def archive_setup_real_data():
"""Set up cnxarchive database with real data
"""
if not _postgres_user_exists('cnxarchive'):
prompts = []
prompts += fexpect.expect('Enter password for new role:', 'cnxarchive')
prompts += fexpect.expect('Enter it again:', 'cnxarchive')
with fexpect.expecting(prompts):
fexpect.sudo(
'createuser --no-createdb --no-createrole --superuser --pwprompt cnxarchive',
user='******')
if _postgres_db_exists('cnxarchive'):
sudo('dropdb cnxarchive', user='******')
sudo('createdb -O cnxarchive cnxarchive', user='******')
sudo('createlang plpythonu cnxarchive', user='******')
run('zcat cnx-archive/repo_test_data.sql.gz >cnx-archive/repo_test_data.sql'
)
prompts = fexpect.expect('Password for user cnxarchive:', 'cnxarchive')
with fexpect.expecting(prompts):
fexpect.run(
'psql -U cnxarchive cnxarchive -f cnx-archive/repo_test_data.sql')
run('rm -rf cnx-archive/repo_test_data.sql')
run('cnx-upgrade v1')
def test_install(image_name):
with temporary_ec2_instance(ami_id=get_ami(image_name)):
sudo('apt-get -y install python-software-properties')
sudo('yes | apt-add-repository ppa:localwikidev/testing')
sudo('apt-get update')
with fexpect.expecting(prompts):
fexpect.sudo('apt-get -y --force-yes install localwiki')
# On Ubuntu 11.10, downgrade to psycopg2 v2.4.1 or else tests can't run
# See https://code.djangoproject.com/ticket/16250
if image_name in ['ubuntu11.10', 'ubuntu12.04']:
sudo('apt-get -y install python-dev libpq-dev')
sudo('pip install psycopg2==2.4.1')
# Give localwiki db user permission to create a database, for tests
sudo('psql -c "ALTER ROLE localwiki WITH CREATEDB;"', user='******')
sudo('localwiki-manage test pages maps tags versioning diff ckeditor redirects users')
def repo_setup():
"""Set up rhaptos2.repo
"""
_setup()
_install_postgresql()
sudo('apt-get install --yes libxml2-dev libxslt1-dev')
_install_nodejs()
sudo('apt-get install --yes npm')
if not _postgres_user_exists('rhaptos2repo'):
prompts = []
prompts += fexpect.expect('Enter password for new role:',
'rhaptos2repo')
prompts += fexpect.expect('Enter it again:', 'rhaptos2repo')
with fexpect.expecting(prompts):
fexpect.sudo('createuser --pwprompt --superuser rhaptos2repo',
user='******')
if _postgres_db_exists('rhaptos2repo'):
sudo('dropdb rhaptos2repo', user='******')
if _postgres_db_exists('rhaptos2users'):
sudo('dropdb rhaptos2users', user='******')
sudo('createdb -O rhaptos2repo rhaptos2repo', user='******')
sudo('createdb -O rhaptos2repo rhaptos2users', user='******')
if not fabric.contrib.files.exists('rhaptos2.common'):
run('git clone [email protected]:Connexions/rhaptos2.common.git')
with cd('rhaptos2.common'):
sudo('python setup.py install')
sudo('pip install -e .')
if not fabric.contrib.files.exists('rhaptos2.repo'):
run('git clone -b fix-install [email protected]:Connexions/rhaptos2.repo.git'
)
with cd('rhaptos2.repo'):
sudo('pip install -e .')
if fabric.contrib.files.exists('repo-error.log'):
sudo('chown karen:karen repo-error.log')
sudo('rhaptos2repo-initdb develop.ini')
with cd('rhaptos2.repo'):
if not fabric.contrib.files.exists('atc'):
run('git clone [email protected]:Connexions/atc.git')
with cd('rhaptos2.repo/atc'):
sudo('npm update -g bower', warn_only=True)
run('npm install')
sudo('easy_install-2.7 PasteScript PasteDeploy waitress')
def user_setup():
"""Set up cnx-user
"""
_setup()
_install_postgresql()
if not _postgres_user_exists('cnxuser'):
prompts = []
prompts += fexpect.expect('Enter password for new role:', 'cnxuser')
prompts += fexpect.expect('Enter it again:', 'cnxuser')
with fexpect.expecting(prompts):
fexpect.sudo(
'createuser --no-createdb --no-createrole --no-superuser --pwprompt cnxuser',
user='******')
if _postgres_db_exists('cnxuser'):
sudo('dropdb cnxuser', user='******')
sudo('createdb -O cnxuser cnxuser', user='******')
if not fabric.contrib.files.exists('cnx-user'):
run('git clone https://github.com/Connexions/cnx-user.git')
if not fabric.contrib.files.exists('velruse'):
run('git clone -b cnx-master https://github.com/pumazi/velruse.git')
with cd('velruse'):
sudo('python setup.py install')
sudo('pip install -e .')
