def user_to_group(username, groupname):
cmd_list = [
'usermod -G %s -a %s' % (groupname, username)
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
raise Exception(t("Error adding user to group!"))
def enable(vhost):
cmd_list = [
"a2ensite %s" % vhost,
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
raise Exception(t("Error in vhost activation!"), vhost)
def create_group(groupname):
cmd_list = [
'groupadd %s' % groupname
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
raise Exception(t("Error in group creation!"))
def run(self):
print "pre install"
_install.run(self)
#script link
source = "%s/uwsas/uwsa.py" % self.install_lib
link = "/usr/local/bin/uwsa"
if not files.exists(link):
files.symlink(source,link)
files.chmod(link, u="rx",g="rx",o="rx")
#validate v0.3.1 old path
if files.exists("/usr/local/lib/uwsa") and \
inputs.get_input_yesno(t("The old uwsa path exists. Do you want to move its content to new destination?")):
cmd_list = [
"bash -c 'mkdir -p /var/lib/uwsa'",
"bash -c 'cp -fr /usr/local/lib/uwsa/* /var/lib/uwsa/'",
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if completed:
cmd_list = [
"bash -c 'mv /usr/local/lib/uwsa /usr/local/lib/uwsa_to_delete'",
]
completed, pinfo = core.exec_cmd_list(cmd_list)
files.replace_in('/etc/uwsa/uwsa.conf','/usr/local/lib/uwsa','/var/lib/uwsa')
#validate v0.4 remove mysql_xxx in conf
all_conf = files.ls("/var/lib/uwsa/site/*")
for f in all_conf:
if files.is_file(f):
files.replace_in(f,'mysql_schema','schema')
files.replace_in(f,'mysql_user','user')
files.replace_in(f,'mysql_pass','pass')
#install prereque
dependencies = "python-ldap python-iniparse python-mysqldb"
print t("Will install"), dependencies
cmd_list = [
'apt-get update',
"bash -c 'DEBIAN_FRONTEND=noninteractive apt-get install -y %s'" % dependencies,
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
raise Exception(t("Cannot install uwsa dependencies! %s" % dependencies))
print t("post install DONE!")
def graceful(self, name):
cmd_list = [
"a2enmod rewrite",
"apache2ctl graceful",
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
raise Exception(t("Error in installation!"), name)
def fix_package(self, element):
if element["fix_func"]:
element["fix_func"](element)
else:
cmd = "bash -c 'DEBIAN_FRONTEND=noninteractive apt-get install -y %s'" % element["name"]
completed, pinfo = core.exec_cmd_list([cmd])
if not completed:
raise Exception(t("Error in installation!"), element["name"])
def graceful():
cmd_list = [
"apache2ctl graceful",
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
L.error(pinfo['stdout'] + '\n' + pinfo['stderr'])
raise Exception(t("Error in site.graceful!"))
def fix_grub(self, element):
files.replace_in(element['name'],
'#GRUB_GFXMODE=640x480\n',
'GRUB_GFXMODE=1024x768\nGRUB_GFXPAYLOAD_LINUX=1024x768\n')
cmd_list = [
"update-grub",
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
raise Exception(t("Error in installation!"), element['name'])
def fix_ssh(self, element):
if not files.contains(element['name'], self.CHROOT_RULE):
files.append(element['name'], "\n%s\n" % self.CHROOT_RULE)
cmd_list = [
"service ssh restart",
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
raise Exception(t("Error in installation!"), element['name'])
def ldap_centrify_refresh(self, ldap_group=None, ldap_user=None):
cmd_list = ['adflush','adreload','sleep 15','adinfo']
if ldap_user:
cmd_list.append('adquery user -A %s' % ldap_user)
if ldap_group:
cmd_list.append('adquery group -A %s' % ldap_group)
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
L.error(t("Cannot reload AD after LDAP user/group creation!"))
