def configure_node_exporter(state, host, enable_service=True, extra_args=None): op_name = 'Ensure node_exporter service is running' if enable_service: op_name = '{0} and enabled'.format(op_name) if host.fact.linux_distribution['major'] >= 16: # Setup node_exporter init generate_service = files.template( name='Upload the node_exporter systemd unit file', src=get_template_path('node_exporter.service.j2'), dest='/etc/systemd/system/node_exporter.service', extra_args=extra_args, state=state, host=host, ) init.systemd( name=op_name, service='node_exporter', running=True, restarted=generate_service.changed, daemon_reload=generate_service.changed, enabled=enable_service, state=state, host=host, ) elif host.fact.linux_distribution['major'] == 14: generate_service = files.template( name='Upload the node_exporter init.d file', src=get_template_path('init.d.j2'), dest='/etc/init.d/node_exporter', mode=755, ex_name='node_exporter', ex_bin_dir=host.data.node_exporter_bin_dir, ex_user=host.data.node_exporter_user, extra_args=extra_args, state=state, host=host, ) # Start (/enable) the prometheus service init.d( name=op_name, service='node_exporter', running=True, restarted=generate_service.changed, reloaded=generate_service.changed, enabled=enable_service, state=state, host=host, )
def configure_prometheus(state, host, enable_service=True, extra_args=None): # Configure prometheus generate_config = files.template( name='Upload the prometheus config file', src=get_template_path('prometheus.yml.j2'), dest='/etc/default/prometheus.yml', state=state, host=host, ) op_name = 'Ensure prometheus service is running' if enable_service: op_name = '{0} and enabled'.format(op_name) restart = generate_config.changed if extra_args and ('--web.enable-lifecycle' in extra_args): restart = False hit_reload_endpoint = True else: hit_reload_endpoint = False # Setup prometheus init if host.fact.linux_distribution['major'] >= 16: generate_service = files.template( name='Upload the prometheus systemd unit file', src=get_template_path('prometheus.service.j2'), dest='/etc/systemd/system/prometheus.service', extra_args=extra_args, state=state, host=host, ) # Start (/enable) the prometheus service init.systemd( name=op_name, service='prometheus', running=True, restarted=restart, enabled=enable_service, daemon_reload=generate_service.changed, state=state, host=host, ) # This has to happen after the service reload if hit_reload_endpoint: server.shell( commands='curl -X POST http://localhost:9090/-/reload', state=state, host=host, ) elif host.fact.linux_distribution['major'] == 14: generate_service = files.template( name='Upload the prometheus init.d file', src=get_template_path('init.d.j2'), dest='/etc/init.d/prometheus', extra_args=extra_args, state=state, host=host, ) # Start (/enable) the prometheus service init.d( name=op_name, service='prometheus', running=True, restarted=restart, reloaded=generate_service.changed, enabled=enable_service, state=state, host=host, )
name='Ensure the `{}` exists'.format(grub_dir), path=grub_dir, ) files.template( name='Create a templated file', src='templates/grub.cfg.j2', dest='{}/grub.cfg'.format(grub_dir), ) # configure dnsmasq files.template( name='Create dnsmasq configuration file', src='templates/dnsmasq.conf.j2', dest='/etc/dnsmasq.conf', pxe_server=pxe_server, dns_server=dns_server, interface=interface, dhcp_start=dhcp_start, dhcp_end=dhcp_end, tftp_dir=tftp_dir, ) init.systemd( name='Restart and enable dnsmasq', service='dnsmasq', running=True, restarted=True, enabled=True, )
