def install_ossec_client(args):
'''
Install OSSEC Client on the server
'''
if os.path.exists('/var/ossec/bin/manage_agents'):
app.print_error("Not insalling OSSEC client since OSSEC server detected")
return
app.print_verbose("Install ossec client.")
version_obj = version.Version("InstallOssec", SCRIPT_VERSION)
version_obj.check_executed()
# Initialize all passwords used by the script
app.init_mysql_passwords()
build_ossec('preloaded-vars-client.conf')
_setup_conf()
_setup_keys()
# Enabling syslog logging
x('/var/ossec/bin/ossec-control enable client-syslog')
# Adding iptables rules
iptables.add_ossec_chain()
iptables.save()
# Restaring OSSEC server
x("service ossec restart")
x('yum remove gcc perl-Time-HiRes -y')
version_obj.mark_executed()
def _install_icinga(args):
'''
The icinga-installation is divided into three parts - icinga core, icinga web and PNP4Nagios. Icinga core insatlls the icinga-poller (baically
an exakt for of the Nagios poller except with SQL integration). Icinga-core also includes a very simple GUI that is kept as a backup
in case the fancier GUI goes down for any reason. Icinga-web is the "bells and whistles" GUI which is heavier, with "improved" looks
and more functionality.
'''
# Initialize all used passwords.
app.init_mysql_passwords()
app.get_ldap_sssd_password()
# Install icinga poller, web-interface and graping.
icinga_db_password = _install_icinga_core(args)
_install_icinga_web(icinga_db_password)
_install_pnp4nagios()
# Install a http index
_install_http_index()
# Enable SELinux
_install_SELinux()
# Restart all services
x("service ido2db restart")
x("service nrpe restart")
x("service icinga restart")
x("service httpd restart")
def install_ossec_client(args):
'''
Install OSSEC Client on the server
'''
if os.path.exists('/var/ossec/bin/manage_agents'):
app.print_error(
"Not insalling OSSEC client since OSSEC server detected")
return
app.print_verbose("Install ossec client.")
version_obj = version.Version("InstallOssec", SCRIPT_VERSION)
version_obj.check_executed()
# Initialize all passwords used by the script
app.init_mysql_passwords()
build_ossec('preloaded-vars-client.conf')
_setup_conf()
_setup_keys()
# Enabling syslog logging
x('/var/ossec/bin/ossec-control enable client-syslog')
# Adding iptables rules
iptables.add_ossec_chain()
iptables.save()
# Restaring OSSEC server
x("service ossec restart")
x('yum remove gcc perl-Time-HiRes -y')
version_obj.mark_executed()
def _install_icinga(args):
'''
The icinga-installation is divided into three parts - icinga core, icinga web and PNP4Nagios. Icinga core insatlls the icinga-poller (baically
an exakt for of the Nagios poller except with SQL integration). Icinga-core also includes a very simple GUI that is kept as a backup
in case the fancier GUI goes down for any reason. Icinga-web is the "bells and whistles" GUI which is heavier, with "improved" looks
and more functionality.
'''
# Initialize all used passwords.
app.init_mysql_passwords()
app.get_ldap_sssd_password()
# Install icinga poller, web-interface and graping.
icinga_db_password = _install_icinga_core(args)
_install_icinga_web(icinga_db_password)
_install_pnp4nagios()
# Install a http index
_install_http_index()
# Enable SELinux
_install_SELinux()
# Restart all services
x("service ido2db restart")
x("service nrpe restart")
x("service icinga restart")
x("service httpd restart")
def _reload_icinga(args, reload=True):
'''
Re-probes the network for running services and updates the icinga object structure.
'''
# Initialize all used passwords.
app.init_mysql_passwords()
app.get_ldap_sssd_password()
hostList = _get_host_list()
_append_services_to_hostlist(hostList)
_build_icinga_config(hostList)
_install_server_plugins()
if reload:
x("service icinga reload")
def _reload_icinga(args, reload=True):
'''
Re-probes the network for running services and updates the icinga object structure.