def fix_centrifydc(self, element):
files.replace_in('/etc/apt/sources.list',
'# deb http://archive.canonical.com/ubuntu precise partner',
'deb http://archive.canonical.com/ubuntu precise partner')
cmd_list = [
'apt-get update',
"bash -c 'DEBIAN_FRONTEND=noninteractive apt-get install -y centrifydc'",
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
raise Exception(t("Error in installation!"), element['name'])
def fix_moved(self, element):
if not files.realpath('/var/www') == '/data/www':
cmd_list = [
"service apache2 stop",
"mkdir -p /data",
"mv /var/www/ /data/",
"ln -s /data/www /var/www",
"chown -h www-data:www-data /var/www",
"service apache2 start",
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
raise Exception(t("Error in installation!"), element['name'])
def restore_bd(self, filename):
schema = self.conf.get("mysql", "schema")
user = self.conf.get("mysql", "user")
password = self.conf.get("mysql", "pass")
cmd_list = [
{
"command": "bash -c 'mysql -u %s -p%s %s < %s'" % (user, password, schema, filename),
"anonymous": "bash -c 'mysql -u %s -p%s %s < %s'" % (user, "XXXXX", schema, filename),
}
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
L.error(t("Failed to restore schema %s!") % schema)
return completed
def create_user(username, usermail, password=None):
if password is None:
password = inputs.gen_password(inputs.PASS_CHARS_UNIX)
cmd_list = [
{
'command': 'bash -c "useradd -s /bin/bash -U -p $(mkpasswd \"%s\") %s"' % (password, username),
'anonymous': 'bash -c "useradd -s /bin/bash -U -p $(mkpasswd XXXXXX) %s"' % username,
}
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
L.error(pinfo['stdout'] + '\n' + pinfo['stderr'])
raise Exception(t("Error in user creation!"))
return password
def move_mysql(self, element):
if not files.contains('/etc/apparmor.d/usr.sbin.mysqld', '/data/mysql/'):
files.replace_in('/etc/apparmor.d/usr.sbin.mysqld',
'/var/lib/mysql/',
'/data/mysql/')
if not files.realpath('/var/lib/mysql/') == '/data/mysql':
cmd_list = [
"/etc/init.d/mysql stop",
"mv /var/lib/mysql/ /data/",
"ln -s /data/mysql /var/lib/mysql",
"chown -h mysql:mysql /var/lib/mysql",
"service apparmor reload",
"/etc/init.d/mysql start",
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
raise Exception(t("Error in installation!"), element['name'])
def dump_bd(self, filename):
schema = self.conf.get("mysql", "schema")
user = self.conf.get("mysql", "user")
password = self.conf.get("mysql", "pass")
cmd_list = [
{
"command": "bash -c 'mysqldump -u%s -p%s --single-transaction --routines --triggers %s > %s'"
% (user, password, schema, filename),
"anonymous": "bash -c 'mysqldump -u%s -p%s --single-transaction --routines --triggers %s > %s'"
% (user, "XXXXX", schema, filename),
}
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
L.error(t("Failed to dump schema %s!") % schema)
return completed
def try_acl_activation(self):
unix_group = self.conf.get('access','unix_group')
ldap_group = self.conf.get('access','ldap_group')
cmd_list = []
if unix_group:
#unix_acl = self.generate_acl(unix_group)
cron_fullpath = "/etc/cron.acl/%s" % self.get_safe_name(unix_group)
cmd_list.append(cron_fullpath)
if ldap_group:
#ldap_acl = self.generate_acl(ldap_group)
cron_fullpath = "/etc/cron.acl/%s" % self.get_safe_name(ldap_group)
cmd_list.append(cron_fullpath)
if len(cmd_list) > 0:
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
L.error(t("ACL not applied properly, probably because centrify is not updated. "
"You will need to apply them manually or wait the auto apply..."))
def reset_root_password(password):
cmd_list = [
"/etc/init.d/mysql stop",
{
"command":"bash -c 'mysqld_safe --user=mysql --skip-grant-tables &'","wait":False
},
"sleep 5",
{
'command': "mysql -u root mysql -e \"update user set password=PASSWORD('%s') where User='******';\"" % password,
'anonymous': "mysql -u root mysql -e \"update user set password=PASSWORD('%s') where User='******';\"" % 'XXXXXXXXX',
},
"pkill mysqld_safe",
"/etc/init.d/mysql start",
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
L.error(t("Failed to change root password! The database is down!"))
