def install_mail_client(args):
"""
Installs a local postfix MTA which accepts email on localhost forwards
relays everything to mailrelay-server. Also installs mailx.
See line comments in install_mail_server
"""
if config.host(net.get_hostname()).has_command_re("install-postfix-server"):
app.print_verbose("This server will later install the postfix server, abort client installation.")
return
version_obj = version.Version("Install-postfix-client", SCRIPT_VERSION)
version_obj.check_executed()
# Install required packages
install.package("postfix")
# Set config file parameters
#
general.use_original_file("/etc/postfix/main.cf")
postfix_main_cf = scopen.scOpen("/etc/postfix/main.cf")
postfix_main_cf.replace(
"#myhostname = host.domain.tld",
"myhostname = {0}.{1}".format(get_hostname(), config.general.get_resolv_domain()),
) # monitor.syco.com
postfix_main_cf.replace(
"#mydomain = domain.tld", "mydomain = {0}".format(config.general.get_resolv_domain())
) # syco.com
postfix_main_cf.replace("#myorigin = $mydomain", "myorigin = $myhostname")
# Listen only on localhost
postfix_main_cf.replace("inet_interfaces = localhost", "inet_interfaces = localhost")
postfix_main_cf.replace("#mynetworks = 168.100.189.0/28, 127.0.0.0/8", "mynetworks = 127.0.0.1")
postfix_main_cf.replace(
"mydestination = $myhostname, localhost.$mydomain, localhost", "mydestination = $myhostname, localhost"
)
# Relay everything not for local machine to mailrelay.
postfix_main_cf.replace(
"#relay_domains = $mydestination", "relay_domains = {0}".format(config.general.get_resolv_domain())
)
postfix_main_cf.replace(
"#relayhost = $mydomain", "relayhost = [{0}]".format(config.general.get_mail_relay_domain_name())
)
postfix_main_cf.replace("#home_mailbox = Maildir/", "home_mailbox = Maildir/")
postfix_main_cf.replace("inet_protocols = all", "inet_protocols = ipv4")
# Install a simple mail CLI-tool
install_mailx()
# Tell iptables and nrpe that this server is configured as a mail-relay server.
iptables.add_mail_relay_chain()
iptables.save()
# Restart postfix
x("service postfix restart")
# Send test mail to the syco admin
send_test_mail((None, config.general.get_admin_email()))
def _install_glassfish():
'''
Installation of the glassfish application server.
'''
x("yum install zip -y")
if (not os.access(GLASSFISH_INSTALL_PATH + "/glassfish", os.F_OK)):
os.chdir(app.INSTALL_DIR)
if (not os.access(GLASSFISH_INSTALL_FILE, os.F_OK)):
general.download_file(GLASSFISH_REPO_URL, user="******")
# Set executeion permissions and run the installation.
if ".zip" in GLASSFISH_INSTALL_FILE:
install.package("unzip")
x("unzip " + GLASSFISH_INSTALL_FILE + " -d /usr/local/")
x("chown glassfish:glassfish -R "+GLASSFISH_INSTALL_PATH)
else:
raise Exception("Only installing zip version of glassfish")
# Install the start script
# It's possible to do this from glassfish with "asadmin create-service",
# but our own script is a little bit better. It creates startup log files
# and has a better "start user" functionality.
x(GLASSFISH_INSTALL_PATH+"/bin/asadmin create-service")
x("su glassfish " + GLASSFISH_INSTALL_PATH + "/bin/asadmin start-domain")
def _install_glassfish():
'''
Installation of the glassfish application server.
'''
x("yum install zip -y")
if (not os.access(GLASSFISH_INSTALL_PATH + "/glassfish", os.F_OK)):
os.chdir(app.INSTALL_DIR)
if (not os.access(GLASSFISH_INSTALL_FILE, os.F_OK)):
general.download_file(GLASSFISH_REPO_URL, user="******")
# Set executeion permissions and run the installation.
if ".zip" in GLASSFISH_INSTALL_FILE:
install.package("unzip")
x("unzip " + GLASSFISH_INSTALL_FILE + " -d /usr/local/")
x("chown glassfish:glassfish -R "+GLASSFISH_INSTALL_PATH)
else:
raise Exception("Only installing zip version of glassfish")
# Install the start script
# It's possible to do this from glassfish with "asadmin create-service",
# but our own script is a little bit better. It creates startup log files
# and has a better "start user" functionality.
x(GLASSFISH_INSTALL_PATH+"/bin/asadmin create-service")
x("su glassfish " + GLASSFISH_INSTALL_PATH + "/bin/asadmin start-domain")
def install_mail_server(args):
"""
Installs a postfix-based mail relay MTA that listens on the DMZ, and relays
towards the internet. Also possible to send from localhost. Also installs mailx.
