def install_restservice():
utils.set_service_as_cloudify_service(runtime_props)
rest_service_rpm_source_url = ctx_properties['rest_service_rpm_source_url']
rest_venv = join(HOME_DIR, 'env')
agent_dir = join(utils.MANAGER_RESOURCES_HOME, 'cloudify_agent')
ctx.logger.info('Installing REST Service...')
utils.set_selinux_permissive()
utils.copy_notice(SERVICE_NAME)
utils.mkdir(HOME_DIR)
utils.mkdir(LOG_DIR)
utils.chown(utils.CLOUDIFY_USER, utils.CLOUDIFY_GROUP, LOG_DIR)
utils.mkdir(utils.MANAGER_RESOURCES_HOME)
utils.mkdir(agent_dir)
runtime_props['rabbitmq_endpoint_ip'] = utils.get_rabbitmq_endpoint_ip()
runtime_props['broker_cert_path'] = utils.INTERNAL_CA_CERT_PATH
utils.yum_install(rest_service_rpm_source_url, service_name=SERVICE_NAME)
_configure_dbus(rest_venv)
install_optional(rest_venv)
utils.logrotate(SERVICE_NAME)
utils.deploy_sudo_command_script(script='/usr/bin/systemctl',
description='Run systemctl')
utils.deploy_sudo_command_script('set-manager-ssl.py',
'Script for setting manager SSL',
SERVICE_NAME)
utils.deploy_sudo_command_script(script='/usr/sbin/shutdown',
description='Perform shutdown (reboot)')
def install_amqpinflux():
amqpinflux_rpm_source_url = \
ctx_properties['amqpinflux_rpm_source_url']
# injected as an input to the script
ctx.instance.runtime_properties['influxdb_endpoint_ip'] = \
os.environ['INFLUXDB_ENDPOINT_IP']
rabbit_props = utils.ctx_factory.get('rabbitmq')
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip()
ctx.instance.runtime_properties['rabbitmq_username'] = \
rabbit_props.get('rabbitmq_username')
ctx.instance.runtime_properties['rabbitmq_password'] = \
rabbit_props.get('rabbitmq_password')
amqpinflux_venv = '{0}/env'.format(HOME_DIR)
ctx.logger.info('Installing AQMPInflux...')
utils.set_selinux_permissive()
utils.copy_notice(SERVICE_NAME)
utils.mkdir(HOME_DIR)
utils.yum_install(amqpinflux_rpm_source_url,
service_name=SERVICE_NAME)
_install_optional(amqpinflux_venv)
ctx.logger.info('Configuring AMQPInflux...')
utils.create_service_user(AMQPINFLUX_USER, AMQPINFLUX_GROUP, HOME_DIR)
ctx.instance.runtime_properties['broker_cert_path'] = \
utils.INTERNAL_CERT_PATH
utils.chown(AMQPINFLUX_USER, AMQPINFLUX_GROUP, HOME_DIR)
utils.systemd.configure(SERVICE_NAME)
def install_amqpinflux():
amqpinflux_rpm_source_url = \
ctx_properties['amqpinflux_rpm_source_url']
# injected as an input to the script
ctx.instance.runtime_properties['influxdb_endpoint_ip'] = \
os.environ['INFLUXDB_ENDPOINT_IP']
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip(
ctx_properties.get('rabbitmq_endpoint_ip'))
amqpinflux_user = '******'
amqpinflux_group = 'amqpinflux'
amqpinflux_venv = '{0}/env'.format(AMQPINFLUX_HOME)
ctx.logger.info('Installing AQMPInflux...')
utils.set_selinux_permissive()
utils.copy_notice(AMQPINFLUX_SERVICE_NAME)
utils.mkdir(AMQPINFLUX_HOME)
utils.yum_install(amqpinflux_rpm_source_url,
service_name=AMQPINFLUX_SERVICE_NAME)
_install_optional(amqpinflux_venv)
utils.create_service_user(amqpinflux_user, AMQPINFLUX_HOME)
_deploy_broker_configuration(amqpinflux_group)
ctx.logger.info('Fixing permissions...')
utils.chown(amqpinflux_user, amqpinflux_group, AMQPINFLUX_HOME)
utils.systemd.configure(AMQPINFLUX_SERVICE_NAME)
def deploy_broker_configuration():
# Set broker port for rabbit
broker_port_ssl = 5671
broker_port_no_ssl = 5672
# injected as an input to the script
ctx.instance.runtime_properties['es_endpoint_ip'] = \
os.environ['ES_ENDPOINT_IP']
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip()
rabbitmq_ssl_enabled = ctx.node.properties['rabbitmq_ssl_enabled']
rabbitmq_cert_public = ctx.node.properties['rabbitmq_cert_public']
# Add certificate and select port, as applicable
if rabbitmq_ssl_enabled:
broker_cert_path = os.path.join(REST_SERVICE_HOME, 'amqp_pub.pem')
utils.deploy_ssl_certificate('public', broker_cert_path, 'root',
rabbitmq_cert_public)
ctx.instance.runtime_properties['broker_cert_path'] = broker_cert_path
# Use SSL port
ctx.instance.runtime_properties['broker_port'] = broker_port_ssl
else:
# No SSL, don't use SSL port
ctx.instance.runtime_properties['broker_port'] = broker_port_no_ssl
if rabbitmq_cert_public is not None:
ctx.logger.warn('Broker SSL cert supplied but SSL not enabled '
'(broker_ssl_enabled is False).')
def install_amqpinflux():
amqpinflux_rpm_source_url = \
ctx.node.properties['amqpinflux_rpm_source_url']
# injected as an input to the script
ctx.instance.runtime_properties['influxdb_endpoint_ip'] = \
os.environ['INFLUXDB_ENDPOINT_IP']
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip()
amqpinflux_user = '******'
amqpinflux_group = 'amqpinflux'
amqpinflux_venv = '{0}/env'.format(AMQPINFLUX_HOME)
ctx.logger.info('Installing AQMPInflux...')
utils.set_selinux_permissive()
utils.copy_notice('amqpinflux')
utils.mkdir(AMQPINFLUX_HOME)
utils.yum_install(amqpinflux_rpm_source_url)
_install_optional(amqpinflux_venv)
utils.create_service_user(amqpinflux_user, AMQPINFLUX_HOME)
_deploy_broker_configuration(amqpinflux_group)
ctx.logger.info('Fixing permissions...')
utils.chown(amqpinflux_user, amqpinflux_group, AMQPINFLUX_HOME)
utils.systemd.configure('amqpinflux')
def install_amqpinflux():
amqpinflux_rpm_source_url = \
ctx_properties['amqpinflux_rpm_source_url']
# injected as an input to the script
ctx.instance.runtime_properties['influxdb_endpoint_ip'] = \
os.environ['INFLUXDB_ENDPOINT_IP']
rabbit_props = utils.ctx_factory.get('rabbitmq')
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip()
ctx.instance.runtime_properties['rabbitmq_username'] = \
rabbit_props.get('rabbitmq_username')
ctx.instance.runtime_properties['rabbitmq_password'] = \
rabbit_props.get('rabbitmq_password')
ctx.instance.runtime_properties['rabbitmq_ssl_enabled'] = True
amqpinflux_venv = '{0}/env'.format(HOME_DIR)
ctx.logger.info('Installing AQMPInflux...')
utils.set_selinux_permissive()
utils.copy_notice(SERVICE_NAME)
utils.mkdir(HOME_DIR)
utils.yum_install(amqpinflux_rpm_source_url,
service_name=SERVICE_NAME)
_install_optional(amqpinflux_venv)
ctx.logger.info('Configuring AMQPInflux...')
