def rsync_mountpoints(src_inst, src_vol, src_mnt, dst_inst, dst_vol, dst_mnt, encr=False): """Run `rsync` against mountpoints, copy disk label. :param src_inst: source instance; :param src_vol: source volume with label that will be copied to dst_vol; :param src_mnt: root or directory hierarchy to replicate; :param dst_inst: destination instance; :param dst_vol: destination volume, that will be marked with label from src_vol; :param dst_mnt: destination point where source hierarchy to place; :param encr: True if volume is encrypted; :type encr: bool.""" src_key_filename = config.get(src_inst.region.name, 'KEY_FILENAME') dst_key_filename = config.get(dst_inst.region.name, 'KEY_FILENAME') with config_temp_ssh(dst_inst.connection) as key_file: with settings(host_string=dst_inst.public_dns_name, key_filename=dst_key_filename): wait_for_sudo('cp /root/.ssh/authorized_keys ' '/root/.ssh/authorized_keys.bak') pub_key = local('ssh-keygen -y -f {0}'.format(key_file), True) append('/root/.ssh/authorized_keys', pub_key, use_sudo=True) if encr: sudo('screen -d -m sh -c "nc -l 60000 | gzip -dfc | ' 'sudo dd of={0} bs=16M"' .format(get_vol_dev(dst_vol)), pty=False) # dirty magick dst_ip = sudo( 'curl http://169.254.169.254/latest/meta-data/public-ipv4') with settings(host_string=src_inst.public_dns_name, key_filename=src_key_filename): put(key_file, '.ssh/', mirror_local_mode=True) dst_key_filename = os.path.split(key_file)[1] if encr: sudo('(dd if={0} bs=16M | gzip -cf --fast | nc -v {1} 60000)' .format(get_vol_dev(src_vol), dst_ip)) else: cmd = ( 'rsync -e "ssh -i .ssh/{key_file} -o ' 'StrictHostKeyChecking=no" -cahHAX --delete --inplace ' '--exclude /root/.bash_history ' '--exclude /home/*/.bash_history ' '--exclude /etc/ssh/moduli --exclude /etc/ssh/ssh_host_* ' '--exclude /etc/udev/rules.d/*persistent-net.rules ' '--exclude /var/lib/ec2/* --exclude=/mnt/* ' '--exclude=/proc/* --exclude=/tmp/* ' '{src_mnt}/ root@{rhost}:{dst_mnt}') wait_for_sudo(cmd.format( rhost=dst_inst.public_dns_name, dst_mnt=dst_mnt, key_file=dst_key_filename, src_mnt=src_mnt)) label = sudo('e2label {0}'.format(get_vol_dev(src_vol))) with settings(host_string=dst_inst.public_dns_name, key_filename=dst_key_filename): if not encr: sudo('e2label {0} {1}'.format(get_vol_dev(dst_vol), label)) wait_for_sudo('mv /root/.ssh/authorized_keys.bak ' '/root/.ssh/authorized_keys') wait_for_sudo('sync', shell=False) wait_for_sudo('for i in {1..20}; do sync; sleep 1; done &')
def attach_snap_to_inst(inst, snap): """Cleanup volume(s).""" wait_for(inst, 'running') try: vol, volumes = force_snap_attach(inst, snap) if encr: mnt = None else: mnt = mount_volume(vol) yield vol, mnt except BaseException as err: logger.exception(str(err)) raise finally: key_filename = config.get(inst.region.name, 'KEY_FILENAME') with settings(host_string=inst.public_dns_name, key_filename=key_filename): if not encr: try: wait_for_sudo('umount {0}'.format(mnt)) except: pass for vol in volumes: if vol.status != 'available': vol.detach(force=True) wait_for(vol, 'available', limit=DETACH_TIME) logger.info('Deleting {vol} in {vol.region}.'.format(vol=vol)) vol.delete()