"""
version_obj = version.Version("Install-postfix-server", SCRIPT_VERSION)
version_obj.check_executed()
app.print_verbose("Installing postfix-server version: {0}".format(SCRIPT_VERSION))
init_properties = PostFixProperties()
# Install required packages
install.package("postfix")
# Set config file parameters
#
general.use_original_file("/etc/postfix/main.cf")
postfix_main_cf = scopen.scOpen("/etc/postfix/main.cf")
# Hostname is full canonical name of machine.
postfix_main_cf.replace(
"#myhostname = host.domain.tld", "myhostname = {0}".format(config.general.get_mail_relay_domain_name())
) # mailrelay.syco.com
postfix_main_cf.replace(
"#mydomain = domain.tld", "mydomain = {0}".format(config.general.get_resolv_domain())
) # syco.com
postfix_main_cf.replace("#myorigin = $mydomain", "myorigin = $myhostname")
# Accept email from frontnet and backnet
postfix_main_cf.replace(
"inet_interfaces = localhost",
"inet_interfaces = 127.0.0.1,{0},{1}".format(init_properties.server_front_ip, init_properties.server_back_ip),
)
postfix_main_cf.replace(
"#mynetworks = 168.100.189.0/28, 127.0.0.0/8",
"mynetworks = {0}, {1}, 127.0.0.0/8".format(
init_properties.server_network_front, init_properties.server_network_back
),
)
# Do not relay anywhere special, i.e straight to internet.
postfix_main_cf.replace("#relay_domains = $mydestination", "relay_domains =")
postfix_main_cf.replace("#home_mailbox = Maildir/", "home_mailbox = Maildir/")
# Stop warning about IPv6.
postfix_main_cf.replace("inet_protocols = all", "inet_protocols = ipv4")
# Install a simple mail CLI-tool
install_mailx()
# Tell iptables and nrpe that this server is configured as a mail-relay server.
iptables.add_mail_relay_chain()
iptables.save()
x("service postfix restart")
# Send test mail to the syco admin
send_test_mail((None, config.general.get_admin_email()))
def build_client_certs(args):
install.package("zip")
os.chdir("/etc/openvpn/easy-rsa/keys")
general.set_config_property(
"/etc/cronjob", "01 * * * * root run-parts syco build_client_certs",
"01 * * * * root run-parts syco build_client_certs")
# Create client.conf
clientConf = "/etc/openvpn/easy-rsa/keys/client.conf"
x("cp " + app.SYCO_PATH + "/var/openvpn/client.conf %s" % clientConf)
scOpen(clientConf).replace('${OPENVPN.HOSTNAME}',
config.general.get_openvpn_hostname())
x("cp " + app.SYCO_PATH + "/doc/openvpn/install.txt .")
for user in os.listdir("/home"):
cert_already_installed = os.access(
"/home/" + user + "/openvpn_client_keys.zip", os.F_OK)
valid_file = "lost+found" not in user
if valid_file and not cert_already_installed:
os.chdir("/etc/openvpn/easy-rsa/")
general.set_config_property("/etc/openvpn/easy-rsa/vars",
'[\s]*export KEY_CN.*',
'export KEY_CN="' + user + '"')
general.set_config_property("/etc/openvpn/easy-rsa/vars",
'[\s]*export KEY_NAME.*',
'export KEY_NAME="' + user + '"')
general.set_config_property(
"/etc/openvpn/easy-rsa/build-key-pkcs12",
'.*export EASY_RSA.*',
'source ./vars;export EASY_RSA="${EASY_RSA:-.}"')
out = general.shell_exec(
"./build-key-pkcs12 --batch " + user,
cwd="/etc/openvpn/easy-rsa/",
events={
'(?i)Enter Export Password:'******'\n',
'(?i)Verifying - Enter Export Password:'******'\n'
})
app.print_verbose(out)
# Config client.crt
general.set_config_property(
"/etc/openvpn/easy-rsa/keys/client.conf", "^cert.*crt",
"cert " + user + ".crt")
general.set_config_property(
"/etc/openvpn/easy-rsa/keys/client.conf", "^key.*key",
"key " + user + ".key")
os.chdir("/etc/openvpn/easy-rsa/keys")
x("zip /home/" + user + "/openvpn_client_keys.zip ca.crt " + user +
".crt " + user + ".key " + user +
".p12 client.conf install.txt /etc/openvpn/ta.key")
# Set permission for the user who now owns the file.
os.chmod("/home/" + user + "/openvpn_client_keys.zip",
stat.S_IRUSR | stat.S_IRGRP)
general.shell_exec("chown " + user + ":users /home/" + user +
"/openvpn_client_keys.zip ")
def _install_packages():
'''
Install all required packages and repositories.
'''
install.atomic_repo()
install.package("sqlite")
install.package("openvas")
def _install_packages():
'''
Install all required packages and repositories.
'''
install.atomic_repo()
install.package("sqlite")
install.package("openvas")
def install_mail_server(args):
'''
Installs a postfix-based mail relay MTA that listens on the DMZ, and relays
towards the internet. Also possible to send from localhost. Also installs mailx.
'''
version_obj = version.Version("Install-postfix-server", SCRIPT_VERSION)
version_obj.check_executed()
app.print_verbose(
"Installing postfix-server version: {0}".format(SCRIPT_VERSION))
# Install required packages
install.package("postfix")
# Set config file parameters
#
general.use_original_file("/etc/postfix/main.cf")
postfix_main_cf = scopen.scOpen("/etc/postfix/main.cf")
# Hostname is full canonical name of machine.
postfix_main_cf.replace(
"#myhostname = host.domain.tld", "myhostname = {0}".format(
config.general.get_mail_relay_domain_name())) # mailrelay.syco.com
postfix_main_cf.replace("#mydomain = domain.tld", "mydomain = {0}".format(
config.general.get_resolv_domain())) # syco.com
postfix_main_cf.replace("#myorigin = $mydomain", "myorigin = $myhostname")
# Accept email from frontnet and backnet
postfix_main_cf.replace(
"inet_interfaces = localhost",
"inet_interfaces = 127.0.0.1,{0},{1}".format(server_front_ip,
server_back_ip))
postfix_main_cf.replace(
"#mynetworks = 168.100.189.0/28, 127.0.0.0/8",
"mynetworks = {0}, {1}, 127.0.0.0/8".format(server_front_network,
server_back_network))
