Exemplo n.º 1
0
def setup(linux_dir="../linux", makeopts=""):
    # TODO generate config from oldconfig
    # install kernel
    with lcd(linux_dir):
        kvern = local("make kernelversion", capture=True)
        kver = "{}-test".format(kvern)
        local("make {}".format(makeopts))
        with cd("/boot"):
            put("arch/x86/boot/bzImage",
                "vmlinuz-{}".format(kver),
                use_sudo=True)
            put("System.map", "System.map-{}".format(kver), use_sudo=True)
            put(".config", "config-{}".format(kver), use_sudo=True)

    # install modules
    with lcd(linux_dir):
        local("make {} modules_install INSTALL_MOD_PATH=temp/ KDIR={}".format(
            makeopts, linux_dir))
        dest_base = "/lib/modules"
        dest = os.path.join(dest_base, kver)
        src_dir = os.path.join("temp/lib/modules/", kvern)
        sudo("rm -rf {}".format(dest), warn_only=True)
        sudo("mkdir -p {}".format(dest_base))
        put(src_dir, dest_base, use_sudo=True)
        sudo("mv {}/{} {}".format(dest_base, kvern, dest))

    sudo("update-initramfs -c -k {}".format(kver))
    sudo("update-grub2")
    reboot()
Exemplo n.º 2
0
def reboot_machine():
    """
    FABRIC task to reboot machine remotely.
    :return:
    """
    with settings(warn_only=True):
        reboot()
Exemplo n.º 3
0
 def reboot(self, wait=300):
     """Reboot this server
     :param wait: wait for the server to come up
     """
     from fabric.api import reboot, settings
     with settings(**self.construct_settings(warn_only=True)):
         reboot(wait=wait)
Exemplo n.º 4
0
def ssserver(port, password, method):
    try:
        sudo('hash yum')
        sudo('hash python')
        sudo('yum -y update  1>/dev/null')
        sudo('yum -y install python-setuptools 1>/dev/null')
        sudo('yum -y install m2crypto 1>/dev/null')
        sudo('easy_install pip 1>/dev/null')
        sudo('pip install shadowsocks 1>/dev/null')
        sudo('hash ssserver')
        sudo("sed -i '/ssserver/d' /etc/rc.d/rc.local")
        cmd = '/usr/bin/python /usr/bin/ssserver -p %s -k %s -m %s --user nobody -d start' % \
              (port, password, method)
        sudo("sed -i '$a %s' /etc/rc.d/rc.local" % cmd)
        sudo('chmod +x /etc/rc.d/rc.local')
        sudo('firewall-cmd --zone=public --add-port=%s/tcp --permanent' % port)

        with settings(warn_only=True):
            reboot()
        sudo('ps -ef | grep ssserver')
        return True

    except BaseException as e:
        logging.error(e)
        return False
Exemplo n.º 5
0
def install_docker():
    check_valid_os()
    print(":: Installing Docker on {}".format(env.host_string))
    ver = run("cat /etc/lsb-release  | grep DISTRIB_RELEASE | cut -d '=' -f2")
    reboot_needed = False
    sudo("apt-get update")
    sudo('sh -c "echo deb http://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list"')
    sudo('sudo sh -c "wget -qO- https://get.docker.io/gpg | apt-key add -"')
    # extras
    if ver == "12.04":
        sudo("apt-get install -y linux-image-generic-lts-raring linux-headers-generic-lts-raring")
        print("* You will need to reboot in order to use the new kernel and aufs module")
        reboot_needed = True
    else:
        sudo("apt-get install -y linux-image-extra-`uname -r`")
    sudo("apt-get update")
    # docker
    sudo("apt-get install -y lxc-docker git-core")
    sudo('echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf ; sysctl -p /etc/sysctl.conf')
    # check ufw
    sudo("sed -i 's/^DEFAULT_FORWARD_POLICY.*/DEFAULT_FORWARD_POLICY=\"ACCEPT\"/g' /etc/default/ufw")
    sudo("service ufw restart")
    # set to listen on local addr
    local_ip = get_local_ip()
    with open(".tmpcfg", "w") as f:
        f.write('DOCKER_OPTS="-H unix:///var/run/docker.sock -H tcp://127.0.0.1:4243"')
    put(".tmpcfg", "/etc/default/docker", use_sudo=True)
    os.remove(".tmpcfg")
    sudo("service docker restart")
    if reboot_needed:
        print("Setup complete.  Rebooting...")
        reboot(wait=60)
Exemplo n.º 6
0
def restart_workers():

    with settings(warn_only=True):

        # reboot(use_sudo=False)

        reboot(use_sudo=True)
Exemplo n.º 7
0
def reboot_if_required():
    """Reboots the machine only if the system indicates a restart is required for updates.
    """
    out = runner.silent('[ -f /var/run/reboot-required ]')
    if not out.return_code:
        runner.state("System requires reboot => Rebooting NOW")
        reboot()
Exemplo n.º 8
0
def config_nfs_server():
    cmds = [
        'apt-get -y install nfs-kernel-server',
        'service nfs-kernel-server stop',
        'mkdir -p /export',
        'chmod 777 /export',
    ]
    for c in cmds:
        sudo(c)
    
    Xput('config/etc/hosts.deny', '/etc/hosts.deny', use_sudo=True)
    hosts_allow_fn = 'config/etc/hosts.allow'
    template_ha = string.Template(open(hosts_allow_fn).read())
    exports_fn = 'config/etc/exports'
    template_e = string.Template(open(exports_fn).read())

    export_options = "(rw,fsid=0,insecure,no_subtree_check,async)"
    ip_options = []
    for ip in env.roledefs['all']:
        ip_options.append("{ip}{opt}".format(ip=ip, opt=export_options))
    contents = StringIO.StringIO(template_e.substitute(host_and_options= \
                                                       ' '.join(ip_options)))
    Xput(contents, "/etc/exports", use_sudo=True)

    ip_list = ' '.join(env.roledefs['all'])
    contents = StringIO.StringIO(template_ha.substitute(ip_list=ip_list))
    logging.info("/etc/hosts.allow :\n{}".format(contents.getvalue()))
    Xput(contents, '/etc/hosts.allow', use_sudo=True)

    sudo('exportfs -a')
    reboot()
def main():
  connection = common.connect()
  region = common.prompt_region(connection)
  connection = common.connect(region)
  zone = common.prompt_zone(connection)
  security_group = common.prompt_security_group(connection)
  prefix = "{}-{}-".format(security_group, zone.split("-")[-1])
  name = _prompt_name(connection, prefix)
  instance_type = _prompt_instance_type()
  key_path = common.prompt_key_path()
  key_name = os.path.basename(key_path).split(".")[0]

