def restart_services(self, method):
tid = self.request.id
servers = Server.query.filter(Server.redis.is_(True)).filter(
Server.stunnel.is_(True)).all()
appconf = AppConfiguration.query.first()
chdir = "/opt/gluu-server-" + appconf.gluu_version
ips = []
for server in servers:
ips.append(server.ip)
wlogger.log(tid, "(Re)Starting services ... ", "info",
server_id=server.id)
rc = __get_remote_client(server, tid)
if not rc:
continue
def get_cmd(cmd):
if server.gluu_server and not server.os == "CentOS 7":
return 'chroot {0} /bin/bash -c "{1}"'.format(chdir, cmd)
elif "CentOS 7" == server.os:
parts = ["ssh", "-o IdentityFile=/etc/gluu/keys/gluu-console",
"-o Port=60022", "-o LogLevel=QUIET",
"-o StrictHostKeyChecking=no",
"-o UserKnownHostsFile=/dev/null",
"-o PubkeyAuthentication=yes",
"root@localhost", "'{0}'".format(cmd)]
return " ".join(parts)
return cmd
# Common restarts for all
if server.os == 'CentOS 6':
run_and_log(rc, 'service redis restart', tid, server.id)
run_and_log(rc, 'service stunnel4 restart', tid, server.id)
elif server.os == 'CentOS 7' or server.os == 'RHEL 7':
run_and_log(rc, 'systemctl restart redis', tid, server.id)
run_and_log(rc, 'systemctl restart stunnel', tid, server.id)
else:
run_and_log(rc, 'service redis-server restart', tid, server.id)
run_and_log(rc, 'service stunnel4 restart', tid, server.id)
# sometime apache service is stopped (happened in Ubuntu 16)
# when install_cache_components task is executed; hence we also need to
# restart the service
run_and_log(rc, get_cmd('service apache2 restart'), tid, server.id)
run_and_log(rc, get_cmd('service oxauth restart'), tid, server.id)
run_and_log(rc, get_cmd('service identity restart'), tid, server.id)
rc.close()
if method != 'STANDALONE':
wlogger.log(tid, "All services restarted.", "success")
return
host = appconf.nginx_host
mock_server = Server()
mock_server.hostname = host
rc = __get_remote_client(mock_server, tid)
if not rc:
wlogger.log(tid, "Couldn't connect to proxy server to restart services"
"fail")
return
mock_server.os = get_os_type(rc)
if mock_server.os in ['Ubuntu 14', 'Ubuntu 16', 'CentOS 6']:
run_and_log(rc, "service stunnel4 restart", tid, None)
run_and_log(rc, "service nutcracker restart", tid, None)
if mock_server.os in ["CentOS 7", "RHEL 7"]:
run_and_log(rc, "systemctl restart stunnel", tid, None)
run_and_log(rc, "systemctl restart nutcracker", tid, None)
rc.close()
def app_configuration():
"""This view provides application configuration forms"""
# create forms
conf_form = AppConfigForm()
sch_form = SchemaForm()
config = AppConfiguration.query.first()
schemafiles = os.listdir(app.config['SCHEMA_DIR'])
conf_form.gluu_archive.choices = [
(f, os.path.split(f)[1]) for f in glob.glob(
os.path.join(app.config['GLUU_REPO'], 'gluu-server-*'))
]
# If the form is submitted and password for replication user was not
# not supplied, make password "**dummy**", so don't change
# what we have before
#external_lb_checked = False
external_lb_checked = conf_form.external_load_balancer.data
if request.method == 'POST':
if conf_form.gluu_version.data < '3.1.4':
conf_form.use_ldap_cache.data = False
if config and not conf_form.replication_pw.data.strip():
conf_form.replication_pw.validators = []
conf_form.replication_pw_confirm.validators = []
if conf_form.external_load_balancer.data:
conf_form.nginx_ip.validators = []
print "OFFLINE", conf_form.offline.data, conf_form.gluu_archive.data
if not conf_form.offline.data:
del conf_form._fields['gluu_archive']
if not config:
#del conf_form.replication_pw
#del conf_form.replication_pw_confirm
config = AppConfiguration()
db.session.add(config)
# If form is submitted and validated process it
if conf_form.update.data and conf_form.validate_on_submit():
if config.replication_pw:
new_replication_passwd = conf_form.replication_pw.data.strip()
if conf_form.replication_pw.data:
c = None
server = Server.query.first()
if server:
c = RemoteClient(server.hostname, ip=server.ip)
try:
c.startup()
except Exception as e:
flash(
"Can't establish SSH connection to {}. "
"Replication password is not changed".format(
server.hostname), "warning")
if c:
installer = Installer(c, config.gluu_version,
server.os)
cmd = (
'/opt/opendj/bin/ldappasswordmodify --bindDN '
'\'cn=Directory Manager\' --bindPassword $\'{}\' '
'--port 4444 --newPassword $\'{}\' --authzID '
'\'cn=admin,cn=Administrators,cn=admin data\' '
'--trustAll --useSSL'.format(
server.ldap_password.replace("'", "\\'"),
new_replication_passwd.replace("'", "\\'"),
))
result = installer.run(cmd)
if result[1].strip() == \
'The LDAP password modify operation was successful':
flash("Replication password is changed", "success")
config.replication_pw = new_replication_passwd
config.gluu_version = conf_form.gluu_version.data.strip()
config.nginx_host = conf_form.nginx_host.data.strip()
