ConfigLMM 0.2.0 → 0.4.0

data/lib/ConfigLMM/Framework/plugins/linuxApp.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'tty-which'
+
 module ConfigLMM
     module Framework
 
@@ -8,79 +10,244 @@ module ConfigLMM
             LINUX_FOLDER = __dir__ + '/../../../../Plugins/OS/Linux/'
             SUSE_NAME = 'openSUSE Leap'
             SUSE_ID = 'opensuse-leap'
+            DEBIAN_NAME = 'Debian'
+            PROXMOXVE_NAME = 'Proxmox VE'
+            PODMAN_PACKAGE = 'Podman'
+            SYSTEMD_CONTAINERS_PATH = '~/.config/containers/systemd/'
 
-            def ensurePackage(name, location)
-              self.class.ensurePackage(name, location)
+            def ensurePackage(name, location, binary = nil)
+                self.class.ensurePackage(name, location, binary)
             end
 
-            def self.ensurePackage(name, location)
-                if location && location != '@me'
-                    uri = Addressable::URI.parse(location)
-                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
-                    self.ensurePackageOverSSH(name, uri)
-                else
-                    # TODO
-                end
+            def ensurePackages(names, location)
+                self.class.ensurePackages(names, location)
             end
 
-            def self.ensurePackageOverSSH(name, locationOrSSH)
+            def self.ensurePackage(name, location, binary = nil)
+                if binary && TTY::Which.which(binary)
+                    return
+                end
+                self.ensurePackages([name], location)
+            end
 
-                closure = Proc.new do |ssh|
-                    distroInfo = self.distroInfoFromSSH(ssh)
-                    pkgs = self.mapPackages([name], distroInfo['Name']).first
+            def self.ensurePackages(names, locationOrSSH)
+                self.doSSH(locationOrSSH) do |ssh|
+                    distroInfo = self.currentDistroInfo(ssh)
+                    reposPackages = self.mapPackages(names, distroInfo['Name'])
 
-                    pkgs = [pkgs] unless pkgs.is_a?(Array)
+                    repos = []
+                    pkgs = []
+                    reposPackages.each do |pkg|
+                        if pkg.include?('|')
+                            repoName, pkg = pkg.split('|')
+                            repos << repoName
+                            pkgs << pkg
+                        else
+                            pkgs << pkg
+                        end
+                    end
+                    repos.each do |repoName|
+                        self.addRepo(repoName, distroInfo, ssh)
+                    end
                     command = distroInfo['InstallPackage'] + ' ' + pkgs.map { |pkg| pkg.shellescape }.join(' ')
-                    self.sshExec!(ssh, command)
+                    if ssh
+                        self.sshExec!(ssh, command)
+                    else
+                        if `echo $EUID`.strip == '0'
+                            `#{command} >/dev/null`
+                        else
+                            `sudo #{command} >/dev/null`
+                        end
+                    end
+                    distroInfo
                 end
+            end
 
-                if locationOrSSH.is_a?(String) || locationOrSSH.is_a?(Addressable::URI)
-                    self.sshStart(locationOrSSH) do |ssh|
-                        closure.call(ssh)
+            def self.removePackage(name, locationOrSSH, dry = false)
+                self.doSSH(locationOrSSH) do |ssh|
+                    distroInfo = self.currentDistroInfo(ssh)
+                    reposPackages = self.mapPackages([name], distroInfo['Name'])
+
+                    pkgs = []
+                    reposPackages.each do |pkg|
+                        if pkg.include?('|')
+                            repoName, pkg = pkg.split('|')
+                            pkgs << pkg
+                        else
+                            pkgs << pkg
+                        end
                     end
-                else
-                  closure.call(locationOrSSH)
-                end
 