def freeze_volume(): key_filename = config.get(inst.region.name, 'KEY_FILENAME') try: _user = config.get('SYNC', 'USERNAME') except: _user = username with settings(host_string=inst.public_dns_name, key_filename=key_filename, user=_user): wait_for_sudo('sync', shell=False) run('for i in {1..20}; do sudo sync; sleep 1; done &')
def freeze_volume(): key_filename = config.get(inst.region.name, 'KEY_FILENAME') try: _user = config.get('SYNC', 'USERNAME') except: _user = USERNAME with settings(host_string=inst.public_dns_name, key_filename=key_filename, user=_user): wait_for_sudo('sync', shell=False) run('for i in {1..20}; do sudo sync; sleep 1; done &')
def mount_volume(vol, mkfs=False): """Mount the device by SSH. Return mountpoint on success. vol volume to be mounted on the instance it is attached to.""" wait_for(vol, 'attached', ['attach_data', 'status']) inst = get_inst_by_id(vol.region.name, vol.attach_data.instance_id) key_filename = config.get(vol.region.name, 'KEY_FILENAME') with settings(host_string=inst.public_dns_name, key_filename=key_filename): dev = get_vol_dev(vol) mountpoint = dev.replace('/dev/', '/media/') wait_for_sudo('mkdir -p {0}'.format(mountpoint)) if mkfs: sudo('mkfs.ext3 {dev}'.format(dev=dev)) sudo('mount {dev} {mnt}'.format(dev=dev, mnt=mountpoint)) if mkfs: sudo('chown -R {user}:{user} {mnt}'.format(user=env.user, mnt=mountpoint)) logger.debug('Mounted {0} to {1} at {2}'.format(vol, inst, mountpoint)) return mountpoint
def make_encrypted_ubuntu(host_string, key_filename, user, architecture, dev, name, release, pw1, pw2): with settings(host_string=host_string, user=user, key_filename=key_filename): data = '/home/' + user + '/data' page = 'https://uec-images.ubuntu.com/releases/' \ + release + '/release/' image = release + '-server-uec-' + architecture + '.img' bootlabel = "bootfs" def check(message, program, sums): with hide('running', 'stdout'): options = '--keyring=' + data + '/encrypted_root/uecimage.gpg' logger.info('{0}'.format(message)) sudo('curl -fs "{page}/{sums}.gpg" > "{data}/{sums}.gpg"' .format(page=page, sums=sums, data=data)) try: sudo('curl -fs "{page}/{sums}" > "{data}/{sums}"' .format(page=page, sums=sums, data=data)) except: logger.exception('N/A') try: sudo('gpgv {options} "{data}/{sums}.gpg" ' '"{data}/{sums}" 2> /dev/null' .format(options=options, sums=sums, data=data)) except: logger.exception('Evil.') try: sudo('grep "{file}" "{data}/{sums}" | (cd {data};' ' {program} --check --status)' .format(file=file, sums=sums, data=data, program=program)) except: logger.exception('Failed.') logger.info('Ok') with hide('running', 'stdout'): while pw1 == pw2: pw1 = prompt('Type in first password for enryption: ') pw2 = prompt('Type in second password for enryption: ') if pw1 == pw2: logger.info('\nPasswords can\'t be the same.