def _init_service(self, mpoint, password): self.service.stop() self.root_user = self.create_linux_user(ROOT_USER, password) self.master_user = self.create_linux_user(MASTER_USER, password) move_files = not self.cluster_dir.is_initialized(mpoint) self.postgresql_conf.data_directory = self.cluster_dir.move_to( mpoint, move_files) self.postgresql_conf.listen_addresses = '*' self.postgresql_conf.wal_level = 'hot_standby' self.postgresql_conf.max_wal_senders = 5 wks = self.postgresql_conf.wal_keep_segments if not wks or int(wks) < 32: self.postgresql_conf.wal_keep_segments = 32 # [TTM-8] if disttool.is_ubuntu() and disttool.version_info() == ( 12, 4) and '9.1' == self.version: #SEE: https://bugs.launchpad.net/ubuntu/+source/postgresql-9.1/+bug/1018307 self.postgresql_conf.ssl_renegotiation_limit = 0 self.cluster_dir.clean() if disttool.is_redhat_based(): self.config_dir.move_to(self.unified_etc_path) make_symlinks(os.path.join(mpoint, STORAGE_DATA_DIR), self.unified_etc_path) self.postgresql_conf = PostgresqlConf.find(self.config_dir) self.pg_hba_conf = PgHbaConf.find(self.config_dir) self.pg_hba_conf.allow_local_connections()
def __init__(self, manifest=None): mgr_name = "apt" if disttool.is_debian_based() else "yum" self.mgr = AptPackageMgr() if disttool.is_debian_based() else YumPackageMgr() self.manifest = os.path.abspath(manifest or self.DEFAULT_MANIFEST) self.conf = configparser.ConfigParser() self.conf.read(self.manifest) dist_id, release = disttool.linux_dist()[0:2] if disttool.is_redhat_based() and not disttool.is_fedora(): dist_id = "el" dist_id = dist_id.lower() major_release = release.split(".")[0] self.sections = [ s % locals() for s in ( "%(mgr_name)s", "%(mgr_name)s:%(dist_id)s", "%(mgr_name)s:%(dist_id)s%(major_release)s", "%(mgr_name)s:%(dist_id)s%(release)s", ) ] self.sections.reverse() LOG.debug( "Initialized ImpLoader with such settings\n" " manifest: %s\n" " sections: %s\n", self.manifest, self.sections, )
def move_to(self, dst, move_files=True): new_cluster_dir = os.path.join(dst, STORAGE_DATA_DIR) if not os.path.exists(dst): LOG.debug( 'Creating directory structure for postgresql cluster: %s' % dst) os.makedirs(dst) if move_files: source = self.path if not os.path.exists(self.path): source = self.default_path LOG.debug( 'data_directory in postgresql.conf points to non-existing location, using %s instead' % source) if source != new_cluster_dir: LOG.debug("copying cluster files from %s into %s" % (source, new_cluster_dir)) shutil.copytree(source, new_cluster_dir) LOG.debug("changing directory owner to %s" % self.user) chown_r(dst, self.user) LOG.debug("Changing postgres user`s home directory") if disttool.is_redhat_based(): #looks like ubuntu doesn`t need this system2([USERMOD, '-d', new_cluster_dir, self.user]) self.path = new_cluster_dir return new_cluster_dir
def __init__(self): if not os.path.exists(MDADM_EXEC): if disttool.is_redhat_based(): system2(('/usr/bin/yum', '-d0', '-y', 'install', 'mdadm', '-x', 'exim'), raise_exc=False) else: mgr = dynimp.package_mgr() mgr.install('mdadm', mgr.candidates('mdadm')[-1]) for location in ['/etc ', '/lib']: path = os.path.join(location, 'udev/rules.d/85-mdadm.rules') if os.path.exists(path): rule = None with open(path, 'r') as fp: rule = fp.read() if rule: rule = re.sub(re.compile('^([^#])', re.M), '#\\1', rule) with open(path, 'w') as fp: fp.write(rule) self._raid_devices_re = re.compile( 'Raid\s+Devices\s+:\s+(?P<count>\d+)') self._total_devices_re = re.compile( 'Total\s+Devices\s+:\s+(?P<count>\d+)') self._state_re = re.compile('State\s+:\s+(?P<state>.+)') self._rebuild_re = re.compile( 'Rebuild\s+Status\s+:\s+(?P<percent>\d+)%') self._level_re = re.compile('Raid Level : (?P<level>.+)')