+                    command = distroInfo['RemovePackage'] + ' ' + pkgs.map { |pkg| pkg.shellescape }.join(' ')
+                    if ssh
+                        self.sshExec!(ssh, command, true, dry)
+                    else
+                        if `echo $EUID`.strip == '0'
+                            if dry
+                                puts "Would execute: #{command} >/dev/null"
+                            else
+                                `#{command} >/dev/null`
+                            end
+                        else
+                            if dry
+                                puts "Would execute: sudo #{command} >/dev/null"
+                            else
+                                `sudo #{command} >/dev/null`
+                            end
+                        end
+                    end
+                    distroInfo
+                end
             end
 
             def ensureServiceAutoStart(name, location)
                 if location && location != '@me'
                     uri = Addressable::URI.parse(location)
                     raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
-                    self.class.sshStart(uri) do |ssh|
-                        distroInfo = self.class.distroInfoFromSSH(ssh)
-
-                        command = distroInfo['AutoStartService'] + ' ' + name.shellescape
-                        self.class.sshExec!(ssh, command)
-                    end
+                    self.class.ensureServiceAutoStartOverSSH(name, uri)
                 else
                     # TODO
                 end
             end
 
-            def startService(name, location)
+            def self.ensureServiceAutoStart(name, locationOrSSH)
+                self.execDistroCommand(name, 'AutoStartService', locationOrSSH)
+            end
+
+            # Deprecated
+            def self.ensureServiceAutoStartOverSSH(name, locationOrSSH)
+                self.ensureServiceAutoStart(name, locationOrSSH)
+            end
+
+            def startService(name, location, dry = false)
                 if location && location != '@me'
                     uri = Addressable::URI.parse(location)
                     raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
-                    self.class.sshStart(uri) do |ssh|
-                        distroInfo = self.class.distroInfoFromSSH(ssh)
+                    self.class.startService(name, location, dry = false)
+                else
+                    # TODO
+                end
+            end
+
+            def self.startService(name, locationOrSSH, dry = false)
+                self.execDistroCommand(name, 'StartService', locationOrSSH, false, dry)
+            end
 
