def create_cert():
"""
Create SSL certificates.
"""
etc_dir = "/etc/cozy"
require.files.directory(etc_dir, use_sudo=True, owner="cozy")
with cd(etc_dir):
sudo("openssl genrsa -out ./server.key 1024")
sudo("openssl req -new -x509 -days 3650 -key " + "./server.key -out ./server.crt -batch")
sudo("chmod 640 server.key")
require.group("ssl-cert")
sudo("chown cozy:ssl-cert ./server.key")
print(green("Certificates successfully created."))
def prepare_env():
require.deb.package('sudo')
require.group('supervisor')
fabtools.user.modify(env.user, extra_groups=['supervisor', 'sudo'])
#ElasticSearch
fabtools.deb.add_apt_key(url='http://packages.elasticsearch.org/GPG-KEY-elasticsearch')
require.deb.source('elasticsearch', 'http://packages.elasticsearch.org/elasticsearch/1.2/debian', 'stable', 'main')
#MongoDB
fabtools.deb.add_apt_key(keyid='7F0CEB10', keyserver='hkp://keyserver.ubuntu.com:80')
require.deb.source('mongodb', 'http://downloads-distro.mongodb.org/repo/ubuntu-upstart', 'dist', '10gen')
fabtools.deb.update_index
require.deb.packages([
'python-dev',
'python-pip',
'python-virtualenv',
'build-essential',
'git',
'supervisor',
'openjdk-7-jre-headless',
'nginx',
'elasticsearch',
'libjpeg-dev',
'zlib1g-dev',
'libpng12-dev',
'libfreetype6-dev',
'gettext',
'gettext-doc',
])
require.deb.package('mongodb-org', version='2.6.4')
fabtools.service.stop('mongod')
#Mongod configuration
sudo('sed -i "s/#replSet=setname/replSet=rs0/g" /etc/mongod.conf')
sudo('sed -i "s/#oplogSize=1024/oplogSize=128/g" /etc/mongod.conf')
sudo('grep smallfiles /etc/mongod.conf || echo "smallfiles = true" >> /etc/mongod.conf')
#Make Elasticsearch start with boot
sudo('update-rc.d elasticsearch defaults')
#Plugins for ElasticSearch
if not fabtools.files.is_dir('/usr/share/elasticsearch/plugins/mapper-attachments'):
sudo('/usr/share/elasticsearch/bin/plugin --install elasticsearch/elasticsearch-mapper-attachments/2.3.1')
if not fabtools.files.is_dir('/usr/share/elasticsearch/plugins/river-mongodb'):
sudo('/usr/share/elasticsearch/bin/plugin --install com.github.richardwilly98.elasticsearch/elasticsearch-river-mongodb/2.0.1')
# if not fabtools.files.is_dir('/usr/share/elasticsearch/plugins/jetty-1.2.1'):
# sudo('/usr/share/elasticsearch/bin/plugin -url https://oss-es-plugins.s3.amazonaws.com/elasticsearch-jetty/elasticsearch-jetty-1.2.1.zip -install elasticsearch-jetty-1.2.1')
#Supervisor configuration
fabtools.service.stop('supervisor')
sudo('sed -i "s/chmod=0700.*/chmod=0770\\nchown=root:supervisor/g" /etc/supervisor/supervisord.conf')
#Add security for elasticsearch
sudo('iptables -A INPUT ! -s 127.0.0.1 -p tcp -m tcp --dport 9200 -j DROP')
sudo('iptables -A INPUT ! -s 127.0.0.1 -p tcp -m tcp --dport 9300 -j DROP')
def create_cert():
'''
Create SSL certificates.
'''
etc_dir = '/etc/cozy'
require.files.directory(etc_dir, use_sudo=True, owner='cozy')
with cd(etc_dir):
sudo('openssl genrsa -out ./server.key 1024')
sudo('openssl req -new -x509 -days 3650 -key ' +
'./server.key -out ./server.crt -batch')
sudo('chmod 640 server.key')
require.group('ssl-cert')
sudo('chown cozy:ssl-cert ./server.key')
print(green('Certificates successfully created.'))
def create_cert():
'''
Create SSL certificates.
'''
etc_dir = '/etc/cozy'
require.files.directory(etc_dir, use_sudo=True, owner='cozy')
with cd(etc_dir):
sudo('openssl genrsa -out ./server.key 1024')
sudo(
'openssl req -new -x509 -days 3650 -key ' +
'./server.key -out ./server.crt -batch')
sudo('chmod 640 server.key')
require.group('ssl-cert')
sudo('chown cozy:ssl-cert ./server.key')
print(green('Certificates successfully created.'))
def _require_nightly_production_script():
'''Create a script to backup openerp databases and plan execution
'''
require.group(OPENERP_BACKUP_GROUP)
require.directory(
OPENERP_BACKUP_PATH,
owner=ADMIN_USER, group=OPENERP_BACKUP_GROUP, mode='755', use_sudo=True
)
command_pg_dump_lines , command_move_lines, command_put_ftp_lines = '', '', ''
for database in OPENERP_DATABASES:
command_pg_dump_lines += 'su - postgres -c "pg_dump --format=c %s --file=/tmp/postgres_%s.dump"\n' %(database, database)
command_move_lines += 'mv /tmp/postgres_%s.dump $aRepertoireArchive' %(database)
command_put_ftp_lines += 'put postgres_%s.dump' %(database)
params = {
'EMAIL_ADMIN' : EMAIL_ADMIN,
'SERVER_HOSTNAME' : SERVER_HOSTNAME,
'OPENERP_BACKUP_PATH' : OPENERP_BACKUP_PATH,
'OPENERP_BACKUP_MAX_DAY' : OPENERP_BACKUP_MAX_DAY,
'OPENERP_BACKUP_MAIL' : OPENERP_BACKUP_MAIL,
'ADMIN_USER' : ADMIN_USER,
'OPENERP_BACKUP_GROUP' : OPENERP_BACKUP_GROUP,
'command_pg_dump_lines' : command_pg_dump_lines,
'command_move_lines' : command_move_lines,
'command_put_ftp_lines' : command_put_ftp_lines,
'EXTERNAL_BACKUP_HOST' : EXTERNAL_BACKUP_HOST,
'EXTERNAL_BACKUP_PORT' : EXTERNAL_BACKUP_PORT,
'EXTERNAL_BACKUP_LOGIN' : EXTERNAL_BACKUP_LOGIN,
'EXTERNAL_BACKUP_PASSWORD' : EXTERNAL_BACKUP_PASSWORD,
'EXTERNAL_BACKUP_ROOT_FOLDER' : EXTERNAL_BACKUP_ROOT_FOLDER,
'OPENERP_ERROR_LOG_NAME' : OPENERP_ERROR_LOG_NAME,
'OPENERP_ERROR_LOG_PATH' : OPENERP_ERROR_LOG_PATH,
}
require.directory('/home/' + ADMIN_USER +'/scripts/', mode='755', use_sudo=True)
require.files.template_file(
path = '/home/' + ADMIN_USER +'/scripts/nightly_production.sh',
template_source = 'files/home/admin_user/scripts/nightly_production.sh',
context = params,
owner=ADMIN_USER, group=ADMIN_GROUP, mode='755', use_sudo = True,
)
cron.add_task('nightly_production', OPENERP_BACKUP_TIMESPEC, 'root', '/home/' + ADMIN_USER +'/scripts/nightly_production.sh')
require.user(SYSTEM_BACKUP_USER,
password=SYSTEM_BACKUP_PWD,
group=OPENERP_BACKUP_GROUP,
create_group=False,
home=OPENERP_BACKUP_PATH,
)