\n') logger.info('Installing cryptsetup.....') wait_for_sudo('apt-get -y install cryptsetup') sudo('mkdir -p {0}'.format(data)) try: logger.info('Downloading releases list.....') sudo('curl -fs "{0}" > "{1}/release.html"'.format(page, data)) except: logger.exception('Invalid system: {0}'.format(release)) logger.info('Uploading uecimage.gpg.....') encr_root = resource_stream(pkg_name, 'encrypted_root.tar.gz') put(encr_root, data + '/encrypted_root.tar.gz', use_sudo=True, mirror_local_mode=True) sudo('cd {data}; tar -xf {data}/encrypted_root.tar.gz' .format(data=data)) file = sudo('pattern=\'<a href="([^"]*-{arch}\.tar\.gz)">' '\\1</a>\'; perl -ne "m[$pattern] && "\'print "$1\\n' '"\' "{data}/release.html"' .format(data=data, arch=architecture)) logger.info('Downloading ubuntu image.....') sudo('wget -P "{data}" "{page}{file}"' .format(data=data, page=page, file=file)) check('Checking SHA256...', 'sha256sum', 'SHA256SUMS') check('Checking SHA1.....', 'sha1sum', 'SHA1SUMS') check('Checking MD5......', 'md5sum', 'MD5SUMS') work = sudo('mktemp --directory') sudo('touch {work}/{image}'.format(work=work, image=image)) logger.info('Unpacking ubuntu image.....') sudo('tar xfz "{data}/{file}" -C "{work}" {image}' .format(data=data, file=file, work=work, image=image)) sudo('mkdir "{work}/ubuntu"'.format(work=work)) logger.info('Mounting ubuntu image to working directory.....') sudo('mount -o loop,ro "{work}/{image}" "{work}/ubuntu"' .format(image=image, work=work)) logger.info('Creating separate boot volume.....') sudo('echo -e "0 1024 83 *\n;\n" | /sbin/sfdisk -uM {dev}' .format(dev=dev)) logger.info('Formatting boot volume.....') sudo('/sbin/mkfs -t ext3 -L "{bootlabel}" "{dev}1"' .format(bootlabel=bootlabel, dev=dev)) sudo('touch {work}/pw2.txt | echo -n {pw1} > "{work}/pw1.txt" | ' 'chmod 700 "{work}/pw1.txt"' .format(pw1=pw1, work=work)) sudo('touch {work}/pw2.txt | echo -n {pw2} > "{work}/pw2.txt" | ' 'chmod 700 "{work}/pw2.txt"' .format(pw2=pw2, work=work)) logger.info('Creating luks encrypted volume.....') sudo('cryptsetup luksFormat -q --key-size=256 {dev}2 "{work}/' 'pw1.txt"'.format(dev=dev, work=work)) logger.info('Adding second key to encrypted volume.....') sudo('cryptsetup luksAddKey -q --key-file="{work}/pw1.txt" ' '{dev}2 "{work}/pw2.txt"'.format(work=work, dev=dev)) logger.info('Opening luks encrypted volume.....') sudo('cryptsetup luksOpen --key-file="{work}/pw1.txt" ' '{dev}2 {name}'.format(work=work, dev=dev, name=name)) sudo('shred --remove "{work}/pw1.txt"; shred --remove' ' "{work}/pw2.txt"'.format(work=work)) fs_type = sudo('df -T "{work}/ubuntu" | tail -1 | cut -d " " -f 5' .format(work=work)) logger.info('Creating filesystem on luks encrypted volume.....') sudo('mkfs -t {fs_type} "/dev/mapper/{name}"' .format(fs_type=fs_type, name=name)) sudo('/sbin/e2label "/dev/mapper/{name}" "uec-rootfs"' .format(name=name)) logger.info('Mounting luks encrypted volume.....') sudo('mkdir -p "{work}/root"; mount /dev/mapper/{name}' ' "{work}/root"'.format(work=work, name=name)) logger.info('Starting syncronisation of working dir with image') sudo('rsync --archive --hard-links "{work}/ubuntu/"' ' "{work}/root/"'.format(work=work)) boot_device = 'LABEL=' + bootlabel root_device = 'UUID=$(cryptsetup luksUUID ' + dev + '2)' sudo('mkdir "{work}/boot"; mount "{dev}1" "{work}/boot"' .format(work=work, dev=dev)) sudo('rsync --archive "{work}/root/boot/" "{work}/boot"' .format(work=work)) sudo('rm -rf "{work}/root/boot/"*'.format(work=work)) sudo('mount --move "{work}/boot" "{work}/root/boot"' .format(work=work)) sudo('echo "{boot_device} /boot ext3" >> "{work}/root/etc/fstab"' .format(boot_device=boot_device, work=work)) sudo('sed -i -e \'s/(hd0)/(hd0,0)/\' "{work}/root/boot/grub/menu.' 