CloudyScripts 0.0.1

data/LICENSE

@@ -0,0 +1,4 @@
+== CloudyScriptLibrary
+
+sdsds
+Put appropriate LICENSE for your project here.

data/README

@@ -0,0 +1 @@
+Scripts to facilitate programming for infrastructure clouds

data/Rakefile

@@ -0,0 +1,50 @@
+# 
+# To change this template, choose Tools | Templates
+# and open the template in the editor.
+ 
+
+require 'rubygems'
+require 'rake'
+require 'rake/clean'
+require 'rake/gempackagetask'
+require 'rake/rdoctask'
+require 'rake/testtask'
+
+spec = Gem::Specification.new do |s|
+  s.name = 'CloudyScripts'
+  s.version = '0.0.1'
+  s.has_rdoc = true
+  s.extra_rdoc_files = ['README', 'LICENSE']
+  s.summary = 'Scripts to facilitate programming for infrastructure clouds.'
+  s.description = s.summary
+  s.homepage = "http://elastic-security.com"
+  s.rubyforge_project = "cloudyscripts"
+  s.author = 'Matthias Jung'
+  s.email = 'matthias.jung@gmail.com'
+  # s.executables = ['your_executable_here']
+  s.files = %w(LICENSE README Rakefile) + Dir.glob("{bin,lib,spec}/**/*")
+  s.require_path = "lib"
+  s.bindir = "bin"
+  s.has_rdoc = true
+  s.add_dependency("amazon-ec2")
+  s.add_dependency("net-ssh")
+end
+
+Rake::GemPackageTask.new(spec) do |p|
+  p.gem_spec = spec
+  p.need_tar = true
+  p.need_zip = true
+end
+
+Rake::RDocTask.new do |rdoc|
+  files =['README', 'LICENSE', 'lib/**/*.rb']
+  rdoc.rdoc_files.add(files)
+  rdoc.main = "README" # page to start on
+  rdoc.title = "CloudyScripts Docs"
+  rdoc.rdoc_dir = 'doc/rdoc' # rdoc output folder
+  rdoc.options << '--line-numbers'
+end
+
+Rake::TestTask.new do |t|
+  t.test_files = FileList['test/**/*.rb']
+end

data/lib/cloudyscripts.rb

@@ -0,0 +1,28 @@
+require 'rubygems'
+require 'net/ssh'
+require 'AWS'
+
+require "../test/mock/mocked_ec2_api"
+require "../test/mock/mocked_remote_command_handler"
+
+require "scripts/ec2/dm_encrypt"
+
+rch = MockedRemoteCommandHandler.new
+ec2 = MockedEc2Api.new
+
+params = {
+  :remote_command_handler => rch,
+  :ec2_api_handler => ec2,
+  :password => "password",
+  :ip_address => "127.0.0.1",
+  :ssh_key_file => "/Users/mats/.ssh",
+  :device => "/dev/sdh",
+  :device_name => "device-vol-i-12345"
+}
+script = DmEncrypt.new(params)
+script.start_script()
+if script.get_execution_result[:failed] == nil || script.get_execution_result[:failed]
+  puts "script failed: #{script.get_execution_result[:failure_reason]}"
+end
+
+puts "done"