utils.create_service_user(AMQPINFLUX_USER, AMQPINFLUX_GROUP, HOME_DIR)
ctx.instance.runtime_properties['broker_cert_path'] = \
utils.INTERNAL_CERT_PATH
utils.chown(AMQPINFLUX_USER, AMQPINFLUX_GROUP, HOME_DIR)
utils.systemd.configure(SERVICE_NAME)
def install_riemann():
langohr_source_url = ctx_properties['langohr_jar_source_url']
daemonize_source_url = ctx_properties['daemonize_rpm_source_url']
riemann_source_url = ctx_properties['riemann_rpm_source_url']
# Needed for Riemann's config
cloudify_resources_url = ctx_properties['cloudify_resources_url']
rabbitmq_username = ctx_properties['rabbitmq_username']
rabbitmq_password = ctx_properties['rabbitmq_password']
riemann_config_path = '/etc/riemann'
riemann_log_path = '/var/log/cloudify/riemann'
langohr_home = '/opt/lib'
extra_classpath = '{0}/langohr.jar'.format(langohr_home)
# Confirm username and password have been supplied for broker before
# continuing.
# Components other than logstash and riemann have this handled in code.
# Note that these are not directly used in this script, but are used by the
# deployed resources, hence the check here.
if not rabbitmq_username or not rabbitmq_password:
ctx.abort_operation(
'Both rabbitmq_username and rabbitmq_password must be supplied '
'and at least 1 character long in the manager blueprint inputs.')
rabbit_props = utils.ctx_factory.get('rabbitmq')
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip(
rabbit_props.get('rabbitmq_endpoint_ip'))
ctx.instance.runtime_properties['rabbitmq_username'] = \
rabbit_props.get('rabbitmq_username')
ctx.instance.runtime_properties['rabbitmq_password'] = \
rabbit_props.get('rabbitmq_password')
ctx.logger.info('Installing Riemann...')
utils.set_selinux_permissive()
utils.copy_notice(RIEMANN_SERVICE_NAME)
utils.mkdir(riemann_log_path)
utils.mkdir(langohr_home)
utils.mkdir(riemann_config_path)
utils.mkdir('{0}/conf.d'.format(riemann_config_path))
langohr = utils.download_cloudify_resource(langohr_source_url,
RIEMANN_SERVICE_NAME)
utils.sudo(['cp', langohr, extra_classpath])
ctx.logger.info('Applying Langohr permissions...')
utils.sudo(['chmod', '644', extra_classpath])
utils.yum_install(daemonize_source_url, service_name=RIEMANN_SERVICE_NAME)
utils.yum_install(riemann_source_url, service_name=RIEMANN_SERVICE_NAME)
utils.logrotate(RIEMANN_SERVICE_NAME)
ctx.logger.info('Downloading cloudify-manager Repository...')
manager_repo = utils.download_cloudify_resource(cloudify_resources_url,
RIEMANN_SERVICE_NAME)
ctx.logger.info('Extracting Manager Repository...')
utils.untar(manager_repo, '/tmp')
def install_riemann():
langohr_source_url = ctx_properties['langohr_jar_source_url']
daemonize_source_url = ctx_properties['daemonize_rpm_source_url']
riemann_source_url = ctx_properties['riemann_rpm_source_url']
utils.create_service_user(user=RIEMANN_USER,
group=RIEMANN_GROUP,
home=utils.CLOUDIFY_HOME_DIR)
riemann_config_path = '/etc/riemann'
riemann_log_path = '/var/log/cloudify/riemann'
langohr_home = '/opt/lib'
extra_classpath = '{0}/langohr.jar'.format(langohr_home)
riemann_dir = '/opt/riemann'
# Confirm username and password have been supplied for broker before
# continuing.
# Components other than logstash and riemann have this handled in code.
# Note that these are not directly used in this script, but are used by the
# deployed resources, hence the check here.
rabbitmq_username = ctx_properties['rabbitmq_username']
rabbitmq_password = ctx_properties['rabbitmq_password']
if not rabbitmq_username or not rabbitmq_password:
ctx.abort_operation(
'Both rabbitmq_username and rabbitmq_password must be supplied '
'and at least 1 character long in the manager blueprint inputs.')
runtime_props['rabbitmq_endpoint_ip'] = utils.get_rabbitmq_endpoint_ip()
ctx.logger.info('Installing Riemann...')
utils.set_selinux_permissive()
utils.copy_notice(RIEMANN_SERVICE_NAME)
utils.mkdir(riemann_log_path)
utils.mkdir(langohr_home)
utils.mkdir(riemann_config_path)
utils.mkdir('{0}/conf.d'.format(riemann_config_path))
# utils.chown cannot be used as it will change both user and group
utils.sudo(['chown', RIEMANN_USER, riemann_dir])
langohr = utils.download_cloudify_resource(langohr_source_url,
RIEMANN_SERVICE_NAME)
utils.sudo(['cp', langohr, extra_classpath])
ctx.logger.info('Applying Langohr permissions...')
utils.sudo(['chmod', '644', extra_classpath])
utils.yum_install(daemonize_source_url, service_name=RIEMANN_SERVICE_NAME)
utils.yum_install(riemann_source_url, service_name=RIEMANN_SERVICE_NAME)
utils.chown(RIEMANN_USER, RIEMANN_GROUP, riemann_log_path)
utils.logrotate(RIEMANN_SERVICE_NAME)
files_to_remove = [
riemann_config_path, riemann_log_path, extra_classpath, riemann_dir
]
runtime_props['files_to_remove'] = files_to_remove
def install_logstash():
logstash_unit_override = '/etc/systemd/system/logstash.service.d'
logstash_source_url = ctx_properties['logstash_rpm_source_url']
rabbitmq_username = ctx_properties['rabbitmq_username']
rabbitmq_password = ctx_properties['rabbitmq_password']
logstash_log_path = '/var/log/cloudify/logstash'
logstash_conf_path = '/etc/logstash/conf.d'
# injected as an input to the script
ctx.instance.runtime_properties['es_endpoint_ip'] = \
os.environ.get('ES_ENDPOINT_IP')
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip(
ctx_properties.get('rabbitmq_endpoint_ip'))
# Confirm username and password have been supplied for broker before
# continuing.
# Components other than logstash and riemann have this handled in code.
# Note that these are not directly used in this script, but are used by the
# deployed resources, hence the check here.
if not rabbitmq_username or not rabbitmq_password:
utils.error_exit(
'Both rabbitmq_username and rabbitmq_password must be supplied '
'and at least 1 character long in the manager blueprint inputs.')
ctx.logger.info('Installing Logstash...')
utils.set_selinux_permissive()
utils.copy_notice(LOGSTASH_SERVICE_NAME)
utils.yum_install(logstash_source_url, service_name=LOGSTASH_SERVICE_NAME)
utils.mkdir(logstash_log_path)
utils.chown('logstash', 'logstash', logstash_log_path)
ctx.logger.info('Creating systemd unit override...')
utils.mkdir(logstash_unit_override)
utils.deploy_blueprint_resource(
'{0}/restart.conf'.format(CONFIG_PATH),
'{0}/restart.conf'.format(logstash_unit_override),
LOGSTASH_SERVICE_NAME)
ctx.logger.info('Deploying Logstash conf...')
utils.deploy_blueprint_resource(
'{0}/logstash.conf'.format(CONFIG_PATH),
'{0}/logstash.conf'.format(logstash_conf_path), LOGSTASH_SERVICE_NAME)
ctx.logger.info('Deploying Logstash sysconfig...')
