示例#1
0
def create_accounts(users=None, default_password=None,
                    groups=None, admin=False):
    """
    Create accounts with same settings

    Default section: accounts, admin

    :param users: List of users
    :type users: str, list
    :param default_password: Their default password ( in ``admin`` )
    :type default_password: str
    :param groups: List or string of comma separated groups
    :type groups: list, str
    :param admin: Should be users admins or not
    :type admin: bool
    """

    opts = dict(
        users=users
                or get_envvar('usernames',section='accounts')
                or err("Users must be set"),
        default_password=default_password
                or get_envvar('default_password',section='accounts,admin')
                or err("Default_password must be set"),
        groups=groups
                or get_envvar('groups',section='accounts'),
        admin=admin or get_envvar('admin',section='accounts')
    )

    for username in opts["users"]:
        create_account(username, default_password=opts["default_password"], admin=opts["admin"])
示例#2
0
def configure_mysql_backups(password=None, time=None):
    """Example task for mysql backups"""
    opts = dict(
        password=password
                or get_envvar('password',section='mysql',envdefault='default_password')
                or err("No password for mysql set"),
        time=time
                or get_envvar('time',section='mysql')
                or err("No backup time for mysql set")
    )
    # configure daily dumps of all databases
    sudo('mkdir /var/backups/mysql')
    sudo("echo %(time)s mysqldump -u root -p%(password)s --all-databases | gzip > /var/backups/mysql/mysqldump_$(date +%%Y-%%m-%%d).sql.gz' > /etc/cron.d/mysqldump" % opts)
示例#3
0
def install_unattended_upgrades(email=None):
    """
    Configure Ubuntu to automatically install security updates.

    Default section: admin

    :param email: email where you want to receive info about updates
    :type email: str
    """

    opts = dict(
        email=email or get_envvar("email", section="admin")
                    or err('env.email must be set'),
    )

    apt_get('unattended-upgrades')
    sed('/etc/apt/apt.conf.d/50unattended-upgrades',
        '//Unattended-Upgrade::Mail "root@localhost";',
        'Unattended-Upgrade::Mail "%(email)s";' % opts,
        use_sudo=True)

    sed('/etc/apt/apt.conf.d/10periodic',
        'APT::Periodic::Download-Upgradeable-Packages "0";',
        'APT::Periodic::Download-Upgradeable-Packages "1";',
        use_sudo=True)

    sed('/etc/apt/apt.conf.d/10periodic',
        'APT::Periodic::AutocleanInterval "0";',
        'APT::Periodic::AutocleanInterval "7";',
        use_sudo=True)

    append('/etc/apt/apt.conf.d/10periodic',
           'APT::Periodic::Unattended-Upgrade "1";',
           use_sudo=True)
示例#4
0
def apt_get(pkg_name, repo=None):
    """
    Install package

    :param pkg_name: Name or list of packages
    :type pkg_name: list, str
    :param repo: Optional repository to use
    :type repo: str
    """

    opts = dict(
        pkg_name = pkg_name or err("Pkg_name must be set"),
        repo = repo
    )

    if opts["repo"]:
        sudo("apt-add-repository -y %(repo)s"% opts)

    if repo:
        with settings(state_skip=False):
            sudo("apt-get update")

    if isinstance(opts["pkg_name"], basestring):
        sudo("apt-get -yq install %(pkg_name)s" % opts)
        provide("admin.packages.".join(opts["pkg_name"].split()))
    else:
        sudo("apt-get -yq install", " ".join(opts["pkg_name"]))
        provide("admin.packages.".join(opts["pkg_name"]))
示例#5
0
def install_badvpn(path=None):
    """Installs and configures badvpn client and server"""
    opts= dict(
            cert_folder = "/etc/badvpn/nssdb",
            path=path or env.get('path') or err('env.path must be set')
            )

    """Install package"""
    core.apt_get("badvpn","ppa:ambrop7/badvpn")
    core.apt_get(["libnss3-tools"])

