def git_require_sudo_user(): """ Test working_copy() with sudo as a user """ from fabric.api import cd, sudo from fabtools.files import group, is_dir, owner from fabtools import require require.user('gituser', group='gitgroup') require.git.working_copy(REMOTE_URL, path='wc_nobody', use_sudo=True, user='******') assert is_dir('wc_nobody') assert is_dir('wc_nobody/.git') with cd('wc_nobody'): remotes = sudo('git remote -v', user='******') assert remotes == \ 'origin\thttps://github.com/disko/fabtools.git (fetch)\r\n' \ 'origin\thttps://github.com/disko/fabtools.git (push)' branch = sudo('git branch', user='******') assert branch == '* master' assert owner('wc_nobody') == 'gituser' assert group('wc_nobody') == 'gitgroup'
def directories(): """ Check directory creation and modification """ from fabtools import require import fabtools with cd('/tmp'): run_as_root('rm -rf dir1 dir2') # Test directory creation require.directory('dir1') assert fabtools.files.is_dir('dir1') assert fabtools.files.owner('dir1') == env.user # Test initial owner requirement require.user('dirtest', create_home=False) require.directory('dir2', owner='dirtest', use_sudo=True) assert fabtools.files.is_dir('dir2') assert fabtools.files.owner('dir2') == 'dirtest' # Test changed owner requirement require.user('dirtest2', create_home=False) require.directory('dir2', owner='dirtest2', use_sudo=True) assert fabtools.files.is_dir('dir2') assert fabtools.files.owner('dir2') == 'dirtest2'
def installed_from_source(version=VERSION): """ Require Redis to be installed from source """ from fabtools import require require.user('redis') dest_dir = '/opt/redis-%(version)s' % locals() require.directory(dest_dir, use_sudo=True, owner='redis') if not is_file('%(dest_dir)s/redis-server' % locals()): with cd('/tmp'): # Download and unpack the tarball tarball = 'redis-%(version)s.tar.gz' % locals() require.file(tarball, url='http://redis.googlecode.com/files/' + tarball) run('tar xzf %(tarball)s' % locals()) # Compile and install binaries require.deb.package('build-essential') with cd('redis-%(version)s' % locals()): run('make') for filename in BINARIES: sudo('cp -pf src/%(filename)s %(dest_dir)s/' % locals()) sudo('chown redis: %(dest_dir)s/%(filename)s' % locals())
def test_require_user_with_ssh_public_keys(): from fabtools.user import authorized_keys from fabtools.require import user try: tests_dir = os.path.dirname(os.path.dirname(__file__)) public_key_filename = os.path.join(tests_dir, 'id_test.pub') with open(public_key_filename) as public_key_file: public_key = public_key_file.read().strip() user('req4', home='/tmp/req4', ssh_public_keys=public_key_filename) keys = authorized_keys('req4') assert keys == [public_key] # let's try add same keys second time user('req4', home='/tmp/req4', ssh_public_keys=public_key_filename) keys = authorized_keys('req4') assert keys == [public_key] finally: run_as_root('userdel -r req4')
def git_require_sudo_user(): """ Test working_copy() with sudo as a user """ from fabric.api import cd, sudo from fabtools.files import group, is_dir, owner from fabtools import require require.user("gituser", group="gitgroup") require.git.working_copy(REMOTE_URL, path="wc_nobody", use_sudo=True, user="******") assert is_dir("wc_nobody") assert is_dir("wc_nobody/.git") with cd("wc_nobody"): remotes = sudo("git remote -v", user="******") assert ( remotes == "origin\thttps://github.com/disko/fabtools.git (fetch)\r\n" "origin\thttps://github.com/disko/fabtools.git (push)" ) branch = sudo("git branch", user="******") assert branch == "* master" assert owner("wc_nobody") == "gituser" assert group("wc_nobody") == "gitgroup"
