def renew_certs(): click.confirm( 'Running this will stop the nginx service temporarily causing your sites to go offline\n' 'Do you want to continue?', abort=True) service('nginx', 'stop') exec_cmd("{path} renew".format(path=get_certbot_path())) service('nginx', 'start')
def _delete_symlinks(zinuit_path): zinuit_dir = os.path.abspath(zinuit_path) etc_systemd_system = os.path.join('/', 'etc', 'systemd', 'system') config_path = os.path.join(zinuit_dir, 'config', 'systemd') unit_files = get_unit_files(zinuit_dir) for unit_file in unit_files: exec_cmd('sudo rm {etc_systemd_system}/{unit_file_init}'.format( config_path=config_path, etc_systemd_system=etc_systemd_system, unit_file_init="".join(unit_file))) exec_cmd('sudo systemctl daemon-reload')
def setup_wildcard_ssl(domain, email, zinuit_path, exclude_base_domain): def _get_domains(domain): domain_list = [domain] if not domain.startswith('*.'): # add wildcard caracter to domain if missing domain_list.append('*.{0}'.format(domain)) else: # include base domain based on flag domain_list.append(domain.replace('*.', '')) if exclude_base_domain: domain_list.remove(domain.replace('*.', '')) return domain_list if not get_config(zinuit_path).get("dns_multitenant"): print("You cannot setup SSL without DNS Multitenancy") return get_certbot() domain_list = _get_domains(domain.strip()) email_param = '' if email: email_param = '--email {0}'.format(email) try: exec_cmd( "{path} certonly --manual --preferred-challenges=dns {email_param} \ --server https://acme-v02.api.letsencrypt.org/directory \ --agree-tos -d {domain}".format(path=get_certbot_path(), domain=' -d '.join(domain_list), email_param=email_param)) except CommandFailedError: print("There was a problem trying to setup SSL") return ssl_path = "/etc/letsencrypt/live/{domain}/".format(domain=domain) ssl_config = { "wildcard": { "domain": domain, "ssl_certificate": os.path.join(ssl_path, "fullchain.pem"), "ssl_certificate_key": os.path.join(ssl_path, "privkey.pem") } } update_common_site_config(ssl_config) setup_crontab() make_nginx_conf(zinuit_path) print("Restrting Nginx service") service('nginx', 'restart')
def reload_supervisor(): supervisorctl = find_executable('supervisorctl') try: # first try reread/update exec_cmd('sudo {0} reread'.format(supervisorctl)) exec_cmd('sudo {0} update'.format(supervisorctl)) return except CommandFailedError: pass try: # something is wrong, so try reloading exec_cmd('sudo {0} reload'.format(supervisorctl)) return except CommandFailedError: pass try: # then try restart for centos service('supervisord', 'restart') return except CommandFailedError: pass try: # else try restart for ubuntu / debian service('supervisor', 'restart') return except CommandFailedError: pass
def setup_production(user, yes=False): "setup zinuit for production" from zinuit.config.production_setup import setup_production from zinuit.utils import run_playbook # Install prereqs for production from distutils.spawn import find_executable if not find_executable('ansible'): exec_cmd("sudo pip install ansible") if not find_executable('fail2ban-client'): exec_cmd("zinuit setup role fail2ban") if not find_executable('nginx'): exec_cmd("zinuit setup role nginx") if not find_executable('supervisord'): exec_cmd("zinuit setup role supervisor") setup_production(user=user, yes=yes)