utils.deploy_blueprint_resource('{0}/logstash'.format(CONFIG_PATH),
'/etc/sysconfig/logstash',
LOGSTASH_SERVICE_NAME)
utils.logrotate(LOGSTASH_SERVICE_NAME)
utils.sudo(['/sbin/chkconfig', 'logstash', 'on'])
utils.clean_var_log_dir(LOGSTASH_SERVICE_NAME)
def install_riemann():
langohr_source_url = ctx_properties['langohr_jar_source_url']
daemonize_source_url = ctx_properties['daemonize_rpm_source_url']
riemann_source_url = ctx_properties['riemann_rpm_source_url']
# Needed for Riemann's config
cloudify_resources_url = ctx_properties['cloudify_resources_url']
rabbitmq_username = ctx_properties['rabbitmq_username']
rabbitmq_password = ctx_properties['rabbitmq_password']
riemann_config_path = '/etc/riemann'
riemann_log_path = '/var/log/cloudify/riemann'
langohr_home = '/opt/lib'
extra_classpath = '{0}/langohr.jar'.format(langohr_home)
# Confirm username and password have been supplied for broker before
# continuing.
# Components other than logstash and riemann have this handled in code.
# Note that these are not directly used in this script, but are used by the
# deployed resources, hence the check here.
if not rabbitmq_username or not rabbitmq_password:
ctx.abort_operation(
'Both rabbitmq_username and rabbitmq_password must be supplied '
'and at least 1 character long in the manager blueprint inputs.')
rabbit_props = utils.ctx_factory.get('rabbitmq')
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip(
rabbit_props.get('rabbitmq_endpoint_ip'))
ctx.instance.runtime_properties['rabbitmq_username'] = \
rabbit_props.get('rabbitmq_username')
ctx.instance.runtime_properties['rabbitmq_password'] = \
rabbit_props.get('rabbitmq_password')
ctx.logger.info('Installing Riemann...')
utils.set_selinux_permissive()
utils.copy_notice(RIEMANN_SERVICE_NAME)
utils.mkdir(riemann_log_path)
utils.mkdir(langohr_home)
utils.mkdir(riemann_config_path)
utils.mkdir('{0}/conf.d'.format(riemann_config_path))
langohr = utils.download_cloudify_resource(langohr_source_url,
RIEMANN_SERVICE_NAME)
utils.sudo(['cp', langohr, extra_classpath])
ctx.logger.info('Applying Langohr permissions...')
utils.sudo(['chmod', '644', extra_classpath])
utils.yum_install(daemonize_source_url, service_name=RIEMANN_SERVICE_NAME)
utils.yum_install(riemann_source_url, service_name=RIEMANN_SERVICE_NAME)
utils.logrotate(RIEMANN_SERVICE_NAME)
ctx.logger.info('Downloading cloudify-manager Repository...')
manager_repo = utils.download_cloudify_resource(cloudify_resources_url,
RIEMANN_SERVICE_NAME)
ctx.logger.info('Extracting Manager Repository...')
utils.untar(manager_repo, '/tmp')
def install_mgmtworker():
riemann_dir = '/opt/riemann'
management_worker_rpm_source_url = \
ctx_properties['management_worker_rpm_source_url']
runtime_props['rabbitmq_endpoint_ip'] = utils.get_rabbitmq_endpoint_ip()
# Fix possible injections in json of rabbit credentials
# See json.org for string spec
for key in ['rabbitmq_username', 'rabbitmq_password']:
# We will not escape newlines or other control characters,
# we will accept them breaking
# things noisily, e.g. on newlines and backspaces.
# TODO: add:
# sed 's/"/\\"/' | sed 's/\\/\\\\/' | sed s-/-\\/- | sed 's/\t/\\t/'
runtime_props[key] = ctx_properties[key]
utils.set_service_as_cloudify_service(runtime_props)
ctx.logger.info('Installing Management Worker...')
utils.set_selinux_permissive()
utils.copy_notice(SERVICE_NAME)
utils.mkdir(HOME_DIR)
utils.mkdir(join(HOME_DIR, 'config'))
utils.mkdir(join(HOME_DIR, 'work'))
utils.mkdir(LOG_DIR)
utils.mkdir(riemann_dir)
mgmtworker_venv = join(HOME_DIR, 'env')
# used to run the sanity check
runtime_props['python_executable'] = join(mgmtworker_venv, 'bin', 'python')
# this create the mgmtworker_venv and installs the relevant
# modules into it.
utils.yum_install(management_worker_rpm_source_url,
service_name=SERVICE_NAME)
_install_optional(mgmtworker_venv)
# Add certificate and select port, as applicable
runtime_props['broker_cert_path'] = utils.INTERNAL_CA_CERT_PATH
# Use SSL port
runtime_props['broker_port'] = AMQP_SSL_PORT
utils.chown(CLOUDIFY_USER, CLOUDIFY_GROUP, HOME_DIR)
utils.chown(CLOUDIFY_USER, CLOUDIFY_GROUP, LOG_DIR)
# Changing perms on workdir and venv in case they are put outside homedir
utils.chown(CLOUDIFY_USER, CLOUDIFY_GROUP, mgmtworker_venv)
# Prepare riemann dir. We will change the owner to riemann later, but the
# management worker will still need access to it
utils.chown(CLOUDIFY_USER, CLOUDIFY_GROUP, riemann_dir)
utils.chmod('770', riemann_dir)
ctx.logger.info("Using broker port: {0}".format(
ctx.instance.runtime_properties['broker_port']))
def install_mgmtworker():
riemann_dir = '/opt/riemann'
management_worker_rpm_source_url = \
ctx_properties['management_worker_rpm_source_url']
runtime_props['rabbitmq_endpoint_ip'] = utils.get_rabbitmq_endpoint_ip()
# Fix possible injections in json of rabbit credentials
# See json.org for string spec
for key in ['rabbitmq_username', 'rabbitmq_password']:
# We will not escape newlines or other control characters,
# we will accept them breaking
# things noisily, e.g. on newlines and backspaces.
# TODO: add:
# sed 's/"/\\"/' | sed 's/\\/\\\\/' | sed s-/-\\/- | sed 's/\t/\\t/'
runtime_props[key] = ctx_properties[key]
runtime_props['rabbitmq_ssl_enabled'] = True
utils.set_service_as_cloudify_service(runtime_props)
ctx.logger.info('Installing Management Worker...')
utils.set_selinux_permissive()
utils.copy_notice(SERVICE_NAME)
utils.mkdir(HOME_DIR)
utils.mkdir(join(HOME_DIR, 'config'))
utils.mkdir(join(HOME_DIR, 'work'))
utils.mkdir(LOG_DIR)
utils.mkdir(riemann_dir)
mgmtworker_venv = join(HOME_DIR, 'env')
# this create the mgmtworker_venv and installs the relevant
# modules into it.
utils.yum_install(management_worker_rpm_source_url,
service_name=SERVICE_NAME)
_install_optional(mgmtworker_venv)
# Add certificate and select port, as applicable
runtime_props['broker_cert_path'] = utils.INTERNAL_CERT_PATH
# Use SSL port
runtime_props['broker_port'] = AMQP_SSL_PORT
utils.chown(CLOUDIFY_USER, CLOUDIFY_GROUP, HOME_DIR)
utils.chown(CLOUDIFY_USER, CLOUDIFY_GROUP, LOG_DIR)
# Changing perms on workdir and venv in case they are put outside homedir
utils.chown(CLOUDIFY_USER, CLOUDIFY_GROUP, mgmtworker_venv)
# Prepare riemann dir. We will change the owner to riemann later, but the
# management worker will still need access to it
utils.chown(CLOUDIFY_USER, CLOUDIFY_GROUP, riemann_dir)
utils.chmod('770', riemann_dir)
ctx.logger.info("Using broker port: {0}".format(
ctx.instance.runtime_properties['broker_port']))
def install_logstash():
logstash_unit_override = '/etc/systemd/system/logstash.service.d'
logstash_source_url = ctx.node.properties['logstash_rpm_source_url']
rabbitmq_username = ctx.node.properties['rabbitmq_username']
rabbitmq_password = ctx.node.properties['rabbitmq_password']
logstash_log_path = '/var/log/cloudify/logstash'
logstash_conf_path = '/etc/logstash/conf.d'
# injected as an input to the script
ctx.instance.runtime_properties['es_endpoint_ip'] = \
os.environ.get('ES_ENDPOINT_IP')
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip()
# Confirm username and password have been supplied for broker before
# continuing.
# Components other than logstash and riemann have this handled in code.
# Note that these are not directly used in this script, but are used by the
# deployed resources, hence the check here.
if not rabbitmq_username or not rabbitmq_password:
utils.error_exit(
'Both rabbitmq_username and rabbitmq_password must be supplied '
'and at least 1 character long in the manager blueprint inputs.')