  arguments = _LaunchArguments(instance_type=instance_type,
                               key_name=key_name,
                               name=name,
                               security_group=security_group,
                               zone=zone)

  env.host_string = _launch(connection, arguments, region)
  env.key_filename = key_path
  env.user = _USERNAME
  common.wait_until_remote_reachable()
  sudo("hostname {}".format(name))
  _update_system_files(name)
  _install()
  _update_installed_files()
  reboot()

  if instance_type.ephemeral_disk_count > 1:
    _create_ephemeral_raid(instance_type.ephemeral_disk_count)
  
  if _GIT_REPO:
    _clone()
Exemplo n.º 10
0
def bootstrap(username='******',
              password='******',
              authorized_keys='authorized_keys',
              **kw):
    """bootstrap a freshly booted nanopi NEO Air to make it ansible ready"""
    # (temporarily) set the user to the user set up during bootstrapping
    hostname = env.instance.uid
    env.host_string = '%s@%s' % (username, hostname)
    env.password = password
    if not path.isabs(authorized_keys):
        authorized_keys = path.join(env['config_base'], '..', authorized_keys)
    with fab.settings(warn_only=True):
        # enable passwordless root login via ssh
        fab.sudo("""mkdir /root/.ssh""")
        fab.sudo("""chmod 700 /root/.ssh""")
        fab.put(local_path=authorized_keys,
                remote_path='/root/.ssh/authorized_keys',
                use_sudo=True,
                mode='0700')
        fab.sudo("""chown root:root /root/.ssh/authorized_keys""")
        fab.sudo(
            """echo 'PermitRootLogin without-password' > /etc/ssh/sshd_config"""
        )
        fab.sudo("""apt update""")
        fab.sudo("""apt upgrade -y""")
    fab.reboot()
Exemplo n.º 11
0
def install_docker():
    check_valid_os()
    print(':: Installing Docker on {}'.format(env.host_string))
    ver = run('cat /etc/lsb-release  | grep DISTRIB_RELEASE | cut -d \'=\' -f2')
    reboot_needed = False
    sudo('apt-get update')
    sudo('sh -c "echo deb http://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list"')
    sudo('sudo sh -c "wget -qO- https://get.docker.io/gpg | apt-key add -"')
    # extras
    if ver == '12.04':
        sudo('apt-get install -y linux-image-generic-lts-raring linux-headers-generic-lts-raring')
        reboot_needed = True
    else:
        sudo('apt-get install -y linux-image-extra-`uname -r`')
    sudo('apt-get update')
    # docker
    sudo('apt-get install -y lxc-docker git-core')
    sudo('echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf ; sysctl -p /etc/sysctl.conf')
    # check ufw
    sudo("sed -i 's/^DEFAULT_FORWARD_POLICY.*/DEFAULT_FORWARD_POLICY=\"ACCEPT\"/g' /etc/default/ufw")
    sudo('service ufw restart')
    # set to listen on local addr
    with open('.tmpcfg', 'w') as f:
        f.write('DOCKER_OPTS="-H unix:///var/run/docker.sock -H tcp://127.0.0.1:4243"')
    put('.tmpcfg', '/etc/default/docker', use_sudo=True)
    os.remove('.tmpcfg')
    sudo('service docker restart')
    if reboot_needed:
        print(':: Setup complete.  Rebooting to apply new kernel...')
        reboot(wait=60)
Exemplo n.º 12
0
def wipefs():
    disks = sudo('lsblk | grep T').split('\n')
    for disk in disks[1:]:
        disk = disk.split(' ')[0]
        sudo("sudo wipefs -af /dev/%s" % disk)
    with settings(warn_only=True):
        reboot(600)
 def _reboot_server(self):
     env.update({
         'user': self.env.management_user_name,
         'key_filename': get_actual_keypath(self.env,
                                            self.env.management_key_path),
         'host_string': self.env.management_ip,
     })
     reboot()
Exemplo n.º 14
0
def worker_init():
    nfs()
    run('mkdir -p /home/ps/data/')
    run('cp /home/ps/share/ssd/script/run_worker.sh /home/ps/data/')
    sudo('cp /home/ps/share/ssd/conf/worker.conf /etc/supervisor/conf.d/')
    # sudo('supervisorctl reload')
    with settings(warn_only=True):
        reboot(600)
Exemplo n.º 15
0
def reboot_if_required():
    "Reboots the machine only if it's required"
    if file_exists('/var/run/reboot-required'):
        puts("Rebooting...")
        reboot()
        puts("Machine is back online.")
    else:
        puts("No reboot required.")
Exemplo n.º 16
0
    def reboot(self, wait=300):
        """Reboot this server
        :param wait: wait for the server to come up
        """
        from fabric.api import reboot, settings

        with settings(**self.construct_settings(
                is_warn_only=True, n_attempts=self.N_CONNECTION_ATTEMPTS)):
            reboot(wait=wait)
Exemplo n.º 17
0
def paso_1_install():
    install_git()
    install_supervisor()
    install_sensors()
    supervisor_conf()
    change_sensors_file_mod()
    config_hostname()
    create_permissions_loggers()
    reboot(wait=5)
Exemplo n.º 18
0
def reload():
    """Restart the server."""
    # TODO: Duplicated elsewhere
    if env.settings in ('staging', 'production'):
        require('hosts', provided_by=[staging, production])
        reboot(60)
    else:
        require('hosts', provided_by=[vagrant])
        local('vagrant reload')
Exemplo n.º 19
0
def _checkpoint_initial():
    log("Updating server OS")
    check_result(sudo("apt-get update"), "apt-get update")
    check_result(sudo("apt-get dist-upgrade"), "apt-get dist-upgrade")
    check_result(sudo("apt-get autoremove"), "apt-get autoremove")
    log("Rebooting")
    reboot()