def run_certbot_and_setup_ssl(site, custom_domain, zinuit_path, interactive=True): service('nginx', 'stop') get_certbot() try: interactive = '' if interactive else '-n' exec_cmd( "{path} {interactive} --config /etc/letsencrypt/configs/{site}.cfg certonly" .format(path=get_certbot_path(), interactive=interactive, site=custom_domain or site)) except CommandFailedError: service('nginx', 'start') print("There was a problem trying to setup SSL for your site") return ssl_path = "/etc/letsencrypt/live/{site}/".format( site=custom_domain or site) ssl_config = { "ssl_certificate": os.path.join(ssl_path, "fullchain.pem"), "ssl_certificate_key": os.path.join(ssl_path, "privkey.pem") } if custom_domain: remove_domain(site, custom_domain, zinuit_path) domains = get_domains(site, zinuit_path) ssl_config['domain'] = custom_domain domains.append(ssl_config) update_site_config(site, {"domains": domains}, zinuit_path=zinuit_path) else: update_site_config(site, ssl_config, zinuit_path=zinuit_path) make_nginx_conf(zinuit_path) service('nginx', 'start')
def setup_manager(yes=False, port=23624, domain=None): "Setup zinuit-manager.local site with the zinmanager app installed on it" from six.moves import input create_new_site = True if 'zinuit-manager.local' in os.listdir('sites'): ans = input( 'Site already exists. Overwrite existing site? [Y/n]: ').lower() while ans not in ('y', 'n', ''): ans = input( 'Please enter "y" or "n". Site already exists. Overwrite existing site? [Y/n]: ' ).lower() if ans == 'n': create_new_site = False if create_new_site: exec_cmd("zinuit new-site --force zinuit-manager.local") if 'zinmanager' in os.listdir('apps'): print('App already exists. Skipping app download.') else: exec_cmd("zinuit get-app zinmanager") exec_cmd("zinuit --site zinuit-manager.local install-app zinmanager") from zinuit.config.common_site_config import get_config zinuit_path = '.' conf = get_config(zinuit_path) if conf.get('restart_supervisor_on_update') or conf.get( 'restart_systemd_on_update'): # implicates a production setup or so I presume if not domain: print( "Please specify the site name on which you want to host zinuit-manager using the 'domain' flag" ) sys.exit(1) from zinuit.utils import get_sites, get_zinuit_name zinuit_name = get_zinuit_name(zinuit_path) if domain not in get_sites(zinuit_path): raise Exception("No such site") from zinuit.config.nginx import make_zinmanager_nginx_conf make_zinmanager_nginx_conf(zinuit_path, yes=yes, port=port, domain=domain)
def service(service, option): if os.path.basename(get_program(['systemctl']) or '') == 'systemctl' and is_running_systemd(): exec_cmd("sudo {service_manager} {option} {service}".format( service_manager='systemctl', option=option, service=service)) elif os.path.basename(get_program(['service']) or '') == 'service': exec_cmd("sudo {service_manager} {service} {option} ".format( service_manager='service', service=service, option=option)) else: # look for 'service_manager' and 'service_manager_command' in environment service_manager = os.environ.get("ZINUIT_SERVICE_MANAGER") if service_manager: service_manager_command = ( os.environ.get("ZINUIT_SERVICE_MANAGER_COMMAND") or "{service_manager} {option} {service}").format( service_manager=service_manager, service=service, option=option) exec_cmd(service_manager_command) else: raise Exception('No service manager found')
def generate_systemd_config(zinuit_path, user=None, yes=False, stop=False, create_symlinks=False, delete_symlinks=False): if not user: user = getpass.getuser() config = get_config(zinuit_path=zinuit_path) zinuit_dir = os.path.abspath(zinuit_path) zinuit_name = get_zinuit_name(zinuit_path) if stop: exec_cmd( 'sudo systemctl stop -- $(systemctl show -p Requires {zinuit_name}.target | cut -d= -f2)' .format(zinuit_name=zinuit_name)) return if create_symlinks: _create_symlinks(zinuit_path) return if delete_symlinks: _delete_symlinks(zinuit_path) return number_of_workers = config.get('background_workers') or 1 background_workers = [] for i in range(number_of_workers): background_workers.append( get_zinuit_name(zinuit_path) + "-metel-default-worker@" + str(i + 1) + ".service") for i in range(number_of_workers): background_workers.append( get_zinuit_name(zinuit_path) + "-metel-short-worker@" + str(i + 1) + ".service") for i in