    """Install all configs"""
    sudo("cp /etc/init.d/badvpn-server /etc/init.d/badvpn-client")
    upload_template_jinja2("%(path)s/etc/init/badvpn-client" % opts,
             "/etc/init/badvpn-client", use_sudo=True)
    dir_ensure(opts["cert_folder"], recursive=True)
    upload_template_jinja2("%(path)s/etc/badvpn/badvpn-client" % opts,
             "/etc/badvpn/badvpn-client", use_sudo=True)
    sudo("ln -s /etc/badvpn/badvpn-client /etc/default/badvpn-client")
    upload_template_jinja2("%(path)s/etc/badvpn/badvpn-server" % opts,
             "/etc/badvpn/badvpn-server", use_sudo=True)
    sudo("ln -s /etc/badvpn/badvpn-server /etc/default/badvpn-server")

    """Create cert database"""
    put("%(path)s/ca.pem" % opts, "~/")
    sudo("certutil -d sql:%(cert_folder)s -N" % opts)
    sudo('certutil -d sql:%(cert_folder)s -A -t "CT,," -n "vpnca" -i ~/ca.pem' % opts)
示例#6
0
def install_rkhunter(email=None):
    """
    Install and configure RootKit Hunter

    Default section: admin

    :param email: Email to send reports
    :type email: str
    """
    opts = dict(
        email=email
                or get_envvar('email',section='admin')
                or err('Email must be set'),
    )

    # install RKHunter
    apt_get('rkhunter')

    # send emails on warnings
    uncomment('/etc/rkhunter.conf', '#MAIL-ON-WARNING=me@mydomain   root@mydomain', use_sudo=True)
    sed('/etc/rkhunter.conf', 'me@mydomain   root@mydomain', opts['email'], use_sudo=True)

    # ignore some Ubuntu specific files
    uncomment('/etc/rkhunter.conf', '#ALLOWHIDDENDIR=\/dev\/.udev', use_sudo=True)
    uncomment('/etc/rkhunter.conf', '#ALLOWHIDDENDIR=\/dev\/.static', use_sudo=True)
    uncomment('/etc/rkhunter.conf', '#ALLOWHIDDENDIR=\/dev\/.initramfs', use_sudo=True)
示例#7
0
def configure_finch(home=None, username=None):
    """Configures finch, console client port of pidign"""
    opts = dict(
        home=home or env.get('home') or err("env.home must be set"),
        username=username or env.get('username') or err("env.username must be set")
    )

    #Account and preferences
    dir_ensure("/home/%(username)s/.purple" % opts)
    upload_template_jinja2("%(home)s/.purple/prefs.xml" % opts, 
            "/home/%(username)s/.purple/prefs.xml" % opts)
    upload_template_jinja2("%(home)s/.purple/accounts.xml" % opts, 
            "/home/%(username)s/.purple/accounts.xml" % opts)

    #Mouse support
    upload_template_jinja2("%(home)s/.gntrc" % opts, "/home/%(username)s/.gntrc" % opts)
示例#8
0
def configure_bacula_client(path=None):
    """Upload configuration for Bacula File Deamon (client)
    and restart it."""
    opts = dict(
        path=path or env.get('path') or err('env.path must be set'),
    )

    upload_template_jinja2('%(path)s/etc/bacula-fd.conf' % opts, '/etc/bacula/bacula-fd.conf', use_sudo=True)
    sudo('service bacula-fd restart')
示例#9
0
def configure_aiccu(path=None):
    "Configures aiccu. Hartbeat monitor for sixxs ipv6 tunnel"
    opts = dict(
        path=path or env.get('path') or err("env.path must be set"),
    )

    upload_template_jinja2("%(path)s/etc/aiccu.conf" % opts, "/etc/aiccu.conf")
    sudo("/etc/init.d/aiccu restart")
    sudo("update-rc.d aiccu defaults")
示例#10
0
def add_to_bacula_master(shortname=None, path=None, bacula_host_string=None):
    """Add this server's Bacula client configuration to Bacula master."""
    opts = dict(
        shortname=shortname or env.get('shortname') or err('env.shortname must be set'),
        path=path or env.get('path') or err('env.path must be set'),
        bacula_host_string=bacula_host_string or env.get('bacula_host_string') or err('env.bacula_host_string must be set')
    )

    with settings(host_string=opts['bacula_host_string']):

