RubyGems - ConfigLMM - Versions diffs - 0.3.0 → 0.5.0 - Mend

ConfigLMM 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (250) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +70 -0
data/CNAME +1 -0
data/Examples/.lmm.state.yaml +159 -0
data/Examples/ConfigLMM.mm.yaml +32 -0
data/Examples/Implemented.mm.yaml +252 -4
data/Examples/SmallBusiness.mm.yaml +492 -0
data/Plugins/Apps/Answer/answer.lmm.rb +165 -0
data/Plugins/Apps/Answer/answer@.service +40 -0
data/Plugins/Apps/ArchiSteamFarm/ArchiSteamFarm.conf.erb +0 -3
data/Plugins/Apps/ArchiSteamFarm/ArchiSteamFarm.lmm.rb +0 -1
data/Plugins/Apps/Authentik/Authentik-ProxyOutpost.container +20 -0
data/Plugins/Apps/Authentik/Authentik-Server.container +7 -1
data/Plugins/Apps/Authentik/Authentik-Worker.container +7 -1
data/Plugins/Apps/Authentik/Authentik.conf.erb +18 -6
data/Plugins/Apps/Authentik/Authentik.lmm.rb +232 -45
data/Plugins/Apps/BookStack/BookStack.conf.erb +38 -0
data/Plugins/Apps/BookStack/BookStack.container +20 -0
data/Plugins/Apps/BookStack/BookStack.lmm.rb +91 -0
data/Plugins/Apps/Cassandra/Cassandra.lmm.rb +9 -19
data/Plugins/Apps/ClickHouse/ClickHouse.container +28 -0
data/Plugins/Apps/ClickHouse/ClickHouse.lmm.rb +113 -0
data/Plugins/Apps/ClickHouse/Config/listen.yaml +2 -0
data/Plugins/Apps/ClickHouse/Config/logger.yaml +8 -0
data/Plugins/Apps/ClickHouse/Config/zookeepers.yaml +5 -0
data/Plugins/Apps/ClickHouse/Connection.rb +96 -0
data/Plugins/Apps/Discourse/Discourse-Sidekiq.container +22 -0
data/Plugins/Apps/Discourse/Discourse.conf.erb +38 -0
data/Plugins/Apps/Discourse/Discourse.container +21 -0
data/Plugins/Apps/Discourse/Discourse.lmm.rb +156 -0
data/Plugins/Apps/Dovecot/Dovecot.lmm.rb +87 -52
data/Plugins/Apps/ERPNext/ERPNext-Frontend.container +24 -0
data/Plugins/Apps/ERPNext/ERPNext-Queue.container +22 -0
data/Plugins/Apps/ERPNext/ERPNext-Scheduler.container +22 -0
data/Plugins/Apps/ERPNext/ERPNext-Websocket.container +24 -0
data/Plugins/Apps/ERPNext/ERPNext.container +23 -0
data/Plugins/Apps/ERPNext/ERPNext.lmm.rb +204 -0
data/Plugins/Apps/ERPNext/ERPNext.network +12 -0
data/Plugins/Apps/ERPNext/sites/apps.json +10 -0
data/Plugins/Apps/ERPNext/sites/apps.txt +3 -0
data/Plugins/Apps/ERPNext/sites/common_site_config.json +11 -0
data/Plugins/Apps/GitLab/GitLab.container +9 -2
data/Plugins/Apps/GitLab/GitLab.lmm.rb +52 -33
data/Plugins/Apps/Homepage/Homepage.conf.erb +86 -0
data/Plugins/Apps/Homepage/Homepage.container +19 -0
data/Plugins/Apps/Homepage/Homepage.lmm.rb +54 -0
data/Plugins/Apps/IPFS/IPFS.conf.erb +0 -3
data/Plugins/Apps/IPFS/IPFS.lmm.rb +0 -1
data/Plugins/Apps/InfluxDB/InfluxDB.conf.erb +0 -3
data/Plugins/Apps/InfluxDB/InfluxDB.lmm.rb +0 -1
data/Plugins/Apps/Jackett/Jackett.conf.erb +0 -3
