This is an automated email from the ASF dual-hosted git repository.
mykolabodnar pushed a commit to branch DATALAB-2409
in repository https://gitbox.apache.org/repos/asf/incubator-datalab.git
The following commit(s) were added to refs/heads/DATALAB-2409 by this push:
new 5f241f1 [DATALAB-2409] - debian common lib refactored
5f241f1 is described below
commit 5f241f1549be7ff9dff29178f739f6c0220aa43a
Author: bodnarmykola <[email protected]>
AuthorDate: Wed Aug 11 16:33:49 2021 +0300
[DATALAB-2409] - debian common lib refactored
---
.../src/general/lib/os/debian/common_lib.py | 201 +++++++++------------
.../src/general/lib/os/debian/edge_lib.py | 11 +-
.../src/general/lib/os/debian/notebook_lib.py | 3 -
.../src/general/lib/os/fab.py | 58 ++++++
.../src/general/lib/os/redhat/common_lib.py | 26 ---
.../src/ssn/scripts/configure_mongo.py | 1 -
.../src/ssn/scripts/configure_ssn_node.py | 2 +-
7 files changed, 151 insertions(+), 151 deletions(-)
diff --git
a/infrastructure-provisioning/src/general/lib/os/debian/common_lib.py
b/infrastructure-provisioning/src/general/lib/os/debian/common_lib.py
index e62d301..04fa905 100644
--- a/infrastructure-provisioning/src/general/lib/os/debian/common_lib.py
+++ b/infrastructure-provisioning/src/general/lib/os/debian/common_lib.py
@@ -29,6 +29,7 @@ import os
import time
import subprocess
import datalab.fab
+from datalab.logger import logging
def manage_pkg(command, environment, requisites):
try:
@@ -36,52 +37,62 @@ def manage_pkg(command, environment, requisites):
counter = 0
while not allow:
if counter > 60:
- print("Notebook is broken please recreate it.")
+ logging.error("Instance is broken (app manager does not work
properly) please recreate it.")
+ traceback.print_exc()
sys.exit(1)
else:
- print('Package manager is:')
+ logging.info('Package manager is:')
if environment == 'remote':
- if datalab.fab.conn.sudo('pgrep "^apt" -a && echo "busy"
|| echo "ready"') == 'busy' or datalab.fab.conn.sudo('pgrep "^dpkg" -a && echo
"busy" || echo "ready"') == 'busy':
+ if datalab.fab.conn.sudo('pgrep "^apt" -a && echo "busy"
|| echo "ready"') == 'busy' or \
+ datalab.fab.conn.sudo('pgrep "^dpkg" -a && echo
"busy" || echo "ready"') == 'busy':
counter += 1
time.sleep(10)
else:
try:
error_parser = "frontend is locked|locked|not get
lock|unavailable"
-
- datalab.fab.conn.sudo('dpkg --configure -a 2>&1 |
tee /tmp/tee.tmp; if ! grep -w -E "({0})" /tmp/tee.tmp > '
- '/tmp/dpkg.log; then echo
"no_error" > /tmp/dpkg.log;fi'.format(error_parser))
+ datalab.fab.conn.sudo('dpkg --configure -a 2>&1 |
tee /tmp/tee.tmp; if ! '
+ 'grep -w -E "({0})"
/tmp/tee.tmp > '
+ '/tmp/dpkg.log; then echo
"no_error" > /tmp/dpkg.log;fi'.format(
+ error_parser))
err = datalab.fab.conn.sudo('cat
/tmp/dpkg.log').stdout.replace('\n','')
count = 0
while 'no_error' not in err and count < 10:
- pid = datalab.fab.conn.sudo('lsof
/var/lib/dpkg/lock-frontend | grep dpkg | awk \'{print
$2}\'').stdout.replace('\n','')
+ pid = datalab.fab.conn.sudo('lsof
/var/lib/dpkg/lock-frontend | '
+ 'grep dpkg | awk
\'{print $2}\'').stdout.replace('\n','')
if pid != '':
datalab.fab.conn.sudo('kill -9
{}'.format(pid))
datalab.fab.conn.sudo('rm -f
/var/lib/dpkg/lock-frontend')
- pid = datalab.fab.conn.sudo('lsof
/var/lib/dpkg/lock | grep dpkg | awk \'{print $2}\'').stdout.replace('\n','')
