def create_kvm_host(self): devicename = disk.create_lvm_volumegroup( self.hostname, int(self.property_list['\$total_disk_gb']) + 1, config.host(self.hostname).get_vol_group()) cmd = " virt-install" cmd += " -d --connect qemu:///system" cmd += " --name " + self.hostname cmd += " --ram " + self.ram cmd += " --vcpus=" + self.cpu if self.cpu_max is not None and self.cpu_max != "": cmd += ",maxvcpus=" + self.cpu_max cmd += " --vnc --noautoconsole" cmd += " --hvm" cmd += " --virt-type=kvm" cmd += " --autostart" cmd += " --disk path=" + devicename cmd += " --os-variant=rhel6" cmd += " --arch x86_64" if config.general.is_back_enabled(): cmd += " --network bridge:br0" cmd += " --network bridge:br1" cmd += " --location nfs:" + self.kvm_host_ip + ":/dvd" cmd += ' -x "ks=nfs:' + self.kvm_host_ip + ':/kickstart/' + self.hostname + '.ks' cmd += ' ksdevice=eth1' cmd += ' ip=' + config.host(self.hostname).get_front_ip() cmd += ' netmask=' + config.general.get_front_netmask() cmd += ' dns=' + config.general.get_front_resolver_ip() cmd += ' gateway=' + self.kvm_host_ip cmd += ' "' x(cmd) self.wait_for_installation_to_complete() self.autostart_guests()
def __init__(self): server_front_ip = config.host(net.get_hostname()).get_front_ip() server_back_ip = config.host(net.get_hostname()).get_back_ip() server_network_front = net.get_network_cidr(server_front_ip, config.general.get_front_netmask()) server_network_back = net.get_network_cidr(server_back_ip, config.general.get_back_netmask())
def _add_all_systems(): for hostname in config.get_servers(): # Is a KVM host? if config.host(hostname).is_host(): _host_add(hostname) elif config.host(hostname).is_guest(): _guest_add(hostname)
def _setup_network(hostname): edit_iface(hostname, 'eth0', config.host(hostname).get_back_ip(), config.general.get_back_netmask(), config.general.get_back_gateway_ip()) edit_iface(hostname, 'eth1', config.host(hostname).get_front_ip(), config.general.get_front_netmask(), config.general.get_front_gateway_ip())
def _set_servers(self, hostname): ''' Set servers/hosts to perform the remote install on. ''' if (hostname): self._servers.append(hostname) if (config.host(hostname).is_host()): self._servers += config.host(hostname).get_guests() else: self._servers = config.get_servers() sorted(self._servers)
def _set_servers(self, hostname): """ Set servers/hosts to perform the remote install on. """ if hostname: self._servers.append(hostname) if config.host(hostname).is_host(): self._servers += config.host(hostname).get_guests() else: self._servers = config.get_servers() sorted(self._servers)
def _set_servers(self, hostname): ''' Set servers/hosts to perform the remote install on. ''' if (hostname): self.servers.append(hostname) if (config.host(hostname).is_host()): self.servers += config.host(hostname).get_guests() else: self.servers = config.get_servers() sorted(self.servers)
def _get_host_list(): """ This function polls through all hosts in the /opt/syco/etc/install.cfg and sorts them into host types (see object model UML). A host class is defined in the bottom of this script. Host objects are instantiated with hostname, front-ip, and type in this function. """ # Create a list of host-objects from the syco-config (see host class) serverList = [] for server in config.get_devices(): if config.host(server).is_guest(): serverList.append( host(server, config.host(server).get_any_ip(), "guest")) elif config.host(server).is_host(): serverList.append( host(server, config.host(server).get_any_ip(), "host")) elif config.host(server).is_firewall(): serverList.append( host(server, config.host(server).get_back_ip(), "firewall")) elif config.host(server).is_switch(): serverList.append( host(server, config.host(server).get_any_ip(), "switch")) return serverList
def _setup_network(hostname): edit_iface( hostname, 'eth0', config.host(hostname).get_back_ip(), config.general.get_back_netmask(), config.general.get_back_gateway_ip() ) edit_iface( hostname, 'eth1', config.host(hostname).get_front_ip(), config.general.get_front_netmask(), config.general.get_front_gateway_ip() )
def set_kickstart_options(self): ''' Properties that will be used to replace ${XXX} vars in kickstart file. ''' prop = {} prop['\$hostname'] = self.hostname prop['\$front_ip'] = config.host(self.hostname).get_front_ip() prop['\$front_netmask'] = config.general.get_front_netmask() prop['\$front_gateway'] = config.general.get_front_gateway_ip() prop['\$front_nameserver'] = config.general.get_front_resolver_ip() prop['\$back_ip'] = config.host(self.hostname).get_back_ip() prop['\$back_netmask'] = config.general.get_back_netmask() prop['\$back_gateway'] = config.general.get_back_gateway_ip() prop['\$back_nameserver'] = config.general.get_back_resolver_ip() prop['\$default_password_crypted'] = app.get_root_password_hash() prop['\$disk_swap_mb'] = config.host(self.hostname).get_disk_swap_mb() prop['\$disk_var_mb'] = config.host(self.hostname).get_disk_var_mb() prop['\$disk_log_mb'] = config.host(self.hostname).get_disk_log_mb() prop['\$total_disk_mb'] = config.host(self.hostname).get_total_disk_mb() prop['\$total_disk_gb'] = config.host(self.hostname).get_total_disk_gb() prop['\$boot_device'] = config.host(self.hostname).get_boot_device("vda") self.property_list = prop
def set_kickstart_options(self): ''' Properties that will be used to replace ${XXX} vars in kickstart file. ''' prop = {} prop['\$hostname'] = self.hostname prop['\$front_ip'] = config.host(self.hostname).get_front_ip() prop['\$front_netmask'] = config.general.get_front_netmask() prop['\$front_gateway'] = config.general.get_front_gateway_ip() prop['\$front_nameserver'] = config.general.get_front_resolver_ip() prop['\$back_ip'] = config.host(self.hostname).get_back_ip() prop['\$back_netmask'] = config.general.get_back_netmask() prop['\$back_gateway'] = config.general.get_back_gateway_ip() prop['\$back_nameserver'] = config.general.get_back_resolver_ip() prop['\$default_password_crypted'] = app.get_root_password_hash() prop['\$disk_swap_mb'] = config.host(self.hostname).get_disk_swap_mb() prop['\$disk_var_mb'] = config.host(self.hostname).get_disk_var_mb() prop['\$disk_log_mb'] = config.host(self.hostname).get_disk_log_mb() prop['\$total_disk_mb'] = config.host( self.hostname).get_total_disk_mb() prop['\$total_disk_gb'] = config.host( self.hostname).get_total_disk_gb() prop['\$boot_device'] = config.host( self.hostname).get_boot_device("vda") self.property_list = prop
