Open main menu

CDOT Wiki β

Changes

OPS435 Python3 Lab 8

6,091 bytes removed, 15:32, 4 July 2020
no edit summary
</source>
== Part 2: Set up more administrative tasks== :Let's pretend that we need collect the disk usage on several machines so that we can plan Create remote task for storage maintenance. We'll set up a simple example of such a deployment here. updating rpm packages === Getting the disk usage on remote worker === :Add a getDiskUsage() new function called "updatePackage" to your fabfile.py fileaccording to the following requirements::* Accept optional function argument as the rpm package name:<source lang="python"># * If no function argument was given when called, default to get all the disk usage on remote workerpackages installeddef getDiskUsage(): The output of the updatePackage when executed, should produce similar output as shown below: current_time :# Update a single package:<source lang= run('datebash')> diskusage = run('df -H') header = 'Current Disk Usage at '+current_time print(header) print(diskusage)fab updatePackage:tree
</source>
: Sample output:<source lang='bash'>
[raymond.chan@mtrx-node05pd lab8]$ fab updatePackage:tree
[myvmlab.senecacollege.ca] Executing task 'updatePackage'
[myvmlab.senecacollege.ca] sudo: yum update tree -y
[myvmlab.senecacollege.ca] out: sudo password:
[myvmlab.senecacollege.ca] out: Loaded plugins: fastestmirror
[myvmlab.senecacollege.ca] out: Loading mirror speeds from cached hostfile
[myvmlab.senecacollege.ca] out: * base: less.cogeco.net
[myvmlab.senecacollege.ca] out: * extras: centos.mirror.ca.planethoster.net
[myvmlab.senecacollege.ca] out: * updates: less.cogeco.net
[myvmlab.senecacollege.ca] out: No packages marked for update
[myvmlab.senecacollege.ca] out:
Loaded plugins:Note that each call to "run()" will run a command on the worker. In this function we get the date/time of the remote work, and then get the disk usage. The print() function print out both the values returned. :If you try to run it the same way as before: <pre>$ fab --fabfile=fabfile.py -H 192.168.122.169 getDiskUsage</pre> :You should get the following output:<source lang="bash">fastestmirror[rchan@centos7 lab8]$ fab --fabfile=fabfile.py -H 192.168.122.169 getDiskUsageLoading mirror speeds from cached hostfile[192.168.122.169] Executing task 'getDiskUsage'[192.168.122.169] run: date[192.168.122.169] out: Sun Nov 10 13:17:16 EST 2019[192.168.122.169] out:  [192.168.122.169] run: df -H[192.168.122.169] out: Filesystem Size Used Avail Use% Mounted on[192.168.122.169] out: devtmpfs 947M 0 947M 0% /dev[192.168.122.169] out* base: tmpfs 964M 0 964M 0% /dev/shm[192.168.122less.169] out: tmpfs 964M 9cogeco.7M 954M 2% /runnet[192.168.122.169] out: tmpfs 964M 0 964M 0% /sys/fs/cgroup[192.168.122.169] out* extras: /dev/mapper/centos-root 7.7G 5.6G 2.1G 73% /[192.168mirror.122ca.169] out: /dev/vda1 1planethoster.1G 298M 766M 29% /bootnet[192.168.122.169] out: tmpfs 193M 17k 193M 1% /run/user/42[192.168.122.169] out* updates: tmpfs 193M 0 193M 0% /run/user/1000[192.168less.122cogeco.169] out: net Current Disk Usage at Sun Nov 10 13:17:16 EST 2019Filesystem Size Used Avail Use% Mounted ondevtmpfs 947M 0 947M 0% /devtmpfs 964M 0 964M 0% /dev/shmtmpfs 964M 9.7M 954M 2% /runtmpfs 964M 0 964M 0% /sys/fs/cgroup/dev/mapper/centos-root 7.7G 5.6G 2.1G 73% //dev/vda1 1.1G 298M 766M 29% /boottmpfs 193M 17k 193M 1% /run/user/42tmpfs 193M 0 193M 0% /run/user/1000No packages marked for update
Done.
Disconnecting from 192myvmlab.168senecacollege.122.169ca:7211... done.</source> === Update all the rpm packages on remote worker ===:Let's pretend that we need to update software packages installed on several machines due to security patches[raymond. Let's name the task as 'performSoftwareUpdate()':<source lang="python"># to perform software update on remote workerdef performSoftwareUpdate(): status = run('yum update chan@mtrx-y') print(status)</source>: Do a syntax check with the "fab -l" command.: When you try to run it the same way as before, you encounter some issue as shown below:<source lang="bash">[rchan@centos7 node05pd lab8]$ fab --fabfile=fabfile.py -H 192.168.122.169 performSoftwareUpdate[192.168.122.169] Executing task 'performSoftwareUpdate'[192.168.122.169] run: yum update -y[192.168.122.169] out: Loaded plugins: fastestmirror, langpacks[192.168.122.169] out: You need to be root to perform this command.[192.168.122.169] out:   Fatal error: run() received nonzero return code 1 while executing! Requested: yum update -yExecuted: /bin/bash -l -c "yum update -y" Aborting.Disconnecting from 192.168.122.169... done.</source>: As you already know, you need superuser privilege in order to perform software update on a Linux system. There are two ways to do it on Fabric. The first one is simple. Edit you fabfile.py and change the env.user line as shown below:<source lang="python"> env.user = 'root' 
</source>
: Save the fabfile2.py with the change and run it again.: If you see the password prompt again, make sure that you can ssh from your controller as a regular user to your worker vm as root without password.: The other way is to replace Update all the run() function calls for commands that need superuser privilege by the sudo() function calls in your fabfile.py. You are asked to investigate this in the final investigation of this lab. == Part 3: Setting and Checking Security Configuration == : Recall that in our OPS courses we've been using iptables instead of firewalld, which is installed by default in CentOS. Let's make sure that our workers have that set up as well. In the same '''fabfile.py''' you've been using all along, add a new function like this: package: <source lang="python"'bash'># Will uninstall firewalld and replace it with iptablesdef setupFirewall()fab updatePackage: run("yum -y -d1 remove firewalld") run("yum -y -d1 install iptables-services") run("systemctl enable iptables") run("systemctl start iptables")
</source>
: The following output had been trimmed, only showing the first few lines:<source lang='bash'>
[myvmlab.senecacollege.ca] Executing task 'updatePackage'
[myvmlab.senecacollege.ca] sudo: yum update -y
...
: That should by now look pretty obvious. On the worker you're going to uninstall firewalld, install iptables, and make sure that the iptables service is running.
 