+ pid = datalab.fab.conn.sudo('lsof
/var/lib/dpkg/lock | grep '
+ 'dpkg | awk
\'{print $2}\'').stdout.replace('\n','')
if pid != '':
datalab.fab.conn.sudo('kill -9
{}'.format(pid))
datalab.fab.conn.sudo('rm -f
/var/lib/dpkg/lock')
- datalab.fab.conn.sudo('dpkg --configure -a
2>&1 | tee /tmp/tee.tmp; if ! grep -w -E "({0})" /tmp/tee.tmp > '
+ datalab.fab.conn.sudo('dpkg --configure -a
2>&1 | tee /tmp/tee.tmp; if ! grep '
+ '-w -E "({0})"
/tmp/tee.tmp > '
'/tmp/dpkg.log; then echo "no_error" >
/tmp/dpkg.log;fi'.format(error_parser))
err = datalab.fab.conn.sudo('cat
/tmp/dpkg.log').stdout
count = count + 1
-
- datalab.fab.conn.sudo('apt update 2>&1 | tee
/tmp/tee.tmp; if ! grep -w -E "({0})" /tmp/tee.tmp > '
+ datalab.fab.conn.sudo('apt update 2>&1 | tee
/tmp/tee.tmp; if ! grep '
+ '-w -E "({0})" /tmp/tee.tmp
> '
'/tmp/apt.log; then echo "no_error" >
/tmp/apt.log;fi'.format(error_parser))
err = datalab.fab.conn.sudo('cat
/tmp/apt.log').stdout
count = 0
while 'no_error' not in err and count < 10:
- pid = datalab.fab.conn.sudo('lsof
/var/lib/apt/lists/lock | grep apt | awk \'{print
$2}\'').stdout.replace('\n','')
+ pid = datalab.fab.conn.sudo('lsof
/var/lib/apt/lists/lock | grep '
+ 'apt | awk
\'{print $2}\'').stdout.replace('\n','')
if pid != '':
datalab.fab.conn.sudo('kill -9
{}'.format(pid))
datalab.fab.conn.sudo('rm -f
/var/lib/apt/lists/lock')
- datalab.fab.conn.sudo('apt update 2>&1 | tee
/tmp/tee.tmp; if ! grep -w -E "({0})" /tmp/tee.tmp > '
+ datalab.fab.conn.sudo('apt update 2>&1 | tee
/tmp/tee.tmp; if ! grep '
+ '-w -E "({0})"
/tmp/tee.tmp > '
'/tmp/apt.log; then echo "" >
/tmp/apt.log;fi'.format(error_parser))
err = datalab.fab.conn.sudo('cat
/tmp/apt.log').stdout
count = count + 1
-
- datalab.fab.conn.sudo('apt-get {0} {1} 2>&1 | tee
/tmp/tee.tmp; if ! grep -w -E "({2})" /tmp/tee.tmp > '
- '/tmp/apt-get.log; then echo "no_error" >
/tmp/apt-get.log;fi'.format(command, requisites, error_parser))
+ datalab.fab.conn.sudo('apt-get {0} {1} 2>&1 | tee
/tmp/tee.tmp; if ! grep '
+ '-w -E "({2})" /tmp/tee.tmp
> '
+ '/tmp/apt-get.log; then echo "no_error" >
/tmp/apt-get.log;fi'.format(command,
+
requisites,
+
error_parser))
err = datalab.fab.conn.sudo('cat
/tmp/apt-get.log').stdout
count = 0
while 'no_error' not in err and count < 10:
@@ -91,8 +102,11 @@ def manage_pkg(command, environment, requisites):
datalab.fab.conn.sudo('rm -f
/var/lib/apt/lists/lock')
datalab.fab.conn.sudo('rm -f
/var/cache/apt/archives/lock')
datalab.fab.conn.sudo('rm -f
/var/lib/dpkg/lock')
- datalab.fab.conn.sudo('apt-get {0} {1} 2>&1 |
tee /tmp/tee.tmp; if ! grep -w -E "({2})" /tmp/tee.tmp > '
- '/tmp/apt.log; then echo "no_error" >
/tmp/apt.log;fi'.format(command, requisites, error_parser))
+ datalab.fab.conn.sudo('apt-get {0} {1} 2>&1 |
tee /tmp/tee.tmp; if ! grep '
+ '-w -E "({2})"
/tmp/tee.tmp > '
+ '/tmp/apt.log; then echo "no_error" >
/tmp/apt.log;fi'.format(command,
+
requisites,
+
error_parser))
err = datalab.fab.conn.sudo('cat
/tmp/apt.log').stdout
count = count + 1
allow = True
@@ -100,41 +114,48 @@ def manage_pkg(command, environment, requisites):
traceback.print_exc()
append_result("Failed to manage_pkgs", str(err))
elif environment == 'local':
- if subprocess.run('sudo pgrep "^apt" -a && echo "busy" ||
echo "ready"', capture_output=True, shell=True, check=True) == 'busy':
