def install_syco(args): """ Install/configure this script on the current computer. """ app.print_verbose("Install syco version: %d" % SCRIPT_VERSION) version_obj = version.Version("InstallSYCO", SCRIPT_VERSION) version_obj.check_executed() app.print_verbose("Install required packages for syco") x("yum install pexpect python-crypto augeas -y") app.print_verbose("Create symlink /sbin/syco") set_syco_permissions() if not os.path.exists('/sbin/syco'): os.symlink('%sbin/syco.py' % SYCO_PATH, '/sbin/syco') x("cat %syum/CentOS-Base.repo > /etc/yum.repos.d/CentOS-Base.repo" % app.SYCO_VAR_PATH) #Use augeas to set max kernels to 2 since more won't fit on /boot from augeas import Augeas augeas = Augeas(x) augeas.set_enhanced("/files/etc/yum.conf/main/installonly_limit", "2") version_obj.mark_executed()
def install_syco(args): """ Install/configure this script on the current computer. """ app.print_verbose("Install syco version: %d" % SCRIPT_VERSION) version_obj = version.Version("InstallSYCO", SCRIPT_VERSION) version_obj.check_executed() #Override base repo to one that works x("cat %syum/CentOS-Base.repo > /etc/yum.repos.d/CentOS-Base.repo" % app.SYCO_VAR_PATH) #Set Swappiness to 0 on all hosts to avoid excessive swapping x('sysctl vm.swappiness=0') app.print_verbose("Install required packages for syco") x("yum install augeas -y") app.print_verbose("Create symlink /sbin/syco") set_syco_permissions() if not os.path.exists('/sbin/syco'): os.symlink('%sbin/syco.py' % SYCO_PATH, '/sbin/syco') #Use augeas to set max kernels to 2 since more won't fit on /boot from augeas import Augeas augeas = Augeas(x) augeas.set_enhanced("/files/etc/yum.conf/main/installonly_limit", "2") version_obj.mark_executed()
def _libvirt_init_config(): x("yum install augeas -y") #Initialize augeas augeas = Augeas(x) augeas.set_enhanced("/files/etc/sysconfig/libvirt-guests/ON_SHUTDOWN","shutdown")
def epel_repo(): """ Setup EPEL repository. """ # Check if epel is already installed and enabled augeas = Augeas(x) epel_enabled = augeas.find_values('/files/etc/yum.repos.d/epel.repo/epel/enabled') if len(epel_enabled) != 1 or epel_enabled[0] != '1': x("yum install -y epel-release") augeas.set_enhanced('/files/etc/yum.repos.d/epel.repo/epel/enabled', '1')
def setup_clam_and_freshclam(): # # Setup clamav and freshclam # app.print_verbose("Setup clamav and freshclam") app.print_verbose(" Setup config files.") x("cp /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.conf") clamd = scOpen("/usr/local/etc/clamd.conf") clamd.replace("^[#]\?Example.*", "#Example") clamd.replace("^[#]\?LogFileMaxSize.*", "LogFileMaxSize 100M") clamd.replace("^[#]\?LogFile.*", "LogFile /var/log/clamav/clamd.log") clamd.replace("^[#]\?LogTime.*", "LogTime yes") clamd.replace("^[#]\?LogSyslog.*", "LogSyslog yes") clamd.replace("^[#]\?TCPSocket.*", "TCPSocket 3310") clamd.replace("^[#]\?TCPAddr.*", "TCPAddr 127.0.0.1") clamd.replace("^[#]\?ExcludePath.*/proc.*", "ExcludePath ^/proc") clamd.replace("^[#]\?ExcludePath.*/sys.*", "ExcludePath ^/sys") clamd.replace("^[#]\?User.*", "User clamav") clamd.replace("^[#]\?LocalSocket.*", "LocalSocket /var/run/clamav/clamd.socket") clamd.replace("^[#]\?PidFile.*", "PidFile /var/run/clamav/clamd.pid") clamd.replace("^[#]\?DatabaseDirectory.*", "DatabaseDirectory /var/lib/clamav") x("cp /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf") freshclam = scOpen("/usr/local/etc/freshclam.conf") freshclam.replace("^[#]\?Example.*", "#Example") freshclam.replace("^[#]\?LogFileMaxSize.*", "LogFileMaxSize 100M") freshclam.replace("^[#]\?LogTime.*", "LogTime yes") freshclam.replace("^[#]\?LogSyslog.*", "LogSyslog yes") freshclam.replace("^[#]\?DatabaseOwner.*", "DatabaseOwner clamav") freshclam.replace("^[#]\?PidFile.*", "PidFile /var/run/clamav/freshclam.pid") freshclam.replace("^[#]\?DatabaseMirror.*", "DatabaseMirror db.northeu.clamav.net") freshclam.replace("^[#]\?UpdateLogFile.*", "UpdateLogFile /var/log/clamav/freshclam.log") freshclam.replace("^[#]\?DatabaseDirectory.