    _write_checkpoint(1)
    _checkpoint_one()
Exemplo n.º 20
0
def install():
    install_git()
    install_supervisor()
    install_sensors()
    install_bibliotecas_humedad()
    supervisor_conf()    
    change_sensors_file_mod()
    config_hostname()
    create_permissions_loggers()
    reboot(wait=5)
Exemplo n.º 21
0
 def _reboot_server(self):
     env.update({
         'user':
         self.env.management_user_name,
         'key_filename':
         get_actual_keypath(self.env, self.env.management_key_path),
         'host_string':
         self.env.management_ip,
     })
     reboot()
Exemplo n.º 22
0
def prepare_new_server(name):
    _add_line_if_not_present('/etc/hosts', '127.0.0.1 %s' % name, sudo)

    sudo('hostname %s' % name)
    sudo('apt-get update')
    sudo('apt-get upgrade -y')
    sudo('apt-get update')
    sudo('apt-get install -y git ruby1.9.1 ruby1.9.1-dev build-essential')
    sudo('gem install chef --no-ri --no-rdoc')

    print 'Rebooting to apply stuff...'
    reboot()
Exemplo n.º 23
0
def __prepare_new_server():
    """
    Preparando o ambiente
    """
    run('apt-get update')
    run('apt-get upgrade -y')
    run('apt-get update')
    run('apt-get install -y git ruby1.9.1 ruby1.9.1-dev build-essential')
    run('gem install chef --no-ri --no-rdoc')

    print 'Rebooting to apply stuff...'
    reboot()
Exemplo n.º 24
0
def dependency():
    require('stage')
    with settings(warn_only=True):
        sudo('rm -rf {0}'.format(env['configs']['temp_dir']))
        if env['configs'].get('clean', {}).get('mode', 'soft') == 'soft':
            sudo('docker rm -f `docker ps -a -q`')
        else:
            sudo('systemctl stop docker && systemctl disable docker')
            sudo('rm -rf /var/lib/docker')
            sudo('systemctl daemon-reload && systemctl enable docker')

        reboot()
Exemplo n.º 25
0
def setup_group():
    current_user = run('id -u -n')
    with settings(warn_only=True):
        if run('grep sharkeyes /etc/group').return_code != 0:
            sudo('groupadd sharkeyes')
    sudo('usermod -a -G sharkeyes apache')
    sudo('usermod -a -G sharkeyes mysql')
    sudo('usermod -a -G sharkeyes ' + current_user)
    #sudo('exec sudo su -l $USER')
    if 'sharkeyes' not in run('id'):
        if env.user == 'vagrant':
            local('vagrant reload') # if we're in vagrant, a normal restart doesn't reconnect things it needs to
        else:
            reboot()
Exemplo n.º 26
0
def install_server(publichost, admin_privkey_path, monitor_pubkey,
                   monitor_privkey_path, stdout, stderr):
    set_host_and_key(publichost, admin_privkey_path)

    print >> stdout, "Updating server..."
    sudo_apt_get('update')
    sudo_apt_get('dist-upgrade -y')

    print >> stdout, "Rebooting server (this will take a while)..."
    api.reboot(240)

    print >> stdout, "Installing dependencies..."
    sudo_apt_get('install -y python-dev')
    sudo_apt_get('install -y python-setuptools')
    sudo_apt_get('install -y exim4-base')
    sudo_apt_get('install -y darcs')
    sudo_apt_get('install -y python-foolscap')
    sudo_apt_get('remove -y --purge whoopsie')
    run('wget %s' % (INSTALL_TXAWS_URL, ))
    run('tar -xzvf txAWS-%s.tar.gz' % (INSTALL_TXAWS_VERSION, ))
    with cd('/home/ubuntu/txAWS-%s' % (INSTALL_TXAWS_VERSION, )):
        sudo('python ./setup.py install')
    create_account('customer', None, stdout, stderr)
    create_account('monitor', monitor_pubkey, stdout, stderr)

    # verify that the account exists and can be logged into
    set_host_and_key(publichost, monitor_privkey_path, username="******")

    # do the rest of the installation as 'customer', customer doesn't actually have its own ssh keys
    # I don't know if creating one would be useful.XXX
    set_host_and_key(publichost, admin_privkey_path, username="******")

    print >> stdout, "Getting Tahoe-LAFS..."
    run('rm -rf /home/customer/LAFS_source')
    run('darcs get --lazy https://tahoe-lafs.org/source/tahoe/ticket999-S3-backend LAFS_source'
        )

    print >> stdout, "Building Tahoe-LAFS..."
    with cd('/home/customer/LAFS_source'):
        run('python ./setup.py build')

    print >> stdout, "Creating introducer and storage server..."
    run('mkdir -p introducer storageserver')
    run('LAFS_source/bin/tahoe create-introducer introducer || echo Assuming that introducer already exists.'
        )
    run('LAFS_source/bin/tahoe create-node storageserver || echo Assuming that storage server already exists.'
        )

    print >> stdout, "Finished server installation."
Exemplo n.º 27
0
def deploy(hostname, pubkey, username, passwd=None, first_run='True'):
	runone = (first_run.lower() == 'true')

	if runone:
		env.user = '******'
		chpasswd('pi')
	else:
		env.user = username
		env.key_filename = pubkey[:-4]

	setup_wifi()
	remove_x11()
	upgrade()
	setup_unattended_upgrades()
	harden(hostname, pubkey, username, passwd, first_run)
	reboot()
Exemplo n.º 28
0
def setup_group():
    current_user = run('id -u -n')
    with settings(warn_only=True):
        if run('grep sharkeyes /etc/group').return_code != 0:
            sudo('groupadd sharkeyes')
    sudo('usermod -a -G sharkeyes apache')
    sudo('usermod -a -G sharkeyes mysql')
    sudo('usermod -a -G sharkeyes ' + current_user)
    #sudo('exec sudo su -l $USER')
    if 'sharkeyes' not in run('id'):
        if env.user == 'vagrant':
            local(
                'vagrant reload'
            )  # if we're in vagrant, a normal restart doesn't reconnect things it needs to
        else:
            reboot()
Exemplo n.º 29
0
def setup_docker(force=False):
    """Setup docker on the target host.

