def _init_service(self, mpoint, password):
self.service.stop()
self.root_user = self.create_linux_user(ROOT_USER, password)
self.master_user = self.create_linux_user(MASTER_USER, password)
move_files = not self.cluster_dir.is_initialized(mpoint)
self.postgresql_conf.data_directory = self.cluster_dir.move_to(
mpoint, move_files)
self.postgresql_conf.listen_addresses = '*'
self.postgresql_conf.wal_level = 'hot_standby'
self.postgresql_conf.max_wal_senders = 5
wks = self.postgresql_conf.wal_keep_segments
if not wks or int(wks) < 32:
self.postgresql_conf.wal_keep_segments = 32 # [TTM-8]
if disttool.is_ubuntu() and disttool.version_info() == (
12, 4) and '9.1' == self.version:
#SEE: https://bugs.launchpad.net/ubuntu/+source/postgresql-9.1/+bug/1018307
self.postgresql_conf.ssl_renegotiation_limit = 0
self.cluster_dir.clean()
if disttool.is_redhat_based():
self.config_dir.move_to(self.unified_etc_path)
make_symlinks(os.path.join(mpoint, STORAGE_DATA_DIR),
self.unified_etc_path)
self.postgresql_conf = PostgresqlConf.find(self.config_dir)
self.pg_hba_conf = PgHbaConf.find(self.config_dir)
self.pg_hba_conf.allow_local_connections()
def __init__(self, manifest=None):
mgr_name = "apt" if disttool.is_debian_based() else "yum"
self.mgr = AptPackageMgr() if disttool.is_debian_based() else YumPackageMgr()
self.manifest = os.path.abspath(manifest or self.DEFAULT_MANIFEST)
self.conf = configparser.ConfigParser()
self.conf.read(self.manifest)
dist_id, release = disttool.linux_dist()[0:2]
if disttool.is_redhat_based() and not disttool.is_fedora():
dist_id = "el"
dist_id = dist_id.lower()
major_release = release.split(".")[0]
self.sections = [
s % locals()
for s in (
"%(mgr_name)s",
"%(mgr_name)s:%(dist_id)s",
"%(mgr_name)s:%(dist_id)s%(major_release)s",
"%(mgr_name)s:%(dist_id)s%(release)s",
)
]
self.sections.reverse()
LOG.debug(
"Initialized ImpLoader with such settings\n" " manifest: %s\n" " sections: %s\n",
self.manifest,
self.sections,
)
def move_to(self, dst, move_files=True):
new_cluster_dir = os.path.join(dst, STORAGE_DATA_DIR)
if not os.path.exists(dst):
LOG.debug(
'Creating directory structure for postgresql cluster: %s' %
dst)
os.makedirs(dst)
if move_files:
source = self.path
if not os.path.exists(self.path):
source = self.default_path
LOG.debug(
'data_directory in postgresql.conf points to non-existing location, using %s instead'
% source)
if source != new_cluster_dir:
LOG.debug("copying cluster files from %s into %s" %
(source, new_cluster_dir))
shutil.copytree(source, new_cluster_dir)
LOG.debug("changing directory owner to %s" % self.user)
chown_r(dst, self.user)
LOG.debug("Changing postgres user`s home directory")
if disttool.is_redhat_based():
#looks like ubuntu doesn`t need this
system2([USERMOD, '-d', new_cluster_dir, self.user])
self.path = new_cluster_dir
return new_cluster_dir
def __init__(self):
if not os.path.exists(MDADM_EXEC):
if disttool.is_redhat_based():
system2(('/usr/bin/yum', '-d0', '-y', 'install', 'mdadm', '-x',
'exim'),
raise_exc=False)
else:
mgr = dynimp.package_mgr()
mgr.install('mdadm', mgr.candidates('mdadm')[-1])
for location in ['/etc ', '/lib']:
path = os.path.join(location, 'udev/rules.d/85-mdadm.rules')
if os.path.exists(path):
rule = None
with open(path, 'r') as fp:
rule = fp.read()
if rule:
rule = re.sub(re.compile('^([^#])', re.M), '#\\1', rule)
with open(path, 'w') as fp:
fp.write(rule)
self._raid_devices_re = re.compile(
