예제 #1
0
def install_mail_server(args):
    app.print_verbose("Install mail-relay-server version: %d" % SCRIPT_VERSION)
    version_obj = version.Version("Install-mail-relay-server", SCRIPT_VERSION)
    version_obj.check_executed()

    general.shell_exec("yum -y install sendmail")

    # Tell iptables that this server is configured as a mail-relay server.
    general.shell_exec("touch /etc/mail/syco_mail_relay_server")
    iptables.add_mail_relay_chain()
    iptables.save()

    hardening.network.configure_resolv_conf()
    hardening.network.configure_localhost()
    hardening.network.restart_network()

    app.print_verbose("Configure /etc/mail/*")

    # Allow all servers on localdomain to relay through this server.
    set_config_property2("/etc/mail/access",
                         "Connect:10.100                          RELAY")
    x("/usr/sbin/makemap hash access < access")

    # Remove the loopback address restriction to accept email from the internet or intranet.
    set_config_property(
        "/etc/mail/sendmail.mc",
        r".*DAEMON_OPTIONS\(\`Port\=smtp\,Addr\=127\.0\.0\.1\, Name\=MTA\'\)dnl",
        r"dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl")

    _rebuild_sendmail_config()

    _test_mail()
    version_obj.mark_executed()
예제 #2
0
def install_mail_server(args):
  app.print_verbose("Install mail-relay-server version: %d" % SCRIPT_VERSION)
  version_obj = version.Version("Install-mail-relay-server", SCRIPT_VERSION)
  version_obj.check_executed()

  general.shell_exec("yum -y install sendmail")

  # Tell iptables that this server is configured as a mail-relay server.
  general.shell_exec("touch /etc/mail/syco_mail_relay_server")
  iptables.add_mail_relay_chain()
  iptables.save()

  hardening.network.configure_resolv_conf()
  hardening.network.configure_localhost()
  hardening.network.restart_network()

  app.print_verbose("Configure /etc/mail/*")

  # Allow all servers on localdomain to relay through this server.
  set_config_property2("/etc/mail/access", "Connect:10.100                          RELAY")
  x("/usr/sbin/makemap hash access < access")

  # Remove the loopback address restriction to accept email from the internet or intranet.
  set_config_property(
    "/etc/mail/sendmail.mc",
    r".*DAEMON_OPTIONS\(\`Port\=smtp\,Addr\=127\.0\.0\.1\, Name\=MTA\'\)dnl",
    r"dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl")

  _rebuild_sendmail_config()

  _test_mail()
  version_obj.mark_executed()
예제 #3
0
def _modify_cobbler_settings():
  app.print_verbose("Update cobbler config files")
  general.set_config_property("/etc/cobbler/settings", '^server:.*', "server: " + config.general.get_installation_server_ip())
  general.set_config_property("/etc/cobbler/settings", '^next_server:.*', "next_server: " + config.general.get_installation_server_ip())
  general.set_config_property("/etc/cobbler/settings", '^default_virt_bridge:.*', "default_virt_bridge: br0")
  general.set_config_property("/etc/cobbler/settings", '^default_password_crypted:.*', "default_password_crypted: " + app.get_root_password_hash())
  general.set_config_property("/etc/cobbler/settings", '^default_virt_type:.*', "default_virt_type: qemu")
  general.set_config_property("/etc/cobbler/settings", '^anamon_enabled:.*', "anamon_enabled: 1")
  general.set_config_property("/etc/cobbler/settings", '^yum_post_install_mirror:.*', "yum_post_install_mirror: 1")
  general.set_config_property("/etc/cobbler/settings", '^manage_dhcp:.*', "manage_dhcp: 1")

  # Email out a report when cobbler finishes installing a system.
  general.set_config_property(
    '/etc/cobbler/settings',
    '^build_reporting_enabled:.*',
    'build_reporting_enabled: 1'
  )
  general.set_config_property(
    '/etc/cobbler/settings',
    '^build_reporting_email::.*',
    "build_reporting_email: [ '%s' ]" % config.general.get_admin_email()
  )

