def proxy_consul_dns(state=None, host=None): with tempfile.NamedTemporaryFile(delete=False, mode="w") as source_file: source_file.write("[Resolve]\nDNS=127.0.0.1\nDomains=~consul") files.put( name= "Configure systemd-resolved to resolve .consul domains locally", dest="/etc/systemd/resolved.conf.d/consul.conf", src=source_file.name, create_remote_dir=True, state=state, host=host, ) systemd.service( name="Enable systemd-resolved", service="systemd-resolved", enable=True, running=True, state=state, host=host, ) for protocol in ("tcp", "udp"): iptables.rule( name=f"Route localhost {protocol} DNS queries to Consul port", present=True, table="nat", protocol=protocol, chain="OUTPUT", append=True, jump="REDIRECT", destination="localhost", destination_port=DEFAULT_DNS_PORT, to_ports=CONSUL_DNS_PORT, state=state, host=host, )
def configure_hashicorp_product(product: HashicorpProduct, state=None, host=None): put_results = [] for fpath, file_contents in product.render_configuration_files(): temp_src = tempfile.NamedTemporaryFile(delete=False, mode="w") temp_src.write(file_contents) put_results.append( files.put( name=f"Create configuration file {fpath} for {product.name}", src=temp_src.name, create_remote_dir=True, user=product.name, group=product.name, dest=fpath, state=state, host=host, )) temp_src.close() if host.fact.has_systemd: systemd.service( name=f"Reload service for {product.name}", service=product.name, reloaded=any(upload_result.changed for upload_result in put_results), host=host, state=state, )
def _manage_worker_node_keys(concourse_config: ConcourseWorkerConfig, sudo=True, host=None, state=None): if concourse_config.tsa_public_key: tsa_key_file = tempfile.NamedTemporaryFile(delete=False) tsa_key_file.write(concourse_config.tsa_public_key.encode("utf8")) files.put( name="Write TSA public key file", dest=concourse_config.tsa_public_key_path, src=tsa_key_file.name, user=concourse_config.user, mode="600", state=state, host=host, sudo=sudo, ) if concourse_config.worker_private_key: worker_key_file = tempfile.NamedTemporaryFile(delete=False) worker_key_file.write( concourse_config.worker_private_key.encode("utf8")) files.put( name="Write worker private key file", dest=concourse_config.worker_private_key_path, src=worker_key_file.name, user=concourse_config.user, mode="600", state=state, host=host, sudo=sudo, ) elif not host.fact.file(concourse_config.worker_private_key_path): server.shell( name="Generate a worker private key", commands=[ f"{concourse_config.deploy_directory}/bin/concourse generate-key -t ssh -f {concourse_config.worker_private_key_path}" # noqa: E501 ], state=state, host=host, sudo=sudo, )
def configure_caddy(caddy_config: CaddyConfig, state=None, host=None): if caddy_config.caddyfile.suffix == ".j2": caddy_file = files.template( name="Create Caddyfile", src=caddy_config.caddyfile, dest="/etc/caddy/Caddyfile", context=caddy_config.template_context, state=state, host=host, ) else: caddy_file = files.put( name="Upload Caddyfile", src=caddy_config.caddyfile, dest="/etc/caddy/Caddyfile", state=state, host=host, ) return caddy_file.changed
name='Create the pyinfra_stuff database', database='pyinfra_stuff', user='******', user_privileges=['SELECT', 'INSERT'], charset='utf8', ) # Upload & import a SQL file into the pyinfra_stuff database # filename = 'files/a_db.sql' temp_filename = state.get_temp_filename(filename) files.put( name='Upload the a_db.sql file', src=filename, dest=temp_filename, ) mysql.load( name='Import the a_db.sql file', src=temp_filename, database='pyinfra_stuff', ) # Now duplicate the pyinfra_stuff database -> pyinfra_stuff_copy # mysql.database( name='Create the pyinfra_stuff_copy database', database='pyinfra_stuff_copy',
''') python.call( name='Generate client wireguard config', function=generate_client_config, ) python.call( name='Generate wireguard config', function=generate_config, ) files.put( name='Upload wireguard config', src=WG_CONF, dest=f'/etc/wireguard/{WG_IF}.conf', ) files.put(name='Create wireguard interface configuration', src=io.StringIO(f'''\ inet {SERVER} {NETWORK.netmask} NONE description "wireguard" {f"inet6 alias {IPV6NETWORK[102*16*16*16*16]}/112" if IPV6NETWORK else ""} up !/usr/local/bin/wg setconf {WG_IF} /etc/wireguard/wg0.conf !/usr/local/bin/wg set {WG_IF} private-key /etc/wireguard/server.key '''), dest=f'/etc/hostname.{WG_IF}', mode='640')
def call_file_op(): files.put( name="Third main operation", src="files/a_file", dest="/a_file", )
from pyinfra import host from pyinfra.operations import apt, server, files SUDO = False files.put( 'dockerfile', 'dockerfile', )