ctx.logger.info('Installing Logstash...')
utils.set_selinux_permissive()
utils.copy_notice('logstash')
utils.yum_install(logstash_source_url)
utils.mkdir(logstash_log_path)
utils.chown('logstash', 'logstash', logstash_log_path)
ctx.logger.info('Creating systemd unit override...')
utils.mkdir(logstash_unit_override)
utils.deploy_blueprint_resource(
'{0}/restart.conf'.format(CONFIG_PATH),
'{0}/restart.conf'.format(logstash_unit_override))
ctx.logger.info('Deploying Logstash conf...')
utils.deploy_blueprint_resource(
'{0}/logstash.conf'.format(CONFIG_PATH),
'{0}/logstash.conf'.format(logstash_conf_path))
ctx.logger.info('Deploying Logstash sysconfig...')
utils.deploy_blueprint_resource(
'{0}/logstash'.format(CONFIG_PATH),
'/etc/sysconfig/logstash')
utils.logrotate('logstash')
utils.sudo(['/sbin/chkconfig', 'logstash', 'on'])
utils.clean_var_log_dir('logstash')
def deploy_broker_configuration():
# Set broker port for rabbit
broker_port_ssl = 5671
broker_port_no_ssl = 5672
# injected as an input to the script
ctx.instance.runtime_properties['es_endpoint_ip'] = \
os.environ['ES_ENDPOINT_IP']
es_props = utils.ctx_factory.get('elasticsearch')
ctx.instance.runtime_properties['es_endpoint_port'] = \
es_props['es_endpoint_port']
rabbit_props = utils.ctx_factory.get('rabbitmq')
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip(
rabbit_props.get('rabbitmq_endpoint_ip'))
rabbitmq_ssl_enabled = rabbit_props['rabbitmq_ssl_enabled']
rabbitmq_cert_public = rabbit_props['rabbitmq_cert_public']
ctx.instance.runtime_properties['rabbitmq_ssl_enabled'] = \
rabbitmq_ssl_enabled
ctx.instance.runtime_properties['rabbitmq_username'] = \
rabbit_props.get('rabbitmq_username')
ctx.instance.runtime_properties['rabbitmq_password'] = \
rabbit_props.get('rabbitmq_password')
ctx.logger.info('Retrieving postgresql input configuration')
postgresql_props = utils.ctx_factory.get('postgresql-9.5')
ctx.instance.runtime_properties['postgresql_db_name'] = \
postgresql_props.get('postgresql_db_name')
ctx.instance.runtime_properties['postgresql_host'] = \
postgresql_props.get('postgresql_host')
# Add certificate and select port, as applicable
if rabbitmq_ssl_enabled:
broker_cert_path = os.path.join(REST_SERVICE_HOME, 'amqp_pub.pem')
utils.deploy_ssl_certificate('public', broker_cert_path, 'root',
rabbitmq_cert_public)
ctx.instance.runtime_properties['broker_cert_path'] = broker_cert_path
# Use SSL port
ctx.instance.runtime_properties['broker_port'] = broker_port_ssl
else:
# No SSL, don't use SSL port
ctx.instance.runtime_properties['broker_port'] = broker_port_no_ssl
if rabbitmq_cert_public is not None:
ctx.logger.warn('Broker SSL cert supplied but SSL not enabled '
'(broker_ssl_enabled is False).')
def deploy_broker_configuration():
# injected as an input to the script
rabbit_props = utils.ctx_factory.get('rabbitmq')
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip()
ctx.instance.runtime_properties['rabbitmq_username'] = \
rabbit_props.get('rabbitmq_username')
ctx.instance.runtime_properties['rabbitmq_password'] = \
rabbit_props.get('rabbitmq_password')
ctx.logger.info('Retrieving postgresql input configuration')
postgresql_props = utils.ctx_factory.get('postgresql-9.5')
ctx.instance.runtime_properties['postgresql_db_name'] = \
postgresql_props.get('postgresql_db_name')
ctx.instance.runtime_properties['postgresql_host'] = \
postgresql_props.get('postgresql_host')
ctx.instance.runtime_properties['broker_cert_path'] = \
utils.INTERNAL_CERT_PATH
def deploy_broker_configuration():
# Set broker port for rabbit
broker_port_ssl = 5671
broker_port_no_ssl = 5672
# injected as an input to the script
rabbit_props = utils.ctx_factory.get('rabbitmq')
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip(
rabbit_props.get('rabbitmq_endpoint_ip'))
rabbitmq_ssl_enabled = rabbit_props['rabbitmq_ssl_enabled']
rabbitmq_cert_public = rabbit_props['rabbitmq_cert_public']
ctx.instance.runtime_properties['rabbitmq_ssl_enabled'] = \
rabbitmq_ssl_enabled
ctx.instance.runtime_properties['rabbitmq_username'] = \
rabbit_props.get('rabbitmq_username')
ctx.instance.runtime_properties['rabbitmq_password'] = \
rabbit_props.get('rabbitmq_password')
ctx.logger.info('Retrieving postgresql input configuration')
postgresql_props = utils.ctx_factory.get('postgresql-9.5')
ctx.instance.runtime_properties['postgresql_db_name'] = \
postgresql_props.get('postgresql_db_name')
ctx.instance.runtime_properties['postgresql_host'] = \
postgresql_props.get('postgresql_host')
# Add certificate and select port, as applicable
if rabbitmq_ssl_enabled:
broker_cert_path = os.path.join(REST_SERVICE_HOME, 'amqp_pub.pem')
utils.deploy_ssl_certificate(
'public', broker_cert_path, 'root', rabbitmq_cert_public)
ctx.instance.runtime_properties['broker_cert_path'] = broker_cert_path
# Use SSL port
ctx.instance.runtime_properties['broker_port'] = broker_port_ssl
else:
# No SSL, don't use SSL port
ctx.instance.runtime_properties['broker_port'] = broker_port_no_ssl
if rabbitmq_cert_public is not None:
ctx.logger.warn('Broker SSL cert supplied but SSL not enabled '
'(broker_ssl_enabled is False).')
def install_amqpinflux():
amqpinflux_rpm_source_url = \
ctx_properties['amqpinflux_rpm_source_url']
# injected as an input to the script
ctx.instance.runtime_properties['influxdb_endpoint_ip'] = \
os.environ['INFLUXDB_ENDPOINT_IP']
rabbit_props = utils.ctx_factory.get('rabbitmq')
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip(
rabbit_props.get('rabbitmq_endpoint_ip'))
ctx.instance.runtime_properties['rabbitmq_username'] = \
rabbit_props.get('rabbitmq_username')
ctx.instance.runtime_properties['rabbitmq_password'] = \
rabbit_props.get('rabbitmq_password')
ctx.instance.runtime_properties['rabbitmq_ssl_enabled'] = \
rabbit_props.get('rabbitmq_ssl_enabled')
amqpinflux_user = '******'
amqpinflux_group = 'amqpinflux'
amqpinflux_venv = '{0}/env'.format(AMQPINFLUX_HOME)
ctx.logger.info('Installing AQMPInflux...')