    :param force: Whether to continue with installation even if
        docker already appears to be installed. Defaults to False.
    :type force: bool
    """
    fastprint(yellow('Setting up docker on host: %s\n' % env.host))
    if is_installed('lxc-docker'):
        fastprint(green(
            'This system already appears to have docker installed on it\n'))
    else:
        version = run('uname -r')
        if '3.2' in version:
            # LTS 3.2 version is too old so we install a backported one
            # see http://docs.docker.io/en/latest/installation/ubuntulinux/
            # #ubuntu-precise-12-04-lts-64-bit
            fastprint(red('Upgrading kernel to 3.8!\n'))
            response = prompt('Do you wish to continue? y/n :')
            if response != 'y':
                fastprint(red('Docker install aborted by user.\n'))
                return
            fastprint(blue('Ok upgrading kernel.'))
            require_packages([
                'linux-image-generic-lts-raring',
                'linux-headers-generic-lts-raring'])
            fastprint(red('\nWe need to reboot the system now!\n'))
            response = prompt('Do you wish to continue? y/n :')
            if response is not None:
                reboot()
        else:
            require_package('linux-image-extra-%s' % version)
        require_ppa('ppa:dotcloud/lxc-docker')
        apt_get_update()
        require_packages([
            'software-properties-common',
            'lxc-docker'])
    # Ensure ufw forwards traffic.
    # http://docs.docker.io/en/latest/installation/ubuntulinux/#ufw
    sed(
        '/etc/default/ufw',
        'DEFAULT_FORWARD_POLICY="DROP"',
        'DEFAULT_FORWARD_POLICY="ACCEPT"',
        use_sudo=False)
    setup_docker_image()
    setup_docker_user()
Exemplo n.º 30
0
def install_server(publichost, admin_privkey_path, monitor_pubkey, monitor_privkey_path, stdout,
                   stderr):
    set_host_and_key(publichost, admin_privkey_path)

    print >>stdout, "Updating server..."
    sudo_apt_get('update')
    sudo_apt_get('dist-upgrade -y')

    print >>stdout, "Rebooting server (this will take a while)..."
    api.reboot(240)

    print >>stdout, "Installing dependencies..."
    sudo_apt_get('install -y python-dev')
    sudo_apt_get('install -y python-setuptools')
    sudo_apt_get('install -y exim4-base')
    sudo_apt_get('install -y darcs')
    sudo_apt_get('install -y python-foolscap')
    sudo_apt_get('remove -y --purge whoopsie')
    run('wget %s' % (INSTALL_TXAWS_URL,))
    run('tar -xzvf txAWS-%s.tar.gz' % (INSTALL_TXAWS_VERSION,))
    with cd('/home/ubuntu/txAWS-%s' % (INSTALL_TXAWS_VERSION,)):
        sudo('python ./setup.py install')
    create_account('customer', None, stdout, stderr)
    create_account('monitor', monitor_pubkey, stdout, stderr)

    # verify that the account exists and can be logged into
    set_host_and_key(publichost, monitor_privkey_path, username="******")

    # do the rest of the installation as 'customer', customer doesn't actually have its own ssh keys
    # I don't know if creating one would be useful.XXX
    set_host_and_key(publichost, admin_privkey_path, username="******")

    print >>stdout, "Getting Tahoe-LAFS..."
    run('rm -rf /home/customer/LAFS_source')
    run('darcs get --lazy https://tahoe-lafs.org/source/tahoe/ticket999-S3-backend LAFS_source')

    print >>stdout, "Building Tahoe-LAFS..."
    with cd('/home/customer/LAFS_source'):
        run('python ./setup.py build')

    print >>stdout, "Creating introducer and storage server..."
    run('mkdir -p introducer storageserver')
    run('LAFS_source/bin/tahoe create-introducer introducer || echo Assuming that introducer already exists.')
    run('LAFS_source/bin/tahoe create-node storageserver || echo Assuming that storage server already exists.')

    print >>stdout, "Finished server installation."
Exemplo n.º 31
0
def setup_docker(force=False):
    """Setup docker on the target host.