def init_host_options_from_config(self): ''' Initialize all used options from install.cfg. If the options are invalid, app and config will throw exceptions, that will be forwarded to the starter app. ''' # The ip connected to the admin net, from which the nfs # export is done. self.kvm_host_back_ip = net.get_lan_ip() self.ram = str(config.host(self.hostname).get_ram()) self.cpu = str(config.host(self.hostname).get_cpu()) self.set_kickstart_options()
def install_mail_client(args): """ Installs a local postfix MTA which accepts email on localhost forwards relays everything to mailrelay-server. Also installs mailx. See line comments in install_mail_server """ if config.host(net.get_hostname()).has_command_re("install-postfix-server"): app.print_verbose("This server will later install the postfix server, abort client installation.") return version_obj = version.Version("Install-postfix-client", SCRIPT_VERSION) version_obj.check_executed() # Install required packages install.package("postfix") # Set config file parameters # general.use_original_file("/etc/postfix/main.cf") postfix_main_cf = scopen.scOpen("/etc/postfix/main.cf") postfix_main_cf.replace( "#myhostname = host.domain.tld", "myhostname = {0}.{1}".format(get_hostname(), config.general.get_resolv_domain()), ) # monitor.syco.com postfix_main_cf.replace( "#mydomain = domain.tld", "mydomain = {0}".format(config.general.get_resolv_domain()) ) # syco.com postfix_main_cf.replace("#myorigin = $mydomain", "myorigin = $myhostname") # Listen only on localhost postfix_main_cf.replace("inet_interfaces = localhost", "inet_interfaces = localhost") postfix_main_cf.replace("#mynetworks = 168.100.189.0/28, 127.0.0.0/8", "mynetworks = 127.0.0.1") postfix_main_cf.replace( "mydestination = $myhostname, localhost.$mydomain, localhost", "mydestination = $myhostname, localhost" ) # Relay everything not for local machine to mailrelay. postfix_main_cf.replace( "#relay_domains = $mydestination", "relay_domains = {0}".format(config.general.get_resolv_domain()) ) postfix_main_cf.replace( "#relayhost = $mydomain", "relayhost = [{0}]".format(config.general.get_mail_relay_domain_name()) ) postfix_main_cf.replace("#home_mailbox = Maildir/", "home_mailbox = Maildir/") postfix_main_cf.replace("inet_protocols = all", "inet_protocols = ipv4") # Install a simple mail CLI-tool install_mailx() # Tell iptables and nrpe that this server is configured as a mail-relay server. iptables.add_mail_relay_chain() iptables.save() # Restart postfix x("service postfix restart") # Send test mail to the syco admin send_test_mail((None, config.general.get_admin_email()))
def _install_host(self, hostname): ''' Execute the commands on the remote host. Create one process for each remote host. ''' try: server = config.host(hostname).get_front_ip() app.print_verbose("Try to install " + hostname + " (" + server + ")", 2) obj = ssh.Ssh(server, app.get_root_password()) self._validate_alive(obj, hostname) app.print_verbose("========================================================================================") app.print_verbose("=== Update " + hostname + " (" + server + ")") app.print_verbose("========================================================================================") obj.install_ssh_key() self._install_syco_on_remote_host(obj) self._execute_commands(obj, hostname) except pexpect.EOF, e: app.print_error(e, 2) # Remove progress state. if hostname in self._installed: del(self._installed[hostname])
def _prompt_for_passwords(self): #Reference to syco.py commands global _commands_obj_reference for hostname in self._servers: commands = config.host(hostname).get_commands() for command in commands: #Assume second word is the command name split_commands = command.split(" ") if len(split_commands) < 1: app.print_verbose("Did not understand command: %s, skipping" % command) continue elif split_commands[0].lower() == "syco": if len(split_commands) < 2: app.print_verbose("Did not understand syco command: %s, skipping" % command) continue else: #This is not a syco command, ignoring it. continue #else, this is a syco command and arg[1] should be the name of the command syco_command = split_commands[1] #Find the passwords for command passwords = _commands_obj_reference.get_command_passwords(syco_command) if len(passwords) > 0: app.print_verbose("Retrieving passwords for command %s" % command) for password_combo in passwords: app.get_custom_password(password_combo[0], password_combo[1])
