def bootstrap():
"""
Prepare the machine to be able to correctly install, configure and execute
twisted services.
"""
package.install(['sudo'])
# Each service specific system user shall be added to the 'service' group
sudo('/usr/sbin/groupadd -f --system service')
# pypy is installed with a tarball downloaded with wget.
package.install(['wget'])
# libssl-dev is needed for installing pyOpenSSL for PyPy.
package.install(['libssl-dev'])
package.install(['python2.7', 'python2.7-dev'])
# gcc is needed for 'pip install'
package.install(['gcc', 'python-pip'])
# For trac
package.install(['python-subversion', 'enscript'])
# For equivs
package.install(['equivs'])
# For buildbot/codespeed
package.install(['sqlite3'])
# Development and deployment
package.install(['python-virtualenv'])
package.install(['python-twisted', 'python-openssl'])
pypy.install()
authbind.install()
git.install()
bazaar.install()
postgres.install()
sshConfig()
def bootstrap():
"""
Prepare the machine to be able to correctly install, configure and execute
twisted services.
"""
sudo('apt-get update')
package.install(['sudo'])
# Each service specific system user shall be added to the 'service' group
sudo('/usr/sbin/groupadd -f --system service')
# pypy is installed with a tarball downloaded with wget.
package.install(['wget'])
# libssl-dev is needed for installing pyOpenSSL for PyPy.
package.install(['libssl-dev', 'libffi-dev'])
package.install(['python2.7', 'python2.7-dev', 'python-virtualenv'])
# gcc and svn is needed for 'pip install'
package.install(['gcc', 'subversion'])
# For trac
package.install(['enscript', 'python-subversion'])
# For equivs
package.install(['equivs'])
# For buildbot/codespeed
package.install(['sqlite3'])
pypy.install()
authbind.install()
git.install()
bazaar.install()
postgres.install()
sshConfig()
def uploadKeys(user, keys):
"""
Uplaod a list of keys to a user's autorized_keys file.
"""
sudo('/bin/mkdir -p ~{}/.ssh'.format(user))
files.append('~{}/.ssh/authorized_keys'.format(user), keys, use_sudo=True)
sudo('chown {0} ~{0}/.ssh ~{0}/.ssh/authorized_keys'.format(user))
def createService(username, base='/srv', groups=['service']):
"""
Create a service user.
"""
if fails('/usr/bin/id {}'.format(username)):
if distroFamily() in ['debian', 'fedora']:
if groups:
groupOpt = '--group ' + ','.join(groups)
else:
groupOpt = ''
if base is not None:
baseOpt = '--base-dir {}'.format(base)
else:
baseOpt = ''
sudo('/usr/sbin/useradd {} {} --user-group '
'--create-home --system --shell /bin/bash '
'{}'.format(baseOpt, groupOpt, username))
elif distroFamily() == 'freebsd':
if groups:
abort("Groups not supported")
if base:
abort("Basedir not supported")
return sudo(
'/usr/sbin/pw useradd -m -s /usr/local/bin/bash -h - -n {}'.
format(username))
else:
abort('Unknown distro')
def uploadKeys(user, keys):
"""
Uplaod a list of keys to a user's autorized_keys file.
"""
sudo('/bin/mkdir -p ~{}/.ssh'.format(user))
files.append('~{}/.ssh/authorized_keys'.format(user), keys, use_sudo=True)
sudo('/bin/chown {0} ~{0}/.ssh ~{0}/.ssh/authorized_keys'.format(user))
def createService(username, base='/srv', groups=['service']):
"""
Create a service user.
"""
if fails('/usr/bin/id {}'.format(username)):
if distroFamily() in ['debian', 'fedora']:
if groups:
groupOpt = '--group ' + ','.join(groups)
else:
groupOpt = ''
if base is not None:
baseOpt = '--base-dir {}'.format(base)
else:
baseOpt = ''
sudo('/usr/sbin/useradd {} {} --user-group '
'--create-home --system --shell /bin/bash '
'{}'.format(baseOpt, groupOpt, username))
elif distroFamily() == 'freebsd':
if groups:
abort("Groups not supported")
if base:
abort("Basedir not supported")
return sudo('/usr/sbin/pw useradd -m -s /usr/local/bin/bash -h - -n {}'.format(username))
else:
abort('Unknown distro')
def install(packages):
"""
Install a list of packages.
"""
if distroFamily() == 'debian':
sudo('/usr/bin/apt-get --yes --quiet install {}'.format(" ".join(packages)))
elif distroFamily() == 'fedora':
sudo('/usr/bin/yum install -y {}'.format(" ".join(packages)))
else:
abort('Unknown distro.')
def update():
"""
Update package list.
