid) # 3. Post installation - setup user and logging run_and_log(rc, "useradd nutcracker", tid) run_and_log(rc, "mkdir /var/log/nutcracker", tid) run_and_log(rc, "touch /var/log/nutcracker/nutcracker.log", tid) run_and_log(rc, "chown -R nutcracker:nutcracker /var/log/nutcracker", tid) logrotate_conf = ["/var/log/nutcracker/nutcracker*.log {", "\tweekly", "\tmissingok", "\trotate 12", "\tcompress", "\tnotifempty", "}"] rc.put_file("/etc/logrotate.d/nutcracker", "\n".join(logrotate_conf)) # 4. Add init/service scripts to run nutcracker as a service if server_os in ["Ubuntu 16", "CentOS 7", "RHEL 7"]: local = os.path.join(app.root_path, "templates", "twemproxy", "twemproxy.service") remote = "/lib/systemd/system/nutcracker.service" rc.upload(local, remote) run_and_log(rc, "systemctl enable nutcracker", tid, None) elif server_os == "Ubuntu 14": local = os.path.join(app.root_path, "templates", "twemproxy", "nutcracker.init") remote = "/etc/init.d/nutcracker" rc.upload(local, remote) run_and_log(rc, 'chmod +x /etc/init.d/nutcracker', tid) run_and_log(rc, "update-rc.d nutcracker defaults", tid) elif server_os == "CentOS 6": local = os.path.join(app.root_path, "templates", "twemproxy", "nutcracker.centos.init") remote = "/etc/rc.d/init.d/nutcracker" rc.upload(local, remote) run_and_log(rc, "chmod +x /etc/init.d/nutcracker", tid) run_and_log(rc, "chkconfig --add nutcracker", tid) run_and_log(rc, "chkconfig nutcracker on", tid) # 5. Create the default configuration file referenced in the init scripts run_and_log(rc, "mkdir -p /etc/nutcracker", tid) run_and_log(rc, "touch /etc/nutcracker/nutcracker.yml", tid) rc.close() return installed
def install_local(self): """Celery task that installs monitoring components of local machine. :param self: the celery task :return: the number of servers where both stunnel and redis were installed successfully """ tid = self.request.id servers = Server.query.all() #create fake remote class that provides the same interface with RemoteClient fc = FakeRemote() #Getermine local OS type localos = get_os_type(fc) wlogger.log(tid, "Local OS was determined as {}".format(localos), "success", server_id=0) if not localos == 'Alpine': wlogger.log(tid, "Installing InfluxDB and Python client", "info", server_id=0) #commands to install influxdb on local machine for each OS type if 'Ubuntu' in localos: influx_cmd = [ 'DEBIAN_FRONTEND=noninteractive sudo apt-get update', 'DEBIAN_FRONTEND=noninteractive sudo apt-get install -y curl', 'curl -sL https://repos.influxdata.com/influxdb.key | ' 'sudo apt-key add -' ] if '14' in localos: influx_cmd.append( 'echo "deb https://repos.influxdata.com/ubuntu ' 'trusty stable" | sudo tee ' '/etc/apt/sources.list.d/influxdb.list') elif '16' in localos: influx_cmd.append( 'echo "deb https://repos.influxdata.com/ubuntu ' 'xenial stable" | sudo tee ' '/etc/apt/sources.list.d/influxdb.list') influx_cmd += [ 'DEBIAN_FRONTEND=noninteractive sudo apt-get update', 'DEBIAN_FRONTEND=noninteractive sudo apt-get install influxdb', 'sudo service influxdb start', 'sudo pip install influxdb', 'sudo pip install psutil', ] elif 'Debian' in localos: influx_cmd = [ 'DEBIAN_FRONTEND=noninteractive sudo apt-get update', 'DEBIAN_FRONTEND=noninteractive sudo apt-get install -y curl', 'curl -sL https://repos.influxdata.com/influxdb.key | ' 'sudo apt-key add -' ] if '7' in localos: influx_cmd.append( 'echo "deb https://repos.influxdata.com/' 'debian wheezy stable" | sudo tee /etc/apt/sources.list.d/' 'influxdb.list') elif '8' in localos: influx_cmd.append( 'echo "deb https://repos.influxdata.com/' 'debian jessie stable" | sudo tee /etc/apt/sources.list.d/' 'influxdb.list') influx_cmd += [ 'sudo apt-get update', 'sudo apt-get -y remove influxdb', 'DEBIAN_FRONTEND=noninteractive sudo apt-get -y install influxdb', 'sudo service influxdb start', 'sudo pip install influxdb', 'sudo pip install psutil', ] elif localos == 'CentOS 7': influx_cmd = [ 'sudo yum install -y epel-release', 'sudo yum repolist', 'sudo yum install -y curl', 'cat <<EOF | sudo tee /etc/yum.repos.d/influxdb.repo\n' '[influxdb]\n' 'name = InfluxDB Repository - RHEL \$releasever\n' 'baseurl = https://repos.influxdata.com/rhel/\$releasever/\$basearch/stable\n' 'enabled = 1\n' 'gpgcheck = 1\n' 'gpgkey = https://repos.influxdata.com/influxdb.key\n' 'EOF', 'sudo yum remove -y influxdb', 'sudo yum install -y influxdb', 'sudo service influxdb start', 'sudo pip install psutil', ] #run commands to install influxdb on local machine for cmd in influx_cmd: result = fc.run(cmd) rtext = "\n".join(result) if rtext.strip(): wlogger.log(tid, rtext, "debug", server_id=0) err = False if result[2].strip(): if not "pip install --upgrade pip" in result[2]: wlogger.log(tid, "An error occurrued while executing " "{}: {}".format(cmd, result[2]), "error", server_id=0) err = True if not err: wlogger.log(tid, "Command was run successfully: {}".format(cmd), "success", server_id=0) wlogger.log( tid, "Fixing /etc/influxdb/influxdb.conf for InfluxDB listen localhost", server_id=0) fc.run('sudo /etc/init.d/influxdb stop') fix_influxdb_config() fc.run('sudo /etc/init.d/influxdb start') #wait influxdb to start time.sleep(10) #Statistics will be written to 'gluu_monitoring' on local influxdb server, #so we should crerate it. try: client = InfluxDBClient( host='localhost', port=8086, ) client.create_database('gluu_monitoring') wlogger.log(tid, "InfluxDB database 'gluu_monitoring was created", "success", server_id=0) except Exception as e: wlogger.log(tid, "An error occurred while creating InfluxDB database " "'gluu_monitoring': {}".format(e), "fail", server_id=0) #Flag database that configuration is done for local machine app_config = AppConfiguration.query.first() app_config.monitoring = True db.session.commit() return True
def remove_monitoring(self, local_id): """Celery task that removes monitoring components to remote server. :param self: the celery task :return: wether monitoring were removed successfully """ tid = self.request.id installed = 0 servers = Server.query.all() app_config = AppConfiguration.query.first() for server in servers: # 1. Make SSH Connection to the remote server wlogger.log(tid, "Making SSH connection to the server {0}".format( server.hostname), "info", server_id=server.id) c = RemoteClient(server.hostname, ip=server.ip) try: c.startup() except Exception as e: wlogger.log(tid, "Cannot establish SSH connection {0}".format(e), "warning", server_id=server.id) wlogger.log(tid, "Ending server setup process.", "error", server_id=server.id) return False # 2. remove monitoring directory result = c.run('rm -r /var/monitoring/') ctext = "\n".join(result) if ctext.strip(): wlogger.log(tid, ctext, "debug", server_id=server.id) wlogger.log(tid, "Directory /var/monitoring/ directory " "were removed", "success", server_id=server.id) # 3. remove crontab entry to collect data in every 5 minutes c.run('rm /etc/cron.d/monitoring') wlogger.log(tid, "Crontab entry was removed", "info", server_id=server.id) if ('CentOS' in server.os) or ('RHEL' in server.os): package_cmd = ['service crond restart'] else: package_cmd = [ 'service cron restart', ] # 4. Executing commands wlogger.log(tid, "Restarting crontab", "info", server_id=server.id) for cmd in package_cmd: result = c.run(cmd) rtext = "\n".join(result) if rtext.strip(): wlogger.log(tid, rtext, "debug", server_id=server.id) server.monitoring = False # 5. Remove local settings #create