+ if subprocess.run('sudo pgrep "^apt" -a && echo "busy" ||
echo "ready"',
+ capture_output=True, shell=True,
check=True) == 'busy':
counter += 1
time.sleep(10)
else:
allow = True
- subprocess.run('sudo apt-get {0} {1}'.format(command,
requisites), capture_output=True, shell=True, check=True)
+ subprocess.run('sudo apt-get {0} {1}'.format(command,
requisites),
+ capture_output=True, shell=True,
check=True)
else:
- print('Wrong environment')
- except:
+ logging.error('Wrong environment')
+ sys.exit(1)
+ except Exception as err:
+ logging.error('Managing packages function error:', str(err))
+ traceback.print_exc()
sys.exit(1)
-def ensure_pkg(user, requisites='linux-headers-generic python3-pip python3-dev
python3-virtualenv '
+
+def ensure_pkg(os_user, requisites='linux-headers-generic python3-pip
python3-dev python3-virtualenv '
'groff gcc vim less git wget '
'libssl-dev unattended-upgrades nmap '
'libffi-dev unzip libxml2-dev haveged'):
try:
- if not
exists(datalab.fab.conn,'/home/{}/.ensure_dir/pkg_upgraded'.format(user)):
+ if not
exists(datalab.fab.conn,'/home/{}/.ensure_dir/pkg_upgraded'.format(os_user)):
count = 0
check = False
while not check:
if count > 60:
- print("Repositories are not available. Please, try again
later.")
+ logging.error("Repositories are not available. Please, try
again later.")
sys.exit(1)
else:
try:
- print("Updating repositories "
+ logging.info("Updating repositories "
"and installing requested tools:
{}".format(requisites))
- print("Attempt number " + str(count) + " to install
requested tools. Max 60 tries.")
+ logging.info("Attempt number " + str(count) + " to
install requested tools. Max 60 tries.")
manage_pkg('update', 'remote', '')
manage_pkg('-y install', 'remote', requisites)
datalab.fab.conn.sudo('unattended-upgrades -v')
datalab.fab.conn.sudo(
- 'sed -i \'s|APT::Periodic::Unattended-Upgrade
"1"|APT::Periodic::Unattended-Upgrade "0"|\'
/etc/apt/apt.conf.d/20auto-upgrades')
+ 'sed -i \'s|APT::Periodic::Unattended-Upgrade
"1"|APT::Periodic::Unattended-Upgrade "0"|\' '
+ '/etc/apt/apt.conf.d/20auto-upgrades')
datalab.fab.conn.run('export LC_ALL=C')
- datalab.fab.conn.sudo('touch
/home/{}/.ensure_dir/pkg_upgraded'.format(user))
+ datalab.fab.conn.sudo('touch
/home/{}/.ensure_dir/pkg_upgraded'.format(os_user))
datalab.fab.conn.sudo('systemctl enable haveged')
datalab.fab.conn.sudo('systemctl start haveged')
if os.environ['conf_cloud_provider'] == 'aws':
@@ -143,119 +164,73 @@ def ensure_pkg(user, requisites='linux-headers-generic
python3-pip python3-dev p
except:
count += 1
time.sleep(50)
- except:
+ except Exception as err:
+ logging.error('Installing prerequisites packages error:', str(err))
+ traceback.print_exc()
sys.exit(1)
-def renew_gpg_key():
+def find_java_path_remote():
try:
-# if exists(conn, '/etc/apt/trusted.gpg'):
-# datalab.fab.conn.sudo('mv /etc/apt/trusted.gpg
/etc/apt/trusted.bkp')
- datalab.fab.conn.sudo('apt-key update')
- except:
+ java_path = datalab.fab.conn.sudo("sh -c \"update-alternatives --query
java | grep 'Value: ' | grep "
+ "-o
'/.*/jre'\"").stdout.replace('\n','')
+ return java_path
+ except Exception as err:
+ logging.error('Finding remote java path error:', str(err))
+ traceback.print_exc()
sys.exit(1)
-
-
-
-def find_java_path_remote():
