def _configure_celery(self, node_roles): logger.info("Updating Celery's supervisord config") hostname = env.hostname enable_periodic_tasks = env.enable_periodic_tasks enable_celery_ldap = env.enable_celery_ldap celery_conf = self.conf.get('celery', {}) newrelic_conf = self.conf.get('newrelic', {}) new_relic_environment = newrelic_conf.get('environment', None) context = { 'new_relic_environment': new_relic_environment, 'hostname': hostname, 'enable_periodic_tasks': enable_periodic_tasks, 'enable_celery_ldap': enable_celery_ldap, 'celery': celery_conf, } with hide(*fab_output_hides): changed = upload_template_changed( '../config/tpl/celery/etc/supervisor/conf.d/celeryd.conf', '/etc/supervisor/conf.d/celeryd.conf', use_sudo=True, mode=0600, use_jinja=True, context=context, ) if changed: self.modified_services.append(SUPERVISORD)
def _configure_ipsec_networking(self): """ Configure ``/etc/sysctl.conf`` for ipsec networking. Return True if the file changed. """ with hide(*fab_output_hides): changed = upload_template_changed( '../config/tpl/sysctl.conf', '/etc/sysctl.conf', use_sudo=True, mode=0600, ) if changed: sudo('sysctl -p /etc/sysctl.conf') return changed
def _configure_ipsec_site(self, name, confs): """ Configure ``/etc/ipsec.d/<name>.conf`` and return True if the file changed. """ site_conf_tpl = '../config/tpl/ipsec.d/_.conf' context = { 'conn_name': name, 'elastic_ip': env.aws_elastic_ip, } for key, value in confs.items(): context[key] = value with hide(*fab_output_hides): return upload_template_changed( site_conf_tpl, '/etc/ipsec.d/%s.conf' % name, context=context, use_sudo=True, mode=0600, )
def _configure_ipsec_base(self, ipsec_confs): """ Configure ``/etc/ipsec.conf`` and return True if the file changed. Excludes all of the right side subnets from ``virtual_private`` so that they're properly sent to the remote tunnel. """ base_conf_tpl = '../config/tpl/ipsec/ipsec.conf' subnet_exclusions = [] for conf in ipsec_confs.values(): subnet_exclusion = '%%v4:!%s' % conf['right_subnet'] subnet_exclusions.append(subnet_exclusion) excluded_subnets = ','.join(subnet_exclusions) with hide(*fab_output_hides): return upload_template_changed( base_conf_tpl, '/etc/ipsec.conf', context={'excluded_subnets': excluded_subnets}, use_sudo=True, mode=0600, )
def _configure_calabar(self): logger.info("Configuring Calabar") tunnel_confs_dir = '../config/tpl/calabar/tunnel_confs/' configuration_changed = False # Push the main calabar.conf file with hide(*fab_output_hides): changed = put_changed( '../config/tpl/calabar/calabar.conf', '/etc/calabar/calabar.conf', use_sudo=True, mode=0600) if changed: configuration_changed = True # Push each of the tunnel configs # Need to make sure the tunnel_confs directory exists with hide(*fab_output_hides): sudo('mkdir --parents /etc/calabar/tunnel_confs') with hide(*fab_output_hides): for dirpath, _, filenames in os.walk(tunnel_confs_dir): for filename in filenames: calabar_config_file = os.path.join(dirpath, filename) changed = upload_template_changed( calabar_config_file, '/etc/calabar/tunnel_confs/', context=env.calabar_conf_context, use_sudo=True, mode=0600) if changed: configuration_changed = True if configuration_changed: logger.info("Calabar config changed. Restarting calabard.") with hide(*fab_output_hides): sudo('supervisorctl stop calabard') sudo('supervisorctl start calabard')
def _configure_ipsec_secrets(self, ipsec_confs): """ Configure ``/etc/ipsec.secrets`` and return True if the file changed. """ secrets_tpl = '../config/tpl/ipsec/ipsec.secrets' secret_confs = [] for name, conf in ipsec_confs.items(): secret_conf = { 'right_public_ip': conf['right_public_ip'], 'psk': env.get('ipsec_psk_%s' % name), } secret_confs.append(secret_conf) # Configure the /etc/ipsec.d/<name>.conf file with passwords with hide(*fab_output_hides): return upload_template_changed( secrets_tpl, '/etc/ipsec.secrets', context={'confs': secret_confs}, use_sudo=True, mode=0600, use_jinja=True )
def _configure_webservers(self, node_roles): """ Configure nginx and uwsgi. """ logger.info("Configuring uwsgi") with hide(*fab_quiet): # Configure the uwsgi app context = { 'project_root': env.project_root, 'domain': env.pstat_url, } upload_template( '../config/tpl/newrelic/policystat.ini', '/etc/newrelic/policystat.ini', context, use_sudo=True ) upload_template( '../config/tpl/uwsgi/policystat.yaml', '/etc/uwsgi/policystat.yaml', context, use_sudo=True ) # Configure the supervisord config for uwsgi newrelic_conf = self.conf.get('newrelic', {}) new_relic_environment = newrelic_conf.get('environment', None) context = { 'new_relic_environment': new_relic_environment, } changed = upload_template_changed( '../config/tpl/uwsgi/etc/supervisor/conf.d/uwsgi.conf', '/etc/supervisor/conf.d/uwsgi.conf', use_sudo=True, mode=0600, use_jinja=True, context=context, ) if changed: self.modified_services.append(SUPERVISORD) # Give user policystat access to configuration files files = [ '/etc/uwsgi/policystat.yaml', '/etc/newrelic/policystat.ini', ] sudo('chown %s %s' % (F_CHOWN, ' '.join(files))) logger.info("Configuring nginx") # Configure the nginx host context = { 'project_root': env.project_root, 'domain': env.pstat_url, } upload_template( '../config/tpl/nginx/pstat', '/etc/nginx/sites-available/%s' % env.pstat_url, context, use_sudo=True, ) # Make sure no other sites are enabled sudo('rm -f /etc/nginx/sites-enabled/*') # Enable our site sudo( 'ln -s ' '/etc/nginx/sites-available/%(pstat_url)s ' '/etc/nginx/sites-enabled/%(pstat_url)s' % env )