def install_mail_server(args):
app.print_verbose("Install mail-relay-server version: %d" % SCRIPT_VERSION)
version_obj = version.Version("Install-mail-relay-server", SCRIPT_VERSION)
version_obj.check_executed()
general.shell_exec("yum -y install sendmail")
# Tell iptables that this server is configured as a mail-relay server.
general.shell_exec("touch /etc/mail/syco_mail_relay_server")
iptables.add_mail_relay_chain()
iptables.save()
hardening.network.configure_resolv_conf()
hardening.network.configure_localhost()
hardening.network.restart_network()
app.print_verbose("Configure /etc/mail/*")
# Allow all servers on localdomain to relay through this server.
set_config_property2("/etc/mail/access",
"Connect:10.100 RELAY")
x("/usr/sbin/makemap hash access < access")
# Remove the loopback address restriction to accept email from the internet or intranet.
set_config_property(
"/etc/mail/sendmail.mc",
r".*DAEMON_OPTIONS\(\`Port\=smtp\,Addr\=127\.0\.0\.1\, Name\=MTA\'\)dnl",
r"dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl")
_rebuild_sendmail_config()
_test_mail()
version_obj.mark_executed()
def install_mail_server(args):
app.print_verbose("Install mail-relay-server version: %d" % SCRIPT_VERSION)
version_obj = version.Version("Install-mail-relay-server", SCRIPT_VERSION)
version_obj.check_executed()
general.shell_exec("yum -y install sendmail")
# Tell iptables that this server is configured as a mail-relay server.
general.shell_exec("touch /etc/mail/syco_mail_relay_server")
iptables.add_mail_relay_chain()
iptables.save()
hardening.network.configure_resolv_conf()
hardening.network.configure_localhost()
hardening.network.restart_network()
app.print_verbose("Configure /etc/mail/*")
# Allow all servers on localdomain to relay through this server.
set_config_property2("/etc/mail/access", "Connect:10.100 RELAY")
x("/usr/sbin/makemap hash access < access")
# Remove the loopback address restriction to accept email from the internet or intranet.
set_config_property(
"/etc/mail/sendmail.mc",
r".*DAEMON_OPTIONS\(\`Port\=smtp\,Addr\=127\.0\.0\.1\, Name\=MTA\'\)dnl",
r"dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl")
_rebuild_sendmail_config()
_test_mail()
version_obj.mark_executed()
def _modify_cobbler_settings():
app.print_verbose("Update cobbler config files")
general.set_config_property("/etc/cobbler/settings", '^server:.*', "server: " + config.general.get_installation_server_ip())
general.set_config_property("/etc/cobbler/settings", '^next_server:.*', "next_server: " + config.general.get_installation_server_ip())
general.set_config_property("/etc/cobbler/settings", '^default_virt_bridge:.*', "default_virt_bridge: br0")
general.set_config_property("/etc/cobbler/settings", '^default_password_crypted:.*', "default_password_crypted: " + app.get_root_password_hash())
general.set_config_property("/etc/cobbler/settings", '^default_virt_type:.*', "default_virt_type: qemu")
general.set_config_property("/etc/cobbler/settings", '^anamon_enabled:.*', "anamon_enabled: 1")
general.set_config_property("/etc/cobbler/settings", '^yum_post_install_mirror:.*', "yum_post_install_mirror: 1")
general.set_config_property("/etc/cobbler/settings", '^manage_dhcp:.*', "manage_dhcp: 1")
# Email out a report when cobbler finishes installing a system.
general.set_config_property(
'/etc/cobbler/settings',
'^build_reporting_enabled:.*',
'build_reporting_enabled: 1'
)
general.set_config_property(
'/etc/cobbler/settings',
'^build_reporting_email::.*',
"build_reporting_email: [ '%s' ]" % config.general.get_admin_email()
)