def __init__(self): if not os.path.exists(MDADM_EXEC): if disttool.is_redhat_based(): system2(('/usr/bin/yum', '-d0', '-y', 'install', 'mdadm', '-x', 'exim'), raise_exc=False) else: mgr = dynimp.package_mgr() mgr.install('mdadm', mgr.candidates('mdadm')[-1]) for location in ['/etc ', '/lib']: path = os.path.join(location, 'udev/rules.d/85-mdadm.rules') if os.path.exists(path): rule = None with open(path, 'r') as fp: rule = fp.read() if rule: rule = re.sub(re.compile('^([^#])', re.M), '#\\1', rule) with open(path, 'w') as fp: fp.write(rule) self._raid_devices_re = re.compile('Raid\s+Devices\s+:\s+(?P<count>\d+)') self._total_devices_re = re.compile('Total\s+Devices\s+:\s+(?P<count>\d+)') self._state_re = re.compile('State\s+:\s+(?P<state>.+)') self._rebuild_re = re.compile('Rebuild\s+Status\s+:\s+(?P<percent>\d+)%') self._level_re = re.compile('Raid Level : (?P<level>.+)')
def move_to(self, dst, move_files=True): new_cluster_dir = os.path.join(dst, STORAGE_DATA_DIR) if not os.path.exists(dst): LOG.debug('Creating directory structure for postgresql cluster: %s' % dst) os.makedirs(dst) if move_files: source = self.path if not os.path.exists(self.path): source = self.default_path LOG.debug('data_directory in postgresql.conf points to non-existing location, using %s instead' % source) if source != new_cluster_dir: LOG.debug("copying cluster files from %s into %s" % (source, new_cluster_dir)) shutil.copytree(source, new_cluster_dir) LOG.debug("changing directory owner to %s" % self.user) chown_r(dst, self.user) LOG.debug("Changing postgres user`s home directory") if disttool.is_redhat_based(): #looks like ubuntu doesn`t need this system2([USERMOD, '-d', new_cluster_dir, self.user]) self.path = new_cluster_dir return new_cluster_dir
def _init_service(self, mpoint, password): self.service.stop() self.root_user = self.create_linux_user(ROOT_USER, password) self.master_user = self.create_linux_user(MASTER_USER, password) move_files = not self.cluster_dir.is_initialized(mpoint) self.postgresql_conf.data_directory = self.cluster_dir.move_to(mpoint, move_files) self.postgresql_conf.listen_addresses = "*" self.postgresql_conf.wal_level = "hot_standby" self.postgresql_conf.max_wal_senders = 5 wks = self.postgresql_conf.wal_keep_segments if not wks or int(wks) < 32: self.postgresql_conf.wal_keep_segments = 32 # [TTM-8] if disttool.is_ubuntu() and disttool.version_info() == (12, 4) and "9.1" == self.version: # SEE: https://bugs.launchpad.net/ubuntu/+source/postgresql-9.1/+bug/1018307 self.postgresql_conf.ssl_renegotiation_limit = 0 self.cluster_dir.clean() if disttool.is_redhat_based(): self.config_dir.move_to(self.unified_etc_path) make_symlinks(os.path.join(mpoint, STORAGE_DATA_DIR), self.unified_etc_path) self.postgresql_conf = PostgresqlConf.find(self.config_dir) self.pg_hba_conf = PgHbaConf.find(self.config_dir) self.pg_hba_conf.allow_local_connections()
def __init__(self, manifest=None): mgr_name = 'apt' if disttool.is_debian_based() else 'yum' self.mgr = AptPackageMgr() if disttool.is_debian_based( ) else YumPackageMgr() self.manifest = os.path.abspath(manifest or self.DEFAULT_MANIFEST) self.conf = configparser.ConfigParser() self.conf.read(self.manifest) dist_id, release = disttool.linux_dist()[0:2] if disttool.is_redhat_based() and not disttool.is_fedora(): dist_id = 'el' dist_id = dist_id.lower() major_release = release.split('.')[0] self.sections = [ s % locals() for s in ('%(mgr_name)s', '%(mgr_name)s:%(dist_id)s', '%(mgr_name)s:%(dist_id)s%(major_release)s', '%(mgr_name)s:%(dist_id)s%(release)s') ] self.sections.reverse() LOG.debug( 'Initialized ImpLoader with such settings\n' ' manifest: %s\n' ' sections: %s\n', self.manifest, self.sections)
def test_DistTool(self): self.assertTrue(disttool.is_linux()) self.assertTrue(disttool.is_redhat_based()) self.assertTrue(disttool.is_fedora()) self.assertFalse(disttool.is_win()) self.assertFalse(disttool.is_sun()) self.assertFalse(disttool.is_debian_based())
