Added inventory for nextcloud, postgres and ubuntu.

development
Shawn Davis 3 years ago
parent 6df9a6f2fa
commit d4935af4e0
  1. 234
      sandbox/cli.py
  2. 180
      scripttease/data/inventory/nextcloud/steps.ini
  3. 28
      scripttease/data/inventory/nextcloud/templates/httpd.conf
  4. 23
      scripttease/data/inventory/nextcloud/variables.ini
  5. 2
      scripttease/data/inventory/pgsql/steps.ini
  6. 8
      scripttease/data/inventory/pgsql/templates/pg_hba.conf
  7. 3
      scripttease/data/inventory/pgsql/variables.ini
  8. 3
      scripttease/data/inventory/radicale/steps.ini
  9. 2
      scripttease/data/inventory/ubuntu/steps.ini
  10. 10
      scripttease/data/inventory/ubuntu/templates/sshd_config
  11. 15
      scripttease/lib/contexts.py
  12. 4
      scripttease/lib/snippets/posix.py
  13. 4
      scripttease/lib/snippets/ubuntu.py

@ -0,0 +1,234 @@
#! /usr/bin/env python
from argparse import ArgumentParser, RawDescriptionHelpFormatter
from commonkit import highlight_code, smart_cast
from commonkit.logging import LoggingHelper
from commonkit.shell import EXIT
import sys
sys.path.insert(0, "../")
from scripttease.constants import LOGGER_NAME
from scripttease.lib.contexts import load_variables, Context
from scripttease.lib.loaders.ini import INILoader
from scripttease.lib.loaders.yaml import YMLLoader
from scripttease.version import DATE as VERSION_DATE, VERSION
DEBUG = 10
logging = LoggingHelper(colorize=True, name=LOGGER_NAME)
log = logging.setup()
def execute():
"""Process script configurations."""
__author__ = "Shawn Davis <shawn@develmaycare.com>"
__date__ = VERSION_DATE
__help__ = """NOTES
This command is used to parse configuration files and output the commands.
"""
__version__ = VERSION + "+new"
# Main argument parser from which sub-commands are created.
parser = ArgumentParser(description=__doc__, epilog=__help__, formatter_class=RawDescriptionHelpFormatter)
parser.add_argument(
"path",
default="steps.ini",
nargs="?",
help="The path to the configuration file."
)
parser.add_argument(
"-c",
"--color",
action="store_true",
dest="color_enabled",
help="Enable code highlighting for terminal output."
)
parser.add_argument(
"-C=",
"--context=",
action="append",
dest="variables",
help="Context variables for use in pre-parsing the config and templates. In the form of: name:value"
)
parser.add_argument(
"-d",
"--docs",
action="store_true",
dest="docs_enabled",
help="Output documentation instead of code."
)
parser.add_argument(
"-D",
"--debug",
action="store_true",
dest="debug_enabled",
help="Enable debug output."
)
parser.add_argument(
"-f=",
"--filter=",
action="append",
dest="filters",
help="Filter the commands in the form of: attribute:value"
)
parser.add_argument(
"-o=",
"--option=",
action="append",
dest="options",
help="Common command options in the form of: name:value"
)
parser.add_argument(
"-P=",
"--profile=",
choices=["centos", "ubuntu"],
default="ubuntu",
dest="profile",
help="The OS profile to use."
)
parser.add_argument(
"-T=",
"--template-path=",
action="append",
dest="template_locations",
help="The location of template files that may be used with the template command."
)
parser.add_argument(
"-w=",
"--write=",
dest="output_file",
help="Write the output to disk."
)
parser.add_argument(
"-V=",
"--variables-file=",
dest="variables_file",
help="Load variables from a file."
)
# Access to the version number requires special consideration, especially
# when using sub parsers. The Python 3.3 behavior is different. See this
# answer: http://stackoverflow.com/questions/8521612/argparse-optional-subparser-for-version
parser.add_argument(
"-v",
action="version",
help="Show version number and exit.",
version=__version__
)
parser.add_argument(
"--version",
action="version",
help="Show verbose version information and exit.",
version="%(prog)s" + " %s %s by %s" % (__version__, __date__, __author__)
)
# Parse arguments.
args = parser.parse_args()
if args.debug_enabled:
log.setLevel(DEBUG)
log.debug("Namespace: %s" % args)
# Create the global context.
context = Context()
if args.variables_file:
variables = load_variables(args.variables_file)
for v in variables:
context.variables[v.name] = v
if args.variables:
for token in args.variables:
try:
key, value = token.split(":")
context.add(key, smart_cast(value))
except ValueError:
context.add(token, True)
# Capture filters.
if args.filters:
filters = dict()
for token in args.filters:
key, value = token.split(":")
if key not in filters:
filters[key] = list()
filters[key].append(value)
# Handle options.
options = dict()
if args.options:
for token in args.options:
try:
key, value = token.split(":")
options[key] = smart_cast(value)
except ValueError:
options[token] = True
# Load the commands.
if args.path.endswith(".ini"):
loader = INILoader(
args.path,
context=context,
locations=args.template_locations,
profile=args.profile,
**options
)
elif args.path.endswith(".yml"):
loader = YMLLoader(
args.path,
context=context,
locations=args.template_locations,
profile=args.profile,
**options
)
else:
log.error("Unsupported file format: %s" % args.path)
exit(EXIT.ERROR)
# noinspection PyUnboundLocalVariable
if not loader.load():
exit(EXIT.ERROR)
# Generate output.
if args.docs_enabled:
pass
else:
commands = list()
for snippet in loader.get_snippets():
statement = snippet.get_statement()
if statement is not None:
commands.append(statement)
commands.append("")
if args.color_enabled:
print(highlight_code("\n".join(commands), language="bash"))
else:
print("\n".join(commands))
exit(EXIT.OK)
if __name__ == '__main__':
execute()