- java_path = datalab.fab.conn.sudo("sh -c \"update-alternatives --query
java | grep 'Value: ' | grep -o '/.*/jre'\"").stdout.replace('\n','')
- return java_path
-
-
def find_java_path_local():
- java_path = subprocess.run("sh -c \"update-alternatives --query java |
grep 'Value: ' | grep -o '/.*/jre'\"", capture_output=True, shell=True,
check=True).stdout.decode('UTF-8').rstrip("\n\r")
- return java_path
+ try:
+ java_path = subprocess.run("sh -c \"update-alternatives --query java |
grep 'Value: ' | grep "
+ "-o '/.*/jre'\"", capture_output=True,
shell=True, check=True).stdout.decode(
+ 'UTF-8').rstrip("\n\r")
+ return java_path
+ except Exception as err:
+ logging.error('Finding local java path error:', str(err))
+ traceback.print_exc()
+ sys.exit(1)
-def ensure_ntpd(user, edge_private_ip=''):
+def ensure_ntpd(os_user, edge_private_ip=''):
try:
- if not
exists(datalab.fab.conn,'/home/{}/.ensure_dir/ntpd_ensured'.format(user)):
+ if not
exists(datalab.fab.conn,'/home/{}/.ensure_dir/ntpd_ensured'.format(os_user)):
datalab.fab.conn.sudo('timedatectl set-ntp no')
manage_pkg('-y install', 'remote', 'ntp ntpdate')
datalab.fab.conn.sudo('bash -c \"echo "tinker panic 0" >>
/etc/ntp.conf\"')
if os.environ['conf_resource'] != 'ssn' and
os.environ['conf_resource'] != 'edge':
- datalab.fab.conn.sudo('bash -c \"echo "server {} prefer
iburst" >> /etc/ntp.conf\"'.format(edge_private_ip))
+ datalab.fab.conn.sudo('bash -c \"echo "server {} prefer
iburst" >> /etc/ntp.conf\"'.format(
+ edge_private_ip))
datalab.fab.conn.sudo('systemctl restart ntp')
datalab.fab.conn.sudo('systemctl enable ntp')
- datalab.fab.conn.sudo('touch
/home/{}/.ensure_dir/ntpd_ensured'.format(user))
- except:
+ datalab.fab.conn.sudo('touch
/home/{}/.ensure_dir/ntpd_ensured'.format(os_user))
+ except Exception as err:
+ logging.error('Installing NTPD error:', str(err))
+ traceback.print_exc()
sys.exit(1)
-def ensure_java(user):
+def ensure_java(os_user):
try:
- if not
exists(datalab.fab.conn,'/home/{}/.ensure_dir/java_ensured'.format(user)):
- manage_pkg('-y install', 'remote', 'openjdk-8-jdk')
- datalab.fab.conn.sudo('touch
/home/{}/.ensure_dir/java_ensured'.format(user))
- except:
+ if not
exists(datalab.fab.conn,'/home/{}/.ensure_dir/java_ensured'.format(os_user)):
+ manage_pkg('-y install', 'remote', 'openjdk-8-jdk-headless')
+ datalab.fab.conn.sudo('touch
/home/{}/.ensure_dir/java_ensured'.format(os_user))
+ except Exception as err:
+ logging.error('Installing Java error:', str(err))
+ traceback.print_exc()
sys.exit(1)
-def ensure_step(user):
+def ensure_step(os_user):
try:
- if not
exists(datalab.fab.conn,'/home/{}/.ensure_dir/step_ensured'.format(user)):
+ if not
exists(datalab.fab.conn,'/home/{}/.ensure_dir/step_ensured'.format(os_user)):
manage_pkg('-y install', 'remote', 'wget')
datalab.fab.conn.sudo('wget
https://github.com/smallstep/cli/releases/download/v0.13.3/step-cli_0.13.3_amd64.deb
'
'-O /tmp/step-cli_0.13.3_amd64.deb')
datalab.fab.conn.sudo('dpkg -i /tmp/step-cli_0.13.3_amd64.deb')
- datalab.fab.conn.sudo('touch
/home/{}/.ensure_dir/step_ensured'.format(user))
+ datalab.fab.conn.sudo('touch
/home/{}/.ensure_dir/step_ensured'.format(os_user))
except:
- sys.exit(1)
-
-def install_certbot(os_family):
- try:
- print('Installing Certbot')
- if os_family == 'debian':
- datalab.fab.conn.sudo('apt-get -y update')