def _change_selinux_ctx(self): try: chcon = software.which('chcon') except LookupError: return if disttool.is_redhat_based(): LOG.debug('Changing SELinux file security context for new mysql datadir') system2((chcon, '-R', '-u', 'system_u', '-r', 'object_r', '-t', 'mysqld_db_t', os.path.dirname(__mysql__['storage_dir'])), raise_exc=False)
def __init__(self): self._objects = {} self.service = initdv2.lookup(SERVICE_NAME) if not os.path.exists(MYCNF_PATH): if disttool.is_redhat_based() and os.path.exists('/usr/share/mysql/my-medium.cnf'): shutil.copy('/usr/share/mysql/my-medium.cnf', MYCNF_PATH) else: fp = open(MYCNF_PATH, 'w') fp.write('[mysqld]') fp.close()
def test_on_mysql_newmaster_up(self): bus.queryenv_service = _QueryEnv() bus.platform = _Platform() config = bus.config sect_name = configtool.get_behaviour_section_name(mysql.BEHAVIOUR) config.set(sect_name, mysql.OPT_REPLICATION_MASTER, '0') handler = _MysqlHandler() root_pass, repl_pass, stat_pass = handler._add_mysql_users(mysql.ROOT_USER, mysql.REPL_USER, mysql.STAT_USER) handler._update_config( {mysql.OPT_ROOT_PASSWORD : root_pass, mysql.OPT_REPL_PASSWORD : repl_pass, mysql.OPT_STAT_PASSWORD : stat_pass}) message = _Message() if disttool.is_redhat_based(): daemon = "/usr/libexec/mysqld" else: daemon = "/usr/sbin/mysqld" initd.stop("mysql") myd = Popen([daemon, '--defaults-file=/etc/mysql2/my.cnf', '--skip-grant-tables'], stdin=PIPE, stdout=PIPE, stderr=STDOUT) ping_service(LOCAL_IP, 3306, 5) myclient = pexpect.spawn('/usr/bin/mysql -h'+LOCAL_IP) myclient.expect('mysql>') repl_password = re.sub('[^\w]','', cryptotool.keygen(20)) sql = "update mysql.user set password = PASSWORD('"+repl_password+"') where user = '******';" myclient.sendline(sql) myclient.expect('mysql>') result = myclient.before if re.search('ERROR', result): os.kill(myd.pid, signal.SIGTERM) raise BaseException("Cannot update user", result) myclient.sendline('FLUSH TABLES WITH READ LOCK;') myclient.expect('mysql>') # system('cp -pr /var/lib/mysql /var/lib/backmysql') # system('rm -rf /var/lib/mysql && cp -pr /var/lib/mysql2 /var/lib/mysql') myclient.sendline('SHOW MASTER STATUS;') myclient.expect('mysql>') # retrieve log file and position try: master_status = myclient.before.split('\r\n')[4].split('|') except: raise BaseException("Cannot get master status") finally: myclient.sendline('UNLOCK TABLES;') os.kill(myd.pid, signal.SIGTERM) myd = Popen([daemon, '--defaults-file=/etc/mysql2/my.cnf'], stdin=PIPE, stdout=PIPE, stderr=STDOUT) ping_service(LOCAL_IP, 3306, 5) message.log_file = master_status[1].strip() message.log_pos = master_status[2].strip() message.repl_user = mysql.REPL_USER message.repl_password = repl_password message.root_password = root_pass handler.on_Mysql_NewMasterUp(message) os.kill(myd.pid, signal.SIGTERM) initd.stop("mysql") system ('rm -rf /var/lib/mysql && cp -pr /var/lib/backmysql /var/lib/mysql && rm -rf /var/lib/backmysql') config.set(sect_name, mysql.OPT_REPLICATION_MASTER, '1')
def extract_datadir_and_log(): if disttool.is_redhat_based(): my_cnf_file = "/etc/my.cnf" else: my_cnf_file = "/etc/mysql/my.cnf" file = open(my_cnf_file) mycnf = file.read() file.close() datadir = re.search(re.compile('^\s*datadir\s*=\s*(.*)$', re.MULTILINE), mycnf).group(1) log_bin = re.search(re.compile('^\s*log_bin\s*=\s*(.*)$', re.MULTILINE), mycnf).group(1) return datadir, log_bin
def __init__(self): self._objects = {} self.service = initdv2.lookup(SERVICE_NAME) if not os.path.exists(MYCNF_PATH): if disttool.is_redhat_based() and os.path.exists( '/usr/share/mysql/my-medium.cnf'): shutil.copy('/usr/share/mysql/my-medium.cnf', MYCNF_PATH) else: fp = open(MYCNF_PATH, 'w') fp.write('[mysqld]') fp.close()
