def configure_etcd(state, host, enable_service=True):
# Setup etcd init
generate_service = files.template(
state,
host,
{'Upload the etcd systemd unit file'},
get_template_path('etcd.service.j2'),
'/etc/systemd/system/etcd.service',
)
# Configure etcd
files.template(
state,
host,
{'Upload the etcd env file'},
get_template_path('etcd.conf.j2'),
'{{ host.data.etcd_env_file }}',
# Cluster (peers)
cluster_node_urls=get_cluster_node_urls(state.inventory),
get_urls=get_urls,
)
# Start (/enable) the etcd service
op_name = 'Ensure etcd service is running'
if enable_service:
op_name = '{0} and enabled'.format(op_name)
init.systemd(
state,
host,
{op_name},
'etcd',
enabled=enable_service,
daemon_reload=generate_service.changed,
)
def configure_prometheus(state, host, enable_service=True):
# Setup prometheus init
generate_service = files.template(
state,
host,
{'Upload the prometheus systemd unit file'},
get_template_path('prometheus.service.j2'),
'/etc/systemd/system/prometheus.service',
)
# Configure prometheus
files.template(
state,
host,
{'Upload the prometheus config file'},
get_template_path('prometheus.yml.j2'),
'/etc/default/prometheus.yml',
)
# Start (/enable) the prometheus service
op_name = 'Ensure prometheus service is running'
if enable_service:
op_name = '{0} and enabled'.format(op_name)
init.systemd(
state,
host,
{op_name},
'prometheus',
restarted=True,
enabled=enable_service,
daemon_reload=generate_service.changed,
)
def configure_node_exporter(state, host, enable_service=True, extra_args=None):
op_name = 'Ensure node_exporter service is running'
if enable_service:
op_name = '{0} and enabled'.format(op_name)
if host.fact.linux_distribution['major'] >= 16:
# Setup node_exporter init
generate_service = files.template(
state,
host,
{'Upload the node_exporter systemd unit file'},
get_template_path('node_exporter.service.j2'),
'/etc/systemd/system/node_exporter.service',
extra_args=extra_args,
)
init.systemd(
state,
host,
{op_name},
'node_exporter',
running=True,
restarted=generate_service.changed,
daemon_reload=generate_service.changed,
enabled=enable_service,
)
elif host.fact.linux_distribution['major'] == 14:
generate_service = files.template(
state,
host,
{'Upload the node_exporter init.d file'},
get_template_path('init.d.j2'),
'/etc/init.d/node_exporter',
mode=755,
ex_name='node_exporter',
ex_bin_dir=host.data.node_exporter_bin_dir,
ex_user=host.data.node_exporter_user,
extra_args=extra_args,
)
# Start (/enable) the prometheus service
init.d(
state,
host,
{op_name},
'node_exporter',
running=True,
restarted=generate_service.changed,
reloaded=generate_service.changed,
enabled=enable_service,
)
def configure_node_exporter(state, host, enable_service=True):
# Setup node_exporter init
generate_service = files.template(
state,
host,
{'Upload the node_exporter systemd unit file'},
get_template_path('node_exporter.service.j2'),
'/etc/systemd/system/node_exporter.service',
)
# Start (/enable) the node_exporter service
op_name = 'Ensure node_exporter service is running'
if enable_service:
op_name = '{0} and enabled'.format(op_name)
init.systemd(
state,
host,
{op_name},
'node_exporter',
enabled=enable_service,
daemon_reload=generate_service.changed,
)
# I think it should only show as changed if there really was a difference.
# Might have to add a suffix to the sed -i option, then move file only if
# there is a diff. Maybe?
tune = files.line(
{'Tune the puppet server jvm to only use 1gb'},
'/etc/sysconfig/puppetserver',
r'^JAVA_ARGS=.*$',
replace='JAVA_ARGS=\\"-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.'