data/lib/help/dm_crypt_helper.rb

@@ -0,0 +1,172 @@
+require 'lib/ssh_api'
+
+class DmCryptHelper
+
+  def set_ssh(ssh_session)
+    @ssh_session = ssh_session
+  end
+
+  def install()
+    #TODO: dm-crypt seems to be installed automatically
+    true
+  end
+
+  def tools_installed?()
+    @ssh_session.exec! "which dmsetup" do |ch, stream, data|
+      if stream == :stderr
+        return false
+      end
+    end
+    @ssh_session.exec! "which cryptsetup" do |ch, stream, data|
+      if stream == :stderr
+        return false
+      end
+    end
+    #TODO: check also that "/dev/mapper /dev/mapper/control" exist
+    true
+  end
+
+  def encrypt_storage(name, password, device, path)
+    # first: check if a file in /dev/mapper exists
+    if SshApi.file_exists?(@ssh_session, "/dev/mapper/dm-#{name}")
+      mapper_exists = true
+    else
+      mapper_exists = false
+    end
+    puts "mapper exists = #{mapper_exists}"
+    exec_string = "cryptsetup create dm-#{name} #{device}"
+    if !mapper_exists
+      #mapper does not exist, create it
+      channel = @ssh_session.open_channel do |ch|
+        ch.send_data("#{password}\n")
+        puts "execute #{exec_string}"
+        ch.exec exec_string do |ch, success|
+          puts "success = #{success}"
+          if !success
+            err = "Failed during creation of encrypted partition"
+            #puts "#{err}: #{data}"
+            raise Exception.new(err)
+          end
+        end
+      end
+      channel.wait
+    end
+    # now mapper is created
+    # second: check if pvscan sucessful
+    pv_exists = false
+    @ssh_session.exec! "/sbin/pvscan" do |ch, stream, data|
+      if stream == :stdout
+        if data.include?("vg-#{name}")
+          pv_exists = true
+        else
+          pv_exists = false
+        end
+      end
+    end
+    if !pv_exists
+      exec_string = "pvcreate /dev/mapper/dm-#{name}"
+      puts "pv does not exist - execute: #{exec_string}"
+      #private volume does not exist, create it
+      channel = @ssh_session.open_channel do |ch|
+        ch.send_data("y\n")
+        ch.exec exec_string do |ch, success|
+          puts "success = #{success}"
+          if !success
+            err = "Failed during creation of physical volume"
+            #puts "#{err}: #{data}"
+            raise Exception.new(err)
+          end
+        end
+      end
+      channel.wait
+    end
+    # third: check if vgscan successful
+    vg_exists = false
+    @ssh_session.exec! "/sbin/vgscan" do |ch, stream, data|
+      if stream == :stdout
+        if data.include?("vg-#{name}")
+          vg_exists = true
+        else
+          vg_exists = false
+        end
+      end
+    end
+    if !vg_exists
+      exec_string = "vgcreate vg-#{name} /dev/mapper/dm-#{name}"
+      puts "vg_exists == false; execute #{exec_string}"
+      @ssh_session.exec! exec_string do |ch, stream, data|
+        if stream == :stderr && !data.blank?
+          err = "Failed during creation of volume group"
+          puts "#{err}: #{data}"
+          raise Exception.new(err)
+        end
+      end
+      #exec_string = "lvcreate -n lv-#{name} -L#{size_in_mb.to_s}M vg-#{name}"
+      exec_string = "lvcreate -n lv-#{name} -l100%FREE vg-#{name}"
+      puts "execute #{exec_string}"
+      @ssh_session.exec! exec_string do |ch, stream, data|
+        if stream == :stderr && !data.blank?
+          err = "Failed during creation of logical volume"
+          puts "#{err}: #{data}"
+          raise Exception.new(err)
+        end
+      end
+      exec_string = "mkfs -t ext3 /dev/vg-#{name}/lv-#{name}"
+      puts "execute #{exec_string}"
+      @ssh_session.exec! exec_string #do |ch, stream, data|
+        #if stream == :stderr && !data.blank?
+        #err = "Failed during creation of file-system"
+        #puts "#{err}: #{data}"
+        #raise Exception.new(err)
+        #end
+      #end
+      if !SshApi.file_exists?(@ssh_session,"/dev/vg-#{name}/lv-#{name}")
+        err = "Missing file: /dev/vg-#{name}/lv-#{name}"
+        raise Exception.new(err)
+      end
+    else
+      exec_string = "/sbin/vgchange -a y vg-#{name}"
+      puts "vg_exists == true; execute #{exec_string}"
+      @ssh_session.exec! exec_string do |ch, stream, data| #TODO: the right size instead L2G!
+        if stream == :stderr && !data.blank?
+          err = "Failed during re-activation of volume group"
+          puts "#{err}: #{data}"
+          raise Exception.new(err)
+        end
+      end
+    end
+  end
+
+  def test_storage_encryption(password, mount_point, path)
+    raise Exception.new("not yet implemented")
+  end
+
+  def undo_encryption(name, path)
+    exec_string = "umount #{path}"
+    puts "going to execute #{exec_string}"
+    @ssh_session.exec! exec_string do |ch, stream, data|
+      puts "returns #{data}"
+    end
+    exec_string = "lvremove --verbose vg-#{name} -f" #[with confirmation?]
+    puts "going to execute #{exec_string}"
+    @ssh_session.exec! exec_string do |ch, stream, data|
+      puts "returns #{data}"
+    end
+    exec_string = "vgremove vg-#{name}"
+    puts "going to execute #{exec_string}"
+    @ssh_session.exec! exec_string do |ch, stream, data|
+      puts "returns #{data}"
+    end
+    exec_string = "pvremove /dev/mapper/dm-#{name}"
+    puts "going to execute #{exec_string}"
+    @ssh_session.exec! exec_string do |ch, stream, data|
+      puts "returns #{data}"
+    end
+    exec_string = "cryptsetup remove dm-#{name}"
+    puts "going to execute #{exec_string}"
+    @ssh_session.exec! exec_string do |ch, stream, data|
+      puts "returns #{data}"
+    end
+  end
+
+end

