Exemplo n.º 1
0
def git_require_sudo_user():
    """
    Test working_copy() with sudo as a user
    """

    from fabric.api import cd, sudo

    from fabtools.files import group, is_dir, owner
    from fabtools import require

    require.user('gituser', group='gitgroup')

    require.git.working_copy(REMOTE_URL, path='wc_nobody', use_sudo=True,
                             user='******')

    assert is_dir('wc_nobody')
    assert is_dir('wc_nobody/.git')
    with cd('wc_nobody'):
        remotes = sudo('git remote -v', user='******')
        assert remotes == \
            'origin\thttps://github.com/disko/fabtools.git (fetch)\r\n' \
            'origin\thttps://github.com/disko/fabtools.git (push)'
        branch = sudo('git branch', user='******')
        assert branch == '* master'
    assert owner('wc_nobody') == 'gituser'
    assert group('wc_nobody') == 'gitgroup'
Exemplo n.º 2
0
def directories():
    """
    Check directory creation and modification
    """

    from fabtools import require
    import fabtools

    with cd('/tmp'):

        run_as_root('rm -rf dir1 dir2')

        # Test directory creation

        require.directory('dir1')
        assert fabtools.files.is_dir('dir1')
        assert fabtools.files.owner('dir1') == env.user

        # Test initial owner requirement

        require.user('dirtest', create_home=False)
        require.directory('dir2', owner='dirtest', use_sudo=True)

        assert fabtools.files.is_dir('dir2')
        assert fabtools.files.owner('dir2') == 'dirtest'

        # Test changed owner requirement

        require.user('dirtest2', create_home=False)
        require.directory('dir2', owner='dirtest2', use_sudo=True)

        assert fabtools.files.is_dir('dir2')
        assert fabtools.files.owner('dir2') == 'dirtest2'
Exemplo n.º 3
0
def installed_from_source(version=VERSION):
    """
    Require Redis to be installed from source
    """
    from fabtools import require

    require.user('redis')

    dest_dir = '/opt/redis-%(version)s' % locals()
    require.directory(dest_dir, use_sudo=True, owner='redis')

    if not is_file('%(dest_dir)s/redis-server' % locals()):

        with cd('/tmp'):

            # Download and unpack the tarball
            tarball = 'redis-%(version)s.tar.gz' % locals()
            require.file(tarball,
                         url='http://redis.googlecode.com/files/' + tarball)
            run('tar xzf %(tarball)s' % locals())

            # Compile and install binaries
            require.deb.package('build-essential')
            with cd('redis-%(version)s' % locals()):
                run('make')

                for filename in BINARIES:
                    sudo('cp -pf src/%(filename)s %(dest_dir)s/' % locals())
                    sudo('chown redis: %(dest_dir)s/%(filename)s' % locals())
Exemplo n.º 4
0
def test_require_user_with_ssh_public_keys():

    from fabtools.user import authorized_keys
    from fabtools.require import user

    try:
        tests_dir = os.path.dirname(os.path.dirname(__file__))
        public_key_filename = os.path.join(tests_dir, 'id_test.pub')

        with open(public_key_filename) as public_key_file:
            public_key = public_key_file.read().strip()

        user('req4', home='/tmp/req4', ssh_public_keys=public_key_filename)

        keys = authorized_keys('req4')
        assert keys == [public_key]

        # let's try add same keys second time
        user('req4', home='/tmp/req4', ssh_public_keys=public_key_filename)

        keys = authorized_keys('req4')
        assert keys == [public_key]

    finally:
        run_as_root('userdel -r req4')
Exemplo n.º 5
0
def git_require_sudo_user():
    """
    Test working_copy() with sudo as a user
    """

    from fabric.api import cd, sudo

    from fabtools.files import group, is_dir, owner
    from fabtools import require

    require.user("gituser", group="gitgroup")

    require.git.working_copy(REMOTE_URL, path="wc_nobody", use_sudo=True, user="******")

    assert is_dir("wc_nobody")
    assert is_dir("wc_nobody/.git")
    with cd("wc_nobody"):
        remotes = sudo("git remote -v", user="******")
        assert (
            remotes == "origin\thttps://github.com/disko/fabtools.git (fetch)\r\n"
            "origin\thttps://github.com/disko/fabtools.git (push)"
        )
        branch = sudo("git branch", user="******")
        assert branch == "* master"
    assert owner("wc_nobody") == "gituser"
    assert group("wc_nobody") == "gitgroup"
Exemplo n.º 6
0
def test_require_user_with_ssh_public_keys():

    from fabtools.user import authorized_keys
    from fabtools.require import user

    try:
        tests_dir = os.path.dirname(os.path.dirname(__file__))
        public_key_filename = os.path.join(tests_dir, 'id_test.pub')

        with open(public_key_filename) as public_key_file:
            public_key = public_key_file.read().strip()

        user('req4', home='/tmp/req4', ssh_public_keys=public_key_filename)

        keys = authorized_keys('req4')
        assert keys == [public_key]

        # let's try add same keys second time
        user('req4', home='/tmp/req4', ssh_public_keys=public_key_filename)

        keys = authorized_keys('req4')
        assert keys == [public_key]

    finally:
        run_as_root('userdel -r req4', warn_only=True)
Exemplo n.º 7
0
def addWebserver(webserver):
    """
    Add a virtual webserver
    :param webserver:
    :return:
    """
    hostdir = gethostdir()

    # Stop uwsgi
    service.stop('uwsgi')

    # Create user
    homedir = '%(hostdir)s/%(webserver)s' % locals()
    require.user(webserver, home=homedir, shell='/bin/bash',)

    # Create web directory
    createDirectory(hostdir, webserver)

    CONFIG_TPL = '''
    server {
        server_name %(server_name)s %(server_alias)s;
        root        %(docroot)s/%(server_name)s/www;
        access_log  %(docroot)s/%(server_name)s/log/access.log;
    }'''

    require.nginx.site(
        webserver, template_contents=CONFIG_TPL,
        server_alias='',
        docroot=hostdir,
    )

    require.network.host('127.0.0.1', webserver)
Exemplo n.º 8
0
def installed_from_source(version=VERSION):
    """
    Require Redis to be installed from source.