'lst"'.format(work=work)) bozo_target = work + '/root/etc/initramfs-tools/boot' sudo('mkdir -p {bozo_target}'.format(bozo_target=bozo_target)) logger.info('Copying files for preboot web-auth.....') sudo('cp {data}/encrypted_root/cryptsetup ' '{work}/root/etc/initramfs-tools/hooks/cryptsetup' .format(data=data, work=work)) places = {'data': data, 'bozo_target': bozo_target} for file_ in ['boot.key', 'boot.crt', 'cryptsetup.sh', 'index.html', 'activate.cgi', 'hiding.gif', 'make_bozo_dir.sh']: sudo('cp {data}/encrypted_root/{file} {bozo_target}/{file}' .format(file=file_, **places)) logger.info('Modifying scripts to match our volumes.....') sudo('sed -i "s/\/dev\/sda2/{root_device}/" ' '{work}/root/etc/initramfs-tools/hooks/cryptsetup'.format( root_device=root_device, work=work)) sudo('mkdir -p "{work}/root/etc/ec2"'.format(work=work)) if release == 'lucid': logger.info('Adding apt entries for lucid.....') listfile = work + '/root/etc/apt/sources.list' sudo('grep "lucid main" {listfile} | sed "' 's/lucid/maverick/g" >> {work}/root/etc/' 'apt/sources.list.d/bozohttpd.list' .format(listfile=listfile, work=work)) sudo('echo -e "Package: *\nPin: release a=lucid\nPin-Priority:' ' 600\n\nPackage: bozohttpd\nPin: release a=maverick\n' 'Pin-Priority: 1000\n\nPackage: libssl0.9.8\nPin: release' ' a=maverick\nPin-Priority: 1000\n\nPackage: *\n' 'Pin: release o=Ubuntu\nPin-Priority: -10\n" | tee ' '"{work}/root/etc/apt/preferences"'.format(work=work)) menufile = work + '/root/boot/grub/menu.lst' initrd = sudo('grep "^initrd" "{menufile}" | head -1 | cut -f 3' .format(menufile=menufile)) kernel = sudo('grep "^kernel" "{menufile}" | head -1 | cut -f 3 | ' 'cut -d " " -f 1'.format(menufile=menufile)) sudo('rm -f "{work}/root/initrd.img.old";' 'rm -f "{work}/root/vmlinuz.old";' 'rm -f "{work}/root/initrd.img";' 'rm -f "{work}/root/vmlinuz"'.format(work=work)) logger.info('Creating symbolic links for kernel.....') sudo('ln -s "{initrd}" "{work}/root/initrd.img";' 'ln -s "{kernel}" "{work}/root/vmlinuz"' .format(initrd=initrd, kernel=kernel, work=work)) sudo('mv "{work}/root/etc/resolv.conf" ' '"{work}/root/etc/resolv.conf.old";cp "/etc/resolv.conf" ' '"{work}/root/etc/"'.format(work=work)) logger.info('Chrooting and installing needed apps..') sudo('chroot "{work}/root" <<- EOT\n' 'set -e\n' 'mount -t devpts devpts /dev/pts/\n' 'mount -t proc proc /proc/\n' 'mount -t sysfs sysfs /sys/\n' 'localedef -f UTF-8 -i en_US --no-archive en_US.utf8\n' 'apt-get -y update\n' 'apt-get -y install ssl-cert\n' 'apt-get -y install update-inetd\n' 'mv /usr/sbin/update-inetd /usr/sbin/update-inetd.old\n' 'touch /usr/sbin/update-inetd\n' 'chmod a+x /usr/sbin/update-inetd\n' 'apt-get -y install bozohttpd\n' 'mv /usr/sbin/update-inetd.old /usr/sbin/update-inetd\n' 'EOT'.format(work=work)) logger.info('Fixing permissions and symlinking bozohttpd...') sudo('chroot "{work}/root" <<- EOT\n' 'chown root:ssl-cert /etc/initramfs-tools/boot/boot.key\n' 'chmod 640 /etc/initramfs-tools/boot/boot.key\n' 'ln -s /usr/sbin/bozohttpd /etc/initramfs-tools/boot/\n' 'ln -s . /boot/boot\n' 'EOT'.format(work=work)) logger.info('Instaling cryptsetup and unmounting.....') sudo('chroot "{work}/root" <<- EOT\n' 'apt-get -y install cryptsetup\n' 'apt-get -y clean\n' 'update-initramfs -uk all\n' 'mv /etc/resolv.conf.old /etc/resolv.conf\n' 'umount /dev/pts\n' 'umount /proc\n' 'umount /sys\n' 'EOT'.format(work=work)) logger.info('Shutting down temporary instance') sudo('shutdown -h now')
def make_encrypted_ubuntu(host_string, key_filename, user, architecture, dev, name, release, pw1, pw2): with settings(host_string=host_string, user=user, key_filename=key_filename): data = '/home/' + user + '/data' page = 'https://uec-images.ubuntu.com/releases/' \ + release + '/release/' image = release + '-server-uec-' + architecture + '.img' bootlabel = "bootfs" def check(message, program, sums): with hide('running', 'stdout'): options = '--keyring=' + data + '/encrypted_root/uecimage.gpg' logger.info('{0}'.format(message)) sudo('curl -fs "{page}/{sums}.gpg" > "{data}/{sums}.gpg"'. format(page=page, sums=sums, data=data)) try: sudo('curl -fs "{page}/{sums}" > "{data}/{sums}"'.format( page=page, sums=sums, data=data)) except: logger.exception('N/A') try: sudo('gpgv {options} "{data}/{sums}.gpg" ' '"{data}/{sums}" 2> /dev/null'.format(options=options, sums=sums, data=data)) except: logger.exception('Evil.') try: sudo('grep "{file}" "{data}/{sums}" | (cd {data};' ' {program} --check --status)'.format( file=file, sums=sums, data=data, program=program)) except: logger.exception('Failed.') logger.info('Ok') with hide('running', 'stdout'): while pw1 == pw2: pw1 = prompt('Type in first password for enryption: ') pw2 = prompt('Type in second password for enryption: ') if pw1 == pw2: logger.info('\nPasswords can\'t be the same.\n') logger.info('Installing cryptsetup.....') wait_for_sudo('apt-get -y install cryptsetup') sudo('mkdir -p {0}'.format(data)) try: logger.info('Downloading releases list.....') sudo('curl -fs "{0}" > "{1}/release.html"'.format(page, data)) except: logger.exception('Invalid system: {0}'.format(release)) logger.info('Uploading uecimage.gpg.....') encr_root = resource_stream(pkg_name, 'encrypted_root.tar.gz') put(encr_root, data + '/encrypted_root.tar.gz', use_sudo=True, mirror_local_mode=True) sudo('cd {data}; tar -xf {data}/encrypted_root.tar.gz'.format( data=data)) file = sudo('pattern=\'<a href="([^"]*-{arch}\.tar\.gz)">' '\\1</a>\'; perl -ne "m[$pattern] && "\'print "$1\\n' '"\' "{data}/release.html"'.format(data=data, arch=architecture)) logger.info('Downloading ubuntu image.....') sudo('wget -P "{data}" "{page}{file}"'.format(data=data, page=page, file=file)) check('Checking SHA256...', 'sha256sum', 'SHA256SUMS') check('Checking SHA1.....', 'sha1sum', 'SHA1SUMS') check('Checking MD5......', 