'''
# Initialize all used passwords.
app.init_mysql_passwords()
app.get_ldap_sssd_password()
hostList = _get_host_list()
_append_services_to_hostlist(hostList)
_build_icinga_config(hostList)
_install_server_plugins()
if reload:
x("service icinga reload")
def install_rsyslogd_client(args):
'''
Install rsyslog client the server
'''
app.print_verbose("Install rsyslog client.")
# If rsyslogd is installed, raise exception.
version_obj = version.Version("InstallRsyslogd",
installRsyslogd.SCRIPT_VERSION)
version_obj.check_executed()
#
version_obj = version.Version("InstallRsyslogdClient", SCRIPT_VERSION)
version_obj.check_executed()
# Initialize all passwords used by the script
app.init_mysql_passwords()
#Enabling iptables before server has start
iptables.add_rsyslog_chain("client")
iptables.save()
# Wating for rsyslog Server to start
general.wait_for_server_to_start(config.general.get_log_server_hostname1(),
"514")
app.print_verbose("CIS 5.2 Configure rsyslog")
app.print_verbose("CIS 5.2.1 Install the rsyslog package")
general.install_packages("rsyslog rsyslog-gnutls")
app.print_verbose("CIS 5.2.2 Activate the rsyslog Service")
if os.path.exists('/etc/xinetd.d/syslog'):
x("chkconfig syslog off")
x("chkconfig rsyslog on")
_configure_rsyslog_conf()
_gen_and_copy_cert(args)
# Restaring rsyslog
x("/etc/init.d/rsyslog restart")
# Configure logrotate
installLogrotate.install_logrotate(args)
version_obj.mark_executed()
def install_rsyslogd_client(args):
'''
Install rsyslog client the server
'''
app.print_verbose("Install rsyslog client.")
# If rsyslogd is installed, raise exception.
version_obj = version.Version("InstallRsyslogd", installRsyslogd.SCRIPT_VERSION)
version_obj.check_executed()
#
version_obj = version.Version("InstallRsyslogdClient", SCRIPT_VERSION)
version_obj.check_executed()
# Initialize all passwords used by the script
app.init_mysql_passwords()
#Enabling iptables before server has start
iptables.add_rsyslog_chain("client")
iptables.save()
# Wating for rsyslog Server to start
general.wait_for_server_to_start(config.general.get_log_server_hostname1(), "514")
app.print_verbose("CIS 5.2 Configure rsyslog")
app.print_verbose("CIS 5.2.1 Install the rsyslog package")
general.install_packages("rsyslog rsyslog-gnutls")
app.print_verbose("CIS 5.2.2 Activate the rsyslog Service")
if os.path.exists('/etc/xinetd.d/syslog'):
x("chkconfig syslog off")
x("chkconfig rsyslog on")
_configure_rsyslog_conf()
_gen_and_copy_cert(args)
# Restaring rsyslog
x("/etc/init.d/rsyslog restart")
# Configure logrotate
installLogrotate.install_logrotate(args)
version_obj.mark_executed()
def install_rsyslogd(args):
'''
Install rsyslogd on the server.
'''
app.print_verbose("Install rsyslogd.")
version_obj = version.Version("InstallRsyslogd", SCRIPT_VERSION)
version_obj.check_executed()
# Initialize all passwords used by the script
app.init_mysql_passwords()
# Setup syco dependencies.
if not os.path.exists('/etc/init.d/mysqld'):
install_mysql(["", "1", "1G"])
# Installing packages
x("yum install rsyslog rsyslog-gnutls rsyslog-mysql gnutls-utils -y")
# Autostart rsyslog at boot
x("chkconfig rsyslog on")
# Generation new certs if no certs exsists
if not os.path.exists('/etc/pki/rsyslog/ca.crt'):
rsyslog_newcerts(args)
sql_password = generate_password(20, string.letters + string.digits)
_setup_database(sql_password)
_setup_rsyslogd(sql_password)
# Add iptables chains
iptables.add_rsyslog_chain("server")
iptables.save()
# Restarting service
x("/etc/init.d/rsyslog restart")
install_purge_db()
install_compress_logs()
# Configure logrotate
installLogrotate.install_logrotate(args)
version_obj.mark_executed()
def install_rsyslogd(args):
'''
Install rsyslogd on the server.