# Do not relay anywhere special, i.e straight to internet.
postfix_main_cf.replace("#relay_domains = $mydestination",
"relay_domains =")
postfix_main_cf.replace("#home_mailbox = Maildir/",
"home_mailbox = Maildir/")
# Stop warning about IPv6.
postfix_main_cf.replace("inet_protocols = all", "inet_protocols = ipv4")
# Install a simple mail CLI-tool
install_mailx()
# Tell iptables and nrpe that this server is configured as a mail-relay server.
iptables.add_mail_relay_chain()
iptables.save()
x("service postfix restart")
# Send test mail to the syco admin
send_test_mail((None, config.general.get_admin_email()))
def _configure_selinux():
"""SELinux for redis is not configured correct in repo
TODO: This might be removable in future
"""
install.package("policycoreutils")
selinux.custom_module("%s/var/redis" % app.SYCO_PATH, "keepalived")
selinux.custom_module("%s/var/redis" % app.SYCO_PATH, "redis")
def _configure_selinux():
"""SELinux for redis is not configured correct in repo
TODO: This might be removable in future
"""
install.package("policycoreutils")
selinux.custom_module("%s/var/redis" % app.SYCO_PATH, "keepalived")
selinux.custom_module("%s/var/redis" % app.SYCO_PATH, "redis")
def install_backup(args):
# Get the master password in the beginning of the script.
# Is needed when installing the ssh key.
app.get_master_password()
install.rforge_repo()
install.package("rsnapshot")
_configure_rsnapshot()
_setup_cronjob()
_setup_backup_for_all_servers()
def _patch_bug_in_koan():
'''
Apply bug fix to koan, fixed in later koan version.
https://github.com/cobbler/cobbler/commit/0db6b7dd829cc0e9c86411390267fea927021b2f
'''
if "koan-2.2.3-2.el6.noarch" in x("rpm -q koan"):
install.package("patch")
x("patch -N /usr/lib/python2.6/site-packages/koan/virtinstall.py < %s/%s"
% (app.SYCO_VAR_PATH, "koan/virtinstall.py.patch"))
def install_backup(args):
# Get the master password in the beginning of the script.
# Is needed when installing the ssh key.
app.get_master_password()
install.rforge_repo()
install.package("rsnapshot")
_configure_rsnapshot()
_setup_cronjob()
_setup_backup_for_all_servers()
def _install_glassfish():
'''
Installation of the glassfish application server.
'''
if (not os.access(GLASSFISH_INSTALL_PATH + "/glassfish", os.F_OK)):
os.chdir(app.INSTALL_DIR)
if (not os.access(GLASSFISH_INSTALL_FILE, os.F_OK)):
general.download_file(GLASSFISH_REPO_URL, user="******")
# Create installation dir
if (not os.access(GLASSFISH_INSTALL_PATH, os.F_OK)):
x("mkdir -p " + GLASSFISH_INSTALL_PATH)
x("chmod 770 " + GLASSFISH_INSTALL_PATH)
x("chown 200:200 " + GLASSFISH_INSTALL_PATH)
# Set executeion permissions and run the installation.
if ".zip" in GLASSFISH_INSTALL_FILE:
install.package("unzip")
x("unzip " + GLASSFISH_INSTALL_FILE + " -d " +
GLASSFISH_INSTALL_PATH,
user="******")
x("mv " + GLASSFISH_INSTALL_PATH + "glassfish3/* " +
GLASSFISH_INSTALL_PATH,
user="******")
x("rm -rf " + GLASSFISH_INSTALL_PATH + "glassfish3",
user="******")
else:
raise Exception("Only installing zip version of glassfish")
# Install the start script
# It's possible to do this from glassfish with "asadmin create-service",
# but our own script is a little bit better. It creates startup log files
# and has a better "start user" functionality.
if (not os.access("/etc/init.d/" + GLASSFISH_VERSION, os.F_OK)):
x("cp " + app.SYCO_PATH + "var/glassfish/" + GLASSFISH_VERSION +
" /etc/init.d/" + GLASSFISH_VERSION)
x("chmod 0755 " + "/etc/init.d/" + GLASSFISH_VERSION)
x("/sbin/chkconfig --add " + GLASSFISH_VERSION)
x("/sbin/chkconfig --level 3 " + GLASSFISH_VERSION + " on")
scOpen("/etc/init.d/" + GLASSFISH_VERSION).replace(
"${MYSQL_PRIMARY}",
config.general.get_mysql_primary_master_ip())
scOpen("/etc/init.d/" + GLASSFISH_VERSION).replace(
"${MYSQL_SECONDARY}",
config.general.get_mysql_secondary_master_ip())
if (not os.access(GLASSFISH_DOMAINS_PATH + "domain1/config/domain.xml",
os.F_OK)):
raise Exception("Failed to install " + GLASSFISH_INSTALL_PATH)
if (not os.access("/etc/init.d/" + GLASSFISH_VERSION, os.F_OK)):
raise Exception("Failed to install /etc/init.d/" + GLASSFISH_VERSION)
def _patch_bug_in_koan():
'''
Apply bug fix to koan, fixed in later koan version.
https://github.com/cobbler/cobbler/commit/0db6b7dd829cc0e9c86411390267fea927021b2f
'''
if "koan-2.2.3-2.el6.noarch" in x("rpm -q koan") :
install.package("patch")
x(
"patch -N /usr/lib/python2.6/site-packages/koan/virtinstall.py < %s/%s" %
(app.SYCO_VAR_PATH, "koan/virtinstall.py.patch")
)
def install_mail_client(args):
"""
Installs a local postfix MTA which accepts email on localhost forwards
relays everything to mailrelay-server. Also installs mailx.