def test_require_user_with_ssh_public_keys(): from fabtools.user import authorized_keys from fabtools.require import user try: tests_dir = os.path.dirname(os.path.dirname(__file__)) public_key_filename = os.path.join(tests_dir, 'id_test.pub') with open(public_key_filename) as public_key_file: public_key = public_key_file.read().strip() user('req4', home='/tmp/req4', ssh_public_keys=public_key_filename) keys = authorized_keys('req4') assert keys == [public_key] # let's try add same keys second time user('req4', home='/tmp/req4', ssh_public_keys=public_key_filename) keys = authorized_keys('req4') assert keys == [public_key] finally: run_as_root('userdel -r req4', warn_only=True)
def addWebserver(webserver): """ Add a virtual webserver :param webserver: :return: """ hostdir = gethostdir() # Stop uwsgi service.stop('uwsgi') # Create user homedir = '%(hostdir)s/%(webserver)s' % locals() require.user(webserver, home=homedir, shell='/bin/bash',) # Create web directory createDirectory(hostdir, webserver) CONFIG_TPL = ''' server { server_name %(server_name)s %(server_alias)s; root %(docroot)s/%(server_name)s/www; access_log %(docroot)s/%(server_name)s/log/access.log; }''' require.nginx.site( webserver, template_contents=CONFIG_TPL, server_alias='', docroot=hostdir, ) require.network.host('127.0.0.1', webserver)
def installed_from_source(version=VERSION): """ Require Redis to be installed from source. The compiled binaries will be installed in ``/opt/redis-{version}/``. """ from fabtools import require require.user('redis', home='/var/lib/redis') dest_dir = '/opt/redis-%(version)s' % locals() require.directory(dest_dir, use_sudo=True, owner='redis') if not is_file('%(dest_dir)s/redis-server' % locals()): with cd('/tmp'): # Download and unpack the tarball tarball = 'redis-%(version)s.tar.gz' % locals() require.file(tarball, url='http://redis.googlecode.com/files/' + tarball) run('tar xzf %(tarball)s' % locals()) # Compile and install binaries require.deb.package('build-essential') with cd('redis-%(version)s' % locals()): run('make') for filename in BINARIES: sudo('cp -pf src/%(filename)s %(dest_dir)s/' % locals()) sudo('chown redis: %(dest_dir)s/%(filename)s' % locals())
def directories(): """ Check directory creation and modification """ with cd('/tmp'): sudo('rm -rf dir1 dir2') # Test directory creation require.directory('dir1') assert fabtools.files.is_dir('dir1') assert fabtools.files.owner('dir1') == env.user # Test initial owner requirement require.user('dirtest') require.directory('dir2', owner='dirtest', use_sudo=True) assert fabtools.files.is_dir('dir2') assert fabtools.files.owner('dir2') == 'dirtest' # Test changed owner requirement require.user('dirtest2') require.directory('dir2', owner='dirtest2', use_sudo=True) assert fabtools.files.is_dir('dir2') assert fabtools.files.owner('dir2') == 'dirtest2'
def web_setup_user(): # user = env.user env.user = '******' user = prompt('Enter a new username:'******'Enter a new password for user %s:' % user) require.user(user, shell='/bin/bash', password=password) fabtools.require.users.sudoer(user, hosts='ALL', operators='ALL', passwd=False, commands='ALL')
def gituser(request): from fabtools.require import user username = '******' groupname = 'gitgroup' user(username, group=groupname) request.addfinalizer(functools.partial(run_as_root, 'userdel -r %s' % username)) return username, groupname
def gituser(request): from fabtools.require import user username = '******' groupname = 'gitgroup' user(username, group=groupname) request.addfinalizer( functools.partial(run_as_root, 'userdel -r %s' % username)) return username, groupname
def setup(): """Initial setup - create application user, database, install package dependencies.""" require.user(env.app_user, group='www-data', system=True, create_home=True) require.postgres.server() rabbitmq.server() require.nginx.server() require.deb.packages(['libxml2-dev', 'libxslt1-dev', 'python-dev', 'libffi-dev', 'zlib1g-dev', 'libjpeg-dev']) setup_postgres() setup_rabbitmq()
def install_sample_buildout(): require.user('user1', create_home=True, shell='/bin/bash') with settings(name='user1'): files.append( '/home/user1/.bashrc', 'export PYTHEON_ADMIN=/var/lib/pytheon/bin/pytheon-admin' ) run( # TODO use $PYTHEON_ADMIN here '/var/lib/pytheon/bin/pytheon-admin -d https://github.com/pytheon/sample_buildout.git --host=example.com' )