def _install_nrpe_plugins_dependencies(): """Install libraries/binaries that the NRPE-plugins depend on.""" # Dependency for check_rsyslog x("yum install -y MySQL-python") # Dependency for check_clamav x("yum install -y nagios-plugins-perl perl-Net-DNS-Resolver-Programmable") x("yum install -y perl-suidperl") x( """cat > /etc/sudoers.d/nrpe << EOF Defaults:nrpe !requiretty nrpe ALL=NOPASSWD:{0}check_clamav nrpe ALL=NOPASSWD:{0}check_clamscan nrpe ALL=NOPASSWD:{0}check_disk nrpe ALL=NOPASSWD:{0}get_services nrpe ALL=NOPASSWD:{0}mysql/pmp-check-mysql-deleted-files nrpe ALL=NOPASSWD:{0}mysql/pmp-check-mysql-file-privs EOF """.format( PLG_PATH ) ) # Dependency for check_clamscan x("yum install -y perl-Proc-ProcessTable perl-Date-Calc") # Dependency for check_ldap x("yum install -y php-ldap php-cli") # Dependency for check_iostat x("yum install -y sysstat") # Dependency for hosts/firewall hardware checks host_config_object = config.host(net.get_hostname()) if host_config_object.is_host() or host_config_object.is_firewall(): install.hp_repo() x("yum -y install hp-health hpacucli") # Let nrpe run hpasmcli and hpacucli x( """cat >> /etc/sudoers.d/nrpe << EOF nrpe ALL=NOPASSWD:/sbin/hpasmcli nrpe ALL=NOPASSWD:{0}check_hpasm nrpe ALL=NOPASSWD:/sbin/hpacucli nrpe ALL=NOPASSWD:{0}check_hparray EOF """.format( PLG_PATH ) ) # Dependency for check_ulimit x("yum install -y lsof") # Set ulimit values to take affect after reboot x("printf '\n*\tsoft\tnofile\t8196\n*\thard\tnofile\t16392\n' >> /etc/security/limits.conf") # Kernel wont parse anything but read-only in sudoers. So chmod it. x("chmod 0440 /etc/sudoers.d/nrpe")
def _print_install_stat(self): ''' Display information about the servers that are being installed. ''' print("\n\n\n") app.print_verbose(str(self._servers_left_to_install()) + " server(s) left to install.") app.print_verbose(str(threading.activeCount()) + " thread(s) are running.") app.print_verbose(" " + "SERVER NAME".ljust(30) + "IP".ljust(15) + "ALIVE".ljust(6) + "VALID CONFIG".ljust(13) + "INSTALLED".ljust(10) + "ABORT ERROR".ljust(20) ) app.print_verbose(" " + ("-" * 29).ljust(30) + ("-" * 14).ljust(15) + ("-" * 5).ljust(6) + ("-" * 12).ljust(13) + ("-" * 9).ljust(10) + ("-" * 20).ljust(21) ) for hostname in self.servers: app.print_verbose(" " + hostname.ljust(30) + config.host(hostname).get_back_ip().ljust(15) + self._get_alive(hostname).ljust(6) + self._get_invalid_config(hostname).ljust(13) + self._get_installed(hostname).ljust(10) + self._get_abort_errors(hostname) ) print("\n\n\n")
def _install_host(self, hostname): ''' Execute the commands on the remote host. Create one process for each remote host. ''' try: server = config.host(hostname).get_back_ip() app.print_verbose("Try to install " + hostname + " (" + server + ")", 2) obj = ssh.Ssh(server, app.get_root_password()) self._validate_alive(obj, hostname) app.print_verbose("========================================================================================") app.print_verbose("=== Update " + hostname + " (" + server + ")") app.print_verbose("========================================================================================") obj.install_ssh_key() self._install_syco_on_remote_host(obj) self._execute_commands(obj, hostname) except pexpect.EOF, e: app.print_error(e, 2) # Remove progress state. if hostname in self.installed: del(self.installed[hostname])
def _print_install_stat(self): ''' Display information about the servers that are being installed. ''' print("\n\n\n") app.print_verbose(str(self._servers_left_to_install()) + " server(s) left to install.") app.print_verbose(str(threading.activeCount()) + " thread(s) are running.") app.print_verbose(" " + "SERVER NAME".ljust(30) + "IP".ljust(15) + "ALIVE".ljust(6) + "VALID CONFIG".ljust(13) + "INSTALLED".ljust(10) + "ABORT ERROR".ljust(20) ) app.print_verbose(" " + ("-" * 29).ljust(30) + ("-" * 14).ljust(15) + ("-" * 5).ljust(6) + ("-" * 12).ljust(13) + ("-" * 9).ljust(10) + ("-" * 20).ljust(21) ) for hostname in self._servers: app.print_verbose(" " + hostname.ljust(30) + config.host(hostname).get_front_ip().ljust(15) + self._get_alive(hostname).ljust(6) + self._get_invalid_config(hostname).ljust(13) + self._get_installed(hostname).ljust(10) + self._get_abort_errors(hostname) ) print("\n\n\n")
def install_mysql_replication(args): """ Setup and start the database replication in master-master mode. This function should be executed on the secondary master, after the primary master has been configured. """ app.print_verbose("Install mysql replication version: %d" % SCRIPT_VERSION) version_obj = version.Version("install-mysql-replication", SCRIPT_VERSION) version_obj.check_executed() current_host_config = config.host(net.get_hostname()) repl_peer = current_host_config.get_option("repl_peer") general.wait_for_server_to_start(repl_peer, "3306") repl_password=general.generate_password(20) for ip in [current_host_config.get_front_ip(), repl_peer]: mysql_exec("stop slave;", True, ip) mysql_exec("delete from mysql.user where User = '******';", True, ip) mysql_exec("flush privileges;", True, ip) mysql_exec("GRANT REPLICATION SLAVE ON *.* TO 'repl'@'" + repl_peer + "' IDENTIFIED BY '" + repl_password + "';", True, ip) mysql_exec("GRANT REPLICATION SLAVE ON *.* TO 'repl'@'" + current_host_config.get_front_ip() + "' IDENTIFIED BY '" + repl_password + "';", True, ip) if ip==current_host_config.get_front_ip(): mysql_exec("CHANGE MASTER TO MASTER_HOST='" + repl_peer + "', MASTER_USER='******', MASTER_PASSWORD='******'", True, ip) else: mysql_exec("CHANGE MASTER TO MASTER_HOST='" + current_host_config.get_front_ip() + "', MASTER_USER='******', MASTER_PASSWORD='******'", True, ip) mysql_exec("start slave;", True, ip) version_obj.mark_executed()
def _install_nrpe_plugins_dependencies(): """Install libraries/binaries that the NRPE-plugins depend on.""" # Dependency for check_rsyslog app.print_verbose("Install required dependency for check_rsyslog") install_packages("MySQL-python") # Dependency for check_clamav app.print_verbose("Install required dependencies for check_clamav") install_packages("perl-Net-DNS-Resolver-Programmable perl-suidperl") x("""cat > /etc/sudoers.d/nrpe << EOF Defaults:nrpe !requiretty nrpe ALL=NOPASSWD:{0}check_clamav nrpe ALL=NOPASSWD:{0}check_clamscan nrpe ALL=NOPASSWD:{0}check_disk nrpe ALL=NOPASSWD:{0}get_services nrpe ALL=NOPASSWD:{0}check_file_age nrpe ALL=NOPASSWD:{0}check_ossec-clients.sh nrpe ALL=NOPASSWD:{0}check_haproxy_stats.pl nrpe ALL=NOPASSWD:/usr/sbin/rabbitmqctl nrpe ALL=NOPASSWD:{0}mysql/pmp-check-mysql-deleted-files nrpe ALL=NOPASSWD:{0}mysql/pmp-check-mysql-file-privs EOF """.format(PLG_PATH)) # Dependency