ConfigLMM 0.1.0 → 0.3.0

data/Plugins/OS/Linux/WireGuard/WireGuard.lmm.rb

@@ -0,0 +1,108 @@
+
+module ConfigLMM
+    module LMM
+        class WireGuard < Framework::LinuxApp
+
+            WIREGUARD_PACKAGE = 'WireGuard'
+            SERVICE_NAME = 'wg-quick@wg0'
+            CONFIG_FILE = '/etc/wireguard/wg0.conf'
+            PORT = '51820'
+            SUBNET = '172.20.0.0/20'
+
+            persistBuildDir
+
+            def actionWireGuardDeploy(id, target, activeState, context, options)
+                self.prepareConfig(target)
+                if target['Location'] && target['Location'] != '@me'
+                    uri = Addressable::URI.parse(target['Location'])
+                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
+                    self.class.sshStart(uri) do |ssh|
+                        sharedKey = self.class.sshExec!(ssh, "firewall-cmd -q --permanent --add-port='#{PORT}'/udp")
+                        sharedKey = self.class.sshExec!(ssh, "firewall-cmd -q --permanent --zone=trusted --add-source=#{SUBNET}")
+                        sharedKey = self.class.sshExec!(ssh, "firewall-cmd -q --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s #{SUBNET} ! -d #{SUBNET} -j MASQUERADE")
+
+                        self.class.ensurePackages([WIREGUARD_PACKAGE], ssh)
+                        self.class.ensureServiceAutoStartOverSSH(SERVICE_NAME, ssh)
+
+                        dir = options['output'] + '/' + id + '/etc/wireguard/'
+                        mkdir(dir, false)
+                        template = ERB.new(File.read(__dir__ + '/wg0.conf.erb'))
+
+                        if self.class.remoteFilePresent?(CONFIG_FILE, ssh)
+                            # TODO Implement adding and removing peers
+                        else
+                            if !target['PrivateKey']
+                                target['PrivateKey'] = ENV['WIREGUARD_PRIVATEKEY_' + id]
+                                if !target['PrivateKey']
+                                    target['PrivateKey'] = genkeyOverSSH(ssh)
+                                end
+                            end
+                            publicKey = pubkeyOverSSH(target['PrivateKey'], ssh)
+                            self.class.sshExec!(ssh, "echo '#{publicKey}' > /etc/wireguard/pubkey")
+                            target['Peers'].each do |name, data|
+                                if !data['PublicKey']
+                                    data['PrivateKey'] = genkeyOverSSH(ssh)
+                                    data['PublicKey'] = pubkeyOverSSH(data['PrivateKey'], ssh)
+                                end
+                                if !data['PresharedKey']
+                                    data['PresharedKey'] = ENV['WIREGUARD_PRESHAREDKEY_' + id + '_' + name]
+                                    if !data['PresharedKey']
+                                        data['PresharedKey'] = genpskOverSSH(ssh)
+                                    end
+                                end
+                            end
+
+                            target['Peers'].each do |name, data|
+                                templateData = {}
+                                templateData['Address'] = target['Address']
+                                templateData['PrivateKey'] = data['PrivateKey']
+                                templateData['Peers'] = {}
+                                templateData['Peers'][id] = { 'PublicKey' => publicKey, 'PresharedKey' => data['PresharedKey'] }
+                                target['Peers'].each do |otherName, otherData|
+                                    next if name == otherName
+                                    pskIdB = 'PresharedKey_' + otherName + '_' + name
+                                    if otherData.key?(pskIdB)
+                                        psk = otherData[pskIdB]
+                                    else
+                                        pskIdA = 'PresharedKey_' + name + '_' + otherName
+                                        data[pskIdA] = genpskOverSSH(ssh)
+                                        psk = data[pskIdA]
+                                    end
+                                    templateData['Peers'][otherName] = { 'PublicKey' => otherData['PublicKey'], 'PresharedKey' => psk }
+                                end
+
+                                renderTemplate(template, templateData, dir + name + '.conf', options)
+                            end
+
+                            renderTemplate(template, target, dir + 'wg0.conf', options)
+                            ssh.scp.upload!(dir + 'wg0.conf', CONFIG_FILE)
+                        end
+
+                    end
+                else
+                    # TODO
+                end
+                self.startService(SERVICE_NAME, target['Location'])
+            end
+
+            def genkeyOverSSH(ssh)
+              self.class.sshExec!(ssh, 'wg genkey')
+            end
+
+            def genpskOverSSH(ssh)
+              self.class.sshExec!(ssh, 'wg genpsk')
+            end
+
+            def pubkeyOverSSH(privateKey, ssh)
+              self.class.sshExec!(ssh, " echo '#{privateKey}' | wg pubkey")
+            end
+
+            def prepareConfig(target)
+                target['Address'] = '172.20.0.1' unless target['Address']
+                target['Peers'].each do |name, data|
+                    data['AllowedIPs'] = SUBNET unless data['AllowedIPs']
+                end
+            end
+        end
+    end
+end