'Raid\s+Devices\s+:\s+(?P<count>\d+)')
self._total_devices_re = re.compile(
'Total\s+Devices\s+:\s+(?P<count>\d+)')
self._state_re = re.compile('State\s+:\s+(?P<state>.+)')
self._rebuild_re = re.compile(
'Rebuild\s+Status\s+:\s+(?P<percent>\d+)%')
self._level_re = re.compile('Raid Level : (?P<level>.+)')
def __init__(self):
if not os.path.exists(MDADM_EXEC):
if disttool.is_redhat_based():
system2(('/usr/bin/yum', '-d0', '-y', 'install', 'mdadm', '-x', 'exim'), raise_exc=False)
else:
mgr = dynimp.package_mgr()
mgr.install('mdadm', mgr.candidates('mdadm')[-1])
for location in ['/etc ', '/lib']:
path = os.path.join(location, 'udev/rules.d/85-mdadm.rules')
if os.path.exists(path):
rule = None
with open(path, 'r') as fp:
rule = fp.read()
if rule:
rule = re.sub(re.compile('^([^#])', re.M), '#\\1', rule)
with open(path, 'w') as fp:
fp.write(rule)
self._raid_devices_re = re.compile('Raid\s+Devices\s+:\s+(?P<count>\d+)')
self._total_devices_re = re.compile('Total\s+Devices\s+:\s+(?P<count>\d+)')
self._state_re = re.compile('State\s+:\s+(?P<state>.+)')
self._rebuild_re = re.compile('Rebuild\s+Status\s+:\s+(?P<percent>\d+)%')
self._level_re = re.compile('Raid Level : (?P<level>.+)')
def move_to(self, dst, move_files=True):
new_cluster_dir = os.path.join(dst, STORAGE_DATA_DIR)
if not os.path.exists(dst):
LOG.debug('Creating directory structure for postgresql cluster: %s' % dst)
os.makedirs(dst)
if move_files:
source = self.path
if not os.path.exists(self.path):
source = self.default_path
LOG.debug('data_directory in postgresql.conf points to non-existing location, using %s instead' % source)
if source != new_cluster_dir:
LOG.debug("copying cluster files from %s into %s" % (source, new_cluster_dir))
shutil.copytree(source, new_cluster_dir)
LOG.debug("changing directory owner to %s" % self.user)
chown_r(dst, self.user)
LOG.debug("Changing postgres user`s home directory")
if disttool.is_redhat_based():
#looks like ubuntu doesn`t need this
system2([USERMOD, '-d', new_cluster_dir, self.user])
self.path = new_cluster_dir
return new_cluster_dir
def _init_service(self, mpoint, password):
self.service.stop()
self.root_user = self.create_linux_user(ROOT_USER, password)
self.master_user = self.create_linux_user(MASTER_USER, password)
move_files = not self.cluster_dir.is_initialized(mpoint)
self.postgresql_conf.data_directory = self.cluster_dir.move_to(mpoint, move_files)
self.postgresql_conf.listen_addresses = "*"
self.postgresql_conf.wal_level = "hot_standby"
self.postgresql_conf.max_wal_senders = 5
wks = self.postgresql_conf.wal_keep_segments
if not wks or int(wks) < 32:
self.postgresql_conf.wal_keep_segments = 32 # [TTM-8]
if disttool.is_ubuntu() and disttool.version_info() == (12, 4) and "9.1" == self.version:
# SEE: https://bugs.launchpad.net/ubuntu/+source/postgresql-9.1/+bug/1018307
self.postgresql_conf.ssl_renegotiation_limit = 0
self.cluster_dir.clean()
if disttool.is_redhat_based():
self.config_dir.move_to(self.unified_etc_path)
make_symlinks(os.path.join(mpoint, STORAGE_DATA_DIR), self.unified_etc_path)
self.postgresql_conf = PostgresqlConf.find(self.config_dir)
self.pg_hba_conf = PgHbaConf.find(self.config_dir)
self.pg_hba_conf.allow_local_connections()
def __init__(self, manifest=None):
mgr_name = 'apt' if disttool.is_debian_based() else 'yum'
self.mgr = AptPackageMgr() if disttool.is_debian_based(
) else YumPackageMgr()
self.manifest = os.path.abspath(manifest or self.DEFAULT_MANIFEST)