'md5sum', 'MD5SUMS') work = sudo('mktemp --directory') sudo('touch {work}/{image}'.format(work=work, image=image)) logger.info('Unpacking ubuntu image.....') sudo('tar xfz "{data}/{file}" -C "{work}" {image}'.format( data=data, file=file, work=work, image=image)) sudo('mkdir "{work}/ubuntu"'.format(work=work)) logger.info('Mounting ubuntu image to working directory.....') sudo('mount -o loop,ro "{work}/{image}" "{work}/ubuntu"'.format( image=image, work=work)) logger.info('Creating separate boot volume.....') sudo('echo -e "0 1024 83 *\n;\n" | /sbin/sfdisk -uM {dev}'.format( dev=dev)) logger.info('Formatting boot volume.....') sudo('/sbin/mkfs -t ext3 -L "{bootlabel}" "{dev}1"'.format( bootlabel=bootlabel, dev=dev)) sudo('touch {work}/pw2.txt | echo -n {pw1} > "{work}/pw1.txt" | ' 'chmod 700 "{work}/pw1.txt"'.format(pw1=pw1, work=work)) sudo('touch {work}/pw2.txt | echo -n {pw2} > "{work}/pw2.txt" | ' 'chmod 700 "{work}/pw2.txt"'.format(pw2=pw2, work=work)) logger.info('Creating luks encrypted volume.....') sudo('cryptsetup luksFormat -q --key-size=256 {dev}2 "{work}/' 'pw1.txt"'.format(dev=dev, work=work)) logger.info('Adding second key to encrypted volume.....') sudo('cryptsetup luksAddKey -q --key-file="{work}/pw1.txt" ' '{dev}2 "{work}/pw2.txt"'.format(work=work, dev=dev)) logger.info('Opening luks encrypted volume.....') sudo('cryptsetup luksOpen --key-file="{work}/pw1.txt" ' '{dev}2 {name}'.format(work=work, dev=dev, name=name)) sudo('shred --remove "{work}/pw1.txt"; shred --remove' ' "{work}/pw2.txt"'.format(work=work)) fs_type = sudo( 'df -T "{work}/ubuntu" | tail -1 | cut -d " " -f 5'.format( work=work)) logger.info('Creating filesystem on luks encrypted volume.....') sudo('mkfs -t {fs_type} "/dev/mapper/{name}"'.format( fs_type=fs_type, name=name)) sudo('/sbin/e2label "/dev/mapper/{name}" "uec-rootfs"'.format( name=name)) logger.info('Mounting luks encrypted volume.....') sudo('mkdir -p "{work}/root"; mount /dev/mapper/{name}' ' "{work}/root"'.format(work=work, name=name)) logger.info('Starting syncronisation of working dir with image') sudo('rsync --archive --hard-links "{work}/ubuntu/"' ' "{work}/root/"'.format(work=work)) boot_device = 'LABEL=' + bootlabel root_device = 'UUID=$(cryptsetup luksUUID ' + dev + '2)' sudo('mkdir "{work}/boot"; mount "{dev}1" "{work}/boot"'.format( work=work, dev=dev)) sudo('rsync --archive "{work}/root/boot/" "{work}/boot"'.format( work=work)) sudo('rm -rf "{work}/root/boot/"*'.format(work=work)) sudo('mount --move "{work}/boot" "{work}/root/boot"'.format( work=work)) sudo('echo "{boot_device} /boot ext3" >> "{work}/root/etc/fstab"'. format(boot_device=boot_device, work=work)) sudo('sed -i -e \'s/(hd0)/(hd0,0)/\' "{work}/root/boot/grub/menu.' 