for check_ldap app.print_verbose("Install required dependencies for check_ldap") install_packages("php-ldap php-cli") # Dependency for check_iostat app.print_verbose("Install required dependency for check_iostat") install_packages("sysstat") # Dependency for hosts/firewall hardware checks host_config_object = config.host(net.get_hostname()) if host_config_object.is_host() or host_config_object.is_firewall(): install.hp_repo() app.print_verbose("Install required dependencies for Hardware checks") install_packages("hp-health hpssacli") # Let nrpe run hpasmcli and hpssacli x("""cat >> /etc/sudoers.d/nrpe << EOF nrpe ALL=NOPASSWD:/sbin/hpasmcli nrpe ALL=NOPASSWD:{0}check_hpasm nrpe ALL=NOPASSWD:/usr/sbin/hpssacli nrpe ALL=NOPASSWD:{0}check_hparray EOF """.format(PLG_PATH)) # Dependency for check_ulimit app.print_verbose("Install required dependency for check_ulimit") install_packages("lsof") # Set ulimit values to take affect after reboot x("printf '\n*\tsoft\tnofile\t8196\n*\thard\tnofile\t16392\n' >> /etc/security/limits.conf" ) # Kernel wont parse anything but read-only in sudoers. So chmod it. x("chmod 0440 /etc/sudoers.d/nrpe")
def install_ntp_client(args): if config.host(net.get_hostname()).has_command_re("install-ntp-server"): app.print_verbose( "This server will later install the ntp server, abort client installation." ) return ip = config.general.get_ntp_server_ip() install_ntp(ip)
def _install_nrpe_plugins_dependencies(): """Install libraries/binaries that the NRPE-plugins depend on.""" # Dependency for check_rsyslog app.print_verbose("Install required dependency for check_rsyslog") install_packages("MySQL-python") # Dependency for check_clamav app.print_verbose("Install required dependencies for check_clamav") install_packages("perl-Net-DNS-Resolver-Programmable perl-suidperl") x("""cat > /etc/sudoers.d/nrpe << EOF Defaults:nrpe !requiretty nrpe ALL=NOPASSWD:{0}check_clamav nrpe ALL=NOPASSWD:{0}check_clamscan nrpe ALL=NOPASSWD:{0}check_disk nrpe ALL=NOPASSWD:{0}get_services nrpe ALL=NOPASSWD:{0}check_file_age nrpe ALL=NOPASSWD:{0}check_ossec-clients.sh nrpe ALL=NOPASSWD:{0}check_haproxy_stats.pl nrpe ALL=NOPASSWD:/usr/sbin/rabbitmqctl nrpe ALL=NOPASSWD:{0}mysql/pmp-check-mysql-deleted-files nrpe ALL=NOPASSWD:{0}mysql/pmp-check-mysql-file-privs EOF """.format(PLG_PATH)) # Dependency for check_ldap app.print_verbose("Install required dependencies for check_ldap") install_packages("php-ldap php-cli") # Dependency for check_iostat app.print_verbose("Install required dependency for check_iostat") install_packages("sysstat") # Dependency for hosts/firewall hardware checks host_config_object = config.host(net.get_hostname()) if host_config_object.is_host() or host_config_object.is_firewall(): install.hp_repo() app.print_verbose("Install required dependencies for Hardware checks") install_packages("hp-health hpssacli") # Let nrpe run hpasmcli and hpssacli x("""cat >> /etc/sudoers.d/nrpe << EOF nrpe ALL=NOPASSWD:/sbin/hpasmcli nrpe ALL=NOPASSWD:{0}check_hpasm nrpe ALL=NOPASSWD:/usr/sbin/hpssacli nrpe ALL=NOPASSWD:{0}check_hparray EOF """.format(PLG_PATH)) # Dependency for check_ulimit app.print_verbose("Install required dependency for check_ulimit") install_packages("lsof") # Set ulimit values to take affect after reboot x("printf '\n*\tsoft\tnofile\t8196\n*\thard\tnofile\t16392\n' >> /etc/security/limits.conf") # Kernel wont parse anything but read-only in sudoers. So chmod it. x("chmod 0440 /etc/sudoers.d/nrpe")
def _configure_squid(): x("rm -rf /etc/squid/*") x("cp %s/*.conf %s" % (SYCO_PLUGIN_PATH, SQUID_CONF_DIR)) x("mkdir -p %s/acl" % (SQUID_CONF_DIR)) x("mkdir -p %s/services" % (SQUID_CONF_DIR)) x("cp %s/acl/* %sacl/" % (SYCO_PLUGIN_PATH, SQUID_CONF_DIR)) x("cp %s/services/* %sservices/" % (SYCO_PLUGIN_PATH, SQUID_CONF_DIR)) env_ip = config.host(net.get_hostname()).get_front_ip() if config.general.is_back_enabled(): #prefer backnet if enabled env_ip = config.host(net.get_hostname()).get_back_ip() scopen.scOpen(SQUID_CONF_DIR + "squid.conf").replace("${ENV_IP}", env_ip) #Some setups require the front IP as well scopen.scOpen(SQUID_CONF_DIR + "squid.conf").replace("${FRONT_IP}", config.host(net.get_hostname()).get_front_ip()) _chkconfig("squid", "on") _service("squid", "restart")
def __init__(self): netmasks = {} #Add localhost IP/netmask local_ip = "127.0.0.1" self.server_ips.append(local_ip) netmasks[local_ip] = "255.0.0.0" #Add IPs for front/back net if they exist. front_ip = config.host(net.get_hostname()).get_front_ip() if front_ip: self.server_ips.append(front_ip) netmasks[front_ip] = config.general.get_front_netmask() back_ip = config.host(net.get_hostname()).get_back_ip() if config.general.is_back_enabled() and back_ip: self.server_ips.append(back_ip) netmasks[back_ip] = config.general.get_back_netmask() if len(self.server_ips) < 2: app.print_error( "Didn't find any valid IP addresses from front or back net. Exiting" ) sys.exit(1) for ip in self.server_ips: self.server_networks.append(net.get_network_cidr(ip, netmasks[ip])) self.virtual_alias_domains = config.general.get_option( "mailrelay.virtual_alias_domains", "") for alias_row in config.general.get_option("mailrelay.virtual_aliases", "").split(";"): if len(alias_row.strip()) == 0: #Don't process empty rows break split_row = alias_row.split(" ", 1) if len(split_row) != 2: app.print_error( "Expected mailrelay.virtual_alias to be two words separated by space, several entries " "separated by semicolon. Found \"%s\"" % alias_row) sys.exit(1) self.virtual_aliases[split_row[0]] = split_row[1]