self.conf = configparser.ConfigParser()
self.conf.read(self.manifest)
dist_id, release = disttool.linux_dist()[0:2]
if disttool.is_redhat_based() and not disttool.is_fedora():
dist_id = 'el'
dist_id = dist_id.lower()
major_release = release.split('.')[0]
self.sections = [
s % locals() for s in ('%(mgr_name)s', '%(mgr_name)s:%(dist_id)s',
'%(mgr_name)s:%(dist_id)s%(major_release)s',
'%(mgr_name)s:%(dist_id)s%(release)s')
]
self.sections.reverse()
LOG.debug(
'Initialized ImpLoader with such settings\n'
' manifest: %s\n'
' sections: %s\n', self.manifest, self.sections)
def test_DistTool(self):
self.assertTrue(disttool.is_linux())
self.assertTrue(disttool.is_redhat_based())
self.assertTrue(disttool.is_fedora())
self.assertFalse(disttool.is_win())
self.assertFalse(disttool.is_sun())
self.assertFalse(disttool.is_debian_based())
def _change_selinux_ctx(self):
try:
chcon = software.which('chcon')
except LookupError:
return
if disttool.is_redhat_based():
LOG.debug('Changing SELinux file security context for new mysql datadir')
system2((chcon, '-R', '-u', 'system_u', '-r',
'object_r', '-t', 'mysqld_db_t', os.path.dirname(__mysql__['storage_dir'])), raise_exc=False)
def __init__(self):
self._objects = {}
self.service = initdv2.lookup(SERVICE_NAME)
if not os.path.exists(MYCNF_PATH):
if disttool.is_redhat_based() and os.path.exists('/usr/share/mysql/my-medium.cnf'):
shutil.copy('/usr/share/mysql/my-medium.cnf', MYCNF_PATH)
else:
fp = open(MYCNF_PATH, 'w')
fp.write('[mysqld]')
fp.close()
def test_on_mysql_newmaster_up(self):
bus.queryenv_service = _QueryEnv()
bus.platform = _Platform()
config = bus.config
sect_name = configtool.get_behaviour_section_name(mysql.BEHAVIOUR)
config.set(sect_name, mysql.OPT_REPLICATION_MASTER, '0')
handler = _MysqlHandler()
root_pass, repl_pass, stat_pass = handler._add_mysql_users(mysql.ROOT_USER, mysql.REPL_USER, mysql.STAT_USER)
handler._update_config( {mysql.OPT_ROOT_PASSWORD : root_pass,
mysql.OPT_REPL_PASSWORD : repl_pass,
mysql.OPT_STAT_PASSWORD : stat_pass})
message = _Message()
if disttool.is_redhat_based():
daemon = "/usr/libexec/mysqld"
else:
daemon = "/usr/sbin/mysqld"
initd.stop("mysql")
myd = Popen([daemon, '--defaults-file=/etc/mysql2/my.cnf', '--skip-grant-tables'], stdin=PIPE, stdout=PIPE, stderr=STDOUT)
ping_service(LOCAL_IP, 3306, 5)
myclient = pexpect.spawn('/usr/bin/mysql -h'+LOCAL_IP)
myclient.expect('mysql>')
repl_password = re.sub('[^\w]','', cryptotool.keygen(20))
sql = "update mysql.user set password = PASSWORD('"+repl_password+"') where user = '******';"
myclient.sendline(sql)
myclient.expect('mysql>')
result = myclient.before
if re.search('ERROR', result):
os.kill(myd.pid, signal.SIGTERM)
raise BaseException("Cannot update user", result)
myclient.sendline('FLUSH TABLES WITH READ LOCK;')
myclient.expect('mysql>')
# system('cp -pr /var/lib/mysql /var/lib/backmysql')
# system('rm -rf /var/lib/mysql && cp -pr /var/lib/mysql2 /var/lib/mysql')
myclient.sendline('SHOW MASTER STATUS;')
myclient.expect('mysql>')
# retrieve log file and position
try:
master_status = myclient.before.split('\r\n')[4].split('|')
except:
raise BaseException("Cannot get master status")
finally:
myclient.sendline('UNLOCK TABLES;')
os.kill(myd.pid, signal.SIGTERM)
myd = Popen([daemon, '--defaults-file=/etc/mysql2/my.cnf'], stdin=PIPE, stdout=PIPE, stderr=STDOUT)
ping_service(LOCAL_IP, 3306, 5)
message.log_file = master_status[1].strip()