  # Setup kickstart files.
  shutil.copyfile(app.SYCO_PATH + "/var/kickstart/cobbler.ks", "/var/lib/cobbler/kickstarts/cobbler.ks")

  # Configure DHCP
  shutil.copyfile(app.SYCO_PATH + "/var/dhcp/dhcp.template", "/etc/cobbler/dhcp.template")

  # Config crontab to update repo automagically
  general.set_config_property2("/etc/crontab", "01 4 * * *  root       syco install-cobbler-refresh")

  # Set apache servername
  general.set_config_property("/etc/httpd/conf/httpd.conf", "#ServerName www.example.com:80", "ServerName " + config.general.get_installation_server() + ":80")
  x("/etc/init.d/httpd restart")

  x("/etc/init.d/cobblerd restart")

  # Wait for cobblered to restart
  time.sleep(1)

  # Iptables rules need be fixed now.
  x("cobbler get-loaders")

  # Setup distro/repo for centos
  x("cobbler check")
예제 #4
0
def _modify_cobbler_settings():
  app.print_verbose("Update cobbler config files")
  general.set_config_property("/etc/cobbler/settings", '^server:.*', "server: " + config.general.get_installation_server_ip())
  general.set_config_property("/etc/cobbler/settings", '^next_server:.*', "next_server: " + config.general.get_installation_server_ip())
  general.set_config_property("/etc/cobbler/settings", '^default_virt_bridge:.*', "default_virt_bridge: br0")
  general.set_config_property("/etc/cobbler/settings", '^default_password_crypted:.*', "default_password_crypted: " + app.get_root_password_hash())
  general.set_config_property("/etc/cobbler/settings", '^default_virt_type:.*', "default_virt_type: qemu")
  general.set_config_property("/etc/cobbler/settings", '^anamon_enabled:.*', "anamon_enabled: 1")
  general.set_config_property("/etc/cobbler/settings", '^yum_post_install_mirror:.*', "yum_post_install_mirror: 1")
  general.set_config_property("/etc/cobbler/settings", '^manage_dhcp:.*', "manage_dhcp: 1")

  # Email out a report when cobbler finishes installing a system.
  general.set_config_property(
    '/etc/cobbler/settings',
    '^build_reporting_enabled:.*',
    'build_reporting_enabled: 1'
  )
  general.set_config_property(
    '/etc/cobbler/settings',
    '^build_reporting_email::.*',
    "build_reporting_email: [ '%s' ]" % config.general.get_admin_email()
  )

  # Setup kickstart files.
  shutil.copyfile(app.SYCO_PATH + "/var/kickstart/cobbler.ks", "/var/lib/cobbler/kickstarts/cobbler.ks")

  # Configure DHCP
  shutil.copyfile(app.SYCO_PATH + "/var/dhcp/dhcp.template", "/etc/cobbler/dhcp.template")

  # Config crontab to update repo automagically
  general.set_config_property2("/etc/crontab", "01 4 * * * syco install-cobbler-repo")

  # Set apache servername
  general.set_config_property("/etc/httpd/conf/httpd.conf", "#ServerName www.example.com:80", "ServerName " + config.general.get_installation_server() + ":80")
  x("/etc/init.d/httpd restart")

  x("/etc/init.d/cobblerd restart")

  # Wait for cobblered to restart
  time.sleep(1)

  # Iptables rules need be fixed now.
  x("cobbler get-loaders")

  # Setup distro/repo for centos
  x("cobbler check")
예제 #5
0
def install_mail_client(args):
    app.print_verbose("Install mail-relay-server version: %d" % SCRIPT_VERSION)
    version_obj = version.Version("Install-mail-relay-client", SCRIPT_VERSION)
    version_obj.check_executed()

    general.shell_exec("yum -y install sendmail")

    file = "/etc/mail/sendmail.mc"
    domain = config.general.get_mail_relay_domain_name()

    app.print_verbose("Configure /etc/mail/*")

    # Set the mail-relay server.
    set_config_property(file, ".*define\(\`SMART_HOST\'\, \`.*\'\)dnl",
                        "define(`SMART_HOST', `" + domain + "')dnl")