fake remote class that provides the same interface with RemoteClient fc = FakeRemote() #Getermine local OS type localos = get_os_type(fc) if 'Ubuntu' or 'Debian' in localos: influx_cmd = [ 'sudo apt-get -y remove influxdb', ] elif localos == 'CentOS 7': influx_cmd = [ 'sudo yum remove -y influxdb', ] #run commands to install influxdb on local machine for cmd in influx_cmd: result = fc.run(cmd) rtext = "\n".join(result) if rtext.strip(): wlogger.log(tid, rtext, "debug", server_id=local_id) #Flag database that configuration is done for local machine app_config = AppConfiguration.query.first() app_config.monitoring = False db.session.commit() return True
def wizard_step1(self): """Celery task that collects information about server. :param self: the celery task :return: the number of servers where both stunnel and redis were installed successfully """ tid = self.request.id wlogger.log(tid, "Analayzing Current Server") server = Server.query.filter_by(primary_server=True).first() app_conf = AppConfiguration.query.first() c = RemoteClient(server.hostname, ip=server.ip) try: c.startup() wlogger.log(tid, "SSH connection established", 'success') except: wlogger.log(tid, "Can't establish SSH connection",'fail') wlogger.log(tid, "Ending analyzation of server.", 'error') return os_type = get_os_type(c) server.os = os_type wlogger.log(tid, "OS type was determined as {}".format(os_type), 'debug') gluu_path_version = None oxauth_version = None #Determine if a version of gluu server was installed. r = c.listdir("/opt") if r[0]: for s in r[1]: m=re.search('gluu-server-(?P<gluu_version>(\d+).(\d+).(\d+)(.\d+)?)$',s) if m: gluu_path_version = m.group("gluu_version") wlogger.log(tid, "Gluu path was determined as gluu-server-{}".format( gluu_path_version), 'debug') oxauth_path = '/opt/gluu-server-{0}/opt/gluu/jetty/oxauth/webapps/oxauth.war'.format(gluu_path_version) try: result = c.run('''python -c "import zipfile;zf=zipfile.ZipFile('{}','r');print zf.read('META-INF/MANIFEST.MF')"'''.format(oxauth_path)) menifest = result[1] for l in menifest.split('\n'): ls = l.strip() if 'Implementation-Version:' in ls: version = ls.split(':')[1].strip() oxauth_version = '.'.join(version.split('.')[:3]) wlogger.log(tid, "oxauth version was determined as {}".format( oxauth_version), 'debug') app_conf.gluu_version = oxauth_version break except: pass if not oxauth_version: wlogger.log(tid, "Error determining oxauth version.", 'debug') wlogger.log(tid, "Setting gluu version to path version", 'debug') app_conf.gluu_version = gluu_path_version if not gluu_path_version: wlogger.log(tid, "Gluu server was not installed on this server",'fail') wlogger.log(tid, "Ending analyzation of server.", 'error') return gluu_path = '/opt/gluu-server-{}'.format(gluu_path_version) server.gluu_server = True setup_properties_last = os.path.join(gluu_path, 'install/community-edition-setup/setup.properties.last') setup_properties_local = os.path.join(Config.DATA_DIR, 'setup.properties') result = c.download(setup_properties_last, setup_properties_local) prop = get_setup_properties() prop['hostname'] = app_conf.nginx_host write_setup_properties_file(prop) if not result.startswith('Download successful'): wlogger.log(tid, result,'fail') wlogger.log(tid, "Ending analyzation of server.", 'error') return wlogger.log(tid, "setup.properties file was downloaded", 'debug') server.ldap_password = prop['ldapPass'] wlogger.log(tid, "LDAP Bind password was identifed", 'success') db.session.commit()
