Initial version

Author: the-glu

.gitignore

@@ -0,0 +1,4 @@
+
+*.pyc
+
+config.py

README.md

@@ -1,4 +1,26 @@
 azimut-deploy
 =============
 
-Azimut's fabric scripts
+Azimut's fabric scripts. MIT license.
+
+To be used with azimut-gestion tool !
+
+## Setup
+
+Copy `config.py.dist` to `config.py` and edit values if needed.
+
+Some scripts except configuration files (for vim, zsh, etc.), who should be in the `AZIMUT_CONFIG` folder. You can find our files (https://github.com/Azimut-Prod/azimut-config)[here].
+
+## Scripts available
+
+### server
+
+The main task to setup a server is `server.setup`. You can execute special tasks, use `fab --list` for the full list.
+
+`Zsh` is used for the default shell. The setup script try to install the keymanager, a tool from azimut-gestion. You can skip this part if you don't want to use it.
+
+For all details, check documentation of azimut-gestion !
+
+### owncloud
+
+Can be used to quickly setup an owncloud server. Use `fab owncloud.setup_owncloud` to setup a new server. Sub tasks of the setup can be executed, use `fab --list` to get the full list.

config.py.dist

@@ -0,0 +1,3 @@
+SSH_KEY = '~/.ssh/id_rsa'
+
+AZIMUT_CONFIG = '../azimut-config/'

fabfile.py

@@ -0,0 +1,15 @@
+from fabric.api import *
+
+output.stdout = True
+
+# Config
+import config
+
+env.key_filename = config.SSH_KEY
+
+
+# Import server tools
+import server
+
+# Import owncloud deployement tools
+import owncloud

files/owncloud/owncloud.conf

@@ -0,0 +1,77 @@
+<VirtualHost *:80>
+	ServerAdmin webmaster@localhost
+
+	DocumentRoot /var/www/owncloud/
+	<Directory />
+		Options FollowSymLinks
+		AllowOverride None
+	</Directory>
+	<Directory /var/www/owncloud/>
+		Options Indexes FollowSymLinks MultiViews
+		AllowOverride all
+		Order allow,deny
+		allow from all
+	</Directory>
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+
+	# Possible values include: debug, info, notice, warn, error, crit,
+	# alert, emerg.
+	LogLevel warn
+
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+</VirtualHost>
+
+## SSL
+
+<VirtualHost *:443>
+	ServerAdmin webmaster@localhost
+
+	DocumentRoot /var/www/owncloud/
+	<Directory />
+		Options FollowSymLinks
+		AllowOverride None
+	</Directory>
+	<Directory /var/www/owncloud/>
+		Options Indexes FollowSymLinks MultiViews
+		AllowOverride all
+		Order allow,deny
+		allow from all
+	</Directory>
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+
+	# Possible values include: debug, info, notice, warn, error, crit,
+	# alert, emerg.
+	LogLevel warn
+
+	CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
+
+	#   SSL Engine Switch:
+	#   Enable/Disable SSL for this virtual host.
+	SSLEngine on
+
+	#   A self-signed (snakeoil) certificate can be created by installing
+	#   the ssl-cert package. See
+	#   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
+	#   If both key and certificate are stored in the same file, only the
+	#   SSLCertificateFile directive is needed.
+	SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
+	SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+
+	<FilesMatch "\.(cgi|shtml|phtml|php)$">
+		SSLOptions +StdEnvVars
+	</FilesMatch>
+	<Directory /usr/lib/cgi-bin>
+		SSLOptions +StdEnvVars
+	</Directory>
+
+	BrowserMatch "MSIE [2-6]" \
+		nokeepalive ssl-unclean-shutdown \
+		downgrade-1.0 force-response-1.0
+	# MSIE 7 and newer should be able to use keepalive
+	BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+</VirtualHost>

files/updateKeys.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+
+SERVER='%(server)s'
+USERS="%(users)s"
+
+baseURL='http://XXX/keymanager/servers/getKeys/'
+
+for usr in $USERS; do
+
+    homedir=`eval "echo ~$usr"`
+
+
+    wget -O $homedir/.ssh/authorized_keys2.temp -o /dev/null $baseURL$SERVER/$usr/
+    echo "" >> $homedir/.ssh/authorized_keys2.temp
+
+
+    if grep -q  AUTOMATIQUE $homedir/.ssh/authorized_keys2.temp
+    then
+        mv $homedir/.ssh/authorized_keys2.temp $homedir/.ssh/authorized_keys2
+    fi
+
+done

owncloud.py

@@ -0,0 +1,55 @@
+from fabric.api import *
+from fabric.contrib.files import upload_template
+
+#import time
+#import config
+
+@task
+def setup_owncloud():
+	"""Install a new owncloud server"""
+
+	execute(setup_repo)
+	execute(install)
+	execute(configure_locale)
+	execute(configure_apache)
+
+@task
+def setup_repo():
+	"""Setup the owncloud repository"""
+
+	sudo("echo 'deb http://download.opensuse.org/repositories/isv:ownCloud:community/Debian_7.0/ /' >> /etc/apt/sources.list.d/owncloud.list")
+	sudo("wget http://download.opensuse.org/repositories/isv:ownCloud:community/Debian_7.0/Release.key -O - | apt-key add -")
+	sudo("apt-get -y update")
+
+@task
+def install():
+	"""Install the owncloud package and his depencencies"""
+	sudo("apt-get -y install apache2 php5 php5-gd php-xml-parser php5-intl php5-mysql smbclient curl libcurl3 php5-curl owncloud")
+
+
+@task
+def configure_locale():
+	"""Configure locales for VM without"""
+	sudo("echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen")
+	sudo("locale-gen")
+
+@task
+def configure_apache():
+	"""Configure apache to work with owncloud"""
+
+	# Disable default site
+	sudo("a2dissite 000-default")
+
+	# Enable needed apache modules
+	sudo("a2enmod rewrite")
+	sudo("a2enmod headers")
+	sudo("a2enmod ssl")
+
+	# Copy config
+	put('files/owncloud/owncloud.conf', '/etc/apache2/sites-available/')
+
+	# Enable site
+	sudo("a2ensite owncloud.conf")
+
+	# Restart apache
+	sudo("service apache2 restart")