def gituser(): from fabtools.require import user username = '******' groupname = 'gitgroup' user(username, group=groupname) yield username, groupname run_as_root('userdel -r %s' % username)
def setup_user(): """ Require user belonging to www-data and sudo groups that will be in charge of this project on remote server (all further actions should be executed as him) """ require.user(env.username, group="www-data", password=env.username, shell="/bin/bash") require.sudoer(env.username) env.user = env.username
def setup_user(password, ssh_key): """ First command to user before running general setup. Create the user under which you will run the other commands. Usage exemple: fab dev setup_user:password="******",ssh_key="/home/you/.ssh/id_dsa.pub"\ --port 34 --user root """ require.user(PROJECT_NAME, password=password, ssh_public_keys=ssh_key)
def _add_user(*args, **kwargs): require.user(*args, **kwargs) if 'name' not in kwargs: user = args[0] else: user = kwargs['name'] if not fabtools.files.is_file('/home/%s/.ssh/authorized_keys' % user): run('mkdir -p /home/%s/.ssh/' % user) run('cp /root/.ssh/authorized_keys /home/%s/.ssh/' % user) run('chown %(user)s:%(user)s /home/%(user)s/.ssh/ -R' % {'user': user})
def _add_user(*args, **kwargs): require.user(*args, **kwargs) if "name" not in kwargs: user = args[0] else: user = kwargs["name"] if not fabtools.files.is_file("/home/%s/.ssh/authorized_keys" % user): run("mkdir -p /home/%s/.ssh/" % user) run("cp /root/.ssh/authorized_keys /home/%s/.ssh/" % user) run("chown %(user)s:%(user)s /home/%(user)s/.ssh/ -R" % {"user": user})
def setup(self): ''' Prepare droplet for deployment. ''' import fabtools from fabtools import require droplet = self.get_or_create_droplet(self.name) print droplet.to_json() ip_address = droplet.ip_address with settings(host_string='root@{}'.format(ip_address)): run('uname -a') require.user('volkhin') require.sudoer('volkhin')
def test_require_user_with_default_home(): from fabtools.require import user from fabtools.user import exists try: user('req2', create_home=True) assert exists('req2') assert is_dir('/home/req2') finally: run_as_root('userdel -r req2')
def test_require_user_with_default_home(): from fabtools.require import user from fabtools.user import exists try: user('req2', create_home=True) assert exists('req2') assert is_dir('/home/req2') finally: run_as_root('userdel -r req2', warn_only=True)
def test_require_user_with_default_home(): from fabtools.require import user from fabtools.user import exists try: user("req2", create_home=True) assert exists("req2") assert is_dir("/home/req2") finally: run_as_root("userdel -r req2", warn_only=True)
def configure_os(): require.deb.packages([ 'python', 'python-dev', 'python-virtualenv', 'redis-server', 'libmysqlclient-dev', 'supervisor', 'git', ]) require.user(_TIPBOARD_USER, home='/home/' + _TIPBOARD_USER, shell='/bin/bash')
def require_users(): """ Check user creation and modification using fabtools.require """ from fabtools import require import fabtools # require that a user exist, without home directory require.user('req1', create_home=False) assert fabtools.user.exists('req1') assert not fabtools.files.is_dir('/home/req1') # require again require.user('req1') # require that a user exist, with default home directory require.user('req2', create_home=True) assert fabtools.user.exists('req2') assert fabtools.files.is_dir('/home/req2') # require that a user exist, with custom home directory require.user('req3', home='/home/other') assert fabtools.user.exists('req3') assert not fabtools.files.is_dir('/home/req3') assert fabtools.files.is_dir('/home/other')
def test_require_user_with_custom_home(): from fabtools.require import user from fabtools.user import exists try: user("req3", home="/home/other") assert exists("req3") assert not is_dir("/home/req3") assert is_dir("/home/other") finally: run_as_root("userdel -r req3", warn_only=True)