@ -0,0 +1,180 @@
[update system repos]
system.update:
[install apache]
install: apache2
[install certbot]
install: certbot
[make sure a maintenance root exists]
mkdir: /var/www/maint/www
group: {{ apache_group }}
owner: {{ apache_user }}
recursive: yes
[disable the default site]
apache.disable: 000-default
[install postgres]
install: postgresql
[install php and related resources]
install: $item
items: php, libapache2-mod-php, php-pgsql
[install php modules]
install: $item
items: php-curl, php-dom, php-gd, php-json, php-mbstring, php-pdo-pgsql, php-zip
[create the document root for the domain]
dir: /var/www/{{ domain_tld }}/www
group: {{ apache_group }}
owner: {{ apache_user }}
recursive: yes
[prevent browsing of document root]
file: /var/www/{{ domain_tld }}/www/index.html
group: {{ apache_group }}
owner: {{ apache_user }}
[create the initial apache config file]
template: httpd.conf /etc/apache2/sites-available/{{ domain_name }}.conf
[enable the site]
apache.enable: {{ domain_name }}
[enable mod rewrite]
apache.enable_module: rewrite
[enable SSL engine]
apache.enable_module: ssl
[enable php ctype]
run: "phpenmod ctype"
[enable php curl]
run: "phpenmod curl"
[enable php dom]
run: "phpenmod dom"
[enable php GD]
run: "phpenmod gd"
[enable php JSON]
run: "phpenmod json"
[enable php PGSQL]
run: "phpenmod pdo_pgsql"
[enable php SimpleXML]
run: "phpenmod simplexml"
[enable php posix]
run: "phpenmod posix"
[enable php XMLReader]
run: "phpenmod xmlreader"
[enable php XMLWriter]
run: "phpenmod xmlwriter"
[enable php zip]
run: "phpenmod zip"
;PHP module libxml (Linux package libxml2 must be >=2.7.0)
;php -i | grep -i libxml
; https://askubuntu.com/questions/323005/php-openssl-extension-has-a-package
; php -i | grep -i openssl
;PHP module openssl
;php -i | grep -i openssl
;PHP module session
;php -i | grep -i zlib
;PHP module zlib
[reload apache]
apache.reload:
[get an SSL cert]
ssl: {{ domain_name }}
email: {{ webmaster_email }}
[create the SSL version of the apache config file]
template: httpd.conf /etc/apache2/sites-available/{{ domain_name }}.conf
ssl_enabled: yes
[restart apache]
apache.restart:
[create the install path for nextcloud]
dir: /var/www/{{ domain_tld }}/www{{ install_path }}
group: {{ apache_group }}
owner: {{ apache_user }}
recursive: yes
[get the nextcloud installer]
run: "wget https://download.nextcloud.com/server/installer/setup-nextcloud.php"
cd: /var/www/{{ domain_tld }}/www{{ install_path }}
; createuser -U postgres -DRS {{ install_path }}_nextcloud
; createdb -U postgres -O diff6_nextcloud diff6_nextcloud
; psql -U postgres -c "ALTER USER diff6_nextcloud WITH ENCRYPTED PASSWORD '******'"
; https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html
; Recommended packages:
;
;PHP module fileinfo (highly recommended, enhances file analysis performance)
;
;PHP module bz2 (recommended, required for extraction of apps)
;
;PHP module intl (increases language translation performance and fixes sorting of non-ASCII characters)
;
;Required for specific apps:
;
;PHP module ldap (for LDAP integration)
;
;PHP module smbclient (SMB/CIFS integration, see SMB/CIFS)
;
;PHP module ftp (for FTP storage / external user authentication)
;
;PHP module imap (for external user authentication)
;
;PHP module bcmath (for passwordless login)
;
;PHP module gmp (for passwordless login)
;
;Recommended for specific apps (optional):
;
;PHP module gmp (for SFTP storage)
;
;PHP module exif (for image rotation in pictures app)
;
;For enhanced server performance (optional) select one of the following memcaches:
;
;PHP module apcu (>= 4.0.6)
;
;PHP module memcached
;
;PHP module redis (>= 2.2.6, required for Transactional File Locking)
;
;See Memory caching to learn how to select and configure a memcache.
;
;For preview generation (optional):
;
;PHP module imagick
;
;avconv or ffmpeg
;
;OpenOffice or LibreOffice
;
;For command line processing (optional):
;
;PHP module pcntl (enables command interruption by pressing ctrl-c)
;
;For command line updater (optional):
;
;PHP module phar (upgrades Nextcloud by running sudo -u www-data php /var/www/nextcloud/updater/updater.phar)