See line comments in install_mail_server
"""
if config.host(net.get_hostname()).has_command_re("install-postfix-server"):
app.print_verbose(
"This server will later install the postfix server, abort client installation."
)
return
version_obj = version.Version("Install-postfix-client", SCRIPT_VERSION)
version_obj.check_executed()
# Install required packages
install.package("postfix")
# Set config file parameters
#
general.use_original_file("/etc/postfix/main.cf")
postfix_main_cf = scopen.scOpen("/etc/postfix/main.cf")
postfix_main_cf.replace("#myhostname = host.domain.tld", "myhostname = {0}.{1}".format(get_hostname(), config.general.get_resolv_domain())) # monitor.syco.com
postfix_main_cf.replace("#mydomain = domain.tld", "mydomain = {0}".format(config.general.get_resolv_domain())) # syco.com
postfix_main_cf.replace("#myorigin = $mydomain", "myorigin = $myhostname")
# Listen only on localhost
postfix_main_cf.replace("inet_interfaces = localhost", "inet_interfaces = localhost")
postfix_main_cf.replace("#mynetworks = 168.100.189.0/28, 127.0.0.0/8", "mynetworks = 127.0.0.1")
postfix_main_cf.replace("mydestination = $myhostname, localhost.$mydomain, localhost", "mydestination = $myhostname, localhost")
# Relay everything not for local machine to mailrelay.
postfix_main_cf.replace("#relay_domains = $mydestination", "relay_domains = {0}".format(config.general.get_resolv_domain()))
postfix_main_cf.replace("#relayhost = $mydomain","relayhost = [{0}]".format(config.general.get_mail_relay_domain_name()))
postfix_main_cf.replace("#home_mailbox = Maildir/","home_mailbox = Maildir/")
postfix_main_cf.replace("inet_protocols = all","inet_protocols = ipv4")
# Install a simple mail CLI-tool
install_mailx()
# Tell iptables and nrpe that this server is configured as a mail-relay server.
iptables.add_mail_relay_chain()
iptables.save()
# Restart postfix
x("service postfix restart")
# Send test mail to the syco admin
send_test_mail((None, config.general.get_admin_email()))
def _install_custom_selinux_policy():
'''
Install customized SELinux policy for cobbler.
'''
install.package("policycoreutils")
te = app.SYCO_PATH + "/var/selinux/cobbler.te"
mod = "/tmp/cobbler.te"
pp = "/tmp/cobbler.te"
x("checkmodule -M -m -o %s %s" % (mod, te))
x("semodule_package -o %s -m %s" % (pp, mod))
x("semodule -i %s" % pp)
x("setsebool -P httpd_can_network_connect true")
def install_guests(args):
'''
'''
guest_hostnames = get_hosts_to_install(args)
install.epel_repo()
install.package("koan")
install.package("python-ethtool")
_patch_bug_in_koan()
# Wait to install guests until installation server is alive.
wait_for_installation_server_to_start()
guests = start_installation(guest_hostnames)
wait_for_installation_to_complete(guests)
def _install_glassfish():
'''
Installation of the glassfish application server.
'''
if (not os.access(GLASSFISH_INSTALL_PATH + "/glassfish", os.F_OK)):
os.chdir(app.INSTALL_DIR)
if (not os.access(GLASSFISH_INSTALL_FILE, os.F_OK)):
general.download_file(GLASSFISH_REPO_URL, user="******")
# Create installation dir
if (not os.access(GLASSFISH_INSTALL_PATH, os.F_OK)):
x("mkdir -p " + GLASSFISH_INSTALL_PATH)
x("chmod 770 " + GLASSFISH_INSTALL_PATH)
x("chown 200:200 " + GLASSFISH_INSTALL_PATH)
# Set executeion permissions and run the installation.
if ".zip" in GLASSFISH_INSTALL_FILE:
install.package("unzip")
x("unzip " + GLASSFISH_INSTALL_FILE + " -d " + GLASSFISH_INSTALL_PATH, user="******")
x("mv " + GLASSFISH_INSTALL_PATH + "glassfish3/* " + GLASSFISH_INSTALL_PATH, user="******")
x("rm -rf " + GLASSFISH_INSTALL_PATH + "glassfish3", user="******")
else:
raise Exception("Only installing zip version of glassfish")