def setup_proxied(tid, server_id_list): """Configures the servers to use the Twemproxy installed in proxy server for Redis caching securely via stunnel. :param tid: task id for log identification :return: None """ servers = [] for server_id in server_id_list: qserver = Server.query.filter(Server.redis.is_(True)).filter( Server.stunnel.is_(True)).filter(Server.id.is_(server_id)).first() if qserver: servers.append(qserver) appconf = AppConfiguration.query.first() chdir = "/opt/gluu-server-" + appconf.gluu_version if appconf.external_load_balancer: cache_ip = appconf.cache_ip else: cache_ip = appconf.nginx_ip primary = Server.query.filter(Server.primary_server.is_(True)).first() if not primary: wlogger.log( tid, "Primary Server is not setup yet. Cannot setup " "clustered caching.", "error") # Setup Stunnel and Redis in each server for server in servers: #Since replication is active, we only need to update on primary server if server.primary_server: __update_LDAP_cache_method(tid, server, 'localhost:7000', 'STANDALONE') stunnel_conf = [ "cert = /etc/stunnel/cert.pem", "pid = /var/run/stunnel.pid", "output = /var/log/stunnel4/stunnel.log", "[redis-server]", "client = no", "accept = {0}:7777".format(server.ip), "connect = 127.0.0.1:6379", "[twemproxy]", "client = yes", "accept = 127.0.0.1:7000", "connect = {0}:8888".format(cache_ip) ] status = __configure_stunnel(tid, server, stunnel_conf, chdir) if not status: continue wlogger.log(tid, "Configuring the cahce server ...") # Setup Stunnel in the proxy server mock_server = Server() if appconf.external_load_balancer: mock_server.hostname = appconf.cache_host mock_server.ip = appconf.cache_ip else: mock_server.hostname = appconf.nginx_host mock_server.ip = appconf.nginx_ip rc = __get_remote_client(mock_server, tid) if not rc: wlogger.log( tid, "Couldn't connect to proxy server. Twemproxy setup " "failed.", "error") return mock_server.os = get_os_type(rc) if rc.exists('/usr/bin/redis-server') or rc.exists('/bin/redis-server'): wlogger.log( tid, "Redis was already installed on server {0}".format( mock_server.hostname), "info") else: wlogger.log( tid, "Installing Redis in server {0}".format(mock_server.hostname), "info") ri = RedisInstaller(mock_server, tid) redis_installed = ri.install() if redis_installed: mock_server.redis = True wlogger.log(tid, "Redis install successful", "success") else: mock_server.redis = False wlogger.log(tid, "Redis install failed", "fail") # Download the setup.properties file from the primary server local = os.path.join(app.instance_path, "setup.properties") remote = os.path.join("/opt/gluu-server-" + appconf.gluu_version, "install", "community-edition-setup", "setup.properties.last") prc = __get_remote_client(primary, tid) prc.download(remote, local) prc.close() rc.upload(local, "/tmp/setup.properties") proxy_stunnel_conf = make_proxy_stunnel_conf() status = __configure_stunnel(tid, mock_server, proxy_stunnel_conf, None, "/tmp/setup.properties") if not status: return False # Setup Twemproxy wlogger.log(tid, "Writing Twemproxy configuration") twemproxy_conf = make_twem_proxy_conf() remote = "/etc/nutcracker/nutcracker.yml" rc.put_file(remote, twemproxy_conf) run_command(tid, rc, 'service nutcracker restart') wlogger.log(tid, "Configuration complete", "success")
def install_cache_components(self, method, server_id_list): """Celery task that installs the redis, stunnel and twemproxy applications in the required servers. Redis and stunnel are installed in all the servers in the cluster. Twemproxy is installed in the load-balancer/proxy server :param self: the celery task :param method: either STANDALONE, SHARDED :return: the number of servers where both stunnel and redis were installed successfully """ tid = self.request.id installed = 0 servers = [] for server_id in server_id_list: server = Server.query.get(server_id) ri = RedisInstaller(server, tid) ri.rc.startup() if ri.rc.exists('/usr/bin/redis-server') or