def _configure_squid(): x("rm -rf /etc/squid/*") x("cp %s/*.conf %s" % (SYCO_PLUGIN_PATH, SQUID_CONF_DIR)) x("mkdir -p %s/acl" % (SQUID_CONF_DIR)) x("mkdir -p %s/services" % (SQUID_CONF_DIR)) x("cp %s/acl/* %sacl/" % (SYCO_PLUGIN_PATH, SQUID_CONF_DIR)) x("cp %s/services/* %sservices/" % (SYCO_PLUGIN_PATH, SQUID_CONF_DIR)) env_ip = config.host(net.get_hostname()).get_front_ip() if config.general.is_back_enabled(): #prefer backnet if enabled env_ip = config.host(net.get_hostname()).get_back_ip() scopen.scOpen(SQUID_CONF_DIR + "squid.conf").replace("${ENV_IP}", env_ip) #Some setups require the front IP as well scopen.scOpen(SQUID_CONF_DIR + "squid.conf").replace( "${FRONT_IP}", config.host(net.get_hostname()).get_front_ip()) _chkconfig("squid", "on") _service("squid", "restart")
def _install_nrpe_plugins_dependencies(): """Install libraries/binaries that the NRPE-plugins depend on.""" # Dependency for check_rsyslog x("yum install -y MySQL-python") # Dependency for check_clamav x("yum install -y nagios-plugins-perl perl-Net-DNS-Resolver-Programmable") x("yum install -y perl-suidperl") x("""cat > /etc/sudoers.d/nrpe << EOF Defaults:nrpe !requiretty nrpe ALL=NOPASSWD:{0}check_clamav nrpe ALL=NOPASSWD:{0}check_clamscan nrpe ALL=NOPASSWD:{0}check_disk nrpe ALL=NOPASSWD:{0}get_services nrpe ALL=NOPASSWD:{0}mysql/pmp-check-mysql-deleted-files nrpe ALL=NOPASSWD:{0}mysql/pmp-check-mysql-file-privs EOF """.format(PLG_PATH)) # Dependency for check_clamscan x("yum install -y perl-Proc-ProcessTable perl-Date-Calc") # Dependency for check_ldap x("yum install -y php-ldap php-cli") # Dependency for check_iostat x("yum install -y sysstat") # Dependency for hosts/firewall hardware checks host_config_object = config.host(net.get_hostname()) if host_config_object.is_host() or host_config_object.is_firewall(): install.hp_repo() x("yum -y install hp-health hpacucli") # Let nrpe run hpasmcli and hpacucli x("""cat >> /etc/sudoers.d/nrpe << EOF nrpe ALL=NOPASSWD:/sbin/hpasmcli nrpe ALL=NOPASSWD:{0}check_hpasm nrpe ALL=NOPASSWD:/sbin/hpacucli nrpe ALL=NOPASSWD:{0}check_hparray EOF """.format(PLG_PATH)) # Dependency for check_ulimit x("yum install -y lsof") # Set ulimit values to take affect after reboot x("printf '\n*\tsoft\tnofile\t8196\n*\thard\tnofile\t16392\n' >> /etc/security/limits.conf" ) # Kernel wont parse anything but read-only in sudoers. So chmod it. x("chmod 0440 /etc/sudoers.d/nrpe")
def _install_guest(guest_name): ''' Create lvm vol and install guest with koan. ''' app.print_verbose("Install " + guest_name) # + 1 because it looks like the guest os needs a little bit more space # than it uses inside the guest. Could proably be optimized, and lowered # maybe just a few MB.. disk.create_lvm_volumegroup( guest_name, int(config.host(guest_name).get_total_disk_gb()) + 1, config.host(guest_name).get_vol_group()) x( "koan --server=" + config.general.get_installation_server_ip() + " --system=" + guest_name + " --virt -v --static-interface=eth1") x("virsh autostart " + guest_name)
def _install_nrpe_plugins(): """Install NRPE-plugins (to be executed remoteley) and SELinux-rules.""" # Install packages and their dependencies. _install_nrpe_plugins_dependencies() x("cp -p {0}lib/nagios/plugins_nrpe/* {1}".format(constant.SYCO_PATH, PLG_PATH)) # Set the sssd password nrpe_config = scopen.scOpen("/etc/nagios/nrpe.d/common.cfg") nrpe_config.replace("$(LDAPPASSWORD)", app.get_ldap_sssd_password()) nrpe_config.replace("$(LDAPURL)", config.general.get_ldap_hostname()) nrpe_config.replace( "$(SQLPASS)", app.get_mysql_monitor_password().replace("&", "\&").replace("/", "\/")) # Set name of main disk host_config = config.host(net.get_hostname()) if host_config.is_guest(): nrpe_config.replace("${MAINDISK}", "vda") elif host_config.is_firewall() or host_config.is_host(): nrpe_config.replace("${MAINDISK}", "sda") # Change ownership of plugins to nrpe (from icinga/nagios) x("chmod -R 550 /usr/lib64/nagios/plugins/") x("chown -R nrpe:nrpe /usr/lib64/nagios/plugins/") # Set SELinux roles to allow NRPE execution of binaries such as python/perl. # Corresponding .te-files summarize rule content x("mkdir -p /var/lib/syco_selinux_modules") rule_path_list = list_plugin_files("/var/nagios/selinux_rules") for path in rule_path_list: x("cp {0}/*.pp /var/lib/syco_selinux_modules/".format(path)) x("semodule -i /var/lib/syco_selinux_modules/*.pp") # Fix some SELinux rules on custom plugins. _fix_selinux("nagios_unconfined_plugin_exec_t", "check_disk") _fix_selinux("nagios_services_plugin_exec_t", "check_ldap.php") _fix_selinux("nagios_services_plugin_exec_t", "check_iptables.py") _fix_selinux("nagios_unconfined_plugin_exec_t", "check_clam*") # TODO?? #_fix_selinux("nagios_unconfined_plugin_exec_t", "pmp-check-mysql*") #_fix_selinux("nagios_unconfined_plugin_exec_t", "farpayment_stats.py") #_fix_selinux("nagios_unconfined_plugin_exec_t", "rentalfront_stats.py") #_fix_selinux("nagios_unconfined_plugin_exec_t", "checkMySQLProcesslist.sh") _fix_selinux("nagios_unconfined_plugin_exec_t", "check_connections.pl") _fix_selinux("nagios_unconfined_plugin_exec_t", "check_procs.sh") _fix_selinux("nagios_unconfined_plugin_exec_t", "check_ulimit.py") _fix_selinux("nagios_unconfined_plugin_exec_t", "check_hpasm") _fix_selinux("nagios_unconfined_plugin_exec_t", "check_hparray") _fix_selinux("nagios_unconfined_plugin_exec_t", "check_ifutil.pl") # New in centos 6.7 x("setsebool -P nagios_run_sudo 1")
def __init__(self): netmasks = {} # Add localhost IP/netmask local_ip = "127.0.0.1" self.server_ips.append(local_ip) netmasks[local_ip] = "255.0.0.0" # Add IPs for front/back net if they exist. front_ip = config.host(net.get_hostname()).get_front_ip() if front_ip: self.server_ips.append(front_ip) netmasks[front_ip] = config.general.get_front_netmask() back_ip = config.host(net.get_hostname()).get_back_ip() if config.general.is_back_enabled() and back_ip: self.server_ips.append(back_ip) netmasks[back_ip] = config.general.get_back_netmask() if len(self.server_ips) < 2: app.print_error("Didn't find any valid IP addresses from front or back net. Exiting") sys.exit(1) for ip in self.server_ips: self.server_networks.append(net.get_network_cidr(ip, netmasks[ip])) self.virtual_alias_domains = config.general.get_option("mailrelay.virtual_alias_domains", "") for alias_row in config.general.get_option("mailrelay.virtual_aliases", "").split(";"): if len(alias_row.strip()) == 0: # Don't process empty rows break split_row = alias_row.split(" ", 1) if len(split_row) != 2: app.print_error( "Expected mailrelay.virtual_alias to be two words separated by space, several entries " 'separated by semicolon. Found "%s"' % alias_row ) sys.exit(1) self.virtual_aliases[split_row[0]] = split_row[1]