message.log_pos = master_status[2].strip()
message.repl_user = mysql.REPL_USER
message.repl_password = repl_password
message.root_password = root_pass
handler.on_Mysql_NewMasterUp(message)
os.kill(myd.pid, signal.SIGTERM)
initd.stop("mysql")
system ('rm -rf /var/lib/mysql && cp -pr /var/lib/backmysql /var/lib/mysql && rm -rf /var/lib/backmysql')
config.set(sect_name, mysql.OPT_REPLICATION_MASTER, '1')
def extract_datadir_and_log():
if disttool.is_redhat_based():
my_cnf_file = "/etc/my.cnf"
else:
my_cnf_file = "/etc/mysql/my.cnf"
file = open(my_cnf_file)
mycnf = file.read()
file.close()
datadir = re.search(re.compile('^\s*datadir\s*=\s*(.*)$', re.MULTILINE), mycnf).group(1)
log_bin = re.search(re.compile('^\s*log_bin\s*=\s*(.*)$', re.MULTILINE), mycnf).group(1)
return datadir, log_bin
def __init__(self):
self._objects = {}
self.service = initdv2.lookup(SERVICE_NAME)
if not os.path.exists(MYCNF_PATH):
if disttool.is_redhat_based() and os.path.exists(
'/usr/share/mysql/my-medium.cnf'):
shutil.copy('/usr/share/mysql/my-medium.cnf', MYCNF_PATH)
else:
fp = open(MYCNF_PATH, 'w')
fp.write('[mysqld]')
fp.close()
def __init__(self):
self._logger = logging.getLogger(__name__)
if disttool.is_redhat_based():
init_script = ('/sbin/service', 'sshd')
elif disttool.is_ubuntu() and disttool.version_info() >= (10, 4):
init_script = ('/usr/sbin/service', 'ssh')
else:
init_script = firstmatched(os.path.exists, ('/etc/init.d/ssh', '/etc/init.d/sshd'))
self._sshd_init = ParametrizedInitScript('sshd', init_script)
bus.on(init=self.on_init)
def update(self, workdir):
if not os.access(self.executable, os.X_OK):
self._logger.info('Installing Git SCM...')
if disttool.is_debian_based():
system2(('apt-get', '-y', 'install', 'git-core'))
elif disttool.is_redhat_based():
system2(('yum', '-y', 'install', 'git'))
else:
raise SourceError('Cannot install Git. Unknown distribution %s' %
str(disttool.linux_dist()))
#if not os.path.exists(workdir):
# self._logger.info('Creating destination directory')
# os.makedirs(workdir)
tmpdir = tempfile.mkdtemp()
env = {}
try:
if self.private_key:
pk_path = os.path.join(tmpdir, 'pk.pem')
filetool.write_file(pk_path, self.private_key)
os.chmod(pk_path, 0400)
git_ssh_path = os.path.join(tmpdir, 'git_ssh.sh')
filetool.write_file(git_ssh_path, self.ssh_tpl % pk_path)
os.chmod(git_ssh_path, 0755)
env.update(dict(GIT_SSH=git_ssh_path))
if os.path.exists(os.path.join(workdir, '.git')):
origin_url = system2(('git', 'config', '--get', 'remote.origin.url'), cwd=workdir, raise_exc=False)[0]
if origin_url.strip() != self.url.strip():
self._logger.info('%s is not origin of %s (%s is)', self.url, workdir, origin_url)
self._logger.info('Remove all files in %s and checkout from %s', workdir, self.url )
shutil.rmtree(workdir)
os.mkdir(workdir)
out, err, ret_code = system2(('git', 'clone', self.url, workdir), env=env)
else:
self._logger.info('Updating directory %s (git-pull)', workdir)
out, err, ret_code = system2(('git', 'pull'), env=env, cwd=workdir)
else:
self._logger.info('Checkout from %s', self.url)
out, err, ret_code = system2(('git', 'clone', self.url, workdir), env=env)
if ret_code:
raise Exception('Git failed to clone repository. %s' % out)
self._logger.info('Successfully deployed %s from %s', workdir, self.url)
finally:
shutil.rmtree(tmpdir)
def main():
init_script()
logger = logging.getLogger("scalarizr.scripts.update")
logger.info("Starting update script...")