range(number_of_workers): background_workers.append( get_zinuit_name(zinuit_path) + "-metel-long-worker@" + str(i + 1) + ".service") zinuit_info = { "zinuit_dir": zinuit_dir, "sites_dir": os.path.join(zinuit_dir, 'sites'), "user": user, "metel_version": get_current_metel_version(zinuit_path), "use_rq": use_rq(zinuit_path), "http_timeout": config.get("http_timeout", 120), "redis_server": find_executable('redis-server'), "node": find_executable('node') or find_executable('nodejs'), "redis_cache_config": os.path.join(zinuit_dir, 'config', 'redis_cache.conf'), "redis_socketio_config": os.path.join(zinuit_dir, 'config', 'redis_socketio.conf'), "redis_queue_config": os.path.join(zinuit_dir, 'config', 'redis_queue.conf'), "webserver_port": config.get('webserver_port', 8000), "gunicorn_workers": config.get('gunicorn_workers', get_gunicorn_workers()["gunicorn_workers"]), "zinuit_name": get_zinuit_name(zinuit_path), "worker_target_wants": " ".join(background_workers), "zinuit_cmd": find_executable('zinuit') } if not yes: click.confirm( 'current systemd configuration will be overwritten. Do you want to continue?', abort=True) setup_systemd_directory(zinuit_path) setup_main_config(zinuit_info, zinuit_path) setup_workers_config(zinuit_info, zinuit_path) setup_web_config(zinuit_info, zinuit_path) setup_redis_config(zinuit_info, zinuit_path) update_config({'restart_systemd_on_update': True}, zinuit_path=zinuit_path) update_config({'restart_supervisor_on_update': False}, zinuit_path=zinuit_path)
def migrate_env(python, no_backup=False): """ Migrate Virtual Environment to desired Python Version. """ try: # Clear Cache before Zinuit Dies. config = get_config(zinuit_path=os.getcwd()) rredis = urlparse(config['redis_cache']) redis = '{redis} -p {port}'.format(redis=which('redis-cli'), port=rredis.port) log.debug('Clearing Redis Cache...') exec_cmd('{redis} FLUSHALL'.format(redis=redis)) log.debug('Clearing Redis DataBase...') exec_cmd('{redis} FLUSHDB'.format(redis=redis)) except Exception: log.warn('Please ensure Redis Connections are running or Daemonized.') try: # This is with the assumption that a zinuit is set-up within path. path = os.getcwd() # I know, bad name for a flag. Thanks, Ameya! :| - <Administrator> if not no_backup: # Back, the f*ck up. parch = osp.join(path, 'archived_envs') if not osp.exists(parch): os.mkdir(parch) # Simply moving. Thanks, Ameya. # I'm keen to zip. source = osp.join(path, 'env') target = parch log.debug('Backing up Virtual Environment') stamp = datetime.now().strftime('%Y%m%d_%H%M%S') dest = osp.join(path, str(stamp)) # WARNING: This is an archive, you might have to use virtualenv --relocate # That's because virtualenv creates symlinks with shebangs pointing to executables. # shebangs, shebangs - ricky martin. # ...and shutil.copytree is a f*cking mess. os.rename(source, dest) shutil.move(dest, target) log.debug('Setting up a New Virtual {python} Environment'.format( python=python)) # Path to Python Executable (Basically $PYTHONPTH) python = which(python) virtualenv = which('virtualenv') nvenv = 'env' pvenv = osp.join(path, nvenv) exec_cmd('{virtualenv} --python {python} {pvenv}'.format( virtualenv=virtualenv, python=python, pvenv=pvenv), cwd=path) pip = osp.join(pvenv, 'bin', 'pip') exec_cmd('{pip} install --upgrade pip'.format(pip=pip)) exec_cmd('{pip} install --upgrade setuptools'.format(pip=pip)) # TODO: Options papps = osp.join(path, 'apps') apps = ['metel', 'redapple'] + [ app for app in os.listdir(papps) if app not in ['metel', 'redapple'] ] for app in apps: papp = osp.join(papps, app) if osp.isdir(papp) and osp.exists(osp.join(papp, 'setup.py')): exec_cmd('{pip} install -e {app}'.format(pip=pip, app=papp)) log.debug('Migration Successful to {python}'.format(python=python)) except: log.debug('Migration Error') raise