utils.set_selinux_permissive()
utils.copy_notice(AMQPINFLUX_SERVICE_NAME)
utils.mkdir(AMQPINFLUX_HOME)
utils.yum_install(amqpinflux_rpm_source_url,
service_name=AMQPINFLUX_SERVICE_NAME)
_install_optional(amqpinflux_venv)
utils.create_service_user(amqpinflux_user, AMQPINFLUX_HOME)
_deploy_broker_configuration(amqpinflux_group)
ctx.logger.info('Fixing permissions...')
utils.chown(amqpinflux_user, amqpinflux_group, AMQPINFLUX_HOME)
utils.systemd.configure(AMQPINFLUX_SERVICE_NAME)
def deploy_broker_configuration():
# injected as an input to the script
rabbit_props = utils.ctx_factory.get('rabbitmq')
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip()
ctx.instance.runtime_properties['rabbitmq_ssl_enabled'] = True
ctx.instance.runtime_properties['rabbitmq_username'] = \
rabbit_props.get('rabbitmq_username')
ctx.instance.runtime_properties['rabbitmq_password'] = \
rabbit_props.get('rabbitmq_password')
ctx.logger.info('Retrieving postgresql input configuration')
postgresql_props = utils.ctx_factory.get('postgresql-9.5')
ctx.instance.runtime_properties['postgresql_db_name'] = \
postgresql_props.get('postgresql_db_name')
ctx.instance.runtime_properties['postgresql_host'] = \
postgresql_props.get('postgresql_host')
# Add certificate and select port, as applicable
ctx.instance.runtime_properties['broker_cert_path'] = \
utils.INTERNAL_CERT_PATH
# Use SSL port
ctx.instance.runtime_properties['broker_port'] = 5671
def install_riemann():
langohr_source_url = ctx_properties['langohr_jar_source_url']
daemonize_source_url = ctx_properties['daemonize_rpm_source_url']
riemann_source_url = ctx_properties['riemann_rpm_source_url']
# Needed for Riemann's config
cloudify_resources_url = ctx_properties['cloudify_resources_url']
rabbitmq_username = ctx_properties['rabbitmq_username']
rabbitmq_password = ctx_properties['rabbitmq_password']
riemann_config_path = '/etc/riemann'
riemann_log_path = '/var/log/cloudify/riemann'
langohr_home = '/opt/lib'
extra_classpath = '{0}/langohr.jar'.format(langohr_home)
# Confirm username and password have been supplied for broker before
# continuing.
# Components other than logstash and riemann have this handled in code.
# Note that these are not directly used in this script, but are used by the
# deployed resources, hence the check here.
if not rabbitmq_username or not rabbitmq_password:
ctx.abort_operation(
'Both rabbitmq_username and rabbitmq_password must be supplied '
'and at least 1 character long in the manager blueprint inputs.')
rabbit_props = utils.ctx_factory.get('rabbitmq')
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip(
rabbit_props.get('rabbitmq_endpoint_ip'))
ctx.instance.runtime_properties['rabbitmq_username'] = \
rabbit_props.get('rabbitmq_username')
ctx.instance.runtime_properties['rabbitmq_password'] = \
rabbit_props.get('rabbitmq_password')
ctx.logger.info('Installing Riemann...')
utils.set_selinux_permissive()
utils.copy_notice(RIEMANN_SERVICE_NAME)
utils.mkdir(riemann_log_path)
utils.mkdir(langohr_home)
utils.mkdir(riemann_config_path)
utils.mkdir('{0}/conf.d'.format(riemann_config_path))
langohr = utils.download_cloudify_resource(langohr_source_url,
RIEMANN_SERVICE_NAME)
utils.sudo(['cp', langohr, extra_classpath])
ctx.logger.info('Applying Langohr permissions...')
utils.sudo(['chmod', '644', extra_classpath])
utils.yum_install(daemonize_source_url, service_name=RIEMANN_SERVICE_NAME)
utils.yum_install(riemann_source_url, service_name=RIEMANN_SERVICE_NAME)
utils.logrotate(RIEMANN_SERVICE_NAME)
ctx.logger.info('Downloading cloudify-manager Repository...')
manager_repo = utils.download_cloudify_resource(cloudify_resources_url,
RIEMANN_SERVICE_NAME)
ctx.logger.info('Extracting Manager Repository...')
utils.untar(manager_repo, '/tmp')
ctx.logger.info('Deploying Riemann manager.config...')
utils.move(
'/tmp/plugins/riemann-controller/riemann_controller/resources/manager.config', # NOQA
'{0}/conf.d/manager.config'.format(riemann_config_path))
ctx.logger.info('Deploying Riemann conf...')
utils.deploy_blueprint_resource(
'{0}/main.clj'.format(CONFIG_PATH),
'{0}/main.clj'.format(riemann_config_path),
RIEMANN_SERVICE_NAME)
# our riemann configuration will (by default) try to read these environment
# variables. If they don't exist, it will assume
# that they're found at "localhost"
# export MANAGEMENT_IP=""
# export RABBITMQ_HOST=""
# we inject the management_ip for both of these to Riemann's systemd
# config.
# These should be potentially different
# if the manager and rabbitmq are running on different hosts.
utils.systemd.configure(RIEMANN_SERVICE_NAME)
utils.clean_var_log_dir(RIEMANN_SERVICE_NAME)
def install_riemann():
langohr_source_url = ctx_properties['langohr_jar_source_url']
daemonize_source_url = ctx_properties['daemonize_rpm_source_url']
riemann_source_url = ctx_properties['riemann_rpm_source_url']
# Needed for Riemann's config
cloudify_resources_url = ctx_properties['cloudify_resources_url']
rabbitmq_username = ctx_properties['rabbitmq_username']
rabbitmq_password = ctx_properties['rabbitmq_password']
riemann_config_path = '/etc/riemann'
riemann_log_path = '/var/log/cloudify/riemann'
langohr_home = '/opt/lib'
extra_classpath = '{0}/langohr.jar'.format(langohr_home)
# Confirm username and password have been supplied for broker before
# continuing.
# Components other than logstash and riemann have this handled in code.
# Note that these are not directly used in this script, but are used by the
# deployed resources, hence the check here.
if not rabbitmq_username or not rabbitmq_password:
ctx.abort_operation(
'Both rabbitmq_username and rabbitmq_password must be supplied '
'and at least 1 character long in the manager blueprint inputs.')
rabbit_props = utils.ctx_factory.get('rabbitmq')
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip(
rabbit_props.get('rabbitmq_endpoint_ip'))
ctx.instance.runtime_properties['rabbitmq_username'] = \
rabbit_props.get('rabbitmq_username')
ctx.instance.runtime_properties['rabbitmq_password'] = \
rabbit_props.get('rabbitmq_password')
ctx.logger.info('Installing Riemann...')
utils.set_selinux_permissive()
utils.copy_notice(RIEMANN_SERVICE_NAME)
utils.mkdir(riemann_log_path)
utils.mkdir(langohr_home)
utils.mkdir(riemann_config_path)
utils.mkdir('{0}/conf.d'.format(riemann_config_path))
langohr = utils.download_cloudify_resource(langohr_source_url,
RIEMANN_SERVICE_NAME)
utils.sudo(['cp', langohr, extra_classpath])
ctx.logger.info('Applying Langohr permissions...')