_install_nodejs()
sudo('apt-get install --yes npm')
sudo('rm -rf ~/tmp') # ~/tmp is needed for npm
sudo('npm install -g grunt-cli bower')
# remove ~/tmp after a system npm install as ~/tmp is owned by root and
# cannot be written as the user in the next step
sudo('rm -rf ~/tmp')
with cd('cnx-user/cnxuser/assets'):
run('npm install')
with cd('cnx-user'):
# change velruse to use 1.0.3 which is the version from pumazmi/veruse
if not fabric.contrib.files.contains('setup.py', 'velruse==1.0.3'):
fabric.contrib.files.sed('setup.py', 'velruse', 'velruse==1.0.3')
sudo('python setup.py install')
sudo('pip install -e .')
# httplib2 top_level.txt is not readable by the user for some reason
# (while other top_level.txt are). This causes initialize_cnx-user_db
# to fail with IOError permission denied
sudo(
'chmod 644 /usr/local/lib/python2.7/dist-packages/httplib2-0.8-py2.7.egg/EGG-INFO/top_level.txt'
)
run('initialize_cnx-user_db development.ini')
def repo_setup():
"""Set up rhaptos2.repo
"""
_setup()
_install_postgresql()
sudo('apt-get install --yes libxml2-dev libxslt1-dev')
_install_nodejs()
sudo('apt-get install --yes npm')
if not _postgres_user_exists('rhaptos2repo'):
prompts = []
prompts += fexpect.expect('Enter password for new role:', 'rhaptos2repo')
prompts += fexpect.expect('Enter it again:', 'rhaptos2repo')
with fexpect.expecting(prompts):
fexpect.sudo('createuser --pwprompt --superuser rhaptos2repo', user='******')
if _postgres_db_exists('rhaptos2repo'):
sudo('dropdb rhaptos2repo', user='******')
if _postgres_db_exists('rhaptos2users'):
sudo('dropdb rhaptos2users', user='******')
sudo('createdb -O rhaptos2repo rhaptos2repo', user='******')
sudo('createdb -O rhaptos2repo rhaptos2users', user='******')
if not fabric.contrib.files.exists('rhaptos2.common'):
run('git clone [email protected]:Connexions/rhaptos2.common.git')
with cd('rhaptos2.common'):
sudo('python setup.py install')
sudo('pip install -e .')
if not fabric.contrib.files.exists('rhaptos2.repo'):
run('git clone -b fix-install [email protected]:Connexions/rhaptos2.repo.git')
with cd('rhaptos2.repo'):
sudo('pip install -e .')
if fabric.contrib.files.exists('repo-error.log'):
sudo('chown karen:karen repo-error.log')
sudo('rhaptos2repo-initdb develop.ini')
with cd('rhaptos2.repo'):
if not fabric.contrib.files.exists('atc'):
run('git clone [email protected]:Connexions/atc.git')
with cd('rhaptos2.repo/atc'):
sudo('npm update -g bower', warn_only=True)
run('npm install')
sudo('easy_install-2.7 PasteScript PasteDeploy waitress')
def user_setup():
"""Set up cnx-user
"""
_setup()
_install_postgresql()
if not _postgres_user_exists('cnxuser'):
prompts = []
prompts += fexpect.expect('Enter password for new role:', 'cnxuser')
prompts += fexpect.expect('Enter it again:', 'cnxuser')
with fexpect.expecting(prompts):
fexpect.sudo('createuser --no-createdb --no-createrole --no-superuser --pwprompt cnxuser', user='******')
if _postgres_db_exists('cnxuser'):
sudo('dropdb cnxuser', user='******')
sudo('createdb -O cnxuser cnxuser', user='******')
if not fabric.contrib.files.exists('cnx-user'):
run('git clone https://github.com/Connexions/cnx-user.git')
if not fabric.contrib.files.exists('velruse'):
run('git clone -b cnx-master https://github.com/pumazi/velruse.git')
with cd('velruse'):
sudo('python setup.py install')
sudo('pip install -e .')