- datalab.fab.conn.sudo('snap install core')
- datalab.fab.conn.sudo('snap refresh core')
- datalab.fab.conn.sudo('snap install --classic certbot')
- datalab.fab.conn.sudo('ln -s /snap/bin/certbot /usr/bin/certbot')
- elif os_family == 'redhat':
- print('This OS family is not supported yet')
- except Exception as err:
- traceback.print_exc()
- print('Failed Certbot install: ' + str(err))
- sys.exit(1)
-
-def run_certbot(domain_name, node, email=''):
- try:
- print('Running Certbot')
- if node == 'ssn':
- datalab.fab.conn.sudo('service nginx stop')
- else:
- datalab.fab.conn.sudo('service openresty stop')
- if email != '':
- datalab.fab.conn.sudo('certbot certonly --standalone -n -d {}.{}
-m {} --agree-tos'.format(node, domain_name, email))
- else:
- datalab.fab.conn.sudo('certbot certonly --standalone -n -d {}.{}
--register-unsafely-without-email --agree-tos'.format(node, domain_name))
- except Exception as err:
- traceback.print_exc()
- print('Failed to run Certbot: ' + str(err))
- sys.exit(1)
-
-def configure_nginx_LE(domain_name, node):
- try:
- server_name_line =' server_name {}.{};'.format(node, domain_name)
- cert_path_line = ' ssl_certificate
/etc/letsencrypt/live/{}.{}/fullchain.pem;'.format(node, domain_name)
- cert_key_line = ' ssl_certificate_key
/etc/letsencrypt/live/{}.{}/privkey.pem;'.format(node, domain_name)
- #certbot_service = "ExecStart = /usr/bin/certbot -q renew --pre-hook
'service nginx stop' --post-hook 'service nginx start'"
- #certbot_service_path = '/lib/systemd/system/certbot.service'
- if node == 'ssn':
- nginx_config_path = '/etc/nginx/conf.d/nginx_proxy.conf'
- else:
- nginx_config_path =
'/usr/local/openresty/nginx/conf/conf.d/proxy.conf'
- datalab.fab.conn.sudo('sed -i "s|.* server_name .*|{}|"
{}'.format(server_name_line, nginx_config_path))
- datalab.fab.conn.sudo('sed -i "s|.* ssl_certificate .*|{}|"
{}'.format(cert_path_line, nginx_config_path))
- datalab.fab.conn.sudo('sed -i "s|.* ssl_certificate_key .*|{}|"
{}'.format(cert_key_line, nginx_config_path))
- #datalab.fab.conn.sudo('sed -i "s|.*ExecStart.*|{}|"
{}'.format(certbot_service, certbot_service_path))
- if node == 'ssn':
- datalab.fab.conn.sudo('systemctl restart nginx')
- else:
- datalab.fab.conn.sudo('systemctl restart openresty')
- except Exception as err:
+ logging.error('Installing step-cli error:', str(err))
traceback.print_exc()
- print('Failed to run Certbot: ' + str(err))
sys.exit(1)
diff --git a/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py
b/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py
index fb6aa14..b5ad1e6 100644
--- a/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py
+++ b/infrastructure-provisioning/src/general/lib/os/debian/edge_lib.py
@@ -23,10 +23,7 @@
import os
import sys
-from datalab.common_lib import configure_nginx_LE
-from datalab.common_lib import install_certbot
from datalab.common_lib import manage_pkg
-from datalab.common_lib import run_certbot
from fabric import *
from patchwork.files import exists
from patchwork import files
@@ -184,12 +181,12 @@ def install_nginx_lua(edge_ip, nginx_version,
keycloak_auth_server_url, keycloak
datalab.fab.conn.sudo('touch /tmp/nginx_installed')
if os.environ['conf_letsencrypt_enabled'] == 'true':
print("Configuring letsencrypt certificates.")