'''
app.print_verbose("Install rsyslogd.")
version_obj = version.Version("InstallRsyslogd", SCRIPT_VERSION)
version_obj.check_executed()
# Initialize all passwords used by the script
app.init_mysql_passwords()
# Setup syco dependencies.
if not os.path.exists('/etc/init.d/mysqld'):
install_mysql(["","1","1G"])
# Installing packages
x("yum install rsyslog rsyslog-gnutls rsyslog-mysql gnutls-utils -y")
# Autostart rsyslog at boot
x("chkconfig rsyslog on")
# Generation new certs if no certs exsists
if not os.path.exists('/etc/pki/rsyslog/ca.crt'):
rsyslog_newcerts(args)
sql_password = generate_password(20, string.letters + string.digits)
_setup_database(sql_password)
_setup_rsyslogd(sql_password)
# Add iptables chains
iptables.add_rsyslog_chain("server")
iptables.save()
# Restarting service
x("/etc/init.d/rsyslog restart")
install_purge_db()
install_compress_logs()
# Configure logrotate
installLogrotate.install_logrotate(args)
version_obj.mark_executed()
def install_loganalyzer(args):
'''
Install and configure adiscon.com loganalyzer.
'''
app.print_verbose("Install loganalyzer version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallLoganalyzer", SCRIPT_VERSION)
version_obj.check_executed()
# Initialize all passwords used by the script
app.init_mysql_passwords()
_install_packages(args)
_download_loganalyzer()
sql_password = general.generate_password(20, string.letters + string.digits)
_create_db_user(sql_password)
_configure_loganalyzer(sql_password)
_configure_apache()
_set_permissions()
version_obj.mark_executed()
def install_loganalyzer(args):
'''
Install and configure adiscon.com loganalyzer.
'''
app.print_verbose("Install loganalyzer version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallLoganalyzer", SCRIPT_VERSION)
version_obj.check_executed()
# Initialize all passwords used by the script
app.init_mysql_passwords()
_install_packages(args)
_download_loganalyzer()
sql_password = general.generate_password(20,
string.letters + string.digits)
_create_db_user(sql_password)
_configure_loganalyzer(sql_password)
_configure_apache()
_set_permissions()
version_obj.mark_executed()
def install_mysql(args):
'''
Install and configure the mysql-server on the local host.
'''
app.print_verbose("Install mysql version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallMysql", SCRIPT_VERSION)
version_obj.check_executed()
if (len(args) != 3):
raise Exception("syco install-mysql [server-id] [innodb-buffer-pool-size]")
server_id=args[1]
innodb_buffer_pool_size=args[2]
# Initialize all passwords used by the script
app.init_mysql_passwords()
# Install the mysql-server packages.
if (not os.access("/usr/bin/mysqld_safe", os.W_OK|os.X_OK)):
x("yum -y install mysql-server hdparm")
x("/sbin/chkconfig mysqld on ")
if (not os.access("/usr/bin/mysqld_safe", os.F_OK)):
raise Exception("Couldn't install mysql-server")
# Configure iptables
iptables.add_mysql_chain()
iptables.save()
# Disable mysql history logging
if (os.access("/root/.mysql_history", os.F_OK)):
x("rm /root/.mysql_history")
x("ln -s /dev/null /root/.mysql_history")
# Used to log slow queries, configed in my.cnf with log-slow-queries=
x("touch /var/log/mysqld-slow.log")
x("chown mysql:mysql /var/log/mysqld-slow.log")
x("chmod 0640 /var/log/mysqld-slow.log")
x("chcon system_u:object_r:mysqld_log_t:s0 /var/log/mysqld-slow.log")
# Not used at the moment, just preventing mysql to load any modules.
if (not os.access("/usr/share/mysql/plugins", os.W_OK|os.X_OK)):
os.mkdir("/usr/share/mysql/plugins")
os.chmod("/usr/share/mysql/plugins", 0)
os.chown("/usr/share/mysql/plugins", 0, 0)