# Setup kickstart files.
shutil.copyfile(app.SYCO_PATH + "/var/kickstart/cobbler.ks", "/var/lib/cobbler/kickstarts/cobbler.ks")
# Configure DHCP
shutil.copyfile(app.SYCO_PATH + "/var/dhcp/dhcp.template", "/etc/cobbler/dhcp.template")
# Config crontab to update repo automagically
general.set_config_property2("/etc/crontab", "01 4 * * * root syco install-cobbler-refresh")
# Set apache servername
general.set_config_property("/etc/httpd/conf/httpd.conf", "#ServerName www.example.com:80", "ServerName " + config.general.get_installation_server() + ":80")
x("/etc/init.d/httpd restart")
x("/etc/init.d/cobblerd restart")
# Wait for cobblered to restart
time.sleep(1)
# Iptables rules need be fixed now.
x("cobbler get-loaders")
# Setup distro/repo for centos
x("cobbler check")
def _modify_cobbler_settings():
app.print_verbose("Update cobbler config files")
general.set_config_property("/etc/cobbler/settings", '^server:.*', "server: " + config.general.get_installation_server_ip())
general.set_config_property("/etc/cobbler/settings", '^next_server:.*', "next_server: " + config.general.get_installation_server_ip())
general.set_config_property("/etc/cobbler/settings", '^default_virt_bridge:.*', "default_virt_bridge: br0")
general.set_config_property("/etc/cobbler/settings", '^default_password_crypted:.*', "default_password_crypted: " + app.get_root_password_hash())
general.set_config_property("/etc/cobbler/settings", '^default_virt_type:.*', "default_virt_type: qemu")
general.set_config_property("/etc/cobbler/settings", '^anamon_enabled:.*', "anamon_enabled: 1")
general.set_config_property("/etc/cobbler/settings", '^yum_post_install_mirror:.*', "yum_post_install_mirror: 1")
general.set_config_property("/etc/cobbler/settings", '^manage_dhcp:.*', "manage_dhcp: 1")
# Email out a report when cobbler finishes installing a system.
general.set_config_property(
'/etc/cobbler/settings',
'^build_reporting_enabled:.*',
'build_reporting_enabled: 1'
)
general.set_config_property(
'/etc/cobbler/settings',
'^build_reporting_email::.*',
"build_reporting_email: [ '%s' ]" % config.general.get_admin_email()
)
# Setup kickstart files.
shutil.copyfile(app.SYCO_PATH + "/var/kickstart/cobbler.ks", "/var/lib/cobbler/kickstarts/cobbler.ks")
# Configure DHCP
shutil.copyfile(app.SYCO_PATH + "/var/dhcp/dhcp.template", "/etc/cobbler/dhcp.template")
# Config crontab to update repo automagically
general.set_config_property2("/etc/crontab", "01 4 * * * syco install-cobbler-repo")
# Set apache servername
general.set_config_property("/etc/httpd/conf/httpd.conf", "#ServerName www.example.com:80", "ServerName " + config.general.get_installation_server() + ":80")
x("/etc/init.d/httpd restart")
x("/etc/init.d/cobblerd restart")
# Wait for cobblered to restart
time.sleep(1)
# Iptables rules need be fixed now.
x("cobbler get-loaders")
# Setup distro/repo for centos
x("cobbler check")
def install_mail_client(args):
app.print_verbose("Install mail-relay-server version: %d" % SCRIPT_VERSION)
version_obj = version.Version("Install-mail-relay-client", SCRIPT_VERSION)
version_obj.check_executed()
general.shell_exec("yum -y install sendmail")
file = "/etc/mail/sendmail.mc"
domain = config.general.get_mail_relay_domain_name()
app.print_verbose("Configure /etc/mail/*")
# Set the mail-relay server.
set_config_property(file, ".*define\(\`SMART_HOST\'\, \`.*\'\)dnl",
"define(`SMART_HOST', `" + domain + "')dnl")