config.nginx_ip = conf_form.nginx_ip.data.strip()
config.modify_hosts = conf_form.modify_hosts.data
config.ldap_update_period = conf_form.ldap_update_period.data
config.ldap_update_period_unit = 's'
config.external_load_balancer = conf_form.external_load_balancer.data
config.use_ldap_cache = conf_form.use_ldap_cache.data
if conf_form.offline.data:
config.offline = True
config.gluu_archive = conf_form.gluu_archive.data
else:
config.offline = False
config.gluu_archive = ''
if getattr(conf_form, 'replication_pw'):
if conf_form.replication_pw_confirm.data:
config.replication_pw = conf_form.replication_pw.data.strip()
config.gluu_version = conf_form.gluu_version.data.strip()
db.session.commit()
flash(
"Gluu Cluster Manager application configuration has been "
"updated.", "success")
elif sch_form.upload.data and sch_form.validate_on_submit():
f = sch_form.schema.data
filename = secure_filename(f.filename)
if any(filename in s for s in schemafiles):
name, extension = os.path.splitext(filename)
matches = [s for s in schemafiles if name in s]
filename = name + "_" + str(len(matches)) + extension
f.save(os.path.join(app.config['SCHEMA_DIR'], filename))
schemafiles.append(filename)
flash(
"Schema: {0} has been uploaded sucessfully. "
"Please edit slapd.conf of primary server and "
"re-deploy all servers.".format(filename), "success")
# request.method == GET gets processed here
if config:
conf_form.nginx_host.data = config.nginx_host
conf_form.modify_hosts.data = config.modify_hosts
conf_form.nginx_ip.data = config.nginx_ip
conf_form.external_load_balancer.data = config.external_load_balancer
conf_form.use_ldap_cache.data = config.use_ldap_cache
conf_form.offline.data = config.offline
service_status_update_period = config.ldap_update_period
if service_status_update_period and config.ldap_update_period_unit != 's':
service_status_update_period = service_status_update_period * 60
conf_form.ldap_update_period.data = str(service_status_update_period)
#conf_form.use_ip.data = config.use_ip
if config.gluu_version:
conf_form.gluu_version.data = config.gluu_version
if not config.id:
conf_form.use_ldap_cache.data = True
#create fake remote class that provides the same interface with RemoteClient
fc = FakeRemote()
#Getermine local OS type
localos = get_os_type(fc)
app.jinja_env.globals['use_ldap_cache'] = config.use_ldap_cache
return render_template(
'app_config.html',
cform=conf_form,
sform=sch_form,
config=config,
schemafiles=schemafiles,
localos=localos,
external_lb_checked=external_lb_checked,
repo_dir=app.config['GLUU_REPO'],
next=request.args.get('next'),
)
def __configure_stunnel(tid, server, stunnel_conf, chdir, setup_props=None):
"""Sets up Stunnel with given configuration, init or service scripts,
SSL certificate ...etc., for use in a server
:param tid: task id for log identification
:param server: :object:`clustermgr.models.Server` where stunnel needs to be
setup
:param stunnel_conf: list of lines for the stunnel config file
:param chdir: chroot directory to find out the setup.properties file and
extract the required values to generate a SSL certificate
:param setup_props: Optional - location of setup.properties file to get the
details for SSL Cert generation for Stunnel
:return: boolean status fo the operation
"""
wlogger.log(tid, "Setting up stunnel", "info", server_id=server.id)
rc = __get_remote_client(server, tid)
if not rc:
wlogger.log(tid, "Stunnel setup failed", "error", server_id=server.id)
return False
if not server.os:
server.os = get_os_type(rc)
wlogger.log(tid, "Adding init/service scripts of boot time startup",
"info", server_id=server.id)
# replace the /etc/default/stunnel4 to enable start on system startup
local = os.path.join(app.root_path, 'templates', 'stunnel',
'stunnel4.default')
remote = '/etc/default/stunnel4'
rc.upload(local, remote)
if 'CentOS 6' == server.os:
local = os.path.join(app.root_path, 'templates', 'stunnel',
'centos.init')
remote = '/etc/rc.d/init.d/stunnel4'
rc.upload(local, remote)
rc.run("chmod +x {0}".format(remote))
if 'CentOS 7' == server.os or 'RHEL 7' == server.os:
local = os.path.join(app.root_path, 'templates', 'stunnel',
'stunnel.service')
remote = '/lib/systemd/system/stunnel.service'
rc.upload(local, remote)
rc.run("mkdir -p /var/log/stunnel4")
wlogger.log(tid, "Setup auto-start on system boot", "info",
server_id=server.id)
run_and_log(rc, 'systemctl enable redis', tid, server.id)
run_and_log(rc, 'systemctl enable stunnel', tid, server.id)
# setup the certificate file
wlogger.log(tid, "Generating certificate for stunnel ...", "debug",
server_id=server.id)
prop_buffer = StringIO()
if setup_props:
propsfile = setup_props
else:
propsfile = os.path.join(chdir, "install", "community-edition-setup",
"setup.properties.last")
rc.sftpclient.getfo(propsfile, prop_buffer)
prop_buffer.seek(0)
props = dict()
def prop_in(string):