return completed
def do(self, args=[]):
completed = InstallCommand.do(self,args)
if inputs.get_input_yesno(t("Do you want to configure centrify/ldap now?")):
if inputs.get_input_yesno(t("Will this machine use Active Directory?")):
domain_name = inputs.get_input_string(t("What is the domain name?"), CONF_MAP('ldap','domain'))
domain_controller = inputs.get_input_string(t("What is the address of the domain controller?"), CONF_MAP('ldap','dc'))
domain_read_user = inputs.get_input_string(t("What is the ldap reader username?"), CONF_MAP('ldap','ldap_reader'))
domain_read_pass = inputs.get_password(t("What is the ldap reader password?"),validate=False)
domain_default_ou = inputs.get_input_string(t("What is the ldap default OU for uwsa?"), CONF_MAP('ldap','uwsa_ou'))
CONFIG.mod('ldap','enabled', True)
CONFIG.mod('ldap','domain', domain_name)
CONFIG.mod('ldap','dc', domain_controller)
CONFIG.mod('ldap','ldap_reader', domain_read_user)
CONFIG.mod('ldap','ldap_reader_pass', domain_read_pass)
CONFIG.mod('ldap','uwsa_ou', domain_default_ou)
if not CONF_MAP('centrify', 'joined') and inputs.get_input_yesno(t("Do you want to join the Active Directory now?")):
domain_admin_user = inputs.get_input_string(t("What is the domain admin username?"))
domain_admin_pass = inputs.get_password(t("What is the domain admin password?"),confirm=False, validate=False)
cmd_list = [
{'command' : 'adjoin -w --force --user %s --password %s %s' % (domain_admin_user, domain_admin_pass, domain_name),
'anonymous' : 'adjoin -w --force --user %s --password XXXXXXXXXXXXX %s' % (domain_admin_user, domain_name),
'success_code' : [0,8],
},
'service centrifydc start',
]
completed, pinfo = core.exec_cmd_list(cmd_list)
L.info(pinfo['stdout'])
if not completed:
raise Exception(t("Error in installation!"), self.NAME)
CONFIG.mod('centrify','joined', "True" )
CONFIG.save()
return completed
def install_mysql(self, element):
cmd = "bash -c 'DEBIAN_FRONTEND=noninteractive apt-get install -y %s'" % self.packages
completed = core.exec_cmd_list([cmd])
if not completed:
raise Exception(t("Error in installation!"), element['name'])
if __name__ == '__main__':
site_name = "${site_name}"
site_path = "${site_path}"
ldap_group = "${ldap_group}"
ldap_dev_team = CONF_MAP('site','ldap_dev_team')
unix_group = "${unix_group}"
pam_user = os.getenv('PAM_USER')
site_home_path = "/home/%s/%s" % (pam_user, site_name)
is_member = False
if ldap_group:
is_member |= ldap.is_member_of(pam_user,ldap_group)
if ldap_dev_team:
is_member |= ldap.is_member_of(pam_user,ldap_dev_team,'')
#L.info("%s, is_member:%s of %s" % (pam_user,is_member,ldap_dev_team))
if unix_group:
is_member |= unix.is_member_of(pam_user,unix_group)
if is_member:
files.mkdir(site_home_path)
files.chown(site_home_path)
cmd_list = [
'mount --bind %s %s' % (site_path, site_home_path),
]
if not files.contains("/proc/mounts", site_home_path):
core.exec_cmd_list(cmd_list)
and unix.is_notunix_user(pam_user)
and CONF_MAP("ldap", "enabled")
and CONF_MAP("centrify", "pam_allow_workaround")
):
is_allowed_to_login = False
with open("/etc/centrifydc/groups.allow", "r") as f:
for group in f:
group = group.strip()
if group:
print pam_user, group, ldap.is_member_of(pam_user, group, "")
is_allowed_to_login |= ldap.is_member_of(pam_user, group, "")
if not is_allowed_to_login:
L.error(t("%s is not allowed here! Bye!") % pam_user)
exit(1)
if not is_admin:
cmd_list = [
"mkdir -p /home/%(user)s" % {"user": pam_user},
"chown root:%(user)s /home/%(user)s" % {"user": pam_user},
"chmod g+rx /home/%(user)s" % {"user": pam_user},
"run-parts --report %s" % CONF_MAP("libpam_script", "auto_mount_dir"),
]
completed, pinfo = core.exec_cmd_list(cmd_list)
# if not completed:
# L.error(t("Chrooting is NOT working! %s") % pinfo)
else:
print t("Hi!")