    :param force: Whether to continue with installation even if
        docker already appears to be installed. Defaults to False.
    :type force: bool
    """
    fastprint(yellow('Setting up docker on host: %s\n' % env.host))
    if is_installed('lxc-docker'):
        fastprint(
            green(
                'This system already appears to have docker installed on it\n')
        )
    else:
        version = run('uname -r')
        if '3.2' in version:
            # LTS 3.2 version is too old so we install a backported one
            # see http://docs.docker.io/en/latest/installation/ubuntulinux/
            # #ubuntu-precise-12-04-lts-64-bit
            fastprint(red('Upgrading kernel to 3.8!\n'))
            response = prompt('Do you wish to continue? y/n :')
            if response != 'y':
                fastprint(red('Docker install aborted by user.\n'))
                return
            fastprint(blue('Ok upgrading kernel.'))
            require_packages([
                'linux-image-generic-lts-raring',
                'linux-headers-generic-lts-raring'
            ])
            fastprint(red('\nWe need to reboot the system now!\n'))
            response = prompt('Do you wish to continue? y/n :')
            if response is not None:
                reboot()
        else:
            require_package('linux-image-extra-%s' % version)
        require_ppa('ppa:dotcloud/lxc-docker')
        apt_get_update()
        require_packages(['software-properties-common', 'lxc-docker'])
    # Ensure ufw forwards traffic.
    # http://docs.docker.io/en/latest/installation/ubuntulinux/#ufw
    sed('/etc/default/ufw',
        'DEFAULT_FORWARD_POLICY="DROP"',
        'DEFAULT_FORWARD_POLICY="ACCEPT"',
        use_sudo=False)
    setup_docker_image()
    setup_docker_user()
Exemplo n.º 32
0
def bootstrap(boot_ip=None,
              authorized_keys='authorized_keys',
              configure_ethernet="yes"):
    """bootstrap a freshly booted Raspberry PI 3 to make it ansible ready"""
    # (temporarily) set the user to `pi`
    if not path.isabs(authorized_keys):
        authorized_keys = path.join(env['config_base'], '..', authorized_keys)
    final_ip = env.instance.config['ip']
    if boot_ip:
        env.instance.config['ip'] = boot_ip
    hostname = env.instance.uid
    env.host_string = 'pi@%s' % hostname
    env.password = '******'
    fab.sudo("""apt update""")
    fab.sudo("""apt upgrade -y""")
    AV = env.instance.get_ansible_variables()
    # TODO: Move defaults into ploy.conf
    AV.setdefault('eth_ip', final_ip)
    AV.setdefault('eth_iface', 'eth0')
    AV.setdefault('eth_netmask', '255.255.255.0')
    AV.setdefault('eth_gateway', '192.168.1.1')
    AV.setdefault('eth_dns', '8.8.8.8')
    with fab.settings(warn_only=True):
        fab.sudo("systemctl stop dhcpcd")
        fab.sudo("systemctl disable dhcpcd")
        if configure_ethernet == "yes":
            eth_config = eth_interface.format(**AV)
            fab.sudo('echo """%s""" > /etc/network/interfaces.d/%s' %
                     (eth_config, AV['eth_iface']))
            fab.sudo(
                'echo "source-directory /etc/network/interfaces.d" > /etc/network/interfaces'
            )
            fab.sudo('echo "nameserver %s" | resolvconf -a %s' %
                     (AV['eth_gateway'], AV['eth_iface']))
        # enable passwordless root login via ssh
        fab.sudo("""mkdir -p /root/.ssh""")
        fab.sudo("""chmod 700 /root/.ssh""")
        fab.put(local_path=authorized_keys,
                remote_path='/root/.ssh/authorized_keys',
                use_sudo=True,
                mode='0700')
        fab.sudo("""chown root:root /root/.ssh/authorized_keys""")
    fab.reboot()
Exemplo n.º 33
0
def bootstrap(boot_ip=None, authorized_keys='authorized_keys', static_ip=True):
    """bootstrap a freshly booted Pine64 to make it ansible ready"""
    # (temporarily) set the user to `ubuntu`
    if not path.isabs(authorized_keys):
        authorized_keys = path.join(env['config_base'], '..', authorized_keys)
    final_ip = env.instance.config['ip']
    if boot_ip:
        env.instance.config['ip'] = boot_ip
    hostname = env.instance.uid
    env.host_string = 'ubuntu@%s' % hostname
    env.password = '******'
    AV = env.instance.get_ansible_variables()
    AV.setdefault('eth_ip', final_ip)
    AV.setdefault('eth_iface', 'eth0')
    AV.setdefault('eth_netmask', '255.255.255.0')
    AV.setdefault('eth_gateway', '192.168.1.1')
    AV.setdefault('eth_dns', '8.8.8.8')
    with fab.settings(warn_only=True):
        fab.sudo('echo """%s""" > /etc/network/interfaces.d/%s' %
                 (eth_interface.format(**AV), AV['eth_iface']))
        # enable passwordless root login via ssh
        from fabric.contrib.files import exists
        if not exists('/root/.ssh', use_sudo=True):
            fab.sudo("""mkdir /root/.ssh""")
            fab.sudo("""chmod 700 /root/.ssh""")
        if not exists('/root/.ssh/authorized_keys', use_sudo=True):
            fab.put(local_path=authorized_keys,
                    remote_path='/root/.ssh/authorized_keys',
                    use_sudo=True,
                    mode='0700')
            fab.sudo("""chown root:root /root/.ssh/authorized_keys""")
        fab.sudo(
            """echo 'PermitRootLogin without-password' > /etc/ssh/sshd_config"""
        )
    fab.sudo("""/usr/local/sbin/resize_rootfs.sh""")
    fab.sudo("""/usr/local/sbin/pine64_update_uboot.sh""")
    fab.sudo("""/usr/local/sbin/pine64_update_kernel.sh""")
    fab.sudo("""apt-get install python -y""")
    # finally override DNS
    fab.sudo('echo """%s""" > /etc/resolvconf/resolv.conf.d/tail' %
             eth_resolvconf.format(**AV))
    fab.reboot()
Exemplo n.º 34
0
def install_docker():
    check_valid_os()
    print(':: Installing Docker on {}'.format(env.host_string))
    ver = run(
        'cat /etc/lsb-release  | grep DISTRIB_RELEASE | cut -d \'=\' -f2')
    reboot_needed = False
    sudo('apt-get update')
    sudo(
        'sh -c "echo deb http://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list"'
    )
    sudo('sudo sh -c "wget -qO- https://get.docker.io/gpg | apt-key add -"')
    # extras
    if ver == '12.04':
        sudo(
            'apt-get install -y linux-image-generic-lts-raring linux-headers-generic-lts-raring'
        )
        reboot_needed = True
    else:
        sudo('apt-get install -y linux-image-extra-`uname -r`')
    sudo('apt-get update')
    # docker
    sudo('apt-get install -y lxc-docker git-core')
    sudo(
        'echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf ; sysctl -p /etc/sysctl.conf'
    )
    # check ufw
    sudo(
        "sed -i 's/^DEFAULT_FORWARD_POLICY.*/DEFAULT_FORWARD_POLICY=\"ACCEPT\"/g' /etc/default/ufw"
    )
    sudo('service ufw restart')
    # set to listen on local addr
    with open('.tmpcfg', 'w') as f:
        f.write(
            'DOCKER_OPTS="-H unix:///var/run/docker.sock -H tcp://127.0.0.1:4243"'
        )
    put('.tmpcfg', '/etc/default/docker', use_sudo=True)
    os.remove('.tmpcfg')
    sudo('service docker restart')
    if reboot_needed:
        print(':: Setup complete.  Rebooting to apply new kernel...')
        reboot(wait=120)
Exemplo n.º 35
0
def bootstrap(boot_ip=None, authorized_keys='authorized_keys', static_ip=True):
    """bootstrap a freshly booted Raspberry PI 3 to make it ansible ready"""
    # (temporarily) set the user to `pi`
    if not path.isabs(authorized_keys):
        authorized_keys = path.join(
            env['config_base'],
            '..',
            authorized_keys)
    final_ip = env.instance.config['ip']
    if boot_ip:
        env.instance.config['ip'] = boot_ip
    hostname = env.instance.uid
    env.host_string = 'pi@%s' % hostname
    env.password = '******'
    fab.sudo("""apt update""")
    fab.sudo("""apt upgrade -y""")
    AV = env.instance.get_ansible_variables()
    AV.setdefault('eth_ip', final_ip)
    AV.setdefault('eth_iface', 'eth0')
    AV.setdefault('eth_netmask', '24')
    AV.setdefault('eth_gateway', '192.168.1.1')
    AV.setdefault('eth_dns', '8.8.8.8')
    with fab.settings(warn_only=True):
        if static_ip:
            fab.sudo(
                'echo """%s""" >> /etc/dhcpcd.conf' %
                eth_interface.format(**AV))
        # enable passwordless root login via ssh
        fab.sudo("""mkdir /root/.ssh""")
        fab.sudo("""chmod 700 /root/.ssh""")
        fab.put(
            local_path=authorized_keys,
            remote_path='/root/.ssh/authorized_keys',
            use_sudo=True,
            mode='0700')
        fab.sudo("""chown root:root /root/.ssh/authorized_keys""")
    fab.reboot()
Exemplo n.º 36
0
def restart():
    reboot()
Exemplo n.º 37
0
def harden(ssh_port=22):
    """Harden the server a little.

    :param ssh_port:

    Warning: We make no claim that this makes your server intruder proof. You
    should always check any system yourself and make sure that it is
    adequately secured.

    .. todo:: Make this work more gracefully if harden has been run previously.