        # upload project-specific configuration
        upload_template_jinja2(
            '%(path)s/etc/bacula-master.conf' % opts,
            '/etc/bacula/clients/%(shortname)s.conf' % opts,
            use_sudo=True)

        # reload bacula master configuration
        sudo("service bacula-director restart")
示例#11
0
def configure_nginx(path=None):
    """Upload Nginx configuration and restart Nginx so this configuration takes
    effect."""
    opts = dict(
        path=path or env.get('path') or err("env.path must be set"),
    )

    if os.path.exists("%(path)s/etc/nignx/nginx.conf"):
        upload_template_jinja2("%(path)s/etc/nignx/nginx.conf" % opts,
                '/etc/nginx/nginx.conf', use_sudo=True)
        sudo('service nginx restart')
示例#12
0
def set_hostname(ip=None, hostname=None):
    """
    Set server's hostname

    Default section: network

    :param ip: ip
    :type ip: str
    :param hostname: hostname
    :type hostname: str
    """

    opts = dict(
        ip=ip or get_envvar("ip",section="network")
              or err("env.server_ip must be set"),
        hostname=hostname or get_envvar("hostname",section="network")
              or err("env.hostname must be set"),
    )

    sudo('echo "\n%(server_ip)s %(hostname)s" >> /etc/hosts' % opts)
    sudo('echo "%(hostname)s" > /etc/hostname' % opts)
    sudo('hostname %(hostname)s' % opts)
示例#13
0
def configure_dnsmasq(path=None):
    """
    Configures local dns server

    :param path: Template folder
    :type path: str
    """
    opts = dict(
        path=path or env.get('path') or err("env.path must be set"),
    )

    upload_template_jinja2("%(path)s/etc/dnsmasq.con" % opts,
            '/etc/dnsmasq.conf', use_sudo=True)
    sudo('service nginx restart')
示例#14
0
def add_startup(service=None):
    """
    Adds service to startup

    :param service: Name of the service in /etc/init.d/
    :type service: str
    """
    opts = dict(
        service=service or err("Service must be set")
        )

    if isinstance(opts["sevice"], (tuple, list, dict, set)):
        for service in opts["service"]:
            sudo("update-rc.d %s defaults", service)
            provide("startup.%s" % service)
    else:
        sudo("update-rc.d %(service)s defaults" % opts)
        provide("startup.%(service)s" % opts)
示例#15
0
def generate_selfsigned_ssl(hostname=None):
    """Generate self-signed SSL certificates and provide them to Nginx."""
    opts = dict(
        hostname=hostname 
                or get_envvar('hostname',section='nginx')
                or err("Hostname must be set"),
    )

    if not exists('mkdir /etc/nginx/certs'):
        sudo('mkdir /etc/nginx/certs')

    sudo('openssl genrsa -des3 -out server.key 2048')
    sudo('openssl req -new -key server.key -out server.csr')
    sudo('cp server.key server.key.password')
    sudo('openssl rsa -in server.key.password -out server.key')
    sudo('openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt')
    sudo('cp server.crt /etc/nginx/certs/%(hostname)s.crt' % opts)
    sudo('cp server.key /etc/nginx/certs/%(hostname)s.key' % opts)
示例#16
0
def install_network_config(path=None):
    """
    Installs network configuration, using jinja2 template and adds networking to
    startup.

    .. note:: This function won't restart your network by itself.

    :param path: Path to your template folder
    :type path: str
    """

    opts = dict(
            path=path or env.get("path") or err('env.path must be set')
            )

    upload_template_jinja2("%(path)/etc/network/interfaces" % opts,
                           "/etc/network/interfaces")
    add_startup("networking")
示例#17
0
def configure_avahi(path=None):
    """Configure avahi for mdns support"""
    opts = dict(
        path = path or env.get("path") or err("env.path must be set")
    )

    upload_template_jinja2("%(path)s/etc/avahi/avahi-daemon.conf" % opts,
                    "/etc/avahi/avahi-daemon.conf")

    #Allow other domains
    upload_template_jinja2("%(path)s/etc/mdns.allow" % opts,
                    "/etc/mdns.allow")

    #For ipv6 mdns support
    upload_template_jinja2("%(path)s/etc/nsswitch.conf" % opts,
                    "/etc/nsswitch.conf")

    sudo("service avahi-daemon restart")
示例#18
0
def install_sendmail(email=None):
    """
    Prepare a localhost SMTP server for sending out system notifications
    to admins

    Default section: admin

    :param email: Email to send reports
    :type email: str
    """
    opts = dict(
        email=email
                or get_envvar('email',section='admin')
                or err('Email must be set'),
    )

    # install sendmail
    apt_get('sendmail')

    # all email should be sent to maintenance email
    append('/etc/aliases', 'root:           %(email)s' % opts, use_sudo=True)
示例#19
0
def configure_ufw(rules=None):
    """
    Configures Uncomplicated Firewall.