- install_certbot(os.environ['conf_os_family'])
+ datalab.fab.install_certbot(user)
if 'conf_letsencrypt_email' in os.environ:
- run_certbot(os.environ['conf_letsencrypt_domain_name'],
os.environ['project_name'].lower(), os.environ['conf_letsencrypt_email'])
+
datalab.fab.run_certbot(os.environ['conf_letsencrypt_domain_name'],
os.environ['project_name'].lower(), os.environ['conf_letsencrypt_email'])
else:
- run_certbot(os.environ['conf_letsencrypt_domain_name'],
os.environ['project_name'].lower())
- configure_nginx_LE(os.environ['conf_letsencrypt_domain_name'],
os.environ['project_name'].lower())
+
datalab.fab.run_certbot(os.environ['conf_letsencrypt_domain_name'],
os.environ['project_name'].lower())
+
datalab.fab.configure_nginx_LE(os.environ['conf_letsencrypt_domain_name'],
os.environ['project_name'].lower())
except Exception as err:
print("Failed install nginx with ldap: " + str(err))
sys.exit(1)
diff --git
a/infrastructure-provisioning/src/general/lib/os/debian/notebook_lib.py
b/infrastructure-provisioning/src/general/lib/os/debian/notebook_lib.py
index 66bebfb..95b8135 100644
--- a/infrastructure-provisioning/src/general/lib/os/debian/notebook_lib.py
+++ b/infrastructure-provisioning/src/general/lib/os/debian/notebook_lib.py
@@ -47,9 +47,6 @@ def enable_proxy(proxy_host, proxy_port):
datalab.fab.conn.sudo("sed -i '/^Acquire::http::Proxy/d'
/etc/apt/apt.conf")
datalab.fab.conn.sudo('''bash -c "echo 'Acquire::http::Proxy
\\"{}\\";' >> /etc/apt/apt.conf" '''.format(proxy_string))
datalab.fab.conn.sudo('''bash -c "echo 'Acquire::http::Proxy
\\"{}\\";' >> /etc/apt/apt.conf" '''.format(proxy_https_string))
-
- print("Renewing gpg key")
- renew_gpg_key()
except:
sys.exit(1)
diff --git a/infrastructure-provisioning/src/general/lib/os/fab.py
b/infrastructure-provisioning/src/general/lib/os/fab.py
index c360095..40c6c92 100644
--- a/infrastructure-provisioning/src/general/lib/os/fab.py
+++ b/infrastructure-provisioning/src/general/lib/os/fab.py
@@ -197,6 +197,64 @@ def update_hosts_file(os_user):
sys.exit(1)
+def install_certbot(os_user):
+ try:
+ if not exists(datalab.fab.conn,
'/home/{}/.ensure_dir/certbot_ensured'.format(os_user)):
+ datalab.fab.conn.sudo('snap install core')
+ datalab.fab.conn.sudo('snap refresh core')
+ datalab.fab.conn.sudo('snap install --classic certbot')
+ datalab.fab.conn.sudo('ln -s /snap/bin/certbot /usr/bin/certbot')
+ datalab.fab.conn.sudo('touch
/home/{}/.ensure_dir/certbot_ensured'.format(os_user))
+ except Exception as err:
+ logging.error('Installing Certbot error: ' + str(err))
+ traceback.print_exc()
+ sys.exit(1)
+
+
+def run_certbot(domain_name, node, email=''):
+ try:
+ if node == 'ssn':
+ datalab.fab.conn.sudo('service nginx stop')
+ else:
+ datalab.fab.conn.sudo('service openresty stop')
+ if email != '':
+ datalab.fab.conn.sudo('certbot certonly --standalone -n -d {}.{}
-m {} --agree-tos'.format(node,
+
domain_name,
+
email))
+ else:
+ datalab.fab.conn.sudo('certbot certonly --standalone -n -d {}.{}
--register-unsafely-without-email '
+ '--agree-tos'.format(node, domain_name))
+ except Exception as err:
+ logging.error('Running Certbot error:', str(err))
+ traceback.print_exc()
+ sys.exit(1)
+
+
+def configure_nginx_LE(domain_name, node):
+ try:
+ server_name_line =' server_name {}.{};'.format(node, domain_name)
+ cert_path_line = ' ssl_certificate
/etc/letsencrypt/live/{}.{}/fullchain.pem;'.format(node, domain_name)
+ cert_key_line = ' ssl_certificate_key
/etc/letsencrypt/live/{}.{}/privkey.pem;'.format(node, domain_name)
+ #certbot_service = "ExecStart = /usr/bin/certbot -q renew --pre-hook