def __init__(self): self._logger = logging.getLogger(__name__) if disttool.is_redhat_based(): init_script = ('/sbin/service', 'sshd') elif disttool.is_ubuntu() and disttool.version_info() >= (10, 4): init_script = ('/usr/sbin/service', 'ssh') else: init_script = firstmatched(os.path.exists, ('/etc/init.d/ssh', '/etc/init.d/sshd')) self._sshd_init = ParametrizedInitScript('sshd', init_script) bus.on(init=self.on_init)
def update(self, workdir): if not os.access(self.executable, os.X_OK): self._logger.info('Installing Git SCM...') if disttool.is_debian_based(): system2(('apt-get', '-y', 'install', 'git-core')) elif disttool.is_redhat_based(): system2(('yum', '-y', 'install', 'git')) else: raise SourceError('Cannot install Git. Unknown distribution %s' % str(disttool.linux_dist())) #if not os.path.exists(workdir): # self._logger.info('Creating destination directory') # os.makedirs(workdir) tmpdir = tempfile.mkdtemp() env = {} try: if self.private_key: pk_path = os.path.join(tmpdir, 'pk.pem') filetool.write_file(pk_path, self.private_key) os.chmod(pk_path, 0400) git_ssh_path = os.path.join(tmpdir, 'git_ssh.sh') filetool.write_file(git_ssh_path, self.ssh_tpl % pk_path) os.chmod(git_ssh_path, 0755) env.update(dict(GIT_SSH=git_ssh_path)) if os.path.exists(os.path.join(workdir, '.git')): origin_url = system2(('git', 'config', '--get', 'remote.origin.url'), cwd=workdir, raise_exc=False)[0] if origin_url.strip() != self.url.strip(): self._logger.info('%s is not origin of %s (%s is)', self.url, workdir, origin_url) self._logger.info('Remove all files in %s and checkout from %s', workdir, self.url ) shutil.rmtree(workdir) os.mkdir(workdir) out, err, ret_code = system2(('git', 'clone', self.url, workdir), env=env) else: self._logger.info('Updating directory %s (git-pull)', workdir) out, err, ret_code = system2(('git', 'pull'), env=env, cwd=workdir) else: self._logger.info('Checkout from %s', self.url) out, err, ret_code = system2(('git', 'clone', self.url, workdir), env=env) if ret_code: raise Exception('Git failed to clone repository. %s' % out) self._logger.info('Successfully deployed %s from %s', workdir, self.url) finally: shutil.rmtree(tmpdir)
def main(): init_script() logger = logging.getLogger("scalarizr.scripts.update") logger.info("Starting update script...") if disttool.is_debian_based(): logger.info("Updating scalarizr with Apt") system2("apt-get -y install scalarizr", shell=True) elif disttool.is_redhat_based(): logger.info("Updating scalarizr with Yum") system2("yum -y update scalarizr", shell=True) else: logger.error("Don't know how to update scalarizr on %s", " ".join(disttool.linux_dist()))
def __init__(self): pid_file = None if disttool.is_redhat_based(): pid_file = "/var/run/memcached/memcached.pid" elif disttool.is_debian_based(): pid_file = "/var/run/memcached.pid" initd_script = '/etc/init.d/memcached' if not os.path.exists(initd_script): raise HandlerError("Cannot find Memcached init script at %s. Make sure that memcached is installed" % initd_script) initdv2.ParametrizedInitScript.__init__(self, 'memcached', initd_script, pid_file, socks=[initdv2.SockParam(11211)])
def update(self, workdir): if not os.access(self.executable, os.X_OK): self._logger.info('Installing Subversion SCM...') if disttool.is_debian_based(): system2(('apt-get', '-y', '--force-yes', 'install', 'subversion')) elif disttool.is_redhat_based(): system2(('yum', '-y', 'install', 'subversion')) else: raise SourceError('Cannot install Subversion. Unknown distribution %s' % str(disttool.linux_dist())) do_update = False if os.path.exists(os.path.join(workdir, '.svn')): out = system2(('svn', 'info', workdir))[0] try: svn_url = filter(lambda line: line.startswith('URL:'), out.split('\n'))[0].split(':', 1)[1].strip() except IndexError: raise SourceError('Cannot extract Subversion URL. Text:\n %s', out) if