"""
if distroFamily() == 'debian':
sudo('/usr/bin/apt-get update')
elif distroFamily() == 'fedora':
# Automatic
pass
else:
abort('Unknown distro.')
def update():
"""
Update package list.
"""
if distroFamily() == 'debian':
sudo('/usr/bin/apt-get update')
elif distroFamily() == 'fedora':
# Automatic
pass
elif distroFamily() == 'freebsd':
sudo('/usr/sbin/pkg update')
else:
abort('Unknown distro.')
def createService(username, base='/srv', groups=['service']):
"""
Create a service user.
"""
if fails('/usr/bin/id {}'.format(username)):
if groups:
groupOpt = '--group ' + ','.join(groups)
else:
groupOpt = ''
if base is not None:
baseOpt = '--base-dir {}'.format(base)
else:
baseOpt = ''
sudo('/usr/sbin/useradd {} {} --user-group '
'--create-home --system --shell /bin/bash '
'{}'.format(baseOpt, groupOpt, username))
def sshConfig():
"""
Install ssh config that allows anyone who can login as root
to login as any service.
"""
configFile = FilePath(__file__).sibling('sshd_config')
put(configFile.path, '/etc/ssh/sshd_config', use_sudo=True)
sudo('/bin/chgrp service /root/.ssh/authorized_keys')
sudo('/bin/chmod go+X /root /root/.ssh')
sudo('/bin/chmod g+r /root/.ssh/authorized_keys')
service.restart('ssh')
def sshConfig():
"""
Install ssh config that allows anyone who can login as root
to login as any service.
"""
configFile = FilePath(__file__).sibling('sshd_config')
put(configFile.path, '/etc/ssh/sshd_config', use_sudo=True)
sudo('/bin/chgrp service /root/.ssh/authorized_keys')
sudo('/bin/chmod go+X /root /root/.ssh')
sudo('/bin/chmod g+r /root/.ssh/authorized_keys')
service.restart('ssh')
def install(packages):
"""
Install a list of packages.
"""
if distroFamily() == 'debian':
sudo('/usr/bin/apt-get --yes --quiet install {}'.format(
" ".join(packages)))
elif distroFamily() == 'fedora':
sudo('/usr/bin/yum install -y {}'.format(" ".join(packages)))
elif distroFamily() == 'freebsd':
sudo('/usr/sbin/pkg install -y {}'.format(" ".join(packages)))
else:
abort('Unknown distro.')
def create(username, homeBase='/home'):
"""
Creates a new user for everyday use.
"""
return sudo('/usr/sbin/useradd --base-dir {} --user-group --create-home '
'--shell /bin/bash {}'.format(homeBase, username))
def create(username, homeBase='/home'):
"""
Creates a new user for everyday use.
"""
return sudo('/usr/sbin/useradd --base-dir {} --user-group --create-home '
'--shell /bin/bash {}'.format(homeBase, username))
def task_tapdevice(self):
"""
Create tap devices for tests.
"""
self.setUser()
name = "twtest"
# A tap device without protocol information
sudo('ip tuntap add dev tap-{} mode tap user buildslave'.format(name))
sudo('ip link set up dev tap-{}'.format(name))
sudo('ip addr add 172.16.0.1/24 dev tap-{}'.format(name))
sudo('ip neigh add 172.16.0.2 lladdr de:ad:be:ef:ca:fe dev tap-{}'.format(name))
sudo('iptables -I INPUT --dest 172.16.0.1 -j ACCEPT')
# A tap device with protocol information
sudo('ip tuntap add dev tap-{}-pi mode tap user buildslave'.format(name))
sudo('ip link set up dev tap-{}-pi'.format(name))
sudo('ip addr add 172.16.1.1/24 dev tap-{}-pi'.format(name))
sudo('ip neigh add 172.16.1.2 lladdr de:ad:ca:fe:be:ef dev tap-{}-pi'.format(name))
sudo('iptables -I INPUT --dest 172.16.1.1 -j ACCEPT')
# A tun device without protocol information
sudo('ip tuntap add dev tun-{} mode tun user buildslave'.format(name))
sudo('ip link set up dev tun-{}'.format(name))
# A tun device with protocol information
sudo('ip tuntap add dev tun-{}-pi mode tun user buildslave'.format(name))
sudo('ip link set up dev tun-{}-pi'.format(name))
def task_iptables(self):
"""
Run iptables.
"""
self.setUser()
sudo('iptables -I INPUT --dest 224.0.0.0/4 -j ACCEPT')