# Under Linux, it is advisable to disable the write-back cache. Otherwise data
# can get lost when computer get power-failures. Beware that some drives or
# disk controllers may be unable to disable the write-back cache.
#
# TODO: Might need to be done from bios?
x("hdparm -W0 /dev/mapper/VolGroup00-var")
app.print_verbose("Install /etc/my.cnf")
shutil.copy(app.SYCO_PATH + "var/mysql/my.cnf", "/etc/my.cnf")
for line in fileinput.FileInput("/etc/my.cnf", inplace=1):
line=line.replace("${server-id}", server_id)
line=line.replace("${innodb_buffer_pool_size}", innodb_buffer_pool_size)
print line,
# When the innodb files are configured to be large, it takes some time to
# generate the files.
app.print_verbose("Increaste timeout for /etc/init.d/mysqld to 120 seconds.")
for line in fileinput.FileInput("/etc/init.d/mysqld", inplace=1):
line=line.replace("STARTTIMEOUT=30", "STARTTIMEOUT=120")
print line,
x("service mysqld start")
# Secure the mysql installation.
mysql_exec("truncate mysql.db")
mysql_exec("truncate mysql.user")
mysql_exec("GRANT ALL PRIVILEGES ON *.* " +
"TO 'root'@'127.0.0.1' " + "IDENTIFIED BY '" + app.get_mysql_root_password() + "', "
"'root'@'localhost' " + "IDENTIFIED BY '" + app.get_mysql_root_password() + "', "
"'root'@'" + config.general.get_mysql_primary_master_ip() + "' " + "IDENTIFIED BY '" + app.get_mysql_root_password() + "', "
"'root'@'" + config.general.get_mysql_secondary_master_ip() + "' " + "IDENTIFIED BY '" + app.get_mysql_root_password() + "' "
"WITH GRANT OPTION "
)
mysql_exec("DROP DATABASE test;")
mysql_exec("SELECT host,user FROM mysql.db;")
mysql_exec("SELECT host,user FROM mysql.user;")
mysql_exec("RESET MASTER;")
mysql_exec("FLUSH PRIVILEGES;")
version_obj.mark_executed()
def install_mysql(args):
"""
Install and configure the mysql-server on the local host.
"""
app.print_verbose("Install mysql version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallMysql", SCRIPT_VERSION)
version_obj.check_executed()
if len(args) != 3:
raise Exception(
"syco install-mysql [server-id] [innodb-buffer-pool-size]")
server_id = args[1]
innodb_buffer_pool_size = args[2]
# Initialize all passwords used by the script
app.init_mysql_passwords()
# Install the mysql-server packages.
if not os.access("/usr/bin/mysqld_safe", os.W_OK | os.X_OK):
x("yum -y install mysql-server hdparm")
x("/sbin/chkconfig mysqld on ")
if not os.access("/usr/bin/mysqld_safe", os.F_OK):
raise Exception("Couldn't install mysql-server")
# Configure iptables
iptables.add_mysql_chain()
iptables.save()
# Disable mysql history logging
if os.access("/root/.mysql_history", os.F_OK):
x("rm /root/.mysql_history")
x("ln -s /dev/null /root/.mysql_history")
# Used to log slow queries, configured in my.cnf with log-slow-queries=
x("touch /var/log/mysqld-slow.log")
x("chown mysql:mysql /var/log/mysqld-slow.log")
x("chmod 0640 /var/log/mysqld-slow.log")
x("chcon system_u:object_r:mysqld_log_t:s0 /var/log/mysqld-slow.log")
# Not used at the moment, just preventing mysql to load any modules.
if not os.access("/usr/share/mysql/plugins", os.W_OK | os.X_OK):
os.mkdir("/usr/share/mysql/plugins")
os.chmod("/usr/share/mysql/plugins", 0)
os.chown("/usr/share/mysql/plugins", 0, 0)
# Under Linux, it is advisable to disable the write-back cache. Otherwise data
# can get lost when computer get power-failures. Beware that some drives or
# disk controllers may be unable to disable the write-back cache.
#
app.print_verbose("TODO: Might need to be done from bios?")