data/Plugins/OS/Linux/WireGuard/wg0.conf.erb

@@ -0,0 +1,15 @@
+[Interface]
+Address = <%= config['Address'] %>
+ListenPort = 51820
+PrivateKey = <%= config['PrivateKey'] %>
+
+<% config['Peers'].to_h.each do |name, peer| %>
+# <%= name %>
+[Peer]
+PublicKey = <%= peer['PublicKey'] %>
+PresharedKey = <%= peer['PresharedKey'] %>
+AllowedIPs = <%= peer['AllowedIPs'] %>
+<% if peer['Endpoint'] %>
+Endpoint = <%= peer['Endpoint'] %>:51820
+<% end %>
+<% end %>

data/Plugins/OS/Linux/openSUSE/autoinst.xml.erb

@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE profile>
+<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
+  <general config:type="map">
+    <mode config:type="map">
+      <confirm config:type="boolean">false</confirm>
+    </mode>
+  </general>
+  <bootloader t="map">
+    <global t="map">
+      <append>splash=silent preempt=full mitigations=auto quiet security=apparmor console=ttyS0,115200</append>
+    </global>
+  </bootloader>
+  <host t="map">
+    <% if !config['Hosts'].to_a.empty? %>
+      <hosts t="list">
+        <% config['Hosts'].each do |address, names| %>
+          <hosts_entry t="map">
+            <host_address><%= address %></host_address>
+            <names t="list">
+              <% names.each do |name| %>
+                <name><%= name %></name>
+              <% end %>
+            </names>
+          </hosts_entry>
+        <% end %>
+      </hosts>
+    <% end %>
+  </host>
+  <networking t="map">
+    <dns t="map">
+      <hostname><%= config['HostName'] %></hostname>
+      <% if config['Domain'] %>
+        <domain><%= config['Domain'] %></domain>
+      <% end %>
+    </dns>
+  </networking>
+  <software t="map">
+    <% if !config['Apps'].to_a.empty? %>
+      <packages t="list">
+        <% config['Apps'].each do |app| %>
+          <package><%= app.downcase %></package>
+        <% end %>
+      </packages>
+    <% end %>
+  </software>
+  <services-manager t="map">
+    <services t="map">
+      <% if !config['Services'].to_a.empty? %>
+        <enable t="list">
+          <% config['Services'].each do |service| %>
+            <service><%= service %></service>
+          <% end %>
+        </enable>
+      <% end %>
+    </services>
+  </services-manager>
+  <timezone t="map">
+    <timezone>Etc/UTC</timezone>
+  </timezone>
+  <% if !config['Users'].to_h.empty? %>
+    <users config:type="list">
+      <% config['Users'].each do |user, info| %>
+        <user>
+          <username>root</username>
+          <% if info['PasswordHash'] %>
+            <encrypted config:type="boolean">true</encrypted>
+            <user_password><%= info['PasswordHash'] %></user_password>
+          <% elsif info['Password'] %>
+            <encrypted config:type="boolean">false</encrypted>
+            <user_password><%= info['Password'] %></user_password>
+          <% end %>
+          <% if info['Shell'] %>
+            <shell>/usr/bin/<%= info['Shell'] %></shell>
+          <% end %>
+          <% if !info['AuthorizedKeys'].to_a.empty? %>
+            <authorized_keys config:type="list">
+              <% info['AuthorizedKeys'].each do |entry| %>
+                <listentry><%= entry %></listentry>
+              <% end %>
+            </authorized_keys>
+          <% end %>
+        </user>
+      <% end %>
+    </users>
+  <% end %>
+</profile>