data/lib/help/remote_command_handler.rb

@@ -0,0 +1,113 @@
+require 'rubygems'
+require 'net/ssh'
+
+class RemoteCommandHandler
+  def initialize
+    @crypto = DmCryptHelper.new #TODO: instantiate helpers for different tools
+  end
+
+  def self.file_exists?(ssh_session, path)
+    result = true
+    ssh_session.exec!("ls #{path}") do |ch, stream, data|
+      if stream == :stderr
+        result = false
+      end
+    end
+    result
+  end
+  
+  def connect(ip, keyfile)
+    @ssh_session = Net::SSH.start(ip, 'root', :keys => [keyfile])
+    @crypto.set_ssh(@ssh_session)
+  end
+
+  def disconnect
+    @ssh_session.close
+  end
+
+  def install(software_package)
+    @crypto.install()
+  end
+
+  def tools_installed?(software_package)
+    @crypto.tools_installed?
+  end
+
+  def encrypt_storage(name, password, device, path)
+    @crypto.encrypt_storage(name, password, device, path)
+  end
+
+  def storage_encrypted?(password, device, path)
+    drive_mounted?(path) #TODO: must at least also check the name
+  end
+
+  # Checks if the drive on path is mounted
+  def drive_mounted?(path)
+    #check if drive mounted
+    drive_found = false
+    @ssh_session.exec! "mount" do |ch, stream, data|
+      if stream == :stdout
+        puts "mount command produces the following data: #{data}\n---------------"
+        if data.include?("on #{path} type")
+          drive_found = true
+        else
+          puts "not mounted: #{data}"
+        end
+      end
+    end
+    if drive_found
+      return SshApi.file_exists?(@ssh_session, path)
+    else
+      puts "not mounted (since #{path} non-existing)"
+      false
+    end
+  end
+
+  # Checks if the drive on path is mounted with the specific device
+  def drive_mounted_as?(device, path)
+    #check if drive mounted
+    drive_mounted = false
+    @ssh_session.exec! "mount" do |ch, stream, data|
+      if stream == :stdout
+        if data.include?("#{device} on #{path} type")
+          drive_mounted = true
+        else
+          puts "not mounted: #{data}"
+        end
+      end
+    end
+    drive_mounted
+  end
+
+  def activate_encrypted_volume(name, path)
+    drive_mounted = drive_mounted?(path)
+    puts "drive #{path} mounted? #{drive_mounted}"
+    if !drive_mounted
+      @ssh_session.exec! "mkdir #{path}"
+      exec_string = "mount /dev/vg-#{name}/lv-#{name} #{path}"
+      puts "drive not mounted; execute: #{exec_string}"
+      @ssh_session.exec! "mount /dev/vg-#{name}/lv-#{name} #{path}" do |ch, stream, data|
+        if stream == :stderr && !data.blank?
+          err = "Failed during mounting encrypted device"
+          puts "#{err}: #{data}"
+          puts "mount /dev/vg-#{name}/lv-#{name} #{path}"
+          raise Exception.new(err)
+        end
+      end
+    end
+  end
+
+  def undo_encryption(name, path)
+    @crypto.undo_encryption(name, path)
+  end
+
+  def umount(path)
+    exec_string = "umount #{path}"
+    puts "going to execute #{exec_string}"
+    @ssh_session.exec! exec_string do |ch, stream, data|
+      puts "ssh_api.umount: returns #{data}"
+    end
+    !drive_mounted?(path)
+  end
+  
+end

