def _init():
cuisine.select_package('apt')
cuisine.select_hash('openssl')
_setup_users()
_setup_repositories()
_setup_kataribe()
def setup_packages():
cuisine.select_package('apt')
puts(green('Installing Ubuntu packages'))
with cuisine.mode_sudo():
cuisine.package_update()
cuisine.package_upgrade()
cuisine.package_ensure([
"aptitude",
"build-essential",
"curl",
"git",
"guake",
"haskell-platform",
"htop",
"ibux-mozc",
"libclang-dev",
'libncursesw5-dev',
"libssl-dev",
"paco",
"python3-dev",
"tmux",
"tree",
"wget",
"zip",
"zsh",
])
def sudo_ensure():
"""Ensure the 'sudo' command is installed"""
select_package("apt")
with mode_user():
# The below works but is too slow
#run("apt-get update")
#run("apt-get install sudo")
package_ensure(["sudo"]) # No idea why this didn't work
def sudo_ensure():
"""Ensure the 'sudo' command is installed"""
select_package("apt")
with mode_user():
# The below works but is too slow
# run("apt-get update")
# run("apt-get install sudo")
package_ensure(["sudo"]) # No idea why this didn't work
def set_pkg_os():
'''
Set the OS for cuisine to do packaging
'''
family = distro_family()
if family == 'debian':
select_package("apt")
elif family == 'redhat':
select_package("yum")
def package_installed(package):
"""
Ensure that a package named `package` is installed.
:param package: *required* str; the name of the package
Wraps cuisine.package_ensure() + select_package(option='yum')
"""
cuisine.select_package(option='yum')
cuisine.package_ensure(package)
def _dovecot(database_password):
select_package("apt")
package_ensure(["dovecot-imapd", "dovecot-lmtpd", "dovecot-pgsql", "dovecot-sieve", "dovecot-managesieved"]) # On debian will automatically be enabled
crypto.put_cert('config/certs/imap.za3k.com.pem')
crypto.put_key('config/keys/imap.za3k.com.key')
put('config/dovecot/dovecot.conf', '/etc/dovecot/dovecot.conf', mode='644')
put('config/dovecot/dovecot-sql.conf', '/etc/dovecot/dovecot-sql.conf', mode='600')
_replace('/etc/dovecot/dovecot-sql.conf', 'DOVECOT_DATABASE_PASSWORD', database_password)
dir_ensure("/etc/dovecot/sieve.d")
run("chown vmail:vmail /etc/dovecot/sieve.d")
def ensure_fcgiwrap(children=4):
select_package("apt")
package_ensure(["fcgiwrap"]) # On debian will automatically be enabled
# fcgi can't run status script because its default user (www-data) has no login shell--not sure why exactly but work around it by making a new user
user_ensure('fcgiwrap')
group_ensure('fcgiwrap')
group_user_ensure('fcgiwrap', 'fcgiwrap')
sudo('sed -i "s/www-data/fcgiwrap/" /lib/systemd/system/fcgiwrap.service')
sudo('echo "FCGI_CHILDREN={}" > /etc/default/fcgiwrap'.format(children))
sudo('systemctl daemon-reload')
sudo('/etc/init.d/fcgiwrap restart')
def ensure():
"""Ensure nginx is installed"""
select_package("apt")
already_installed = package_ensure(["nginx"]) # On debian will automatically be enabled
ensure_sites_available()
put('config/nginx/nginx.conf', '/etc/nginx', use_sudo=True)
put('config/nginx/fastcgi_params', '/etc/nginx', use_sudo=True)
crypto.ensure_dhparams('/etc/ssl/dhparams-nginx.pem')
with mode_sudo():
dir_ensure("/var/www", mode='1777') # make sure anyone can add a site
return already_installed
def _spamassassin():
select_package("apt")
package_ensure(["spamassassin"])
run("sa-update || true")
put("config/dovecot/spamassassin.sieve", "/etc/dovecot/sieve.d", mode='644')
with cd("/etc/dovecot/sieve.d"):
run("sievec spamassassin.sieve")
put("config/spamassassin/spamassassin", "/etc/default", mode='644')
put("config/spamassassin/spamassassin-localspam", "/etc/cron.daily", mode='755')
put("config/spamassassin/local.cf", "/etc/spamassassin", mode='644')
run("update-rc.d spamassassin enable")
run("systemctl restart spamassassin")
def cpanm_bin_installed(home='/tmp'):
cuisine.select_package(option='yum')
cuisine.package_ensure('perl-devel')
binpath = '%s/.deploy/bin' % home
cpanm = '%s/cpanm' % binpath
if not cuisine.file_exists(cpanm):
cuisine.dir_ensure(binpath, recursive=True, mode=755)
cuisine.package_ensure('curl')
run('curl -L http://cpanmin.us > %s' % cpanm)
run('chmod 755 %s' % cpanm)
cuisine.file_exists(cpanm)
return cpanm
def installed():
"""
Ensure that the supervisord is installed.