: Execute the function for worker1 and double-check that it worked.
: <font color='red'>'''**Warning**''' </font>Do not do this on your vm on myvmlab. If you do, you may lock yourself out for good.
 
=== Check firewall configuration ===
: To check your firewall configuration your remote worker, you can retrieve its current configuration by creating another Fabric task called "getFirewallConfigure(). Let's put the following code to your fabfile.py:<source lang="python">
def getFirewallConfig():
fw_config = run("iptables -L -n -v")
print(fw_config)
</source>
: Try to run the getFirewallConfig() task the same way as before.: Troubleshoot if you encounter any issue. = INVESTIGATION 3Lab Exercise: Multiplying your work = : After completing all the previous parts of the lab - you should have Create a working fabfile.py with three working functions: getDiskUsage(), performSoftwareUpdateFabric task called makeUser() and getFirewallConfig(). '''** Optional **'''You were asked to test them on worker1. Now let's run these three functions on all your workers at the same time. The command is almost the same, except for the list of IP addresses: <source lang="bash">fab --fabfile=fabfile.py -H 192.168.122.169,192.168.122.170,192.168.122.171,192.168.122.172 getDiskUsage</source> : Again - your IP addresses will be different but Study the command will be the same. : You can also Fabric API run all three tasks on all the workers at the same time, by adding any task to your fabfile.py:<source lang="python">def doAllThree(): getDiskUsage() getFirewallConfig() performSoftwareUpdate()</source>: And run the following command on your controller: <source lang="bash">fab --fabfile=fabfile.py -H 192.168.122.169,192.168.122.170,192.168.122.171,192.168.122.172 doAllThree</source> And imagine that you might have 10 tasks to be done on 10, 50, 100 servers - could you do it without the automation? = INVESTIGATION 4 - Apply fabfile.py to your VM on myvmlab === Replace run() function calls with sudo() ==: Since your account on your vm on myvmlab is a regular user with sudo privilege. You need to make the following changes to your fabfile.py before applying it to your vm on myvmlab::* Change env.user from 'root' to your account on your vm in myvmlab.:* Change all the commands that need super user privilege from calling the run, and put() function to instead calling the sudo() function. Here is an example on replacing run() with sudo():<source lang="python"> def getFirewallConfig(): fw_config = sudo("iptables -L -n -v") print(fw_config)</source> : Test your updated fabfile.py until you get the same result as when you apply it and utilize them to your own worker VM. == Create create a Fabric new task called makeUser() ==
: The makeUser() function should perform the following:
::* create a new user called "ops435p" with home directory "/home/ops435p".::* add it to the sudo group called "wheel". ::* add ask your professor's for a ssh public key and add it to the file named "authorized_keys" in the ~ops435p/.ssh directory. Make sure that you set the proper permissions on both the directory ~ops435p/.ssh and the file "~ops435p/.ssh/authorized_keys.
:Add the makeUser() to your final version of fabfile.py.
:Test Run the new task makeUser() on your local VM first, and deploy to your vm on myvmlab.:After the successful deployment of the Verify and confirm that your new makeUser() task on your vm on myvmlab, ask your professor to verify and confirm that the new user account "ops435p" on myvmlab has been created is working correctly.
= LAB 8 SIGN-OFF (SHOW INSTRUCTOR) =
:'''Have Ready to Show Your Instructor:'''* Complete all the parts of the lab and upload the version of your fabfile.py which works on your vm on myvmlab to Blackboardby the due date.
[[Category:OPS435-Python]]
1,760
edits