# Install the start script
# It's possible to do this from glassfish with "asadmin create-service",
# but our own script is a little bit better. It creates startup log files
# and has a better "start user" functionality.
if (not os.access("/etc/init.d/" + GLASSFISH_VERSION, os.F_OK)):
x("cp " + app.SYCO_PATH + "var/glassfish/" + GLASSFISH_VERSION + " /etc/init.d/" + GLASSFISH_VERSION)
x("chmod 0755 " + "/etc/init.d/" + GLASSFISH_VERSION)
x("/sbin/chkconfig --add " + GLASSFISH_VERSION)
x("/sbin/chkconfig --level 3 " + GLASSFISH_VERSION + " on")
scOpen("/etc/init.d/" + GLASSFISH_VERSION).replace("${MYSQL_PRIMARY}", config.general.get_mysql_primary_master_ip())
scOpen("/etc/init.d/" + GLASSFISH_VERSION).replace("${MYSQL_SECONDARY}", config.general.get_mysql_secondary_master_ip())
if (not os.access(GLASSFISH_DOMAINS_PATH + "domain1/config/domain.xml", os.F_OK)):
raise Exception("Failed to install " + GLASSFISH_INSTALL_PATH)
if (not os.access("/etc/init.d/" + GLASSFISH_VERSION, os.F_OK)):
raise Exception("Failed to install /etc/init.d/" + GLASSFISH_VERSION)
def build_client_certs(args):
install.package("zip")
os.chdir("/etc/openvpn/easy-rsa/keys")
general.set_config_property("/etc/cronjob", "01 * * * * root run-parts syco build_client_certs", "01 * * * * root run-parts syco build_client_certs")
# Create client.conf
clientConf = "/etc/openvpn/easy-rsa/keys/client.conf"
x("cp " + app.SYCO_PATH + "/var/openvpn/client.conf %s" % clientConf)
x("echo auth-user-pass >> %s" % clientConf)
scOpen(clientConf).replace('${OPENVPN.HOSTNAME}', config.general.get_openvpn_hostname())
x("cp " + app.SYCO_PATH + "/doc/openvpn/install.txt .")
for user in os.listdir("/home"):
cert_already_installed=os.access("/home/" + user +"/openvpn_client_keys.zip", os.F_OK)
valid_file="lost+found" not in user
if valid_file and not cert_already_installed:
os.chdir("/etc/openvpn/easy-rsa/")
general.set_config_property("/etc/openvpn/easy-rsa/vars", '[\s]*export KEY_CN.*', 'export KEY_CN="' + user + '"')
general.set_config_property("/etc/openvpn/easy-rsa/vars", '[\s]*export KEY_NAME.*', 'export KEY_NAME="' + user + '"')
general.set_config_property("/etc/openvpn/easy-rsa/build-key-pkcs12", '.*export EASY_RSA.*', 'source ./vars;export EASY_RSA="${EASY_RSA:-.}"')
out = general.shell_exec("./build-key-pkcs12 --batch " + user,
cwd="/etc/openvpn/easy-rsa/",
events={'(?i)Enter Export Password:'******'\n', '(?i)Verifying - Enter Export Password:'******'\n'}
)
app.print_verbose(out)
# Config client.crt
general.set_config_property("/etc/openvpn/easy-rsa/keys/client.conf", "^cert.*crt", "cert " + user + ".crt")
general.set_config_property("/etc/openvpn/easy-rsa/keys/client.conf", "^key.*key", "key " + user + ".key")
general.set_config_property(
"/etc/openvpn/easy-rsa/keys/client.conf", "${OPENVPN.HOSTNAME}",
config.general.get_openvpn_hostname()
)
os.chdir("/etc/openvpn/easy-rsa/keys")
x("zip /home/" + user +"/openvpn_client_keys.zip ca.crt " + user + ".crt " + user + ".key " + user + ".p12 client.conf install.txt")
# Set permission for the user who now owns the file.
os.chmod("/home/" + user +"/openvpn_client_keys.zip", stat.S_IRUSR | stat.S_IRGRP)
general.shell_exec("chown " + user + ":users /home/" + user +"/openvpn_client_keys.zip ")
def _setup_network_interfaces():
"""
Setup bonded network interfaces and bridges.
Read more.
http://serverfault.com/questions/316623/what-is-the-correct-way-to-setup-a-bonded-bridge-on-centos-6-for-kvm-guests
http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge
http://www.cyberciti.biz/faq/rhel-linux-kvm-virtualization-bridged-networking-with-libvirt/
http://www.linux-kvm.org/page/HOWTO_BONDING
https://fedorahosted.org/cobbler/wiki/VirtNetworkingSetupForUseWithKoan
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt.html
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sec-Using_Channel_Bonding.html
"""
# Remove the virbr0, "NAT-interface".
# http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/chap-Virtualization-Network_Configuration.html
x("virsh net-destroy default")
x("virsh net-undefine default")
x("service libvirtd restart")
# Install network bridge
install.package("bridge-utils")
general.set_config_property2("/etc/modprobe.d/syco.conf",
"alias bond0 bonding")
num_of_if = net.num_of_eth_interfaces()
front_gw = config.general.get_front_gateway_ip()
front_resolver = config.general.get_front_resolver_ip()
front_netmask = config.general.get_front_netmask()
front_ip = config.host(net.get_hostname()).get_front_ip()
back_gw = config.general.get_back_gateway_ip()
back_resolver = config.general.get_back_resolver_ip()
back_netmask = config.general.get_back_netmask()
back_ip = config.host(net.get_hostname()).get_back_ip()
if (num_of_if >= 4):
# Setup back-net
_setup_bridge("br0", back_ip, back_netmask, back_gw, back_resolver)
_setup_bond("bond0", "br0")
_setup_eth("eth0", "bond0")
_setup_eth("eth1", "bond0")
# _setup front-net
_setup_bridge("br1", front_ip, front_netmask, front_gw, front_resolver)
_setup_bond("bond1", "br1")
_setup_eth("eth2", "bond1")
_setup_eth("eth3", "bond1")
elif (num_of_if == 2):
# Setup back-net
_setup_bridge("br0", back_ip, back_netmask, back_gw, back_resolver)
_setup_bond("bond0", "br0")
_setup_eth("eth0", "bond0")
# _setup front-net
_setup_bridge("br1", front_ip, front_netmask, front_gw, front_resolver)
_setup_bond("bond1", "br1")
_setup_eth("eth1", "bond1")
else:
app.print_error("To few network interfaces: " + str(num_of_if))
_abort_kvm_host_installation()
from constant import *
# Need to be after all constants.
import options
options = options.Options()
import config
config.load(SYCO_ETC_PATH, SYCO_USR_PATH)
import install
# Syco uses packages from the EPEL repo.
# install.epel_repo()
# Required yum package.
install.package("gnupg2")
install.package("python-crypto")
# Include all password functions in app namespace.
from password import *
def print_error(message, verbose_level=1):
'''
Print bold error text to stdout, affected by the verbolse level.