svn_url != self.url: #raise SourceError('Working copy %s is checkouted from different repository %s' % (workdir, svn_url)) self._logger.info('%s is not origin of %s (%s is)', self.url, workdir, svn_url) self._logger.info('Remove all files in %s and checkout from %s', workdir, self.url) shutil.rmtree(workdir) os.mkdir(workdir) else: do_update = True args = [ 'svn' , 'update' if do_update else 'co' ] if self.login and self.password: args += [ '--username', self.login, '--password', self.password, '--non-interactive' ] if self.client_version >= (1, 5, 0): args += ['--trust-server-cert'] if args[1] == 'co': args += [self.url] args += [workdir] self._logger.info('Updating source from %s into working dir %s', self.url, workdir) out = system2(args)[0] self._logger.info(out) self._logger.info('Deploying %s to %s has been completed successfully.' % (self.url,workdir))
def apache_software_info(): binary_name = "httpd" if disttool.is_redhat_based() else "apache2" binaries = whereis(binary_name) if not binaries: raise SoftwareError("Can't find executable for apache http server") out = system2((binaries[0], '-V'))[0] if not out: raise SoftwareError version_string = out.splitlines()[0] res = re.search('[\d\.]+', version_string) if res: version = res.group(0) return SoftwareInfo('apache', version, out) raise SoftwareError
def _init_service(self, mpoint, password): self.service.stop() self.root_user = self.create_linux_user(ROOT_USER, password) move_files = not self.cluster_dir.is_initialized(mpoint) self.postgresql_conf.data_directory = self.cluster_dir.move_to(mpoint, move_files) self.postgresql_conf.listen_addresses = '*' self.postgresql_conf.wal_level = 'hot_standby' self.postgresql_conf.max_wal_senders = 5 self.postgresql_conf.wal_keep_segments = 32 self.cluster_dir.clean() if disttool.is_redhat_based(): self.config_dir.move_to(self.unified_etc_path) make_symlinks(os.path.join(mpoint, STORAGE_DATA_DIR), self.unified_etc_path) self.postgresql_conf = PostgresqlConf.find(self.config_dir) self.pg_hba_conf = PgHbaConf.find(self.config_dir) self.pg_hba_conf.allow_local_connections()
def on_init(self): #temporary fix for starting-after-rebundle issue if not os.path.exists(PG_SOCKET_DIR): os.makedirs(PG_SOCKET_DIR) chown_r(PG_SOCKET_DIR, 'postgres') bus.on("host_init_response", self.on_host_init_response) bus.on("before_host_up", self.on_before_host_up) bus.on("before_reboot_start", self.on_before_reboot_start) self._insert_iptables_rules() if __node__['state'] == ScalarizrState.BOOTSTRAPPING: if disttool.is_redhat_based(): checkmodule_path = software.which('checkmodule') semodule_package_path = software.which('semodule_package') semodule_path = software.which('semodule') if all((checkmodule_path, semodule_package_path, semodule_path)): with open('/tmp/sshkeygen.te', 'w') as fp: fp.write(SSH_KEYGEN_SELINUX_MODULE) self._logger.debug('Compiling SELinux policy for ssh-keygen') system2((checkmodule_path, '-M', '-m', '-o', '/tmp/sshkeygen.mod', '/tmp/sshkeygen.te'), logger=self._logger) self._logger.debug('Building SELinux package for ssh-keygen') system2((semodule_package_path, '-o', '/tmp/sshkeygen.pp', '-m', '/tmp/sshkeygen.mod'), logger=self._logger) self._logger.debug('Loading ssh-keygen SELinux package') system2((semodule_path, '-i', '/tmp/sshkeygen.pp'), logger=self._logger) if __node__['state'] == 'running': vol = storage2.volume(__postgresql__['volume']) vol.ensure(mount=True) self.postgresql.service.start() self.accept_all_clients() self._logger.debug("Checking presence of Scalr's PostgreSQL root user.") root_password = self.root_password if not self.postgresql.root_user.exists(): self._logger.debug("Scalr's PostgreSQL root user does not exist. Recreating") self.postgresql.root_user = self.postgresql.create_linux_user(ROOT_USER, root_password) else: try: self.postgresql.root_user.check_system_password(root_password) self._logger.debug("Scalr's root PgSQL user is present. Password is correct.") except ValueError: self._logger.warning("Scalr's root PgSQL user was changed. Recreating.") self.postgresql.root_user.change_system_password(root_password) if self.is_replication_master: #ALTER ROLE cannot be executed in a read-only transaction self._logger.debug("Checking password for pg_role scalr.") if not self.postgresql.root_user.check_role_password(root_password): LOG.warning("Scalr's root PgSQL role was changed. Recreating.") self.postgresql.root_user.change_role_password(root_password)
except (ValueError, IndexError): self._logger.debug('no http/server section') else: self._logger.debug('Do not removing http/server section') if not config.get_list('http/server'): config.read(os.path.join(bus.share_path, "nginx/server.tpl")) if disttool.is_debian_based(): # Comment /etc/nginx/sites-enabled/* try: i = config.get_list('http/include').index('/etc/nginx/sites-enabled/*') config.comment('http/include[%d]' % (i+1)) self._logger.debug('comment site-enabled include') except (ValueError, IndexError): self._logger.debug('site-enabled include already commented') elif disttool.is_redhat_based(): def_host_path = '/etc/nginx/conf.d/default.conf' if os.path.exists(def_host_path): default_host = Configuration('nginx') default_host.read(def_host_path) default_host.comment('server') default_host.write(def_host_path) if dump == self._dump_config(config): self._logger.debug("Main nginx config wasn`t changed") else: # Write new nginx.conf shutil.copy(nginx_conf_path, nginx_conf_path + '.bak') config.write(nginx_conf_path) if reload_service: self.api._reload_service()
def enabled(self): if disttool.is_redhat_based(): return self._chkconfig() else: return self.usable()
return f(*args) return d def devname_not_empty(f): def d(*args, **kwargs): if not args[1].devname: raise StorageError('Device name is empty.') return f(*args, **kwargs) return d RHEL_DEVICE_ORDERING_BUG = False if disttool.is_redhat_based(): # Check that system is affected by devices ordering bug # https://bugzilla.redhat.com/show_bug.cgi?id=729340 rootfs = [ entry for entry in mount.mounts() if entry.mpoint == '/' and entry.device.startswith('/dev') ][0] RHEL_DEVICE_ORDERING_BUG = rootfs.device.startswith('/dev/xvde') def get_system_devname(devname): if '/xvd' in devname: return devname ret = devname.replace('/sd', '/xvd') if os.path.exists( '/dev/xvda1') or RHEL_DEVICE_ORDERING_BUG else devname if RHEL_DEVICE_ORDERING_BUG:
def on_init(self): #temporary fix for starting-after-rebundle issue if not os.path.exists(PG_SOCKET_DIR): os.makedirs(PG_SOCKET_DIR) rchown(user='******', path=PG_SOCKET_DIR) bus.on("host_init_response", self.on_host_init_response) bus.on("before_host_up", self.on_before_host_up) bus.on("before_reboot_start", self.on_before_reboot_start) bus.on("before_reboot_finish", self.on_before_reboot_finish) if self._cnf.state == ScalarizrState.BOOTSTRAPPING: self._insert_iptables_rules() if disttool.is_redhat_based(): checkmodule_paths = software.whereis('checkmodule') semodule_package_paths = software.whereis('semodule_package') semodule_paths = software.whereis('semodule') if all((checkmodule_paths, semodule_package_paths, semodule_paths)): filetool.write_file('/tmp/sshkeygen.te', SSH_KEYGEN_SELINUX_MODULE, logger=self._logger) self._logger.debug('Compiling SELinux policy for ssh-keygen') system2((checkmodule_paths[0], '-M', '-m', '-o', '/tmp/sshkeygen.mod', '/tmp/sshkeygen.te'), logger=self._logger) self._logger.debug('Building SELinux package for ssh-keygen') system2((semodule_package_paths[0], '-o', '/tmp/sshkeygen.pp', '-m', '/tmp/sshkeygen.mod'), logger=self._logger) self._logger.debug('Loading ssh-keygen SELinux