# FEATURE always_add_domain always masquerades email addresses, even if the
# mail is sent from a user on the mail server to another user on the same
# mail server.
set_config_property2(file, "FEATURE(always_add_domain)dnl")
# FEATURE masquerade_entire_domain makes sendmail masquerade servers named
# *my-site.com, and *another-site.com as my-site.com. In other words, mail
# from sales.my-site.com would be masqueraded as my-site.com. If this wasn't
# selected, then only servers named my-site.com and my-othersite.com would be
# masqueraded. Use this with caution when you are sure you have the necessary
# authority to do this.
set_config_property2(file, "FEATURE(masquerade_entire_domain)dnl")
# FEATURE masquerade_envelope rewrites the email envelope just as
# MASQUERADE_AS rewrote the header.
set_config_property2(file, "FEATURE(masquerade_envelope)dnl")
# FEATURE allmasquerade makes sendmail rewrite both recipient addresses and
# sender addresses relative to the local machine. If you cc: yourself on an
# outgoing mail, the other recipient sees a cc: to an address he knows instead
# of one on localhost.localdomain.
# TODO: need to be before MAILER
#set_config_property2(file, "FEATURE(allmasquerade)dnl")
# The MASQUERADE_AS directive makes all mail originating on
# client appear to come from a server within the domain
# DOMAIN by rewriting the email header.
set_config_property(file, ".*MASQUERADE_AS\(\`.*\'\)dnl.*",
"MASQUERADE_AS(`" + domain + "')dnl")
# The MASQUERADE_DOMAIN directive makes mail relayed via mail-relay server
# from all machines in the localdomain domains appear to come from the
# MASQUERADE_AS domain. Using DNS, sendmail checks the domain name associated
# with the IP address of the mail relay client sending the mail to help it
# determine whether it should do masquerading or not.
set_config_property2(file, "MASQUERADE_DOMAIN(localhost)dnl")
set_config_property2(file, "MASQUERADE_DOMAIN(localhost.localdomain)dnl")
# By default, user "root" will not be masqueraded. Removing the EXPOSED_USER
# will also masqueraded root.
set_config_property(file, ".*EXPOSED_USER\(\`root\'\)dnl.*",
"dnl EXPOSED_USER(`root')dnl")
_rebuild_sendmail_config()
_test_mail()
version_obj.mark_executed()
def _setup_network_interfaces():
"""
Setup bonded network interfaces and bridges.
Read more.
http://serverfault.com/questions/316623/what-is-the-correct-way-to-setup-a-bonded-bridge-on-centos-6-for-kvm-guests
http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge
http://www.cyberciti.biz/faq/rhel-linux-kvm-virtualization-bridged-networking-with-libvirt/
http://www.linux-kvm.org/page/HOWTO_BONDING
https://fedorahosted.org/cobbler/wiki/VirtNetworkingSetupForUseWithKoan
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt.html
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sec-Using_Channel_Bonding.html
"""