-                        command = distroInfo['StartService'] + ' ' + name.shellescape
-                        self.class.sshExec!(ssh, command)
+            # Deprecated
+            def self.startServiceOverSSH(name, locationOrSSH, dry = false)
+                self.startService(name, locationOrSSH, dry)
+            end
+
+            def self.restartService(name, locationOrSSH, dry = false)
+                self.execDistroCommand(name, 'RestartService', locationOrSSH, false, dry)
+            end
+
+            def self.reloadService(name, locationOrSSH, dry = false)
+                self.execDistroCommand(name, 'ReloadService', locationOrSSH, false, dry)
+            end
+
+            def self.stopService(name, locationOrSSH, dry = false)
+                self.execDistroCommand(name, 'StopService', locationOrSSH, true, dry)
+            end
+
+            def self.disableService(name, locationOrSSH, dry = false)
+                self.execDistroCommand(name, 'DisableService', locationOrSSH, true, dry)
+            end
+
+            def self.reloadServiceManager(locationOrSSH, dry = false)
+                self.execDistroCommand(nil, 'ReloadServiceManager', locationOrSSH, false, dry)
+            end
+
+            def self.deleteUserAndGroup(name, locationOrSSH, dry = false)
+                self.execDistroCommand(name, 'DeleteUser', locationOrSSH, true, dry)
+                self.execDistroCommand(name, 'DeleteGroup', locationOrSSH, true, dry)
+            end
+
+            def self.execDistroCommand(param, commandName, locationOrSSH, allowFailure = false, dry = false)
+                self.doSSH(locationOrSSH) do |ssh|
+                    distroInfo = self.currentDistroInfo(ssh)
+
+                    command = distroInfo[commandName]
+                    command += ' ' + param.shellescape unless param.nil?
+                    self.exec(command, ssh, allowFailure, dry)
+                end
+            end
+
+            def self.doSSH(locationOrSSH, &block)
+                if locationOrSSH.nil? || locationOrSSH == '@me'
+                    result = block.call(nil)
+                elsif locationOrSSH.is_a?(String) || locationOrSSH.is_a?(Addressable::URI)
+                    uri = Addressable::URI.parse(locationOrSSH)
+                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
+
+                    self.sshStart(locationOrSSH) do |ssh|
+                        result = block.call(ssh)
                     end
                 else
-                    # TODO
+                    result = block.call(locationOrSSH)
+                end
+                result
+            end
+
+            # Deprecated
+            def self.firewallAddServiceOverSSH(serviceName, locationOrSSH)
+                self.firewallAddService(serviceName, locationOrSSH)
+            end
+
+            # Deprecated
+            def self.firewallAddPortOverSSH(portName, locationOrSSH)
+                self.firewallAddPort(portName, locationOrSSH)
+            end
+
+            def self.firewallAddService(serviceName, locationOrSSH = nil, dry = false)
+                self.doSSH(locationOrSSH) do |ssh|
+                     command = 'firewall-cmd --permanent --add-service ' + serviceName.shellescape
+                     self.exec(command, ssh, true, dry)
+                     command = 'firewall-cmd --add-service ' + serviceName.shellescape
+                     self.exec(command, ssh, true, dry)
+                end
+            end
+
+            def self.firewallRemoveService(serviceName, locationOrSSH = nil, dry = false)
+                self.doSSH(locationOrSSH) do |ssh|
+                     command = 'firewall-cmd --permanent --remove-service ' + serviceName.shellescape
+                     self.exec(command, ssh, false, dry)
+                     command = 'firewall-cmd --remove-service ' + serviceName.shellescape
+                     self.exec(command, ssh, false, dry)
+                end
+            end
+
+            def self.firewallAddPort(portName, locationOrSSH = nil, dry = false)
+                self.doSSH(locationOrSSH) do |ssh|
+                     command = 'firewall-cmd --permanent --add-port ' + portName.shellescape
+                     self.exec(command, ssh, true, dry)
+                     command = 'firewall-cmd --add-port ' + portName.shellescape
+                     self.exec(command, ssh, true, dry)
+                end
+            end
+
+            def self.firewallRemovePort(portName, locationOrSSH = nil, dry = false)
+                self.doSSH(locationOrSSH) do |ssh|
+                     command = 'firewall-cmd --permanent --remove-port ' + portName.shellescape
+                     self.exec(command, ssh, false, dry)
+                     command = 'firewall-cmd --remove-port ' + portName.shellescape
+                     self.exec(command, ssh, false, dry)
                 end
             end
 
             def self.mapPackages(packages, distroName)
-                distroPackages = YAML.load_file(LINUX_FOLDER + 'Packages.yaml')
+                allPackages = YAML.load_file(LINUX_FOLDER + 'Packages.yaml')
                 names = []
+                raise "Distro '#{distroName}' not implemented!" unless allPackages.key?(distroName)
+                distroPackages = allPackages[distroName].to_h
                 packages.to_a.each do |pkg|
-                    packageName = distroPackages[distroName][pkg]
+                    packageName = distroPackages[pkg]
                     if packageName
-                        names << packageName
+                        if packageName.is_a?(Array)
+                            names += packageName
+                        else
+                            names << packageName
+                        end
                     else
                         names << pkg.downcase
                     end
@@ -88,20 +255,57 @@ module ConfigLMM
                 names
             end
 
-            def self.createSubuidsOverSSH(user, distroInfo, ssh)
-                self.sshExec!(ssh, "#{distroInfo['ModifyUser']} --add-subuids 100000-165535 --add-subgids 100000-165535 #{user}")
+            def self.createCertificateOverSSH(ssh)
+                dir = "/etc/letsencrypt/live/Wildcard/"
+                self.sshExec!(ssh, "mkdir -p #{dir}")
+                # Need this temporarily before real certs are created
+                if !self.remoteFilePresent?(dir + 'fullchain.pem', ssh)
+                    self.sshExec!(ssh, "openssl req -x509 -noenc -days 90 -newkey rsa:2048 -keyout #{dir}privkey.pem -out #{dir}fullchain.pem -subj '/C=US/O=ConfigLMM/CN=Wildcard'")
+                    self.sshExec!(ssh, "cp #{dir}fullchain.pem #{dir}chain.pem")
+                end
+                dir
             end
 