def configure_exporter( state, host, ex_url, ex_user='******', ex_bin_dir='/usr/local/bin', enable_service=True, extra_args=None, ): ex_name, ex_bin_name = _get_names(ex_url) # Start (/enable) the node_exporter service op_name = 'Ensure exporter service is running' if enable_service: op_name = '{0} and enabled'.format(op_name) if host.fact.linux_distribution['major'] >= 16: # Setup node_exporter init generate_service = files.template( name='Upload the {} systemd unit file'.format(ex_name), src=get_template_path('exporter.service.j2'), dest='/etc/systemd/system/{}.service'.format(ex_bin_name), ex_name=ex_name, ex_bin_dir=ex_bin_dir, ex_user=ex_user, extra_args=extra_args, state=state, host=host, ) init.systemd( name=op_name, service=ex_bin_name, running=True, restarted=generate_service.changed, reloaded=generate_service.changed, enabled=enable_service, daemon_reload=generate_service.changed, state=state, host=host, ) elif host.fact.linux_distribution['major'] == 14: generate_service = files.template( name='Upload the {} init.d file'.format(ex_name), src=get_template_path('init.d.j2'), dest='/etc/init.d/{}'.format(ex_name), mode=755, ex_name=ex_name, ex_bin_dir=ex_bin_dir, ex_user=ex_user, extra_args=extra_args, state=state, host=host, ) # Start (/enable) the prometheus service init.d( name=op_name, service=ex_name, running=True, restarted=generate_service.changed, reloaded=generate_service.changed, enabled=enable_service, state=state, host=host, )
'/netboot/nfs', '/netboot/tftp/pxelinux.cfg', '/mnt', '/netboot/nfs/ubuntu1804', '/netboot/tftp/ubuntu1804', ] for dir in dirs: files.directory( {'Ensure the directory `{}` exists'.format(dir)}, dir, ) init.systemd( {'Restart and enable dnsmasq'}, 'dnsmasq', running=True, restarted=True, enabled=True, ) files.line( {'Ensure /netboot/nfs is in /etc/exports'}, '/etc/exports', r'/netboot/nfs .*', replace='/netboot/nfs *(ro,sync,no_wdelay,insecure_locks,' 'no_root_squash,insecure,no_subtree_check)', ) server.shell( {'Make share available'}, 'exportfs -a',
# I think it should only show as changed if there really was a difference. # Might have to add a suffix to the sed -i option, then move file only if # there is a diff. Maybe? tune = files.line( {'Tune the puppet server jvm to only use 1gb'}, '/etc/sysconfig/puppetserver', r'^JAVA_ARGS=.*$', replace='JAVA_ARGS=\\"-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.' 'jruby_utils.jruby.Slf4jLogger\\"', ) if install.changed or config.changed or tune.changed: init.systemd( {'Restart and enable puppetserver'}, 'puppetserver', running=True, restarted=True, enabled=True, ) if host in agents: yum.packages( {'Install puppet agent'}, ['puppet-agent'], ) files.template( {'Manage the puppet agent configuration'}, 'templates/agent_puppet.conf.j2', '/etc/puppetlabs/puppet/puppet.conf',
# I think it should only show as changed if there really was a difference. # Might have to add a suffix to the sed -i option, then move file only if # there is a diff. Maybe? tune = files.line( name='Tune the puppet server jvm to only use 1gb', path='/etc/sysconfig/puppetserver', line=r'^JAVA_ARGS=.*$', replace='JAVA_ARGS=\\"-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.' 'jruby_utils.jruby.Slf4jLogger\\"', ) if install.changed or config.changed or tune.changed: init.systemd( name='Restart and enable puppetserver', service='puppetserver', running=True, restarted=True, enabled=True, ) if host in agents: yum.packages( name='Install puppet agent', packages=['puppet-agent'], ) files.template( name='Manage the puppet agent configuration', src='templates/agent_puppet.conf.j2', dest='/etc/puppetlabs/puppet/puppet.conf',
from pyinfra.operations import init, server SUDO = True init.systemd( name='Disable ufw', service='ufw', running=False, enabled=False, ) server.reboot( name='Reboot the server', delay=5, timeout=30, ) server.shell( name='Ensure ufw is not running', commands='systemctl status ufw', success_exit_codes=[3], )