    """
    # Create a user name because after we are done remote login as root will
    # be disabled. Username will match your local user.

    user = prompt('Choose a user name')
    password = prompt('Choose a password for the new user')

    create_user(user, password)
    ssh_copy_id()  # this does not work on OSX
    if not contains('/etc/group', 'admin'):
        sudo('groupadd admin')
    sudo('usermod -a -G admin %s' % user)
    sudo('dpkg-statoverride --update --add root admin 4750 /bin/su')

    fabtools.deb.update_index(quiet=True)

    # Set up ufw and mosh
    fabtools.require.deb.package('ufw')
    setup_mosh()

    sudo('ufw default deny incoming')
    sudo('ufw default allow outgoing')
    sudo('ufw allow 8697')
    sudo('ufw allow http')
    sudo('ufw allow ssh')
    sudo('ufw allow mosh')
    sudo('ufw allow 25')  # mail
    #Irc freenode
    sudo('ufw allow from 127.0.0.1/32 to 78.40.125.4 port 6667')
    sudo('ufw allow from 127.0.0.1/32 to any port 22')
    sudo('ufw allow 443')
    sudo('ufw allow 53/udp')  # dns
    sudo('ufw allow 53/tcp')
    sudo('ufw allow 1053')  # dns client

    sed('/etc/ssh/sshd_config', 'Port 22', 'Port 8697', use_sudo=True)
    sed('/etc/ssh/sshd_config', 'PermitRootLogin yes',
        'PermitRootLogin no', use_sudo=True)
    sed('/etc/ssh/sshd_config', '#PasswordAuthentication yes',
        'PasswordAuthentication no', use_sudo=True)
    sed('/etc/ssh/sshd_config', 'X11Forwarding yes',
        'X11Forwarding no', use_sudo=True)
    sudo('ufw enable')

    append_if_not_present(
        '/etc/ssh/sshd_config', 'Banner /etc/issue.net', use_sudo=True)

    append_if_not_present(
        '/etc/sysctl.conf',
        'net.ipv4.conf.default.rp_filter=1', use_sudo=True)
    append_if_not_present(
        '/etc/sysctl.conf',
        'net.ipv4.conf.setup_env.rp_filter=1', use_sudo=True)
    append_if_not_present(
        '/etc/sysctl.conf',
        'net.ipv4.conf.setup_env.accept_redirects = 0', use_sudo=True)
    append_if_not_present(
        '/etc/sysctl.conf',
        'net.ipv4.conf.setup_env.send_redirects = 0', use_sudo=True)
    append_if_not_present(
        '/etc/sysctl.conf',
        'net.ipv4.conf.setup_env.accept_source_route = 0', use_sudo=True)
    append_if_not_present(
        '/etc/sysctl.conf',
        'net.ipv4.icmp_echo_ignore_broadcasts = 1', use_sudo=True)
    append_if_not_present(
        '/etc/sysctl.conf',
        'net.ipv4.icmp_ignore_bogus_error_responses = 1', use_sudo=True)

    fabtools.require.deb.package('denyhosts')
    # Must come before mailutils
    fabtools.require.postfix.server(env.host)
    fabtools.require.deb.package('mailutils')
    fabtools.require.deb.package('byobu')
    fabtools.service.restart('ssh')

    # Some hints and tips from:
    # http://www.thefanclub.co
    # .za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics
    secure_tmp = (
        'tmpfs     /dev/shm     tmpfs     defaults,noexec,'
        'nosuid     0     0')
    append_if_not_present('/etc/fstab', secure_tmp, use_sudo=True)

    sysctl = '/etc/sysctl.conf'

    append_if_not_present(
        sysctl, '# IP Spoofing protection', use_sudo=True)
    append_if_not_present(
        sysctl, 'net.ipv4.conf.setup_env.rp_filter = 1', use_sudo=True)
    append_if_not_present(
        sysctl, 'net.ipv4.conf.default.rp_filter = 1', use_sudo=True)

    append_if_not_present(
        sysctl, '# Ignore ICMP broadcast requests', use_sudo=True)
    append_if_not_present(
        sysctl, 'net.ipv4.icmp_echo_ignore_broadcasts = 1', use_sudo=True)

    append_if_not_present(
        sysctl, '# Disable source packet routing', use_sudo=True)
    append_if_not_present(
        sysctl,
        'net.ipv4.conf.setup_env.accept_source_route = 0', use_sudo=True)
    append_if_not_present(
        sysctl,
        'net.ipv6.conf.setup_env.accept_source_route = 0', use_sudo=True)
    append_if_not_present(
        sysctl, 'net.ipv4.conf.default.accept_source_route = 0', use_sudo=True)
    append_if_not_present(
        sysctl, 'net.ipv6.conf.default.accept_source_route = 0', use_sudo=True)

    append_if_not_present(
        sysctl, '# Ignore send redirects', use_sudo=True)
    append_if_not_present(
        sysctl, 'net.ipv4.conf.setup_env.send_redirects = 0', use_sudo=True)
    append_if_not_present(
        sysctl, 'net.ipv4.conf.default.send_redirects = 0', use_sudo=True)

    append_if_not_present(
        sysctl, '# Block SYN attacks', use_sudo=True)
    append_if_not_present(
        sysctl, 'net.ipv4.tcp_syncookies = 1', use_sudo=True)
    append_if_not_present(
        sysctl, 'net.ipv4.tcp_max_syn_backlog = 2048', use_sudo=True)
    append_if_not_present(
        sysctl, 'net.ipv4.tcp_synack_retries = 2', use_sudo=True)
    append_if_not_present(
        sysctl, 'net.ipv4.tcp_syn_retries = 5', use_sudo=True)

    append_if_not_present(
        sysctl, '# Log Martians', use_sudo=True)
    append_if_not_present(
        sysctl, 'net.ipv4.conf.setup_env.log_martians = 1', use_sudo=True)
    append_if_not_present(
        sysctl, 'net.ipv4.icmp_ignore_bogus_error_responses = 1', use_sudo=True)

    append_if_not_present(
        sysctl, '# Ignore ICMP redirects', use_sudo=True)
    append_if_not_present(
        sysctl, 'net.ipv4.conf.setup_env.accept_redirects = 0', use_sudo=True)
    append_if_not_present(
        sysctl, 'net.ipv6.conf.setup_env.accept_redirects = 0', use_sudo=True)
    append_if_not_present(
        sysctl, 'net.ipv4.conf.default.accept_redirects = 0', use_sudo=True)
    append_if_not_present(
        sysctl, 'net.ipv6.conf.default.accept_redirects = 0', use_sudo=True)

    append_if_not_present(
        sysctl, '# Ignore Directed pings', use_sudo=True)
    append_if_not_present(
        sysctl, 'net.ipv4.icmp_echo_ignore_all = 1', use_sudo=True)

    sudo('sysctl -p')
    reboot()

    print 'You need to log in and install mailutils yourself as automated ' \
          'installation causes interactive prompting.'
    print 'sudo apt-get install mailutils'
Exemplo n.º 38
0
def harden(ssh_port=22):
    """Harden the server a little.