utils.sudo(['chmod', '644', extra_classpath])
utils.yum_install(daemonize_source_url, service_name=RIEMANN_SERVICE_NAME)
utils.yum_install(riemann_source_url, service_name=RIEMANN_SERVICE_NAME)
utils.logrotate(RIEMANN_SERVICE_NAME)
ctx.logger.info('Downloading cloudify-manager Repository...')
manager_repo = utils.download_cloudify_resource(cloudify_resources_url,
RIEMANN_SERVICE_NAME)
ctx.logger.info('Extracting Manager Repository...')
utils.untar(manager_repo, '/tmp')
ctx.logger.info('Deploying Riemann manager.config...')
utils.move(
'/tmp/plugins/riemann-controller/riemann_controller/resources/manager.config', # NOQA
'{0}/conf.d/manager.config'.format(riemann_config_path))
ctx.logger.info('Deploying Riemann conf...')
utils.deploy_blueprint_resource('{0}/main.clj'.format(CONFIG_PATH),
'{0}/main.clj'.format(riemann_config_path),
RIEMANN_SERVICE_NAME)
# our riemann configuration will (by default) try to read these environment
# variables. If they don't exist, it will assume
# that they're found at "localhost"
# export MANAGEMENT_IP=""
# export RABBITMQ_HOST=""
# we inject the management_ip for both of these to Riemann's systemd
# config.
# These should be potentially different
# if the manager and rabbitmq are running on different hosts.
utils.systemd.configure(RIEMANN_SERVICE_NAME)
utils.clean_var_log_dir(RIEMANN_SERVICE_NAME)
def install_logstash():
logstash_unit_override = '/etc/systemd/system/logstash.service.d'
logstash_source_url = ctx_properties['logstash_rpm_source_url']
rabbitmq_username = ctx_properties['rabbitmq_username']
rabbitmq_password = ctx_properties['rabbitmq_password']
logstash_log_path = '/var/log/cloudify/logstash'
logstash_conf_path = '/etc/logstash/conf.d'
# injected as an input to the script
ctx.instance.runtime_properties['es_endpoint_ip'] = \
os.environ['ES_ENDPOINT_IP']
elasticsearch_props = utils.ctx_factory.get('elasticsearch')
ctx.instance.runtime_properties['es_endpoint_port'] = \
elasticsearch_props['es_endpoint_port']
rabbit_props = utils.ctx_factory.get('rabbitmq')
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip(
rabbit_props.get('rabbitmq_endpoint_ip'))
ctx.instance.runtime_properties['rabbitmq_username'] = \
rabbit_props['rabbitmq_username']
ctx.instance.runtime_properties['rabbitmq_password'] = \
rabbit_props['rabbitmq_password']
# Confirm username and password have been supplied for broker before
# continuing.
# Components other than logstash and riemann have this handled in code.
# Note that these are not directly used in this script, but are used by the
# deployed resources, hence the check here.
if not rabbitmq_username or not rabbitmq_password:
ctx.abort_operation(
'Both rabbitmq_username and rabbitmq_password must be supplied '
'and at least 1 character long in the manager blueprint inputs.')
ctx.logger.info('Installing Logstash...')
utils.set_selinux_permissive()
utils.copy_notice(LOGSTASH_SERVICE_NAME)
utils.yum_install(logstash_source_url, service_name=LOGSTASH_SERVICE_NAME)
utils.mkdir(logstash_log_path)
utils.chown('logstash', 'logstash', logstash_log_path)
ctx.logger.debug('Creating systemd unit override...')
utils.mkdir(logstash_unit_override)
utils.deploy_blueprint_resource(
'{0}/restart.conf'.format(CONFIG_PATH),
'{0}/restart.conf'.format(logstash_unit_override),
LOGSTASH_SERVICE_NAME)
ctx.logger.info('Deploying Logstash configuration...')
utils.deploy_blueprint_resource(
'{0}/logstash.conf'.format(CONFIG_PATH),
'{0}/logstash.conf'.format(logstash_conf_path), LOGSTASH_SERVICE_NAME)
# Due to a bug in the handling of configuration files,
# configuration files with the same name cannot be deployed.
# Since the logrotate config file is called `logstash`,
# we change the name of the logstash env vars config file
# from logstash to cloudify-logstash to be consistent with
# other service env var files.
init_file = '/etc/init.d/logstash'
utils.replace_in_file('sysconfig/\$name', 'sysconfig/cloudify-$name',
init_file)
utils.chmod('755', init_file)
utils.chown('root', 'root', init_file)
ctx.logger.debug('Deploying Logstash sysconfig...')
utils.deploy_blueprint_resource(
'{0}/cloudify-logstash'.format(CONFIG_PATH),
'/etc/sysconfig/cloudify-logstash', LOGSTASH_SERVICE_NAME)
utils.logrotate(LOGSTASH_SERVICE_NAME)
utils.sudo(['/sbin/chkconfig', 'logstash', 'on'])
utils.clean_var_log_dir(LOGSTASH_SERVICE_NAME)
def install_mgmtworker():
management_worker_rpm_source_url = \
ctx_properties['management_worker_rpm_source_url']
# these must all be exported as part of the start operation.
# they will not persist, so we should use the new agent
# don't forget to change all localhosts to the relevant ips
mgmtworker_home = '/opt/mgmtworker'
mgmtworker_venv = '{0}/env'.format(mgmtworker_home)
celery_work_dir = '{0}/work'.format(mgmtworker_home)
celery_log_dir = "/var/log/cloudify/mgmtworker"
broker_port_ssl = '5671'
broker_port_no_ssl = '5672'
rabbitmq_ssl_enabled = ctx_properties['rabbitmq_ssl_enabled']
ctx.logger.info("rabbitmq_ssl_enabled: {0}".format(rabbitmq_ssl_enabled))
rabbitmq_cert_public = ctx_properties['rabbitmq_cert_public']
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip(
ctx_properties.get('rabbitmq_endpoint_ip'))
# Fix possible injections in json of rabbit credentials
# See json.org for string spec
for key in ['rabbitmq_username', 'rabbitmq_password']:
# We will not escape newlines or other control characters,
# we will accept them breaking
# things noisily, e.g. on newlines and backspaces.
# TODO: add:
# sed 's/"/\\"/' | sed 's/\\/\\\\/' | sed s-/-\\/- | sed 's/\t/\\t/'
ctx.instance.runtime_properties[key] = ctx_properties[key]
# Make the ssl enabled flag work with json (boolean in lower case)
# TODO: check if still needed:
# broker_ssl_enabled = "$(echo ${rabbitmq_ssl_enabled} | tr '[:upper:]' '[:lower:]')" # NOQA
ctx.instance.runtime_properties['rabbitmq_ssl_enabled'] = \
rabbitmq_ssl_enabled
ctx.logger.info('Installing Management Worker...')
utils.set_selinux_permissive()
utils.copy_notice(MGMT_WORKER_SERVICE_NAME)
utils.mkdir(mgmtworker_home)
utils.mkdir('{0}/config'.format(mgmtworker_home))
utils.mkdir(celery_log_dir)
utils.mkdir(celery_work_dir)
# this create the mgmtworker_venv and installs the relevant
# modules into it.
utils.yum_install(management_worker_rpm_source_url,
service_name=MGMT_WORKER_SERVICE_NAME)
_install_optional(mgmtworker_venv)
# Add certificate and select port, as applicable
if rabbitmq_ssl_enabled:
broker_cert_path = '{0}/amqp_pub.pem'.format(mgmtworker_home)
utils.deploy_ssl_certificate('public', broker_cert_path, 'root',
rabbitmq_cert_public)
ctx.instance.runtime_properties['broker_cert_path'] = broker_cert_path
# Use SSL port
ctx.instance.runtime_properties['broker_port'] = broker_port_ssl
else:
# No SSL, don't use SSL port
ctx.instance.runtime_properties['broker_port'] = broker_port_no_ssl
if rabbitmq_cert_public is not None:
ctx.logger.warn('Broker SSL cert supplied but SSL not enabled '
'(broker_ssl_enabled is False).')
ctx.logger.info("broker_port: {0}".format(
ctx.instance.runtime_properties['broker_port']))
ctx.logger.info('Configuring Management worker...')