from pyinfra.operations import init, server init.systemd( name="Disable ufw", service="ufw", running=False, enabled=False, ) server.reboot( name="Reboot the server", delay=5, timeout=30, ) server.shell( name="Ensure ufw is not running", commands="systemctl status ufw", success_exit_codes=[3], )
from pyinfra import config, host, inventory from pyinfra.operations import init, puppet, server config.SUDO = True config.USE_SUDO_LOGIN = True if host in inventory.get_group("master_servers"): server.script_template( name="Sign the agent, if needed", src="templates/sign_agent.bash.j2", ) if host in inventory.get_group("agent_servers"): init.systemd( name="Temp stop puppet agent so we can ensure a good run", service="puppet", running=False, ) # Either 'USE_SUDO_LOGIN=True' or 'USE_SU_LOGIN=True' for # puppet.agent() as `puppet` is added to the path in # the .bash_profile. # We also expect a return code of: # 0=no changes or 2=changes applied puppet.agent( name="Run the puppet agent", success_exit_codes=[0, 2], )
'/web/index.htm', '/web/index.html', ) # Note: Allowing sudo to python is not a very secure. files.line( {'Ensure myweb can run /usr/bin/python3 without password'}, '/etc/sudoers', r'myweb .*', replace='myweb ALL=(ALL) NOPASSWD: /usr/bin/python3', ) server.shell( {'Check that sudoers file is ok'}, 'visudo -c', ) init.systemd( {'Restart and enable myweb'}, 'myweb', running=True, restarted=True, enabled=True, daemon_reload=True, ) server.wait( {'Wait until myweb starts'}, port=80, )
'/netboot/nfs', '/netboot/tftp/pxelinux.cfg', '/mnt', '/netboot/nfs/ubuntu1804', '/netboot/tftp/ubuntu1804', ] for dir in dirs: files.directory( name='Ensure the directory `{}` exists'.format(dir), path=dir, ) init.systemd( name='Restart and enable dnsmasq', service='dnsmasq', running=True, restarted=True, enabled=True, ) files.line( name='Ensure /netboot/nfs is in /etc/exports', path='/etc/exports', line=r'/netboot/nfs .*', replace='/netboot/nfs *(ro,sync,no_wdelay,insecure_locks,' 'no_root_squash,insecure,no_subtree_check)', ) server.shell( name='Make share available', commands='exportfs -a',
"/netboot/nfs", "/netboot/tftp/pxelinux.cfg", "/mnt", "/netboot/nfs/ubuntu1804", "/netboot/tftp/ubuntu1804", ] for dir in dirs: files.directory( name="Ensure the directory `{}` exists".format(dir), path=dir, ) init.systemd( name="Restart and enable dnsmasq", service="dnsmasq", running=True, restarted=True, enabled=True, ) files.line( name="Ensure /netboot/nfs is in /etc/exports", path="/etc/exports", line=r"/netboot/nfs .*", replace="/netboot/nfs *(ro,sync,no_wdelay,insecure_locks," "no_root_squash,insecure,no_subtree_check)", ) server.shell( name="Make share available", commands="exportfs -a",
path='/web/index.htm', target='/web/index.html', ) # Note: Allowing sudo to python is not a very secure. files.line( name='Ensure myweb can run /usr/bin/python3 without password', path='/etc/sudoers', line=r'myweb .*', replace='myweb ALL=(ALL) NOPASSWD: /usr/bin/python3', ) server.shell( name='Check that sudoers file is ok', commands='visudo -c', ) init.systemd( name='Restart and enable myweb', service='myweb', running=True, restarted=True, enabled=True, daemon_reload=True, ) server.wait( name='Wait until myweb starts', port=80, )
