def create_cert(): """ Create SSL certificates. """ etc_dir = "/etc/cozy" require.files.directory(etc_dir, use_sudo=True, owner="cozy") with cd(etc_dir): sudo("openssl genrsa -out ./server.key 1024") sudo("openssl req -new -x509 -days 3650 -key " + "./server.key -out ./server.crt -batch") sudo("chmod 640 server.key") require.group("ssl-cert") sudo("chown cozy:ssl-cert ./server.key") print(green("Certificates successfully created."))
def prepare_env(): require.deb.package('sudo') require.group('supervisor') fabtools.user.modify(env.user, extra_groups=['supervisor', 'sudo']) #ElasticSearch fabtools.deb.add_apt_key(url='http://packages.elasticsearch.org/GPG-KEY-elasticsearch') require.deb.source('elasticsearch', 'http://packages.elasticsearch.org/elasticsearch/1.2/debian', 'stable', 'main') #MongoDB fabtools.deb.add_apt_key(keyid='7F0CEB10', keyserver='hkp://keyserver.ubuntu.com:80') require.deb.source('mongodb', 'http://downloads-distro.mongodb.org/repo/ubuntu-upstart', 'dist', '10gen') fabtools.deb.update_index require.deb.packages([ 'python-dev', 'python-pip', 'python-virtualenv', 'build-essential', 'git', 'supervisor', 'openjdk-7-jre-headless', 'nginx', 'elasticsearch', 'libjpeg-dev', 'zlib1g-dev', 'libpng12-dev', 'libfreetype6-dev', 'gettext', 'gettext-doc', ]) require.deb.package('mongodb-org', version='2.6.4') fabtools.service.stop('mongod') #Mongod configuration sudo('sed -i "s/#replSet=setname/replSet=rs0/g" /etc/mongod.conf') sudo('sed -i "s/#oplogSize=1024/oplogSize=128/g" /etc/mongod.conf') sudo('grep smallfiles /etc/mongod.conf || echo "smallfiles = true" >> /etc/mongod.conf') #Make Elasticsearch start with boot sudo('update-rc.d elasticsearch defaults') #Plugins for ElasticSearch if not fabtools.files.is_dir('/usr/share/elasticsearch/plugins/mapper-attachments'): sudo('/usr/share/elasticsearch/bin/plugin --install elasticsearch/elasticsearch-mapper-attachments/2.3.1') if not fabtools.files.is_dir('/usr/share/elasticsearch/plugins/river-mongodb'): sudo('/usr/share/elasticsearch/bin/plugin --install com.github.richardwilly98.elasticsearch/elasticsearch-river-mongodb/2.0.1') # if not fabtools.files.is_dir('/usr/share/elasticsearch/plugins/jetty-1.2.1'): # sudo('/usr/share/elasticsearch/bin/plugin -url https://oss-es-plugins.s3.amazonaws.com/elasticsearch-jetty/elasticsearch-jetty-1.2.1.zip -install elasticsearch-jetty-1.2.1') #Supervisor configuration fabtools.service.stop('supervisor') sudo('sed -i "s/chmod=0700.*/chmod=0770\\nchown=root:supervisor/g" /etc/supervisor/supervisord.conf') #Add security for elasticsearch sudo('iptables -A INPUT ! -s 127.0.0.1 -p tcp -m tcp --dport 9200 -j DROP') sudo('iptables -A INPUT ! -s 127.0.0.1 -p tcp -m tcp --dport 9300 -j DROP')
def create_cert(): ''' Create SSL certificates. ''' etc_dir = '/etc/cozy' require.files.directory(etc_dir, use_sudo=True, owner='cozy') with cd(etc_dir): sudo('openssl genrsa -out ./server.key 1024') sudo('openssl req -new -x509 -days 3650 -key ' + './server.key -out ./server.crt -batch') sudo('chmod 640 server.key') require.group('ssl-cert') sudo('chown cozy:ssl-cert ./server.key') print(green('Certificates successfully created.'))
def create_cert(): ''' Create SSL certificates. ''' etc_dir = '/etc/cozy' require.files.directory(etc_dir, use_sudo=True, owner='cozy') with cd(etc_dir): sudo('openssl genrsa -out ./server.key 1024') sudo( 'openssl req -new -x509 -days 3650 -key ' + './server.key -out ./server.crt -batch') sudo('chmod 640 server.key') require.group('ssl-cert') sudo('chown cozy:ssl-cert ./server.key') print(green('Certificates successfully created.'))
def _require_nightly_production_script(): '''Create a script to backup openerp databases and plan execution ''' require.group(OPENERP_BACKUP_GROUP) require.directory( OPENERP_BACKUP_PATH, owner=ADMIN_USER, group=OPENERP_BACKUP_GROUP, mode='755', use_sudo=True ) command_pg_dump_lines , command_move_lines, command_put_ftp_lines = '', '', '' for database in OPENERP_DATABASES: command_pg_dump_lines += 'su - postgres -c "pg_dump --format=c %s --file=/tmp/postgres_%s.dump"\n' %(database, database) command_move_lines += 'mv /tmp/postgres_%s.dump $aRepertoireArchive' %(database) command_put_ftp_lines += 'put postgres_%s.dump' %(database) params = { 'EMAIL_ADMIN' : EMAIL_ADMIN, 'SERVER_HOSTNAME' : SERVER_HOSTNAME, 'OPENERP_BACKUP_PATH' : OPENERP_BACKUP_PATH, 'OPENERP_BACKUP_MAX_DAY' : OPENERP_BACKUP_MAX_DAY, 'OPENERP_BACKUP_MAIL' : OPENERP_BACKUP_MAIL, 'ADMIN_USER' : ADMIN_USER, 'OPENERP_BACKUP_GROUP' : OPENERP_BACKUP_GROUP, 'command_pg_dump_lines' : command_pg_dump_lines, 'command_move_lines' : command_move_lines, 'command_put_ftp_lines' : command_put_ftp_lines, 'EXTERNAL_BACKUP_HOST' : EXTERNAL_BACKUP_HOST, 'EXTERNAL_BACKUP_PORT' : EXTERNAL_BACKUP_PORT, 'EXTERNAL_BACKUP_LOGIN' : EXTERNAL_BACKUP_LOGIN, 'EXTERNAL_BACKUP_PASSWORD' : EXTERNAL_BACKUP_PASSWORD, 'EXTERNAL_BACKUP_ROOT_FOLDER' : EXTERNAL_BACKUP_ROOT_FOLDER, 'OPENERP_ERROR_LOG_NAME' : OPENERP_ERROR_LOG_NAME, 'OPENERP_ERROR_LOG_PATH' : OPENERP_ERROR_LOG_PATH, } require.directory('/home/' + ADMIN_USER +'/scripts/', mode='755', use_sudo=True) require.files.template_file( path = '/home/' + ADMIN_USER +'/scripts/nightly_production.sh', template_source = 'files/home/admin_user/scripts/nightly_production.sh', context = params, owner=ADMIN_USER, group=ADMIN_GROUP, mode='755', use_sudo = True, ) cron.add_task('nightly_production', OPENERP_BACKUP_TIMESPEC, 'root', '/home/' + ADMIN_USER +'/scripts/nightly_production.sh') require.user(SYSTEM_BACKUP_USER, password=SYSTEM_BACKUP_PWD, group=OPENERP_BACKUP_GROUP, create_group=False, home=OPENERP_BACKUP_PATH, )