'lst"'.format(work=work)) bozo_target = work + '/root/etc/initramfs-tools/boot' sudo('mkdir -p {bozo_target}'.format(bozo_target=bozo_target)) logger.info('Copying files for preboot web-auth.....') sudo('cp {data}/encrypted_root/cryptsetup ' '{work}/root/etc/initramfs-tools/hooks/cryptsetup'.format( data=data, work=work)) places = {'data': data, 'bozo_target': bozo_target} for file_ in [ 'boot.key', 'boot.crt', 'cryptsetup.sh', 'index.html', 'activate.cgi', 'hiding.gif', 'make_bozo_dir.sh' ]: sudo('cp {data}/encrypted_root/{file} {bozo_target}/{file}'. format(file=file_, **places)) logger.info('Modifying scripts to match our volumes.....') sudo('sed -i "s/\/dev\/sda2/{root_device}/" ' '{work}/root/etc/initramfs-tools/hooks/cryptsetup'.format( root_device=root_device, work=work)) sudo('mkdir -p "{work}/root/etc/ec2"'.format(work=work)) if release == 'lucid': logger.info('Adding apt entries for lucid.....') listfile = work + '/root/etc/apt/sources.list' sudo('grep "lucid main" {listfile} | sed "' 's/lucid/maverick/g" >> {work}/root/etc/' 'apt/sources.list.d/bozohttpd.list'.format( listfile=listfile, work=work)) sudo('echo -e "Package: *\nPin: release a=lucid\nPin-Priority:' ' 600\n\nPackage: bozohttpd\nPin: release a=maverick\n' 'Pin-Priority: 1000\n\nPackage: libssl0.9.8\nPin: release' ' a=maverick\nPin-Priority: 1000\n\nPackage: *\n' 'Pin: release o=Ubuntu\nPin-Priority: -10\n" | tee ' '"{work}/root/etc/apt/preferences"'.format(work=work)) menufile = work + '/root/boot/grub/menu.lst' initrd = sudo( 'grep "^initrd" "{menufile}" | head -1 | cut -f 3'.format( menufile=menufile)) kernel = sudo('grep "^kernel" "{menufile}" | head -1 | cut -f 3 | ' 'cut -d " " -f 1'.format(menufile=menufile)) sudo('rm -f "{work}/root/initrd.img.old";' 'rm -f "{work}/root/vmlinuz.old";' 'rm -f "{work}/root/initrd.img";' 'rm -f "{work}/root/vmlinuz"'.format(work=work)) logger.info('Creating symbolic links for kernel.....') sudo('ln -s "{initrd}" "{work}/root/initrd.img";' 'ln -s "{kernel}" "{work}/root/vmlinuz"'.format(initrd=initrd, kernel=kernel, work=work)) sudo('mv "{work}/root/etc/resolv.conf" ' '"{work}/root/etc/resolv.conf.old";cp "/etc/resolv.conf" ' '"{work}/root/etc/"'.format(work=work)) logger.info('Chrooting and installing needed apps..') sudo('chroot "{work}/root" <<- EOT\n' 'set -e\n' 'mount -t devpts devpts /dev/pts/\n' 'mount -t proc proc /proc/\n' 'mount -t sysfs sysfs /sys/\n' 'localedef -f UTF-8 -i en_US --no-archive en_US.utf8\n' 'apt-get -y update\n' 'apt-get -y install ssl-cert\n' 'apt-get -y install update-inetd\n' 'mv /usr/sbin/update-inetd /usr/sbin/update-inetd.old\n' 'touch /usr/sbin/update-inetd\n' 'chmod a+x /usr/sbin/update-inetd\n' 'apt-get -y install bozohttpd\n' 'mv /usr/sbin/update-inetd.old /usr/sbin/update-inetd\n' 'EOT'.format(work=work)) logger.info('Fixing permissions and symlinking bozohttpd...') sudo('chroot "{work}/root" <<- EOT\n' 'chown root:ssl-cert /etc/initramfs-tools/boot/boot.key\n' 'chmod 640 /etc/initramfs-tools/boot/boot.key\n' 'ln -s /usr/sbin/bozohttpd /etc/initramfs-tools/boot/\n' 'ln -s . /boot/boot\n' 'EOT'.format(work=work)) logger.info('Instaling cryptsetup and unmounting.....') sudo('chroot "{work}/root" <<- EOT\n' 'apt-get -y install cryptsetup\n' 'apt-get -y clean\n' 'update-initramfs -uk all\n' 'mv /etc/resolv.conf.old /etc/resolv.conf\n' 'umount /dev/pts\n' 'umount /proc\n' 'umount /sys\n' 'EOT'.format(work=work)) logger.info('Shutting down temporary instance') sudo('shutdown -h now')