_install_nodejs()
sudo('apt-get install --yes npm')
sudo('rm -rf ~/tmp') # ~/tmp is needed for npm
sudo('npm install -g grunt-cli bower')
# remove ~/tmp after a system npm install as ~/tmp is owned by root and
# cannot be written as the user in the next step
sudo('rm -rf ~/tmp')
with cd('cnx-user/cnxuser/assets'):
run('npm install')
with cd('cnx-user'):
# change velruse to use 1.0.3 which is the version from pumazmi/veruse
if not fabric.contrib.files.contains('setup.py', 'velruse==1.0.3'):
fabric.contrib.files.sed('setup.py', 'velruse', 'velruse==1.0.3')
sudo('python setup.py install')
sudo('pip install -e .')
# httplib2 top_level.txt is not readable by the user for some reason
# (while other top_level.txt are). This causes initialize_cnx-user_db
# to fail with IOError permission denied
sudo('chmod 644 /usr/local/lib/python2.7/dist-packages/httplib2-0.8-py2.7.egg/EGG-INFO/top_level.txt')
run('initialize_cnx-user_db development.ini')
def import_mediawiki(url=None):
import_prompts = []
if url:
import_prompts += fexpect.expect('Enter the address of a MediaWiki site (ex: http://arborwiki.org/):',
url)
import_prompts += fexpect.expect('Continue import? (yes/no)', 'yes')
with ec2_instance(ami_id=get_ami('ubuntu10.04')):
sudo('apt-get -y install python-software-properties')
sudo('yes | apt-add-repository ppa:localwiki')
sudo('apt-get update')
with fexpect.expecting(prompts):
fexpect.sudo('apt-get -y --force-yes install localwiki')
with cd('/usr/share/localwiki'):
sudo('git clone git://github.com/mivanov/localwiki-importers.git')
with cd('localwiki-importers/mediawiki'):
sudo('source /usr/share/localwiki/env/bin/activate')
sudo('pip install -r requirements.txt')
sudo('deactivate')
with fexpect.expecting(import_prompts):
fexpect.sudo('python import_mediawiki.py')
def archive_setup_real_data():
"""Set up cnxarchive database with real data
"""
if not _postgres_user_exists('cnxarchive'):
prompts = []
prompts += fexpect.expect('Enter password for new role:', 'cnxarchive')
prompts += fexpect.expect('Enter it again:', 'cnxarchive')
with fexpect.expecting(prompts):
fexpect.sudo('createuser --no-createdb --no-createrole --superuser --pwprompt cnxarchive', user='******')
if _postgres_db_exists('cnxarchive'):
sudo('dropdb cnxarchive', user='******')
sudo('createdb -O cnxarchive cnxarchive', user='******')
sudo('createlang plpythonu cnxarchive', user='******')
run('zcat cnx-archive/repo_test_data.sql.gz >cnx-archive/repo_test_data.sql')
prompts = fexpect.expect('Password for user cnxarchive:', 'cnxarchive')
with fexpect.expecting(prompts):
fexpect.run('psql -U cnxarchive cnxarchive -f cnx-archive/repo_test_data.sql')
run('rm -rf cnx-archive/repo_test_data.sql')
run('cnx-upgrade v1')
def instalar_pxp():
question = raw_input("La conexion se realizara por un proxy? (s/n) : ")
if question == 's':
question = raw_input(
"Ingrese la cadena de conexion del servidor proxy (proxyuser:proxypwd@server:port o server:port) : "
)
proxy = question
else:
proxy = ""
run("yum -y install wget")
version = run("grep -o release.. /etc/redhat-release")
if (version == 'release 7'):
# postgres de rpm de postgres 9.5#
run("wget http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/pgdg-centos95-9.5-2.noarch.rpm"
)
else:
# postgres de rpm de postgres 9.5#
run("wget http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/pgdg-redhat95-9.5-2.noarch.rpm"
)
# configuraicon de archivos de centos-base.repo agregando una linea #
s = open("/etc/yum.repos.d/CentOS-Base.repo", 'a')
s.write("exclude=postgresql*\n\n")
s.close()
if (version == 'release 7'):
run("rpm -Uvh --replacepkgs pgdg-centos95-9.5-2.noarch.rpm")
else:
run("rpm -Uvh --replacepkgs pgdg-redhat95-9.5-2.noarch.rpm")