x("hdparm -W0 /dev/mapper/VolGroup00-var")
app.print_verbose("Install /etc/my.cnf")
shutil.copy(app.SYCO_PATH + "var/mysql/my.cnf", "/etc/my.cnf")
x("chown mysql:mysql /etc/my.cnf")
x("chmod 600 /etc/my.cnf")
for line in fileinput.FileInput("/etc/my.cnf", inplace=1):
line = line.replace("${server-id}", server_id)
line = line.replace("${innodb_buffer_pool_size}",
innodb_buffer_pool_size)
print line,
# When the innodb files are configured to be large, it takes some time to
# generate the files.
app.print_verbose(
"Increaste timeout for /etc/init.d/mysqld to 120 seconds.")
for line in fileinput.FileInput("/etc/init.d/mysqld", inplace=1):
line = line.replace("STARTTIMEOUT=30", "STARTTIMEOUT=120")
print line,
x("service mysqld start")
# Secure the mysql installation.
mysql_exec("truncate mysql.db")
mysql_exec("truncate mysql.user")
current_host_config = config.host(net.get_hostname())
# Used by monitor services (icingas nrpe plugin etc.)
mysql_exec("GRANT REPLICATION CLIENT ON *.* " +
"TO 'monitor'@'127.0.0.1' IDENTIFIED BY '%s'" %
(app.get_mysql_monitor_password()))
# Required by nrpe plugins
mysql_exec("GRANT SHOW DATABASES ON *.* TO 'monitor'@'127.0.0.1' ")
# Used by backup scripts to flush master and check slave status etc. when
# doing an lvm backup.
mysql_exec("GRANT RELOAD,SUPER,REPLICATION CLIENT ON *.* " +
"TO 'backup'@'localhost' IDENTIFIED BY '%s'" %
(app.get_mysql_backup_password()))
mysql_exec("DROP DATABASE test;")
mysql_exec("SELECT host,user FROM mysql.db;")
mysql_exec("SELECT host,user FROM mysql.user;")
mysql_exec(
"GRANT ALL PRIVILEGES ON *.* TO "
"'root'@'127.0.0.1' IDENTIFIED BY '%s', "
"'root'@'localhost' IDENTIFIED BY '%s', "
"'root'@'%s' IDENTIFIED BY '%s'"
" WITH GRANT OPTION" %
(app.get_mysql_root_password(), app.get_mysql_root_password(),
current_host_config.get_front_ip(), app.get_mysql_root_password()))
mysql_exec("flush privileges;", )
repl_peer = current_host_config.get_option("repl_peer", 'None')
if repl_peer and repl_peer.lower != 'None':
mysql_exec("GRANT ALL PRIVILEGES ON *.* TO "
"'root'@'%s' IDENTIFIED BY '%s'"
" WITH GRANT OPTION" %
(repl_peer, app.get_mysql_root_password()),
with_user=True)
mysql_exec("RESET MASTER;", with_user=True)
mysql_exec("FLUSH PRIVILEGES;", with_user=True)
version_obj.mark_executed()
def install_mysql(args):
'''
Install and configure the mysql-server on the local host.
'''
app.print_verbose("Install mysql version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallMysql", SCRIPT_VERSION)
version_obj.check_executed()
if (len(args) != 3):
raise Exception(
"syco install-mysql [server-id] [innodb-buffer-pool-size]")
server_id = args[1]
innodb_buffer_pool_size = args[2]
# Initialize all passwords used by the script
app.init_mysql_passwords()