    # FEATURE always_add_domain always masquerades email addresses, even if the
    # mail is sent from a user on the mail server to another user on the same
    # mail server.
    set_config_property2(file, "FEATURE(always_add_domain)dnl")

    # FEATURE masquerade_entire_domain makes sendmail masquerade servers named
    # *my-site.com, and *another-site.com as my-site.com. In other words, mail
    # from sales.my-site.com would be masqueraded as my-site.com. If this wasn't
    # selected, then only servers named my-site.com and my-othersite.com would be
    # masqueraded. Use this with caution when you are sure you have the necessary
    # authority to do this.
    set_config_property2(file, "FEATURE(masquerade_entire_domain)dnl")

    # FEATURE masquerade_envelope rewrites the email envelope just as
    # MASQUERADE_AS rewrote the header.
    set_config_property2(file, "FEATURE(masquerade_envelope)dnl")

    # FEATURE allmasquerade makes sendmail rewrite both recipient addresses and
    # sender addresses relative to the local machine. If you cc: yourself on an
    # outgoing mail, the other recipient sees a cc: to an address he knows instead
    # of one on localhost.localdomain.
    # TODO: need to be before MAILER
    #set_config_property2(file, "FEATURE(allmasquerade)dnl")

    # The MASQUERADE_AS directive makes all mail originating on
    # client appear to come from a server within the domain
    # DOMAIN by rewriting the email header.
    set_config_property(file, ".*MASQUERADE_AS\(\`.*\'\)dnl.*",
                        "MASQUERADE_AS(`" + domain + "')dnl")

    # The MASQUERADE_DOMAIN directive makes mail relayed via mail-relay server
    # from all machines in the localdomain domains appear to come from the
    # MASQUERADE_AS domain. Using DNS, sendmail checks the domain name associated
    # with the IP address of the mail relay client sending the mail to help it
    # determine whether it should do masquerading or not.
    set_config_property2(file, "MASQUERADE_DOMAIN(localhost)dnl")
    set_config_property2(file, "MASQUERADE_DOMAIN(localhost.localdomain)dnl")

    # By default, user "root" will not be masqueraded. Removing the EXPOSED_USER
    # will also masqueraded root.
    set_config_property(file, ".*EXPOSED_USER\(\`root\'\)dnl.*",
                        "dnl EXPOSED_USER(`root')dnl")

    _rebuild_sendmail_config()

    _test_mail()
    version_obj.mark_executed()
예제 #6
0
def _setup_network_interfaces():
    """
    Setup bonded network interfaces and bridges.

    Read more.
    http://serverfault.com/questions/316623/what-is-the-correct-way-to-setup-a-bonded-bridge-on-centos-6-for-kvm-guests
    http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge
    http://www.cyberciti.biz/faq/rhel-linux-kvm-virtualization-bridged-networking-with-libvirt/
    http://www.linux-kvm.org/page/HOWTO_BONDING
    https://fedorahosted.org/cobbler/wiki/VirtNetworkingSetupForUseWithKoan
    http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt.html
    http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html
    http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sec-Using_Channel_Bonding.html

    """
    # Remove the virbr0, "NAT-interface".
    # http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/chap-Virtualization-Network_Configuration.html
    x("virsh net-destroy default")
    x("virsh net-undefine default")
    x("service libvirtd restart")

    # Install network bridge
    install.package("bridge-utils")

    general.set_config_property2("/etc/modprobe.d/syco.conf",
                                 "alias bond0 bonding")

    num_of_if = net.num_of_eth_interfaces()

    front_gw = config.general.get_front_gateway_ip()
    front_resolver = config.general.get_front_resolver_ip()
    front_netmask = config.general.get_front_netmask()
    front_ip = config.host(net.get_hostname()).get_front_ip()

    back_gw = config.general.get_back_gateway_ip()
    back_resolver = config.general.get_back_resolver_ip()
    back_netmask = config.general.get_back_netmask()
    back_ip = config.host(net.get_hostname()).get_back_ip()
    if (num_of_if >= 4):
        # Setup back-net
        _setup_bridge("br0", back_ip, back_netmask, back_gw, back_resolver)
        _setup_bond("bond0", "br0")
        _setup_eth("eth0", "bond0")
        _setup_eth("eth1", "bond0")