import os from datetime import datetime from pyinfra.operations import files, server now = datetime.now() time_id = now.strftime("%Y-%m-%d-%H-%M-%S") # 2020-07-27-18-20-06 filename = f'biaoqingbao-frontend-{time_id}.tar.gz' os.system(f'tar -zcvf {filename} ../build') repo_dir = '/opt/www/biaoqingbao-frontend' files.put( name=f'Upload {filename}', src=filename, dest=f'{repo_dir}/{filename}', mode='644', ) files.directory( name='Remove old build dir', path=f'{repo_dir}/build', present=False, ) server.shell( name=f'Extract {filename}', commands=[f'tar -zxvf {filename}'], chdir=repo_dir, )
def _manage_web_node_keys( concourse_config: ConcourseWebConfig, state=None, host=None, sudo=True, ): # Create authorized_keys file files.template( name="Create authorized_keys file to permit worker connections", src=Path(__file__).parent.joinpath("templates", "authorized_keys.j2"), dest=concourse_config.authorized_keys_file, user=concourse_config.user, authorized_keys=concourse_config.authorized_worker_keys or [], state=state, host=host, sudo=sudo, ) # Write tsa_host_key and session_signing_key if concourse_config.tsa_host_key: host_key_file = tempfile.NamedTemporaryFile(delete=False) host_key_file.write(concourse_config.tsa_host_key.encode("utf8")) files.put( name="Write tsa_host_key file", dest=concourse_config.tsa_host_key_path, user=concourse_config.user, mode="600", src=host_key_file.name, state=state, host=host, sudo=sudo, ) elif not host.fact.file(concourse_config.tsa_host_key_path): server.shell( name="Generate a tsa host key", commands=[ f"{concourse_config.deploy_directory}/bin/concourse generate-key -t ssh -f {concourse_config.tsa_host_key_path}" # noqa: E501 ], state=state, host=host, sudo=sudo, ) if concourse_config.session_signing_key: session_signing_key_file = tempfile.NamedTemporaryFile(delete=False) session_signing_key_file.write( concourse_config.session_signing_key.encode("utf8")) files.put( name="Write session_signing_host_key file", dest=concourse_config.session_signing_key_path, user=concourse_config.user, mode="600", src=session_signing_key_file.name, state=state, host=host, sudo=sudo, ) elif not host.fact.file(concourse_config.session_signing_key_path): server.shell( name="Generate a session signing key", commands=[ f"{concourse_config.deploy_directory}/bin/concourse generate-key -t rsa -f {concourse_config.session_signing_key_path}" # noqa: E501 ], state=state, host=host, sudo=sudo, )
if host.get_fact(LinuxName) == "Alpine": server.packages( name="Ensure Consul Template is installed.", packages=["consul-template"], present=True, ) files.link( name="Symlink consul-template.hcl to config.hcl", path="/etc/consul-template/consul-template.hcl", target="/etc/consul-template/configs", ) else: # lol systemd files.put( name="Install Consul Template binary.", src="files/consul-template", dest="/usr/local/sbin/consul-template", mode="755", ) files.put( name="Create Consul Template service.", src="files/consul-template.service", dest="/etc/systemd/system/consul-template.service", mode="644", ) systemd.daemon_reload()
user="******", group="root", mode="644", line='vault_opts="agent -config=/etc/vault.d/agent.hcl"', ) server.service( name="Restart and enable the Vault agent", service="vault", running=True, restarted=True, enabled=True, ) else: # assume systemd by default because of its grasp over everything. files.put( name="Create Vault agent service.", src="files/vault-agent.service", dest="/etc/systemd/system/vault-agent.service", mode="644", ) systemd.service( name="Restart and enable the Vault agent", service="vault-agent.service", running=True, restarted=True, enabled=True, )
files.sync( name='Install hockeypuck binaries', src=project_root + '/bin', dest='/usr/bin', mode='755', user='******', group='root', sudo=True, ) files.put( name='Install hockeypuck service', src=project_root + '/debian/hockeypuck.service', dest='/etc/systemd/system/hockeypuck.service', mode='644', user='******', group='root', sudo=True, ) files.template( name='Configure hockeypuck', src='hockeypuck.conf', dest='/etc/hockeypuck/hockeypuck.conf', mode='644', sudo=True, peers=host.data.peers, ) postgresql.role(
from pyinfra.operations import files # Note: This requires files in the files/ directory. SUDO = True if host.fact.linux_name in ['CentOS', 'RedHat']: files.download( {'Download the Docker repo file'}, 'https://download.docker.com/linux/centos/docker-ce.repo', '/etc/yum.repos.d/docker-ce.repo', ) files.put( {'Update the message of the day file'}, 'files/motd', '/etc/motd', mode='644', ) # prepare to do some maintenance maintenance_line = 'SYSTEM IS DOWN FOR MAINTENANCE' # files.line( # {'Add the down-for-maintenance line in /etc/motd'}, # '/etc/motd', # maintenance_line, # ) # do some maintenance... # Then, after the maintenance is done, remove the maintenance line files.line( {'Remove the down-for-maintenance line in /etc/motd'},