-            def self.distroID
-                `cat /etc/os-release | grep "^ID=" | cut -d "=" -f 2`.strip.gsub('"', '')
+            def self.configurePodmanServiceOverSSH(user, homedir, userComment, distroInfo, ssh)
+                Framework::LinuxApp.ensurePackages([PODMAN_PACKAGE], ssh)
+                addUserCmd = "#{distroInfo['CreateServiceUser']} --home-dir '#{homedir}' --create-home --comment '#{userComment}' #{user}"
+                self.sshExec!(ssh, addUserCmd, true)
+                self.sshExec!(ssh, "chmod o-rwx #{homedir}")
+                self.createSubuidsOverSSH(user, distroInfo, ssh)
+                self.sshExec!(ssh, "loginctl enable-linger #{user}")
+                self.sshExec!(ssh, "su --login #{user} --shell /bin/sh --command 'mkdir -p #{SYSTEMD_CONTAINERS_PATH}'")
             end
 
-            def self.distroIDfromSSH(ssh)
-                ssh.exec!('cat /etc/os-release | grep "^ID=" | cut -d "=" -f 2').strip.gsub('"', '')
+            def self.addRepo(name, distroInfo, ssh = nil)
+                if distroInfo['Name'] == 'openSUSE Leap'
+                    if ssh
+                        versionId = ssh.exec!('cat /etc/os-release | grep "^VERSION_ID=" | cut -d "=" -f 2').strip.gsub('"', '')
+                        self.sshExec!(ssh, "zypper addrepo https://download.opensuse.org/repositories/#{name}/#{versionId}/#{name}.repo", true)
+                        self.sshExec!(ssh, "zypper --gpg-auto-import-keys refresh")
+                    else
+                        versionId = `cat /etc/os-release | grep "^VERSION_ID=" | cut -d "=" -f 2`.strip.gsub('"', '')
+                        `zypper addrepo https://download.opensuse.org/repositories/#{name}/#{versionId}/#{name}.repo`
+                        `zypper --gpg-auto-import-keys refresh`
+                    end
+                else
+                    # TODO
+                end
+            end
+
+            def self.createSubuidsOverSSH(user, distroInfo, ssh)
+                self.sshExec!(ssh, "#{distroInfo['ModifyUser']} --add-subuids 100000-165535 --add-subgids 100000-165535 #{user}")
+            end
+
+            def self.distroID(ssh = nil)
+                if ssh
+                    ssh.exec!('cat /etc/os-release | grep "^ID=" | cut -d "=" -f 2').strip.gsub('"', '')
+                else
+                    `cat /etc/os-release | grep "^ID=" | cut -d "=" -f 2`.strip.gsub('"', '')
+                end
             end
 
-            def self.distroInfoFromSSH(ssh)
-                distroInfo = self.distroInfo(self.distroIDfromSSH(ssh))
+            def self.currentDistroInfo(ssh)
+                self.distroInfo(self.distroID(ssh))
             end
 
             def self.distroInfo(distroID)

data/lib/ConfigLMM/Framework/plugins/nginxApp.rb

@@ -13,28 +13,77 @@ module ConfigLMM
 
         class NginxApp < Framework::Plugin
 
+            NGINX_PACKAGE = 'nginx'
+            CONFIG_DIR = '/etc/nginx/'
+            WWW_DIR = '/srv/www/'
+
             def writeNginxConfig(dir, name, id, target, activeState, context, options)
                 outputFolder = options['output']
 
                 updateTargetConfig(target)
 