return string.split("=")[1].strip()
for line in prop_buffer:
if re.match('^countryCode', line):
props['country'] = prop_in(line)
if re.match('^state', line):
props['state'] = prop_in(line)
if re.match('^city', line):
props['city'] = prop_in(line)
if re.match('^orgName', line):
props['org'] = prop_in(line)
if re.match('^hostname', line):
props['cn'] = prop_in(line)
if re.match('^admin_email', line):
props['email'] = prop_in(line)
subject = "'/C={country}/ST={state}/L={city}/O={org}/CN={cn}" \
"/emailAddress={email}'".format(**props)
cert_path = "/etc/stunnel/server.crt"
key_path = "/etc/stunnel/server.key"
pem_path = "/etc/stunnel/cert.pem"
cmd = ["/usr/bin/openssl", "req", "-subj", subject, "-new", "-newkey",
"rsa:2048", "-sha256", "-days", "365", "-nodes", "-x509",
"-keyout", key_path, "-out", cert_path]
rc.run(" ".join(cmd))
rc.run("cat {cert} {key} > {pem}".format(cert=cert_path, key=key_path,
pem=pem_path))
# verify certificate
cin, cout, cerr = rc.run("/usr/bin/openssl verify " + pem_path)
if props['cn'] in cout and props['org'] in cout:
wlogger.log(tid, "Certificate generated successfully", "success",
server_id=server.id)
else:
wlogger.log(tid, "/usr/bin/openssl verify " + pem_path, "debug")
wlogger.log(tid, cerr, "cerror")
wlogger.log(tid, "Certificate generation failed. Add a SSL "
"certificate at /etc/stunnel/cert.pem", "error",
server_id=server.id)
# Generate stunnel config
wlogger.log(tid, "Setup stunnel listening and forwarding", "debug",
server_id=server.id)
rc.put_file("/etc/stunnel/stunnel.conf", "\n".join(stunnel_conf))
return True
def setup_proxied(tid):
"""Configures the servers to use the Twemproxy installed in proxy server
for Redis caching securely via stunnel.
:param tid: task id for log identification
:return: None
"""
servers = Server.query.filter(Server.redis.is_(True)).filter(
Server.stunnel.is_(True)).all()
appconf = AppConfiguration.query.first()
chdir = "/opt/gluu-server-" + appconf.gluu_version
stunnel_base_conf = [
"cert = /etc/stunnel/cert.pem",
"pid = /var/run/stunnel.pid",
"output = /var/log/stunnel4/stunnel.log"
]
proxy_stunnel_conf = stunnel_base_conf
twemproxy_servers = []
proxy_ip = socket.gethostbyname(appconf.nginx_host)
primary = Server.query.filter(Server.primary_server.is_(True)).first()
if not primary:
wlogger.log(tid, "Primary Server is not setup yet. Cannot setup "
"clustered caching.", "error")
# Setup Stunnel and Redis in each server
for server in servers:
__update_LDAP_cache_method(tid, server, 'localhost:7000', 'STANDALONE')
stunnel_conf = [
"[redis-server]",
"client = no",
"accept = {0}:7777".format(server.ip),
"connect = 127.0.0.1:6379",
"[twemproxy]",
"client = yes",
"accept = 127.0.0.1:7000",
"connect = {0}:8888".format(proxy_ip)
]
stunnel_conf = stunnel_base_conf + stunnel_conf
status = __configure_stunnel(tid, server, stunnel_conf, chdir)
if not status:
continue
# if the setup was successful add the server to the list of stunnel
# clients in the proxy server configuration
client_conf = [
"[client{0}]".format(server.id),
"client = yes",
"accept = 127.0.0.1:{0}".format(7000+server.id),
"connect = {0}:7777".format(server.ip)
]
proxy_stunnel_conf.extend(client_conf)
twemproxy_servers.append(" - 127.0.0.1:{0}:1".format(7000+server.id))
wlogger.log(tid, "Configuring the proxy server ...")
# Setup Stunnel in the proxy server
mock_server = Server()
mock_server.hostname = appconf.nginx_host
mock_server.ip = proxy_ip
rc = __get_remote_client(mock_server, tid)
if not rc:
wlogger.log(tid, "Couldn't connect to proxy server. Twemproxy setup "
"failed.", "error")
return
mock_server.os = get_os_type(rc)
# Download the setup.properties file from the primary server
local = os.path.join(app.instance_path, "setup.properties")
remote = os.path.join("/opt/gluu-server-"+appconf.gluu_version,
"install", "community-edition-setup",
"setup.properties.last")
prc = __get_remote_client(primary, tid)
prc.download(remote, local)
prc.close()
rc.upload(local, "/tmp/setup.properties")
twem_server_conf = [
"[twemproxy]",
"client = no",
"accept = {0}:8888".format(proxy_ip),
"connect = 127.0.0.1:2222"
]
proxy_stunnel_conf.extend(twem_server_conf)
status = __configure_stunnel(tid, mock_server, proxy_stunnel_conf, None,
"/tmp/setup.properties")
if not status:
return False
# Setup Twemproxy
wlogger.log(tid, "Writing Twemproxy configuration")
twemproxy_conf = [
"alpha:",
" listen: 127.0.0.1:2222",
" hash: fnv1a_64",
" distribution: ketama",
" auto_eject_hosts: true",
" redis: true",
" server_failure_limit: 2",
" timeout: 400",
" preconnect: true",
" servers:"
]
twemproxy_conf.extend(twemproxy_servers)
remote = "/etc/nutcracker/nutcracker.yml"
rc.put_file(remote, "\n".join(twemproxy_conf))
wlogger.log(tid, "Configuration complete", "success")
def wizard_step1(self):
"""Celery task that collects information about server.