If not present, supervisord is sudo() installed via ``easy_install``.
Currently RHEL/CentOS flavored.
"""
cuisine.select_package(option='yum')
cuisine.command_ensure('easy_install', package='python-setuptools')
if not cuisine.command_check('supervisord'):
sudo('easy_install supervisor')
def _postfix(database_password):
select_package("apt")
already_installed = package_ensure(["postfix", "postfix-pgsql"]) # On debian will automatically be enabled
crypto.put_cert('config/certs/smtp.za3k.com.pem')
crypto.put_key('config/keys/smtp.za3k.com.key')
crypto.ensure_dhparams('/etc/ssl/dhparams-postfix.pem', size=1024)
put('config/postfix/main.cf', '/etc/postfix', mode='644')
put('config/postfix/master.cf', '/etc/postfix', mode='644')
put('config/postfix/mailname', '/etc', mode='644')
put('config/postfix/pgsql-virtual-aliases.cf', '/etc/postfix', mode='600')
put('config/postfix/pgsql-virtual-mailbox.cf', '/etc/postfix', mode='600')
_replace('/etc/postfix/pgsql-virtual-aliases.cf', 'POSTFIX_DATABASE_PASSWORD', database_password)
_replace('/etc/postfix/pgsql-virtual-mailbox.cf', 'POSTFIX_DATABASE_PASSWORD', database_password)
def prepare_system(admin_user, admin_group='admin'):
provision_user(admin_user, admin_group)
inject_ssl_pubkey(admin_user)
firewall()
select_package('apt')
package_update()
prepare_devenv()
prepare_rbenvs(admin_user)
package_ensure('nginx')
package_ensure('python-pip')
sudo('pip install supervisor')
def _dkim_milter():
select_package("apt")
package_ensure("opendkim", "opendkim-tools")
put("config/dkim/opendkim.conf", "/etc", mode='644')
dir_ensure("/etc/opendkim")
run("chmod 755 /etc/opendkim")
put("config/dkim/KeyTable", "/etc/opendkim", mode='644')
put("config/dkim/SigningTable", "/etc/opendkim", mode='644')
put("config/dkim/TrustedHosts", "/etc/opendkim", mode='644')
put("config/dkim/opendkim", "/etc/default", mode='644')
run("mkdir -p /etc/opendkim/keys/za3k.com && chmod 755 /etc/opendkim/keys && chmod 755 /etc/opendkim/keys/za3k.com")
put("/srv/keys/dkim/za3k.com/default.private", "/etc/opendkim/keys/za3k.com", mode='600')
put("/srv/keys/dkim/za3k.com/default.txt", "/etc/opendkim/keys/za3k.com", mode='644')
run("chown opendkim:opendkim -R /etc/opendkim")
def _spamassassin():
select_package("apt")
package_ensure(["spamassassin"])
run("sa-update || true")
put("config/dovecot/spamassassin.sieve",
"/etc/dovecot/sieve.d",
mode='644')
with cd("/etc/dovecot/sieve.d"):
run("sievec spamassassin.sieve")
put("config/spamassassin/spamassassin", "/etc/default", mode='644')
put("config/spamassassin/spamassassin-localspam",
"/etc/cron.daily",
mode='755')
put("config/spamassassin/local.cf", "/etc/spamassassin", mode='644')
run("update-rc.d spamassassin enable")
run("systemctl restart spamassassin")
def install_prereqs(self):
select_package(self.util.get_package_manager())
vcs_to_pkg = {
'git': 'git',
'hg': 'mercurial',
}
package_ensure(vcs_to_pkg[self.vcs])
command_ensure('python2.7')
if not command_check('virtualenv'):
package_ensure('python-virtualenv')
for pkg in self.install_packages:
package_ensure(pkg)
def _dovecot(database_password):
select_package("apt")
package_ensure([
"dovecot-imapd", "dovecot-lmtpd", "dovecot-pgsql", "dovecot-sieve",
"dovecot-managesieved"
]) # On debian will automatically be enabled
crypto.put_cert('config/certs/imap.za3k.com.pem')