+                target = target.dup
+                target['NginxVersion'] = 0 unless target['NginxVersion']
                 template = ERB.new(File.read(dir + '/' + name + '.conf.erb'))
+                name = target['ConfigName'] if target['ConfigName']
                 renderTemplate(template, target, outputFolder + '/nginx/servers-lmm/' + name + '.conf', options)
-                plugins[:Nginx].actionNginxBuild(id, target, activeState, context, options)
             end
 
             def deployNginxConfig(id, target, activeState, context, options)
-                outputFolder = options['output']
+                outputFolder = options['output'] + '/nginx/servers-lmm'
+
+                if target['Location'] && target['Location'] != '@me'
+                    uri = Addressable::URI.parse(target['Location'])
+                    raise Framework::PluginProcessError.new("Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
+                    self.class.sshStart(uri) do |ssh|
+                        self.class.uploadFolder(outputFolder, CONFIG_DIR, ssh)
+                        if target['TLS']
+                            Framework::LinuxApp.firewallAddServiceOverSSH('https', ssh)
+                        else
+                            Framework::LinuxApp.firewallAddServiceOverSSH('http', ssh)
+                        end
+                    end
+                else
+                    copy(outputFolder, CONFIG_DIR, options['dry'])
+                end
+            end
+
+            def cleanupNginxConfig(name, id, state, context, options, ssh = nil)
+                rm('/etc/nginx/servers-lmm/' + name + '.conf', options['dry'], ssh)
+            end
 
-                if !target['Location'] || target['Location'] == '@me'
-                    copy(outputFolder + '/nginx/servers-lmm', '/etc/nginx/', options['dry'])
+            def self.prepareNginxConfig(target, ssh = nil)
+                if ssh
+                    target['NginxVersion'] = self.sshExec!(ssh, 'nginx -v').strip.split('/')[1].to_f
+                else
+                    target['NginxVersion'] = `nginx -v`.strip.split('/')[1].to_f
                 end
+            end
+
+            def self.reload(ssh = nil, dry = false)
+                self.exec("systemctl reload nginx", ssh, false, dry)
+            end
+
+            def self.ensurePackage(ssh = nil)
+                Framework::LinuxApp.ensurePackages([NGINX_PACKAGE], ssh)
+                Framework::LinuxApp.ensureServiceAutoStartOverSSH(NGINX_PACKAGE, ssh)
+            end
 
-                plugins[:Nginx].actionNginxDeploy(id, target, activeState, context, options)
+            def useNginxProxy(dir, configName, id, target, activeState, state, context, options, ssh)
+                self.class.ensurePackage(ssh)
+                self.class.prepareNginxConfig(target, ssh)
+                self.writeNginxConfig(dir, configName, id, target, state, context, options)
+                self.deployNginxConfig(id, target, activeState, context, options)
+                Framework::LinuxApp.startServiceOverSSH(NGINX_PACKAGE, ssh)
+                self.class.reload(ssh)
             end
 
-            def cleanupNginxConfig(name, id, state, context, options)
-                rm('/etc/nginx/servers-lmm/' + name + '.conf', options['dry'])
+            def deployNginxProxyConfig(server, name, id, target, activeState, state, context, options, ssh)
+                target = target.dup
+                target['Proxy'] = server
+                target['Name'] = name if name
+                target['ConfigName'] = target['Name']
+                useNginxProxy(__dir__ + '/../../../../Plugins/Apps/Nginx', 'proxy', id, target, activeState, state, context, options, ssh)
             end
 
             private

data/lib/ConfigLMM/Framework/plugins/plugin.rb

@@ -7,12 +7,14 @@ require 'http'
 require 'fileutils'
 require 'net/ssh'
 require 'net/scp'
+require 'open3'
 
 module ConfigLMM
     module Framework
 
         class Plugin
 
+            REPOS_CACHE = '~/.cache/configlmm/repos'
 
             def self.inherited(plugin)
                 Store.registerPlugin(plugin)
@@ -122,11 +124,19 @@ module ConfigLMM
                 end
             end
 