)["auth"]["client_token"] else: vault_token = None files.template( name="Create Nomad Vault config.", src="templates/nomad/vault.j2", dest="/etc/nomad.d/20-vault.hcl", mode="644", vault_token=vault_token, vault_url=host.data.vault_url, ) files.put( name="Create Nomad service.", src="files/nomad/systemd-nomad.service", dest="/etc/systemd/system/nomad.service", mode="644", ) systemd.daemon_reload() server.service( name="Restart Consul Template.", service="consul-template", running=True, restarted=True, enabled=True, ) server.service( name="Restart Nomad.", service="nomad", running=True, enabled=True, restarted=True )
from pyinfra.operations import files, server files.put( name="Install HSM root CA.", src="common/root_ca.crt", dest="/etc/ssl/certs/General_Programming_Root.pem", mode="644", ) server.packages( name="Install base image packages.", packages=[ "gnupg", "software-properties-common", ], )
# Include the whole file again, but for all hosts local.include('tasks/a_task.py') # Execute the @deploy function my_deploy() # Do a loop which will generate duplicate op hashes for i in range(2): server.shell( name='Loop-{0} main operation'.format(i), commands='echo loop_{0}_main_operation'.format(i), ) files.put( name='Third main operation', src='files/a_file', dest='/a_file', ) with state.preserve_loop_order([1, 2]) as loop_items: for item in loop_items(): server.shell( name='Order loop {0}'.format(item), commands='echo loop_{0}'.format(item), ) server.shell( name='2nd Order loop {0}'.format(item), commands='echo loop_{0}'.format(item), ) if host.name == 'somehost':
def call_file_op(): files.put( name='Third main operation', src='files/a_file', dest='/a_file', )
{'Create the pyinfra_stuff database'}, 'pyinfra_stuff', user='******', user_privileges=['SELECT', 'INSERT'], charset='utf8', ) # Upload & import a SQL file into the pyinfra_stuff database # filename = 'files/a_db.sql' temp_filename = state.get_temp_filename(filename) files.put( {'Upload the a_db.sql file'}, filename, temp_filename, ) mysql.load( {'Import the a_db.sql file'}, temp_filename, database='pyinfra_stuff', ) # Now duplicate the pyinfra_stuff database -> pyinfra_stuff_copy # mysql.database( {'Create the pyinfra_stuff_copy database'}, 'pyinfra_stuff_copy',
from pyinfra.facts.files import File from pyinfra.facts.server import LinuxName from pyinfra.operations import files # Note: This requires files in the files/ directory. if host.get_fact(LinuxName) in ["CentOS", "RedHat"]: files.download( name="Download the Docker repo file", src="https://download.docker.com/linux/centos/docker-ce.repo", dest="/etc/yum.repos.d/docker-ce.repo", ) files.put( name="Update the message of the day file", src="files/motd", dest="/etc/motd", mode="644", ) # prepare to do some maintenance maintenance_line = "SYSTEM IS DOWN FOR MAINTENANCE" # files.line( # name='Add the down-for-maintenance line in /etc/motd', # '/etc/motd', # maintenance_line, # ) # do some maintenance... # Then, after the maintenance is done, remove the maintenance line files.line( name="Remove the down-for-maintenance line in /etc/motd",
from pyinfra.operations import files # Note: This requires files in the files/ directory. SUDO = True if host.fact.linux_name in ['CentOS', 'RedHat']: files.download( name='Download the Docker repo file', src='https://download.docker.com/linux/centos/docker-ce.repo', dest='/etc/yum.repos.d/docker-ce.repo', ) files.put( name='Update the message of the day file', src='files/motd', dest='/etc/motd', mode='644', ) # prepare to do some maintenance maintenance_line = 'SYSTEM IS DOWN FOR MAINTENANCE' # files.line( # name='Add the down-for-maintenance line in /etc/motd', # '/etc/motd', # maintenance_line, # ) # do some maintenance... # Then, after the maintenance is done, remove the maintenance line files.line( name='Remove the down-for-maintenance line in /etc/motd',
import ipaddress import json import os from pyinfra import host from pyinfra.operations import files, server, systemd files.template( name="Create Consul config.", src="templates/consul/node.j2", dest="/etc/consul.d/consul.hcl", mode="644", consul_datacenter=host.data.consul_datacenter, consul_servers=json.dumps(host.data.consul_servers), ) files.put( name="Consul node_exporter template.", src="common/consul_configs/service_node_exporter.json", dest="/etc/consul.d/service_node_exporter.json", mode="644", ) server.service( name="Restart Consul.", service="consul", running=True, restarted=True, enabled=True, )