    Default section: ufw,network

    :param rules: list of firewall rules
    :type rules: list, str
    """

    # reset rules so we start from scratch
    sudo('ufw --force reset')

    rules = rules or get_envvar("rules", section="ufw,network") \
                     or err("env.rules must be set")
    for rule in rules:
        sudo(rule)

    # re-enable firewall and print rules
    sudo('ufw --force enable')
    sudo('ufw status verbose')
示例#20
0
def upload_template(location, use_sudo=True):
    """
    Uploads template using jinja2

    Idea is that your local template is located in a same relative path as on
    remote side. To make this work you have to set `env.path` to your location
    of templates.

    .. note::
        This function should be called as task using execute fabric api.
        Otherwise use :py:func:`easydeploy.core.upload_template_jinja2`.

    :param location: Local and remote path to template
    :type location: str
    :param use_sudo: Should we use sudo
    :type use_sudo: bool

    :returns: Whatever upload_template returns
    """

    path= env.get("path") or err("env.path must be set")
    return upload_template_jinja2(os.path.join(path,location), location, use_sudo)
示例#21
0
def raid_monitoring(email=None):
    """
    Configure monitoring of our RAID-1 field. If anything goes wrong,
    send an email!

    Default section: admin

    :param email: Email to send reports
    :type email: str
    """
    opts = dict(
        email=email
                or get_envvar('email',section='admin')
                or err('Email must be set'),
    )

    # enable email notifications from mdadm raid monitor
    append('/etc/mdadm/mdadm.conf', 'MAILADDR %(email)s' % opts, use_sudo=True)

    # enable email notification for SMART disk monitoring
    apt_get('smartmontools')
    uncomment('/etc/default/smartmontools', '#start_smartd=yes', use_sudo=True)
示例#22
0
def configure_bacula_master(path=None):
    """Upload configuration files for Bacula Master."""
    opts = dict(
        path=path or env.get('path') or err('env.path must be set'),
    )

    upload_template_jinja2('%(path)s/etc/bacula-dir.conf' % opts,
                    '/etc/bacula/bacula-dir.conf',
                    use_sudo=True)
    upload_template_jinja2('%(path)s/etc/pool_defaults.conf' % opts,
                    '/etc/bacula/pool_defaults.conf',
                use_sudo=True)
    upload_template_jinja2('%(path)s/etc/pool_full_defaults.conf' % opts,
                '/etc/bacula/pool_full_defaults.conf',
                use_sudo=True)
    upload_template_jinja2('%(path)s/etc/pool_diff_defaults.conf' % opts,
                '/etc/bacula/pool_diff_defaults.conf',
                use_sudo=True)
    upload_template_jinja2('%(path)s/etc/pool_inc_defaults.conf' % opts,
                '/etc/bacula/pool_inc_defaults.conf',
                use_sudo=True)

    sudo('service bacula-director restart')
示例#23
0
def install_mysql(password=None):
    """
    Install MySQL database server

    Default section: mysql

    :param password: Root mysql password ( ``envdefault="default_password"`` )
    :type password: str
    """

    opts = dict(
        password=password
                or get_envvar('password',section='mysql',envdefault='default_password')
                or err("No password for mysql set")
    )

    # first set root password in advance so we don't get the package
    # configuration dialog
    sudo('echo "mysql-server-5.0 mysql-server/root_password password %(password)s" | debconf-set-selections' % opts)
    sudo('echo "mysql-server-5.0 mysql-server/root_password_again password %(password)s" | debconf-set-selections' % opts)

    # install MySQL along with php drivers for it
    apt_get('mysql-server mysql-client')