def create_site_base(name, folder, username): """ Create an empty Plone site installation and corresponding UNIX user. Each sites has its own subfolder /srv/plone/xxx. """ check_known_environment() base_folder = os.path.dirname(folder) create_base(base_folder) create_plone_unix_user(username) # Enable friendly give_user_ztanesh(username) with sudo: print "Creating a Plone site %s folder %s for UNIX user %s" % (name, folder, username) install("-d", folder) reset_permissions(username, folder) create_site_initd_script(name, folder, username) print "Site base (re)created: %s" % folder
def main(): args = parse_args() if args.outdir == KEY_DIR: sh.install("-m", "700", "-d", KEY_DIR) mrenclave_path = os.path.join(args.outdir, "mrenclave") with open(args.MANIFEST_SIGNATURE_FILE, "rb") as f: mrenclave = f.read()[MRENCLAVE_OFFSET:MRENCLAVE_OFFSET + MRENCLAVE_SIZE] with open(mrenclave_path, "w+") as f: f.write(mrenclave.hex())
def main(): args = parse_args() if args.outdir == KEY_DIR: sh.install("-m", "700", "-d", KEY_DIR) pubkey_path = os.path.join(args.outdir, "challenger_public.key") privkey_path = os.path.join(args.outdir, "challenger_private.key") if os.path.exists(pubkey_path): raise FileExistsError("File %r already exists" % pubkey_path) if os.path.exists(privkey_path): raise FileExistsError("File %r already exists" % privkey_path) public_key, private_key = crypto.generate_ecdh_key_pair() with open(pubkey_path, "w+") as pubkey_file: pubkey_file.write(public_key.hex()) with open(privkey_path, "w+") as privkey_file: privkey_file.write(private_key.hex())
def create_base(folder): """ Create multisite Plone hosting infrastructure on a server.. Host sites at /srv/plone or chosen cache_folder Each folder has a file called buildout.cfg which is the production buildout file for this site. This might not be a real file, but a symlink to a version controlled file under /srv/plone/xxx/src/yoursitecustomization.policy/production.cfg. Log rotate is performed using a global UNIX log rotate script: http://opensourcehacker.com/2012/08/30/autodiscovering-log-files-for-logrotate/ :param folder: Base installation folder for all the sites e.g. /srv/plone """ from sh import apt_get with sudo: # Return software we are going to need in any case # Assumes Ubuntu / Debian # More info: https://github.com/miohtama/ztanesh if (not which("zsh")) or (not which("git")) or (not which("gcc")): # Which returs zero on success print "Installing OS packages" apt_get("update") apt_get("install", "-y", *PACKAGES) # Create base folder if not os.path.exists(folder): print "Creating installation base %s" % folder install(folder, "-d") # Create nightly restart cron job if os.path.exists("/etc/cron.d"): print "(Re)setting all sites nightly restart cron job" echo(CRON_TEMPLATE, _out=CRON_JOB) create_python_env(folder)
def copy_site_files(source, target): """ Rsync all non-regeneratable Plone files. We also *must* not copy some files as they would mess up running the buildout on the new target. http://plone.org/documentation/kb/copying-a-plone-site """ # Make sure we can SSH into to the box without interaction ssh_handshake(source) print "Syncing site files from old site %s" % source from sh import rsync # XXX: --progress here is too verbose, rsync having multiple file transfer indicator? rsync("-a", "--compress-level=9", "--inplace", "--exclude", "*.lock", # Data.fs.lock, instance.lock "--exclude", "*.pid", "--exclude", "*.log", # A lot of text data we probably don't need on the new server "--exclude", "var/log/*", # Old rotated log files "--exclude", "eggs", "--exclude", "downloads", # Redownload "--exclude", "parts", # Buildout always regenerates this folder "--exclude", "bin", # old bin/ scripts may not regenereate, point to Py interpreter on the old server "--exclude", ".installed.cfg", # Otherwise does not regenerate zeoserver "--exclude", ".mr.developer.cfg", "--exclude", "*.old", # Data.fs.old "%s/*" % source, target, _out=_unbuffered_stdout, _err=_unbuffered_stdout, _out_bufsize=0).wait() # Rercreate regeneratable folders install("-d", "%s/eggs" % target) install("-d", "%s/parts" % target) install("-d", "%s/downloads" % target) install("-d", "%s/bin" % target)