crypto.put_key('config/keys/imap.za3k.com.key')
put('config/dovecot/dovecot.conf', '/etc/dovecot/dovecot.conf', mode='644')
put('config/dovecot/dovecot-sql.conf',
'/etc/dovecot/dovecot-sql.conf',
mode='600')
_replace('/etc/dovecot/dovecot-sql.conf', 'DOVECOT_DATABASE_PASSWORD',
database_password)
dir_ensure("/etc/dovecot/sieve.d")
run("chown vmail:vmail /etc/dovecot/sieve.d")
def _install_percona_server():
cuisine.select_package('apt')
# https://jfg-mysql.blogspot.com/2018/11/howto-install-percona-server-57-on-debian-without-root-password-prompt.html
sudo(
'debconf-set-selections <<< "percona-server-server percona-server-server/root-pass password Knishiya248!"'
)
sudo(
'debconf-set-selections <<< "percona-server-server percona-server-server/re-root-pass password Knishiya248!"'
)
# https://geert.vanderkelen.org/2018/mysql8-unattended-dpkg/
sudo(
'debconf-set-selections <<< "percona-server-server percona-server-server/default-auth-override select Use Legacy Authentication Method (Retain MySQL 5.x Compatibility)"'
)
sudo('apt install -y percona-server-server percona-toolkit')
sudo('systemctl enable mysql')
sudo('systemctl start mysql')
def _postfix(database_password):
select_package("apt")
already_installed = package_ensure(
["postfix",
"postfix-pgsql"]) # On debian will automatically be enabled
crypto.put_cert('config/certs/smtp.za3k.com.pem')
crypto.put_key('config/keys/smtp.za3k.com.key')
crypto.ensure_dhparams('/etc/ssl/dhparams-postfix.pem', size=1024)
put('config/postfix/main.cf', '/etc/postfix', mode='644')
put('config/postfix/master.cf', '/etc/postfix', mode='644')
put('config/postfix/mailname', '/etc', mode='644')
put('config/postfix/pgsql-virtual-aliases.cf', '/etc/postfix', mode='600')
put('config/postfix/pgsql-virtual-mailbox.cf', '/etc/postfix', mode='600')
_replace('/etc/postfix/pgsql-virtual-aliases.cf',
'POSTFIX_DATABASE_PASSWORD', database_password)
_replace('/etc/postfix/pgsql-virtual-mailbox.cf',
'POSTFIX_DATABASE_PASSWORD', database_password)
def ensure():
select_package("apt")
package_ensure(["znc"]) # On debian will automatically be enabled
user_ensure('znc')
group_ensure('znc')
group_user_ensure('znc', 'znc')
dir_ensure("/var/znc", mode='755')
dir_ensure("/var/znc/configs", mode='755')
run("chown znc:znc /var/znc")
util.put("/srv/znc.conf", "/var/znc/configs", user="******", mode="600")
util.put("config/keys/znc.pem", "/var/znc", user="******", mode="600")
util.put("config/znc/modules", "/var/znc", user="******", mode="755")
run("cp /var/znc/modules/*.so /usr/lib/znc")
systemd.add_unit("config/systemd/znc.service")
run("systemctl enable znc")
run("systemctl restart znc")
def ensure():
select_package("apt")
package_ensure(["znc"]) # On debian will automatically be enabled
user_ensure('znc')
group_ensure('znc')
group_user_ensure('znc', 'znc')
dir_ensure("/var/znc", mode='755')
dir_ensure("/var/znc/configs", mode='755')
run("chown znc:znc /var/znc")
util.put("/srv/znc.conf", "/var/znc/configs", user="******", mode="600")
util.put("config/keys/znc.pem", "/var/znc", user="******", mode="600")
util.put("config/znc/modules", "/var/znc", user="******", mode="755")
run("cp /var/znc/modules/*.so /usr/lib/znc")
systemd.add_unit("config/systemd/znc.service")
run("systemctl enable znc")
run("systemctl restart znc")
def installed(version=None):
"""
Ensure that the supervisord is installed.