:param self: the celery task
:return: the number of servers where both stunnel and redis were installed
successfully
"""
tid = self.request.id
wlogger.log(tid, "Analayzing Current Server")
server = Server.query.filter_by(primary_server=True).first()
app_conf = AppConfiguration.query.first()
c = RemoteClient(server.hostname, ip=server.ip)
try:
c.startup()
wlogger.log(tid, "SSH connection established", 'success')
except:
wlogger.log(tid, "Can't establish SSH connection", 'fail')
wlogger.log(tid, "Ending analyzation of server.", 'error')
return
os_type = get_os_type(c)
server.os = os_type
wlogger.log(tid, "OS type was determined as {}".format(os_type), 'debug')
gluu_version = None
#Determine if a version of gluu server was installed.
r = c.listdir("/opt")
if r[0]:
for s in r[1]:
m = re.search(
'gluu-server-(?P<gluu_version>(\d+).(\d+).(\d+)(.\d+)?)$', s)
if m:
gluu_version = m.group("gluu_version")
app_conf.gluu_version = gluu_version
wlogger.log(
tid,
"Gluu version was determined as {}".format(gluu_version),
'debug')
if not gluu_version:
wlogger.log(tid, "Gluu server was not installed on this server",
'fail')
wlogger.log(tid, "Ending analyzation of server.", 'error')
return
gluu_path = '/opt/gluu-server-{}'.format(gluu_version)
server.gluu_server = True
setup_properties_last = os.path.join(
gluu_path, 'install/community-edition-setup/setup.properties.last')
setup_properties_local = os.path.join(Config.DATA_DIR, 'setup.properties')
result = c.download(setup_properties_last, setup_properties_local)
prop = get_setup_properties()
prop['hostname'] = app_conf.nginx_host
write_setup_properties_file(prop)
if not result.startswith('Download successful'):
wlogger.log(tid, result, 'fail')
wlogger.log(tid, "Ending analyzation of server.", 'error')
return
wlogger.log(tid, "setup.properties file was downloaded", 'debug')
server.ldap_password = prop['ldapPass']
wlogger.log(tid, "LDAP Bind password was identifed", 'success')
db.session.commit()
def install_cache_components(self, method):
"""Celery task that installs the redis, stunnel and twemproxy applications
in the required servers.
Redis and stunnel are installed in all the servers in the cluster.
Twemproxy is installed in the load-balancer/proxy server
:param self: the celery task
:param method: either STANDALONE, SHARDED
:return: the number of servers where both stunnel and redis were installed
successfully
"""
tid = self.request.id
installed = 0
servers = Server.query.all()
for server in servers:
wlogger.log(tid, "Installing Redis in server {0}".format(
server.hostname), "info", server_id=server.id)
ri = RedisInstaller(server, tid)
redis_installed = ri.install()
if redis_installed:
server.redis = True
wlogger.log(tid, "Redis install successful", "success",
server_id=server.id)
else:
server.redis = False
wlogger.log(tid, "Redis install failed", "fail",
server_id=server.id)
wlogger.log(tid, "Installing Stunnel", "info", server_id=server.id)
si = StunnelInstaller(server, tid)
stunnel_installed = si.install()
if stunnel_installed:
server.stunnel = True
wlogger.log(tid, "Stunnel install successful", "success",
server_id=server.id)
else:
server.stunnel = False
wlogger.log(tid, "Stunnel install failed", "fail",
server_id=server.id)
# Save the redis and stunnel install situation to the db
db.session.commit()
if redis_installed and stunnel_installed:
installed += 1
if method != 'STANDALONE':
# No need to install twemproxy for "SHARDED" configuration
return True
# Install twemproxy in the Nginx load balancing proxy server
app_conf = AppConfiguration.query.first()
host = app_conf.nginx_host
rc = RemoteClient(host)
try:
rc.startup()
except Exception as e:
wlogger.log(tid, "Could not connect to {0}".format(e), "error")
return False
server_os = get_os_type(rc)
mock_server = Server()
mock_server.hostname = host
wlogger.log(tid, "Installing Stunnel in proxy server")
si = StunnelInstaller(mock_server, tid)
stunnel_installed = si.install()
if stunnel_installed:
wlogger.log(tid, "Stunnel install successful", "success")
else:
wlogger.log(tid, "Stunnel install failed", "fail")
wlogger.log(tid, "Cluster manager will now try to build Twemproxy")
# 1. Setup the development tools for installation
if server_os in ["Ubuntu 16", "Ubuntu 14"]:
run_and_log(rc, "apt-get update", tid)
run_and_log(rc, "apt-get install -y build-essential autoconf libtool",
tid)
elif server_os in ["CentOS 6", "CentOS 7", "RHEL 7"]:
run_and_log(rc, "yum install -y wget", tid)
run_and_log(rc, "yum groupinstall -y 'Development tools'", tid)
if server_os == "CentOS 6":
run_and_log(rc, "wget http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz",
tid)
run_and_log(rc, "tar xvfvz autoconf-2.69.tar.gz", tid)
run_and_log(rc, "cd autoconf-2.69 && ./configure", tid)
run_and_log(rc, "cd autoconf-2.69 && make", tid)
run_and_log(rc, "cd autoconf-2.69 && make install", tid)
# 2. Get the source, build & install the nutcracker binaries
run_and_log(rc, "wget https://github.com/twitter/twemproxy/archive/v0.4.1.tar.gz",
tid)
run_and_log(rc, "tar -xf v0.4.1.tar.gz", tid)
run_and_log(rc, "cd twemproxy-0.4.1", tid)
run_and_log(rc, "cd twemproxy-0.4.1 && autoreconf -fvi", tid)
run_and_log(rc, "cd twemproxy-0.4.1 && ./configure --prefix=/usr", tid)
run_and_log(rc, "cd twemproxy-0.4.1 && make", tid)