data/lib/help/script_execution_state.rb

@@ -0,0 +1,69 @@
+# Implements a little state-machine.
+# Usage: for every state you need, extend this class.
+# The method enter() must be implemented for every state you code and
+# return another state.
+class ScriptExecutionState
+  # context information for the state (hash)
+  attr_reader :context
+
+  def initialize(context)
+    @context = context
+  end
+
+  # Start the state machine using this state as initial state.
+  def start_state_machine
+    @current_state = self
+    puts "start state machine with #{@current_state.inspect}"
+    while !@current_state.done? && !@current_state.failed?
+      begin
+        @current_state = @current_state.enter()
+      rescue Exception => e
+        @current_state = FailedState.new(@context, e.to_s, @current_state)
+        puts "Exception: #{e}"
+        puts "#{e.backtrace.join("\n")}"
+      end
+    end
+    @current_state
+  end
+
+  # Returns the state that is reached after execution.
+  def end_state
+    @current_state
+  end
+
+  # To be implemented. Executes the code for this state.
+  def enter
+    raise Exception.new("TaskExecutionState is abstract")
+  end
+
+  # To be implemented. Indicates if the final state is reached.
+  def done?
+    false
+  end
+
+  # To be implemented. Indicates if the final state is a failure state.
+  def failed?
+    false
+  end
+
+  def to_s
+    s = self.class.to_s
+    s.sub(/.*\:\:/,'')
+  end
+
+  class FailedState < ScriptExecutionState
+    attr_accessor :failure_reason, :from_state
+    def initialize(context, failure_reason, from_state)
+      super(context)
+      @failure_reason = failure_reason
+      @from_state = from_state
+    end
+    def done?
+      true
+    end
+    def failed?
+      true
+    end
+  end
+
+end