# Remove the virbr0, "NAT-interface".
# http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/chap-Virtualization-Network_Configuration.html
x("virsh net-destroy default")
x("virsh net-undefine default")
x("service libvirtd restart")
# Install network bridge
install.package("bridge-utils")
general.set_config_property2("/etc/modprobe.d/syco.conf",
"alias bond0 bonding")
num_of_if = net.num_of_eth_interfaces()
front_gw = config.general.get_front_gateway_ip()
front_resolver = config.general.get_front_resolver_ip()
front_netmask = config.general.get_front_netmask()
front_ip = config.host(net.get_hostname()).get_front_ip()
back_gw = config.general.get_back_gateway_ip()
back_resolver = config.general.get_back_resolver_ip()
back_netmask = config.general.get_back_netmask()
back_ip = config.host(net.get_hostname()).get_back_ip()
if (num_of_if >= 4):
# Setup back-net
_setup_bridge("br0", back_ip, back_netmask, back_gw, back_resolver)
_setup_bond("bond0", "br0")
_setup_eth("eth0", "bond0")
_setup_eth("eth1", "bond0")
# _setup front-net
_setup_bridge("br1", front_ip, front_netmask, front_gw, front_resolver)
_setup_bond("bond1", "br1")
_setup_eth("eth2", "bond1")
_setup_eth("eth3", "bond1")
elif (num_of_if == 2):
# Setup back-net
_setup_bridge("br0", back_ip, back_netmask, back_gw, back_resolver)
_setup_bond("bond0", "br0")
_setup_eth("eth0", "bond0")
# _setup front-net
_setup_bridge("br1", front_ip, front_netmask, front_gw, front_resolver)
_setup_bond("bond1", "br1")
_setup_eth("eth1", "bond1")
else:
app.print_error("To few network interfaces: " + str(num_of_if))
_abort_kvm_host_installation()
def install_mail_client(args):
app.print_verbose("Install mail-relay-server version: %d" % SCRIPT_VERSION)
version_obj = version.Version("Install-mail-relay-client", SCRIPT_VERSION)
version_obj.check_executed()
general.shell_exec("yum -y install sendmail")
file = "/etc/mail/sendmail.mc"
domain = config.general.get_mail_relay_domain_name()
app.print_verbose("Configure /etc/mail/*")
# Set the mail-relay server.
set_config_property(file,
".*define\(\`SMART_HOST\'\, \`.*\'\)dnl",
"define(`SMART_HOST', `" + domain + "')dnl"
)
# FEATURE always_add_domain always masquerades email addresses, even if the
# mail is sent from a user on the mail server to another user on the same
# mail server.
set_config_property2(file, "FEATURE(always_add_domain)dnl")
# FEATURE masquerade_entire_domain makes sendmail masquerade servers named
# *my-site.com, and *another-site.com as my-site.com. In other words, mail
# from sales.my-site.com would be masqueraded as my-site.com. If this wasn't
# selected, then only servers named my-site.com and my-othersite.com would be
# masqueraded. Use this with caution when you are sure you have the necessary
# authority to do this.
set_config_property2(file, "FEATURE(masquerade_entire_domain)dnl")
# FEATURE masquerade_envelope rewrites the email envelope just as
# MASQUERADE_AS rewrote the header.
set_config_property2(file, "FEATURE(masquerade_envelope)dnl")
# FEATURE allmasquerade makes sendmail rewrite both recipient addresses and
# sender addresses relative to the local machine. If you cc: yourself on an
# outgoing mail, the other recipient sees a cc: to an address he knows instead
# of one on localhost.localdomain.
# TODO: need to be before MAILER
#set_config_property2(file, "FEATURE(allmasquerade)dnl")
# The MASQUERADE_AS directive makes all mail originating on
# client appear to come from a server within the domain
# DOMAIN by rewriting the email header.
set_config_property(file, ".*MASQUERADE_AS\(\`.*\'\)dnl.*", "MASQUERADE_AS(`" + domain + "')dnl")
# The MASQUERADE_DOMAIN directive makes mail relayed via mail-relay server
# from all machines in the localdomain domains appear to come from the
# MASQUERADE_AS domain. Using DNS, sendmail checks the domain name associated
# with the IP address of the mail relay client sending the mail to help it
# determine whether it should do masquerading or not.
set_config_property2(file, "MASQUERADE_DOMAIN(localhost)dnl")
set_config_property2(file, "MASQUERADE_DOMAIN(localhost.localdomain)dnl")
# By default, user "root" will not be masqueraded. Removing the EXPOSED_USER
# will also masqueraded root.
set_config_property(file, ".*EXPOSED_USER\(\`root\'\)dnl.*", "dnl EXPOSED_USER(`root')dnl")
_rebuild_sendmail_config()
_test_mail()
version_obj.mark_executed()