run_and_log(rc, "cd twemproxy-0.4.1 && make install", tid)
# 3. Post installation - setup user and logging
run_and_log(rc, "useradd nutcracker", tid)
run_and_log(rc, "mkdir /var/log/nutcracker", tid)
run_and_log(rc, "touch /var/log/nutcracker/nutcracker.log", tid)
run_and_log(rc, "chown -R nutcracker:nutcracker /var/log/nutcracker",
tid)
logrotate_conf = ["/var/log/nutcracker/nutcracker*.log {", "\tweekly",
"\tmissingok", "\trotate 12", "\tcompress",
"\tnotifempty", "}"]
rc.put_file("/etc/logrotate.d/nutcracker", "\n".join(logrotate_conf))
# 4. Add init/service scripts to run nutcracker as a service
if server_os in ["Ubuntu 16", "CentOS 7", "RHEL 7"]:
local = os.path.join(app.root_path, "templates", "twemproxy",
"twemproxy.service")
remote = "/lib/systemd/system/nutcracker.service"
rc.upload(local, remote)
run_and_log(rc, "systemctl enable nutcracker", tid, None)
elif server_os == "Ubuntu 14":
local = os.path.join(app.root_path, "templates", "twemproxy",
"nutcracker.init")
remote = "/etc/init.d/nutcracker"
rc.upload(local, remote)
run_and_log(rc, 'chmod +x /etc/init.d/nutcracker', tid)
run_and_log(rc, "update-rc.d nutcracker defaults", tid)
elif server_os == "CentOS 6":
local = os.path.join(app.root_path, "templates", "twemproxy",
"nutcracker.centos.init")
remote = "/etc/rc.d/init.d/nutcracker"
rc.upload(local, remote)
run_and_log(rc, "chmod +x /etc/init.d/nutcracker", tid)
run_and_log(rc, "chkconfig --add nutcracker", tid)
run_and_log(rc, "chkconfig nutcracker on", tid)
# 5. Create the default configuration file referenced in the init scripts
run_and_log(rc, "mkdir -p /etc/nutcracker", tid)
run_and_log(rc, "touch /etc/nutcracker/nutcracker.yml", tid)
rc.close()
return installed
def install_local(self):
"""Celery task that installs monitoring components of local machine.
:param self: the celery task
:return: the number of servers where both stunnel and redis were installed
successfully
"""
tid = self.request.id
servers = Server.query.all()
#create fake remote class that provides the same interface with RemoteClient
fc = FakeRemote()
#Getermine local OS type
localos = get_os_type(fc)
wlogger.log(tid,
"Local OS was determined as {}".format(localos),
"success",
server_id=0)
if not localos == 'Alpine':
wlogger.log(tid,
"Installing InfluxDB and Python client",
"info",
server_id=0)
#commands to install influxdb on local machine for each OS type
if 'Ubuntu' in localos:
influx_cmd = [
'DEBIAN_FRONTEND=noninteractive sudo apt-get update',
'DEBIAN_FRONTEND=noninteractive sudo apt-get install -y curl',
'curl -sL https://repos.influxdata.com/influxdb.key | '
'sudo apt-key add -'
]
if '14' in localos:
influx_cmd.append(
'echo "deb https://repos.influxdata.com/ubuntu '
'trusty stable" | sudo tee '
'/etc/apt/sources.list.d/influxdb.list')
elif '16' in localos:
influx_cmd.append(
'echo "deb https://repos.influxdata.com/ubuntu '
'xenial stable" | sudo tee '
'/etc/apt/sources.list.d/influxdb.list')
influx_cmd += [
'DEBIAN_FRONTEND=noninteractive sudo apt-get update',
'DEBIAN_FRONTEND=noninteractive sudo apt-get install influxdb',
'sudo service influxdb start',
'sudo pip install influxdb',
'sudo pip install psutil',
]
elif 'Debian' in localos:
influx_cmd = [
'DEBIAN_FRONTEND=noninteractive sudo apt-get update',
'DEBIAN_FRONTEND=noninteractive sudo apt-get install -y curl',
'curl -sL https://repos.influxdata.com/influxdb.key | '
'sudo apt-key add -'
]
if '7' in localos:
influx_cmd.append(
'echo "deb https://repos.influxdata.com/'
'debian wheezy stable" | sudo tee /etc/apt/sources.list.d/'
'influxdb.list')
elif '8' in localos:
influx_cmd.append(
'echo "deb https://repos.influxdata.com/'
'debian jessie stable" | sudo tee /etc/apt/sources.list.d/'
'influxdb.list')
influx_cmd += [
'sudo apt-get update',
'sudo apt-get -y remove influxdb',
'DEBIAN_FRONTEND=noninteractive sudo apt-get -y install influxdb',
'sudo service influxdb start',
'sudo pip install influxdb',
'sudo pip install psutil',
]
elif localos == 'CentOS 7':
influx_cmd = [
'sudo yum install -y epel-release',
'sudo yum repolist',
'sudo yum install -y curl',
'cat <<EOF | sudo tee /etc/yum.repos.d/influxdb.repo\n'
'[influxdb]\n'
'name = InfluxDB Repository - RHEL \$releasever\n'
'baseurl = https://repos.influxdata.com/rhel/\$releasever/\$basearch/stable\n'
'enabled = 1\n'
'gpgcheck = 1\n'
'gpgkey = https://repos.influxdata.com/influxdb.key\n'
'EOF',
'sudo yum remove -y influxdb',
'sudo yum install -y influxdb',
'sudo service influxdb start',
'sudo pip install psutil',
]
#run commands to install influxdb on local machine
for cmd in influx_cmd:
result = fc.run(cmd)
rtext = "\n".join(result)
if rtext.strip():
wlogger.log(tid, rtext, "debug", server_id=0)
err = False
if result[2].strip():
if not "pip install --upgrade pip" in result[2]:
wlogger.log(tid,
"An error occurrued while executing "
"{}: {}".format(cmd, result[2]),
"error",
server_id=0)
err = True
if not err:
wlogger.log(tid,
"Command was run successfully: {}".format(cmd),
"success",
server_id=0)
wlogger.log(
tid,
"Fixing /etc/influxdb/influxdb.conf for InfluxDB listen localhost",
server_id=0)
fc.run('sudo /etc/init.d/influxdb stop')
fix_influxdb_config()
fc.run('sudo /etc/init.d/influxdb start')
#wait influxdb to start
time.sleep(10)
#Statistics will be written to 'gluu_monitoring' on local influxdb server,
#so we should crerate it.