data/Plugins/Apps/Jackett/Jackett.lmm.rb +0 -1
data/Plugins/Apps/Jellyfin/Jellyfin.conf.erb +0 -3
data/Plugins/Apps/Jellyfin/Jellyfin.lmm.rb +0 -1
data/Plugins/Apps/LetsEncrypt/LetsEncrypt.lmm.rb +78 -0
data/Plugins/Apps/LetsEncrypt/hooks/dovecot.sh +2 -0
data/Plugins/Apps/LetsEncrypt/hooks/nginx.sh +2 -0
data/Plugins/Apps/LetsEncrypt/hooks/postfix.sh +2 -0
data/Plugins/Apps/LetsEncrypt/renew-certificates.service +7 -0
data/Plugins/Apps/LetsEncrypt/renew-certificates.timer +12 -0
data/Plugins/Apps/LetsEncrypt/rfc2136.ini +11 -0
data/Plugins/Apps/LibreTranslate/LibreTranslate.container +21 -0
data/Plugins/Apps/LibreTranslate/LibreTranslate.lmm.rb +34 -0
data/Plugins/Apps/Lobsters/Containerfile +81 -0
data/Plugins/Apps/Lobsters/Lobsters-Tasks.container +26 -0
data/Plugins/Apps/Lobsters/Lobsters.conf.erb +99 -0
data/Plugins/Apps/Lobsters/Lobsters.container +27 -0
data/Plugins/Apps/Lobsters/Lobsters.lmm.rb +196 -0
data/Plugins/Apps/Lobsters/crontab +3 -0
data/Plugins/Apps/Lobsters/database.yml +26 -0
data/Plugins/Apps/Lobsters/entrypoint.sh +30 -0
data/Plugins/Apps/Lobsters/generateCredentials.rb +19 -0
data/Plugins/Apps/Lobsters/lobsters-cron.sh +25 -0
data/Plugins/Apps/Lobsters/lobsters-daily.sh +23 -0
data/Plugins/Apps/Lobsters/puma.rb +49 -0
data/Plugins/Apps/MariaDB/Connection.rb +55 -0
data/Plugins/Apps/MariaDB/MariaDB.lmm.rb +122 -0
data/Plugins/Apps/Mastodon/Mastodon-Sidekiq.container +22 -0
data/Plugins/Apps/Mastodon/Mastodon-Streaming.container +20 -0
data/Plugins/Apps/Mastodon/Mastodon.conf.erb +34 -45
data/Plugins/Apps/Mastodon/Mastodon.container +28 -0
data/Plugins/Apps/Mastodon/Mastodon.lmm.rb +240 -5
data/Plugins/Apps/Mastodon/configlmm.rake +30 -0
data/Plugins/Apps/Mastodon/entrypoint.sh +16 -0
data/Plugins/Apps/Matrix/Element.container +19 -0
data/Plugins/Apps/Matrix/Matrix.conf.erb +47 -9
data/Plugins/Apps/Matrix/Matrix.lmm.rb +119 -5
data/Plugins/Apps/Matrix/Synapse.container +22 -0
data/Plugins/Apps/Matrix/config.json +50 -0
data/Plugins/Apps/Matrix/homeserver.yaml +70 -0
data/Plugins/Apps/Matrix/log.config +30 -0
data/Plugins/Apps/Netdata/Netdata.conf.erb +0 -3
data/Plugins/Apps/Netdata/Netdata.lmm.rb +0 -1
data/Plugins/Apps/Nextcloud/Nextcloud.conf.erb +3 -4
data/Plugins/Apps/Nextcloud/Nextcloud.lmm.rb +155 -48
data/Plugins/Apps/Nextcloud/autoconfig.php +13 -0
data/Plugins/Apps/Nextcloud/config.php +10 -1
data/Plugins/Apps/Nextcloud/nextcloudcron.service +8 -0
data/Plugins/Apps/Nextcloud/nextcloudcron.timer +10 -0
data/Plugins/Apps/Nginx/Connection.rb +93 -0
data/Plugins/Apps/Nginx/conf.d/configlmm.conf +54 -4
data/Plugins/Apps/Nginx/conf.d/languages.conf +21 -0
data/Plugins/Apps/Nginx/config-lmm/errors.conf +33 -22
data/Plugins/Apps/Nginx/config-lmm/gateway-errors.conf +20 -0