*", "DatabaseDirectory /var/lib/clamav") #TODO: Change replace statements above to augeas since that tends to be more stable. app.print_verbose(" Install augeas and add clam lens that is not available on CentOS 6") x("yum install -y augeas") x("cp %s/augeas/lenses/clamav.aug /usr/share/augeas/lenses/dist/" % app.SYCO_VAR_PATH) #Help augeas find freshclam.conf if x("readlink /etc/freshclam.conf").find("/usr/local/etc/freshclam.conf") == -1: x("rm -f /etc/freshclam.conf") x("ln -s /usr/local/etc/freshclam.conf /etc/") #Initialize augeas augeas = Augeas(x) if config.general.get_proxy_host() and config.general.get_proxy_port(): app.print_verbose(" Configure proxy for freshclam") augeas.set_enhanced("/files/etc/freshclam.conf/HTTPProxyPort", "%s" % config.general.get_proxy_port()) augeas.set_enhanced("/files/etc/freshclam.conf/HTTPProxyServer", "%s" % config.general.get_proxy_host())
def epel_repo(): """ Setup EPEL repository. """ # Check if epel is already installed and enabled augeas = Augeas(x) epel_enabled = augeas.find_values( '/files/etc/yum.repos.d/epel.repo/epel/enabled') if len(epel_enabled) != 1 or epel_enabled[0] != '1': x("yum install -y epel-release") augeas.set_enhanced('/files/etc/yum.repos.d/epel.repo/epel/enabled', '1')
def _configure_keepalived(): """ * Keepalived needs the possibility to bind on non local adresses. * It will replace the variables in the config file with the hostname. * It is not environmental dependent and can be installed on any server. """ augeas = Augeas(x) augeas.set_enhanced("/files/etc/sysctl.conf/net.ipv4.ip_nonlocal_bind", "1") x("sysctl -p") x("mv {0}keepalived.conf {0}org.keepalived.conf".format(KA_CONF_DIR)) x("cp {0}/{1}.keepalived.conf {2}keepalived.conf".format(SYCO_PLUGIN_PATH, ka_env, KA_CONF_DIR)) scopen.scOpen(KA_CONF_DIR + "keepalived.conf").replace("${KA_SERVER_NAME_UP}", socket.gethostname().upper()) scopen.scOpen(KA_CONF_DIR + "keepalived.conf").replace("${KA_SERVER_NAME_DN}", socket.gethostname().lower()) _chkconfig("keepalived","on") _service("keepalived","restart")
def _configure_keepalived(): """ * Keepalived needs the possibility to bind on non local adresses. * It will replace the variables in the config file with the hostname. * It is not environmental dependent and can be installed on any server. """ augeas = Augeas(x) augeas.set_enhanced("/files/etc/sysctl.conf/net.ipv4.ip_nonlocal_bind", "1") x("sysctl -p") x("mv {0}keepalived.conf {0}org.keepalived.conf".format(KA_CONF_DIR)) x("cp {0}/{1}.keepalived.conf {2}keepalived.conf".format( SYCO_PLUGIN_PATH, ka_env, KA_CONF_DIR)) scopen.scOpen(KA_CONF_DIR + "keepalived.conf").replace( "${KA_SERVER_NAME_UP}", socket.gethostname().upper()) scopen.scOpen(KA_CONF_DIR + "keepalived.conf").replace( "${KA_SERVER_NAME_DN}", socket.gethostname().lower()) _chkconfig("keepalived", "on") _service("keepalived", "restart")
def install_syco(args): """ Install/configure this script on the current computer. """ app.print_verbose("Install syco version: %d" % SCRIPT_VERSION) version_obj = version.Version("InstallSYCO", SCRIPT_VERSION) version_obj.check_executed() # Override base repo to one that works x("cat %syum/CentOS-Base.repo > /etc/yum.repos.d/CentOS-Base.repo" % app.SYCO_VAR_PATH) # Run all yum updates through proxy if available proxy_host = config.general.get_proxy_host() proxy_port = config.general.get_proxy_port() if proxy_host and proxy_port: x('echo proxy=%s >> /etc/yum.conf' % "http://%s:%s" % (proxy_host, proxy_port)) app.print_verbose("Install required packages for syco") install_packages("augeas") app.print_verbose("Create symlink /sbin/syco") set_syco_permissions() if not os.path.exists('/sbin/syco'): os.symlink('%sbin/syco.py' % SYCO_PATH, '/sbin/syco') # Use augeas to set max kernels to 2 since more won't fit on /boot from augeas import Augeas augeas = Augeas(x) augeas.set_enhanced("/files/etc/yum.conf/main/installonly_limit", "2") # Set Swappiness to 0 on all hosts to avoid excessive swapping augeas.set_enhanced("/files/etc/sysctl.conf/vm.swappiness", "0") if proxy_host and proxy_port: # Set proxy again with augeas to ensure there are no duplicates/inconsistencies augeas.set_enhanced("/files/etc/yum.conf/main/proxy", "http://%s:%s" % (proxy_host, proxy_port)) version_obj.mark_executed()