try:
client = InfluxDBClient(
host='localhost',
port=8086,
)
client.create_database('gluu_monitoring')
wlogger.log(tid,
"InfluxDB database 'gluu_monitoring was created",
"success",
server_id=0)
except Exception as e:
wlogger.log(tid,
"An error occurred while creating InfluxDB database "
"'gluu_monitoring': {}".format(e),
"fail",
server_id=0)
#Flag database that configuration is done for local machine
app_config = AppConfiguration.query.first()
app_config.monitoring = True
db.session.commit()
return True
def remove_monitoring(self, local_id):
"""Celery task that removes monitoring components to remote server.
:param self: the celery task
:return: wether monitoring were removed successfully
"""
tid = self.request.id
installed = 0
servers = Server.query.all()
app_config = AppConfiguration.query.first()
for server in servers:
# 1. Make SSH Connection to the remote server
wlogger.log(tid,
"Making SSH connection to the server {0}".format(
server.hostname),
"info",
server_id=server.id)
c = RemoteClient(server.hostname, ip=server.ip)
try:
c.startup()
except Exception as e:
wlogger.log(tid,
"Cannot establish SSH connection {0}".format(e),
"warning",
server_id=server.id)
wlogger.log(tid,
"Ending server setup process.",
"error",
server_id=server.id)
return False
# 2. remove monitoring directory
result = c.run('rm -r /var/monitoring/')
ctext = "\n".join(result)
if ctext.strip():
wlogger.log(tid, ctext, "debug", server_id=server.id)
wlogger.log(tid, "Directory /var/monitoring/ directory "
"were removed",
"success",
server_id=server.id)
# 3. remove crontab entry to collect data in every 5 minutes
c.run('rm /etc/cron.d/monitoring')
wlogger.log(tid,
"Crontab entry was removed",
"info",
server_id=server.id)
if ('CentOS' in server.os) or ('RHEL' in server.os):
package_cmd = ['service crond restart']
else:
package_cmd = [
'service cron restart',
]
# 4. Executing commands
wlogger.log(tid, "Restarting crontab", "info", server_id=server.id)
for cmd in package_cmd:
result = c.run(cmd)
rtext = "\n".join(result)
if rtext.strip():
wlogger.log(tid, rtext, "debug", server_id=server.id)
server.monitoring = False
# 5. Remove local settings
#create fake remote class that provides the same interface with RemoteClient
fc = FakeRemote()
#Getermine local OS type
localos = get_os_type(fc)
if 'Ubuntu' or 'Debian' in localos:
influx_cmd = [
'sudo apt-get -y remove influxdb',
]
elif localos == 'CentOS 7':
influx_cmd = [
'sudo yum remove -y influxdb',
]
#run commands to install influxdb on local machine
for cmd in influx_cmd:
result = fc.run(cmd)
rtext = "\n".join(result)
if rtext.strip():
wlogger.log(tid, rtext, "debug", server_id=local_id)
#Flag database that configuration is done for local machine
app_config = AppConfiguration.query.first()
app_config.monitoring = False
db.session.commit()
return True
def wizard_step1(self):
"""Celery task that collects information about server.
:param self: the celery task
:return: the number of servers where both stunnel and redis were installed
successfully
"""
tid = self.request.id
wlogger.log(tid, "Analayzing Current Server")
server = Server.query.filter_by(primary_server=True).first()
app_conf = AppConfiguration.query.first()
c = RemoteClient(server.hostname, ip=server.ip)
try:
c.startup()
wlogger.log(tid, "SSH connection established", 'success')
except:
wlogger.log(tid, "Can't establish SSH connection",'fail')
wlogger.log(tid, "Ending analyzation of server.", 'error')
return
os_type = get_os_type(c)
server.os = os_type
wlogger.log(tid, "OS type was determined as {}".format(os_type), 'debug')
gluu_path_version = None
oxauth_version = None
#Determine if a version of gluu server was installed.