All error print to screen done by syco should be done with this.
'''
print_verbose(message, verbose_level=verbose_level, caption=BOLD + "Error: " + RESET)
def print_verbose(message, verbose_level=1, caption=None, new_line=True, enable_caption=True):
__version__ = "1.0.0"
__status__ = "Production"
from constant import *
# Need to be after all constants.
import options
options = options.Options()
import config
config.load(SYCO_ETC_PATH, SYCO_USR_PATH)
import install
# Required yum package.
install.package("gnupg2")
install.package("python-crypto")
# Include all password functions in app namespace.
from password import *
def get_syco_plugin_paths(subfolder=None):
"""
Generator of full path to all syco plugins folders containing a specific sub folder
or the root paths all plugins if no subfolder is specified
subfolder -- Path starting with leading / relative to syco's plugin dir (/usr)
"""
if os.access(SYCO_USR_PATH, os.F_OK):
def net_setup_bond_br(args):
"""
Setup bonded network interfaces and bridges.
This must work together with a virtual host using KVM.
Read more.
http://serverfault.com/questions/316623/what-is-the-correct-way-to-setup-a-bonded-bridge-on-centos-6-for-kvm-guests
http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge
http://www.cyberciti.biz/faq/rhel-linux-kvm-virtualization-bridged-networking-with-libvirt/
http://www.linux-kvm.org/page/HOWTO_BONDING
https://fedorahosted.org/cobbler/wiki/VirtNetworkingSetupForUseWithKoan
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt.html
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sec-Using_Channel_Bonding.html
"""
app.print_verbose("Install bonded bridges host version: %d" % SCRIPT_VERSION)
version_obj = version.Version("NetSetupBondBr", SCRIPT_VERSION)
version_obj.check_executed()
#
app.print_verbose(
"Install yum package with all tools that is required to setup bridges."
)
install.package("bridge-utils")
#
print_verbose(
"Setup modprobe alias for bonding, don't know exactly why we need to " +
"do that. Maybe because the ifcfg files referars to bond0 instead of " +
"bonding, or because it loads the module bonding at the same time as " +
"the alias is created."
)
sycoConf = scOpen("/etc/modprobe.d/syco.conf")
sycoConf.remove("alias bond.*")
sycoConf.add("alias bond0 bonding")
# Get all parameters from syco config.
num_of_if = net.num_of_eth_interfaces()
front_ip = config.host(net.get_hostname()).get_front_ip()
front_netmask = config.general.get_front_netmask()
front_gw = config.general.get_front_gateway_ip()
front_resolver = config.general.get_front_resolver_ip()
back_ip = config.host(net.get_hostname()).get_back_ip()
back_netmask = config.general.get_back_netmask()
back_gw = config.general.get_back_gateway_ip()
back_resolver = config.general.get_back_resolver_ip()
if (num_of_if >= 4):
app.print_verbose(
"{0} network interfaces was found, and 2 eth interfaces per bond " +
"will be configured."
)
# Setup back-net
setup_bridge("br0", back_ip, back_netmask, back_gw, back_resolver)
setup_bond("bond0", "br0")
setup_eth("eth0", "bond0")
setup_eth("eth1", "bond0")
# _setup front-net
setup_bridge("br1", front_ip, front_netmask, front_gw, front_resolver)
setup_bond("bond1", "br1")
setup_eth("eth2", "bond1")
setup_eth("eth3", "bond1")
elif (num_of_if == 2):
app.print_verbose(
"2 network interfaces was found, and 1 eth interfaces per bond " +
"will be configured. There is no point in bonding in this case, " +
"except that we have the same kind of configuration on all hosts. "
)
# Setup back-net
setup_bridge("br0", back_ip, back_netmask, back_gw, back_resolver)
setup_bond("bond0", "br0")
setup_eth("eth0", "bond0")
# _setup front-net
setup_bridge("br1", front_ip, front_netmask, front_gw, front_resolver)
setup_bond("bond1", "br1")
setup_eth("eth1", "bond1")
else:
app.print_error("To few network interfaces: " + str(num_of_if))
raise Exception("To few network interfaces: " + str(num_of_if))
#
app.print_verbose(
"Restart the network service so all changes will be applied."
)
x("service network restart")
#
version_obj.mark_executed()
def install_mailx():
'''
Installs mailx for classic "mail -s "subject" destemail" from terminal.
'''
install.package("mailx")
def install_kvmhost(args):
'''
The actual installation of the kvm host.
'''
app.print_verbose("Install kvm host version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallKvmHost", SCRIPT_VERSION)
version_obj.check_executed()
if (not general.grep("/proc/cpuinfo", "vmx|svm")):
app.print_error("CPU doesn't support virtualization.")
_abort_kvm_host_installation()
if (not general.grep("/proc/cpuinfo", "constant_tsc")):
app.print_error("CPU doesn't have a constant Time Stamp Counter.")
