mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-21 07:55:00 +00:00
f1e764f2e5
- add exmachina code and test code - modify plinth.py to listen for shared secret on stdin at start (if appropriate flag is set) and try to connect to exmachina daemon - use exmachina to read and set /etc/hostname as a demo - update plinth init.d script to start exmachina and share keys - update docs with new deps and run instructions
227 lines
6.8 KiB
Python
227 lines
6.8 KiB
Python
#!/usr/bin/env python
|
|
|
|
# This is the fabric file I've been using to deploy things on my box
|
|
# and my freedombox.
|
|
#
|
|
# fab install should take you from base freedom-maker install to
|
|
# plinth box
|
|
|
|
import os,sys, subprocess
|
|
import simplejson as json
|
|
import fabric.api
|
|
from fabric.api import local, env, cd, put, get, task
|
|
|
|
import cfg
|
|
|
|
fb_ip = "10.5.53.155"
|
|
|
|
BINDIR = "/usr/local/bin"
|
|
|
|
# defaults
|
|
env.user = 'root'
|
|
|
|
@task
|
|
def fb():
|
|
"Use this to set host to our freedombox (e.g.: fab fb deploy)"
|
|
env.hosts = [fb_ip]
|
|
|
|
@task
|
|
def all_hosts():
|
|
"Use this to set host to both localhost and freedombox"
|
|
env.hosts = ["localhost", "192.168.2.115"]
|
|
|
|
def remote_dir():
|
|
if env.host == fb_ip:
|
|
return "/usr/local/share/plinth"
|
|
else:
|
|
return "/home/james/src/plinth"
|
|
|
|
def run(*args, **kwargs):
|
|
if env.host == "localhost" or env.host=="127.0.0.1":
|
|
return local(*args, **kwargs)
|
|
else:
|
|
return fabric.api.run(*args, **kwargs)
|
|
|
|
def sudo(*args, **kwargs):
|
|
if env.host == "localhost" or env.host=="127.0.0.1":
|
|
return run("sudo %s" % args[0], *args[1:], **kwargs)
|
|
elif env.user == "root":
|
|
return run(*args, **kwargs)
|
|
else:
|
|
return fabric.api.sudo(*args, **kwargs)
|
|
|
|
@task
|
|
def get_remote_data_dir():
|
|
with cd(remote_dir()):
|
|
data_dir = run('python -c "import cfg; print cfg.data_dir"')
|
|
env.remote_data_dir = os.path.join(remote_dir(), data_dir)
|
|
sudo('mkdir -p %s' % env.remote_data_dir)
|
|
return env.remote_data_dir
|
|
|
|
@task
|
|
def move_data():
|
|
"Move install's data dir to where cfg specifies it should be"
|
|
get_remote_data_dir()
|
|
with cd(remote_dir()):
|
|
sudo('mv data %s' % os.path.split(env.remote_data_dir)[0])
|
|
|
|
@task
|
|
def make():
|
|
"Run the makefile, which generates docs and templates"
|
|
with cd(remote_dir()):
|
|
sudo('make')
|
|
|
|
def make_link_unless_exists(src, dest):
|
|
sudo('test -f %s || ln -s %s %s' % (dest, src, dest))
|
|
|
|
def link(src, dest):
|
|
sudo('ln -fs %s %s' % (src, dest))
|
|
|
|
@task
|
|
def santiago():
|
|
"Setup the Santiago port"
|
|
santiago_port = 52854
|
|
sudo('ifconfig lo up') # or else tor start fails
|
|
sudo('apt-get install -y --no-install-recommends tor curl ntp')
|
|
|
|
# tor needs accurate clock
|
|
sudo('date -s "%s"' % subprocess.check_output("date").rstrip())
|
|
|
|
# create tor hidden service dir
|
|
santiago_dir = os.path.join(get_remote_data_dir(), "santiago", "tor")
|
|
tor_dir = os.path.join(santiago_dir, "general")
|
|
sudo("mkdir -p " + tor_dir)
|
|
sudo("chown debian-tor:debian-tor " + tor_dir)
|
|
|
|
# ensure hidden service config is in torrc
|
|
local("rm -rf __fab__torrc")
|
|
get("/etc/tor/torrc", "__fab__torrc")
|
|
with open ("__fab__torrc", 'r') as INF:
|
|
rc = INF.read()
|
|
local("rm -rf __fab__torrc")
|
|
hidden_service_config = "HiddenServiceDir %s\nHiddenServicePort 80 127.0.0.1:%d" % (tor_dir, santiago_port)
|
|
if not hidden_service_config in rc:
|
|
sudo("echo '%s' >> /etc/tor/torrc" % hidden_service_config)
|
|
|
|
sudo('service tor restart')
|
|
|
|
def backslash_path(f):
|
|
if not f.startswith('/'):
|
|
f = os.path.abs(f)
|
|
if f == '/':
|
|
return ''
|
|
path, ret = os.path.split(f)
|
|
return backslash_path(path) + '\/' + ret