if disttool.is_debian_based():
logger.info("Updating scalarizr with Apt")
system2("apt-get -y install scalarizr", shell=True)
elif disttool.is_redhat_based():
logger.info("Updating scalarizr with Yum")
system2("yum -y update scalarizr", shell=True)
else:
logger.error("Don't know how to update scalarizr on %s", " ".join(disttool.linux_dist()))
def __init__(self):
pid_file = None
if disttool.is_redhat_based():
pid_file = "/var/run/memcached/memcached.pid"
elif disttool.is_debian_based():
pid_file = "/var/run/memcached.pid"
initd_script = '/etc/init.d/memcached'
if not os.path.exists(initd_script):
raise HandlerError("Cannot find Memcached init script at %s. Make sure that memcached is installed" % initd_script)
initdv2.ParametrizedInitScript.__init__(self, 'memcached', initd_script, pid_file, socks=[initdv2.SockParam(11211)])
def main():
init_script()
logger = logging.getLogger("scalarizr.scripts.update")
logger.info("Starting update script...")
if disttool.is_debian_based():
logger.info("Updating scalarizr with Apt")
system2("apt-get -y install scalarizr", shell=True)
elif disttool.is_redhat_based():
logger.info("Updating scalarizr with Yum")
system2("yum -y update scalarizr", shell=True)
else:
logger.error("Don't know how to update scalarizr on %s",
" ".join(disttool.linux_dist()))
def update(self, workdir):
if not os.access(self.executable, os.X_OK):
self._logger.info('Installing Subversion SCM...')
if disttool.is_debian_based():
system2(('apt-get', '-y', '--force-yes', 'install', 'subversion'))
elif disttool.is_redhat_based():
system2(('yum', '-y', 'install', 'subversion'))
else:
raise SourceError('Cannot install Subversion. Unknown distribution %s' %
str(disttool.linux_dist()))
do_update = False
if os.path.exists(os.path.join(workdir, '.svn')):
out = system2(('svn', 'info', workdir))[0]
try:
svn_url = filter(lambda line: line.startswith('URL:'), out.split('\n'))[0].split(':', 1)[1].strip()
except IndexError:
raise SourceError('Cannot extract Subversion URL. Text:\n %s', out)
if svn_url != self.url:
#raise SourceError('Working copy %s is checkouted from different repository %s' % (workdir, svn_url))
self._logger.info('%s is not origin of %s (%s is)', self.url, workdir, svn_url)
self._logger.info('Remove all files in %s and checkout from %s', workdir, self.url)
shutil.rmtree(workdir)
os.mkdir(workdir)
else:
do_update = True
args = [
'svn' ,
'update' if do_update else 'co'
]
if self.login and self.password:
args += [
'--username', self.login,
'--password', self.password,
'--non-interactive'
]
if self.client_version >= (1, 5, 0):
args += ['--trust-server-cert']
if args[1] == 'co':
args += [self.url]
args += [workdir]
self._logger.info('Updating source from %s into working dir %s', self.url, workdir)
out = system2(args)[0]
self._logger.info(out)
self._logger.info('Deploying %s to %s has been completed successfully.' % (self.url,workdir))
def apache_software_info():
binary_name = "httpd" if disttool.is_redhat_based() else "apache2"
binaries = whereis(binary_name)
if not binaries:
raise SoftwareError("Can't find executable for apache http server")
out = system2((binaries[0], '-V'))[0]
if not out:
raise SoftwareError
version_string = out.splitlines()[0]
res = re.search('[\d\.]+', version_string)
if res:
version = res.group(0)
return SoftwareInfo('apache', version, out)
raise SoftwareError
def apache_software_info():