data/lib/scripts/ec2/dm_encrypt.rb

@@ -0,0 +1,182 @@
+require "help/script_execution_state"
+require "scripts/ec2/ec2_script"
+
+# Encrypts an EC2 Storage
+class DmEncrypt < Ec2Script
+  def initialize(input_params)
+    super(input_params)
+  end
+
+  # Input parameters
+  # aws_access_key => the Amazon AWS Access Key (see Your Account -> Security Credentials)
+  # aws_secret_key => the Amazon AWS Secret Key
+  # ip_address => IP Address of the machine to connect to
+  # ssh_key_file => Path of the keyfile used to connect to the machine
+  # device => Path of the device to encrypt
+  # device_name => Name of the Device to encrypt
+  # storage_path => Path on which the encrypted device is mounted
+  # remote_command_handler => object that allows to connect via ssh and execute commands
+  # ec2_api_handler => object that allows to access the EC2 API
+  # password => password used for encryption
+  #
+  def initialize(input_params)
+    super(input_params)
+    @result = {:done => false}
+  end
+
+  # Executes the script.
+  def start_script
+    begin
+      current_state = DmEncryptState.load_state(@input_params)
+      end_state = current_state.start_state_machine()
+      if end_state.failed?
+        @result[:failed] = true
+        @result[:failure_reason] = current_state.end_state.failure_reason
+        @result[:end_state] = current_state.end_state
+      else
+        @result[:failed] = false
+      end
+    rescue Exception => e
+      puts "exception during encryption: #{e}"
+      puts e.backtrace.join("\n")
+      err = e.to_s
+      err += " (in #{current_state.end_state.to_s})" unless current_state.blank?
+      @result[:failed] = true
+      @result[:failure_reason] = err
+      @result[:end_state] = current_state.end_state unless current_state.blank?
+    ensure
+      begin
+      @input_params[:remote_command_handler].disconnect
+      rescue Exception => e2
+        puts "rescue disconnect: #{e2}"
+      end
+    end
+
+    #
+    @result[:done] = true
+  end
+
+  # Returns a hash with the following information:
+  # :done => if execution is done
+  #
+  def get_execution_result
+    @result
+  end
+
+  private
+
+  # Here begins the state machine implementation
+
+  class DmEncryptState < ScriptExecutionState
+
+    def self.load_state(context)
+      InitialState.new(context)
+    end
+  end
+
+  # Starting state. Tries to connect via ssh.
+  class InitialState < DmEncryptState
+    def enter
+      connect()
+    end
+
+    private
+
+    def connect()
+      puts "InitialState.connect"
+      @context[:remote_command_handler].connect(@context[:ip_address], @context[:ssh_key_file])
+      ConnectedState.new(@context)
+    end
+  end
+
+  # Connected via SSH. Tries to install dm-encrypt.#TODO: depends on OS
+  class ConnectedState < DmEncryptState
+    def enter
+      install_tools()
+    end
+
+    private
+    def install_tools
+      puts "ConnectedState.install_tools"
+      if !tools_installed?
+        @context[:remote_command_handler].install("dm-crypt") #TODO: constant somewhere? admin parameter?
+      end
+      if tools_installed?
+        puts "system says that tools are installed"
+        ToolInstalledState.new(@context)
+      else
+        FailedState.new(@context, "Installation of Tools failed", ConnectedState.new(@context))
+      end
+    end
+
+    def tools_installed?
+      if @context[:remote_command_handler].tools_installed?("dm-crypt")
+        true
+      else
+        false
+      end
+    end
+  end
+
+  # Connected and Tools installed. Start encryption.
+  class ToolInstalledState < DmEncryptState
+    def enter
+      create_encrypted_volume()
+    end
+
+    private
+    def create_encrypted_volume
+      puts "ToolInstalledState.create_encrypted_volume"
+      #first check if the drive is not yet mounted by someone else
+      if @context[:remote_command_handler].drive_mounted?(@context[:storage_path])
+        if !@context[:remote_command_handler].drive_mounted_as?(calc_device_name(), @context[:storage_path])
+          raise Exception.new("Drive is already used by another device")
+        end
+      end
+      #
+      @context[:remote_command_handler].encrypt_storage(@context[:device_name],
+      @context[:password], @context[:device], @context[:storage_path])
+      VolumeCreatedState.new(@context)
+    end
+
+    def calc_device_name
+      dev = @context[:device_name].gsub(/[-]/,"--")
+      "/dev/mapper/vg--#{dev}-lv--#{dev}"
+    end
+
+  end
+
+  class VolumeCreatedState < DmEncryptState
+    def enter
+      mount_and_activate()
+    end
+
+    private
+    def mount_and_activate
+      puts "VolumeCreatedState.mount_and_activate"
+      @context[:remote_command_handler].activate_encrypted_volume(@context[:device_name],@context[:storage_path])
+      MountedAndActivatedState.new(@context)
+    end
+  end
+
+  class MountedAndActivatedState < DmEncryptState
+    def enter
+      cleanup()
+    end
+
+    private
+    def cleanup()
+      puts "MountedAndActivatedState.cleanup"
+      @context[:remote_command_handler].disconnect()
+      DoneState.new(@context)
+    end
+
+  end
+
+  class DoneState < DmEncryptState
+    def done?
+      true
+    end
+  end
+
+end

data/lib/scripts/ec2/ec2_script.rb

@@ -0,0 +1,12 @@
+# Base class for any script on EC2.
+class Ec2Script
+  # Input parameters
+  # aws_access_key => the Amazon AWS Access Key (see Your Account -> Security Credentials)
+  # aws_secret_key => the Amazon AWS Secret Key
+  #
+  def initialize(input_params)
+    @input_params = input_params
+  end
+
+end
+

metadata

@@ -0,0 +1,83 @@
+--- !ruby/object:Gem::Specification 
+name: CloudyScripts
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Matthias Jung
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-12-11 00:00:00 +01:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: amazon-ec2
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: net-ssh
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+description: Scripts to facilitate programming for infrastructure clouds.
+email: matthias.jung@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README
+- LICENSE
+files: 
+- LICENSE
+- README
+- Rakefile
+- lib/cloudyscripts.rb
+- lib/help/dm_crypt_helper.rb
+- lib/help/remote_command_handler.rb
+- lib/help/script_execution_state.rb
+- lib/scripts/ec2/dm_encrypt.rb
+- lib/scripts/ec2/ec2_script.rb
+has_rdoc: true
+homepage: http://elastic-security.com
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: cloudyscripts
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: Scripts to facilitate programming for infrastructure clouds.
+test_files: []
+