# I think it should only show as changed if there really was a difference. # Might have to add a suffix to the sed -i option, then move file only if # there is a diff. Maybe? tune = files.line( name="Tune the puppet server jvm to only use 1gb", path="/etc/sysconfig/puppetserver", line=r"^JAVA_ARGS=.*$", replace='JAVA_ARGS=\\"-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.' 'jruby_utils.jruby.Slf4jLogger\\"', ) if install.changed or config.changed or tune.changed: init.systemd( name="Restart and enable puppetserver", service="puppetserver", running=True, restarted=True, enabled=True, ) if host in agents: yum.packages( name="Install puppet agent", packages=["puppet-agent"], ) files.template( name="Manage the puppet agent configuration", src="templates/agent_puppet.conf.j2", dest="/etc/puppetlabs/puppet/puppet.conf",
from pyinfra import host, inventory from pyinfra.operations import init, puppet, server SUDO = True USE_SUDO_LOGIN = True if host in inventory.get_group('master_servers'): server.script_template( name='Sign the agent, if needed', src='templates/sign_agent.bash.j2', ) if host in inventory.get_group('agent_servers'): init.systemd( name='Temp stop puppet agent so we can ensure a good run', service='puppet', running=False, ) # Either 'USE_SUDO_LOGIN=True' or 'USE_SU_LOGIN=True' for # puppet.agent() as `puppet` is added to the path in # the .bash_profile. # We also expect a return code of: # 0=no changes or 2=changes applied puppet.agent( name='Run the puppet agent', success_exit_codes=[0, 2], )
sudo=True, peers=host.data.peers, ) postgresql.role( name='Create hockeypuck database role', role='hockeypuck', login=True, sudo=True, sudo_user='******', ) postgresql.database( name='Create the hockeypuck database', database='hockeypuck', owner='hockeypuck', encoding='UTF8', sudo=True, sudo_user='******', ) init.systemd( name='Start hockeypuck service', service='hockeypuck', running=True, restarted=True, enabled=True, daemon_reload=True, sudo=True, )
name="Ensure the `{}` exists".format(grub_dir), path=grub_dir, ) files.template( name="Create a templated file", src="templates/grub.cfg.j2", dest="{}/grub.cfg".format(grub_dir), ) # configure dnsmasq files.template( name="Create dnsmasq configuration file", src="templates/dnsmasq.conf.j2", dest="/etc/dnsmasq.conf", pxe_server=pxe_server, dns_server=dns_server, interface=interface, dhcp_start=dhcp_start, dhcp_end=dhcp_end, tftp_dir=tftp_dir, ) init.systemd( name="Restart and enable dnsmasq", service="dnsmasq", running=True, restarted=True, enabled=True, )
{'Ensure the `{}` exists'.format(grub_dir)}, grub_dir, ) files.template( {'Create a templated file'}, 'templates/grub.cfg.j2', '{}/grub.cfg'.format(grub_dir), ) # configure dnsmasq files.template( {'Create dnsmasq configuration file'}, 'templates/dnsmasq.conf.j2', '/etc/dnsmasq.conf', pxe_server=pxe_server, dns_server=dns_server, interface=interface, dhcp_start=dhcp_start, dhcp_end=dhcp_end, tftp_dir=tftp_dir, ) init.systemd( {'Restart and enable dnsmasq'}, 'dnsmasq', running=True, restarted=True, enabled=True, )
from pyinfra import host, inventory from pyinfra.operations import init, puppet, server SUDO = True USE_SUDO_LOGIN = True if host in inventory.get_group('master_servers'): server.script_template( {'Sign the agent, if needed'}, 'templates/sign_agent.bash.j2', ) if host in inventory.get_group('agent_servers'): init.systemd( {'Temp stop puppet agent so we can ensure a good run'}, 'puppet', running=False, ) # Either 'USE_SUDO_LOGIN=True' or 'USE_SU_LOGIN=True' for # puppet.agent() as `puppet` is added to the path in # the .bash_profile. # We also expect a return code of: # 0=no changes or 2=changes applied puppet.agent( {'Run the puppet agent'}, success_exit_codes=[0, 2], )
from pyinfra.operations import init, server SUDO = True init.systemd( {'Disable ufw'}, 'ufw', running=False, enabled=False, ) server.reboot( {'Reboot the server'}, delay=5, timeout=30, ) server.shell( {'Ensure ufw is not running'}, 'systemctl status ufw', success_exit_codes=[3], )