_abort_kvm_host_installation()
# Install the kvm packages
install.package("qemu-kvm")
install.package("libvirt")
install.package("libguestfs-tools")
install.package("avahi")
# Provides the virt-install command for creating virtual machines.
install.package("python-virtinst")
# Before libvirtd starts, create a snapshot partion for qemu.
_create_kvm_snapshot_partition()
# Start services libvirtd depends on.
x("service messagebus restart")
x("service avahi-daemon start")
x("chkconfig avahi-daemon on")
# Start virsh
x("service libvirtd start")
_enable_ksm()
# Looks like we need to wait for the libvirtd to start, otherwise
# the virsh nodeinfo below doesn't work.
time.sleep(1)
# Set selinux
x("setenforce 1")
# Is virsh started?
result = x("virsh nodeinfo")
if "CPU model:" not in result:
app.print_error("virsh not installed.")
_abort_kvm_host_installation()
result = x("virsh -c qemu:///system list")
if "Id" not in result and "Name" not in result:
app.print_error("virsh not installed.")
_abort_kvm_host_installation()
_remove_kvm_virt_networking()
iptables.add_kvm_chain()
iptables.save()
_libvirt_init_config()
version_obj.mark_executed()
# Set selinux
x("reboot")
# Wait for the reboot to be executed, so the script
# doesn't proceed to next command in install.cfg
time.sleep(1000)
def net_setup_bond_br(args):
"""
Setup bonded network interfaces and bridges.
This must work together with a virtual host using KVM.
Read more.
http://serverfault.com/questions/316623/what-is-the-correct-way-to-setup-a-bonded-bridge-on-centos-6-for-kvm-guests
http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge
http://www.cyberciti.biz/faq/rhel-linux-kvm-virtualization-bridged-networking-with-libvirt/
http://www.linux-kvm.org/page/HOWTO_BONDING
https://fedorahosted.org/cobbler/wiki/VirtNetworkingSetupForUseWithKoan
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt.html
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sec-Using_Channel_Bonding.html
"""
app.print_verbose("Install bonded bridges host version: %d" % SCRIPT_VERSION)
version_obj = version.Version("NetSetupBondBr", SCRIPT_VERSION)
version_obj.check_executed()
#
app.print_verbose(
"Install yum package with all tools that is required to setup bridges."
)
install.package("bridge-utils")
#
print_verbose(
"Setup modprobe alias for bonding, don't know exactly why we need to " +
"do that. Maybe because the ifcfg files referars to bond0 instead of " +
"bonding, or because it loads the module bonding at the same time as " +
"the alias is created."
)
sycoConf = scOpen("/etc/modprobe.d/syco.conf")
sycoConf.remove("alias bond.*")
sycoConf.add("alias bond0 bonding")
# Get all parameters from syco config.
# Check if interfaces are defined, otherwise fall back to autodetecting
front_interfaces = config.host(net.get_hostname()).get_front_interfaces()
back_interfaces = config.host(net.get_hostname()).get_back_interfaces()
num_of_if = len(front_interfaces) + len(back_interfaces)
if num_of_if == 0:
# Autodetect
num_of_if = net.num_of_eth_interfaces()
front_ip = config.host(net.get_hostname()).get_front_ip()
front_netmask = config.general.get_front_netmask()
front_gw = config.general.get_front_gateway_ip()
front_resolver = config.general.get_front_resolver_ip()
net_count = 1
if config.general.is_back_enabled():
back_ip = config.host(net.get_hostname()).get_back_ip()
back_netmask = config.general.get_back_netmask()
back_gw = config.general.get_back_gateway_ip()
back_resolver = config.general.get_back_resolver_ip()
net_count += 1
eth_count = 0;
if len(front_interfaces) < 1:
# Use default eth interfaces
# Also, if you don't specify front net interfaces, you may not specify back net interfaces.
if_per_net_count = int(math.floor(num_of_if / net_count))
if net_count > 1:
back_interfaces = []
for i in range(if_per_net_count):
back_interfaces.append("eth" + str(eth_count))
eth_count += 1
front_interfaces = []
for i in range(if_per_net_count):
front_interfaces.append("eth" + str(eth_count))
eth_count += 1
app.print_verbose("Configuring front net bond bond1 with interfaces: {0}".format(front_interfaces))
setup_bridge("br1", front_ip, front_netmask, front_gw, front_resolver)
setup_bond("bond1", "br1")
for front_interface in front_interfaces:
setup_eth(front_interface, "bond1")
if net_count == 2:
app.print_verbose("Found back-net configuration, configuring second bond bond0 with interfaces: {0}".format(back_interfaces))
setup_bridge("br0", back_ip, back_netmask, back_gw, back_resolver)
setup_bond("bond0", "br0")
for back_interface in back_interfaces:
setup_eth(back_interface, "bond0")
#
app.print_verbose(
"Restart the network service so all changes will be applied."
)
x("service network restart")
x("echo \"nameserver 8.8.8.8\" > /etc/resolv.conf")
#
version_obj.mark_executed()
def install_mailx():
'''
Installs mailx for classic "mail -s "subject" destemail" from terminal.
'''
install.package("mailx")
def install_kvmhost(args):
"""
The actual installation of the kvm host.
"""
app.print_verbose("Install kvm host version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallKvmHost", SCRIPT_VERSION)
version_obj.check_executed()
if not general.grep("/proc/cpuinfo", "vmx|svm"):
app.print_error("CPU don't support virtualization.")
_abort_kvm_host_installation()
if not general.grep("/proc/cpuinfo", "constant_tsc"):
app.print_error("CPU don't have a constant Time Stamp Counter.")