def _install_nrpe_plugins(): """Install NRPE-plugins (to be executed remoteley) and SELinux-rules.""" # Install packages and their dependencies. _install_nrpe_plugins_dependencies() x("cp -p {0}lib/nagios/plugins_nrpe/* {1}".format(constant.SYCO_PATH, PLG_PATH)) for plugin_path in app.get_syco_plugin_paths("/var/icinga/plugins/"): x("cp -p {0}* {1}".format(plugin_path, PLG_PATH)) # Set the sssd password nrpe_config = scopen.scOpen("/etc/nagios/nrpe.d/common.cfg") nrpe_config.replace("$(LDAPPASSWORD)", app.get_ldap_sssd_password()) nrpe_config.replace("$(LDAPURL)", config.general.get_ldap_hostname()) nrpe_config.replace("$(SQLPASS)", app.get_mysql_monitor_password().replace("&","\&").replace("/","\/")) # Set name of main disk host_config = config.host(net.get_hostname()) if host_config.is_guest(): nrpe_config.replace("${MAINDISK}", "vda") elif host_config.is_firewall() or host_config.is_host(): nrpe_config.replace("${MAINDISK}", "sda") # Change ownership of plugins to nrpe (from icinga/nagios) x("chmod -R 550 /usr/lib64/nagios/plugins/") x("chown -R nrpe:nrpe /usr/lib64/nagios/plugins/") # Set SELinux roles to allow NRPE execution of binaries such as python/perl. # Corresponding .te-files summarize rule content x("mkdir -p /var/lib/syco_selinux_modules") rule_path_list = list_plugin_files("/var/nagios/selinux_rules") for path in rule_path_list: x("cp {0}/*.pp /var/lib/syco_selinux_modules/".format(path)) x("semodule -i /var/lib/syco_selinux_modules/*.pp") # Fix some SELinux rules on custom plugins. _fix_selinux("nagios_unconfined_plugin_exec_t", "check_disk") _fix_selinux("nagios_services_plugin_exec_t", "check_ldap.php") _fix_selinux("nagios_services_plugin_exec_t", "check_iptables.py") _fix_selinux("nagios_unconfined_plugin_exec_t", "check_clam*") # TODO?? #_fix_selinux("nagios_unconfined_plugin_exec_t", "pmp-check-mysql*") #_fix_selinux("nagios_unconfined_plugin_exec_t", "farpayment_stats.py") #_fix_selinux("nagios_unconfined_plugin_exec_t", "rentalfront_stats.py") #_fix_selinux("nagios_unconfined_plugin_exec_t", "checkMySQLProcesslist.sh") _fix_selinux("nagios_unconfined_plugin_exec_t", "check_connections.pl") _fix_selinux("nagios_unconfined_plugin_exec_t", "check_procs.sh") _fix_selinux("nagios_unconfined_plugin_exec_t", "check_ulimit.py") _fix_selinux("nagios_unconfined_plugin_exec_t", "check_hpasm") _fix_selinux("nagios_unconfined_plugin_exec_t", "check_hparray") _fix_selinux("nagios_unconfined_plugin_exec_t", "check_ifutil.pl") # New in centos 6.7 x("setsebool -P nagios_run_sudo 1")
def _validate_install_config(self): ''' Validate all host options in install.cfg. Print error messages in verbose mode. ''' for hostname in self._servers: if (not config.host(hostname).get_front_ip()): self._invalid_config[hostname] = "No" app.print_verbose("In install.cfg, cant find ip for " + hostname) else: self._invalid_config[hostname] = "Yes"
def get_hosts_to_install(args): # Set what guests that should be installed. guest_hostnames = [] if (len(args) == 2): guest_hostnames.append(args[1]) else: hostname = socket.gethostname() guest_hostnames += config.host(hostname).get_guests() if (len(guest_hostnames) <= 0): raise Exception("No guests to install.") return guest_hostnames
def _validate_install_config(self): """ Validate all host options in install.cfg. Print error messages in verbose mode. """ for hostname in self._servers: if not config.host(hostname).get_front_ip(): self._invalid_config[hostname] = "No" app.print_verbose("In install.cfg, cant find ip for " + hostname) else: self._invalid_config[hostname] = "Yes"
def _execute_commands(self, obj, hostname): commands = config.host(hostname).get_commands(app.options.verbose >= 2) while(len(commands) != 0): try: obj.ssh_exec(commands[0]) commands.pop(0) except ssh.SSHTerminatedException, e: app.print_error("SSHTerminatedException on host " + hostname + " with command " + commands[0]) obj.wait_until_alive() except pexpect.EOF, e: app.print_error("pexpect.EOF on host " + hostname + " with command " + commands[0])
def _validate_install_config(self): ''' Validate all host options in install.cfg. Print error messages in verbose mode. ''' for hostname in self.servers: if (not config.host(hostname).get_back_ip()): self.invalid_config[hostname] = "No" app.print_verbose("In install.cfg, cant find ip for " + hostname) else: self.invalid_config[hostname] = "Yes"
def install_mail_client(args): """ Installs a local postfix MTA which accepts email on localhost forwards relays everything to mailrelay-server. Also installs mailx. See line comments in install_mail_server """ if config.host(net.get_hostname()).has_command_re("install-postfix-server"): app.print_verbose( "This server will later install the postfix server, abort client installation." ) return version_obj = version.Version("Install-postfix-client", SCRIPT_VERSION) version_obj.check_executed() # Install required packages install.package("postfix") # Set config file parameters # general.use_original_file("/etc/postfix/main.cf") postfix_main_cf = scopen.scOpen("/etc/postfix/main.cf") postfix_main_cf.replace("#myhostname = host.domain.tld", "myhostname = {0}.