# instalacion de postgres y la primera corrida #
S_pgsql = "service postgresql-9.5"
I_pgsql = "postgresql95"
sudo(
"yum -y install postgresql95-server postgresql95-docs postgresql95-contrib postgresql95-plperl postgresql95-plpython postgresql95-pltcl postgresql95-test rhdb-utils gcc-objc postgresql95-devel "
)
if (version == 'release 7'):
run("/usr/pgsql-9.5/bin/postgresql95-setup initdb")
run("systemctl start postgresql-9.5")
run("systemctl enable postgresql-9.5")
else:
run("service postgresql-9.5 initdb")
run("service postgresql-9.5 start")
run("chkconfig postgresql-9.5 on")
# instalacion del php y apache mas la primera corrida #
sudo(
"yum -y install httpd php mod_ssl mod_auth_pgsql php-pear php-bcmath php-mbstring php-cli php-ldap php-pdo php-pgsql php-gd"
)
if (version == 'release 7'):
run("systemctl start httpd")
run("systemctl enable httpd")
else:
run("service httpd start")
run("chkconfig httpd on")
#Creacion de archivos para bitacoras
archi = open("/usr/local/lib/phx.c", 'w')
archi.write('#include "postgres.h"\n')
archi.write('#include <string.h>\n')
archi.write('#include "fmgr.h"\n')
archi.write('#include "utils/geo_decls.h"\n')
archi.write('#include <stdio.h>\n')
archi.write('#ifdef PG_MODULE_MAGIC\n')
archi.write('PG_MODULE_MAGIC;\n')
archi.write('#endif\n')
archi.write('/* by value */\n')
archi.write('PG_FUNCTION_INFO_V1(monitor_phx);\n')
archi.write('Datum\n')
archi.write('monitor_phx(PG_FUNCTION_ARGS)\n')
archi.write('{\n')
archi.write(' int32 arg = PG_GETARG_INT32(0);\n')
archi.write(' system("sudo /usr/local/lib/./phxbd.sh");\n')
archi.write(' PG_RETURN_INT32(arg);\n')
archi.write('}')
archi.close()
run("gcc -I /usr/local/include -I /usr/pgsql-9.5/include/server/ -fpic -c /usr/local/lib/phx.c"
)
run("gcc -I /usr/local/include -I /usr/pgsql-9.5/include/server/ -shared -o /usr/local/lib/phx.so phx.o"
)
run("chown root.postgres /usr/local/lib/phx.so")
run("chmod 750 /usr/local/lib/phx.so")
archi = open("/usr/local/lib/phxbd.sh", 'w')
archi.write('!/bin/bash\n')
archi.write(
'top -b -n 1 | grep -e postgres -e httpd | awk \'{print $1","$12","$2","$9","$10","$5""""}\' > /tmp/procesos.csv\n'
)
archi.write('chown root.postgres /tmp/procesos.csv\n')
archi.write('chmod 740 /tmp/procesos.csv')
sudo("chown root.postgres /usr/local/lib/phxbd.sh")
sudo("sudo chmod 700 /usr/local/lib/phxbd.sh")
f = open("/etc/sudoers", 'r')
chain = f.read()
chain = chain.replace("Defaults requiretty", "#Defaults requiretty")
chain = chain.replace(
"root ALL=(ALL) ALL",
"root ALL=(ALL) ALL\n postgres ALL=NOPASSWD: /usr/local/lib/phxbd.sh"
)
f.close()
f = open("/etc/sudoers", 'w')
f.write(chain)
f.close()
#Instalacion de mcrypt para servicios rest
if (version == 'release 7'):
run("wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm"
)
run("wget http://rpms.remirepo.net/enterprise/remi-release-7.rpm")
run("rpm -Uvh remi-release-7*.rpm epel-release-7*.rpm")
else:
run("wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm"
)
run("wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm")
sudo("rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm")
run("yum -y update")
run("yum -y install php-mcrypt*")
# cambio de los archivos pg_hba y postgres.config#
archi = open("/var/lib/pgsql/9.5/data/pg_hba.conf", 'w')
archi.write(
"# TYPE DATABASE USER ADDRESS METHOD\n\n"
)
archi.write("# 'local' is for Unix domain socket connections only\n")
archi.write(
"local all postgres,dbkerp_conexion trust\n")
archi.write(
"local all all md5\n"
)
archi.write("# IPv4 local connections:\n")
archi.write(
"host all all 127.0.0.1/32 md5\n"
)
archi.write(
"host all all 192.168.0.0/16 md5\n"
)
archi.write("# IPv6 local connections:\n")
archi.write(
"host all all ::1/128 md5\n"
)
archi.close()
f = open("/var/lib/pgsql/9.5/data/postgresql.conf", 'r')