package') system2((semodule_paths[0], '-i', '/tmp/sshkeygen.pp'), logger=self._logger) if self._cnf.state == ScalarizrState.RUNNING: storage_conf = Storage.restore_config(self._volume_config_path) storage_conf['tags'] = self.postgres_tags self.storage_vol = Storage.create(storage_conf) if not self.storage_vol.mounted(): self.storage_vol.mount() self.postgresql.service.start() self.accept_all_clients() self._logger.debug("Checking presence of Scalr's PostgreSQL root user.") root_password = self.root_password if not self.postgresql.root_user.exists(): self._logger.debug("Scalr's PostgreSQL root user does not exist. Recreating") self.postgresql.root_user = self.postgresql.create_user(ROOT_USER, root_password) else: try: self.postgresql.root_user.check_system_password(root_password) self._logger.debug("Scalr's root PgSQL user is present. Password is correct.") except ValueError: self._logger.warning("Scalr's root PgSQL user was changed. Recreating.") self.postgresql.root_user.change_system_password(root_password) if self.is_replication_master: #ALTER ROLE cannot be executed in a read-only transaction self._logger.debug("Checking password for pg_role scalr.") if not self.postgresql.root_user.check_role_password(root_password): self._logger.warning("Scalr's root PgSQL role was changed. Recreating.") self.postgresql.root_user.change_role_password(root_password)
def on_init(self): #temporary fix for starting-after-rebundle issue if not os.path.exists(PG_SOCKET_DIR): os.makedirs(PG_SOCKET_DIR) chown_r(PG_SOCKET_DIR, 'postgres') bus.on("host_init_response", self.on_host_init_response) bus.on("before_host_up", self.on_before_host_up) bus.on("before_reboot_start", self.on_before_reboot_start) self._insert_iptables_rules() if __node__['state'] == ScalarizrState.BOOTSTRAPPING: if disttool.is_redhat_based(): checkmodule_paths = software.whereis('checkmodule') semodule_package_paths = software.whereis('semodule_package') semodule_paths = software.whereis('semodule') if all((checkmodule_paths, semodule_package_paths, semodule_paths)): with open('/tmp/sshkeygen.te', 'w') as fp: fp.write(SSH_KEYGEN_SELINUX_MODULE) self._logger.debug( 'Compiling SELinux policy for ssh-keygen') system2((checkmodule_paths[0], '-M', '-m', '-o', '/tmp/sshkeygen.mod', '/tmp/sshkeygen.te'), logger=self._logger) self._logger.debug( 'Building SELinux package for ssh-keygen') system2((semodule_package_paths[0], '-o', '/tmp/sshkeygen.pp', '-m', '/tmp/sshkeygen.mod'), logger=self._logger) self._logger.debug('Loading ssh-keygen SELinux package') system2((semodule_paths[0], '-i', '/tmp/sshkeygen.pp'), logger=self._logger) if __node__['state'] == 'running': vol = storage2.volume(__postgresql__['volume']) if not vol.tags: vol.tags = self.resource_tags() vol.ensure(mount=True) self.postgresql.service.start() self.accept_all_clients() self._logger.debug( "Checking presence of Scalr's PostgreSQL root user.") root_password = self.root_password if not self.postgresql.root_user.exists(): self._logger.debug( "Scalr's PostgreSQL root user does not exist. Recreating") self.postgresql.root_user = self.postgresql.create_linux_user( ROOT_USER, root_password) else: try: self.postgresql.root_user.check_system_password( root_password) self._logger.debug( "Scalr's root PgSQL user is present. Password is correct." ) except ValueError: self._logger.warning( "Scalr's root PgSQL user was changed. Recreating.") self.postgresql.root_user.change_system_password( root_password) if self.is_replication_master: #ALTER ROLE cannot be executed in a read-only transaction self._logger.debug("Checking password for pg_role scalr.") if not self.postgresql.root_user.check_role_password( root_password): LOG.warning( "Scalr's root PgSQL role was changed. Recreating.") self.postgresql.root_user.change_role_password( root_password)