# Install the mysql-server packages.
if (not os.access("/usr/bin/mysqld_safe", os.W_OK | os.X_OK)):
x("yum -y install mysql-server hdparm")
x("/sbin/chkconfig mysqld on ")
if (not os.access("/usr/bin/mysqld_safe", os.F_OK)):
raise Exception("Couldn't install mysql-server")
# Configure iptables
iptables.add_mysql_chain()
iptables.save()
# Disable mysql history logging
if (os.access("/root/.mysql_history", os.F_OK)):
x("rm /root/.mysql_history")
x("ln -s /dev/null /root/.mysql_history")
# Used to log slow queries, configed in my.cnf with log-slow-queries=
x("touch /var/log/mysqld-slow.log")
x("chown mysql:mysql /var/log/mysqld-slow.log")
x("chmod 0640 /var/log/mysqld-slow.log")
x("chcon system_u:object_r:mysqld_log_t:s0 /var/log/mysqld-slow.log")
# Not used at the moment, just preventing mysql to load any modules.
if (not os.access("/usr/share/mysql/plugins", os.W_OK | os.X_OK)):
os.mkdir("/usr/share/mysql/plugins")
os.chmod("/usr/share/mysql/plugins", 0)
os.chown("/usr/share/mysql/plugins", 0, 0)
# Under Linux, it is advisable to disable the write-back cache. Otherwise data
# can get lost when computer get power-failures. Beware that some drives or
# disk controllers may be unable to disable the write-back cache.
#
# TODO: Might need to be done from bios?
x("hdparm -W0 /dev/mapper/VolGroup00-var")
app.print_verbose("Install /etc/my.cnf")
shutil.copy(app.SYCO_PATH + "var/mysql/my.cnf", "/etc/my.cnf")
for line in fileinput.FileInput("/etc/my.cnf", inplace=1):
line = line.replace("${server-id}", server_id)
line = line.replace("${innodb_buffer_pool_size}",
innodb_buffer_pool_size)
print line,
# When the innodb files are configured to be large, it takes some time to
# generate the files.
app.print_verbose(
"Increaste timeout for /etc/init.d/mysqld to 120 seconds.")
for line in fileinput.FileInput("/etc/init.d/mysqld", inplace=1):
line = line.replace("STARTTIMEOUT=30", "STARTTIMEOUT=120")
print line,
x("service mysqld start")
# Secure the mysql installation.
mysql_exec("truncate mysql.db")
mysql_exec("truncate mysql.user")
mysql_exec("GRANT ALL PRIVILEGES ON *.* " + "TO 'root'@'127.0.0.1' " +
"IDENTIFIED BY '" + app.get_mysql_root_password() + "', "
"'root'@'localhost' " + "IDENTIFIED BY '" +
app.get_mysql_root_password() + "', "
"'root'@'" + config.general.get_mysql_primary_master_ip() +
"' " + "IDENTIFIED BY '" + app.get_mysql_root_password() + "', "
"'root'@'" + config.general.get_mysql_secondary_master_ip() +
"' " + "IDENTIFIED BY '" + app.get_mysql_root_password() + "' "
"WITH GRANT OPTION ")
mysql_exec("DROP DATABASE test;")
mysql_exec("SELECT host,user FROM mysql.db;")
mysql_exec("SELECT host,user FROM mysql.user;")
mysql_exec("RESET MASTER;")
mysql_exec("FLUSH PRIVILEGES;")
version_obj.mark_executed()
def install_mysql(args):
"""
Install and configure the mysql-server on the local host.
"""
app.print_verbose("Install mysql version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallMysql", SCRIPT_VERSION)
version_obj.check_executed()
if len(args) != 3:
raise Exception("syco install-mysql [server-id] [innodb-buffer-pool-size]")
server_id=args[1]
innodb_buffer_pool_size=args[2]
# Initialize all passwords used by the script
app.init_mysql_passwords()
# Install the mysql-server packages.
if not os.access("/usr/bin/mysqld_safe", os.W_OK|os.X_OK):
x("yum -y install mysql-server hdparm")
x("/sbin/chkconfig mysqld on ")
if not os.access("/usr/bin/mysqld_safe", os.F_OK):
raise Exception("Couldn't install mysql-server")
# Configure iptables
iptables.add_mysql_chain()
iptables.save()
# Disable mysql history logging
if os.access("/root/.mysql_history", os.F_OK):
x("rm /root/.mysql_history")
x("ln -s /dev/null /root/.mysql_history")
# Used to log slow queries, configured in my.cnf with log-slow-queries=
x("touch /var/log/mysqld-slow.log")
x("chown mysql:mysql /var/log/mysqld-slow.log")
x("chmod 0640 /var/log/mysqld-slow.log")
x("chcon system_u:object_r:mysqld_log_t:s0 /var/log/mysqld-slow.log")