:param version: str; the exact version string to install (e.g. "3.0a12")
If supervisord is not present, the package is sudo() installed via ``easy_install``.
Currently RHEL/CentOS flavored.
"""
cuisine.select_package(option='yum')
cuisine.command_ensure('easy_install', package='python-setuptools')
if not cuisine.command_check('supervisord'):
if version:
sudo('easy_install supervisor==%s' % version)
else:
sudo('easy_install supervisor')
def _dkim_milter():
select_package("apt")
package_ensure("opendkim", "opendkim-tools")
put("config/dkim/opendkim.conf", "/etc", mode='644')
dir_ensure("/etc/opendkim")
run("chmod 755 /etc/opendkim")
put("config/dkim/KeyTable", "/etc/opendkim", mode='644')
put("config/dkim/SigningTable", "/etc/opendkim", mode='644')
put("config/dkim/TrustedHosts", "/etc/opendkim", mode='644')
put("config/dkim/opendkim", "/etc/default", mode='644')
run("mkdir -p /etc/opendkim/keys/za3k.com && chmod 755 /etc/opendkim/keys && chmod 755 /etc/opendkim/keys/za3k.com"
)
put("/srv/keys/dkim/za3k.com/default.private",
"/etc/opendkim/keys/za3k.com",
mode='600')
put("/srv/keys/dkim/za3k.com/default.txt",
"/etc/opendkim/keys/za3k.com",
mode='644')
run("chown opendkim:opendkim -R /etc/opendkim")
def ensure_fcgiwrap(children=4):
select_package("apt")
package_ensure(["fcgiwrap"]) # On debian will automatically be enabled
# fcgi can't run status script because its default user (www-data) has no login shell--not sure why exactly but work around it by making a new user
user_ensure('fcgiwrap', shell="/bin/sh")
group_ensure('fcgiwrap')
group_user_ensure('fcgiwrap', 'fcgiwrap')
# Needed because of Debian bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792705. Fastcgi 1.1.0-6 (unstable as of writing) fixes this bug.
