def update_hosts_file(name, ip):
files.line(
{'Add hosts to /etc/hosts'},
'/etc/hosts',
r' {}.example.com '.format(name),
replace='{} {}.example.com {}'.format(ip, name, name),
)
def update_hosts_file(name, ip):
name = name.replace('@vagrant/', '')
files.line(
{'Add hosts to /etc/hosts'},
'/etc/hosts',
r' {}.example.com '.format(name),
replace='{} {}.example.com {}'.format(ip, name, name),
)
yum.packages(
{'Install chrony for Network Time Protocol (NTP)'},
['chrony'],
)
major = host.fact.linux_distribution['major']
yum.rpm(
{'Install Puppet Repo'},
'https://yum.puppet.com/puppet6-release-el-{}.noarch.rpm'.format(
major),
)
files.line(
{'Ensure SELINUX is disabled'},
'/etc/sysconfig/selinux',
r'SELINUX=.*',
replace='SELINUX=disabled',
)
# TODO: should reboot after SELINUX is disabled (how to check/easy way to reboot)
# TODO: how to determine when reboot is complete
# TODO: run sestatus
if host in masters:
install = yum.packages(
{'Install puppet server'},
['puppetserver'],
)
config = files.template(
{'Ensure the directory `{}` exists'.format(dir)},
dir,
)
init.systemd(
{'Restart and enable dnsmasq'},
'dnsmasq',
running=True,
restarted=True,
enabled=True,
)
files.line(
{'Ensure /netboot/nfs is in /etc/exports'},
'/etc/exports',
r'/netboot/nfs .*',
replace='/netboot/nfs *(ro,sync,no_wdelay,insecure_locks,'
'no_root_squash,insecure,no_subtree_check)',
)
server.shell(
{'Make share available'},
'exportfs -a',
)
if not host.fact.file('/netboot/tftp/pxelinux.0'):
server.shell(
{'Copy pxelinux.0 '},
'cp -v /usr/lib/PXELINUX/pxelinux.0 /netboot/tftp/',
)
# Manage remote rpm files
yum.rpm((
'https://dl.fedoraproject.org/pub/epel/epel-release-latest-'
'{{ host.fact.linux_distribution.major }}.noarch.rpm'
), sudo=True)
# yum package manager
yum.packages(
['git', 'python-pip'],
sudo=True,
)
# Edit lines in files
files.line(
'/etc/sysconfig/selinux',
'^SELINUX=.*',
replace='SELINUX=disabled',
sudo=True,
)
# Ensure the state of git repositories
git.repo(
'[email protected]:Fizzadar/pyinfra',
host.data.app_dir,
branch='develop',
ssh_keyscan=True,
run_once=True,
sudo=True,
# Carry SSH agent details w/sudo
preserve_sudo_env=True,
)
)
# prepare to do some maintenance
maintenance_line = 'SYSTEM IS DOWN FOR MAINTENANCE'
# files.line(
# {'Add the down-for-maintenance line in /etc/motd'},
# '/etc/motd',
# maintenance_line,
# )
# do some maintenance...
# Then, after the maintenance is done, remove the maintenance line
files.line(
{'Remove the down-for-maintenance line in /etc/motd'},
'/etc/motd',
maintenance_line,
replace='',
present=False,
)
files.replace(
{'Change part of a line in a file'},
'/etc/motd',
'verboten',
'forbidden',
)
# Sync local files/tempdir to remote /tmp/tempdir
files.sync(
{'Sync a local directory with remote'},
'files/tempdir',
def install_keystone_service(state, host):
create_database(state, host, 'keystone')
keystone_install = apt.packages(
state, host,
{'Install keystone'},
['keystone'],
)
files.template(
state, host,
{'Generate keystone config'},
get_template_path('keystone.conf.j2'),
'/etc/keystone/keystone.conf',
)
server.shell(
state, host,
{'Sync the keystone database'},
'keystone-manage db_sync',
)
# Bootstrap keystone: only do this if newly installed
if keystone_install.changed:
server.shell(
state, host, '''
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap \
--bootstrap-password {{ host.data.admin_password }} \
--bootstrap-admin-url http://{{ host.data.controller_host }}:35357/v3/ \
--bootstrap-internal-url http://{{ host.data.controller_host }}:35357/v3/ \
--bootstrap-public-url http://{{ host.data.controller_host }}:5000/v3/ \
--bootstrap-region-id RegionOne
''')
update_apache_config = files.line(
state, host,
{'Set ServerName in apache2 config'},
'/etc/apache2/apache2.conf',
'ServerName.*',
replace='ServerName {{ host.data.ssh_hostname }}',
)
init.service(
state, host,
{'Restart apache2'},
'apache2',
restarted=update_apache_config.changed,
)
if keystone_install.changed:
server.shell(
state, host,
{'Create initial projects/users/roles'},
(
'openstack project create --domain default service',
'openstack project create --domain default user',
'openstack user create --domain default --password hamble user-1',
'openstack role create user',
'openstack role add --project user --user user-1 user',
),
env=make_admin_env(host),
)
from pyinfra.modules import files
SUDO = True
# Run: pyinfra @docker/ubuntu files_line_with_quotes.py
line = 'QUOTAUSER=""'
results = files.line(
{'Example with double quotes (")'},
'/etc/adduser.conf',
'^{}$'.format(line),
replace=line,
)
print(results.changed)
files.template(
{'Create index.html'},
'templates/index.html.j2',
'/web/index.html',
)
files.link(
{'Create link /web/index.htm that points to /web/index.html'},
'/web/index.htm',
'/web/index.html',
)
# Note: Allowing sudo to python is not a very secure.
files.line(
{'Ensure myweb can run /usr/bin/python3 without password'},
'/etc/sudoers',
r'myweb .*',
replace='myweb ALL=(ALL) NOPASSWD: /usr/bin/python3',
)
server.shell(
{'Check that sudoers file is ok'},
'visudo -c',
)
init.systemd(
{'Restart and enable myweb'},
'myweb',
running=True,
restarted=True,
enabled=True,
daemon_reload=True,