Пример #1
0
def get_status():

    status = {'redis': {}, 'stunnel': {}}
    servers = Server.query.all()

    check_cmd = 'python -c "import socket;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);print s.connect_ex((\'{0}\', {1}))"'

    cache_servers = get_cache_servers()

    stunnel_port = cache_servers[0].stunnel_port if cache_servers else None

    for server in servers + cache_servers:
        key = server.ip.replace('.', '_')

        c = RemoteClient(host=server.hostname, ip=server.ip)
        try:
            c.startup()
        except:
            status['stunnel'][key] = False
            status['redis'][key] = False
        else:

            status['stunnel'][key] = False

            if server in cache_servers:
                r = c.run(check_cmd.format('localhost', 6379))
                stat = r[1].strip()

                if stat == '0':
                    status['redis'][key] = True
                else:
                    status['redis'][key] = False

                if stunnel_port:
                    r = c.run(check_cmd.format(server.ip, stunnel_port))
                    stat = r[1].strip()

                if stat == '0':
                    status['stunnel'][key] = True

            else:

                if stunnel_port:

                    r = c.run(check_cmd.format('localhost', '6379'))
                    stat = r[1].strip()

                    if stat == '0':
                        status['stunnel'][key] = True

        c.close()

    return jsonify(status)
Пример #2
0
class BaseInstaller(object):
    """Base class for component installers.

    Args:
        server (class:`clustermgr.models.Server`): the server object denoting
            the server where server should be installed
        tid (string): the task id of the celery task to add logs
    """

    def __init__(self, server, tid):
        self.server = server
        self.tid = tid
        self.rc = RemoteClient(server.hostname, ip=server.ip)

    def install(self):
        """install() detects the os of the server and calls the appropriate
        function to install redis on that server.

        Returns:
            boolean status of the install process
        """
        try:
            self.rc.startup()
        except Exception as e:
            wlogger.log(self.tid, "Could not connect to {0}".format(e),
                        "error", server_id=self.server.id)
            return False

        cin, cout, cerr = self.rc.run("ls /etc/*release")
        files = cout.split()
        cin, cout, cerr = self.rc.run("cat " + files[0])

        status = False
        if "Ubuntu" in cout:
            status = self.install_in_ubuntu()
        elif "CentOS" in cout:
            status = self.install_in_centos()
        else:
            wlogger.log(self.tid, "Server OS is not supported. {0}".format(
                cout), "error", server_id=self.server.id)
        self.rc.close()
        return status

    def install_in_ubuntu(self):
        """This method should be overridden by the sub classes. Run the
        commands needed to install your component.

        Returns:
            boolean status of success of the install
        """
        pass

    def install_in_centos(self):
        """This method should be overridden by the sub classes. Run the
        commands needed to install your component.

        Returns:
            boolean status of success of the install
        """
        pass

    def run_command(self, cmd):
        wlogger.log(self.tid, cmd, "debug", server_id=self.server.id)
        return self.rc.run(cmd)
Пример #3
0
def install_cache_components(self, method):
    """Celery task that installs the redis, stunnel and twemproxy applications
    in the required servers.

    Redis and stunnel are installed in all the servers in the cluster.
    Twemproxy is installed in the load-balancer/proxy server

    :param self: the celery task
    :param method: either STANDALONE, SHARDED

    :return: the number of servers where both stunnel and redis were installed
        successfully
    """
    tid = self.request.id
    installed = 0
    servers = Server.query.all()
    for server in servers:
        wlogger.log(tid, "Installing Redis in server {0}".format(
            server.hostname), "info", server_id=server.id)
        ri = RedisInstaller(server, tid)
        redis_installed = ri.install()
        if redis_installed:
            server.redis = True
            wlogger.log(tid, "Redis install successful", "success",
                        server_id=server.id)
        else:
            server.redis = False
            wlogger.log(tid, "Redis install failed", "fail",
                        server_id=server.id)

        wlogger.log(tid, "Installing Stunnel", "info", server_id=server.id)
        si = StunnelInstaller(server, tid)
        stunnel_installed = si.install()
        if stunnel_installed:
            server.stunnel = True
            wlogger.log(tid, "Stunnel install successful", "success",
                        server_id=server.id)
        else:
            server.stunnel = False
            wlogger.log(tid, "Stunnel install failed", "fail",
                        server_id=server.id)
        # Save the redis and stunnel install situation to the db
        db.session.commit()

        if redis_installed and stunnel_installed:
            installed += 1

    if method != 'STANDALONE':
        # No need to install twemproxy for "SHARDED" configuration
        return True