util.put_file("config/systemd/fcgiwrap.service",
"/etc/systemd/system/gcgiwrap.service",
mode='0644',
user='******')
# Not sure these two lines actually do anything
sudo('sed -i "s/www-data/fcgiwrap/" /lib/systemd/system/fcgiwrap.service')
sudo('echo "FCGI_CHILDREN={}" > /etc/default/fcgiwrap'.format(children))
sudo('systemctl daemon-reload')
sudo('/etc/init.d/fcgiwrap restart')
def _install_nginx_and_php():
# sudo('openssl dhparam -out /etc/nginx/dhparam.pem 2048')
sudo('mkdir -p /var/248')
sudo('chmod 777 /var/248')
sudo('chmod -R 777 /var/log')
# sudo('groupadd nobody')
# sudo('usermod -g nobody nobody')
# sudo('mv /etc/nginx /etc/nginx.bup', warn_only=True)
sudo('systemctl stop isucari.golang.service')
sudo('systemctl disable isucari.golang.service')
sudo('systemctl stop isucari.php.service')
sudo('systemctl disable isucari.php.service')
cuisine.select_package('apt')
sudo(
'apt install -y nginx php7.3 php7.3-fpm php7.3-json php7.3-mbstring php7.3-mysql php7.3-opcache mysql-client'
)
sudo('systemctl enable nginx php7.3-fpm')
sudo('systemctl start nginx php7.3-fpm')
def setup_packages():
puts(green('Setting up packages'))
cuisine.select_package("yum")
with settings(warn_only=True):
sudo('setenforce Permissive')
sudo("rpm -ivh http://yum.postgresql.org/9.3/redhat/rhel-6.6-x86_64/pgdg-centos93-9.3-1.noarch.rpm")
sudo("rpm -ivh http://yum.postgresql.org/9.3/redhat/rhel-6.6-x86_64/pgdg-redhat93-9.3-1.noarch.rpm")
sudo("rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm")
#sudo("rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm")
package_ensure("numpy")
package_ensure("curl")
package_ensure("libcurl")
#package_ensure("libcurl-devel")
package_ensure("python")
package_ensure("python-pycurl")
package_ensure("pyOpenSSL")
package_ensure("postgresql93 postgresql93-server postgresql93-libs postgresql93-contrib postgresql93-devel")
package_ensure("postgis2_93")
package_ensure("python-psycopg2")
package_ensure("nginx")
package_ensure("python-setuptools")
package_ensure("scipy")
package_ensure("binutils")
package_ensure("proj-devel")
package_ensure("gdal")
package_ensure("git")
package_ensure("unzip")
#package_ensure("opencv-python")
#package_ensure("mod_wsgi")
package_ensure("python-pip")
package_ensure("libjpeg-turbo-devel")
package_ensure("java-1.7.0-openjdk")
package_ensure("gcc")
def install_linux_packages():
print white('--- install linux packages ---', bold=True)
if exists('/etc/lsb-release'):
manager = 'apt' # Ubuntu
packages = '''
jq tig dfc zsh git tree tmux unzip nodejs golang
source-highlight silversearcher-ag vim zlib1g-dev libssl-dev
python-software-properties software-properties-common
'''.split()
elif exists('/etc/redhat-release'):
manager = 'yum' # RedHat
packages = '''
jq tig dfc zsh git tree tmux unzip nodejs golang
source-highlight vim zlib-devel openssl-devel
'''.split()
select_package(manager)
with settings(mode_sudo()):
run('{} -y update'.format(manager))
map(lambda _: package_ensure(_), packages)
if exists('/etc/lsb-release'): # tmux 2.0
run('add-apt-repository -y ppa:pi-rho/dev')
run('apt-get update')
run('apt-get install -y tmux=2.0-1~ppa1~t')
def install_linux_packages():
print white('--- install linux packages ---', bold=True)
if exists('/etc/lsb-release'):
manager = 'apt' # Ubuntu
packages = '''
jq tig dfc zsh git tree tmux unzip nodejs golang
source-highlight silversearcher-ag vim zlib1g-dev libssl-dev
python-software-properties software-properties-common
'''.split()
elif exists('/etc/redhat-release'):
manager = 'yum' # RedHat
packages = '''
jq tig dfc zsh git tree tmux unzip nodejs golang
source-highlight vim zlib-devel openssl-devel
'''.split()
select_package(manager)
with settings(mode_sudo()):
run('{} -y update'.format(manager))
map(lambda _: package_ensure(_), packages)
if exists('/etc/lsb-release'): # tmux 2.0
run('add-apt-repository -y ppa:pi-rho/dev')
run('apt-get update')
run('apt-get install -y tmux=2.0-1~ppa1~t')
def deploy(db_username, db_password, hostname, git_repo, ssl_certificate_location, ssl_certificate_key_location):
global HOSTNAME, GIT_REPO
HOSTNAME = "http://"+hostname
GIT_REPO = git_repo
if db_username is None or db_password is None or hostname is None or git_repo is None:
print "Exiting, please provide valid credentials: fab deploy:{username},{password},{hostname},{git_password}"
sys.exit()
cuisine.select_package("yum")
with settings(warn_only=True):
sudo('setenforce Permissive')
puts(green('Starting deployment'))
setup_users()
setup_folders()
setup_packages()
configure(db_username, db_password, git_repo, ssl_certificate_location, ssl_certificate_key_location)
def ensure():
"""Ensure nginx is installed"""
select_package("apt")
if sudo("which nginx", warn_only=True):
# Temporary workaround for manual fix because I don't know how to deal with pinned package to get 'gunzip' and 'gzip' on nginx. Hoping to wait until this is the default.
