def _configure_celery(self, node_roles):
logger.info("Updating Celery's supervisord config")
hostname = env.hostname
enable_periodic_tasks = env.enable_periodic_tasks
enable_celery_ldap = env.enable_celery_ldap
celery_conf = self.conf.get('celery', {})
newrelic_conf = self.conf.get('newrelic', {})
new_relic_environment = newrelic_conf.get('environment', None)
context = {
'new_relic_environment': new_relic_environment,
'hostname': hostname,
'enable_periodic_tasks': enable_periodic_tasks,
'enable_celery_ldap': enable_celery_ldap,
'celery': celery_conf,
}
with hide(*fab_output_hides):
changed = upload_template_changed(
'../config/tpl/celery/etc/supervisor/conf.d/celeryd.conf',
'/etc/supervisor/conf.d/celeryd.conf',
use_sudo=True,
mode=0600,
use_jinja=True,
context=context,
)
if changed:
self.modified_services.append(SUPERVISORD)
def _configure_ipsec_networking(self):
"""
Configure ``/etc/sysctl.conf`` for ipsec networking.
Return True if the file changed.
"""
with hide(*fab_output_hides):
changed = upload_template_changed(
'../config/tpl/sysctl.conf',
'/etc/sysctl.conf',
use_sudo=True,
mode=0600,
)
if changed:
sudo('sysctl -p /etc/sysctl.conf')
return changed
def _configure_ipsec_site(self, name, confs):
"""
Configure ``/etc/ipsec.d/<name>.conf`` and return True if the file
changed.
"""
site_conf_tpl = '../config/tpl/ipsec.d/_.conf'
context = {
'conn_name': name,
'elastic_ip': env.aws_elastic_ip,
}
for key, value in confs.items():
context[key] = value
with hide(*fab_output_hides):
return upload_template_changed(
site_conf_tpl,
'/etc/ipsec.d/%s.conf' % name,
context=context,
use_sudo=True,
mode=0600,
)
def _configure_ipsec_base(self, ipsec_confs):
"""
Configure ``/etc/ipsec.conf`` and return True if the file changed.
Excludes all of the right side subnets from ``virtual_private`` so
that they're properly sent to the remote tunnel.
"""
base_conf_tpl = '../config/tpl/ipsec/ipsec.conf'
subnet_exclusions = []
for conf in ipsec_confs.values():
subnet_exclusion = '%%v4:!%s' % conf['right_subnet']
subnet_exclusions.append(subnet_exclusion)
excluded_subnets = ','.join(subnet_exclusions)
with hide(*fab_output_hides):
return upload_template_changed(
base_conf_tpl,
'/etc/ipsec.conf',
context={'excluded_subnets': excluded_subnets},
use_sudo=True,
mode=0600,
)
def _configure_calabar(self):
logger.info("Configuring Calabar")
tunnel_confs_dir = '../config/tpl/calabar/tunnel_confs/'
configuration_changed = False
# Push the main calabar.conf file
with hide(*fab_output_hides):
changed = put_changed(
'../config/tpl/calabar/calabar.conf',
'/etc/calabar/calabar.conf',
use_sudo=True,
mode=0600)
if changed:
configuration_changed = True
# Push each of the tunnel configs
# Need to make sure the tunnel_confs directory exists
with hide(*fab_output_hides):
sudo('mkdir --parents /etc/calabar/tunnel_confs')
with hide(*fab_output_hides):
for dirpath, _, filenames in os.walk(tunnel_confs_dir):
for filename in filenames:
calabar_config_file = os.path.join(dirpath, filename)
changed = upload_template_changed(
calabar_config_file,
'/etc/calabar/tunnel_confs/',
context=env.calabar_conf_context,
use_sudo=True,
mode=0600)
if changed:
configuration_changed = True
if configuration_changed:
logger.info("Calabar config changed. Restarting calabard.")
with hide(*fab_output_hides):
sudo('supervisorctl stop calabard')
sudo('supervisorctl start calabard')
def _configure_ipsec_secrets(self, ipsec_confs):
"""
Configure ``/etc/ipsec.secrets`` and return True if the file changed.
"""
secrets_tpl = '../config/tpl/ipsec/ipsec.secrets'
secret_confs = []
for name, conf in ipsec_confs.items():
secret_conf = {
'right_public_ip': conf['right_public_ip'],
'psk': env.get('ipsec_psk_%s' % name),
}
secret_confs.append(secret_conf)
# Configure the /etc/ipsec.d/<name>.conf file with passwords
with hide(*fab_output_hides):
return upload_template_changed(
secrets_tpl,
'/etc/ipsec.secrets',
context={'confs': secret_confs},
use_sudo=True,
mode=0600,
use_jinja=True
)
def _configure_webservers(self, node_roles):
"""
Configure nginx and uwsgi.
"""
logger.info("Configuring uwsgi")
with hide(*fab_quiet):
# Configure the uwsgi app
context = {
'project_root': env.project_root,
'domain': env.pstat_url,
}
upload_template(
'../config/tpl/newrelic/policystat.ini',
'/etc/newrelic/policystat.ini',
context,
use_sudo=True
)
upload_template(
'../config/tpl/uwsgi/policystat.yaml',
'/etc/uwsgi/policystat.yaml',
context,
use_sudo=True
)
# Configure the supervisord config for uwsgi
newrelic_conf = self.conf.get('newrelic', {})
new_relic_environment = newrelic_conf.get('environment', None)
context = {
'new_relic_environment': new_relic_environment,
}
changed = upload_template_changed(
'../config/tpl/uwsgi/etc/supervisor/conf.d/uwsgi.conf',
'/etc/supervisor/conf.d/uwsgi.conf',
use_sudo=True,
mode=0600,
use_jinja=True,
context=context,
)
if changed:
self.modified_services.append(SUPERVISORD)
# Give user policystat access to configuration files
files = [
'/etc/uwsgi/policystat.yaml',
'/etc/newrelic/policystat.ini',
]
sudo('chown %s %s' % (F_CHOWN, ' '.join(files)))
logger.info("Configuring nginx")
# Configure the nginx host
context = {
'project_root': env.project_root,
'domain': env.pstat_url,
}
upload_template(
'../config/tpl/nginx/pstat',
'/etc/nginx/sites-available/%s' % env.pstat_url,
context,
use_sudo=True,
)
# Make sure no other sites are enabled
sudo('rm -f /etc/nginx/sites-enabled/*')
# Enable our site
sudo(
'ln -s '
'/etc/nginx/sites-available/%(pstat_url)s '
'/etc/nginx/sites-enabled/%(pstat_url)s' % env
)