binary_name = "httpd" if disttool.is_redhat_based() else "apache2"
binaries = whereis(binary_name)
if not binaries:
raise SoftwareError("Can't find executable for apache http server")
out = system2((binaries[0], '-V'))[0]
if not out:
raise SoftwareError
version_string = out.splitlines()[0]
res = re.search('[\d\.]+', version_string)
if res:
version = res.group(0)
return SoftwareInfo('apache', version, out)
raise SoftwareError
def _init_service(self, mpoint, password):
self.service.stop()
self.root_user = self.create_linux_user(ROOT_USER, password)
move_files = not self.cluster_dir.is_initialized(mpoint)
self.postgresql_conf.data_directory = self.cluster_dir.move_to(mpoint, move_files)
self.postgresql_conf.listen_addresses = '*'
self.postgresql_conf.wal_level = 'hot_standby'
self.postgresql_conf.max_wal_senders = 5
self.postgresql_conf.wal_keep_segments = 32
self.cluster_dir.clean()
if disttool.is_redhat_based():
self.config_dir.move_to(self.unified_etc_path)
make_symlinks(os.path.join(mpoint, STORAGE_DATA_DIR), self.unified_etc_path)
self.postgresql_conf = PostgresqlConf.find(self.config_dir)
self.pg_hba_conf = PgHbaConf.find(self.config_dir)
self.pg_hba_conf.allow_local_connections()
def on_init(self):
#temporary fix for starting-after-rebundle issue
if not os.path.exists(PG_SOCKET_DIR):
os.makedirs(PG_SOCKET_DIR)
chown_r(PG_SOCKET_DIR, 'postgres')
bus.on("host_init_response", self.on_host_init_response)
bus.on("before_host_up", self.on_before_host_up)
bus.on("before_reboot_start", self.on_before_reboot_start)
self._insert_iptables_rules()
if __node__['state'] == ScalarizrState.BOOTSTRAPPING:
if disttool.is_redhat_based():
checkmodule_path = software.which('checkmodule')
semodule_package_path = software.which('semodule_package')
semodule_path = software.which('semodule')
if all((checkmodule_path, semodule_package_path, semodule_path)):
with open('/tmp/sshkeygen.te', 'w') as fp:
fp.write(SSH_KEYGEN_SELINUX_MODULE)
self._logger.debug('Compiling SELinux policy for ssh-keygen')
system2((checkmodule_path, '-M', '-m', '-o',
'/tmp/sshkeygen.mod', '/tmp/sshkeygen.te'), logger=self._logger)
self._logger.debug('Building SELinux package for ssh-keygen')
system2((semodule_package_path, '-o', '/tmp/sshkeygen.pp',
'-m', '/tmp/sshkeygen.mod'), logger=self._logger)
self._logger.debug('Loading ssh-keygen SELinux package')
system2((semodule_path, '-i', '/tmp/sshkeygen.pp'), logger=self._logger)
if __node__['state'] == 'running':
vol = storage2.volume(__postgresql__['volume'])
vol.ensure(mount=True)
self.postgresql.service.start()
self.accept_all_clients()
self._logger.debug("Checking presence of Scalr's PostgreSQL root user.")
root_password = self.root_password
if not self.postgresql.root_user.exists():
self._logger.debug("Scalr's PostgreSQL root user does not exist. Recreating")
self.postgresql.root_user = self.postgresql.create_linux_user(ROOT_USER, root_password)
else:
try:
self.postgresql.root_user.check_system_password(root_password)
self._logger.debug("Scalr's root PgSQL user is present. Password is correct.")
except ValueError:
self._logger.warning("Scalr's root PgSQL user was changed. Recreating.")
self.postgresql.root_user.change_system_password(root_password)
if self.is_replication_master:
#ALTER ROLE cannot be executed in a read-only transaction
self._logger.debug("Checking password for pg_role scalr.")