    # Install twemproxy in the Nginx load balancing proxy server
    app_conf = AppConfiguration.query.first()
    host = app_conf.nginx_host
    rc = RemoteClient(host)
    try:
        rc.startup()
    except Exception as e:
        wlogger.log(tid, "Could not connect to {0}".format(e), "error")
        return False

    server_os = get_os_type(rc)

    mock_server = Server()
    mock_server.hostname = host
    wlogger.log(tid, "Installing Stunnel in proxy server")
    si = StunnelInstaller(mock_server, tid)
    stunnel_installed = si.install()
    if stunnel_installed:
        wlogger.log(tid, "Stunnel install successful", "success")
    else:
        wlogger.log(tid, "Stunnel install failed", "fail")

    wlogger.log(tid, "Cluster manager will now try to build Twemproxy")
    # 1. Setup the development tools for installation
    if server_os in ["Ubuntu 16", "Ubuntu 14"]:
        run_and_log(rc, "apt-get update", tid)
        run_and_log(rc, "apt-get install -y build-essential autoconf libtool",
                    tid)
    elif server_os in ["CentOS 6", "CentOS 7", "RHEL 7"]:
        run_and_log(rc, "yum install -y wget", tid)
        run_and_log(rc, "yum groupinstall -y 'Development tools'", tid)

    if server_os == "CentOS 6":
        run_and_log(rc, "wget http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz",
                    tid)
        run_and_log(rc, "tar xvfvz autoconf-2.69.tar.gz", tid)
        run_and_log(rc, "cd autoconf-2.69 && ./configure", tid)
        run_and_log(rc, "cd autoconf-2.69 && make", tid)
        run_and_log(rc, "cd autoconf-2.69 && make install", tid)

    # 2. Get the source, build & install the nutcracker binaries
    run_and_log(rc, "wget https://github.com/twitter/twemproxy/archive/v0.4.1.tar.gz",
                tid)
    run_and_log(rc, "tar -xf v0.4.1.tar.gz", tid)
    run_and_log(rc, "cd twemproxy-0.4.1", tid)
    run_and_log(rc, "cd twemproxy-0.4.1 && autoreconf -fvi", tid)
    run_and_log(rc, "cd twemproxy-0.4.1 && ./configure --prefix=/usr", tid)
    run_and_log(rc, "cd twemproxy-0.4.1 && make", tid)
    run_and_log(rc, "cd twemproxy-0.4.1 && make install", tid)

    # 3. Post installation - setup user and logging
    run_and_log(rc, "useradd nutcracker", tid)
    run_and_log(rc, "mkdir /var/log/nutcracker", tid)
    run_and_log(rc, "touch /var/log/nutcracker/nutcracker.log", tid)
    run_and_log(rc, "chown -R nutcracker:nutcracker /var/log/nutcracker",
                tid)
    logrotate_conf = ["/var/log/nutcracker/nutcracker*.log {", "\tweekly",
                      "\tmissingok", "\trotate 12", "\tcompress",
                      "\tnotifempty", "}"]
    rc.put_file("/etc/logrotate.d/nutcracker", "\n".join(logrotate_conf))

    # 4. Add init/service scripts to run nutcracker as a service
    if server_os in ["Ubuntu 16", "CentOS 7", "RHEL 7"]:
        local = os.path.join(app.root_path, "templates", "twemproxy",
                             "twemproxy.service")
        remote = "/lib/systemd/system/nutcracker.service"
        rc.upload(local, remote)
        run_and_log(rc, "systemctl enable nutcracker", tid, None)
    elif server_os == "Ubuntu 14":
        local = os.path.join(app.root_path, "templates", "twemproxy",
                             "nutcracker.init")
        remote = "/etc/init.d/nutcracker"
        rc.upload(local, remote)
        run_and_log(rc, 'chmod +x /etc/init.d/nutcracker', tid)
        run_and_log(rc, "update-rc.d nutcracker defaults", tid)
    elif server_os == "CentOS 6":
        local = os.path.join(app.root_path, "templates", "twemproxy",
                             "nutcracker.centos.init")
        remote = "/etc/rc.d/init.d/nutcracker"
        rc.upload(local, remote)
        run_and_log(rc, "chmod +x /etc/init.d/nutcracker", tid)
        run_and_log(rc, "chkconfig --add nutcracker", tid)
        run_and_log(rc, "chkconfig nutcracker on", tid)