|
|
|
|
@task
|
|
def apache():
|
|
"configure apache to find reverse proxy for plinth"
|
|
sudo('apt-get install --no-install-recommends -y apache2 libapache2-mod-proxy-html apache2-utils openssl ssl-cert')
|
|
sudo('a2enmod proxy_http rewrite ssl')
|
|
sudo('touch /var/log/apache2/rewrite.log')
|
|
|
|
## ssl key and cert
|
|
ssl_target = "/etc/apache2/ssl/apache.pem"
|
|
sudo('mkdir -p %s' % os.path.split(ssl_target)[0])
|
|
sudo('test -f %s || echo "US\nNY\nNYC\nFBox\n\n\n" | openssl req -new -x509 -days 999 -nodes -out %s -keyout %s' % (ssl_target, ssl_target, ssl_target))
|
|
|
|
conf_path = os.path.join(remote_dir(), "share/apache2/plinth.conf")
|
|
sudo("mkdir -p " + os.path.split(conf_path)[0])
|
|
sudo("touch "+ conf_path)
|
|
sudo(r"sed -i 's/\(\s*\)DocumentRoot.*/\1DocumentRoot %s/g' %s" % (
|
|
backslash_path(os.path.join(remote_dir(), "static")),
|
|
conf_path))
|
|
link(conf_path, "/etc/apache2/sites-enabled/plinth.conf")
|
|
sudo('rm -f /etc/apache2/sites-enabled/000-default')
|
|
sudo('service apache2 restart')
|
|
|
|
@task
|
|
def deps():
|
|
"Basic plinth dependencies"
|
|
sudo('apt-get install --no-install-recommends -y python make python-cheetah pandoc python-simplejson python-pyme python-augeas python-bjsonrpc')
|
|
|
|
@task
|
|
def update():
|
|
"Copy modified git-tracked files from this branch to remote"
|
|
|
|
with cd(remote_dir()):
|
|
|
|
## Get .fab contents
|
|
sudo("touch .fab")
|
|
fab = run("cat .fab")
|
|
if not fab:
|
|
fab = {}
|
|
|
|
## Make list of files to put
|
|
try:
|
|
fab = json.loads(fab)
|
|
except:
|
|
fab={}
|
|
branch = [a[2:] for a in local("git branch", capture=True).split("\n") if a.startswith('*')][0]
|
|
files = local("git ls-tree -r --name-only %s" % branch, capture=True).split("\n")
|
|
else:
|
|
files = local("git diff --stat " + fab['last_update_from_commit'], capture=True).split("\n")[:-1]
|
|
files = [f.lstrip().split("|")[0].rstrip() for f in files]
|
|
|
|
## Put the files, one by one, respecting directories
|
|
dirs = {}
|
|
for pathspec in files:
|
|
d,fname = os.path.split(pathspec)
|
|
if not d in dirs.keys():
|
|
dirs[d]=[]
|
|
dirs[d].append(pathspec)
|
|
if dirs:
|
|
sudo('mkdir -p %s' % ' '.join([os.path.join(remote_dir(), d) for d in dirs.keys()]))
|
|
for d in dirs:
|
|
for f in dirs[d]:
|
|
if os.path.islink(f):
|
|
linked = local("ls -l %s" % f, capture=True).split("-> ")[1]
|
|
#link(os.path.join(remote_dir(), linked), os.path.join(remote_dir(), d, os.path.basename(f)))
|
|
put(f, os.path.join(remote_dir(), d),mirror_local_mode=True)
|
|
if f.endswith(".py"):
|
|
run("rm -f " + os.path.join(remote_dir(), d, os.path.basename)+"c")
|
|
|
|
## restart
|
|
make()
|
|
sudo('/etc/init.d/plinth restart')
|
|
|
|
## Record activity so we only put changed files next time
|
|
commit = local("git log -n 1", capture=True).split("\n")[0].split(" ")[1]
|
|
fab['last_update_from_commit'] = commit
|
|
with open(".fab", 'w') as OUTF:
|
|
OUTF.write(json.dumps(fab))
|
|
put(".fab", os.path.join(remote_dir(),".fab"))
|
|
local("rm -f .fab")
|
|
|
|
@task
|
|
def link_bin():
|
|
"Link executable and init.d script"
|
|
# todo: set daemon to point to currect binary
|
|
sudo('rm -rf ' + os.path.join(BINDIR, 'plinth.py'))
|
|
link(os.path.join(remote_dir(), "plinth.py"), os.path.join(BINDIR, 'plinth.py'))
|
|
sudo('rm -rf /etc/init.d/plinth')
|
|
link(os.path.join(remote_dir(), "share/init.d/plinth"), "/etc/init.d/plinth")
|
|
|
|
@task
|
|
def restart():
|
|
"Run plinth"
|
|
run('/etc/init.d/plinth restart')
|
|
@task
|
|
def stop():
|
|
"Stop plinth"
|
|
run('/etc/init.d/plinth stop')
|
|
|
|
@task
|
|
def proxy():
|
|
put("proxy_up.py", remote_dir())
|
|
|
|
@task
|
|
def deploy():
|
|
"Deploy plinth"
|
|
deps()
|
|
link_bin()
|
|
santiago()
|
|
update()
|
|
apache()
|
|
|