def _rules_config(rules): """ Policy configuration """ if rules is None: rules = DEFAULT_RULES lines = [RULES_HEADER] for entry in rules: entry.setdefault('proto', 'tcp') entry.setdefault('dest_port', '-') entry.setdefault('source_port', '-') entry.setdefault('original_dest', '-') entry.setdefault('rate_limit', '-') entry.setdefault('user', '-') entry.setdefault('mark', '-') entry.setdefault('conn_limit', '-') entry.setdefault('time', '-') if isinstance(entry['dest_port'], list): entry['dest_port'] = ','.join(map(str, entry['dest_port'])) if isinstance(entry['source_port'], list): entry['source_port'] = ','.join(map(str, entry['source_port'])) lines.append(RULES_FORMAT % entry) file('/etc/shorewall/rules', contents=''.join(lines), use_sudo=True)
def _routestopped_config(routestopped): """ Routestopped configuration This lists the hosts that should be accessible when the firewall is stopped or starting. """ if routestopped is None: routestopped = [] lines = [ROUTESTOPPED_HEADER] for entry in routestopped: entry.setdefault('interface', 'eth0') entry.setdefault('host', '0.0.0.0/0') entry.setdefault('options', '-') entry.setdefault('proto', '-') entry.setdefault('dest_port', '-') entry.setdefault('source_port', '-') if isinstance(entry['host'], list): entry['host'] = ','.join(entry['host']) if isinstance(entry['options'], list): entry['options'] = ','.join(entry['options']) lines.append(ROUTESTOPPED_FORMAT % entry) file('/etc/shorewall/routestopped', contents=''.join(lines), use_sudo=True)
def deploy_files(version='master'): """ Ensure that the directory tree exists and has the requested version of the site. """ require('code_root', 'project_root', 'repo', 'webuser') files.directory(env.project_root, owner=env.webuser, use_sudo=True) files.directory( os.path.join(env.project_root, 'log'), owner=env.webuser, use_sudo=True) if env.environment != "vagrant" and not ffiles.exists(env.code_root): with cd(env.project_root): sudo('git clone {} source'.format(env.repo), user=env.webuser) # Replace remote secrets file only if we are not using Vagrant (because # the secrets file should be automatically synchronized) and the file # does not already exist on the remote server. if env.environment != "vagrant" and not ffiles.exists(env.remote_secrets): files.file( env.remote_secrets, source=os.path.join(env.deploy_dir, 'secrets.py'), use_sudo=True, owner=env.webuser) if env.environment != "vagrant": with cd(env.code_root): # discard any local changes to the repo sudo('git reset --hard', user=env.webuser) sudo('git checkout {}'.format(version), user=env.webuser) sudo('git pull', user=env.webuser)
def _routestopped_config(routestopped): """ Routestopped configuration This lists the hosts that should be accessible when the firewall is stopped or starting. """ if routestopped is None: routestopped = [] lines = [ROUTESTOPPED_HEADER] for entry in routestopped: entry.setdefault("interface", "eth0") entry.setdefault("host", "0.0.0.0/0") entry.setdefault("options", "-") entry.setdefault("proto", "-") entry.setdefault("dest_port", "-") entry.setdefault("source_port", "-") if isinstance(entry["host"], list): entry["host"] = ",".join(entry["host"]) if isinstance(entry["options"], list): entry["options"] = ",".join(entry["options"]) lines.append(ROUTESTOPPED_FORMAT % entry) file("/etc/shorewall/routestopped", contents="".join(lines), use_sudo=True)
def _rules_config(rules): """ Policy configuration """ if rules is None: rules = DEFAULT_RULES lines = [RULES_HEADER] for entry in rules: entry.setdefault("proto", "tcp") entry.setdefault("dest_port", "-") entry.setdefault("source_port", "-") entry.setdefault("original_dest", "-") entry.setdefault("rate_limit", "-") entry.setdefault("user", "-") entry.setdefault("mark", "-") entry.setdefault("conn_limit", "-") entry.setdefault("time", "-") if isinstance(entry["dest_port"], list): entry["dest_port"] = ",".join(map(str, entry["dest_port"])) if isinstance(entry["source_port"], list): entry["source_port"] = ",".join(map(str, entry["source_port"])) lines.append(RULES_FORMAT % entry) file("/etc/shorewall/rules", contents="".join(lines), use_sudo=True)