_abort_kvm_host_installation()
# Install the kvm packages
install.package("qemu-kvm")
install.package("libvirt")
install.package("libguestfs-tools")
install.package("avahi")
# Provides the virt-install command for creating virtual machines.
install.package("python-virtinst")
# Before libvirtd starts, create a snapshot partion for qemu.
_create_kvm_snapshot_partition()
# Start services libvirtd depends on.
x("service messagebus restart")
x("service avahi-daemon start")
x("chkconfig avahi-daemon on")
# Start virsh
x("service libvirtd start")
_enable_ksm()
# Looks like we need to wait for the libvirtd to start, otherwise
# the virsh nodeinfo below doesn't work.
time.sleep(1)
# Set selinux
x("setenforce 1")
# Is virsh started?
result = x("virsh nodeinfo")
if "CPU model:" not in result:
app.print_error("virsh not installed.")
_abort_kvm_host_installation()
result = x("virsh -c qemu:///system list")
if "Id" not in result and "Name" not in result:
app.print_error("virsh not installed.")
_abort_kvm_host_installation()
_remove_kvm_virt_networking()
iptables.add_kvm_chain()
iptables.save()
version_obj.mark_executed()
# Set selinux
x("reboot")
# Wait for the reboot to be executed, so the script
# doesn't proceed to next command in install.cfg
time.sleep(1000)
'''
__author__ = "*****@*****.**"
__copyright__ = "Copyright 2011, The System Console project"
__maintainer__ = "Daniel Lindh"
__email__ = "*****@*****.**"
__credits__ = ["???"]
__license__ = "???"
__version__ = "1.0.0"
__status__ = "Production"
import subprocess, time
import app, install
install.package("pexpect")
import pexpect
import pxssh
class spawn(pexpect.spawn):
# What verbose level should be used with print_verbose
verbose_level = 2
def enable_output(self):
self.verbose_level = 2
def disable_output(self):
self.verbose_level = 10
def net_setup_bond_br(args):
"""
Setup bonded network interfaces and bridges.
This must work together with a virtual host using KVM.
Read more.
http://serverfault.com/questions/316623/what-is-the-correct-way-to-setup-a-bonded-bridge-on-centos-6-for-kvm-guests
http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge
http://www.cyberciti.biz/faq/rhel-linux-kvm-virtualization-bridged-networking-with-libvirt/
http://www.linux-kvm.org/page/HOWTO_BONDING
https://fedorahosted.org/cobbler/wiki/VirtNetworkingSetupForUseWithKoan
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt.html
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sec-Using_Channel_Bonding.html
"""
app.print_verbose("Install bonded bridges host version: %d" %
SCRIPT_VERSION)
version_obj = version.Version("NetSetupBondBr", SCRIPT_VERSION)
version_obj.check_executed()
#
app.print_verbose(
"Install yum package with all tools that is required to setup bridges."
)
install.package("bridge-utils")
#
print_verbose(
"Setup modprobe alias for bonding, don't know exactly why we need to "
+
"do that. Maybe because the ifcfg files referars to bond0 instead of "
+
"bonding, or because it loads the module bonding at the same time as "
+ "the alias is created.")
sycoConf = scOpen("/etc/modprobe.d/syco.conf")
sycoConf.remove("alias bond.*")
sycoConf.add("alias bond0 bonding")
# Get all parameters from syco config.
# Check if interfaces are defined, otherwise fall back to autodetecting
front_interfaces = config.host(net.get_hostname()).get_front_interfaces()
back_interfaces = config.host(net.get_hostname()).get_back_interfaces()
num_of_if = len(front_interfaces) + len(back_interfaces)
if num_of_if == 0:
# Autodetect
num_of_if = net.num_of_eth_interfaces()
front_ip = config.host(net.get_hostname()).get_front_ip()
front_netmask = config.general.get_front_netmask()
front_gw = config.general.get_front_gateway_ip()
front_resolver = config.general.get_front_resolver_ip()
net_count = 1
if config.general.is_back_enabled():
back_ip = config.host(net.get_hostname()).get_back_ip()
back_netmask = config.general.get_back_netmask()
back_gw = config.general.get_back_gateway_ip()
back_resolver = config.general.get_back_resolver_ip()
net_count += 1
eth_count = 0
if len(front_interfaces) < 1:
# Use default eth interfaces
# Also, if you don't specify front net interfaces, you may not specify back net interfaces.
if_per_net_count = int(math.floor(num_of_if / net_count))
if net_count > 1:
back_interfaces = []
for i in range(if_per_net_count):
back_interfaces.append("eth" + str(eth_count))
eth_count += 1
front_interfaces = []
for i in range(if_per_net_count):
front_interfaces.append("eth" + str(eth_count))
eth_count += 1
app.print_verbose(
"Configuring front net bond bond1 with interfaces: {0}".format(
front_interfaces))
setup_bridge("br1", front_ip, front_netmask, front_gw, front_resolver)
setup_bond("bond1", "br1")
for front_interface in front_interfaces:
setup_eth(front_interface, "bond1")
if net_count == 2:
app.print_verbose(
"Found back-net configuration, configuring second bond bond0 with interfaces: {0}"
.format(back_interfaces))
setup_bridge("br0", back_ip, back_netmask, back_gw, back_resolver)
setup_bond("bond0", "br0")
for back_interface in back_interfaces:
setup_eth(back_interface, "bond0")
#
app.print_verbose(
"Restart the network service so all changes will be applied.")
x("service network restart")
x("echo \"nameserver 8.8.8.8\" > /etc/resolv.conf")
#
version_obj.mark_executed()