data/Plugins/Apps/Nginx/config-lmm/proxy.conf +6 -2
data/Plugins/Apps/Nginx/main.conf.erb +7 -3
data/Plugins/Apps/Nginx/nginx.conf +2 -2
data/Plugins/Apps/Nginx/nginx.lmm.rb +103 -81
data/Plugins/Apps/Nginx/proxy.conf.erb +24 -6
data/Plugins/Apps/Odoo/Odoo.conf.erb +0 -3
data/Plugins/Apps/Odoo/Odoo.container +7 -1
data/Plugins/Apps/Odoo/Odoo.lmm.rb +4 -5
data/Plugins/Apps/Ollama/Ollama.container +26 -0
data/Plugins/Apps/Ollama/Ollama.lmm.rb +73 -0
data/Plugins/Apps/OpenTelemetry/Config/config.yaml +704 -0
data/Plugins/Apps/OpenTelemetry/OpenTelemetry.lmm.rb +154 -0
data/Plugins/Apps/OpenVidu/Ingress.container +23 -0
data/Plugins/Apps/{GitLab/GitLab.conf.erb → OpenVidu/OpenVidu.conf.erb} +8 -3
data/Plugins/Apps/OpenVidu/OpenVidu.container +21 -0
data/Plugins/Apps/OpenVidu/OpenVidu.lmm.rb +94 -0
data/Plugins/Apps/OpenVidu/OpenViduCall.conf.erb +32 -0
data/Plugins/Apps/OpenVidu/OpenViduCall.container +20 -0
data/Plugins/Apps/OpenVidu/ingress.yaml +10 -0
data/Plugins/Apps/OpenVidu/livekit.yaml +13 -0
data/Plugins/Apps/PHP-FPM/Connection.rb +91 -0
data/Plugins/Apps/PHP-FPM/PHP-FPM.lmm.rb +31 -4
data/Plugins/Apps/Peppermint/Peppermint.conf.erb +2 -9
data/Plugins/Apps/Peppermint/Peppermint.container +7 -1
data/Plugins/Apps/Peppermint/Peppermint.lmm.rb +29 -33
data/Plugins/Apps/Perplexica/Perplexica.container +25 -0
data/Plugins/Apps/Perplexica/Perplexica.lmm.rb +92 -0
data/Plugins/Apps/Perplexica/config.toml +26 -0
data/Plugins/Apps/Podman/Connection.rb +24 -0
data/Plugins/Apps/Podman/Podman.lmm.rb +80 -0
data/Plugins/Apps/Podman/storage.conf +6 -0
data/Plugins/Apps/Postfix/Postfix.lmm.rb +249 -145
data/Plugins/Apps/PostgreSQL/Connection.rb +97 -0
data/Plugins/Apps/PostgreSQL/PostgreSQL.lmm.rb +204 -99
data/Plugins/Apps/Pterodactyl/Pterodactyl.conf.erb +0 -3
data/Plugins/Apps/Pterodactyl/Pterodactyl.lmm.rb +0 -2
data/Plugins/Apps/Pterodactyl/Wings.conf.erb +0 -3
data/Plugins/Apps/RVM/RVM.lmm.rb +57 -0
data/Plugins/Apps/Roundcube/Roundcube.conf.erb +72 -0
data/Plugins/Apps/Roundcube/Roundcube.lmm.rb +141 -0
data/Plugins/Apps/SSH/SSH.lmm.rb +9 -15
data/Plugins/Apps/SearXNG/SearXNG.container +22 -0
data/Plugins/Apps/SearXNG/SearXNG.lmm.rb +79 -0
data/Plugins/Apps/SearXNG/limiter.toml +40 -0
data/Plugins/Apps/SearXNG/settings.yml +2 -0
data/Plugins/Apps/SigNoz/Config/alerts.yml +11 -0
data/Plugins/Apps/SigNoz/Config/otel-collector-config.yaml +110 -0
data/Plugins/Apps/SigNoz/Config/otel-collector-opamp-config.yaml +1 -0
data/Plugins/Apps/SigNoz/Config/prometheus.yml +18 -0
data/Plugins/Apps/SigNoz/SigNoz-Collector.container +23 -0
data/Plugins/Apps/SigNoz/SigNoz-Migrator.container +17 -0
data/Plugins/Apps/SigNoz/SigNoz.conf.erb +61 -0
data/Plugins/Apps/SigNoz/SigNoz.container +26 -0