except Exception as e:
L.exception(t("Critical problem in %s") % __file__)
def create_wordpress(self):
if self.conf.get('wordpress','enabled'):
site_path, root_path, log_path, upload_tmp_path = self.generate_dir()
wp_tpl_webroot = CONF_MAP('site','wordpress_template_path') + "/webroot"
wp_tpl_schema = CONF_MAP('site','wordpress_template_path') + "/schema/wordpress_tpl_schema.sql"
wp_webroot_conf = root_path + "/wp-config.php"
mysql_user = self.conf.get('mysql','user')
mysql_pass = self.conf.get('mysql','pass')
mysql_schema = self.conf.get('mysql','schema')
site_name = self.conf.get('main','site_name')
if inputs.get_input_noyes(t("Do you want deploy the default wordpress template under %s?") % root_path):
if files.exists(wp_tpl_webroot):
cmd_list = [
"bash -c 'cp -fr %s/* %s/'" % (wp_tpl_webroot, root_path),
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
L.error(t("Cannot deploy the template."))
else:
L.info(t("There is no template under %s") % wp_tpl_webroot)
elif inputs.get_input_yesno(t("Do you want to only deploy default plugins?")):
if files.exists(wp_tpl_webroot):
cmd_list = [
"bash -c 'mkdir -p %s/wp-content/plugins'" % root_path,
"bash -c 'cp -fr %s/wp-content/plugins/* %s/wp-content/plugins/'" % (wp_tpl_webroot, root_path),
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
L.error(t("Cannot deploy plugins."))
else:
L.info(t("There is no template under %s") % wp_tpl_webroot)
if files.exists(wp_webroot_conf):
params_dict = {
'DB_NAME': mysql_schema,
'DB_USER': mysql_user,
'DB_PASSWORD': mysql_pass,
'DB_HOST':'localhost',
}
for key in params_dict:
pattern = "define\(\s*?['\"]%s['\"].*;" % key
target = "define('%s', '%s');" % (key, params_dict[key])
files.re_replace_in(wp_webroot_conf, pattern, target)
else:
L.info(t("There is no wp-config.php under %s") % root_path)
if files.exists(wp_tpl_schema) and inputs.get_input_noyes(t("Do you want to restore default database?")):
L.info(t("Restoring default schema %s.") % mysql_schema)
tmp_file = "/tmp/uwsa_wp_schema_%s" % uuid.uuid4()
files.cp(wp_tpl_schema, tmp_file)
files.re_replace_in(tmp_file,'UWSA_SCHEMA_NAME', mysql_schema)
files.replace_in_php_database(tmp_file,'UWSA_SITE_NAME', site_name)
cmd_list = [
{
'command': "bash -c 'mysql -u %s -p%s %s < %s'" % (mysql_user, mysql_pass, mysql_schema, tmp_file),
'anonymous': "bash -c 'mysql -u %s -p%s %s < %s'" % (mysql_user, "XXXXX", mysql_schema, tmp_file),
},
]
completed, pinfo = core.exec_cmd_list(cmd_list)
if not completed:
L.error(t("Failed to restore schema %s!") % mysql_schema)
os.remove(tmp_file)