    # 5. Create the default configuration file referenced in the init scripts
    run_and_log(rc, "mkdir -p /etc/nutcracker", tid)
    run_and_log(rc, "touch /etc/nutcracker/nutcracker.yml", tid)

    rc.close()
    return installed
Пример #4
0
def _rotate_keys(kr, javalibs_dir, jks_path):
    pub_keys = []
    openid_jks_pass = random_chars()

    if kr.type == "oxeleven":
        token = decrypt_text(kr.oxeleven_token, kr.oxeleven_token_key,
                             kr.oxeleven_token_iv)

        try:
            # delete old keys first
            print "deleting old keys"
            for key_id in OxelevenKeyID.query:
                status_code, out = delete_key(kr.oxeleven_url, key_id.kid,
                                              token)
                if status_code == 200 and out["deleted"]:
                    db.session.delete(key_id)
                    db.session.commit()
                elif status_code == 401:
                    print "insufficient access to call oxEleven API"

            # obtain new keys
            print "obtaining new keys"
            for algo in ["RS256", "RS384", "RS512", "ES256", "ES384", "ES512"]:
                status_code, out = generate_key(kr.oxeleven_url,
                                                algo,
                                                token=token)
                if status_code == 200:
                    key_id = OxelevenKeyID()
                    key_id.kid = out["kid"]
                    db.session.add(key_id)
                    db.session.commit()
                    pub_keys.append(out)
                elif status_code == 401:
                    print "insufficient access to call oxEleven API"
                else:
                    print "unable to obtain the keys from oxEleven; " \
                        "status code={}".format(status_code)
        except requests.exceptions.ConnectionError:
            print "unable to establish connection to oxEleven; skipping task"
    else:
        out, err, retcode = generate_jks(
            openid_jks_pass,
            javalibs_dir,
            jks_path,
        )
        if retcode == 0:
            json_out = json.loads(out)
            pub_keys = json_out["keys"]
        else:
            print err

    # update LDAP entry
    if pub_keys and modify_oxauth_config(kr, pub_keys, openid_jks_pass):
        print "pub keys has been updated"
        kr.rotated_at = datetime.utcnow()
        db.session.add(kr)
        db.session.commit()

        if kr.type == "jks":
            from clustermgr.core.remote import RemoteClient
            for server in Server.query:
                c = RemoteClient(server.hostname)
                try:
                    c.startup()
                except Exception:
                    print "Couldn't connect to server %s. Can't copy JKS" % server.hostname
                    continue
                c.upload(jks_path, server.jks_path)
                c.close()
Пример #5
0
def install_cache_components(self, method, server_id_list):
    """Celery task that installs the redis, stunnel and twemproxy applications
    in the required servers.

    Redis and stunnel are installed in all the servers in the cluster.
    Twemproxy is installed in the load-balancer/proxy server

    :param self: the celery task
    :param method: either STANDALONE, SHARDED

    :return: the number of servers where both stunnel and redis were installed
        successfully
    """

    tid = self.request.id
    installed = 0

    servers = []

    for server_id in server_id_list:

        server = Server.query.get(server_id)

        ri = RedisInstaller(server, tid)
        ri.rc.startup()
        if ri.rc.exists('/usr/bin/redis-server') or ri.rc.exists(
                '/bin/redis-server'):
            server.redis = True
            redis_installed = 1
            wlogger.log(tid,
                        "Redis was already installed on server {0}".format(
                            server.hostname),
                        "info",
                        server_id=server.id)
        else:
            wlogger.log(tid,
                        "Installing Redis in server {0}".format(
                            server.hostname),
                        "info",
                        server_id=server.id)
            redis_installed = ri.install()
            if redis_installed:
                server.redis = True
                wlogger.log(tid,
                            "Redis install successful",
                            "success",
                            server_id=server.id)
            else:
                server.redis = False
                wlogger.log(tid,
                            "Redis install failed",
                            "fail",
                            server_id=server.id)