@ -0,0 +1,28 @@
# The port 80 host is required for renewing Let's Encrypt certificates.
<VirtualHost *:80>
ServerName {{ domain_name }}
ServerAlias *.{{ domain_name }}
ServerAdmin {{ webmaster_email }}
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/.well-known [NC]
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
DocumentRoot /var/www/maint/www
</VirtualHost>
{% if ssl_enabled %}
# The 443 host is where the project is actually served.
<VirtualHost *:443>
ServerName {{ domain_name }}
ServerAdmin {{ webmaster_email }}
DocumentRoot /var/www/{{ domain_tld }}/www
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateKeyFile /etc/letsencrypt/live/{{ domain_name }}/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem
</VirtualHost>
{% endif %}

@ -0,0 +1,23 @@
[apache_user]
comment = The name of the user that runs Apache.
value = www-data
[apache_group]
comment = The name of the group to which the Apache user is assigned.
value = www-data
[domain_name]
comment = The domain name to use for the NextCloud host.
value = cloud.example.com
[domain_tld]
comment = The domain name as a directory.
value = cloud_example_com
[webmaster_email]
comment = The webmaster's email address. Used when setting up SSL.
value = webmaster@example.com
[install_path]
comment = The path relative to document root where NextCloud will be installed.
value = /

@ -0,0 +1,2 @@
[create pg_hba.conf file]
template: pg_hba.conf /etc/postgresql/{{ pgsql_version}}/main/pg_hba.conf

@ -0,0 +1,8 @@
# TYPE DATABASE USER ADDRESS METHOD
local all postgres trust
local sameuser all md5
host all postgres ::1/128 trust
host all postgres localhost trust
host sameuser all ::1/128 md5
host sameuser all localhost md5
host sameuser all 127.0.0.1/32 md5

@ -0,0 +1,3 @@
[pgsql_version]
comment = The current version of PostgreSQL.
value = 12

@ -28,6 +28,9 @@ template: radicale.service /etc/systemd/system/radicale.service
[start the radicale service] [start the radicale service]
start: radicale start: radicale
[disable the default site]
apache.disable: default
[create the initial apache config file] [create the initial apache config file]
template: httpd.conf /etc/apache2/sites-available/{{ domain_name }}.conf template: httpd.conf /etc/apache2/sites-available/{{ domain_name }}.conf