chain = f.read()
chain = chain.replace("pg_catalog.english", "pg_catalog.spanish")
chain = chain.replace("log_destination = 'stderr'",
"log_destination = 'csvlog'")
chain = chain.replace("log_filename = 'postgresql-%a.log'",
"log_filename = 'postgresql-%Y-%m-%d.log'")
chain = chain.replace("log_truncate_on_rotation = on",
"log_truncate_on_rotation = off")
chain = chain.replace("#log_error_verbosity = default",
"log_error_verbosity = verbose")
chain = chain.replace("#log_statement = 'none'", "log_statement = 'mod'")
chain = chain.replace("iso, mdy", "iso, dmy")
f.close()
otro = open("/var/lib/pgsql/9.5/data/postgresql.conf", 'w')
otro.write(chain)
otro.close()
s = open("/var/lib/pgsql/9.5/data/postgresql.conf", 'a')
s.write("listen_addresses = '*'\n")
s.write("bytea_output = 'escape'\n")
s.close()
db_pass = "******"
sudo('psql -c "ALTER USER postgres WITH ENCRYPTED PASSWORD E\'%s\'"' %
(db_pass),
user='******')
sudo('psql -c "CREATE DATABASE dbkerp WITH ENCODING=\'UTF-8\';"',
user='******')
sudo(
'psql -c "CREATE USER dbkerp_conexion WITH PASSWORD \'dbkerp_conexion\';"',
user='******')
sudo('psql -c "ALTER ROLE dbkerp_conexion SUPERUSER;"', user='******')
sudo(
'psql -c "CREATE USER dbkerp_admin WITH PASSWORD \'a1a69c4e834c5aa6cce8c6eceee84295\';"',
user='******')
sudo('psql -c "ALTER ROLE dbkerp_admin SUPERUSER;"', user='******')
if (version == 'release 7'):
run('systemctl restart postgresql-9.5')
else:
run('service postgresql-9.5 restart')
# instalacion de git para poder bajar el repositoriio pxp y moviendo a la carpeta /var/www/html/kerp/#
sudo("yum -y install git-core")
run("mkdir /var/www/html/kerp")
run("mkdir /var/www/html/kerp/pxp")
#Si existe proxy se configura github para el proxy
if (proxy != ""):
run("git config --global http.proxy http://" + proxy)
run("git config --global https.proxy https://" + proxy)
run("git clone https://github.com/kplian/pxp.git /var/www/html/kerp/pxp")
run("chown -R apache.apache /var/www/html/kerp/")
run("chmod 700 -R /var/www/html/kerp/")
# haciendo una copia de datosgenerales.samples.php y modificando archivo#
f = open("/var/www/html/kerp/pxp/lib/DatosGenerales.sample.php")
g = open("/var/www/html/kerp/pxp/lib/DatosGenerales.php", "w")
linea = f.readline()
while linea != "":
g.write(linea)
linea = f.readline()
g.close()
f.close()
#TODO VOLVER VARIABLE LA CARPETA PRINCIPAL KERP
f = open("/var/www/html/kerp/pxp/lib/DatosGenerales.php", 'r')
chain = f.read()
chain = chain.replace("/web/lib/lib_control/",
"/kerp/pxp/lib/lib_control/")
chain = chain.replace("/kerp-boa/", "/kerp/")
chain = chain.replace("/var/lib/pgsql/9.1/data/pg_log/",
"/var/lib/pgsql/9.5/data/pg_log/")
f.close()
otro = open("/var/www/html/kerp/pxp/lib/DatosGenerales.php", 'w')
otro.write(chain)
otro.close()
run("ln -s /var/www/html/kerp/pxp/lib /var/www/html/kerp/lib")
run("ln -s /var/www/html/kerp/pxp/index.php /var/www/html/kerp/index.php")
run("ln -s /var/www/html/kerp/pxp/sis_generador /var/www/html/kerp/sis_generador"
)
run("ln -s /var/www/html/kerp/pxp/sis_organigrama /var/www/html/kerp/sis_organigrama"
)
run("ln -s /var/www/html/kerp/pxp/sis_parametros /var/www/html/kerp/sis_parametros"
)
run("ln -s /var/www/html/kerp/pxp/sis_seguridad /var/www/html/kerp/sis_seguridad"
)
run("ln -s /var/www/html/kerp/pxp/sis_workflow /var/www/html/kerp/sis_workflow"
)
archi = open('/var/www/html/kerp/sistemas.txt', 'w')
archi.close()
run("mkdir /var/www/html/kerp/reportes_generados")
sudo("setfacl -R -m u:apache:wrx /var/www/html/kerp/reportes_generados")
# sudo("yum -y install rpm-build")
sudo("setfacl -R -m u:postgres:wrx /var/www/html")
sudo("chcon -Rv --type=httpd_sys_rw_content_t /var/www/html/kerp/")
sudo("setsebool -P httpd_can_network_connect_db=1")