data/Plugins/OS/Linux/systemd/systemd.lmm.rb

@@ -0,0 +1,28 @@
+
+module ConfigLMM
+    module LMM
+        class Systemd < Framework::LinuxApp
+
+            SYSTEMD_CONFIG_PATH = '/etc/systemd/system/'
+            USER_SERVICE_DIR = '/etc/systemd/system/user@.service.d/'
+
+            def actionSystemdDeploy(id, target, activeState, context, options)
+                if target['Location'] && target['Location'] != '@me'
+                    if target['UserCgroups']
+                        uri = Addressable::URI.parse(target['Location'])
+                        raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
+                        self.class.sshStart(uri) do |ssh|
+                            self.class.sshExec!(ssh, "mkdir -p #{USER_SERVICE_DIR}")
+                            ssh.scp.upload!(__dir__ + '/user-0.slice', SYSTEMD_CONFIG_PATH)
+                            ssh.scp.upload!(__dir__ + '/user@.service.d/delegate.conf', USER_SERVICE_DIR)
+                        end
+                    end
+                else
+                    # TODO
+                end
+
+            end
+
+        end
+    end
+end

data/Plugins/OS/Linux/systemd/user-0.slice

@@ -0,0 +1,9 @@
+
+[Unit]
+Before=systemd-logind.service
+
+[Slice]
+Slice=user.slice
+
+[Install]
+WantedBy=multi-user.target

data/Plugins/OS/Linux/systemd/user@.service.d/delegate.conf

@@ -0,0 +1,3 @@
+
+[Service]
+Delegate=memory pids

data/Plugins/Platforms/GoDaddy/GoDaddy.lmm.rb

@@ -26,7 +26,12 @@ module ConfigLMM
                     data.each do |name, data|
                         self.processDNS(domain, data).each do |type, records|
                             records.each do |record|
-                                shortName = name
+                                shortName = Addressable::IDNA.to_ascii(name) + '.' if type == 'CNAME' || type == 'ALIAS'
+                                if record[:type] == 'MX'
+                                    priority, name = record[:content].split(' ')
+                                    name = Addressable::IDNA.to_ascii(name) + '.'
+                                    record[:content] = [priority, name].join(' ')
+                                end
                                 config['Records'] += [shortName, record[:ttl], ' IN ', record[:type], record[:content]].join("\t") + "\n"
                             end
                         end