def test_require_user_with_custom_home(): from fabtools.require import user from fabtools.user import exists try: user('req3', home='/home/other') assert exists('req3') assert not is_dir('/home/req3') assert is_dir('/home/other') finally: run_as_root('userdel -r req3', warn_only=True)
def test_require_user_with_custom_home(): from fabtools.require import user from fabtools.user import exists try: user('req3', home='/home/other') assert exists('req3') assert not is_dir('/home/req3') assert is_dir('/home/other') finally: run_as_root('userdel -r req3')
def sys_utils(): """ Sysadmin tools installation """ pkg('zsh', 'psmisc', 'psutils', 'vim', 'less', 'most', 'screen', 'lsof', 'htop', 'strace', 'ltrace') #TODO: screenrc (escape!) require.file('/etc/vim/vimrc.local', "syntax enable\nset modeline si ai ic scs bg=dark\n", owner='root', group='root', use_sudo=True) require.file('/etc/zsh/zshrc', source='files/shell/zshrc', owner='root', group='root', use_sudo=True) require.file('/etc/zsh/zshrc.local', source='files/shell/zshrc.local', owner='root', group='root', use_sudo=True) require.user('root', shell='/usr/bin/zsh')
def pre_install(): """ Preparing Cozy Launching """ require.postfix.server('myinstance.cozycloud.cc') # Create cozy user require.user("cozy", "/home/cozy") # Get cozy repo delete_if_exists('/home/cozy/cozy-setup') sudo('git clone git://github.com/mycozycloud/cozy-setup.git' \ + ' /home/cozy/cozy-setup', user='******') require.files.directory("/root") require.nodejs.package('coffee-script')
def test_require_user_without_home(): from fabtools.require import user from fabtools.user import exists try: user("req1", create_home=False) assert exists("req1") assert not is_dir("/home/req1") # require again user("req1") finally: run_as_root("userdel -r req1", warn_only=True)
def test_require_user_without_home(): from fabtools.require import user from fabtools.user import exists try: user('req1', create_home=False) assert exists('req1') assert not is_dir('/home/req1') # require again user('req1') finally: run_as_root('userdel -r req1')
def test_require_user_without_home(): from fabtools.require import user from fabtools.user import exists try: user('req1', create_home=False) assert exists('req1') assert not is_dir('/home/req1') # require again user('req1') finally: run_as_root('userdel -r req1', warn_only=True)
def _require_nightly_production_script(): '''Create a script to backup openerp databases and plan execution ''' require.group(OPENERP_BACKUP_GROUP) require.directory( OPENERP_BACKUP_PATH, owner=ADMIN_USER, group=OPENERP_BACKUP_GROUP, mode='755', use_sudo=True ) command_pg_dump_lines , command_move_lines, command_put_ftp_lines = '', '', '' for database in OPENERP_DATABASES: command_pg_dump_lines += 'su - postgres -c "pg_dump --format=c %s --file=/tmp/postgres_%s.dump"\n' %(database, database) command_move_lines += 'mv /tmp/postgres_%s.dump $aRepertoireArchive' %(database) command_put_ftp_lines += 'put postgres_%s.dump' %(database) params = { 'EMAIL_ADMIN' : EMAIL_ADMIN, 'SERVER_HOSTNAME' : SERVER_HOSTNAME, 'OPENERP_BACKUP_PATH' : OPENERP_BACKUP_PATH, 'OPENERP_BACKUP_MAX_DAY' : OPENERP_BACKUP_MAX_DAY, 'OPENERP_BACKUP_MAIL' : OPENERP_BACKUP_MAIL, 'ADMIN_USER' : ADMIN_USER, 'OPENERP_BACKUP_GROUP' : OPENERP_BACKUP_GROUP, 'command_pg_dump_lines' : command_pg_dump_lines, 'command_move_lines' : command_move_lines, 'command_put_ftp_lines' : command_put_ftp_lines, 'EXTERNAL_BACKUP_HOST' : EXTERNAL_BACKUP_HOST, 'EXTERNAL_BACKUP_PORT' : EXTERNAL_BACKUP_PORT, 'EXTERNAL_BACKUP_LOGIN' : EXTERNAL_BACKUP_LOGIN, 'EXTERNAL_BACKUP_PASSWORD' : EXTERNAL_BACKUP_PASSWORD, 'EXTERNAL_BACKUP_ROOT_FOLDER' : EXTERNAL_BACKUP_ROOT_FOLDER, 'OPENERP_ERROR_LOG_NAME' : OPENERP_ERROR_LOG_NAME, 'OPENERP_ERROR_LOG_PATH' : OPENERP_ERROR_LOG_PATH, } require.directory('/home/' + ADMIN_USER +'/scripts/', mode='755', use_sudo=True) require.files.template_file( path = '/home/' + ADMIN_USER +'/scripts/nightly_production.sh', template_source = 'files/home/admin_user/scripts/nightly_production.sh', context = params, owner=ADMIN_USER, group=ADMIN_GROUP, mode='755', use_sudo = True, ) cron.add_task('nightly_production', OPENERP_BACKUP_TIMESPEC, 'root', '/home/' + ADMIN_USER +'/scripts/nightly_production.sh') require.user(SYSTEM_BACKUP_USER, password=SYSTEM_BACKUP_PWD, group=OPENERP_BACKUP_GROUP, create_group=False, home=OPENERP_BACKUP_PATH, )