    The compiled binaries will be installed in ``/opt/redis-{version}/``.
    """
    from fabtools import require

    require.user('redis', home='/var/lib/redis')

    dest_dir = '/opt/redis-%(version)s' % locals()
    require.directory(dest_dir, use_sudo=True, owner='redis')

    if not is_file('%(dest_dir)s/redis-server' % locals()):

        with cd('/tmp'):

            # Download and unpack the tarball
            tarball = 'redis-%(version)s.tar.gz' % locals()
            require.file(tarball, url='http://redis.googlecode.com/files/' + tarball)
            run('tar xzf %(tarball)s' % locals())

            # Compile and install binaries
            require.deb.package('build-essential')
            with cd('redis-%(version)s' % locals()):
                run('make')

                for filename in BINARIES:
                    sudo('cp -pf src/%(filename)s %(dest_dir)s/' % locals())
                    sudo('chown redis: %(dest_dir)s/%(filename)s' % locals())
Exemplo n.º 9
0
def directories():
    """
    Check directory creation and modification
    """

    with cd('/tmp'):

        sudo('rm -rf dir1 dir2')

        # Test directory creation

        require.directory('dir1')
        assert fabtools.files.is_dir('dir1')
        assert fabtools.files.owner('dir1') == env.user

        # Test initial owner requirement

        require.user('dirtest')
        require.directory('dir2', owner='dirtest', use_sudo=True)

        assert fabtools.files.is_dir('dir2')
        assert fabtools.files.owner('dir2') == 'dirtest'

        # Test changed owner requirement

        require.user('dirtest2')
        require.directory('dir2', owner='dirtest2', use_sudo=True)

        assert fabtools.files.is_dir('dir2')
        assert fabtools.files.owner('dir2') == 'dirtest2'
Exemplo n.º 10
0
def directories():
    """
    Check directory creation and modification
    """

    with cd('/tmp'):

        sudo('rm -rf dir1 dir2')

        # Test directory creation

        require.directory('dir1')
        assert fabtools.files.is_dir('dir1')
        assert fabtools.files.owner('dir1') == env.user

        # Test initial owner requirement

        require.user('dirtest')
        require.directory('dir2', owner='dirtest', use_sudo=True)

        assert fabtools.files.is_dir('dir2')
        assert fabtools.files.owner('dir2') == 'dirtest'

        # Test changed owner requirement

        require.user('dirtest2')
        require.directory('dir2', owner='dirtest2', use_sudo=True)

        assert fabtools.files.is_dir('dir2')
        assert fabtools.files.owner('dir2') == 'dirtest2'
Exemplo n.º 11
0
def git_require_sudo_user():
    """
    Test working_copy() with sudo as a user
    """

    from fabric.api import cd, sudo

    from fabtools.files import group, is_dir, owner
    from fabtools import require

    require.user('gituser', group='gitgroup')

    require.git.working_copy(REMOTE_URL,
                             path='wc_nobody',
                             use_sudo=True,
                             user='******')

    assert is_dir('wc_nobody')
    assert is_dir('wc_nobody/.git')
    with cd('wc_nobody'):
        remotes = sudo('git remote -v', user='******')
        assert remotes == \
            'origin\thttps://github.com/disko/fabtools.git (fetch)\r\n' \
            'origin\thttps://github.com/disko/fabtools.git (push)'
        branch = sudo('git branch', user='******')
        assert branch == '* master'
    assert owner('wc_nobody') == 'gituser'
    assert group('wc_nobody') == 'gitgroup'
Exemplo n.º 12
0
def directories():
    """
    Check directory creation and modification
    """

    from fabtools import require
    import fabtools

    with cd('/tmp'):

        run_as_root('rm -rf dir1 dir2')

        # Test directory creation

        require.directory('dir1')
        assert fabtools.files.is_dir('dir1')
        assert fabtools.files.owner('dir1') == env.user

        # Test initial owner requirement

        require.user('dirtest', create_home=False)
        require.directory('dir2', owner='dirtest', use_sudo=True)

        assert fabtools.files.is_dir('dir2')
        assert fabtools.files.owner('dir2') == 'dirtest'