    :param ssh_port:

    Warning: We make no claim that this makes your server intruder proof. You
    should always check any system yourself and make sure that it is
    adequately secured.

    .. todo:: Make this work more gracefully if harden has been run previously.

    """
    # Create a user name because after we are done remote login as root will
    # be disabled. Username will match your local user.

    user = prompt('Choose a user name')
    password = prompt('Choose a password for the new user')

    create_user(user, password)
    ssh_copy_id()  # this does not work on OSX
    if not contains('/etc/group', 'admin'):
        sudo('groupadd admin')
    sudo('usermod -a -G admin %s' % user)
    sudo('dpkg-statoverride --update --add root admin 4750 /bin/su')

    fabtools.deb.update_index(quiet=True)

    # Set up ufw and mosh
    fabtools.require.deb.package('ufw')
    setup_mosh()

    sudo('ufw default deny incoming')
    sudo('ufw default allow outgoing')
    sudo('ufw allow 8697')
    sudo('ufw allow http')
    sudo('ufw allow ssh')
    sudo('ufw allow mosh')
    sudo('ufw allow 25')  # mail
    #Irc freenode
    sudo('ufw allow from 127.0.0.1/32 to 78.40.125.4 port 6667')
    sudo('ufw allow from 127.0.0.1/32 to any port 22')
    sudo('ufw allow 443')
    sudo('ufw allow 53/udp')  # dns
    sudo('ufw allow 53/tcp')
    sudo('ufw allow 1053')  # dns client

    sed('/etc/ssh/sshd_config', 'Port 22', 'Port 8697', use_sudo=True)
    sed('/etc/ssh/sshd_config',
        'PermitRootLogin yes',
        'PermitRootLogin no',
        use_sudo=True)
    sed('/etc/ssh/sshd_config',
        '#PasswordAuthentication yes',
        'PasswordAuthentication no',
        use_sudo=True)
    sed('/etc/ssh/sshd_config',
        'X11Forwarding yes',
        'X11Forwarding no',
        use_sudo=True)
    sudo('ufw enable')

    append_if_not_present('/etc/ssh/sshd_config',
                          'Banner /etc/issue.net',
                          use_sudo=True)

    append_if_not_present('/etc/sysctl.conf',
                          'net.ipv4.conf.default.rp_filter=1',
                          use_sudo=True)
    append_if_not_present('/etc/sysctl.conf',
                          'net.ipv4.conf.setup_env.rp_filter=1',
                          use_sudo=True)
    append_if_not_present('/etc/sysctl.conf',
                          'net.ipv4.conf.setup_env.accept_redirects = 0',
                          use_sudo=True)
    append_if_not_present('/etc/sysctl.conf',
                          'net.ipv4.conf.setup_env.send_redirects = 0',
                          use_sudo=True)
    append_if_not_present('/etc/sysctl.conf',
                          'net.ipv4.conf.setup_env.accept_source_route = 0',
                          use_sudo=True)
    append_if_not_present('/etc/sysctl.conf',
                          'net.ipv4.icmp_echo_ignore_broadcasts = 1',
                          use_sudo=True)
    append_if_not_present('/etc/sysctl.conf',
                          'net.ipv4.icmp_ignore_bogus_error_responses = 1',
                          use_sudo=True)

    fabtools.require.deb.package('denyhosts')
    # Must come before mailutils
    fabtools.require.postfix.server(env.host)
    fabtools.require.deb.package('mailutils')
    fabtools.require.deb.package('byobu')
    fabtools.service.restart('ssh')

    # Some hints and tips from:
    # http://www.thefanclub.co
    # .za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics
    secure_tmp = ('tmpfs     /dev/shm     tmpfs     defaults,noexec,'
                  'nosuid     0     0')
    append_if_not_present('/etc/fstab', secure_tmp, use_sudo=True)

    sysctl = '/etc/sysctl.conf'

    append_if_not_present(sysctl, '# IP Spoofing protection', use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv4.conf.setup_env.rp_filter = 1',
                          use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv4.conf.default.rp_filter = 1',
                          use_sudo=True)

    append_if_not_present(sysctl,
                          '# Ignore ICMP broadcast requests',
                          use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv4.icmp_echo_ignore_broadcasts = 1',
                          use_sudo=True)

    append_if_not_present(sysctl,
                          '# Disable source packet routing',
                          use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv4.conf.setup_env.accept_source_route = 0',
                          use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv6.conf.setup_env.accept_source_route = 0',
                          use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv4.conf.default.accept_source_route = 0',
                          use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv6.conf.default.accept_source_route = 0',
                          use_sudo=True)

    append_if_not_present(sysctl, '# Ignore send redirects', use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv4.conf.setup_env.send_redirects = 0',
                          use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv4.conf.default.send_redirects = 0',
                          use_sudo=True)

    append_if_not_present(sysctl, '# Block SYN attacks', use_sudo=True)
    append_if_not_present(sysctl, 'net.ipv4.tcp_syncookies = 1', use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv4.tcp_max_syn_backlog = 2048',
                          use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv4.tcp_synack_retries = 2',
                          use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv4.tcp_syn_retries = 5',
                          use_sudo=True)

    append_if_not_present(sysctl, '# Log Martians', use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv4.conf.setup_env.log_martians = 1',
                          use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv4.icmp_ignore_bogus_error_responses = 1',
                          use_sudo=True)

    append_if_not_present(sysctl, '# Ignore ICMP redirects', use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv4.conf.setup_env.accept_redirects = 0',
                          use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv6.conf.setup_env.accept_redirects = 0',
                          use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv4.conf.default.accept_redirects = 0',
                          use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv6.conf.default.accept_redirects = 0',
                          use_sudo=True)

    append_if_not_present(sysctl, '# Ignore Directed pings', use_sudo=True)
    append_if_not_present(sysctl,
                          'net.ipv4.icmp_echo_ignore_all = 1',
                          use_sudo=True)

    sudo('sysctl -p')
    reboot()