# iptables
if (version == 'release 6'):
run("iptables --flush")
run("iptables -P INPUT ACCEPT")
run("iptables -P OUTPUT ACCEPT")
run("iptables -P FORWARD ACCEPT")
#Interfaz local aceptar
run("iptables -A INPUT -i lo -j ACCEPT")
#Comunicaciones establecidas aceptar
run("iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT")
#Ping Aceptar
run("iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT")
#Ssh Aceptar
run("iptables -A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT"
)
#http y https aceptar
run("iptables -A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT"
)
run("iptables -A INPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT"
)
#postgres aceptar
run("iptables -A INPUT -p tcp --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT"
)
run("iptables -P INPUT DROP")
run("service iptables save")
run("service iptables restart")
else:
run("firewall-cmd --permanent --add-port=22/tcp")
run("firewall-cmd --permanent --add-port=80/tcp")
run("firewall-cmd --permanent --add-port=5432/tcp")
run("firewall-cmd --reload")
prompts = []
prompts += expect('Ingrese una opcion.*', '1')
prompts += expect('Ingrese el nombre de la BD.*', 'dbkerp')
prompts += expect('Desea obtener un backup de la BD.*', 'NO')
prompts += expect('los datos de prueba.*', 'n')
with expecting(prompts):
sudo(
"/var/www/html/kerp/pxp/utilidades/restaurar_bd/./restaurar_todo.py",
user="******")
def instalar_pxp():
question = raw_input("La conexion se realizara por un proxy? (s/n) : ")
if question == 's' :
question = raw_input("Ingrese la cadena de conexion del servidor proxy (proxyuser:proxypwd@server:port o server:port) : ")
proxy = question
else :
proxy = ""
run("yum -y install wget")
version = run("grep -o release.. /etc/redhat-release")
if(version == 'release 7'):
# postgres de rpm de postgres 9.5#
run("wget http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/pgdg-centos95-9.5-2.noarch.rpm")
else:
# postgres de rpm de postgres 9.5#
run("wget http://yum.postgresql.org/9.5/redhat/rhel-6-x86_64/pgdg-redhat95-9.5-2.noarch.rpm")
# configuraicon de archivos de centos-base.repo agregando una linea #
s = open("/etc/yum.repos.d/CentOS-Base.repo",'a')
s.write("exclude=postgresql*\n\n")
s.close()
if(version == 'release 7'):
run("rpm -Uvh --replacepkgs pgdg-centos95-9.5-2.noarch.rpm")
else:
run("rpm -Uvh --replacepkgs pgdg-redhat95-9.5-2.noarch.rpm")
# instalacion de postgres y la primera corrida #
S_pgsql="service postgresql-9.5"
I_pgsql="postgresql95"
sudo("yum -y install postgresql95-server postgresql95-docs postgresql95-contrib postgresql95-plperl postgresql95-plpython postgresql95-pltcl postgresql95-test rhdb-utils gcc-objc postgresql95-devel ")
if(version == 'release 7'):
run("/usr/pgsql-9.5/bin/postgresql95-setup initdb")
run("systemctl start postgresql-9.5")
run("systemctl enable postgresql-9.5")
else:
run("service postgresql-9.5 initdb")
run("service postgresql-9.5 start")
run("chkconfig postgresql-9.5 on")
# instalacion del php y apache mas la primera corrida #
sudo("yum -y install httpd php mod_ssl mod_auth_pgsql php-pear php-bcmath php-mbstring php-cli php-ldap php-pdo php-pgsql php-gd")
if(version == 'release 7'):
run("systemctl start httpd")
run("systemctl enable httpd")
else:
run("service httpd start")
run("chkconfig httpd on")
#Creacion de archivos para bitacoras
archi = open("/usr/local/lib/phx.c",'w')
archi.write('#include "postgres.h"\n')
archi.write('#include <string.h>\n')
archi.write('#include "fmgr.h"\n')
archi.write('#include "utils/geo_decls.h"\n')
archi.write('#include <stdio.h>\n')
archi.write('#ifdef PG_MODULE_MAGIC\n')
archi.write('PG_MODULE_MAGIC;\n')
archi.write('#endif\n')
archi.write('/* by value */\n')
archi.write('PG_FUNCTION_INFO_V1(monitor_phx);\n')