def install_syco(args): """ Install/configure this script on the current computer. """ app.print_verbose("Install syco version: %d" % SCRIPT_VERSION) version_obj = version.Version("InstallSYCO", SCRIPT_VERSION) version_obj.check_executed() # Override base repo to one that works x("cat %syum/CentOS-Base.repo > /etc/yum.repos.d/CentOS-Base.repo" % app.SYCO_VAR_PATH) # Run all yum updates through proxy if available proxy_host = config.general.get_proxy_host() proxy_port = config.general.get_proxy_port() if proxy_host and proxy_port: x('echo proxy=%s >> /etc/yum.conf' % "http://%s:%s" % (proxy_host,proxy_port)) app.print_verbose("Install required packages for syco") install_packages("augeas") app.print_verbose("Create symlink /sbin/syco") set_syco_permissions() if not os.path.exists('/sbin/syco'): os.symlink('%sbin/syco.py' % SYCO_PATH, '/sbin/syco') # Use augeas to set max kernels to 2 since more won't fit on /boot from augeas import Augeas augeas = Augeas(x) augeas.set_enhanced("/files/etc/yum.conf/main/installonly_limit", "2") # Set Swappiness to 0 on all hosts to avoid excessive swapping augeas.set_enhanced("/files/etc/sysctl.conf/vm.swappiness", "0") if proxy_host and proxy_port: # Set proxy again with augeas to ensure there are no duplicates/inconsistencies augeas.set_enhanced("/files/etc/yum.conf/main/proxy", "http://%s:%s" % (proxy_host,proxy_port)) version_obj.mark_executed()
def install_mail_server(args): """ Installs a postfix-based mail relay MTA that listens on the DMZ, and relays towards the internet. Also possible to send from localhost. Also installs mailx. """ version_obj = version.Version("Install-postfix-server", SCRIPT_VERSION) version_obj.check_executed() app.print_verbose("Installing postfix-server version: {0}".format(SCRIPT_VERSION)) init_properties = PostFixProperties() # Install required packages x("yum install -y postfix augeas") #Initialize augeas augeas = Augeas(x) # Set config file parameters # general.use_original_file("/etc/postfix/main.cf") postfix_main_cf = scopen.scOpen("/etc/postfix/main.cf") # Hostname is full canonical name of machine. postfix_main_cf.replace("#myhostname = host.domain.tld", "myhostname = {0}".format(config.general.get_mail_relay_domain_name())) # mailrelay.syco.com postfix_main_cf.replace("#mydomain = domain.tld", "mydomain = {0}".format(config.general.get_resolv_domain())) # syco.com postfix_main_cf.replace("#myorigin = $mydomain", "myorigin = $myhostname") # Accept email from all IP addresses for this server augeas.set_enhanced("/files/etc/postfix/main.cf/inet_interfaces", ",".join(init_properties.server_ips)) #Allow networks augeas.set_enhanced("/files/etc/postfix/main.cf/mynetworks", ",".join(init_properties.server_networks)) # Do not relay anywhere special, i.e straight to internet. postfix_main_cf.replace("#relay_domains = $mydestination", "relay_domains =") postfix_main_cf.replace("#home_mailbox = Maildir/", "home_mailbox = Maildir/") # Stop warning about IPv6. postfix_main_cf.replace("inet_protocols = all", "inet_protocols = ipv4") #Set virtual_alias_maps and virtual_alias_domains in main.cf augeas.set("/files/etc/postfix/main.cf/virtual_alias_maps", "hash:/etc/postfix/virtual") if init_properties.virtual_alias_domains: augeas.set("/files/etc/postfix/main.cf/virtual_alias_domains", init_properties.virtual_alias_domains) #Add virtual aliases if they do not already exist for virt_alias_from, virt_alias_to in init_properties.virtual_aliases.iteritems(): existing = augeas.find_entries("/files/etc/postfix/virtual/pattern[. = '%s']" % virt_alias_from) if len(existing) == 0: x("echo \"%s %s\" >> /etc/postfix/virtual" % (virt_alias_from, virt_alias_to)) else: augeas.set_enhanced("/files/etc/postfix/virtual/pattern[. = '%s']/destination" % virt_alias_from, virt_alias_to) if len(init_properties.virtual_aliases) > 0: x("postmap /etc/postfix/virtual") # Install a simple mail CLI-tool install_mailx() # Tell iptables and nrpe that this server is configured as a mail-relay server. iptables.add_mail_relay_chain() iptables.save() x("service postfix restart") # Send test mail to the syco admin # and to any virtual alias emails send_test_mail((None, config.general.get_admin_email()), init_properties.virtual_aliases.keys())