    print 'You need to log in and install mailutils yourself as automated ' \
          'installation causes interactive prompting.'
    print 'sudo apt-get install mailutils'
Exemplo n.º 39
0
def reboot_system():
    reboot_answer = prompt("You have to reboot your system. Do you want to reboot now?", default=YES_ANSWER)
    if reboot_answer.lower() == YES_ANSWER:
        reboot(wait=30)
    else:
        print "Remember to reboot manually"
Exemplo n.º 40
0
def restart_cheifmanager():

    with settings(warn_only=True):

        reboot(use_sudo=True)
Exemplo n.º 41
0
def restart():
        reboot()
Exemplo n.º 42
0
def reboot():
    fab.reboot()
Exemplo n.º 43
0
def install_termopar_paso_1():
    install_ds18b20()
    modprobes_enable()
    reboot(wait=5)
Exemplo n.º 44
0
def run_unattended_upgrade(api, seconds_for_reboot_pause):
    sudo_apt_get('update')
    sudo('unattended-upgrade --minimal_upgrade_steps')
    api.reboot(seconds_for_reboot_pause)
Exemplo n.º 45
0
def install_infrastructure_server(publichost, admin_privkey_path, website_pubkey, leastauth_repo, 
                                  la_commit_hash, secretconf_repo, sc_commit_hash, 
                                  stdout, stderr):
    """
    This is the code that sets up the infrastructure server.
    This is intended to be idempotent.

    Known sources of non-idempotence:
        - setup_git_deploy
    """
    api.env.host_string = '%s@%s' % ('ubuntu', publichost)
    api.env.reject_unknown_hosts = True
    api.env.key_filename = admin_privkey_path
    api.env.abort_on_prompts = True
    print >>stdout, "Updating server..."
    postfixdebconfstring="""# General type of mail configuration:
# Choices: No configuration, Internet Site, Internet with smarthost, Satellite system, Local only
postfix	postfix/main_mailer_type select	No configuration"""
    sudo_apt_get('update')
    sudo_apt_get('-y dist-upgrade')
    sudo_apt_get('-y autoremove')
    print >>stdout, "Rebooting server..."
    api.reboot(300)
    print >>stdout, "Installing dependencies..."
    sudo_apt_get('install -y python-dev python-setuptools git-core python-jinja2 python-nevow '
                 'python-dateutil fabric python-foolscap python-twisted-mail python-six '
                 'python-unidecode python-tz python-docutils python-markdown')
    write(postfixdebconfstring, '/home/ubuntu/postfixdebconfs.txt')
    sudo('debconf-set-selections /home/ubuntu/postfixdebconfs.txt')  
    sudo_apt_get('install -y postfix')
    sudo_apt_get('install -y darcs')

#    sudo_apt_get('install -y nginx')
#    write(NGINX_CONFIG, '/etc/nginx/sites-enabled/mailman', True)
#    sudo('rm /etc/nginx/sites-enabled/default')
#    sudo('service nginx restart')
    
    run('wget https://pypi.python.org/packages/source/p/pelican/pelican-3.2.2.tar.gz')
    run('tar zxf pelican-3.2.2.tar.gz')
    with cd('pelican-3.2.2'):
        sudo('python setup.py install')

    create_account('website', website_pubkey, stdout, stderr)

    sudo_apt_get('install -y authbind')
    sudo('touch /etc/authbind/byport/{443,80}')
    sudo('chown website:root /etc/authbind/byport/{443,80}')
    sudo('chmod 744 /etc/authbind/byport/{443,80}')
    
    run('wget -O txAWS-%s.tar.gz %s' % (INSTALL_TXAWS_VERSION, INSTALL_TXAWS_URL))
    run('tar -xzvf txAWS-%s.tar.gz' % (INSTALL_TXAWS_VERSION,))
    with cd('/home/ubuntu/txAWS-%s' % (INSTALL_TXAWS_VERSION,)):
        sudo('python ./setup.py install')

    # patch twisted to send intermediate certs, cf. https://github.com/LeastAuthority/leastauthority.com/issues/6
    sudo("sed --in-place=bak 's/[.]use_certificate_file[(]/.use_certificate_chain_file(/g' $(python -c 'import twisted, os; print os.path.dirname(twisted.__file__)')/internet/ssl.py")

    set_host_and_key(publichost, admin_privkey_path, 'website')
    setup_git_deploy(publichost, '/home/website/leastauthority.com', leastauth_repo, la_commit_hash)
    setup_git_deploy(publichost, '/home/website/secret_config', secretconf_repo, sc_commit_hash)


    with cd('/home/website/'):
        if not files.exists('signup_logs'):
            run('mkdir signup_logs')
        if not files.exists('secrets'):
            run('mkdir secrets')

    with cd('/home/website/secret_config'):
        run('chmod 400 *pem')

    with cd('/home/website/leastauthority.com'):
        #FIXME: make idempotent
        if not files.exists('/home/website/leastauthority.com/flapp'):
            run('flappserver create /home/website/leastauthority.com/flapp')
            run('flappserver add /home/website/leastauthority.com/flapp run-command --accept-stdin --send-stdout /home/website/leastauthority.com /home/website/leastauthority.com/full_signup.py | tail -1 | cut -d " " -f3 > /home/website/secret_config/signup.furl')
        run('./runsite.sh')
Exemplo n.º 46
0
 def reboot(self):
     """Reboot this server.
     """
     # The decorator requires this to be an instance method
     # pylint: disable=R0201
     reboot(120)
Exemplo n.º 47
0
def install_termopar_paso_1():
    install_ds18b20()
    modprobes_enable()
    reboot(wait=5)
Exemplo n.º 48
0
def maintenance_reboot():
    """
    Reboots the machine and waits 3 minutes (180s) before reconnecting
    """
    reboot(wait=180)
Exemplo n.º 49
0
def restart():
    "Restarts the machine."
    reboot()
Exemplo n.º 50
0
def reboot_if_needed():
    if exists("/var/run/reboot-required"):
        print("["+ env.host_string + "] System needs Restart :")
        print("---------------------------------------------")
        reboot()
Exemplo n.º 51
0
def restart_othermanagers():

    with settings(warn_only=True):

        reboot(use_sudo=True)
Exemplo n.º 52
0
 def reboot_server(self):
     self.get_env()
     reboot()
Exemplo n.º 53
0
def task8():
    reboot("5")
Exemplo n.º 54
0
def os_reboot():
	reboot()
Exemplo n.º 55
0
def restart():
    with settings(warn_only=True):
        reboot(600)
Exemplo n.º 56
0
def reboot():
    fab.reboot()
Exemplo n.º 57
0
 def reboot(self):
     """Reboot this server.
     """
     # The decorator requires this to be an instance method
     # pylint: disable=R0201
     reboot(120)