{1}".format(get_hostname(), config.general.get_resolv_domain())) # monitor.syco.com postfix_main_cf.replace("#mydomain = domain.tld", "mydomain = {0}".format(config.general.get_resolv_domain())) # syco.com postfix_main_cf.replace("#myorigin = $mydomain", "myorigin = $myhostname") # Listen only on localhost postfix_main_cf.replace("inet_interfaces = localhost", "inet_interfaces = localhost") postfix_main_cf.replace("#mynetworks = 168.100.189.0/28, 127.0.0.0/8", "mynetworks = 127.0.0.1") postfix_main_cf.replace("mydestination = $myhostname, localhost.$mydomain, localhost", "mydestination = $myhostname, localhost") # Relay everything not for local machine to mailrelay. postfix_main_cf.replace("#relay_domains = $mydestination", "relay_domains = {0}".format(config.general.get_resolv_domain())) postfix_main_cf.replace("#relayhost = $mydomain","relayhost = [{0}]".format(config.general.get_mail_relay_domain_name())) postfix_main_cf.replace("#home_mailbox = Maildir/","home_mailbox = Maildir/") postfix_main_cf.replace("inet_protocols = all","inet_protocols = ipv4") # Install a simple mail CLI-tool install_mailx() # Tell iptables and nrpe that this server is configured as a mail-relay server. iptables.add_mail_relay_chain() iptables.save() # Restart postfix x("service postfix restart") # Send test mail to the syco admin send_test_mail((None, config.general.get_admin_email()))
def _install_nrpe_plugins_dependencies(): ''' Install libraries/binaries that the NRPE-plugins depend on. ''' # Dependency for check_rsyslog x("yum install -y MySQL-python") # Dependency for check_clamav x("yum install -y nagios-plugins-perl perl-Net-DNS-Resolver-Programmable sudo yum install perl-suidperl") nrpe_sudoers_file = scopen.scOpen("/etc/sudoers.d/nrpe") nrpe_sudoers_file.add("Defaults:nrpe !requiretty") nrpe_sudoers_file.add("nrpe ALL=NOPASSWD:{0}check_clamav".format(PLG_PATH)) nrpe_sudoers_file.add("nrpe ALL=NOPASSWD:{0}check_clamscan".format(PLG_PATH)) nrpe_sudoers_file.add("nrpe ALL=NOPASSWD:{0}check_disk".format(PLG_PATH)) nrpe_sudoers_file.add("nrpe ALL=NOPASSWD:{0}get_services".format(PLG_PATH)) nrpe_sudoers_file.add("nrpe ALL=NOPASSWD:{0}mysql/pmp-check-mysql-deleted-files".format(PLG_PATH)) nrpe_sudoers_file.add("nrpe ALL=NOPASSWD:{0}mysql/pmp-check-mysql-file-privs".format(PLG_PATH)) # Dependency for check_clamscan x("yum install -y perl-Proc-ProcessTable perl-Date-Calc") # Dependency for check_ldap x("yum install -y php-ldap php-cli") # Dependency for hosts/firewall hardware checks host_config_object = config.host(net.get_hostname()) if host_config_object.is_host() or host_config_object.is_firewall(): # Create an installname and filenames install_dir = general.get_install_dir() # Download and install HP health monitoring package general.download_file( HP_HEALTH_URL, HP_HEALTH_FILENAME, md5=HP_HEALTH_MD5 ) x("yum install {0} -y".format(HP_HEALTH_FILENAME)) # Remove their evil crontab x("rm -f /etc/cron.d/hp-health") # Let nrpe run hpasmcli nrpe_sudoers_file.add("nrpe ALL=NOPASSWD:/sbin/hpasmcli") nrpe_sudoers_file.add("nrpe ALL=NOPASSWD:{0}check_hpasm".format(PLG_PATH)) x("service hp-health start") # Kernel wont parse anything but read-only in sudoers. So chmod it. x("chmod 0440 /etc/sudoers.d/nrpe")
def _install_guest(guest_name): ''' Create lvm vol and install guest with koan. ''' app.print_verbose("Install " + guest_name) devicename = disk.create_lvm_volumegroup( guest_name, config.host(guest_name).get_total_disk_gb()) x("koan --server=" + config.general.get_installation_server_ip() + " --system=" + guest_name + " --virt -v --static-interface=eth0") x("virsh autostart " + guest_name)
def _execute_commands(self, obj, hostname): commands = config.host(hostname).get_commands(app.options.verbose >= 2) while (len(commands) != 0): try: obj.ssh_exec(commands[0]) commands.pop(0) except ssh.SSHTerminatedException, e: app.print_error("SSHTerminatedException on host " + hostname + " with command " + commands[0]) obj.wait_until_alive() except pexpect.EOF, e: app.print_error("pexpect.EOF on host " + hostname + " with command " + commands[0])
def _install_guest(guest_name): ''' Create lvm vol and install guest with koan. ''' app.print_verbose("Install " + guest_name) devicename = disk.create_lvm_volumegroup(guest_name, config.host(guest_name).get_total_disk_gb()) x( "koan --server=" + config.general.get_installation_server_ip() + " --system=" + guest_name + " --virt -v --static-interface=eth0") x("virsh autostart " + guest_name)
def _edit_kopts(hostname): ''' Set kernel options for systems used during installation. The network interface settings are the changes from the default settings. The guest don't get any network access without them, and can't find kickstart files and installation files. ''' x(('cobbler system edit --profile=centos-vm_host --name=%s ' + '--kopts="ksdevice=eth0 ip=%s netmask=%s dns=%s gateway=%s ' + 'lang= kssendmac text"') % (hostname, config.host(hostname).get_back_ip(), config.general.get_back_netmask(), config.general.get_back_resolver_ip(), config.general.get_back_gateway_ip()))
def test_host_vh01_install(self): host = config.host("syco-vh01") self.assertEqual(host.get_front_ip(), None) self.assertEqual(host.get_back_ip(), "10.0.0.2") self.assertEqual(host.get_back_mac(), "xx:xx:xx:xx:xx:xx") self.assertRaises(config.ConfigException, host.get_ram) self.assertRaises(config.ConfigException, host.get_cpu) self.assertRaises(config.ConfigException, host.get_disk_var) self.assertRaises(config.ConfigException, host.get_boot_device) self.assertEqual(host.get_boot_device("hda"), "hda") self.assertEqual(host.is_host(), True) self.assertEqual(host.has_guests(), True) self.assertEqual(host.get_commands(), ['syco iptables-setup', 'syco hardening']) self.assertEqual(host.get_guests(), ['syco-install', 'syco-ntp']) self.assertEqual(host.get_backup_pathes(), ['/etc/', '/tmp/'])