# Deploy the broker configuration
# TODO: This will break interestingly if mgmtworker_venv is empty.
# Some sort of check for that would be sensible.
# To sandy: I don't quite understand this check...
# there is no else here..
# for python_path in ${mgmtworker_venv}/lib/python*; do
if os.path.isfile(os.path.join(mgmtworker_venv, 'bin/python')):
broker_conf_path = os.path.join(celery_work_dir, 'broker_config.json')
utils.deploy_blueprint_resource(
'{0}/broker_config.json'.format(CONFIG_PATH), broker_conf_path,
MGMT_WORKER_SERVICE_NAME)
# The config contains credentials, do not let the world read it
utils.sudo(['chmod', '440', broker_conf_path])
utils.systemd.configure(MGMT_WORKER_SERVICE_NAME)
utils.logrotate(MGMT_WORKER_SERVICE_NAME)
def install_logstash():
logstash_unit_override = '/etc/systemd/system/logstash.service.d'
logstash_source_url = ctx_properties['logstash_rpm_source_url']
rabbitmq_username = ctx_properties['rabbitmq_username']
rabbitmq_password = ctx_properties['rabbitmq_password']
logstash_log_path = '/var/log/cloudify/logstash'
logstash_conf_path = '/etc/logstash/conf.d'
# injected as an input to the script
ctx.instance.runtime_properties['es_endpoint_ip'] = \
os.environ['ES_ENDPOINT_IP']
elasticsearch_props = utils.ctx_factory.get('elasticsearch')
ctx.instance.runtime_properties['es_endpoint_port'] = \
elasticsearch_props['es_endpoint_port']
rabbit_props = utils.ctx_factory.get('rabbitmq')
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip(
rabbit_props.get('rabbitmq_endpoint_ip'))
ctx.instance.runtime_properties['rabbitmq_username'] = \
rabbit_props['rabbitmq_username']
ctx.instance.runtime_properties['rabbitmq_password'] = \
rabbit_props['rabbitmq_password']
# Confirm username and password have been supplied for broker before
# continuing.
# Components other than logstash and riemann have this handled in code.
# Note that these are not directly used in this script, but are used by the
# deployed resources, hence the check here.
if not rabbitmq_username or not rabbitmq_password:
ctx.abort_operation(
'Both rabbitmq_username and rabbitmq_password must be supplied '
'and at least 1 character long in the manager blueprint inputs.')
ctx.logger.info('Installing Logstash...')
utils.set_selinux_permissive()
utils.copy_notice(LOGSTASH_SERVICE_NAME)
utils.yum_install(logstash_source_url, service_name=LOGSTASH_SERVICE_NAME)
utils.mkdir(logstash_log_path)
utils.chown('logstash', 'logstash', logstash_log_path)
ctx.logger.info('Creating systemd unit override...')
utils.mkdir(logstash_unit_override)
utils.deploy_blueprint_resource(
'{0}/restart.conf'.format(CONFIG_PATH),
'{0}/restart.conf'.format(logstash_unit_override),
LOGSTASH_SERVICE_NAME)
ctx.logger.info('Deploying Logstash conf...')
utils.deploy_blueprint_resource(
'{0}/logstash.conf'.format(CONFIG_PATH),
'{0}/logstash.conf'.format(logstash_conf_path),
LOGSTASH_SERVICE_NAME)
# Due to a bug in the handling of configuration files,
# configuration files with the same name cannot be deployed.
# Since the logrotate config file is called `logstash`,
# we change the name of the logstash env vars config file
# from logstash to cloudify-logstash to be consistent with
# other service env var files.
init_file = '/etc/init.d/logstash'
utils.replace_in_file(
'sysconfig/\$name',
'sysconfig/cloudify-$name',
init_file)
utils.chmod('755', init_file)
utils.chown('root', 'root', init_file)
ctx.logger.info('Deploying Logstash sysconfig...')
utils.deploy_blueprint_resource(
'{0}/cloudify-logstash'.format(CONFIG_PATH),
'/etc/sysconfig/cloudify-logstash',
LOGSTASH_SERVICE_NAME)
utils.logrotate(LOGSTASH_SERVICE_NAME)
utils.sudo(['/sbin/chkconfig', 'logstash', 'on'])
utils.clean_var_log_dir(LOGSTASH_SERVICE_NAME)
def install_riemann():
langohr_source_url = ctx_properties['langohr_jar_source_url']
daemonize_source_url = ctx_properties['daemonize_rpm_source_url']
riemann_source_url = ctx_properties['riemann_rpm_source_url']
rabbitmq_username = ctx_properties['rabbitmq_username']
rabbitmq_password = ctx_properties['rabbitmq_password']
utils.create_service_user(
user=RIEMANN_USER,
group=RIEMANN_GROUP,
home=utils.CLOUDIFY_HOME_DIR
)
riemann_config_path = '/etc/riemann'
riemann_log_path = '/var/log/cloudify/riemann'
langohr_home = '/opt/lib'
extra_classpath = '{0}/langohr.jar'.format(langohr_home)
riemann_dir = '/opt/riemann'
# Confirm username and password have been supplied for broker before
# continuing.
# Components other than logstash and riemann have this handled in code.
# Note that these are not directly used in this script, but are used by the
# deployed resources, hence the check here.
if not rabbitmq_username or not rabbitmq_password:
ctx.abort_operation(
'Both rabbitmq_username and rabbitmq_password must be supplied '
'and at least 1 character long in the manager blueprint inputs.')
rabbit_props = utils.ctx_factory.get('rabbitmq')
runtime_props['rabbitmq_endpoint_ip'] = utils.get_rabbitmq_endpoint_ip()
runtime_props['rabbitmq_username'] = rabbit_props.get('rabbitmq_username')
runtime_props['rabbitmq_password'] = rabbit_props.get('rabbitmq_password')
ctx.logger.info('Installing Riemann...')
utils.set_selinux_permissive()
utils.copy_notice(RIEMANN_SERVICE_NAME)
utils.mkdir(riemann_log_path)
utils.mkdir(langohr_home)
utils.mkdir(riemann_config_path)
utils.mkdir('{0}/conf.d'.format(riemann_config_path))
# utils.chown cannot be used as it will change both user and group
utils.sudo(['chown', RIEMANN_USER, riemann_dir])
langohr = utils.download_cloudify_resource(langohr_source_url,
RIEMANN_SERVICE_NAME)
utils.sudo(['cp', langohr, extra_classpath])
ctx.logger.info('Applying Langohr permissions...')