archi.write('Datum\n')
archi.write('monitor_phx(PG_FUNCTION_ARGS)\n')
archi.write('{\n')
archi.write(' int32 arg = PG_GETARG_INT32(0);\n')
archi.write(' system("sudo /usr/local/lib/./phxbd.sh");\n')
archi.write(' PG_RETURN_INT32(arg);\n')
archi.write('}')
archi.close()
run("gcc -I /usr/local/include -I /usr/pgsql-9.5/include/server/ -fpic -c /usr/local/lib/phx.c")
run("gcc -I /usr/local/include -I /usr/pgsql-9.5/include/server/ -shared -o /usr/local/lib/phx.so phx.o")
run("chown root.postgres /usr/local/lib/phx.so")
run("chmod 750 /usr/local/lib/phx.so")
archi = open("/usr/local/lib/phxbd.sh",'w')
archi.write('!/bin/bash\n')
archi.write('top -b -n 1 | grep -e postgres -e httpd | awk \'{print $1","$12","$2","$9","$10","$5""""}\' > /tmp/procesos.csv\n')
archi.write('chown root.postgres /tmp/procesos.csv\n')
archi.write('chmod 740 /tmp/procesos.csv')
sudo("chown root.postgres /usr/local/lib/phxbd.sh")
sudo("sudo chmod 700 /usr/local/lib/phxbd.sh")
f = open("/etc/sudoers",'r')
chain = f.read()
chain = chain.replace("Defaults requiretty","#Defaults requiretty")
chain = chain.replace("root ALL=(ALL) ALL","root ALL=(ALL) ALL\n postgres ALL=NOPASSWD: /usr/local/lib/phxbd.sh")
f.close()
f = open("/etc/sudoers",'w')
f.write(chain)
f.close()
#Instalacion de mcrypt para servicios rest
if(version == 'release 7'):
run("wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm")
run("wget http://rpms.remirepo.net/enterprise/remi-release-7.rpm")
run("rpm -Uvh remi-release-7*.rpm epel-release-7*.rpm")
else:
run("wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm")
run("wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm")
sudo("rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm")
run("yum -y update")
run("yum -y install php-mcrypt*")
# cambio de los archivos pg_hba y postgres.config#
archi=open("/var/lib/pgsql/9.5/data/pg_hba.conf",'w')
archi.write("# TYPE DATABASE USER ADDRESS METHOD\n\n")
archi.write("# 'local' is for Unix domain socket connections only\n")
archi.write("local all postgres,dbkerp_conexion trust\n")
archi.write("local all all md5\n")
archi.write("# IPv4 local connections:\n")
archi.write("host all all 127.0.0.1/32 md5\n")
archi.write("host all all 192.168.0.0/16 md5\n")
archi.write("# IPv6 local connections:\n")
archi.write("host all all ::1/128 md5\n")
archi.close()
f = open("/var/lib/pgsql/9.5/data/postgresql.conf",'r')
chain = f.read()
chain = chain.replace("pg_catalog.english","pg_catalog.spanish")
chain = chain.replace("log_destination = 'stderr'","log_destination = 'csvlog'")
chain = chain.replace("log_filename = 'postgresql-%a.log'","log_filename = 'postgresql-%Y-%m-%d.log'")
chain = chain.replace("log_truncate_on_rotation = on","log_truncate_on_rotation = off")
chain = chain.replace("#log_error_verbosity = default","log_error_verbosity = verbose")
chain = chain.replace("#log_statement = 'none'","log_statement = 'mod'")
chain = chain.replace("iso, mdy","iso, dmy")
f.close()
otro = open("/var/lib/pgsql/9.5/data/postgresql.conf",'w')
otro.write(chain)
otro.close()
s = open("/var/lib/pgsql/9.5/data/postgresql.conf",'a')
s.write("listen_addresses = '*'\n")
s.write("bytea_output = 'escape'\n")
s.close()
db_pass = "******"
sudo('psql -c "ALTER USER postgres WITH ENCRYPTED PASSWORD E\'%s\'"' % (db_pass), user='******')
sudo('psql -c "CREATE DATABASE dbkerp WITH ENCODING=\'UTF-8\';"', user='******')
sudo('psql -c "CREATE USER dbkerp_conexion WITH PASSWORD \'dbkerp_conexion\';"', user='******')
sudo('psql -c "ALTER ROLE dbkerp_conexion SUPERUSER;"', user='******')
sudo('psql -c "CREATE USER dbkerp_admin WITH PASSWORD \'a1a69c4e834c5aa6cce8c6eceee84295\';"', user='******')
sudo('psql -c "ALTER ROLE dbkerp_admin SUPERUSER;"', user='******')