r = c.listdir("/opt")
if r[0]:
for s in r[1]:
m=re.search('gluu-server-(?P<gluu_version>(\d+).(\d+).(\d+)(.\d+)?)$',s)
if m:
gluu_path_version = m.group("gluu_version")
wlogger.log(tid, "Gluu path was determined as gluu-server-{}".format(
gluu_path_version), 'debug')
oxauth_path = '/opt/gluu-server-{0}/opt/gluu/jetty/oxauth/webapps/oxauth.war'.format(gluu_path_version)
try:
result = c.run('''python -c "import zipfile;zf=zipfile.ZipFile('{}','r');print zf.read('META-INF/MANIFEST.MF')"'''.format(oxauth_path))
menifest = result[1]
for l in menifest.split('\n'):
ls = l.strip()
if 'Implementation-Version:' in ls:
version = ls.split(':')[1].strip()
oxauth_version = '.'.join(version.split('.')[:3])
wlogger.log(tid, "oxauth version was determined as {}".format(
oxauth_version), 'debug')
app_conf.gluu_version = oxauth_version
break
except:
pass
if not oxauth_version:
wlogger.log(tid, "Error determining oxauth version.", 'debug')
wlogger.log(tid, "Setting gluu version to path version", 'debug')
app_conf.gluu_version = gluu_path_version
if not gluu_path_version:
wlogger.log(tid, "Gluu server was not installed on this server",'fail')
wlogger.log(tid, "Ending analyzation of server.", 'error')
return
gluu_path = '/opt/gluu-server-{}'.format(gluu_path_version)
server.gluu_server = True
setup_properties_last = os.path.join(gluu_path,
'install/community-edition-setup/setup.properties.last')
setup_properties_local = os.path.join(Config.DATA_DIR, 'setup.properties')
result = c.download(setup_properties_last, setup_properties_local)
prop = get_setup_properties()
prop['hostname'] = app_conf.nginx_host
write_setup_properties_file(prop)
if not result.startswith('Download successful'):
wlogger.log(tid, result,'fail')
wlogger.log(tid, "Ending analyzation of server.", 'error')
return
wlogger.log(tid, "setup.properties file was downloaded", 'debug')
server.ldap_password = prop['ldapPass']
wlogger.log(tid, "LDAP Bind password was identifed", 'success')
db.session.commit()
def setup_proxied(tid, server_id_list):
"""Configures the servers to use the Twemproxy installed in proxy server
for Redis caching securely via stunnel.
:param tid: task id for log identification
:return: None
"""
servers = []
for server_id in server_id_list:
qserver = Server.query.filter(Server.redis.is_(True)).filter(
Server.stunnel.is_(True)).filter(Server.id.is_(server_id)).first()
if qserver:
servers.append(qserver)
appconf = AppConfiguration.query.first()
chdir = "/opt/gluu-server-" + appconf.gluu_version
if appconf.external_load_balancer:
cache_ip = appconf.cache_ip
else:
cache_ip = appconf.nginx_ip
primary = Server.query.filter(Server.primary_server.is_(True)).first()
if not primary:
wlogger.log(
tid, "Primary Server is not setup yet. Cannot setup "
"clustered caching.", "error")
# Setup Stunnel and Redis in each server
for server in servers:
#Since replication is active, we only need to update on primary server
if server.primary_server:
__update_LDAP_cache_method(tid, server, 'localhost:7000',
'STANDALONE')
stunnel_conf = [
"cert = /etc/stunnel/cert.pem", "pid = /var/run/stunnel.pid",
"output = /var/log/stunnel4/stunnel.log", "[redis-server]",
"client = no", "accept = {0}:7777".format(server.ip),
"connect = 127.0.0.1:6379", "[twemproxy]", "client = yes",
"accept = 127.0.0.1:7000", "connect = {0}:8888".format(cache_ip)
]
status = __configure_stunnel(tid, server, stunnel_conf, chdir)
if not status:
continue
wlogger.log(tid, "Configuring the cahce server ...")
# Setup Stunnel in the proxy server
mock_server = Server()
if appconf.external_load_balancer:
mock_server.hostname = appconf.cache_host
mock_server.ip = appconf.cache_ip
else:
mock_server.hostname = appconf.nginx_host
mock_server.ip = appconf.nginx_ip
rc = __get_remote_client(mock_server, tid)
if not rc:
wlogger.log(
tid, "Couldn't connect to proxy server. Twemproxy setup "
"failed.", "error")
return
mock_server.os = get_os_type(rc)
if rc.exists('/usr/bin/redis-server') or rc.exists('/bin/redis-server'):
wlogger.log(
tid, "Redis was already installed on server {0}".format(
mock_server.hostname), "info")
else:
wlogger.log(
tid, "Installing Redis in server {0}".format(mock_server.hostname),
"info")
ri = RedisInstaller(mock_server, tid)
redis_installed = ri.install()
if redis_installed:
mock_server.redis = True
wlogger.log(tid, "Redis install successful", "success")
else:
mock_server.redis = False
wlogger.log(tid, "Redis install failed", "fail")
# Download the setup.properties file from the primary server
local = os.path.join(app.instance_path, "setup.properties")
remote = os.path.join("/opt/gluu-server-" + appconf.gluu_version,
"install", "community-edition-setup",
"setup.properties.last")
prc = __get_remote_client(primary, tid)
prc.download(remote, local)
prc.close()
rc.upload(local, "/tmp/setup.properties")
proxy_stunnel_conf = make_proxy_stunnel_conf()
status = __configure_stunnel(tid, mock_server, proxy_stunnel_conf, None,
"/tmp/setup.properties")
if not status:
return False
# Setup Twemproxy
wlogger.log(tid, "Writing Twemproxy configuration")
twemproxy_conf = make_twem_proxy_conf()
remote = "/etc/nutcracker/nutcracker.yml"
rc.put_file(remote, twemproxy_conf)
run_command(tid, rc, 'service nutcracker restart')
wlogger.log(tid, "Configuration complete", "success")
def install_cache_components(self, method, server_id_list):
"""Celery task that installs the redis, stunnel and twemproxy applications
in the required servers.