ri.rc.exists( '/bin/redis-server'): server.redis = True redis_installed = 1 wlogger.log(tid, "Redis was already installed on server {0}".format( server.hostname), "info", server_id=server.id) else: wlogger.log(tid, "Installing Redis in server {0}".format( server.hostname), "info", server_id=server.id) redis_installed = ri.install() if redis_installed: server.redis = True wlogger.log(tid, "Redis install successful", "success", server_id=server.id) else: server.redis = False wlogger.log(tid, "Redis install failed", "fail", server_id=server.id) si = StunnelInstaller(server, tid) si.rc.startup() if si.rc.exists('/usr/bin/stunnel') or si.rc.exists('/bin/stunnel'): wlogger.log(tid, "Stunnel was allready installed", "info", server_id=server.id) server.stunnel = True stunnel_installed = 1 else: wlogger.log(tid, "Installing Stunnel", "info", server_id=server.id) stunnel_installed = si.install() if stunnel_installed: server.stunnel = True wlogger.log(tid, "Stunnel install successful", "success", server_id=server.id) else: server.stunnel = False wlogger.log(tid, "Stunnel install failed", "fail", server_id=server.id) # Save the redis and stunnel install situation to the db if redis_installed and stunnel_installed: installed += 1 db.session.commit() if method != 'STANDALONE': # No need to install twemproxy for "SHARDED" configuration return True # Install twemproxy in the Nginx load balancing proxy server app_conf = AppConfiguration.query.first() mock_server = Server() if app_conf.external_load_balancer: mock_server.hostname = app_conf.cache_host mock_server.ip = app_conf.cache_ip else: mock_server.hostname = app_conf.nginx_host mock_server.ip = app_conf.nginx_ip rc = RemoteClient(mock_server.hostname) try: rc.startup() except Exception as e: wlogger.log(tid, "Could not connect to {0}".format(e), "error") return False server_os = get_os_type(rc) si = StunnelInstaller(mock_server, tid) si.rc.startup() stunnel_installed = 0 if si.rc.exists('/usr/bin/stunnel') or si.rc.exists('/bin/stunnel'): wlogger.log(tid, "Stunnel was already installed on cache server") stunnel_installed = 1 else: wlogger.log(tid, "Installing Stunnel in cache server") stunnel_installed = si.install() if stunnel_installed: wlogger.log(tid, "Stunnel install successful", "success") else: wlogger.log(tid, "Stunnel install failed", "fail") print rc.exists('/usr/sbin/nutcracker') if not rc.exists('/usr/sbin/nutcracker'): wlogger.log(tid, "Installing Twemproxy") # 1. Setup the development tools for installation if server_os == "Ubuntu 14": run_and_log(rc, "apt-get update", tid) run_and_log( rc, 'wget http://ftp.debian.org/debian/pool/main/n/nutcracker/nutcracker_0.4.0+dfsg-1_amd64.deb -O /tmp/nutcracker_0.4.0+dfsg-1_amd64.deb', tid) run_and_log(rc, "dpkg -i /tmp/nutcracker_0.4.0+dfsg-1_amd64.deb", tid) elif server_os == "Ubuntu 16": run_and_log(rc, "apt-get update", tid) run_and_log( rc, "DEBIAN_FRONTEND=noninteractive apt-get install -y nutcracker", tid) elif server_os in ["CentOS 7", "RHEL 7"]: run_and_log( rc, 'yum install -y https://raw.githubusercontent.com/mbaser/gluu/master/nutcracker-0.4.1-1.gluu.centos7.x86_64.rpm', tid) run_and_log(rc, 'chkconfig nutcracker on', tid) elif server_os in ['CentOS 6', 'RHEL 6']: run_and_log( rc, 'yum install -y https://raw.githubusercontent.com/mbaser/gluu/master/nutcracker-0.4.1-1.gluu.centos6.x86_64.rpm', tid) run_and_log(rc, 'chkconfig nutcracker on', tid) # 5. Create the default configuration file referenced in the init scripts #run_and_log(rc, "mkdir -p /etc/nutcracker", tid) run_and_log(rc, "touch /etc/nutcracker/nutcracker.yml", tid) else: wlogger.log(tid, "Twemproxy was already installed on cache server") rc.close() return installed