def setup(self, cds_list, proxy_list, master_hostname): logger.info("Setting up RHUA instance " + self.hostname) capassword = ''.join(random.choice(string.ascii_lowercase) for x in range(10)) RHUI_Instance.setup(self) self.ephemeral_mount("/var/lib/pulp") logger.debug("Running /mnt/install_RHUA.sh") self.run_sync("cd /mnt && ./install_RHUA.sh", True) self.run_sync("chown apache.apache /var/lib/pulp", True) self.run_sync("mkdir /etc/rhui/pem ||:", True) self.run_sync("mkdir /etc/rhui/confrpm ||:", True) # Creating CA logger.debug("Creating CA") self.run_sync("echo " + capassword + " > /etc/rhui/pem/ca.pwd", True) self.run_sync("echo 10 > /etc/rhui/pem/ca.srl", True) self.run_sync("openssl req -new -x509 -extensions v3_ca -keyout /etc/rhui/pem/ca.key -subj \"/C=US/ST=NC/L=Raleigh/CN=" + self.hostname + " CA\" -out /etc/rhui/pem/ca.crt -days 365 -passout \"pass:"******"\"", True) # Creating answers logger.debug("Creating answers file") proxy_host = None if proxy_list != []: proxy_host = proxy_list[0].hostname Util.generate_answers(RS, version="1.0", generate_certs=True, proxy_host=proxy_host, proxy_port="3128", proxy_user="******", proxy_password=self.proxy_password, capassword=capassword) logger.debug("Running rhui-installer") self.run_sync("rhui-installer /etc/rhui/answers", True) for server in [self] + cds_list: #Setting conf RPM names rpmname = self.run_sync("ls -1 /etc/rhui/confrpm/" + server.hostname + "-" + self.version + "-*.rpm | head -1") server.set_confrpm_name(rpmname) # Installing coverage if args.coverage: self.install_coverage(master_hostname) # Installing RHUA logger.debug("Installing RHUI conf rpm") self.run_sync("rpm -e " + self.hostname) self.run_sync("rpm -i " + self.confrpm, True) if proxy_list != []: # Preventing access without proxy self.run_sync("iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 443 -j ACCEPT", True) for server in [self] + cds_list: # Allowing to connect to all CDSes and RHUA itself self.run_sync("iptables -A OUTPUT -d " + server.public_ip + " -j ACCEPT", True) self.run_sync("iptables -A OUTPUT -d " + server.private_ip + " -j ACCEPT", True) self.run_sync("iptables -A OUTPUT -p tcp --dport 443 -j REJECT", True) self.run_sync("service iptables save", True) logger.info("RHUA " + self.hostname + " setup finished")