@ -0,0 +1,2 @@
[setup restricted ssh]
template: sshd_config /etc/ssh/sshd_config

@ -0,0 +1,10 @@
Port 4894
AddressFamily inet
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server

@ -23,21 +23,21 @@ def load_variables(path):
:param path: The path to the INI file. :param path: The path to the INI file.
:type path: str :type path: str
:rtype: scripttease.lib.contexts.Context :rtype: list[scripttease.lib.contexts.Variable]
""" """
if not os.path.exists(path): if not os.path.exists(path):
log.warning("Variables file does not exist: %s" % path) log.warning("Variables file does not exist: %s" % path)
return Context() return list()
ini = RawConfigParser() ini = RawConfigParser()
try: try:
ini.read(path) ini.read(path)
except ParsingError as e: except ParsingError as e:
log.warning("Failed to parse %s variables file: %s" % (path, str(e))) log.warning("Failed to parse %s variables file: %s" % (path, str(e)))
return Context() return list()
context = Context() variables = list()
for variable_name in ini.sections(): for variable_name in ini.sections():
_value = None _value = None
kwargs = dict() kwargs = dict()
@ -48,11 +48,9 @@ def load_variables(path):
kwargs[key] = smart_cast(value) kwargs[key] = smart_cast(value)
context.add(variable_name, _value, **kwargs) variables.append(Variable(variable_name, _value, **kwargs))
context.is_loaded = True return variables
return context
# Classes # Classes
@ -100,6 +98,7 @@ class Context(object):
return d return d
class Variable(object): class Variable(object):
"""An individual variable.""" """An individual variable."""

@ -33,9 +33,9 @@ posix = {
], ],
'file': [ 'file': [
"{% if content %}cat > {{ args[0] }} << EOF\n{{ content }}\nEOF{% else %}touch {{ args[0] }}{% endif %}", "{% if content %}cat > {{ args[0] }} << EOF\n{{ content }}\nEOF{% else %}touch {{ args[0] }}{% endif %}",
"{% if mode %}&& chmod {{ mode }} {{ args[0 }}{% endif %}", "{% if mode %}&& chmod {{ mode }} {{ args[0] }}{% endif %}",
"{% if group %}&& chgrp {{ group }} {{ args[0] }}{% endif %}", "{% if group %}&& chgrp {{ group }} {{ args[0] }}{% endif %}",
"{% if owner %}&& chown{{ owner }} {{ args[0] }}{% endif %}" "{% if owner %}&& chown {{ owner }} {{ args[0] }}{% endif %}"
], ],
'link': [ 'link': [
"ln -s", "ln -s",

@ -3,7 +3,7 @@ ubuntu = {
'disable': '{% if args[0].startswith("mod_") %}a2dismod{% else %}a2dissite{% endif %} {{ args[0] }}', 'disable': '{% if args[0].startswith("mod_") %}a2dismod{% else %}a2dissite{% endif %} {{ args[0] }}',
'disable_module': "a2dissite {{ args[0] }}", 'disable_module': "a2dissite {{ args[0] }}",
'disable_site': "a2dismod {{ args[0] }}", 'disable_site': "a2dismod {{ args[0] }}",
'enable': '{% if args[0].startswith("mod_") %}a2denmod{% else %}a2ensite{% endif %} {{ args[0] }}', 'enable': '{% if args[0].startswith("mod_") %}a2enmod{% else %}a2ensite{% endif %} {{ args[0] }}',
'enable_module': "a2enmod {{ args[0] }}", 'enable_module': "a2enmod {{ args[0] }}",
'enable_site': "a2ensite {{ args[0] }}", 'enable_site': "a2ensite {{ args[0] }}",
'reload': "service apache2 reload", 'reload': "service apache2 reload",
@ -12,7 +12,7 @@ ubuntu = {
'stop': "service apache2 stop", 'stop': "service apache2 stop",
'test': "apachectl configtest", 'test': "apachectl configtest",
}, },
'install': "apt-get install -y {{ args[0] }}", 'install': "apt install -y {{ args[0] }}",
'reload': "service {{ args[0] }} reload", 'reload': "service {{ args[0] }} reload",
'restart': "service {{ args[0] }} restart", 'restart': "service {{ args[0] }} restart",
'run': "{{ args[0] }}", 'run': "{{ args[0] }}",

Loading…
Cancel
Save