data/Plugins/Platforms/libvirt/libvirt.lmm.rb

@@ -0,0 +1,103 @@
+
+require 'fog/libvirt'
+require 'filesize'
+
+module ConfigLMM
+    module LMM
+        class Libvirt < Framework::Plugin
+
+            DEFAULT_IMAGE_PATH = '~/.local/share/libvirt/images/'
+            DEFAULT_VRAM = 16 * 1024 # 16 MiB
+
+            def actionLibvirtDeploy(id, target, activeState, context, options)
+                if !target['Location']
+                    target['Location'] = 'qemu:///session'
+                end
+                compute = Fog::Compute.new(provider: :libvirt, libvirt_uri: target['Location'])
+                createPools(target, compute, self.class.isLocal?(target['Location']))
+            end
+
+            def createPools(target, compute, isLocal)
+                if target['Pools']
+                    allPools = compute.pools.all
+                    target['Pools'].each do |name, location|
+                        next if allPools.find { |pool| pool.name == name }
+                        location = DEFAULT_IMAGE_PATH unless location
+                        location = File.expand_path(location) if isLocal
+                        xml = dirPoolXML(name, location)
+                        pool = compute.pools.create(persistent: true, autostart: true, xml: xml)
+                        pool.build
+                        pool.start
+                    end
+                end
+            end
+
+            def createVM(serverName, serverInfo, targetUri, iso, activeState)
+                compute = Fog::Compute.new(provider: :libvirt, libvirt_uri: targetUri)
+                server = compute.servers.all.find { |server| server.name == serverName }
+                if server
+                    server.start
+                    return
+                end
+                settings = {
+                    name: serverName,
+                    cpu: {
+                        mode: 'host-passthrough'
+                    },
+                    video: { type: 'qxl', vram: DEFAULT_VRAM }
+                }
+                if serverInfo['CPU']
+                    settings[:cpus] = serverInfo['CPU']
+                end
+                if serverInfo['RAM']
+                    settings[:memory_size] = Filesize.from(serverInfo['RAM']).to_f('KiB').to_i
+                end
+                volumeName = serverName + '.img'
+                volume = compute.volumes.all.find { |volume| volume.name == volumeName }
+                if volume
+                    settings[:volumes] = [volume]
+                elsif serverInfo['Storage']
+                    storage = Filesize.from(serverInfo['Storage']).to_f('GiB').to_i
+                    volume = compute.volumes.create(
+                        name: volumeName,
+                        pool_name: compute.pools.first.name,
+                        capacity: storage
+                    )
+                    settings[:volumes] = [volume]
+                end
+                if serverInfo['NetworkBridge']
+                    nic = {
+                        bridge: serverInfo['NetworkBridge'],
+                    }
+                    settings[:nics] = [nic]
+                end
+                server = compute.servers.new(**settings)
+                if iso
+                    server.iso_dir = File.dirname(iso)
+                    server.iso_file = File.basename(iso)
+                end
+                server.save
+                activeState['Status'] = 'CREATED'
+                state.save
+                server.start
+            end
+
+            def dirPoolXML(name, path)
+                xml  = '<pool type="dir">'
+                xml += "    <name>#{name.encode(:xml => :text)}</name>"
+                xml += "<target><path>#{path.encode(:xml => :text)}</path></target>"
+                xml += '</pool>'
+                xml
+            end
+
+            def self.isLocal?(location)
+                self.getLocation(location).empty?
+            end
+
+            def self.getLocation(location)
+                uri = Addressable::URI.parse(location)
+                uri.hostname
+            end
+        end
+    end
+end

data/Plugins/Services/DNS/PowerDNS.lmm.rb

@@ -13,6 +13,9 @@ module ConfigLMM
             DEFAULT_HOST = 'localhost'
             DEFAULT_PORT = 8081
             SSH_TIMEOUT = 10
+            PACKAGE_NAME = 'PowerDNS'
+            SERVICE_NAME = 'pdns'
+            USER = 'pdns'
 
             # TODO
             # def actionPowerDNSValidate(id, target, activeState, context, options)
@@ -21,6 +24,7 @@ module ConfigLMM
 
             def actionPowerDNSBuild(id, target, activeState, context, options)
                 if target['Settings']
+                    prepareSettings(target)
                     targetDir = options['output'] + CONFIG_DIR + '/'
                     mkdir(targetDir, options['dry'])
                     content = ''
@@ -44,7 +48,7 @@ module ConfigLMM
             def actionPowerDNSDeploy(id, target, activeState, context, options)
                 #actionPowerDNSDiff(id, target, activeState, context, options)
 