def create_ubuntu_users(): require.user( name='zhorzh', group='developers', shell='/bin/bash', ssh_public_keys='/home/zhorzh/.ssh/id_rsa.pub') require.users.sudoer( username='******', hosts='ALL', operators='ALL', passwd=False, commands='ALL') require.users.sudoer( username='******', hosts='ALL', operators='ALL', passwd=False, commands='ALL')
def require_docker(): """ Install a docker core """ # Install package if not files.exists('/usr/bin/docker'): require.deb.update_index() require.docker.core() # Requirement platform require.deb.packages(['openvswitch-switch']) # Group user if env.user != 'root': require.user(env.user, group='docker') require.service.started('docker')
def setup_sql_nodes(): require.deb.packages( ['libaio1', 'libaio-dev'] ) require.user('mysql') install_mysql_cluster() upload_template('conf/my.cnf.jinja2', '/etc/my.cnf', env.servers, use_jinja=True) run('mkdir -p /var/lib/mysql-cluster/data') if not exists('/var/lib/mysql-cluster/data/mysql'): run('/usr/local/mysql-cluster/scripts/mysql_install_db --user=mysql --basedir=/usr/local/mysql-cluster --datadir=/var/lib/mysql-cluster/data --defaults-file=/etc/my.cnf') if not exists('/etc/init.d/mysql.server'): run('cp /usr/local/mysql-cluster/support-files/mysql.server /etc/init.d') run("sed -i 's/^basedir=$/basedir=\/usr\/local\/mysql-cluster/g' /etc/init.d/mysql.server") run("sed -i 's/^datadir=$/datadir=\/var\/lib\/mysql-cluster\/data/g' /etc/init.d/mysql.server") require.service.started('mysql.server')
def install(): # swap only when necessary require.system.sysctl("vm.swappiness", 0, persist=True) # max shared memory in bytes require.system.sysctl("kernel.shmmax", config.RAM_SIZE / 4 * 1024 * 1024, persist=True) require.user(config.GIS_USER, create_home=False, shell="/bin/false") require.directory("/opt/osm", owner=config.GIS_USER, use_sudo=True) dependencies() pgconfig() pgusers() pbf() nominatim() tiles() osrm()
def system_dependencies(): # get some packages require.deb.uptodate_index() # Require some Debian/Ubuntu packages require.deb.packages([ 'python3', 'nginx-full', 'python3-dev', 'python3-pip', 'git', 'python3-venv' ]) # let's make a user for our app require.user('health') # also install cloud monitoring run("curl -sSL https://agent.digitalocean.com/install.sh | sh") run("mkdir ~health/.ssh") run("cp ~/.ssh/authorized_keys ~health/.ssh/authorized_keys") run("chown -R health:health ~health/.ssh")
def require_docker(): """ Install a docker core """ # Install package if not files.exists('/usr/bin/docker'): require.deb.update_index() require.docker.core() # Requirement platform require.deb.packages([ 'openvswitch-switch' ]) # Group user if env.user != 'root': require.user(env.user, group='docker') require.service.started('docker')
def install(): # swap only when necessary require.system.sysctl('vm.swappiness', 0, persist=True) # max shared memory in bytes require.system.sysctl('kernel.shmmax', config.RAM_SIZE / 4 * 1024 * 1024, persist=True) require.user(config.GIS_USER, create_home=False, shell='/bin/false') require.directory('/opt/osm', owner=config.GIS_USER, use_sudo=True) dependencies() pgconfig() pgusers() pbf() nominatim() tiles() osrm()
def create_cozy_user(): """ Add Cozy user with no home directory. """ require.user("cozy", home=False, create_home=False) require.user("cozy-data-system", create_home=True) require.user("cozy-home", create_home=True)