def _setup_radius_clients(): ''' Create client config/certs for all radius clients. Currently only switches and localhost can act as clients to radius. ''' # Deleting all clients x("rm /etc/raddb/clients.conf") # Adding localhost _setup_radius_client("localhost", "127.0.0.1") # Adding switches for switch_name in get_switches(): _setup_radius_client(switch_name, config.host(switch_name).get_back_ip())
def _get_host_list(): """ This function polls through all hosts in the /opt/syco/etc/install.cfg and sorts them into host types (see object model UML). A host class is defined in the bottom of this script. Host objects are instantiated with hostname, front-ip, and type in this function. """ # Create a list of host-objects from the syco-config (see host class) serverList=[] for server in config.get_devices(): if config.host(server).is_guest(): serverList.append(host(server, config.host(server).get_any_ip(), "guest")) elif config.host(server).is_host(): serverList.append(host(server, config.host(server).get_any_ip(), "host")) elif config.host(server).is_firewall(): serverList.append(host(server, config.host(server).get_back_ip(), "firewall")) elif config.host(server).is_switch(): serverList.append(host(server, config.host(server).get_any_ip(), "switch")) return serverList
def install_ossecd(args): ''' Install OSSEC server in the server ''' #OSSEC DOWNLOAD URL ossec_download = "http://www.ossec.net/files/ossec-hids-2.6.tar.gz" #Installing OSSEC x('yum install gcc make perl-Time-HiRes') x("wget -P /tmp/ " + ossec_download) x("tar -C /tmp -zxf /tmp/ossec-hids* ") x("rm -rf /tmp/ossec-hids*.tar.gz") x("mv /tmp/ossec-hids* /tmp/ossecbuild") x('\cp -f /opt/syco/var/ossec/osseconf/preloaded-vars-server.conf /tmp/ossecbuild/etc/preloaded-vars.conf' ) x('/tmp/ossecbuild/install.sh') #Generating keys for ossec all klients to work for server in get_servers(): x('/tmp/ossecbuild/contrib/ossec-batch-manager.pl -a -n ' + server + '.fareoffice.com -p ' + config.host(server).get_back_ip()) x("grep " + server + ".fareoffice.com /var/ossec/etc/client.keys > /var/ossec/etc/" + server + ".fareoffice.com_client.keys") #Setting upp server config and local rules from syco ('\cp -f /opt/syco/var/ossec/osseconf/ossec_server.conf /var/ossec/etc/ossec.conf' ) x('\cp -f /opt/syco/var/ossec/osseconf/local_rules.xml /var/ossec/rules/local_rules.xml' ) x('chown root:ossec /var/ossec/rules/local_rules.xml') x('chmod 550 /var/ossec/rules/local_rules.xml') x('chown root:ossec /var/ossec/etc/ossec.conf') #Enabling syslog logging x('/var/ossec/bin/ossec-control enable client-syslog') #Restaring OSSEC server x('/var/ossec/bin/ossec-control restart') x('/var/ossec/bin/ossec-remoted start') #Cleaning upp install x('rm -rf /tmp/ossecbuild') x('yum remove gcc make perl-Time-HiRes')
def _execute_commands(self, obj, hostname): if self._enable_commands: commands = config.host(hostname).get_commands(app.options.verbose >= 2) while(len(commands) != 0): try: obj.ssh_exec(commands[0]) commands.pop(0) except ssh.SSHTerminatedException, e: app.print_error("SSHTerminatedException on host " + hostname + " with command " + commands[0]) obj.wait_until_alive() except pexpect.EOF, e: app.print_error("pexpect.EOF on host " + hostname + " with command " + commands[0]) except pxssh.ExceptionPxssh, e: app.print_error("pxssh.ExceptionPxssh on host " + hostname + " with command " + commands[0] + ", might be because the remote host rebooted.")
def test_host_syco_install(self): host = config.host("syco-install") self.assertEqual(host.get_front_ip(), "10.0.1.3") self.assertEqual(host.get_back_ip(), "10.0.0.3") self.assertRaises(config.ConfigException, host.get_back_mac) self.assertEqual(host.get_ram(), "1024") self.assertEqual(host.get_cpu(), "1") self.assertEqual(host.get_disk_var(), "40") self.assertRaises(config.ConfigException, host.get_boot_device) self.assertEqual(host.get_boot_device("hda"), "hda") self.assertEqual(host.is_host(), False) self.assertEqual(host.has_guests(), False) self.assertEqual(host.get_commands(), ['syco iptables-setup', 'syco hardening']) self.assertEqual(host.get_guests(), []) self.assertEqual(host.get_backup_pathes(), ['/etc/'])
def install_mariadb_replication(args): """ Setup and start the database replication in master-master mode. This function should be executed on the secondary master, after the primary master has been configured. """ app.print_verbose( "Install MariaDB replication version: %d" % SCRIPT_VERSION ) version_obj = version.Version("install-mariadb-replication", SCRIPT_VERSION) version_obj.check_executed() current_host_config = config.host(net.get_hostname()) repl_peer = current_host_config.get_option("repl_peer") general.wait_for_server_to_start(repl_peer, "3306") repl_password = general.generate_password(20) front_ip = current_host_config.get_front_ip() for ip in ["127.0.0.1", repl_peer]: mysql_exec("stop slave;", True, ip) mysql_exec("delete from mysql.user where User = '******'", True, ip) mysql_exec("flush privileges;", True, ip) mysql_exec( "GRANT REPLICATION SLAVE ON *.* TO " + "'repl'@'%s' IDENTIFIED BY '%s'," % (repl_peer, repl_password) + "'repl'@'%s' IDENTIFIED BY '%s'" % (front_ip, repl_password), True, ip) if ip == "127.0.0.1": mysql_exec( "CHANGE MASTER TO MASTER_HOST='%s', " % repl_peer + "MASTER_USER='******', MASTER_PASSWORD='******'" % repl_password, True, ip ) else: mysql_exec( "CHANGE MASTER TO MASTER_HOST='%s', " % front_ip + "MASTER_USER='******', MASTER_PASSWORD='******'" % repl_password, True, ip ) mysql_exec("start slave;", True, ip) version_obj.mark_executed()
def vir_list(args): old_verbose = app.options.verbose app.options.verbose = 2 try: for hostname in config.get_hosts(): server = config.host(hostname).get_front_ip() obj = ssh.Ssh(server, app.get_root_password()) app.print_verbose("List KVM guests on host " + hostname + " (" + server + ")") if (obj.is_alive()): obj.install_ssh_key() obj.ssh_exec("virsh list --all") else: app.print_verbose(" Not online.") except SettingsError, e: app.print_error(e, 2)