-            def rm(path, dry)
+            def rm(path, dry, ssh = nil)
                 if dry
-                    prompt.say('Would remove ' + path)
+                    if ssh
+                        prompt.say("Would remove ssh://#{ssh.transport.host}:#{ssh.transport.port}" + path)
+                    else
+                        prompt.say('Would remove ' + path)
+                    end
                 else
-                    FileUtils.rm_r(path, noop: dry)
+                    if ssh
+                        self.class.sshExec!(ssh, "rm -rf #{path}")
+                    else
+                        FileUtils.rm_r(path, noop: dry)
+                    end
                 end
             end
 
@@ -146,25 +156,41 @@ module ConfigLMM
                 end
             end
 
+            def self.loadVariable(value, target)
+                variableStart = value.index('${')
+                return value unless variableStart
+                variableEnd = value.index('}', variableStart + 2)
+                variableName = value[variableStart + 2...variableEnd]
+                if variableName.start_with?('ENV:')
+                    value = value[0...variableStart].to_s + ENV[variableName[4..variableEnd]] + value[(variableEnd + 1)..-1].to_s
+                else
+                    raise 'Not implemented!'
+                end
+                value
+            end
+
             CONFIGLMM_SECTION_BEGIN = "# -----BEGIN CONFIGLMM-----\n"
             CONFIGLMM_SECTION_END   = "# -----END CONFIGLMM-----\n"
 
-            def updateLocalFile(file, options, atTop = false)
+            def updateLocalFile(file, options, atTop = false, comment = '#')
+                File.write(file, '') unless File.exist?(file)
+                sectionBegin = CONFIGLMM_SECTION_BEGIN.gsub('#', comment)
+                sectionEnd = CONFIGLMM_SECTION_END.gsub('#', comment)
                 fileLines = File.read(file).lines
-                sectionBeginIndex = fileLines.index(CONFIGLMM_SECTION_BEGIN)
-                sectionEndIndex = fileLines.index(CONFIGLMM_SECTION_END)
+                sectionBeginIndex = fileLines.index(sectionBegin)
+                sectionEndIndex = fileLines.index(sectionEnd)
                 if sectionBeginIndex.nil?
                     linesBefore = []
                     linesBefore = fileLines unless atTop
                     linesBefore << "\n"
-                    linesBefore << CONFIGLMM_SECTION_BEGIN
-                    linesAfter = [CONFIGLMM_SECTION_END]
+                    linesBefore << sectionBegin
+                    linesAfter = [sectionEnd]
                     linesAfter << "\n"
                     linesAfter += fileLines if atTop
                 else
                     linesBefore = fileLines[0..sectionBeginIndex]
                     if sectionEndIndex.nil?
-                        linesAfter = [CONFIGLMM_SECTION_END]
+                        linesAfter = [sectionEnd]
                         linesAfter << "\n"
                     else
                         linesAfter = fileLines[sectionEndIndex..fileLines.length]
@@ -178,14 +204,14 @@ module ConfigLMM
                 fileWrite(file, fileLines.join(), options[:dry])
             end
 
-            def updateRemoteFile(locationOrSSH, file, options, atTop = false, &block)
+            def updateRemoteFile(locationOrSSH, file, options, atTop = false, comment = '#', &block)
 
                 closure = Proc.new do |ssh|
                     localFile = options['output'] + '/' + SecureRandom.alphanumeric(10)
                     File.write(localFile, '')
                     self.class.sshExec!(ssh, "touch #{file}")
                     ssh.scp.download!(file, localFile)
-                    updateLocalFile(localFile, options, atTop, &block)
+                    updateLocalFile(localFile, options, atTop, comment, &block)
                     ssh.scp.upload!(localFile, file)
                 end
 
@@ -201,14 +227,23 @@ module ConfigLMM
                 end
             end
 
-            def self.remoteFilePresent?(file, ssh)
-                result = self.sshExec!(ssh, "stat #{file}", true)
+            def self.filePresent?(file, ssh = nil)
+                result = self.exec("stat #{file}", ssh, true)
                 !result.start_with?('stat: cannot')
             end
 