# Link graphene's pal launcher to /usr/bin/graphene-pal pal = "/usr/bin/graphene-pal" if not os.path.islink(pal): subprocess.check_call( ["ln", "-s", os.path.join(GRAPHENE_DIR, "Runtime/pal-Linux-SGX"), pal]) # Create sgx group (if it doesn't exist) try: sh.groupadd(config.GROUP) except sh.ErrorReturnCode_9: pass # Create the config directory sh.install("-m", "750", "-g", config.GROUP, "-d", config.CONFIG_DIR) # Create the data directory sh.install("-m", "770", "-g", config.GROUP, "-d", config.DATA_DIR) # Create the sealed directory sh.install("-m", "770", "-g", config.GROUP, "-d", config.SEALED_DIR) # Copy sgx-ra-manager to `/usr/local/bin/`. # We don't include sgx-ra-manager in the `scripts` argument to setup(), because setup() creates a script # which uses run_script() to execute the actual script, thereby ignoring our custom shebang to run python3-sgx. sh.cp("scripts/sgx-ra-manager", "/usr/local/bin/") # Copy sealing manifest to config directory sh.cp("config/sealing", config.CONFIG_DIR)
def install_plone(name, folder, unix_user, python, version, mode, port): """ Installs a new Plone site using best practices. """ from sh import git, bash, install, touch, rm if os.path.exists(folder) and not os.path.exists(os.path.join(folder, "buildout.cfg")): sys.exit("%s exists, but seems to lack buildout.cfg. Please remove first." % folder) # Create buildout structure using create_instance.py if not os.path.exists(os.path.join(folder, "buildout.cfg")): # Resolve the latest version if version == "latest": version = get_plone_versions()[0] # Checkout installer files from the Github temp_folder = tempfile.mkdtemp() installer_folder = os.path.join(temp_folder, "plone-unified-installer-%s" % version) plone_home = os.path.join(temp_folder, "plone-fake-home") print "Getting Plone installer" if not os.path.exists(installer_folder): git("clone", "git://github.com/plone/Installers-UnifiedInstaller.git", installer_folder) print "Checking out Plone installer version from Git %s" % version bash("-c", "cd %(installer_folder)s && git checkout %(version)s" % locals()) # The following is needed to satisfy create_instance.py Distribute egg look-up # It assumes distribute and zc.buildout eggs in a predefined location. # We spoof these eggs as they are not going to be used in real. cache_folder = os.path.join(plone_home, "buildout-cache", "eggs") install("-d", cache_folder) touch(os.path.join(cache_folder, "zc.buildout-dummy.egg")) touch(os.path.join(cache_folder, "distribute-dummy.egg")) python = Command(python) # Run installer python( \ os.path.join(installer_folder, "helper_scripts", "create_instance.py"), "--uidir", installer_folder, "--plone_home", plone_home, "--instance_home", folder, "--daemon_user", unix_user, "--buildout_user", unix_user, "--run_buildout", "0", "--itype", mode, '--install_lxml', "no", _out=_unbuffered_stdout, _err=_unbuffered_stdout ).wait() # Delete our Github installer checkout and messy files rm("-rf", temp_folder) # Integrate with LSB create_site_base(name, folder, unix_user) # Restrict FS access over what unified installer did for us reset_permissions(unix_user, folder) # Run buildout... we should be able to resume from errors with sudo(H=True, i=True, u=unix_user, _with=True): fix_buildout(folder) set_buildout_port(os.path.join(folder, "buildout.cfg"), mode, port) # We mod the buildout to disable shared cache, # as we don't want to share ../buildout-cache/egs with other UNIX users # on this server rebootstrap_site(name, folder, python) # Check we got it up an running Plone installation check_startup(name, folder, unix_user)