-                deploySettings(target)
+                deploySettings(target, options)
                 if target['DNS']
                     connect(id, target, activeState, context, options) do |host, port, key|
                         updateDNS(host, port, key, target['DNS'])
@@ -103,8 +107,8 @@ module ConfigLMM
                     rrsets = []
                     remove = []
                     info.each do |name, data|
-                        fullName = name + '.' + domain + '.'
-                        fullName = domain + '.' if name == '@'
+                        fullName = Addressable::IDNA.to_ascii(name) + '.' + Addressable::IDNA.to_ascii(domain) + '.'
+                        fullName = Addressable::IDNA.to_ascii(domain) + '.' if name == '@'
                         self.processDNS(domain, data).each do |type, records|
                             #remove += removeConflicting(zone, fullName, type)
                             rrset = {
@@ -115,6 +119,12 @@ module ConfigLMM
                                 records: []
                             }
                             records.each do |record|
+                                record[:content] = Addressable::IDNA.to_ascii(record[:content]) + '.' if type == 'CNAME' || type == 'ALIAS'
+                                if type == 'MX'
+                                    priority, name = record[:content].split(' ')
+                                    name = Addressable::IDNA.to_ascii(name) + '.'
+                                    record[:content] = [priority, name].join(' ')
+                                end
                                 rrset[:records] << { content: record[:content], disabled: false }
                             end
                             rrsets << rrset
@@ -129,12 +139,65 @@ module ConfigLMM
 
             end
 
-            def deploySettings(target)
-                if target['Settings']
-                    # TODO
+            def prepareSettings(target)
+                if !target['Settings'].key?('api')
+                    target['Settings']['api'] = 'yes'
+                end
+                if !target['Settings'].key?('expand-alias')
+                    target['Settings']['expand-alias'] = 'yes'
+                end
+                if !target['Settings'].key?('launch')
+                    target['Settings']['launch'] = 'gpgsql'
+                    target['Settings']['gpgsql-host'] = '/run/postgresql'
+                    target['Settings']['gpgsql-user'] = USER
+                    target['Settings']['gpgsql-dbname'] = USER
+                end
+            end
+
+            def deploySettings(target, options)
+                if target['Location']
+                    uri = Addressable::URI.parse(target['Location'])
+                    params = {}
+                    params = CGI.parse(uri.query) if uri.query
+                    if uri.scheme == 'ssh' && !params.key?('host')
+                        self.class.sshStart(uri) do |ssh|
+                            Framework::LinuxApp.ensurePackages([PACKAGE_NAME], ssh)
+                            Framework::LinuxApp.ensureServiceAutoStartOverSSH(SERVICE_NAME, ssh)
+                            if target['Settings']
+                                prepareSettings(target)
+                                self.class.sshExec!(ssh, "mkdir -p #{CONFIG_DIR}")
+                                self.class.sshExec!(ssh, "sed -i 's|# include-dir=|include-dir=#{CONFIG_DIR}|' /etc/pdns/pdns.conf")
+                                ssh.scp.upload!(options['output'] + CONFIG_DIR + '/configlmm.conf', CONFIG_DIR + '/configlmm.conf')
+                                apiKeyFile = CONFIG_DIR + '/apiKey.conf'
+                                if !self.class.remoteFilePresent?(apiKeyFile, ssh)
+                                    apiKey = ENV['POWERDNS_API_KEY']
+                                    apiKey = SecureRandom.urlsafe_base64(60) unless apiKey
+                                    self.class.sshExec!(ssh, " echo 'api-key=#{apiKey}' > #{apiKeyFile}")
+                                    self.class.sshExec!(ssh, " chown #{USER}:#{USER} #{apiKeyFile}")
+                                    self.class.sshExec!(ssh, " chmod 400 #{apiKeyFile}")
+                                    prompt.say("PowerDNS API Key: #{apiKey}", )
+                                end
+                                self.configurePostgreSQL(target['Settings'], ssh)
+                            end
+                            Framework::LinuxApp.startServiceOverSSH(SERVICE_NAME, ssh)
+                        end
+                    end
                 end
             end
 
+            def configurePostgreSQL(settings, ssh)
+                password = SecureRandom.alphanumeric(20)
+                if settings['gpgsql-host'] == 'localhost' || settings['gpgsql-host'].start_with?('/')
+                    PostgreSQL.createUserAndDBOverSSH(USER, password, ssh)
+                    PostgreSQL.importSQL(USER, USER, '/usr/share/doc/packages/pdns/schema.pgsql.sql', ssh)
+                else
+                    self.class.sshStart("ssh://#{settings['gpgsql-host']}/") do |ssh|
+                        PostgreSQL.createUserAndDBOverSSH(USER, password, ssh)
+                        PostgreSQL.importSQL(USER, USER, '/usr/share/doc/packages/pdns/schema.pgsql.sql', ssh)
+                    end
+                end
+                password
+            end
 
             def connect(id, target, activeState, context, options)
                 host = DEFAULT_HOST

data/README.md

@@ -1,5 +1,7 @@
 # ConfigLMM - Large Configuration Management Manager
 
+![Yo Dawg I Heard you like config so I put a config in your Config](/Images/configINconfig.png)
+
 ## Manage The Management with ease!
 