if not self.postgresql.root_user.check_role_password(root_password):
LOG.warning("Scalr's root PgSQL role was changed. Recreating.")
self.postgresql.root_user.change_role_password(root_password)
except (ValueError, IndexError):
self._logger.debug('no http/server section')
else:
self._logger.debug('Do not removing http/server section')
if not config.get_list('http/server'):
config.read(os.path.join(bus.share_path, "nginx/server.tpl"))
if disttool.is_debian_based():
# Comment /etc/nginx/sites-enabled/*
try:
i = config.get_list('http/include').index('/etc/nginx/sites-enabled/*')
config.comment('http/include[%d]' % (i+1))
self._logger.debug('comment site-enabled include')
except (ValueError, IndexError):
self._logger.debug('site-enabled include already commented')
elif disttool.is_redhat_based():
def_host_path = '/etc/nginx/conf.d/default.conf'
if os.path.exists(def_host_path):
default_host = Configuration('nginx')
default_host.read(def_host_path)
default_host.comment('server')
default_host.write(def_host_path)
if dump == self._dump_config(config):
self._logger.debug("Main nginx config wasn`t changed")
else:
# Write new nginx.conf
shutil.copy(nginx_conf_path, nginx_conf_path + '.bak')
config.write(nginx_conf_path)
if reload_service:
self.api._reload_service()
def enabled(self):
if disttool.is_redhat_based():
return self._chkconfig()
else:
return self.usable()
return f(*args)
return d
def devname_not_empty(f):
def d(*args, **kwargs):
if not args[1].devname:
raise StorageError('Device name is empty.')
return f(*args, **kwargs)
return d
RHEL_DEVICE_ORDERING_BUG = False
if disttool.is_redhat_based():
# Check that system is affected by devices ordering bug
# https://bugzilla.redhat.com/show_bug.cgi?id=729340
rootfs = [
entry for entry in mount.mounts()
if entry.mpoint == '/' and entry.device.startswith('/dev')
][0]
RHEL_DEVICE_ORDERING_BUG = rootfs.device.startswith('/dev/xvde')
def get_system_devname(devname):
if '/xvd' in devname:
return devname
ret = devname.replace('/sd', '/xvd') if os.path.exists(
'/dev/xvda1') or RHEL_DEVICE_ORDERING_BUG else devname
if RHEL_DEVICE_ORDERING_BUG:
def on_init(self):
#temporary fix for starting-after-rebundle issue
if not os.path.exists(PG_SOCKET_DIR):
os.makedirs(PG_SOCKET_DIR)
rchown(user='******', path=PG_SOCKET_DIR)
bus.on("host_init_response", self.on_host_init_response)
bus.on("before_host_up", self.on_before_host_up)
bus.on("before_reboot_start", self.on_before_reboot_start)
bus.on("before_reboot_finish", self.on_before_reboot_finish)
if self._cnf.state == ScalarizrState.BOOTSTRAPPING:
self._insert_iptables_rules()
if disttool.is_redhat_based():
checkmodule_paths = software.whereis('checkmodule')
semodule_package_paths = software.whereis('semodule_package')
semodule_paths = software.whereis('semodule')
if all((checkmodule_paths, semodule_package_paths, semodule_paths)):
filetool.write_file('/tmp/sshkeygen.te',
SSH_KEYGEN_SELINUX_MODULE, logger=self._logger)
self._logger.debug('Compiling SELinux policy for ssh-keygen')
system2((checkmodule_paths[0], '-M', '-m', '-o',
'/tmp/sshkeygen.mod', '/tmp/sshkeygen.te'), logger=self._logger)
self._logger.debug('Building SELinux package for ssh-keygen')
system2((semodule_package_paths[0], '-o', '/tmp/sshkeygen.pp',
'-m', '/tmp/sshkeygen.mod'), logger=self._logger)
self._logger.debug('Loading ssh-keygen SELinux package')
system2((semodule_paths[0], '-i', '/tmp/sshkeygen.pp'), logger=self._logger)
if self._cnf.state == ScalarizrState.RUNNING:
storage_conf = Storage.restore_config(self._volume_config_path)
storage_conf['tags'] = self.postgres_tags
self.storage_vol = Storage.create(storage_conf)
if not self.storage_vol.mounted():
self.storage_vol.mount()
self.postgresql.service.start()
self.accept_all_clients()
self._logger.debug("Checking presence of Scalr's PostgreSQL root user.")
root_password = self.root_password
if not self.postgresql.root_user.exists():
self._logger.debug("Scalr's PostgreSQL root user does not exist. Recreating")
self.postgresql.root_user = self.postgresql.create_user(ROOT_USER, root_password)
else:
try:
self.postgresql.root_user.check_system_password(root_password)
self._logger.debug("Scalr's root PgSQL user is present. Password is correct.")
except ValueError:
self._logger.warning("Scalr's root PgSQL user was changed. Recreating.")
self.postgresql.root_user.change_system_password(root_password)
if self.is_replication_master:
#ALTER ROLE cannot be executed in a read-only transaction
self._logger.debug("Checking password for pg_role scalr.")
if not self.postgresql.root_user.check_role_password(root_password):
self._logger.warning("Scalr's root PgSQL role was changed. Recreating.")
self.postgresql.root_user.change_role_password(root_password)
def on_init(self):
#temporary fix for starting-after-rebundle issue
if not os.path.exists(PG_SOCKET_DIR):
os.makedirs(PG_SOCKET_DIR)
chown_r(PG_SOCKET_DIR, 'postgres')
bus.on("host_init_response", self.on_host_init_response)
bus.on("before_host_up", self.on_before_host_up)
bus.on("before_reboot_start", self.on_before_reboot_start)
self._insert_iptables_rules()
if __node__['state'] == ScalarizrState.BOOTSTRAPPING:
if disttool.is_redhat_based():
checkmodule_paths = software.whereis('checkmodule')
semodule_package_paths = software.whereis('semodule_package')
semodule_paths = software.whereis('semodule')
if all((checkmodule_paths, semodule_package_paths,
semodule_paths)):
with open('/tmp/sshkeygen.te', 'w') as fp:
fp.write(SSH_KEYGEN_SELINUX_MODULE)
self._logger.debug(
'Compiling SELinux policy for ssh-keygen')
system2((checkmodule_paths[0], '-M', '-m', '-o',
'/tmp/sshkeygen.mod', '/tmp/sshkeygen.te'),
logger=self._logger)
self._logger.debug(
'Building SELinux package for ssh-keygen')
system2((semodule_package_paths[0], '-o',
'/tmp/sshkeygen.pp', '-m', '/tmp/sshkeygen.mod'),
logger=self._logger)
self._logger.debug('Loading ssh-keygen SELinux package')
system2((semodule_paths[0], '-i', '/tmp/sshkeygen.pp'),
logger=self._logger)
if __node__['state'] == 'running':
vol = storage2.volume(__postgresql__['volume'])
if not vol.tags:
vol.tags = self.resource_tags()
vol.ensure(mount=True)
self.postgresql.service.start()
self.accept_all_clients()
self._logger.debug(
"Checking presence of Scalr's PostgreSQL root user.")
root_password = self.root_password
if not self.postgresql.root_user.exists():
self._logger.debug(
"Scalr's PostgreSQL root user does not exist. Recreating")
self.postgresql.root_user = self.postgresql.create_linux_user(
ROOT_USER, root_password)
else:
try:
self.postgresql.root_user.check_system_password(
root_password)
self._logger.debug(
"Scalr's root PgSQL user is present. Password is correct."
)
except ValueError:
self._logger.warning(
"Scalr's root PgSQL user was changed. Recreating.")
self.postgresql.root_user.change_system_password(
root_password)
if self.is_replication_master:
#ALTER ROLE cannot be executed in a read-only transaction
self._logger.debug("Checking password for pg_role scalr.")
if not self.postgresql.root_user.check_role_password(
root_password):
LOG.warning(
"Scalr's root PgSQL role was changed. Recreating.")
self.postgresql.root_user.change_role_password(
root_password)
def enabled(self):
if disttool.is_redhat_based():
return self._chkconfig()
else:
return self.usable()