+            # DEPRECATED - use filePresent()
+            def self.remoteFilePresent?(file, ssh)
+                self.filePresent?(file, ssh)
+            end
+
+            def self.remoteFileContains?(file, content, ssh)
+                !self.sshExec!(ssh, "grep '#{content}' #{file}", true).strip.empty?
+            end
+
             def self.uploadNotPresent(file, target, ssh)
                 target += '/' + File.basename(file)
-                if !self.remoteFilePresent?(target)
+                if !self.remoteFilePresent?(target, ssh)
                     ssh.scp.upload!(file, target)
                 end
             end
@@ -217,7 +252,33 @@ module ConfigLMM
                 target += '/' + File.basename(folder) + '/'
                 self.sshExec!(ssh, "mkdir -p #{target}")
                 Dir[folder + '/*'].each do |file|
-                    ssh.scp.upload!(file, target + File.basename(file))
+                    ssh.scp.upload!(file, target + File.basename(file), recursive: true)
+                end
+            end
+
+            def self.exec(command, ssh = nil, allowFailure = false, dry = false)
+                if ssh.nil?
+                    if dry
+                        puts "Would execute: #{command}"
+                        return
+                    end
+                    stdout, stdeerr, status = Open3.capture3(command)
+                    if !allowFailure && !status.success?
+                        $stderr.puts(stdout)
+                        $stderr.puts(stdeerr)
+                        raise Framework::PluginProcessError.new("Failed '#{command}'")
+                    end
+                    stdout + stdeerr
+                else
+                    self.sshExec!(ssh, command, allowFailure, dry)
+                end
+            end
+
+            def self.cmdSuccess?(command, ssh = nil)
+                if ssh.nil?
+                    system(command, :out => File::NULL)
+                else
+                    self.sshSuccess?(ssh, command)
                 end
             end
 
@@ -229,6 +290,15 @@ module ConfigLMM
                 [server, params]
             end
 
+            def self.cmdSSH(uri)
+                uri = Addressable::URI.parse(uri) if uri.is_a?(String)
+                server, sshParams = self.toSSHparams(uri)
+                cmd = 'ssh '
+                cmd += '-p ' + sshParams[:port] if sshParams[:port]
+                cmd += sshParams[:user] + '@' if sshParams[:port]
+                cmd + server
+            end
+
             def self.sshStart(uri)
                 uri = Addressable::URI.parse(uri) if uri.is_a?(String)
                 server, sshParams = self.toSSHparams(uri)
@@ -237,7 +307,11 @@ module ConfigLMM
                 end
             end
 
-            def self.sshExec!(ssh, command, allowFailure = false)
+            def self.sshExec!(ssh, command, allowFailure = false, dry = false)
+                if dry
+                    puts "Would execute: ssh #{ssh.transport.host} -p #{ssh.transport.port} '#{command}'"
+                    return
+                end
                 status = {}
                 output = ''
                 channel = ssh.exec(command, status: status) do |channel, stream, data|
@@ -251,6 +325,12 @@ module ConfigLMM
                 output
             end
 
+            def self.sshSuccess?(ssh, command)
+                status = {}
+                ssh.exec!(command, status)
+                status[:exit_code].zero?
+            end
+
             def renderTemplate(template, target, outputPath, options)
                 variables = {
                     config: target,
@@ -264,6 +344,22 @@ module ConfigLMM
                 end
             end
 
+            def cleanupType(type, configs, state, context, options)
+                items = state.selectType(type)
+                items.each do |id, item|
+                    if !configs.key?(id) && item['Status'] != State::STATUS_DESTROYED && (item['Status'] != State::STATUS_DELETED || options[:destroy])
+                        if item['Location'].nil? || item['Location'] == '@me'
+                            yield(item, id, state, context, options, nil)
+                        else
+                            uri = Addressable::URI.parse(item['Location'])
+                            self.class.sshStart(uri) do |ssh|
+                                yield(item, id, state, context, options, ssh)
+                            end
+                        end
+                    end
+                end
+            end
+
             def self.normalizeId(id)
                 id = id.split('::').last
                 if id.downcase.end_with?('plugin')