'service nginx stop' --post-hook 'service nginx start'"
+ #certbot_service_path = '/lib/systemd/system/certbot.service'
+ if node == 'ssn':
+ nginx_config_path = '/etc/nginx/conf.d/nginx_proxy.conf'
+ else:
+ nginx_config_path =
'/usr/local/openresty/nginx/conf/conf.d/proxy.conf'
+ datalab.fab.conn.sudo('sed -i "s|.* server_name .*|{}|"
{}'.format(server_name_line, nginx_config_path))
+ datalab.fab.conn.sudo('sed -i "s|.* ssl_certificate .*|{}|"
{}'.format(cert_path_line, nginx_config_path))
+ datalab.fab.conn.sudo('sed -i "s|.* ssl_certificate_key .*|{}|"
{}'.format(cert_key_line, nginx_config_path))
+ #datalab.fab.conn.sudo('sed -i "s|.*ExecStart.*|{}|"
{}'.format(certbot_service, certbot_service_path))
+ if node == 'ssn':
+ datalab.fab.conn.sudo('systemctl restart nginx')
+ else:
+ datalab.fab.conn.sudo('systemctl restart openresty')
+ except Exception as err:
+ logging.error('Configuring Nginx Let’s Encrypt certs error:', str(err))
+ traceback.print_exc()
+ sys.exit(1)
+
+
# functions for all computation resources
def ensure_python_venv(python_venv_version):
try:
diff --git
a/infrastructure-provisioning/src/general/lib/os/redhat/common_lib.py
b/infrastructure-provisioning/src/general/lib/os/redhat/common_lib.py
index 15d51c5..db11e20 100644
--- a/infrastructure-provisioning/src/general/lib/os/redhat/common_lib.py
+++ b/infrastructure-provisioning/src/general/lib/os/redhat/common_lib.py
@@ -134,30 +134,4 @@ def ensure_step(user):
datalab.fab.conn.sudo('mv /tmp/step_0.13.3/bin/step /usr/bin/')
datalab.fab.conn.sudo('touch
/home/{}/.ensure_dir/step_ensured'.format(user))
except:
- sys.exit(1)
-
-def install_certbot(os_family):
- try:
- print('Installing Certbot')
- print('Redhat is not supported yet. Skipping....')
- except Exception as err:
- traceback.print_exc()
- print('Failed Certbot install: ' + str(err))
- sys.exit(1)
-
-def run_certbot(domain_name, email=''):
- try:
- print('Running Certbot')
- print('Redhat is not supported yet. Skipping....')
- except Exception as err:
- traceback.print_exc()
- print('Failed to run Certbot: ' + str(err))
- sys.exit(1)
-
-def configure_nginx_LE(domain_name):
- try:
- print('Redhat is not supported yet. Skipping....')
- except Exception as err:
- traceback.print_exc()
- print('Failed to run Certbot: ' + str(err))
sys.exit(1)
\ No newline at end of file
diff --git a/infrastructure-provisioning/src/ssn/scripts/configure_mongo.py
b/infrastructure-provisioning/src/ssn/scripts/configure_mongo.py
index 9724733..c0d7f2f 100644
--- a/infrastructure-provisioning/src/ssn/scripts/configure_mongo.py
+++ b/infrastructure-provisioning/src/ssn/scripts/configure_mongo.py
@@ -34,7 +34,6 @@ outfile = "/etc/mongo_params.yml"
parser = argparse.ArgumentParser()
parser.add_argument('--datalab_path', type=str, default='')
-# parser.add_argument('--mongo_parameters', type=str, default='')
args = parser.parse_args()
diff --git a/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py
b/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py
index 5f02d83..03ef2f7 100644
--- a/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py
+++ b/infrastructure-provisioning/src/ssn/scripts/configure_ssn_node.py
@@ -253,7 +253,7 @@ if __name__ == "__main__":
if os.environ['conf_letsencrypt_enabled'] == 'true':
print("Configuring letsencrypt certificates.")
- install_certbot(os.environ['conf_os_family'])
+ install_certbot(args.os_user)
if 'conf_letsencrypt_email' in os.environ:
run_certbot(os.environ['conf_letsencrypt_domain_name'], 'ssn',
os.environ['conf_letsencrypt_email'])
else:
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