        # _setup front-net
        _setup_bridge("br1", front_ip, front_netmask, front_gw, front_resolver)
        _setup_bond("bond1", "br1")
        _setup_eth("eth2", "bond1")
        _setup_eth("eth3", "bond1")
    elif (num_of_if == 2):
        # Setup back-net
        _setup_bridge("br0", back_ip, back_netmask, back_gw, back_resolver)
        _setup_bond("bond0", "br0")
        _setup_eth("eth0", "bond0")

        # _setup front-net
        _setup_bridge("br1", front_ip, front_netmask, front_gw, front_resolver)
        _setup_bond("bond1", "br1")
        _setup_eth("eth1", "bond1")
    else:
        app.print_error("To few network interfaces: " + str(num_of_if))
        _abort_kvm_host_installation()
예제 #7
0
def install_mail_client(args):
  app.print_verbose("Install mail-relay-server version: %d" % SCRIPT_VERSION)
  version_obj = version.Version("Install-mail-relay-client", SCRIPT_VERSION)
  version_obj.check_executed()

  general.shell_exec("yum -y install sendmail")

  file = "/etc/mail/sendmail.mc"
  domain = config.general.get_mail_relay_domain_name()

  app.print_verbose("Configure /etc/mail/*")

  # Set the mail-relay server.
  set_config_property(file,
    ".*define\(\`SMART_HOST\'\, \`.*\'\)dnl",
    "define(`SMART_HOST', `" + domain + "')dnl"
  )

  # FEATURE always_add_domain always masquerades email addresses, even if the
  # mail is sent from a user on the mail server to another user on the same
  # mail server.
  set_config_property2(file, "FEATURE(always_add_domain)dnl")

  # FEATURE masquerade_entire_domain makes sendmail masquerade servers named
  # *my-site.com, and *another-site.com as my-site.com. In other words, mail
  # from sales.my-site.com would be masqueraded as my-site.com. If this wasn't
  # selected, then only servers named my-site.com and my-othersite.com would be
  # masqueraded. Use this with caution when you are sure you have the necessary
  # authority to do this.
  set_config_property2(file, "FEATURE(masquerade_entire_domain)dnl")

  # FEATURE masquerade_envelope rewrites the email envelope just as
  # MASQUERADE_AS rewrote the header.
  set_config_property2(file, "FEATURE(masquerade_envelope)dnl")

  # FEATURE allmasquerade makes sendmail rewrite both recipient addresses and
  # sender addresses relative to the local machine. If you cc: yourself on an
  # outgoing mail, the other recipient sees a cc: to an address he knows instead
  # of one on localhost.localdomain.
  # TODO: need to be before MAILER
  #set_config_property2(file, "FEATURE(allmasquerade)dnl")

  # The MASQUERADE_AS directive makes all mail originating on
  # client appear to come from a server within the domain
  # DOMAIN by rewriting the email header.
  set_config_property(file, ".*MASQUERADE_AS\(\`.*\'\)dnl.*", "MASQUERADE_AS(`" + domain + "')dnl")

  # The MASQUERADE_DOMAIN directive makes mail relayed via mail-relay server
  # from all machines in the localdomain domains appear to come from the
  # MASQUERADE_AS domain. Using DNS, sendmail checks the domain name associated
  # with the IP address of the mail relay client sending the mail to help it
  # determine whether it should do masquerading or not.
  set_config_property2(file, "MASQUERADE_DOMAIN(localhost)dnl")
  set_config_property2(file, "MASQUERADE_DOMAIN(localhost.localdomain)dnl")

  # By default, user "root" will not be masqueraded. Removing the EXPOSED_USER
  # will also masqueraded root.
  set_config_property(file, ".*EXPOSED_USER\(\`root\'\)dnl.*", "dnl EXPOSED_USER(`root')dnl")

  _rebuild_sendmail_config()

  _test_mail()
  version_obj.mark_executed()