def test_require_user_with_ssh_public_keys(): from fabtools.user import authorized_keys from fabtools.require import user try: tests_dir = os.path.dirname(os.path.dirname(__file__)) public_key_filename = os.path.join(tests_dir, 'id_test.pub') public_key_filename2 = os.path.join(tests_dir, 'id_test2.pub') multiple_public_key_filename = \ os.path.join(tests_dir, 'test_authorized_keys') with open(public_key_filename) as public_key_file: public_key = public_key_file.read().strip() with open(public_key_filename2) as public_key_file: public_key2 = public_key_file.read().strip() user('req4', home='/tmp/req4', ssh_public_keys=public_key_filename) keys = authorized_keys('req4') assert keys == [public_key] # let's try add same keys second time user('req4', home='/tmp/req4', ssh_public_keys=public_key_filename) keys = authorized_keys('req4') # Now add a file with multiple public keys user('req5', home='/tmp/req5', ssh_public_keys=multiple_public_key_filename) keys = authorized_keys('req5') assert keys == [public_key, public_key2], keys # Now adding them individually or again shouldn't affect anything user('req5', home='/tmp/req5', ssh_public_keys=[ public_key_filename2, public_key_filename, multiple_public_key_filename ]) keys = authorized_keys('req5') assert keys == [public_key, public_key2], keys finally: run_as_root('userdel -r req4', warn_only=True)
def create_cozy_user(): ''' Add Cozy user with no home directory. ''' require.user('cozy', home=False, create_home=False) require.user('cozy-data-system', create_home=True) require.user('cozy-home', create_home=True) print(green('Cozy users successfully added'))
def bzr_wc_sudo_user(): """ Test working copy with sudo as a user. """ test = 'bzr_wc_sudo_user' wt = '%s-test-%s' % (DIR, test) puts(magenta('Executing test: %s' % test)) from fabric.api import cd, sudo from fabtools.files import group, is_dir, owner from fabtools import require require.user('bzruser', group='bzrgroup') assert not is_dir(wt) require.bazaar.working_copy(REMOTE_URL, wt, use_sudo=True, user='******') assert_wc_exists(wt) assert owner(wt) == 'bzruser' assert group(wt) == 'bzrgroup'
def addWebserver(webserver): """ Add a virtual webserver :param webserver: :return: """ hostdir = gethostdir() # Stop uwsgi service.stop('uwsgi') # Create user homedir = '%(hostdir)s/%(webserver)s' % locals() require.user( webserver, home=homedir, shell='/bin/bash', ) # Create web directory createDirectory(hostdir, webserver) CONFIG_TPL = ''' server { server_name %(server_name)s %(server_alias)s; root %(docroot)s/%(server_name)s/www; access_log %(docroot)s/%(server_name)s/log/access.log; }''' require.nginx.site( webserver, template_contents=CONFIG_TPL, server_alias='', docroot=hostdir, ) require.network.host('127.0.0.1', webserver)
def setup_apache(site_name, code_path, domain, template_dir=None, media_dir=None, wsgi_user='******', **kwargs): """Set up the apache server for this site. :param site_name: Name of the site e.g. changelogger. Should be a single word with only alpha characters in it. :type site_name: str :param code_path: Directory where the code lives. Will be used to set media etc permissions. :type code_path: str :param domain: Domain name. If none will be set to hostname. :type domain: str :param template_dir: Directory where the template files live. If none will default to ``resources/server_config/apache``. Must be a relative path to the fabfile you are running. :type template_dir: str :param media_dir: Optional dir under code_path if media does not live in ``<code_path>/django_project/media``. No trailing slash. :type media_dir: str :param wsgi_user: Name of user wsgi process should run as. The user will be created as needed. :type wsgi_user: str :param kwargs: Any extra keyword arguments that should be appended to the token list that will be used when rendering the apache config template. Use this to pass in sensitive data such as passwords. :type kwargs: dict :returns: Path to the apache conf file. :rtype: str """ setup_env() # Ensure we have a mailserver setup for our domain # Note that you may have problems if you intend to