        # Test changed owner requirement

        require.user('dirtest2', create_home=False)
        require.directory('dir2', owner='dirtest2', use_sudo=True)

        assert fabtools.files.is_dir('dir2')
        assert fabtools.files.owner('dir2') == 'dirtest2'
Exemplo n.º 13
0
def web_setup_user():
    # user = env.user
    env.user = '******'
    user = prompt('Enter a new username:'******'Enter a new password for user %s:' % user)
    require.user(user, shell='/bin/bash', password=password)
    fabtools.require.users.sudoer(user, hosts='ALL', operators='ALL', passwd=False, commands='ALL')
Exemplo n.º 14
0
def gituser(request):
    from fabtools.require import user
    username = '******'
    groupname = 'gitgroup'
    user(username, group=groupname)
    request.addfinalizer(functools.partial(run_as_root, 'userdel -r %s' % username))
    return username, groupname
Exemplo n.º 15
0
def gituser(request):
    from fabtools.require import user
    username = '******'
    groupname = 'gitgroup'
    user(username, group=groupname)
    request.addfinalizer(
        functools.partial(run_as_root, 'userdel -r %s' % username))
    return username, groupname
Exemplo n.º 16
0
def setup():
    """Initial setup - create application user, database, install package dependencies."""
    require.user(env.app_user, group='www-data', system=True, create_home=True)
    require.postgres.server()
    rabbitmq.server()
    require.nginx.server()
    require.deb.packages(['libxml2-dev', 'libxslt1-dev', 'python-dev', 'libffi-dev', 'zlib1g-dev', 'libjpeg-dev'])
    setup_postgres()
    setup_rabbitmq()
Exemplo n.º 17
0
def install_sample_buildout():
    require.user('user1', create_home=True, shell='/bin/bash')
    with settings(name='user1'):
        files.append(
            '/home/user1/.bashrc',
            'export PYTHEON_ADMIN=/var/lib/pytheon/bin/pytheon-admin'
        )
        run(  # TODO use $PYTHEON_ADMIN here
            '/var/lib/pytheon/bin/pytheon-admin -d https://github.com/pytheon/sample_buildout.git --host=example.com'
        )
Exemplo n.º 18
0
def gituser():
    from fabtools.require import user

    username = '******'
    groupname = 'gitgroup'

    user(username, group=groupname)

    yield username, groupname

    run_as_root('userdel -r %s' % username)
Exemplo n.º 19
0
def setup_user():
    """
    Require user belonging to www-data and sudo groups that will be in charge of
    this project on remote server (all further actions should be executed as him)
    """
    require.user(env.username,
                 group="www-data",
                 password=env.username,
                 shell="/bin/bash")
    require.sudoer(env.username)
    env.user = env.username
Exemplo n.º 20
0
def setup_user(password, ssh_key):
    """
        First command to user before running general setup. Create the
        user under which you will run the other commands.

        Usage exemple:

        fab dev setup_user:password="******",ssh_key="/home/you/.ssh/id_dsa.pub"\
             --port 34 --user root
    """
    require.user(PROJECT_NAME, password=password, ssh_public_keys=ssh_key)
def _add_user(*args, **kwargs):
    require.user(*args, **kwargs)
    if 'name' not in kwargs:
        user = args[0]
    else:
        user = kwargs['name']

    if not fabtools.files.is_file('/home/%s/.ssh/authorized_keys' % user):
        run('mkdir -p /home/%s/.ssh/' % user)
        run('cp /root/.ssh/authorized_keys /home/%s/.ssh/' % user)
        run('chown %(user)s:%(user)s /home/%(user)s/.ssh/ -R' % {'user': user})
Exemplo n.º 22
0
def _add_user(*args, **kwargs):
    require.user(*args, **kwargs)
    if "name" not in kwargs:
        user = args[0]
    else:
        user = kwargs["name"]

    if not fabtools.files.is_file("/home/%s/.ssh/authorized_keys" % user):
        run("mkdir -p /home/%s/.ssh/" % user)
        run("cp /root/.ssh/authorized_keys /home/%s/.ssh/" % user)
        run("chown %(user)s:%(user)s /home/%(user)s/.ssh/ -R" % {"user": user})
Exemplo n.º 23
0
 def setup(self):
     '''
     Prepare droplet for deployment.
     '''
     import fabtools
     from fabtools import require
     droplet = self.get_or_create_droplet(self.name)
     print droplet.to_json()
     ip_address = droplet.ip_address
     with settings(host_string='root@{}'.format(ip_address)):
         run('uname -a')
         require.user('volkhin')
         require.sudoer('volkhin')
Exemplo n.º 24
0
def test_require_user_with_default_home():

    from fabtools.require import user
    from fabtools.user import exists

    try:
        user('req2', create_home=True)

        assert exists('req2')
        assert is_dir('/home/req2')

    finally:
        run_as_root('userdel -r req2')
Exemplo n.º 25
0
def test_require_user_with_default_home():

    from fabtools.require import user
    from fabtools.user import exists

    try:
        user('req2', create_home=True)

        assert exists('req2')
        assert is_dir('/home/req2')

    finally:
        run_as_root('userdel -r req2', warn_only=True)
Exemplo n.º 26
0
def test_require_user_with_default_home():

    from fabtools.require import user
    from fabtools.user import exists

    try:
        user("req2", create_home=True)

        assert exists("req2")
        assert is_dir("/home/req2")

    finally:
        run_as_root("userdel -r req2", warn_only=True)
Exemplo n.º 27
0
def configure_os():
    require.deb.packages([
        'python',
        'python-dev',
        'python-virtualenv',
        'redis-server',
        'libmysqlclient-dev',
        'supervisor',
        'git',
    ])

    require.user(_TIPBOARD_USER, home='/home/' + _TIPBOARD_USER,
                 shell='/bin/bash')
Exemplo n.º 28
0
 def setup(self):
     '''
     Prepare droplet for deployment.
     '''
     import fabtools
     from fabtools import require
     droplet = self.get_or_create_droplet(self.name)
     print droplet.to_json()
     ip_address = droplet.ip_address
     with settings(host_string='root@{}'.format(ip_address)):
         run('uname -a')
         require.user('volkhin')
         require.sudoer('volkhin')
Exemplo n.º 29
0
def require_users():
    """
    Check user creation and modification using fabtools.require
    """

    from fabtools import require
    import fabtools

    # require that a user exist, without home directory
    require.user('req1', create_home=False)
    assert fabtools.user.exists('req1')
    assert not fabtools.files.is_dir('/home/req1')

    # require again
    require.user('req1')

    # require that a user exist, with default home directory
    require.user('req2', create_home=True)
    assert fabtools.user.exists('req2')
    assert fabtools.files.is_dir('/home/req2')

    # require that a user exist, with custom home directory
    require.user('req3', home='/home/other')
    assert fabtools.user.exists('req3')
    assert not fabtools.files.is_dir('/home/req3')
    assert fabtools.files.is_dir('/home/other')
Exemplo n.º 30
0
def test_require_user_with_custom_home():

    from fabtools.require import user
    from fabtools.user import exists

    try:
        user("req3", home="/home/other")

        assert exists("req3")
        assert not is_dir("/home/req3")
        assert is_dir("/home/other")

    finally:
        run_as_root("userdel -r req3", warn_only=True)
Exemplo n.º 31
0
def test_require_user_with_custom_home():

    from fabtools.require import user
    from fabtools.user import exists

    try:
        user('req3', home='/home/other')

        assert exists('req3')
        assert not is_dir('/home/req3')
        assert is_dir('/home/other')

    finally:
        run_as_root('userdel -r req3', warn_only=True)
Exemplo n.º 32
0
def require_users():
    """
    Check user creation and modification using fabtools.require
    """

    from fabtools import require
    import fabtools

    # require that a user exist, without home directory
    require.user('req1', create_home=False)
    assert fabtools.user.exists('req1')
    assert not fabtools.files.is_dir('/home/req1')

    # require again
    require.user('req1')

    # require that a user exist, with default home directory
    require.user('req2', create_home=True)
    assert fabtools.user.exists('req2')
    assert fabtools.files.is_dir('/home/req2')

    # require that a user exist, with custom home directory
    require.user('req3', home='/home/other')
    assert fabtools.user.exists('req3')
    assert not fabtools.files.is_dir('/home/req3')
    assert fabtools.files.is_dir('/home/other')
Exemplo n.º 33
0
def configure_os():
    require.deb.packages([
        'python',
        'python-dev',
        'python-virtualenv',
        'redis-server',
        'libmysqlclient-dev',
        'supervisor',
        'git',
    ])

    require.user(_TIPBOARD_USER,
                 home='/home/' + _TIPBOARD_USER,
                 shell='/bin/bash')
Exemplo n.º 34
0
def test_require_user_with_custom_home():

    from fabtools.require import user
    from fabtools.user import exists

    try:
        user('req3', home='/home/other')

        assert exists('req3')
        assert not is_dir('/home/req3')
        assert is_dir('/home/other')

    finally:
        run_as_root('userdel -r req3')
Exemplo n.º 35
0
def sys_utils():
    """
    Sysadmin tools installation
    """
    pkg('zsh', 'psmisc', 'psutils', 'vim', 'less', 'most', 'screen', 'lsof',
        'htop', 'strace', 'ltrace')
    #TODO: screenrc (escape!)
    require.file('/etc/vim/vimrc.local',
                 "syntax enable\nset modeline si ai ic scs bg=dark\n",
                 owner='root', group='root', use_sudo=True)
    require.file('/etc/zsh/zshrc', source='files/shell/zshrc', owner='root',
                 group='root', use_sudo=True)
    require.file('/etc/zsh/zshrc.local', source='files/shell/zshrc.local',
                 owner='root', group='root', use_sudo=True)
    require.user('root', shell='/usr/bin/zsh')
Exemplo n.º 36
0
def pre_install():
    """
    Preparing Cozy Launching
    """
    require.postfix.server('myinstance.cozycloud.cc')

    # Create cozy user
    require.user("cozy", "/home/cozy")

    # Get cozy repo
    delete_if_exists('/home/cozy/cozy-setup')
    sudo('git clone git://github.com/mycozycloud/cozy-setup.git' \
        + ' /home/cozy/cozy-setup', user='******') 
    require.files.directory("/root")
    require.nodejs.package('coffee-script')
Exemplo n.º 37
0
def test_require_user_without_home():

    from fabtools.require import user
    from fabtools.user import exists

    try:
        user("req1", create_home=False)

        assert exists("req1")
        assert not is_dir("/home/req1")

        # require again
        user("req1")

    finally:
        run_as_root("userdel -r req1", warn_only=True)
Exemplo n.º 38
0
def test_require_user_without_home():

    from fabtools.require import user
    from fabtools.user import exists

    try:
        user('req1', create_home=False)

        assert exists('req1')
        assert not is_dir('/home/req1')

        # require again
        user('req1')

    finally:
        run_as_root('userdel -r req1')
Exemplo n.º 39
0
def test_require_user_without_home():

    from fabtools.require import user
    from fabtools.user import exists

    try:
        user('req1', create_home=False)

        assert exists('req1')
        assert not is_dir('/home/req1')

        # require again
        user('req1')

    finally:
        run_as_root('userdel -r req1', warn_only=True)
Exemplo n.º 40
0
def _require_nightly_production_script():
    '''Create a script to backup openerp databases and plan execution 
    '''
    require.group(OPENERP_BACKUP_GROUP)
    require.directory(
        OPENERP_BACKUP_PATH, 
        owner=ADMIN_USER, group=OPENERP_BACKUP_GROUP, mode='755', use_sudo=True
    )
    command_pg_dump_lines , command_move_lines, command_put_ftp_lines = '', '', ''
    for database in OPENERP_DATABASES:
        command_pg_dump_lines += 'su - postgres -c "pg_dump --format=c %s --file=/tmp/postgres_%s.dump"\n' %(database, database)
        command_move_lines += 'mv /tmp/postgres_%s.dump $aRepertoireArchive' %(database)
        command_put_ftp_lines += 'put postgres_%s.dump' %(database)
    params = {
        'EMAIL_ADMIN' : EMAIL_ADMIN,
        'SERVER_HOSTNAME' : SERVER_HOSTNAME,
        'OPENERP_BACKUP_PATH' : OPENERP_BACKUP_PATH,
        'OPENERP_BACKUP_MAX_DAY' : OPENERP_BACKUP_MAX_DAY,
        'OPENERP_BACKUP_MAIL' : OPENERP_BACKUP_MAIL,
        'ADMIN_USER' : ADMIN_USER,
        'OPENERP_BACKUP_GROUP' : OPENERP_BACKUP_GROUP,
        'command_pg_dump_lines' : command_pg_dump_lines,
        'command_move_lines' : command_move_lines,
        'command_put_ftp_lines' : command_put_ftp_lines,
        'EXTERNAL_BACKUP_HOST' : EXTERNAL_BACKUP_HOST,
        'EXTERNAL_BACKUP_PORT' : EXTERNAL_BACKUP_PORT,
        'EXTERNAL_BACKUP_LOGIN' : EXTERNAL_BACKUP_LOGIN,
        'EXTERNAL_BACKUP_PASSWORD' : EXTERNAL_BACKUP_PASSWORD,
        'EXTERNAL_BACKUP_ROOT_FOLDER' : EXTERNAL_BACKUP_ROOT_FOLDER,
        'OPENERP_ERROR_LOG_NAME' : OPENERP_ERROR_LOG_NAME,
        'OPENERP_ERROR_LOG_PATH' : OPENERP_ERROR_LOG_PATH,
    }
    require.directory('/home/' + ADMIN_USER +'/scripts/',  mode='755', use_sudo=True)
    require.files.template_file(
        path = '/home/' + ADMIN_USER +'/scripts/nightly_production.sh',
        template_source = 'files/home/admin_user/scripts/nightly_production.sh',
        context = params,
        owner=ADMIN_USER, group=ADMIN_GROUP, mode='755', use_sudo = True,
    )
    cron.add_task('nightly_production', OPENERP_BACKUP_TIMESPEC, 'root', '/home/' + ADMIN_USER +'/scripts/nightly_production.sh')
    
    require.user(SYSTEM_BACKUP_USER,
        password=SYSTEM_BACKUP_PWD,
        group=OPENERP_BACKUP_GROUP, 
        create_group=False,
        home=OPENERP_BACKUP_PATH,
        )
Exemplo n.º 41
0
def create_ubuntu_users():
    require.user(
        name='zhorzh',
        group='developers',
        shell='/bin/bash',
        ssh_public_keys='/home/zhorzh/.ssh/id_rsa.pub')
    require.users.sudoer(
        username='******',
        hosts='ALL',
        operators='ALL',
        passwd=False,
        commands='ALL')
    require.users.sudoer(
        username='******',
        hosts='ALL',
        operators='ALL',
        passwd=False,
        commands='ALL')
Exemplo n.º 42
0
def require_docker():
    """
    Install a docker core
    """

    # Install package
    if not files.exists('/usr/bin/docker'):
        require.deb.update_index()
        require.docker.core()

    # Requirement platform
    require.deb.packages(['openvswitch-switch'])

    # Group user
    if env.user != 'root':
        require.user(env.user, group='docker')

    require.service.started('docker')
Exemplo n.º 43
0
def setup_sql_nodes():
    require.deb.packages(
        ['libaio1', 'libaio-dev']
    )
    require.user('mysql')
    install_mysql_cluster()

    upload_template('conf/my.cnf.jinja2', '/etc/my.cnf', env.servers, use_jinja=True)

    run('mkdir -p /var/lib/mysql-cluster/data')
    if not exists('/var/lib/mysql-cluster/data/mysql'):
        run('/usr/local/mysql-cluster/scripts/mysql_install_db --user=mysql --basedir=/usr/local/mysql-cluster --datadir=/var/lib/mysql-cluster/data --defaults-file=/etc/my.cnf')

    if not exists('/etc/init.d/mysql.server'):
        run('cp /usr/local/mysql-cluster/support-files/mysql.server /etc/init.d')
        run("sed -i 's/^basedir=$/basedir=\/usr\/local\/mysql-cluster/g' /etc/init.d/mysql.server")
        run("sed -i 's/^datadir=$/datadir=\/var\/lib\/mysql-cluster\/data/g' /etc/init.d/mysql.server")

    require.service.started('mysql.server')
Exemplo n.º 44
0
def install():
    # swap only when necessary
    require.system.sysctl("vm.swappiness", 0, persist=True)
    # max shared memory in bytes
    require.system.sysctl("kernel.shmmax", config.RAM_SIZE / 4 * 1024 * 1024, persist=True)

    require.user(config.GIS_USER, create_home=False, shell="/bin/false")
    require.directory("/opt/osm", owner=config.GIS_USER, use_sudo=True)

    dependencies()

    pgconfig()
    pgusers()

    pbf()

    nominatim()
    tiles()
    osrm()
Exemplo n.º 45
0
def system_dependencies():
    # get some packages
    require.deb.uptodate_index()

    # Require some Debian/Ubuntu packages
    require.deb.packages([
        'python3', 'nginx-full', 'python3-dev', 'python3-pip', 'git',
        'python3-venv'
    ])

    # let's make a user for our app
    require.user('health')

    # also install cloud monitoring
    run("curl -sSL https://agent.digitalocean.com/install.sh | sh")

    run("mkdir ~health/.ssh")
    run("cp ~/.ssh/authorized_keys ~health/.ssh/authorized_keys")
    run("chown -R health:health ~health/.ssh")
Exemplo n.º 46
0
def require_docker():
    """
    Install a docker core
    """

    # Install package
    if not files.exists('/usr/bin/docker'):
        require.deb.update_index()
        require.docker.core()

    # Requirement platform
    require.deb.packages([
        'openvswitch-switch'
    ])

    # Group user
    if env.user != 'root':
        require.user(env.user, group='docker')

    require.service.started('docker')
Exemplo n.º 47
0
def install():
    # swap only when necessary
    require.system.sysctl('vm.swappiness', 0, persist=True)
    # max shared memory in bytes
    require.system.sysctl('kernel.shmmax',
                          config.RAM_SIZE / 4 * 1024 * 1024,
                          persist=True)

    require.user(config.GIS_USER, create_home=False, shell='/bin/false')
    require.directory('/opt/osm', owner=config.GIS_USER, use_sudo=True)

    dependencies()

    pgconfig()
    pgusers()

    pbf()

    nominatim()
    tiles()
    osrm()
Exemplo n.º 48
0
def create_cozy_user():
    """
    Add Cozy user with no home directory.
    """
    require.user("cozy", home=False, create_home=False)
    require.user("cozy-data-system", create_home=True)
    require.user("cozy-home", create_home=True)
Exemplo n.º 49
0
def test_require_user_with_ssh_public_keys():

    from fabtools.user import authorized_keys
    from fabtools.require import user

    try:
        tests_dir = os.path.dirname(os.path.dirname(__file__))
        public_key_filename = os.path.join(tests_dir, 'id_test.pub')
        public_key_filename2 = os.path.join(tests_dir, 'id_test2.pub')
        multiple_public_key_filename = \
            os.path.join(tests_dir, 'test_authorized_keys')

        with open(public_key_filename) as public_key_file:
            public_key = public_key_file.read().strip()

        with open(public_key_filename2) as public_key_file:
            public_key2 = public_key_file.read().strip()

        user('req4', home='/tmp/req4', ssh_public_keys=public_key_filename)

        keys = authorized_keys('req4')
        assert keys == [public_key]

        # let's try add same keys second time
        user('req4', home='/tmp/req4', ssh_public_keys=public_key_filename)

        keys = authorized_keys('req4')

        # Now add a file with multiple public keys
        user('req5',
             home='/tmp/req5',
             ssh_public_keys=multiple_public_key_filename)

        keys = authorized_keys('req5')
        assert keys == [public_key, public_key2], keys

        # Now adding them individually or again shouldn't affect anything
        user('req5',
             home='/tmp/req5',
             ssh_public_keys=[
                 public_key_filename2, public_key_filename,
                 multiple_public_key_filename
             ])

        keys = authorized_keys('req5')
        assert keys == [public_key, public_key2], keys

    finally:
        run_as_root('userdel -r req4', warn_only=True)
Exemplo n.º 50
0
def create_cozy_user():
    '''
    Add Cozy user with no home directory.
    '''
    require.user('cozy', home=False, create_home=False)
    require.user('cozy-data-system', create_home=True)
    require.user('cozy-home', create_home=True)
    print(green('Cozy users successfully added'))
Exemplo n.º 51
0
def bzr_wc_sudo_user():
    """
    Test working copy with sudo as a user.
    """

    test = 'bzr_wc_sudo_user'
    wt = '%s-test-%s' % (DIR, test)
    puts(magenta('Executing test: %s' % test))

    from fabric.api import cd, sudo

    from fabtools.files import group, is_dir, owner
    from fabtools import require

    require.user('bzruser', group='bzrgroup')

    assert not is_dir(wt)

    require.bazaar.working_copy(REMOTE_URL, wt, use_sudo=True, user='******')

    assert_wc_exists(wt)
    assert owner(wt) == 'bzruser'
    assert group(wt) == 'bzrgroup'
Exemplo n.º 52
0
def addWebserver(webserver):
    """
    Add a virtual webserver
    :param webserver:
    :return:
    """
    hostdir = gethostdir()

    # Stop uwsgi
    service.stop('uwsgi')

    # Create user
    homedir = '%(hostdir)s/%(webserver)s' % locals()
    require.user(
        webserver,
        home=homedir,
        shell='/bin/bash',
    )

    # Create web directory
    createDirectory(hostdir, webserver)

    CONFIG_TPL = '''
    server {
        server_name %(server_name)s %(server_alias)s;
        root        %(docroot)s/%(server_name)s/www;
        access_log  %(docroot)s/%(server_name)s/log/access.log;
    }'''

    require.nginx.site(
        webserver,
        template_contents=CONFIG_TPL,
        server_alias='',
        docroot=hostdir,
    )

    require.network.host('127.0.0.1', webserver)
Exemplo n.º 53
0
def setup_apache(site_name,
                 code_path,
                 domain,
                 template_dir=None,
                 media_dir=None,
                 wsgi_user='******',
                 **kwargs):
    """Set up the apache server for this site.

    :param site_name: Name of the site e.g. changelogger. Should be a single
        word with only alpha characters in it.
    :type site_name: str

    :param code_path: Directory where the code lives. Will be used to set
        media etc permissions.
    :type code_path: str

    :param domain: Domain name. If none will be set to hostname.
    :type domain: str

    :param template_dir: Directory where the template files live. If none
        will default to ``resources/server_config/apache``. Must be a
        relative path to the fabfile you are running.
    :type template_dir: str
    
    :param media_dir: Optional dir under code_path if media does not live in 
        ``<code_path>/django_project/media``. No trailing slash.
    :type media_dir: str

    :param wsgi_user: Name of user wsgi process should run as. The user will
        be created as needed.
    :type wsgi_user: str

    :param kwargs: Any extra keyword arguments that should be appended to the
        token list that will be used when rendering the apache config template.
        Use this to pass in sensitive data such as passwords.
    :type kwargs: dict

    :returns: Path to the apache conf file.
    :rtype: str
    """
    setup_env()
    # Ensure we have a mailserver setup for our domain
    # Note that you may have problems if you intend to run more than one
    # site from the same server
    require.postfix.server(site_name)
    require.deb.package('libapache2-mod-wsgi')

    # Find out if the wsgi user exists and create it if needed e.g.
    require.user(wsgi_user,
                 create_group=wsgi_user,
                 system=True,
                 comment='System user for running the wsgi process under')

    # Clone and replace tokens in apache conf
    if template_dir is None:
        template_dir = 'resources/server_config/apache/'
    filename = '%s.apache.conf.templ' % site_name
    template_path = os.path.join(template_dir, filename)
    fastprint(green('Using %s for template' % template_path))

    context = {
        'escaped_server_name': domain.replace('.', '\.'),
        'server_name': domain,
        'site_user': wsgi_user,
        'code_path': code_path,
        'site_name': site_name
    }
    context.update(kwargs)  # merge in any params passed in to this function
    destination = '/etc/apache2/sites-available/%s.apache.conf' % site_name
    fastprint(context)

    upload_template(template_path, destination, context=context, use_sudo=True)

    set_media_permissions(code_path, wsgi_user, media_dir=media_dir)

    sudo('a2ensite %s.apache.conf' % site_name)
    sudo('a2dissite default')
    sudo('a2enmod rewrite')
    # Check if apache configs are ok - script will abort if not ok
    sudo('/usr/sbin/apache2ctl configtest')
    require.service.restarted('apache2')
    return destination
Exemplo n.º 54
0
def create_user():
    """Create newebe user"""

    require.user(newebe_user, newebe_user_dir)
Exemplo n.º 55
0
def setup():
    # make sure that th eubuntu user exists
    if not fabtools.files.is_dir(HOME_DIR):
        require.user('ubuntu')
        require.users.sudoer('ubuntu')

    # Make sure these packages are installed
    require.deb.uptodate_index()
    require.deb.packages([
        'build-essential',
        'git',
        'libncurses5-dev',
        'nginx',
        'npm',
        'python-dev',
        'python-pip',
        'supervisor',
    ])

    # Make sure that pip and virtualenv are installed
    # require.python.pip()
    require.python.packages([
        'virtualenv',
    ])
    # Make sure that the virtualenv exists
    require.python.virtualenv(DEMO_ENV)

    with fab.cd(HOME_DIR):
        require.git.working_copy(GIT_URL)

    with fab.cd(CODE_DIR), virtualenv(DEMO_ENV):
        require.python.requirements('requirements.txt')
        manage('collectstatic --noinput')

    # Make sure that nginx is installed and running
    require.nginx.disabled('default')
    require.nginx.site(
        'fabdemo',
        template_contents=SERVER_TPL,
        port=80,
        server_alias='fabdemo',
        static_dir=STATIC_DIR,
    )

    # require.nginx.server()
    ###
    # It seems that fabtools assumes that ubuntu is
    # running with systemd, but digital ocean is not
    # restart nginx manually.
    fab.sudo('service nginx restart')

    GUNICORN_ENV = ','.join([
        'DJANGO_SETTINGS_MODULE="fabricdemo.settings.prod"',
        'SECRET_KEY="_1kcf9pki$+ylug4ejl#x8yu_5zigk_0+7y7ainw!d-$y"'
    ])

    fab.sudo('service supervisor stop')
    # setup gunicorn
    CONF = GUNICORN_TPL.format(virtualenv=DEMO_ENV,
                               directory=CODE_DIR,
                               environment=GUNICORN_ENV)
    require.file('/etc/supervisor/conf.d/gunicorn.conf',
                 contents=CONF,
                 use_sudo=True)
    fab.sudo('service supervisor start')
    fabtools.supervisor.update_config()

    if require.supervisor.process_status('gunicorn') == 'STOPPED':
        require.supervisor.start_process('gunicorn')
Exemplo n.º 56
0
def adduser(username, password, pubkey):
    require.user(username,
                 password=password,
                 ssh_public_keys=pubkey,
                 shell="/bin/bash")
    require.sudoer(username)
Exemplo n.º 57
0
def setup_user():
    require.user(name=env.user,
                 comment='This user is used for setup application',
                 create_home=True)
    fabtools.user.add_ssh_public_key(env.user, '~/.ssh/id_rsa.pub')
Exemplo n.º 58
0
def create_users():
    require.user('root', password=generate_random_password())
    require.user('runner', password=generate_random_password())
    sudo('cd; mkdir -p .ssh; chmod 700 .ssh', user='******')
    if not exists('/home/runner/.ssh/id_rsa'):
        sudo('cd; ssh-keygen -f ~/.ssh/id_rsa -t rsa -N ""', user='******')
Exemplo n.º 59
0
def setup():
    # Require some Debian/Ubuntu packages
    # sudo('apt-get update && apt-get -y dist-upgrade')

    require.deb.packages([
        'imagemagick', 'libxml2-dev', 'libxml2', 'libxslt1.1',
        'libevent-2.0-5', 'libsasl2-2', 'libldap-2.4-2', 'python-dev',
        'libjpeg-dev', 'libpcre3', 'libpcre3-dev', 'nginx', 'supervisor',
        'python-pip', 'python-virtualenv', 'python-docutils', 'python-gdata',
        'python-mako', 'python-dateutil', 'python-lxml', 'python-libxslt1',
        'python-libxslt1', 'python-reportlab', 'python-pybabel',
        'python-pychart', 'python-openid', 'python-simplejson',
        'python-psycopg2', 'python-vobject', 'python-vatnumber',
        'python-webdav', 'python-xlwt', 'python-yaml', 'python-zsi',
        'gunicorn', 'fabric', 'python-unipath', 'npm', 'git', 'ufw',
        'libxml2-dev', 'libxslt1-dev', 'zlib1g-dev', 'libsasl2-dev',
        'libldap2-dev', 'libssl-dev', 'node-less'
    ])

    sudo('apt-get -y autoremove')
    sudo('pip install --upgrade pip')

    # setup wkhtml2pdf
    with cd('/tmp'):
        sudo(
            'wget http://download.gna.org/wkhtmltopdf/0.12/0.12.1/wkhtmltox-0.12.1_linux-trusty-amd64.deb'
        )
        sudo('dpkg -i wkhtmltox-0.12.1_linux-trusty-amd64.deb')
        sudo('cp /usr/local/bin/wkhtmltopdf /usr/bin')
        sudo('cp /usr/local/bin/wkhtmltoimage /usr/bin')

    # Require a PostgreSQL server

    with settings(abort_exception=FabricException):
        try:
            fabtools.require.deb.packages([
                'postgresql-server-dev-all', 'postgresql-client',
                'python-psycopg2'
            ])
        except FabricException:
            sudo('apt-get -f -y install')

    with settings(abort_exception=FabricException):
        try:
            require.postgres.server()
        except FabricException:
            with cd('/var/lib/dpkg/info'):
                sudo('rm postgresql-server.*')
            sudo('apt-get -f -y install')

    require.postgres.user(env.db['user'], env.db['pass'], createdb=True)
    require.postgres.database(env.db['name'], env.db['user'])  # setup firewall
    # setup_firewall()
    require.user(env.odoo_user, password=env.odoo_user_pwd)

    with settings(abort_exception=FabricException):
        try:
            sudo('mkdir /opt')
        except FabricException:
            pass

    sudo('chmod g+w /opt')

    with cd('/opt'):
        sudo('rm -rf ./openerp')
        sudo('rm -rf ./openerp/.git')
        with settings(abort_exception=FabricException):
            try:
                sudo('mkdir openerp')
                sudo('chown openerp.openerp ./openerp')
                sudo('chmod g+w ./openerp')
            except FabricException:
                pass

    sudo('wget -O - https://nightly.odoo.com/odoo.key | apt-key add -')
    sudo(
        'echo "deb http://nightly.odoo.com/7.0/nightly/deb/ ./" >> /etc/apt/sources.list'
    )
    sudo('mkdir -p /var/lib/openerp')
    sudo('apt-get update && apt-get install openerp -y')

    #with cd(env.remote_dir):
    #    sudo('git clone https://www.github.com/odoo/odoo --depth 1 --branch 7.0 --single-branch .')
    #    with settings(abort_exception=FabricException):
    #        try:
    #            sudo('pip install')
    #        except FabricException:
    #            sudo('apt-get install -f -y')
    #            sudo('pip install')
    #
    #    sudo('npm install -g less less-plugin-clean-css')
    #    with settings(abort_exception=FabricException):
    #        try:
    #            sudo('ln -s /usr/bin/nodejs /usr/bin/node')
    #        except FabricException:
    #            pass

    upload_template(filename='./etc/openerp-server.conf',
                    destination='/etc/openerp/openerp-server.conf',
                    context=env.db,
                    use_sudo=True)
    put('./etc/init.d/openerp', '/etc/init.d/openerp', use_sudo=True)

    setup_nginx()

    # Correct ownership and permissions
    sudo('chmod 755 /etc/init.d/openerp')
    sudo('chown root: /etc/init.d/openerp')
    # Since odoo user will run the application, change its ownership accordingly.

    sudo('chown -R openerp: /opt/openerp/')
    # We should set odoo user as the owner of log directory as well.

    #with settings(abort_exception=FabricException):
    #    try:
    #        sudo('mkdir /var/log/openerp')
    #    except FabricException:
    #        pass

    sudo('chown openerp:root /var/log/openerp')
    # Finally, we should protect the server configuration file changing
    # its ownership and permissions so no other non-root user can access it.

    # @todo this small part isn't working yet, try manual -./openerp-server -u all -d DATABASENAME
    # using odoo user
    with cd(env.remote_dir):
        #sudo('su odoo && ./openerp-server -u all -d %s' % env.db['name'], user=env.odoo_user)
        pass

    sudo('chown openerp: /etc/openerp/openerp-server.conf')
    sudo('chown root: /etc/nginx/sites-available/site.conf')
    sudo('chmod 640 /etc/openerp/openerp-server.conf')

    report()
    restart_services()
    print(
        green('Installation complete. Please visit http://<ip address>:8069'))
    autostart()