        si = StunnelInstaller(server, tid)
        si.rc.startup()
        if si.rc.exists('/usr/bin/stunnel') or si.rc.exists('/bin/stunnel'):
            wlogger.log(tid,
                        "Stunnel was allready installed",
                        "info",
                        server_id=server.id)
            server.stunnel = True
            stunnel_installed = 1
        else:
            wlogger.log(tid, "Installing Stunnel", "info", server_id=server.id)

            stunnel_installed = si.install()
            if stunnel_installed:
                server.stunnel = True
                wlogger.log(tid,
                            "Stunnel install successful",
                            "success",
                            server_id=server.id)
            else:
                server.stunnel = False
                wlogger.log(tid,
                            "Stunnel install failed",
                            "fail",
                            server_id=server.id)
            # Save the redis and stunnel install situation to the db

        if redis_installed and stunnel_installed:
            installed += 1

        db.session.commit()
    if method != 'STANDALONE':
        # No need to install twemproxy for "SHARDED" configuration
        return True

    # Install twemproxy in the Nginx load balancing proxy server
    app_conf = AppConfiguration.query.first()

    mock_server = Server()

    if app_conf.external_load_balancer:
        mock_server.hostname = app_conf.cache_host
        mock_server.ip = app_conf.cache_ip
    else:
        mock_server.hostname = app_conf.nginx_host
        mock_server.ip = app_conf.nginx_ip

    rc = RemoteClient(mock_server.hostname)

    try:
        rc.startup()
    except Exception as e:
        wlogger.log(tid, "Could not connect to {0}".format(e), "error")
        return False

    server_os = get_os_type(rc)

    si = StunnelInstaller(mock_server, tid)
    si.rc.startup()
    stunnel_installed = 0
    if si.rc.exists('/usr/bin/stunnel') or si.rc.exists('/bin/stunnel'):
        wlogger.log(tid, "Stunnel was already installed on cache server")
        stunnel_installed = 1
    else:
        wlogger.log(tid, "Installing Stunnel in cache server")
        stunnel_installed = si.install()
        if stunnel_installed:
            wlogger.log(tid, "Stunnel install successful", "success")
        else:
            wlogger.log(tid, "Stunnel install failed", "fail")

    print rc.exists('/usr/sbin/nutcracker')

    if not rc.exists('/usr/sbin/nutcracker'):

        wlogger.log(tid, "Installing Twemproxy")
        # 1. Setup the development tools for installation
        if server_os == "Ubuntu 14":
            run_and_log(rc, "apt-get update", tid)
            run_and_log(
                rc,
                'wget http://ftp.debian.org/debian/pool/main/n/nutcracker/nutcracker_0.4.0+dfsg-1_amd64.deb -O /tmp/nutcracker_0.4.0+dfsg-1_amd64.deb',
                tid)
            run_and_log(rc, "dpkg -i /tmp/nutcracker_0.4.0+dfsg-1_amd64.deb",
                        tid)
        elif server_os == "Ubuntu 16":
            run_and_log(rc, "apt-get update", tid)
            run_and_log(
                rc,
                "DEBIAN_FRONTEND=noninteractive apt-get install -y nutcracker",
                tid)
        elif server_os in ["CentOS 7", "RHEL 7"]:
            run_and_log(
                rc,
                'yum install -y https://raw.githubusercontent.com/mbaser/gluu/master/nutcracker-0.4.1-1.gluu.centos7.x86_64.rpm',
                tid)
            run_and_log(rc, 'chkconfig nutcracker on', tid)
        elif server_os in ['CentOS 6', 'RHEL 6']:
            run_and_log(
                rc,
                'yum install -y https://raw.githubusercontent.com/mbaser/gluu/master/nutcracker-0.4.1-1.gluu.centos6.x86_64.rpm',
                tid)
            run_and_log(rc, 'chkconfig nutcracker on', tid)

        # 5. Create the default configuration file referenced in the init scripts
        #run_and_log(rc, "mkdir -p /etc/nutcracker", tid)
        run_and_log(rc, "touch /etc/nutcracker/nutcracker.yml", tid)
    else:
        wlogger.log(tid, "Twemproxy was already installed on cache server")
    rc.close()
    return installed