run more than one # site from the same server require.postfix.server(site_name) require.deb.package('libapache2-mod-wsgi') # Find out if the wsgi user exists and create it if needed e.g. require.user(wsgi_user, create_group=wsgi_user, system=True, comment='System user for running the wsgi process under') # Clone and replace tokens in apache conf if template_dir is None: template_dir = 'resources/server_config/apache/' filename = '%s.apache.conf.templ' % site_name template_path = os.path.join(template_dir, filename) fastprint(green('Using %s for template' % template_path)) context = { 'escaped_server_name': domain.replace('.', '\.'), 'server_name': domain, 'site_user': wsgi_user, 'code_path': code_path, 'site_name': site_name } context.update(kwargs) # merge in any params passed in to this function destination = '/etc/apache2/sites-available/%s.apache.conf' % site_name fastprint(context) upload_template(template_path, destination, context=context, use_sudo=True) set_media_permissions(code_path, wsgi_user, media_dir=media_dir) sudo('a2ensite %s.apache.conf' % site_name) sudo('a2dissite default') sudo('a2enmod rewrite') # Check if apache configs are ok - script will abort if not ok sudo('/usr/sbin/apache2ctl configtest') require.service.restarted('apache2') return destination
def create_user(): """Create newebe user""" require.user(newebe_user, newebe_user_dir)
def setup(): # make sure that th eubuntu user exists if not fabtools.files.is_dir(HOME_DIR): require.user('ubuntu') require.users.sudoer('ubuntu') # Make sure these packages are installed require.deb.uptodate_index() require.deb.packages([ 'build-essential', 'git', 'libncurses5-dev', 'nginx', 'npm', 'python-dev', 'python-pip', 'supervisor', ]) # Make sure that pip and virtualenv are installed # require.python.pip() require.python.packages([ 'virtualenv', ]) # Make sure that the virtualenv exists require.python.virtualenv(DEMO_ENV) with fab.cd(HOME_DIR): require.git.working_copy(GIT_URL) with fab.cd(CODE_DIR), virtualenv(DEMO_ENV): require.python.requirements('requirements.txt') manage('collectstatic --noinput') # Make sure that nginx is installed and running require.nginx.disabled('default') require.nginx.site( 'fabdemo', template_contents=SERVER_TPL, port=80, server_alias='fabdemo', static_dir=STATIC_DIR, ) # require.nginx.server() ### # It seems that fabtools assumes that ubuntu is # running with systemd, but digital ocean is not # restart nginx manually. fab.sudo('service nginx restart') GUNICORN_ENV = ','.join([ 'DJANGO_SETTINGS_MODULE="fabricdemo.settings.prod"', 'SECRET_KEY="_1kcf9pki$+ylug4ejl#x8yu_5zigk_0+7y7ainw!d-$y"' ]) fab.sudo('service supervisor stop') # setup gunicorn CONF = GUNICORN_TPL.format(virtualenv=DEMO_ENV, directory=CODE_DIR, environment=GUNICORN_ENV) require.file('/etc/supervisor/conf.d/gunicorn.conf', contents=CONF, use_sudo=True) fab.sudo('service supervisor start') fabtools.supervisor.update_config() if require.supervisor.process_status('gunicorn') == 'STOPPED': require.supervisor.start_process('gunicorn')
def adduser(username, password, pubkey): require.user(username, password=password, ssh_public_keys=pubkey, shell="/bin/bash") require.sudoer(username)
def setup_user(): require.user(name=env.user, comment='This user is used for setup application', create_home=True) fabtools.user.add_ssh_public_key(env.user, '~/.ssh/id_rsa.pub')
def create_users(): require.user('root', password=generate_random_password()) require.user('runner', password=generate_random_password()) sudo('cd; mkdir -p .ssh; chmod 700 .ssh', user='******') if not exists('/home/runner/.ssh/id_rsa'): sudo('cd; ssh-keygen -f ~/.ssh/id_rsa -t rsa -N ""', user='******')