Redis and stunnel are installed in all the servers in the cluster.
Twemproxy is installed in the load-balancer/proxy server
:param self: the celery task
:param method: either STANDALONE, SHARDED
:return: the number of servers where both stunnel and redis were installed
successfully
"""
tid = self.request.id
installed = 0
servers = []
for server_id in server_id_list:
server = Server.query.get(server_id)
ri = RedisInstaller(server, tid)
ri.rc.startup()
if ri.rc.exists('/usr/bin/redis-server') or ri.rc.exists(
'/bin/redis-server'):
server.redis = True
redis_installed = 1
wlogger.log(tid,
"Redis was already installed on server {0}".format(
server.hostname),
"info",
server_id=server.id)
else:
wlogger.log(tid,
"Installing Redis in server {0}".format(
server.hostname),
"info",
server_id=server.id)
redis_installed = ri.install()
if redis_installed:
server.redis = True
wlogger.log(tid,
"Redis install successful",
"success",
server_id=server.id)
else:
server.redis = False
wlogger.log(tid,
"Redis install failed",
"fail",
server_id=server.id)
si = StunnelInstaller(server, tid)
si.rc.startup()
if si.rc.exists('/usr/bin/stunnel') or si.rc.exists('/bin/stunnel'):
wlogger.log(tid,
"Stunnel was allready installed",
"info",
server_id=server.id)
server.stunnel = True
stunnel_installed = 1
else:
wlogger.log(tid, "Installing Stunnel", "info", server_id=server.id)
stunnel_installed = si.install()
if stunnel_installed:
server.stunnel = True
wlogger.log(tid,
"Stunnel install successful",
"success",
server_id=server.id)
else:
server.stunnel = False
wlogger.log(tid,
"Stunnel install failed",
"fail",
server_id=server.id)
# Save the redis and stunnel install situation to the db
if redis_installed and stunnel_installed:
installed += 1
db.session.commit()
if method != 'STANDALONE':
# No need to install twemproxy for "SHARDED" configuration
return True
# Install twemproxy in the Nginx load balancing proxy server
app_conf = AppConfiguration.query.first()
mock_server = Server()
if app_conf.external_load_balancer:
mock_server.hostname = app_conf.cache_host
mock_server.ip = app_conf.cache_ip
else:
mock_server.hostname = app_conf.nginx_host
mock_server.ip = app_conf.nginx_ip
rc = RemoteClient(mock_server.hostname)
try:
rc.startup()
except Exception as e:
wlogger.log(tid, "Could not connect to {0}".format(e), "error")
return False
server_os = get_os_type(rc)
si = StunnelInstaller(mock_server, tid)
si.rc.startup()
stunnel_installed = 0
if si.rc.exists('/usr/bin/stunnel') or si.rc.exists('/bin/stunnel'):
wlogger.log(tid, "Stunnel was already installed on cache server")
stunnel_installed = 1
else:
wlogger.log(tid, "Installing Stunnel in cache server")
stunnel_installed = si.install()
if stunnel_installed:
wlogger.log(tid, "Stunnel install successful", "success")
else:
wlogger.log(tid, "Stunnel install failed", "fail")
print rc.exists('/usr/sbin/nutcracker')
if not rc.exists('/usr/sbin/nutcracker'):
wlogger.log(tid, "Installing Twemproxy")
# 1. Setup the development tools for installation
if server_os == "Ubuntu 14":
run_and_log(rc, "apt-get update", tid)
run_and_log(
rc,
'wget http://ftp.debian.org/debian/pool/main/n/nutcracker/nutcracker_0.4.0+dfsg-1_amd64.deb -O /tmp/nutcracker_0.4.0+dfsg-1_amd64.deb',
tid)
run_and_log(rc, "dpkg -i /tmp/nutcracker_0.4.0+dfsg-1_amd64.deb",
tid)
elif server_os == "Ubuntu 16":
run_and_log(rc, "apt-get update", tid)
run_and_log(
rc,
"DEBIAN_FRONTEND=noninteractive apt-get install -y nutcracker",
tid)
elif server_os in ["CentOS 7", "RHEL 7"]:
run_and_log(
rc,
'yum install -y https://raw.githubusercontent.com/mbaser/gluu/master/nutcracker-0.4.1-1.gluu.centos7.x86_64.rpm',
tid)
run_and_log(rc, 'chkconfig nutcracker on', tid)
elif server_os in ['CentOS 6', 'RHEL 6']:
run_and_log(
rc,
'yum install -y https://raw.githubusercontent.com/mbaser/gluu/master/nutcracker-0.4.1-1.gluu.centos6.x86_64.rpm',
tid)
run_and_log(rc, 'chkconfig nutcracker on', tid)
# 5. Create the default configuration file referenced in the init scripts
#run_and_log(rc, "mkdir -p /etc/nutcracker", tid)
run_and_log(rc, "touch /etc/nutcracker/nutcracker.yml", tid)
else:
wlogger.log(tid, "Twemproxy was already installed on cache server")
rc.close()
return installed
