citizenrich/kazoo_install_fabfile.py

## kazoo_install_fabfile.py
from fabric.api import *
#works on centos 6.7 64-bit digitalocean.com droplet
env.hosts = ['XXX.XXX.XXX.XXX']
env.user = 'root'
home = '/opt/kazoo_install'
repo = '/opt/kazoo_install/community-scripts/simple-installer'

def iptables():
    run('iptables -F')
    run('iptables -X')
    run('iptables -A INPUT -p tcp --dport 22 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT')
    run('iptables -P INPUT DROP')
    run('iptables -P FORWARD DROP')
    run('iptables -P OUTPUT ACCEPT')
    run('iptables -A INPUT -p tcp --dport 80 -j ACCEPT')
    run('iptables -A INPUT -p tcp --dport 443 -j ACCEPT')
    run('iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT')
    run('iptables -A INPUT -p tcp --dport 5060 -j ACCEPT')
    run('iptables -A INPUT -p tcp --dport 7000 -j ACCEPT')
    run('iptables -A INPUT -p udp --dport 5060 -j ACCEPT')
    run('iptables -A INPUT -p udp --dport 7000 -j ACCEPT')
    run('iptables -A INPUT -i lo -j ACCEPT')
    run('iptables -A INPUT -s %(host)s -j ACCEPT' %env)
    run('iptables -A INPUT -p tcp --dport 15984 -j DROP')
    run('iptables -A INPUT -p tcp --dport 15986 -j DROP')
    run('iptables -A INPUT -p tcp --dport 8000 -j ACCEPT')
    run('iptables -A INPUT -p tcp --dport 8443 -j ACCEPT')
    run('iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT')
    run('iptables -A INPUT -s 10.0.0.0/8 -j DROP')
    run('iptables -A INPUT -s 172.16.0.0/12 -j DROP')
    run('iptables -A INPUT -s 192.168.0.0/16 -j DROP')
    run('iptables -A INPUT -s 224.0.0.0/4 -j DROP')
    run('iptables -A INPUT -s 240.0.0.0/5 -j DROP')
    run('iptables -A INPUT -s 0.0.0.0/8 -j DROP')
    run('iptables -A INPUT -s 169.254.0.0/16 -j DROP')
    run('iptables -A INPUT -s 127.0.0.0/8 -j DROP')
    run('iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/sec -j ACCEPT')
    run('iptables -A INPUT -p tcp --syn -m limit --limit 5/s -j ACCEPT')
    run('iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level debug')
    run('iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited')
    run('iptables-save > /etc/sysconfig/iptables')
    run('iptables -L -v')

def begin():
    env.warn_only = True
    run('yum -yq install git')
    run('mkdir /opt/kazoo_install')

def clone():
    with cd(home):
        env.warn_only = True
        run('rm -rf community-scripts')
        run('git clone -q https://github.com/2600hz/community-scripts.git')

def prepare():
    with cd(repo):
        env.warn_only = True
        run('chmod +x setup*')
        run('chmod +x install*')
        run('cp * /opt/kazoo_install')
        run('./install_kazoo')

def install():
    with cd(home):
        run('./install_kazoo')
	from fabric.api import *
	#works on centos 6.7 64-bit digitalocean.com droplet
	env.hosts = ['XXX.XXX.XXX.XXX']
	env.user = 'root'
	home = '/opt/kazoo_install'
	repo = '/opt/kazoo_install/community-scripts/simple-installer'

	def iptables():
	run('iptables -F')
	run('iptables -X')
	run('iptables -A INPUT -p tcp --dport 22 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT')
	run('iptables -P INPUT DROP')
	run('iptables -P FORWARD DROP')
	run('iptables -P OUTPUT ACCEPT')
	run('iptables -A INPUT -p tcp --dport 80 -j ACCEPT')
	run('iptables -A INPUT -p tcp --dport 443 -j ACCEPT')
	run('iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT')
	run('iptables -A INPUT -p tcp --dport 5060 -j ACCEPT')
	run('iptables -A INPUT -p tcp --dport 7000 -j ACCEPT')
	run('iptables -A INPUT -p udp --dport 5060 -j ACCEPT')
	run('iptables -A INPUT -p udp --dport 7000 -j ACCEPT')
	run('iptables -A INPUT -i lo -j ACCEPT')
	run('iptables -A INPUT -s %(host)s -j ACCEPT' %env)
	run('iptables -A INPUT -p tcp --dport 15984 -j DROP')
	run('iptables -A INPUT -p tcp --dport 15986 -j DROP')
	run('iptables -A INPUT -p tcp --dport 8000 -j ACCEPT')
	run('iptables -A INPUT -p tcp --dport 8443 -j ACCEPT')
	run('iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT')
	run('iptables -A INPUT -s 10.0.0.0/8 -j DROP')
	run('iptables -A INPUT -s 172.16.0.0/12 -j DROP')
	run('iptables -A INPUT -s 192.168.0.0/16 -j DROP')
	run('iptables -A INPUT -s 224.0.0.0/4 -j DROP')
	run('iptables -A INPUT -s 240.0.0.0/5 -j DROP')
	run('iptables -A INPUT -s 0.0.0.0/8 -j DROP')
	run('iptables -A INPUT -s 169.254.0.0/16 -j DROP')
	run('iptables -A INPUT -s 127.0.0.0/8 -j DROP')
	run('iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/sec -j ACCEPT')
	run('iptables -A INPUT -p tcp --syn -m limit --limit 5/s -j ACCEPT')
	run('iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level debug')
	run('iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited')
	run('iptables-save > /etc/sysconfig/iptables')
	run('iptables -L -v')

	def begin():
	env.warn_only = True
	run('yum -yq install git')
	run('mkdir /opt/kazoo_install')

	def clone():
	with cd(home):
	env.warn_only = True
	run('rm -rf community-scripts')
	run('git clone -q https://github.com/2600hz/community-scripts.git')

	def prepare():
	with cd(repo):
	env.warn_only = True
	run('chmod +x setup*')
	run('chmod +x install*')
	run('cp * /opt/kazoo_install')
	run('./install_kazoo')

	def install():
	with cd(home):
	run('./install_kazoo')