def _policy_config(policy): """ Policy configuration """ if policy is None: policy = DEFAULT_POLICY lines = [POLICY_HEADER] for entry in policy: entry.setdefault('log_level', '') entry.setdefault('burst_limit', '') lines.append(POLICY_FORMAT % entry) file('/etc/shorewall/policy', contents=''.join(lines), use_sudo=True)
def _interfaces_config(interfaces): """ Interfaces configuration """ if interfaces is None: interfaces = DEFAULT_INTERFACES lines = [INTERFACES_HEADER] for entry in interfaces: entry.setdefault("zone", "net") entry.setdefault("broadcast", "detect") entry.setdefault("options", "") lines.append(INTERFACES_FORMAT % entry) file("/etc/shorewall/interfaces", contents="".join(lines), use_sudo=True)
def _interfaces_config(interfaces): """ Interfaces configuration """ if interfaces is None: interfaces = DEFAULT_INTERFACES lines = [INTERFACES_HEADER] for entry in interfaces: entry.setdefault('zone', 'net') entry.setdefault('broadcast', 'detect') entry.setdefault('options', '') lines.append(INTERFACES_FORMAT % entry) file('/etc/shorewall/interfaces', contents=''.join(lines), use_sudo=True)
def _zone_config(zones): """ Zone configuration """ if zones is None: zones = DEFAULT_ZONES lines = [ZONE_HEADER] for entry in zones: entry.setdefault('options', '') entry.setdefault('in_options', '') entry.setdefault('out_options', '') lines.append(ZONE_FORMAT % entry) file('/etc/shorewall/zones', contents=''.join(lines), use_sudo=True)
def deploy_vagrant_files(): """ ensure that the directory tree resembles production The Vagrantfile mounts the current working directory where the source directory will be in production. """ require('project_root', 'webuser') files.directory(env.project_root, owner=env.webuser, use_sudo=True) files.directory(os.path.join(env.project_root, 'log'), owner=env.webuser, use_sudo=True) files.file(os.path.join(env.code_root, 'conf_site/settings/secrets.py'), source=os.path.join(env.deploy_dir, 'secrets.py'), use_sudo=True, owner=env.webuser)
def _masq_config(masq): """ Masquerading/SNAT configuration """ if masq is None: masq = [] lines = [MASQ_HEADER] for entry in masq: entry.setdefault('interface', 'eth0') entry.setdefault('address', '-') entry.setdefault('proto', '-') entry.setdefault('port', '-') if isinstance(entry['source'], list): entry['source'] = ','.join(entry['source']) lines.append(MASQ_FORMAT % entry) file('/etc/shorewall/masq', contents=''.join(lines), use_sudo=True)
def _masq_config(masq): """ Masquerading/SNAT configuration """ if masq is None: masq = [] lines = [MASQ_HEADER] for entry in masq: entry.setdefault("interface", "eth0") entry.setdefault("address", "-") entry.setdefault("proto", "-") entry.setdefault("port", "-") if isinstance(entry["source"], list): entry["source"] = ",".join(entry["source"]) lines.append(MASQ_FORMAT % entry) file("/etc/shorewall/masq", contents="".join(lines), use_sudo=True)
def deploy_files(version='master'): """ ensure that the directory tree exists and has the requested version of the site """ require('code_root', 'project_root', 'repo', 'webuser') if env.environment == "vagrant": deploy_vagrant_files() return files.directory(env.project_root, owner=env.webuser, use_sudo=True) files.directory(os.path.join(env.project_root, 'log'), owner=env.webuser, use_sudo=True) if not ffiles.exists(env.code_root): with cd(env.project_root): sudo('git clone {} source'.format(env.repo), user=env.webuser) files.file(os.path.join(env.code_root, 'conf_site/settings/secrets.py'), source=os.path.join(env.deploy_dir, 'secrets.py'), use_sudo=True, owner=env.webuser) with cd(env.code_root): # discard any local changes to the repo sudo('git reset --hard', user=env.webuser) sudo('git checkout {}'.format(version), user=env.webuser) sudo('git pull', user=env.webuser)