already_installed = True
else:
already_installed = package_ensure(
["nginx"]) # On debian will automatically be enabled
if not already_installed:
remove_default_sites()
ensure_sites_available()
util.put_file('config/nginx/nginx.conf',
'/etc/nginx/nginx.conf',
user='******',
mode='0644')
util.put_file('config/nginx/fastcgi_params',
'/etc/nginx/fastcgi_params',
user='******',
mode='0644')
crypto.ensure_dhparams('/etc/ssl/dhparams-nginx.pem')
with mode_sudo():
dir_ensure("/var/www", mode='1777') # make sure anyone can add a site
return already_installed
def ensure():
select_package("apt")
already_installed = package_ensure(["postgresql"]) # On debian will automatically be enabled
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from fabric.api import run
from fabric.api import cd
from fabric.api import sudo
from fabric.api import env
from fabric.colors import red, green
import cuisine
cuisine.select_package("apt")
def setup():
_setup_ubuntu()
_install_dotfiles()
_prepare_install_python()
_install_pip()
_install_python3()
def _setup_ubuntu():
sudo("cp /usr/share/zoneinfo/Japan /etc/localtime")
sudo("apt-get update")
cuisine.package_ensure('git')
cuisine.package_ensure('exuberant-ctags')
def _install_dotfiles():
env.forward_agent = True
def ensure():
"""Ensure npm is installed"""
select_package("apt")
package_ensure(["npm"])
from fabric.api import *
from fabric.contrib.files import *
import cuisine
from config import *
from pit import Pit
env.use_ssh_config = True
env.roledefs.update(load_servers('./servers.yaml'))
env.hosts = expand_hosts(env.hosts)
cuisine.select_package('yum')
@task
def create_user():
with settings(user='******'):
cuisine.user_ensure('ssmjp')
append('/etc/sudoers', 'ssmjp ALL=(ALL) ALL')
cuisine.ssh_authorize('ssmjp', cuisine.file_local_read('~/.ssh/ssmjp.pub'))
conf = Pit.get('ssmjp-user', { 'require': { 'password': '******' } })
cuisine.user_passwd('ssmjp', conf['password'])
@task
def install_packages():
with settings(user='******'):
cuisine.package_ensure('nginx')
@task
def restart_nginx():
with settings(user='******'):
sudo('service nginx restart')
from fabric.api import run
from fabric.api import sudo
from fabric.utils import puts
from fabric.colors import red, green
from fabric.context_managers import *
import cuisine
cuisine.select_package("apt")
def kernel_name():
puts(green('Confirming Operation System'))
run('uname -a')
def setup():
_setup_ubuntu()
_setup_devtools()
def _setup_ubuntu():
puts(green('Setting Operation System'))
sudo("cp /usr/share/zoneinfo/Japan /etc/localtime")
sudo("apt-get update")
def _setup_devtools():
puts(green('Installing Devtools'))
cuisine.package_ensure('vim')
cuisine.package_ensure('python-setuptools')
def ensure_git():
select_package("apt")
already_installed = package_ensure(["git"])
def ensure():
select_package("apt")
already_installed = package_ensure(
["ruby", "ruby-dev"]) # On debian will automatically be enabled
import os
import fabric
from fabric.api import run, cd, local
from cuisine import select_package, user_check, user_ensure, user_remove
from cuisine import file_link, file_unlink, file_upload, dir_exists
# cuisine should know if we're on Debian or Redhat
select_package("apt")
project_name = os.environ['PROJECT_NAME']
def tail():
run('tail -f /home/%s/production/logs/error.log' % project_name)
def run_venv(cmd, env='production'):
# prefix for activating virtualenv
prefix = "source /home/" + project_name + "/%s/env/bin/activate &&"
run(prefix % env + " " + cmd)