def setup(): # Require some Debian/Ubuntu packages # sudo('apt-get update && apt-get -y dist-upgrade') require.deb.packages([ 'imagemagick', 'libxml2-dev', 'libxml2', 'libxslt1.1', 'libevent-2.0-5', 'libsasl2-2', 'libldap-2.4-2', 'python-dev', 'libjpeg-dev', 'libpcre3', 'libpcre3-dev', 'nginx', 'supervisor', 'python-pip', 'python-virtualenv', 'python-docutils', 'python-gdata', 'python-mako', 'python-dateutil', 'python-lxml', 'python-libxslt1', 'python-libxslt1', 'python-reportlab', 'python-pybabel', 'python-pychart', 'python-openid', 'python-simplejson', 'python-psycopg2', 'python-vobject', 'python-vatnumber', 'python-webdav', 'python-xlwt', 'python-yaml', 'python-zsi', 'gunicorn', 'fabric', 'python-unipath', 'npm', 'git', 'ufw', 'libxml2-dev', 'libxslt1-dev', 'zlib1g-dev', 'libsasl2-dev', 'libldap2-dev', 'libssl-dev', 'node-less' ]) sudo('apt-get -y autoremove') sudo('pip install --upgrade pip') # setup wkhtml2pdf with cd('/tmp'): sudo( 'wget http://download.gna.org/wkhtmltopdf/0.12/0.12.1/wkhtmltox-0.12.1_linux-trusty-amd64.deb' ) sudo('dpkg -i wkhtmltox-0.12.1_linux-trusty-amd64.deb') sudo('cp /usr/local/bin/wkhtmltopdf /usr/bin') sudo('cp /usr/local/bin/wkhtmltoimage /usr/bin') # Require a PostgreSQL server with settings(abort_exception=FabricException): try: fabtools.require.deb.packages([ 'postgresql-server-dev-all', 'postgresql-client', 'python-psycopg2' ]) except FabricException: sudo('apt-get -f -y install') with settings(abort_exception=FabricException): try: require.postgres.server() except FabricException: with cd('/var/lib/dpkg/info'): sudo('rm postgresql-server.*') sudo('apt-get -f -y install') require.postgres.user(env.db['user'], env.db['pass'], createdb=True) require.postgres.database(env.db['name'], env.db['user']) # setup firewall # setup_firewall() require.user(env.odoo_user, password=env.odoo_user_pwd) with settings(abort_exception=FabricException): try: sudo('mkdir /opt') except FabricException: pass sudo('chmod g+w /opt') with cd('/opt'): sudo('rm -rf ./openerp') sudo('rm -rf ./openerp/.git') with settings(abort_exception=FabricException): try: sudo('mkdir openerp') sudo('chown openerp.openerp ./openerp') sudo('chmod g+w ./openerp') except FabricException: pass sudo('wget -O - https://nightly.odoo.com/odoo.key | apt-key add -') sudo( 'echo "deb http://nightly.odoo.com/7.0/nightly/deb/ ./" >> /etc/apt/sources.list' ) sudo('mkdir -p /var/lib/openerp') sudo('apt-get update && apt-get install openerp -y') #with cd(env.remote_dir): # sudo('git clone https://www.github.com/odoo/odoo --depth 1 --branch 7.0 --single-branch .') # with settings(abort_exception=FabricException): # try: # sudo('pip install') # except FabricException: # sudo('apt-get install -f -y') # sudo('pip install') # # sudo('npm install -g less less-plugin-clean-css') # with settings(abort_exception=FabricException): # try: # sudo('ln -s /usr/bin/nodejs /usr/bin/node') # except FabricException: # pass upload_template(filename='./etc/openerp-server.conf', destination='/etc/openerp/openerp-server.conf', context=env.db, use_sudo=True) put('./etc/init.d/openerp', '/etc/init.d/openerp', use_sudo=True) setup_nginx() # Correct ownership and permissions sudo('chmod 755 /etc/init.d/openerp') sudo('chown root: /etc/init.d/openerp') # Since odoo user will run the application, change its ownership accordingly. sudo('chown -R openerp: /opt/openerp/') # We should set odoo user as the owner of log directory as well. #with settings(abort_exception=FabricException): # try: # sudo('mkdir /var/log/openerp') # except FabricException: # pass sudo('chown openerp:root /var/log/openerp') # Finally, we should protect the server configuration file changing # its ownership and permissions so no other non-root user can access it. # @todo this small part isn't working yet, try manual -./openerp-server -u all -d DATABASENAME # using odoo user with cd(env.remote_dir): #sudo('su odoo && ./openerp-server -u all -d %s' % env.db['name'], user=env.odoo_user) pass sudo('chown openerp: /etc/openerp/openerp-server.conf') sudo('chown root: /etc/nginx/sites-available/site.conf') sudo('chmod 640 /etc/openerp/openerp-server.conf') report() restart_services() print( green('Installation complete. Please visit http://<ip address>:8069')) autostart()