if(version == 'release 7'):
run('systemctl restart postgresql-9.5')
else:
run('service postgresql-9.5 restart')
# instalacion de git para poder bajar el repositoriio pxp y moviendo a la carpeta /var/www/html/kerp/#
sudo("yum -y install git-core")
run("mkdir /var/www/html/kerp")
run("mkdir /var/www/html/kerp/pxp")
#Si existe proxy se configura github para el proxy
if (proxy != ""):
run("git config --global http.proxy http://" + proxy)
run("git config --global https.proxy https://" + proxy)
run("git clone https://github.com/kplian/pxp.git /var/www/html/kerp/pxp")
run("chown -R apache.apache /var/www/html/kerp/")
run("chmod 700 -R /var/www/html/kerp/")
# haciendo una copia de datosgenerales.samples.php y modificando archivo#
f = open("/var/www/html/kerp/pxp/lib/DatosGenerales.sample.php")
g = open("/var/www/html/kerp/pxp/lib/DatosGenerales.php","w")
linea = f.readline()
while linea != "":
g.write(linea)
linea = f.readline()
g.close()
f.close()
#TODO VOLVER VARIABLE LA CARPETA PRINCIPAL KERP
f = open("/var/www/html/kerp/pxp/lib/DatosGenerales.php",'r')
chain = f.read()
chain = chain.replace("/web/lib/lib_control/","/kerp/pxp/lib/lib_control/")
chain = chain.replace("/kerp-boa/","/kerp/")
chain = chain.replace("/var/lib/pgsql/9.1/data/pg_log/","/var/lib/pgsql/9.5/data/pg_log/")
f.close()
otro = open("/var/www/html/kerp/pxp/lib/DatosGenerales.php",'w')
otro.write(chain)
otro.close()
run("ln -s /var/www/html/kerp/pxp/lib /var/www/html/kerp/lib")
run("ln -s /var/www/html/kerp/pxp/index.php /var/www/html/kerp/index.php")
run("ln -s /var/www/html/kerp/pxp/sis_generador /var/www/html/kerp/sis_generador")
run("ln -s /var/www/html/kerp/pxp/sis_organigrama /var/www/html/kerp/sis_organigrama")
run("ln -s /var/www/html/kerp/pxp/sis_parametros /var/www/html/kerp/sis_parametros")
run("ln -s /var/www/html/kerp/pxp/sis_seguridad /var/www/html/kerp/sis_seguridad")
run("ln -s /var/www/html/kerp/pxp/sis_workflow /var/www/html/kerp/sis_workflow")
archi=open('/var/www/html/kerp/sistemas.txt','w')
archi.close()
run("mkdir /var/www/html/kerp/reportes_generados")
sudo("setfacl -R -m u:apache:wrx /var/www/html/kerp/reportes_generados")
# sudo("yum -y install rpm-build")
sudo("setfacl -R -m u:postgres:wrx /var/www/html")
sudo("chcon -Rv --type=httpd_sys_rw_content_t /var/www/html/kerp/")
sudo("setsebool -P httpd_can_network_connect_db=1")
# iptables
if(version == 'release 6'):
run("iptables --flush")
run("iptables -P INPUT ACCEPT")
run("iptables -P OUTPUT ACCEPT")
run("iptables -P FORWARD ACCEPT")
#Interfaz local aceptar
run("iptables -A INPUT -i lo -j ACCEPT")
#Comunicaciones establecidas aceptar
run("iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT")
#Ping Aceptar
run("iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT")
#Ssh Aceptar
run("iptables -A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT")
#http y https aceptar
run("iptables -A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT")
run("iptables -A INPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT")
#postgres aceptar
run("iptables -A INPUT -p tcp --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT")
run("iptables -P INPUT DROP")
run("service iptables save")
run("service iptables restart")
else:
run("firewall-cmd --permanent --add-port=22/tcp")
run("firewall-cmd --permanent --add-port=80/tcp")
run("firewall-cmd --permanent --add-port=5432/tcp")
run("firewall-cmd --reload")
prompts = []
prompts += expect('Ingrese una opcion.*','1')
prompts += expect('Ingrese el nombre de la BD.*','dbkerp')
prompts += expect('Desea obtener un backup de la BD.*','NO')
prompts += expect('los datos de prueba.*','n')
with expecting(prompts):
sudo("/var/www/html/kerp/pxp/utilidades/restaurar_bd/./restaurar_todo.py" , user="******")