def uninstall():
if fabric.contrib.console.confirm(
"!!! ACHTUNG !!!\nthis will delete all data!\nContinue?",
default=False):
run('service apache2 stop')
if user_check(project_name):
user_remove(project_name)
run('rm -rf /home/%s' % project_name)
file_unlink('/etc/apache2/sites-enabled/' + project_name)
#sshd_config()
ssh_pam_config()
def role_security():
''' Install Denyhosts '''
common_init()
denyhosts()
#------------------------------------------------------------------------------#
# task(まぁtaskじゃないんだけど) #
#------------------------------------------------------------------------------#
env.use_ssh_config = True
cuisine.select_package("yum")
#--------------------------------------#
# Proxy and Repository #
#--------------------------------------#
def common_init(update=True):
puts(green('Initialize'))
config = ConfigParser.SafeConfigParser()
config.read(config_read_path('./config/common.ini'))
# Proxy
http = config.get('proxy', 'http')
https = config.get('proxy', 'https')
if https is None: https = http
def ensure():
"""Ensure npm is installed"""
select_package("apt")
package_ensure(["npm"])
def ensure_git():
select_package("apt")
already_installed = package_ensure(["git"])
from fabric.api import sudo, cd, env, local
from cuisine import package_ensure, select_package, dir_exists
from fabtools import git
select_package("yum")
def app1():
env.hosts = ["192.168.1.10"]
env.user = "******"
env.key_filename = "./.vagrant/machines/app1/virtualbox/private_key"
def app2():
env.hosts = ["192.168.1.20"]
env.user = "******"
env.key_filename = "./.vagrant/machines/app2/virtualbox/private_key"
def deploy(dir="/tmp", repo="70-10/node-boilerplate"):
package_ensure("git")
if not dir_exists(dir + "/" + repo):
with cd(dir):
git.clone("https://github.com/" + repo, path=repo)
def ensure():
select_package("apt")
already_installed = package_ensure(
["postgresql"]) # On debian will automatically be enabled
# -*- coding: utf-8 -*-
from fabric.api import *
import cuisine
import urllib
import json
USERS = ['yuta1024', 'tyabuki', 'nhirokinet']
cuisine.select_package('yum')
@task
def init():
_setup_user()
_setup_kataribe()
_setup_yum_repository()
_setup_common_package()
@task
def install_nginx_and_php():
sudo(
'yum install --enablerepo=epel,remi,remi-php72 nginx php php-mbstring php-pdo php-mysqlnd php-fpm php-gd -y'
)
# mysql は最初からenabled
sudo('systemctl enable nginx')
sudo('systemctl enable php-fpm')
@task
def install_mysql():
sudo('yum remove mariadb-server mariadb mariadb-devel -y')
def ensure():
select_package("apt")
already_installed = package_ensure(["ruby", "ruby-dev"]) # On debian will automatically be enabled
import cuisine
from fabric.api import *
from fabric.colors import green, red, blue
import logging
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)
env.user = "******"
env.password = "******"
cuisine.select_package('apt')
def pre_req():
cuisine.package_update_apt()
sudo('apt-get -y upgrade')
cuisine.package_ensure('wget')
cuisine.package_ensure('gcc')
cuisine.package_ensure('python-dev')
cuisine.package_ensure('python-pip')
cuisine.package_ensure('wget')
cuisine.package_ensure('gcc')
cuisine.package_ensure('libffi-dev')
cuisine.package_ensure('libssl-dev')
cuisine.package_ensure('libxml2-dev')
cuisine.package_ensure('libxslt-dev')
cuisine.package_ensure('git')
def set_up_key():
run('ssh-keygen -t dsa -N "" -C "*****@*****.**" -f "id_rsa"')
run('ssh-add ~/.ssh/id_rsa')
run('cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys')