def _install_pnp4nagios(): ''' PNP4Nagios is design to work with Nagios - some hacking is needed to make it play nice with icinga, especially with file permissions creating files that the EPEL-package has missed. PNP4Nagios uses the NPCD-daemon to spool data from Icinga to Round Robin Databases. I.e using bulk mode, see http://docs.pnp4nagios.org/_detail/bulk.png ''' # Get packages from epel repo install.epel_repo() x("yum install -y pnp4nagios icinga-web-module-pnp") # Pnp4 uses the nagios password file, which will not exist general.use_original_file("/etc/httpd/conf.d/pnp4nagios.conf") general.set_config_property("/etc/httpd/conf.d/pnp4nagios.conf", "AuthName \"Nagios Access\"", "AuthName \"Icinga Access\"", False) general.set_config_property("/etc/httpd/conf.d/pnp4nagios.conf", "AuthUserFile /etc/nagios/passwd", "AuthUserFile /etc/icinga/passwd", False) # NPCD config prepped to work with icinga instead of nagios x("cp {0}syco-private/var/nagios/npcd.cfg /etc/pnp4nagios/npcd.cfg".format( constant.SYCO_USR_PATH)) x("chown icinga:icinga /etc/pnp4nagios/npcd.cfg") # Package-maker does create a log for process-perfdata. PBP goes bonkers if it can't find it x("touch /var/log/pnp4nagios/perfdata.log") # Since we are using icinga (not nagios) we need to change permissions. # Tried just adding icinga to nagios group but creates a dependency on PNP/Nagios package states which is not good. x("chown -R icinga:icinga /var/log/pnp4nagios") x("chown -R icinga:icinga /var/spool/pnp4nagios") x("chown -R icinga:icinga /var/lib/pnp4nagios") # Set npcd (bulk parser/spooler) to auto-start x(" /sbin/chkconfig --level 3 npcd on") # Setup LDAP-login for PNP4NAgios. general.use_original_file("/etc/httpd/conf.d/pnp4nagios.conf") x("rm -f /etc/httpd/conf.d/pnp4nagios.conf") x("cp -p {0}icinga/pnp4nagios.conf /etc/httpd/conf.d/".format( constant.SYCO_VAR_PATH)) htconf = scopen.scOpen("/etc/httpd/conf.d/pnp4nagios.conf") htconf.replace("${BIND_DN}", "cn=sssd,%s" % config.general.get_ldap_dn()) htconf.replace("${BIND_PASSWORD}", "%s" % app.get_ldap_sssd_password()) htconf.replace( "${LDAP_URL}", "ldaps://%s:636/%s?uid" % (config.general.get_ldap_hostname(), config.general.get_ldap_dn())) # Restart everything x("service icinga restart") x("service httpd restart") x("service npcd restart")
def _install_nrpe(args): """ The nrpe installation is quite standard . Except that the stock NRPE.conf is replaced with a prepped one. Server only listens to this IP. Not super safe but better than nothing. Also, argument parsing is _disabled_. """ # Initialize all used passwords at the beginning of the script. app.get_ldap_sssd_password() app.get_mysql_monitor_password() install.epel_repo() # Confusing that nagios-plugins-all does not really include all plugins # WARNING: nrpe in EPEL and nagios-nrpe in RPMForge are the same package. At # the moment EPEL has the latest version but RPMForge obsolete the EPEL # package. Because of that, exclude nagios-nrpe from RPMForge. app.print_verbose("Install required packages for NRPE") install_packages( "nagios-plugins-all nrpe nagios-plugins-nrpe php-ldap nagios-plugins-perl perl-Net-DNS " "perl-Proc-ProcessTable perl-Date-Calc policycoreutils-python") # Move object structure and prepare conf-file x("rm -rf /etc/nagios/nrpe.d") x("rm -rf /etc/nagios/nrpe.cfg") x("cp -r {0}syco-private/var/nagios/nrpe.d /etc/nagios/".format( constant.SYCO_USR_PATH)) x("cp {0}syco-private/var/nagios/nrpe.cfg /etc/nagios/".format( constant.SYCO_USR_PATH)) # Extra plugins installed _install_nrpe_plugins() # Allow only monitor to query NRPE monitor_server_front_ip = config.general.get_monitor_server_ip() app.print_verbose("Set monitor server: %s" % monitor_server_front_ip) nrpe_config = scopen.scOpen("/etc/nagios/nrpe.cfg") nrpe_config.replace("$(MONITORIP)", monitor_server_front_ip) # Set permissions for read/execute under nagios-user x("chown -R root:nrpe /etc/nagios/") # Allow nrpe to listen on UDP port 5666 iptables.add_nrpe_chain() iptables.save() # Make nrpe-server startup stateful and restart x("/sbin/chkconfig --level 3 nrpe on") x("service nrpe restart")
def _install_nrpe(args): """ The nrpe installation is quite standard . Except that the stock NRPE.conf is replaced with a prepped one. Server only listens to this IP. Not super safe but better than nothing. Also, argument parsing is _disabled_. """ # Initialize all used passwords at the beginning of the script. app.get_ldap_sssd_password() app.get_mysql_monitor_password() install.epel_repo() # Confusing that nagios-plugins-all does not really include all plugins # WARNING: nrpe in EPEL and nagios-nrpe in RPMForge are the same package. At # the moment EPEL has the latest version but RPMForge obsolete the EPEL # package. Because of that, exclude nagios-nrpe from RPMForge. x( "yum install -y nagios-plugins-all nrpe nagios-plugins-nrpe php-ldap " "nagios-plugins-perl perl-Net-DNS perl-Proc-ProcessTable" "perl-Date-Calc policycoreutils-python --exclude=nagios-nrpe" ) # Move object structure and prepare conf-file x("rm -rf /etc/nagios/nrpe.d") x("rm -rf /etc/nagios/nrpe.cfg") x("cp -r {0}syco-private/var/nagios/nrpe.d /etc/nagios/".format(constant.SYCO_USR_PATH)) x("cp {0}syco-private/var/nagios/nrpe.cfg /etc/nagios/".format(constant.SYCO_USR_PATH)) # Extra plugins installed _install_nrpe_plugins() # Allow only monitor to query NRPE monitor_server_front_ip = config.general.get_monitor_server_ip() app.print_verbose("Set monitor server: %s" % monitor_server_front_ip) nrpe_config = scopen.scOpen("/etc/nagios/nrpe.cfg") nrpe_config.replace("$(MONITORIP)", monitor_server_front_ip) # Set permissions for read/execute under nagios-user x("chown -R root:nrpe /etc/nagios/") # Allow nrpe to listen on UDP port 5666 iptables.add_nrpe_chain() iptables.save() # Make nrpe-server startup stateful and restart x("/sbin/chkconfig --level 3 nrpe on") x("service nrpe restart")
def install_guests(args): ''' ''' guest_hostnames = get_hosts_to_install(args) install.epel_repo() install.package("koan") install.package("python-ethtool") _patch_bug_in_koan() # Wait to install guests until installation server is alive. wait_for_installation_server_to_start() guests = start_installation(guest_hostnames) wait_for_installation_to_complete(guests)
def _install_pnp4nagios(): ''' PNP4Nagios is design to work with Nagios - some hacking is needed to make it play nice with icinga, especially with file permissions creating files that the EPEL-package has missed. PNP4Nagios uses the NPCD-daemon to spool data from Icinga to Round Robin Databases. I.e using bulk mode, see http://docs.pnp4nagios.org/_detail/bulk.png ''' # Get packages from epel repo install.epel_repo() x("yum install -y pnp4nagios icinga-web-module-pnp") # Pnp4 uses the nagios password file, which will not exist general.use_original_file("/etc/httpd/conf.d/pnp4nagios.conf") general.set_config_property("/etc/httpd/conf.d/pnp4nagios.conf","AuthName \"Nagios Access\"","AuthName \"Icinga Access\"", False) general.set_config_property("/etc/httpd/conf.d/pnp4nagios.conf","AuthUserFile /etc/nagios/passwd","AuthUserFile /etc/icinga/passwd",False) # NPCD config prepped to work with icinga instead of nagios x("cp {0}syco-private/var/nagios/npcd.cfg /etc/pnp4nagios/npcd.cfg".format(constant.SYCO_USR_PATH)) x("chown icinga:icinga /etc/pnp4nagios/npcd.cfg") # Package-maker does create a log for process-perfdata. PBP goes bonkers if it can't find it x("touch /var/log/pnp4nagios/perfdata.log") # Since we are using icinga (not nagios) we need to change permissions. # Tried just adding icinga to nagios group but creates a dependency on PNP/Nagios package states which is not good. x("chown -R icinga:icinga /var/log/pnp4nagios") x("chown -R icinga:icinga /var/spool/pnp4nagios") x("chown -R icinga:icinga /var/lib/pnp4nagios") # Set npcd (bulk parser/spooler) to auto-start x(" /sbin/chkconfig --level 3 npcd on") # Setup LDAP-login for PNP4NAgios. general.use_original_file("/etc/httpd/conf.d/pnp4nagios.conf") x("rm -f /etc/httpd/conf.d/pnp4nagios.conf") x("cp -p {0}icinga/pnp4nagios.conf /etc/httpd/conf.d/".format(constant.SYCO_VAR_PATH)) htconf = scopen.scOpen("/etc/httpd/conf.d/pnp4nagios.conf") htconf.replace("${BIND_DN}","cn=sssd,%s" % config.general.get_ldap_dn() ) htconf.replace("${BIND_PASSWORD}","%s" % app.get_ldap_sssd_password() ) htconf.replace("${LDAP_URL}","ldaps://%s:636/%s?uid" % (config.general.get_ldap_hostname(),config.general.get_ldap_dn()) ) # Restart everything x("service icinga restart") x("service httpd restart") x("service npcd restart")
def _install_nrpe(args): """ The nrpe installation is quite standard - except that the stock NRPE.conf is replaced with a prepped one. Server only listens to this IP. Not super safe but better than nothing. Also, argument parsing is _disabled_. """ # Initialize all passwords at the beginning of the script. app.get_ldap_sssd_password() app.get_mysql_monitor_password() install.epel_repo() # Confusing that nagios-plugins-all does not really include all plugins x( "yum install nagios-plugins-all nrpe nagios-plugins-nrpe php-ldap nagios-plugins-perl perl-Net-DNS perl-Proc-ProcessTable perl-Date-Calc -y" ) # Move object structure and prepare conf-file x("rm -rf /etc/nagios/nrpe.d") x("rm -rf /etc/nagios/nrpe.cfg") x("cp -r {0}syco-private/var/nagios/nrpe.d /etc/nagios/".format(constant.SYCO_USR_PATH)) x("cp {0}syco-private/var/nagios/nrpe.cfg /etc/nagios/".format(constant.SYCO_USR_PATH)) # Set permissions for read/execute under NRPE-user x("chown -R root:nrpe /etc/nagios/") # Extra plugins installed _install_nrpe_plugins() # Allow only monitor to query NRPE monitor_server_front_ip = config.host(config.general.get_monitor_server()).get_front_ip() app.print_verbose("Setting monitor server:" + monitor_server_front_ip) nrpe_config = scopen.scOpen("/etc/nagios/nrpe.cfg") nrpe_config.replace("$(MONITORIP)", monitor_server_front_ip) # Allow nrpe to listen on UDP port 5666 iptables.add_nrpe_chain() iptables.save() # Make nrpe-server startup stateful and restart x("/sbin/chkconfig --level 3 nrpe on") x("service nrpe restart")
def _install_cobbler(): # # Install cobbler # # See http://linux.die.net/man/1/cobbler # See https://fedorahosted.org/cobbler/wiki/DownloadInstructions # See https://fedorahosted.org/cobbler/wiki/UsingCobblerImport # See http://www.ithiriel.com/content/2010/02/22/installing-linux-vms-under-kvm-cobbler-and-koan # Cobbler packages are in the EPEL repo. install.epel_repo() # To get cobbler and kvm work correct. x("yum -y install cobbler koan httpd dhcp createrepo mkisofs mod_wsgi " + "python-cheetah python-netaddr python-simplejson python-urlgrabber " + "PyYAML rsync tftp-server yum-utils pykickstart") # Cobbler web only has one other requirement besides cobbler itself x("yum -y install Django") # Autostart services x("/sbin/chkconfig httpd on") x("/sbin/chkconfig cobblerd on") x("/sbin/chkconfig dhcpd on") # This allows the Apache httpd server to connect to the network x('/usr/sbin/semanage fcontext -a -t public_content_rw_t "/var/lib/tftpboot/.*"' ) x('/usr/sbin/semanage fcontext -a -t public_content_rw_t "/var/www/cobbler/images/.*"' ) x('/usr/sbin/semanage fcontext -a -t httpd_sys_content_rw_t "/var/lib/cobbler/webui_sessions/.*"' ) x('restorecon -R -v "/var/lib/tftpboot/"') x('restorecon -R -v "/var/www/cobbler/images"') x('restorecon -R -v "/var/lib/cobbler/webui_sessions/"') # Enables cobbler to read/write public_content_rw_t x('/usr/sbin/setsebool -P cobbler_anon_write on') # Enable httpd to connect to cobblerd (optional, depending on if web interface is installed) # Notice: If you enable httpd_can_network_connect_cobbler and you should switch httpd_can_network_connect off x('/usr/sbin/setsebool -P httpd_can_network_connect off') x('/usr/sbin/setsebool -P httpd_can_network_connect_cobbler on') #Enabled cobbler to use rsync etc.. (optional) x('/usr/sbin/setsebool -P cobbler_can_network_connect on') #Enable cobbler to use CIFS based filesystems (optional) #x('/usr/sbin/setsebool -P cobbler_use_cifs on') # Enable cobbler to use NFS based filesystems (optional) #x('/usr/sbin/setsebool -P cobbler_use_nfs on') _install_custom_selinux_policy() # Double check your choices x('getsebool -a|grep cobbler') app.print_verbose("Update xinetd config files") general.set_config_property("/etc/xinetd.d/tftp", '[\s]*disable[\s]*[=].*', " disable = no") general.set_config_property("/etc/xinetd.d/rsync", '[\s]*disable[\s]*[=].*', " disable = no") x("/etc/init.d/xinetd restart")
def _install_netifaces(): install.epel_repo() install_packages("python-netifaces")
def _install_cobbler(): # # Install cobbler # # See http://linux.die.net/man/1/cobbler # See https://fedorahosted.org/cobbler/wiki/DownloadInstructions # See https://fedorahosted.org/cobbler/wiki/UsingCobblerImport # See http://www.ithiriel.com/content/2010/02/22/installing-linux-vms-under-kvm-cobbler-and-koan # Cobbler packages are in the EPEL repo. install.epel_repo() # To get cobbler and kvm work correct. x( "yum -y install cobbler koan httpd dhcp createrepo mkisofs mod_wsgi " + "python-cheetah python-netaddr python-simplejson python-urlgrabber " + "PyYAML rsync tftp-server yum-utils pykickstart" ) # Cobbler web only has one other requirement besides cobbler itself x("yum -y install Django") # Autostart services x("/sbin/chkconfig httpd on") x("/sbin/chkconfig cobblerd on") x("/sbin/chkconfig dhcpd on") # This allows the Apache httpd server to connect to the network x('/usr/sbin/semanage fcontext -a -t public_content_rw_t "/var/lib/tftpboot/.*"') x('/usr/sbin/semanage fcontext -a -t public_content_rw_t "/var/www/cobbler/images/.*"') x('/usr/sbin/semanage fcontext -a -t httpd_sys_content_rw_t "/var/lib/cobbler/webui_sessions/.*"') x('restorecon -R -v "/var/lib/tftpboot/"') x('restorecon -R -v "/var/www/cobbler/images"') x('restorecon -R -v "/var/lib/cobbler/webui_sessions/"') # Enables cobbler to read/write public_content_rw_t x('/usr/sbin/setsebool -P cobbler_anon_write on') # Enable httpd to connect to cobblerd (optional, depending on if web interface is installed) # Notice: If you enable httpd_can_network_connect_cobbler and you should switch httpd_can_network_connect off x('/usr/sbin/setsebool -P httpd_can_network_connect off') x('/usr/sbin/setsebool -P httpd_can_network_connect_cobbler on') #Enabled cobbler to use rsync etc.. (optional) x('/usr/sbin/setsebool -P cobbler_can_network_connect on') #Enable cobbler to use CIFS based filesystems (optional) #x('/usr/sbin/setsebool -P cobbler_use_cifs on') # Enable cobbler to use NFS based filesystems (optional) #x('/usr/sbin/setsebool -P cobbler_use_nfs on') _install_custom_selinux_policy() # Double check your choices x('getsebool -a|grep cobbler') app.print_verbose("Update xinetd config files") general.set_config_property("/etc/xinetd.d/tftp", '[\s]*disable[\s]*[=].*', " disable = no") general.set_config_property("/etc/xinetd.d/rsync", '[\s]*disable[\s]*[=].*', " disable = no") x("/etc/init.d/xinetd restart")
def install_rabbit(): """Install and setup the rabbit mq server.""" install.epel_repo() x("yum install erlang -y") x("rpm --import http://www.rabbitmq.com/rabbitmq-signing-key-public.asc") x("yum install rabbitmq-server -y")
def install_rabbit(): """Install and setup the rabbit mq server.""" install.epel_repo() x('yum install erlang -y') x('rpm --import http://www.rabbitmq.com/rabbitmq-signing-key-public.asc') x('yum install rabbitmq-server -y')