server.py

@@ -0,0 +1,152 @@
+from fabric.api import *
+from fabric.contrib.files import upload_template
+
+import time
+import config
+
+
+@task
+def uname():
+    """Execute uname"""
+    run("uname -a")
+
+
+@task
+def upgrade():
+    """Upgrade a sever"""
+    sudo("apt-get update -y")
+    sudo("apt-get upgrade -y")
+    sudo("apt-get dist-upgrade -y")
+
+@task
+def install_sudo():
+    """Install the sudo programm. Need to be runned with root"""
+    run("apt-get update")
+    run("apt-get install -y sudo")
+
+
+@task
+def reboot():
+    """Reboot a machine"""
+    x = 5
+    while x > 0:
+        print "Rebooting", env.host, "in", x, "seconds..."
+        time.sleep(1)
+        x -= 1
+    sudo("reboot")
+
+@task
+def shutdown():
+    """Shutdown a machine"""
+    x = 5
+    while x > 0:
+        print "Shutdowning", env.host, "in", x, "seconds..."
+        time.sleep(1)
+        x -= 1
+    sudo("halt")
+
+
+@task
+def copy_key_manager():
+    """Copy the script for keymanagement [$AG:NeedKM]"""
+
+    if not hasattr(env, 'keymanagerName') or env.keymanagerName == '':
+        print "No keymanager name !"
+        return
+
+    upload_template('files/updateKeys.sh', '/root/updateKeys.sh', {
+            'server': env.keymanagerName,
+            'users': env.keyManagerUsers,
+        }, use_sudo=True)
+
+    sudo("chmod +x /root/updateKeys.sh")
+
+
+@task
+def cron_key_manager():
+    """Install the crontab for the keymanagement"""
+    sudo('touch /tmp/crondump')
+    with settings(warn_only=True):
+        sudo('crontab -l > /tmp/crondump')             
+    sudo('echo " 42 * * * * /root/updateKeys.sh" >> /tmp/crondump')
+    sudo('crontab /tmp/crondump')
+
+
+@task
+def setup_key_manager():
+    """Setup the key manager [$AG:NeedKM]"""
+    run('mkdir -p ~/.ssh/')
+    sudo('apt-get install -y ca-certificates')
+    copy_key_manager()
+    cron_key_manager()
+    execute_key_manger()
+
+
+@task
+def execute_key_manger():
+    """Execute the keyManager"""
+    sudo("/root/updateKeys.sh")
+
+
+@task
+def copy_config():
+    """Copy config files"""
+
+    put(config.AZIMUT_CONFIG + '/.vim*', '~')
+    put(config.AZIMUT_CONFIG + '/.screenrc', '~')
+    put(config.AZIMUT_CONFIG + '/.zshrc', '~')
+
+@task
+def copy_user_config():
+    """Copy the config for a user [$AG:NeedUser]"""
+
+    if not hasattr(env, 'fab_user') or env.fab_user == '':
+        return
+
+    put(config.AZIMUT_CONFIG + '/.vim*', '/home/' + env.fab_user + '/')
+    put(config.AZIMUT_CONFIG + '/.screenrc', '/home/' + env.fab_user + '/')
+    put(config.AZIMUT_CONFIG + '/.zshrc-user', '/home/' + env.fab_user + '/.zshrc')
+
+
+@task
+def install_base_progs():
+    """Install base programms"""
+
+    sudo('apt-get install -y zsh screen vim')
+
+
+@task
+def switch_shell_to_zsh():
+    """Change the shell to ZSH"""
+    run('chsh -s /bin/zsh')
+
+@task
+def install_rsync():
+    """Install rsync"""
+    sudo("apt-get install rsync")
+
+@task
+def add_gestion_for_self_vms():
+    """Add a host for it2d vm so they can access the server [$AG:NeedGestion]"""
+
+    if not hasattr(env, 'gestion_ip') or env.gestion_ip == '':
+        return 
+    sudo('echo "' + env.gestion_ip + ' ' + env.gestion_name + '" >> /etc/hosts')
+  
+@task
+def setup():
+    """Setup a new server [$AG:NeedKM][$AG:NeedGestion]"""
+
+    execute(install_sudo)
+    execute(upgrade)
+    execute(install_base_progs)
+    execute(add_gestion_for_self_vms)
+    execute(copy_config)
+    execute(switch_shell_to_zsh)
+    execute(install_rsync)
+
+    if not hasattr(env, 'keymanagerName') or env.keymanagerName == '':
+        prompt("Key manager name ?", 'keymanagerName')
+        prompt("Key manager users ?", 'keyManagerUsers', 'root')
+
+    execute(setup_key_manager)