def push(): """ This function for create django site project work flow on remote server. Django site source cloning from remote git repository. NOTE: This function may be used in other fab file. For this need setup global `env` dict. **`env` settings** env.user - deploy user name (use for ssh) env.password - deploy user password (use for ssh) env.hosts - list deploy hosts (use for ssh) env.domain - django site domain (DNS) use for: - nginx settings - uWSGI start user - project dir name env.repository - remote git repository url, use for git clone site source env.no_input_mode - in this variable True use no input deploy mode. If no_input_mode==True using follow strategy: Abort if env.domain (env.repository) value not set or invalid. And using default confirm() value if needed. """ # cwd => ./deploy env.lcwd = os.path.abspath(os.path.dirname(__file__)) require('no_input_mode') #env.no_input_mode = False if env.no_input_mode: def confirm_local(question, default=True): puts(question) puts("Use no_input_mode [default: {0}]".format("Y" if default else "N")) return default confirm = confirm_local else: confirm = confirm_global validate = "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$" if not env.get("domain"): if env.no_input_mode: abort("Need set env.domain !") else: prompt("Project DNS url: ", "domain", env.get('domain_default', ''), validate=validate) else: if not re.findall(validate, env.domain): abort("Invalid env.domain !") if not env.get("repository"): if env.no_input_mode: env.repository = env.repository_default else: prompt("Deploy from: ", "repository", env.get('repository_default', '')) require('repository', 'domain') puts("Deploy site: {0} \nFrom: {1}".format(env.domain, env.repository)) DOMAIN_WITHOUT_DOT = env.domain.replace('.', '_') env.project_user = DOMAIN_WITHOUT_DOT env.project_group = DOMAIN_WITHOUT_DOT env.project_dir_name = DOMAIN_WITHOUT_DOT env.root = posixpath.join(PROJECTS_ROOT, env.project_dir_name) env.debug = True deb.packages(['git']) files.directory(PROJECTS_ROOT, use_sudo=True, owner='root', group='root', mode='755') with cd(PROJECTS_ROOT): # pip cache files.directory('.pip.cache', use_sudo=True, owner='deploy', group='deploy', mode='755') pip_cache_dir = posixpath.join(PROJECTS_ROOT, '.pip.cache') # proj dir create if is_dir(env.project_dir_name) and confirm("proj dir exist! abort ?", default=False): return files.directory(env.project_dir_name, use_sudo=True, owner='root', group='root', mode='755') # proj user create if not fabtools.user.exists(env.project_user): fabtools.user.create(env.project_user, home=env.root, group=env.project_group, create_home=False, system=True, shell='/bin/false', create_group=True) # proj infrastructure with cd(env.project_dir_name): # proj source if not is_dir('src') or confirm("proj src exist! [rm all and re clone / git pull]?", default=False): files.directory('src', use_sudo=True, owner='deploy', group='deploy', mode='755') with cd('src'): sudo('rm -Rf .??* *') sudo('git clone {repository:s} .'.format(env), user='******') else: with cd('src'): sudo('git pull', user='******') # proj virtual env if not is_dir('.virtualenvs') or confirm("proj venv dir exist! [rm all and recreate / repeat install]?", default=False): files.directory('.virtualenvs', use_sudo=True, owner='deploy', group='deploy', mode='755') with cd('.virtualenvs'): sudo('rm -Rf .??* *') python.virtualenv('.virtualenvs', use_sudo=True, user='******', clear=True) with fabtools.python.virtualenv('.virtualenvs'): python.install_requirements('src/requirements.txt', use_mirrors=False, use_sudo=True, user='******', download_cache=pip_cache_dir) # ------------------- # # WEB SERVER SETTINGS # # ------------------- # # I`m use nginx <-> uWSGI <-> Django nginx.server() deb.packages(['uwsgi', 'uwsgi-plugin-python']) # proj conf! if not is_dir('conf') or confirm("proj conf dir exist! [backup and update? / skip]", default=False): files.directory('conf', use_sudo=True, owner='root', group='root', mode='755') with cd('conf'): local_conf_templates = os.path.join(os.path.dirname(__file__), 'template', 'conf') uwsgi_conf = os.path.join(local_conf_templates, 'uwsgi.ini') nginx_conf = os.path.join(local_conf_templates, 'nginx.conf') sudo("rm -Rf *.back") sudo("ls -d *{.conf,.ini} | sed 's/.*$/mv -fu \"&\" \"\\0.back\"/' | sh") files.template_file('uwsgi.ini', template_source=uwsgi_conf, context=env, use_sudo=True, owner='root', group='root', mode='644') files.file('reload', use_sudo=True, owner='root', group='root') sudo('ln -sf $(pwd)/uwsgi.ini /etc/uwsgi/apps-enabled/' + env.project_dir_name + '.ini') files.template_file('nginx.conf', template_source=nginx_conf, context=env, use_sudo=True, owner='root', group='root', mode='644') sudo('ln -sf $(pwd)/nginx.conf /etc/nginx/sites-enabled/' + env.project_dir_name) sudo('service nginx restart') sudo('service uwsgi restart')