# Not used at the moment, just preventing mysql to load any modules.
if not os.access("/usr/share/mysql/plugins", os.W_OK|os.X_OK):
os.mkdir("/usr/share/mysql/plugins")
os.chmod("/usr/share/mysql/plugins", 0)
os.chown("/usr/share/mysql/plugins", 0, 0)
# Under Linux, it is advisable to disable the write-back cache. Otherwise data
# can get lost when computer get power-failures. Beware that some drives or
# disk controllers may be unable to disable the write-back cache.
#
app.print_verbose("TODO: Might need to be done from bios?")
x("hdparm -W0 /dev/mapper/VolGroup00-var")
app.print_verbose("Install /etc/my.cnf")
shutil.copy(app.SYCO_PATH + "var/mysql/my.cnf", "/etc/my.cnf")
x("chown mysql:mysql /etc/my.cnf")
x("chmod 600 /etc/my.cnf")
for line in fileinput.FileInput("/etc/my.cnf", inplace=1):
line=line.replace("${server-id}", server_id)
line=line.replace("${innodb_buffer_pool_size}", innodb_buffer_pool_size)
print line,
# When the innodb files are configured to be large, it takes some time to
# generate the files.
app.print_verbose("Increaste timeout for /etc/init.d/mysqld to 120 seconds.")
for line in fileinput.FileInput("/etc/init.d/mysqld", inplace=1):
line=line.replace("STARTTIMEOUT=30", "STARTTIMEOUT=120")
print line,
x("service mysqld start")
# Secure the mysql installation.
mysql_exec("truncate mysql.db")
mysql_exec("truncate mysql.user")
current_host_config = config.host(net.get_hostname())
# Used by monitor services (icingas nrpe plugin etc.)
mysql_exec(
"GRANT REPLICATION CLIENT ON *.* " +
"TO 'monitor'@'127.0.0.1' IDENTIFIED BY '%s'" % (
app.get_mysql_monitor_password()
)
)
# Required by nrpe plugins
mysql_exec("GRANT SHOW DATABASES ON *.* TO 'monitor'@'127.0.0.1' ")
# Used by backup scripts to flush master and check slave status etc. when
# doing an lvm backup.
mysql_exec(
"GRANT RELOAD,SUPER,REPLICATION CLIENT ON *.* " +
"TO 'backup'@'localhost' IDENTIFIED BY '%s'" % (
app.get_mysql_backup_password()
)
)
mysql_exec("DROP DATABASE test;")
mysql_exec("SELECT host,user FROM mysql.db;")
mysql_exec("SELECT host,user FROM mysql.user;")
mysql_exec(
"GRANT ALL PRIVILEGES ON *.* TO "
"'root'@'127.0.0.1' IDENTIFIED BY '%s', "
"'root'@'localhost' IDENTIFIED BY '%s', "
"'root'@'%s' IDENTIFIED BY '%s'"
" WITH GRANT OPTION" % (
app.get_mysql_root_password(),
app.get_mysql_root_password(),
current_host_config.get_front_ip(),
app.get_mysql_root_password()
)
)
mysql_exec("flush privileges;", )
repl_peer = current_host_config.get_option("repl_peer", 'None')
if repl_peer and repl_peer.lower != 'None':
mysql_exec(
"GRANT ALL PRIVILEGES ON *.* TO "
"'root'@'%s' IDENTIFIED BY '%s'"
" WITH GRANT OPTION" % (
repl_peer,
app.get_mysql_root_password()
),
with_user=True
)
mysql_exec("RESET MASTER;", with_user=True)
mysql_exec("FLUSH PRIVILEGES;", with_user=True)
version_obj.mark_executed()