utils.sudo(['chmod', '644', extra_classpath])
utils.yum_install(daemonize_source_url, service_name=RIEMANN_SERVICE_NAME)
utils.yum_install(riemann_source_url, service_name=RIEMANN_SERVICE_NAME)
utils.chown(RIEMANN_USER, RIEMANN_GROUP, riemann_log_path)
utils.logrotate(RIEMANN_SERVICE_NAME)
files_to_remove = [riemann_config_path,
riemann_log_path,
extra_classpath,
riemann_dir]
runtime_props['files_to_remove'] = files_to_remove
def install_mgmtworker():
management_worker_rpm_source_url = \
ctx_properties['management_worker_rpm_source_url']
# these must all be exported as part of the start operation.
# they will not persist, so we should use the new agent
# don't forget to change all localhosts to the relevant ips
mgmtworker_home = '/opt/mgmtworker'
mgmtworker_venv = '{0}/env'.format(mgmtworker_home)
celery_work_dir = '{0}/work'.format(mgmtworker_home)
celery_log_dir = "/var/log/cloudify/mgmtworker"
broker_port_ssl = '5671'
broker_port_no_ssl = '5672'
rabbit_props = utils.ctx_factory.get('rabbitmq')
rabbitmq_ssl_enabled = rabbit_props['rabbitmq_ssl_enabled']
ctx.logger.info("rabbitmq_ssl_enabled: {0}".format(rabbitmq_ssl_enabled))
rabbitmq_cert_public = rabbit_props['rabbitmq_cert_public']
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip(
rabbit_props.get('rabbitmq_endpoint_ip'))
# Fix possible injections in json of rabbit credentials
# See json.org for string spec
for key in ['rabbitmq_username', 'rabbitmq_password']:
# We will not escape newlines or other control characters,
# we will accept them breaking
# things noisily, e.g. on newlines and backspaces.
# TODO: add:
# sed 's/"/\\"/' | sed 's/\\/\\\\/' | sed s-/-\\/- | sed 's/\t/\\t/'
ctx.instance.runtime_properties[key] = ctx_properties[key]
# Make the ssl enabled flag work with json (boolean in lower case)
# TODO: check if still needed:
# broker_ssl_enabled = "$(echo ${rabbitmq_ssl_enabled} | tr '[:upper:]' '[:lower:]')" # NOQA
ctx.instance.runtime_properties['rabbitmq_ssl_enabled'] = \
rabbitmq_ssl_enabled
ctx.logger.info('Installing Management Worker...')
utils.set_selinux_permissive()
utils.copy_notice(MGMT_WORKER_SERVICE_NAME)
utils.mkdir(mgmtworker_home)
utils.mkdir('{0}/config'.format(mgmtworker_home))
utils.mkdir(celery_log_dir)
utils.mkdir(celery_work_dir)
# this create the mgmtworker_venv and installs the relevant
# modules into it.
utils.yum_install(management_worker_rpm_source_url,
service_name=MGMT_WORKER_SERVICE_NAME)
_install_optional(mgmtworker_venv)
# Add certificate and select port, as applicable
if rabbitmq_ssl_enabled:
broker_cert_path = '{0}/amqp_pub.pem'.format(mgmtworker_home)
utils.deploy_ssl_certificate(
'public', broker_cert_path, 'root', rabbitmq_cert_public)
ctx.instance.runtime_properties['broker_cert_path'] = broker_cert_path
# Use SSL port
ctx.instance.runtime_properties['broker_port'] = broker_port_ssl
else:
# No SSL, don't use SSL port
ctx.instance.runtime_properties['broker_port'] = broker_port_no_ssl
if rabbitmq_cert_public is not None:
ctx.logger.warn('Broker SSL cert supplied but SSL not enabled '
'(broker_ssl_enabled is False).')
ctx.logger.info("broker_port: {0}".format(
ctx.instance.runtime_properties['broker_port']))
ctx.logger.info('Configuring Management worker...')
# Deploy the broker configuration
# TODO: This will break interestingly if mgmtworker_venv is empty.
# Some sort of check for that would be sensible.
# To sandy: I don't quite understand this check...
# there is no else here..
# for python_path in ${mgmtworker_venv}/lib/python*; do
if os.path.isfile(os.path.join(mgmtworker_venv, 'bin/python')):
broker_conf_path = os.path.join(celery_work_dir, 'broker_config.json')
utils.deploy_blueprint_resource(
'{0}/broker_config.json'.format(CONFIG_PATH), broker_conf_path,
MGMT_WORKER_SERVICE_NAME)
# The config contains credentials, do not let the world read it
utils.sudo(['chmod', '440', broker_conf_path])
utils.systemd.configure(MGMT_WORKER_SERVICE_NAME)
utils.logrotate(MGMT_WORKER_SERVICE_NAME)
def install_mgmtworker():
management_worker_rpm_source_url = \
ctx_properties['management_worker_rpm_source_url']
# these must all be exported as part of the start operation.
# they will not persist, so we should use the new agent
# don't forget to change all localhosts to the relevant ips
mgmtworker_home = '/opt/mgmtworker'
mgmtworker_venv = '{0}/env'.format(mgmtworker_home)
celery_work_dir = '{0}/work'.format(mgmtworker_home)
celery_log_dir = "/var/log/cloudify/mgmtworker"
broker_port_ssl = '5671'
broker_port_no_ssl = '5672'
rabbit_props = utils.ctx_factory.get('rabbitmq')
rabbitmq_ssl_enabled = rabbit_props['rabbitmq_ssl_enabled']
ctx.logger.info("rabbitmq_ssl_enabled: {0}".format(rabbitmq_ssl_enabled))
rabbitmq_cert_public = rabbit_props['rabbitmq_cert_public']
ctx.instance.runtime_properties['rabbitmq_endpoint_ip'] = \
utils.get_rabbitmq_endpoint_ip(
rabbit_props.get('rabbitmq_endpoint_ip'))
# Fix possible injections in json of rabbit credentials
# See json.org for string spec
for key in ['rabbitmq_username', 'rabbitmq_password']:
# We will not escape newlines or other control characters,
# we will accept them breaking
# things noisily, e.g. on newlines and backspaces.
# TODO: add:
# sed 's/"/\\"/' | sed 's/\\/\\\\/' | sed s-/-\\/- | sed 's/\t/\\t/'
ctx.instance.runtime_properties[key] = ctx_properties[key]
# Make the ssl enabled flag work with json (boolean in lower case)
# TODO: check if still needed:
# broker_ssl_enabled = "$(echo ${rabbitmq_ssl_enabled} | tr '[:upper:]' '[:lower:]')" # NOQA
ctx.instance.runtime_properties['rabbitmq_ssl_enabled'] = \
rabbitmq_ssl_enabled
ctx.logger.info('Installing Management Worker...')
utils.set_selinux_permissive()
utils.copy_notice(MGMT_WORKER_SERVICE_NAME)
utils.mkdir(mgmtworker_home)
utils.mkdir('{0}/config'.format(mgmtworker_home))
utils.mkdir(celery_log_dir)
utils.mkdir(celery_work_dir)
# this create the mgmtworker_venv and installs the relevant
# modules into it.
utils.yum_install(management_worker_rpm_source_url,
service_name=MGMT_WORKER_SERVICE_NAME)
_install_optional(mgmtworker_venv)
# Add certificate and select port, as applicable
if rabbitmq_ssl_enabled:
broker_cert_path = '{0}/amqp_pub.pem'.format(mgmtworker_home)
utils.deploy_ssl_certificate('public', broker_cert_path, 'root',
rabbitmq_cert_public)
ctx.instance.runtime_properties['broker_cert_path'] = broker_cert_path
# Use SSL port
ctx.instance.runtime_properties['broker_port'] = broker_port_ssl
else:
# No SSL, don't use SSL port
ctx.instance.runtime_properties['broker_port'] = broker_port_no_ssl
if rabbitmq_cert_public is not None:
ctx.logger.warn('Broker SSL cert supplied but SSL not enabled '
'(broker_ssl_enabled is False).')
ctx.logger.info("broker_port: {0}".format(
ctx.instance.runtime_properties['broker_port']))