'jruby_utils.jruby.Slf4jLogger\\"',
)
if install.changed or config.changed or tune.changed:
init.systemd(
{'Restart and enable puppetserver'},
'puppetserver',
running=True,
restarted=True,
enabled=True,
)
if host in agents:
yum.packages(
{'Install puppet agent'},
['puppet-agent'],
)
files.template(
{'Manage the puppet agent configuration'},
'templates/agent_puppet.conf.j2',
'/etc/puppetlabs/puppet/puppet.conf',
'/netboot/nfs',
'/netboot/tftp/pxelinux.cfg',
'/mnt',
'/netboot/nfs/ubuntu1804',
'/netboot/tftp/ubuntu1804',
]
for dir in dirs:
files.directory(
{'Ensure the directory `{}` exists'.format(dir)},
dir,
)
init.systemd(
{'Restart and enable dnsmasq'},
'dnsmasq',
running=True,
restarted=True,
enabled=True,
)
files.line(
{'Ensure /netboot/nfs is in /etc/exports'},
'/etc/exports',
r'/netboot/nfs .*',
replace='/netboot/nfs *(ro,sync,no_wdelay,insecure_locks,'
'no_root_squash,insecure,no_subtree_check)',
)
server.shell(
{'Make share available'},
'exportfs -a',
{'Ensure the `{}` exists'.format(grub_dir)},
grub_dir,
)
files.template(
{'Create a templated file'},
'templates/grub.cfg.j2',
'{}/grub.cfg'.format(grub_dir),
)
# configure dnsmasq
files.template(
{'Create dnsmasq configuration file'},
'templates/dnsmasq.conf.j2',
'/etc/dnsmasq.conf',
pxe_server=pxe_server,
dns_server=dns_server,
interface=interface,
dhcp_start=dhcp_start,
dhcp_end=dhcp_end,
tftp_dir=tftp_dir,
)
init.systemd(
{'Restart and enable dnsmasq'},
'dnsmasq',
running=True,
restarted=True,
enabled=True,
)
os.chdir(os.path.dirname('./' + __file__))
cwd = os.path.abspath('.')
project_root = os.path.abspath('../..')
apt.packages(
{'Install prometheus'},
['prometheus'],
latest=True,
sudo=True,
)
files.put(
{'Install prometheus config'},
'prometheus.yml',
'/etc/prometheus/prometheus.yml',
mode='644',
user='******',
group='root',
sudo=True,
)
init.systemd(
{'Restart prometheus service'},
'prometheus',
running=True,
restarted=True,
enabled=True,
sudo=True,
)
from pyinfra import host, inventory
from pyinfra.modules import init, puppet, server
SUDO = True
USE_SUDO_LOGIN = True
if host in inventory.get_group('master_servers'):
server.script_template(
{'Sign the agent, if needed'},
'templates/sign_agent.bash.j2',
)
if host in inventory.get_group('agent_servers'):
init.systemd(
{'Temp stop puppet agent so we can ensure a good run'},
'puppet',
running=False,
)
# Either 'USE_SUDO_LOGIN=True' or 'USE_SU_LOGIN=True' for
# puppet.agent() as `puppet` is added to the path in
# the .bash_profile.
# We also expect a return code of:
# 0=no changes or 2=changes applied
puppet.agent(
{'Run the puppet agent'},
success_exit_codes=[0, 2],
)
from pyinfra.modules import init, server
SUDO = True
init.systemd(
{'Disable ufw'},
'ufw',
running=False,
enabled=False,
)
server.reboot(
{'Reboot the server'},
delay=5,
timeout=30,
)
server.shell(
{'Ensure ufw is not running'},
'systemctl status ufw',
success_exit_codes=[3],
)
latest=True,
sudo=True,
)
postgresql.role(
{'Create hockeypuck database role'},
'hockeypuck',
login=True,
sudo=True,
sudo_user='******',
)
postgresql.database(
{'Create the hockeypuck database'},
'hockeypuck',
owner='hockeypuck',
encoding='UTF8',
sudo=True,
sudo_user='******',
)
init.systemd(
{'Start hockeypuck service'},
'hockeypuck',
running=True,
restarted=True,
enabled=True,
daemon_reload=True,
sudo=True,
)
'/web/index.htm',
'/web/index.html',
)
# Note: Allowing sudo to python is not a very secure.
files.line(
{'Ensure myweb can run /usr/bin/python3 without password'},
'/etc/sudoers',
r'myweb .*',
replace='myweb ALL=(ALL) NOPASSWD: /usr/bin/python3',
)
server.shell(
{'Check that sudoers file is ok'},
'visudo -c',
)
init.systemd(
{'Restart and enable myweb'},
'myweb',
running=True,
restarted=True,
enabled=True,
daemon_reload=True,
)
server.wait(
{'Wait until myweb starts'},
port=80,
)