 You define how you want your applications/systems/containers/services/servers
@@ -57,6 +59,8 @@ to work without being vendor locked into any particular implementation or provid
 
 The true [GitOps](https://en.wikipedia.org/wiki/DevOps#GitOps)/DevOps/DevSecOps/[TestOps](https://en.wikipedia.org/wiki/TestOps)/SysOps/[AIOps](https://en.wikipedia.org/wiki/Artificial_Intelligence_for_IT_Operations)[DataOps](https://en.wikipedia.org/wiki/DataOps) which I call AllTheOps :)
 
+![One Config to Rule Them All](/Images/singleConfig.png)
+
 ## Benefits
 
 * Compare performance and price among different providers
@@ -217,6 +221,12 @@ First you need to have Ruby and RubyGems. Then you can install it with:
 
     $ gem install ConfigLMM
 
+If that doesn't work (eg. your Ruby is too old) then install with (it will install [RVM](https://rvm.io/))
+
+```
+$ curl -sS https://raw.githubusercontent.com/ConfigLMM/ConfigLMM/master/bootstrap.sh | sh
+```
+
 ## Usage
 
 Create yaml file with desired config, eg.

data/bootstrap.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/sh
+
+distro=$(cat /etc/os-release | grep ^ID= |  cut -d '=' -f 2 | cut -d '"' -f 2)
+
+function admin {
+    if [ "$EUID" -eq "0" ]; then
+        "$@"
+    else
+        sudo "$@"
+    fi
+}
+
+
+case $distro in
+
+opensuse-leap)
+    admin zypper install --no-confirm ruby libvirt-devel
+    ;;
+
+arch)
+    admin pacman -S --noconfirm --needed ruby rubygems
+    ;;
+
+*)
+    if ! command -v ruby &> /dev/null
+    then
+        echo "Ruby not found!" >&2
+        echo "Don't know how to install it for your $distro distribution!" >&2
+        echo "Submit a PR :)" >&2
+        exit 1
+    fi
+    ;;
+esac
+
+if ! command -v gem &> /dev/null; then
+    echo "RubyGems not found!" >&2
+    exit 2
+fi
+
+rubyTooOld=$(ruby -e 'puts RUBY_VERSION.to_f < 3.3 ? 1 : 0')
+
+if [ "$rubyTooOld" -eq "1" ]; then
+    echo "Ruby is too old! Will install RVM" >&2
+    gpg2 --keyserver hkp://keyserver.ubuntu.com --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB >/dev/null
+    curl -sSL https://get.rvm.io | bash -s stable --ruby=3.3.4
+    source /etc/profile.d/rvm.sh
+
+    if [ "$SHELL" = "/usr/bin/fish" ]; then
+        curl -L --create-dirs -o ~/.config/fish/functions/rvm.fish https://raw.github.com/lunks/fish-nuggets/master/functions/rvm.fish
+        echo "rvm default" >> ~/.config/fish/config.fish
+    fi
+fi
+
+gem install ConfigLMM

data/lib/ConfigLMM/Framework/plugins/dns.rb

@@ -23,8 +23,7 @@ module ConfigLMM
 
                 items.each do |item|
                     type, content = item.strip.split('=')
-                    content += '.' if type == 'CNAME' || type == 'ALIAS'
-                    content = domain + '.' if content == '@' || content == '@.'
+                    content = domain if content == '@'
                     content = self.class.externalIp if content == '@me'
                     records[type] ||= []
                     records[type] << { type: type, content: content, ttl: DEFAULT_TTL }