data/Plugins/Apps/SigNoz/SigNoz.lmm.rb +319 -0
data/Plugins/Apps/Solr/log4j2.xml +89 -0
data/Plugins/Apps/Solr/solr.lmm.rb +82 -0
data/Plugins/Apps/Sunshine/Sunshine.conf.erb +0 -3
data/Plugins/Apps/Sunshine/Sunshine.lmm.rb +0 -1
data/Plugins/Apps/Tunnel/tunnel.lmm.rb +59 -0
data/Plugins/Apps/Tunnel/tunnelTCP.service +9 -0
data/Plugins/Apps/Tunnel/tunnelTCP.socket +9 -0
data/Plugins/Apps/Tunnel/tunnelUDP.service +9 -0
data/Plugins/Apps/Tunnel/tunnelUDP.socket +9 -0
data/Plugins/Apps/UVdesk/UVdesk.conf.erb +0 -3
data/Plugins/Apps/Umami/Umami.container +19 -0
data/Plugins/Apps/Umami/Umami.lmm.rb +108 -0
data/Plugins/Apps/Valkey/Valkey.lmm.rb +64 -20
data/Plugins/Apps/Vaultwarden/Vaultwarden.conf.erb +9 -6
data/Plugins/Apps/Vaultwarden/Vaultwarden.container +7 -1
data/Plugins/Apps/Vaultwarden/Vaultwarden.lmm.rb +67 -28
data/Plugins/Apps/Wiki.js/Wiki.js.conf.erb +39 -0
data/Plugins/Apps/Wiki.js/Wiki.js.container +20 -0
data/Plugins/Apps/Wiki.js/Wiki.js.lmm.rb +55 -0
data/Plugins/Apps/YaCy/YaCy.conf.erb +93 -0
data/Plugins/Apps/YaCy/YaCy.container +21 -0
data/Plugins/Apps/YaCy/YaCy.lmm.rb +160 -0
data/Plugins/Apps/ZooKeeper/ZooKeeper.container +24 -0
data/Plugins/Apps/ZooKeeper/ZooKeeper.lmm.rb +68 -0
data/Plugins/Apps/bitmagnet/bitmagnet.conf.erb +0 -3
data/Plugins/Apps/bitmagnet/bitmagnet.lmm.rb +0 -1
data/Plugins/Apps/gollum/gollum.conf.erb +40 -4
data/Plugins/Apps/gollum/gollum.container +10 -1
data/Plugins/Apps/gollum/gollum.lmm.rb +56 -47
data/Plugins/Apps/llama.cpp/llama.cpp.container +28 -0
data/Plugins/Apps/llama.cpp/llama.cpp.lmm.rb +90 -0
data/Plugins/Apps/vLLM/vLLM.container +32 -0
data/Plugins/Apps/vLLM/vLLM.lmm.rb +89 -0
data/Plugins/OS/General/Utils.lmm.rb +26 -0
data/Plugins/OS/Linux/Connection.rb +472 -0
data/Plugins/OS/Linux/Debian/preseed.cfg.erb +81 -0
data/Plugins/OS/Linux/Distributions.yaml +32 -0
data/Plugins/OS/Linux/Flavours.yaml +24 -0
data/Plugins/OS/Linux/Grub/grub.cfg +10 -0
data/Plugins/OS/Linux/HTTP.rb +32 -0
data/Plugins/OS/Linux/Linux.lmm.rb +708 -174
data/Plugins/OS/Linux/Packages.yaml +67 -3
data/Plugins/OS/Linux/Proxmox/answer.toml.erb +30 -0
data/Plugins/OS/Linux/Services.yaml +8 -0
data/Plugins/OS/Linux/Shell.rb +70 -0
data/Plugins/OS/Linux/Syslinux/default +8 -0
data/Plugins/OS/Linux/WireGuard/WireGuard.lmm.rb +93 -40
data/Plugins/OS/Linux/WireGuard/wg0.conf.erb +3 -0
data/Plugins/OS/Linux/openSUSE/autoinst.xml.erb +29 -3
data/Plugins/OS/Linux/systemd/systemd.lmm.rb +13 -11
data/Plugins/OS/Routers/Aruba/ArubaInstant.lmm.rb +6 -5
data/Plugins/Platforms/GitHub.lmm.rb +73 -28
data/Plugins/Platforms/GoDaddy/GoDaddy.lmm.rb +10 -7
data/Plugins/Platforms/Proxmox/Proxmox.lmm.rb +402 -0
data/Plugins/Platforms/Proxmox/XTerm.rb +321 -0
data/Plugins/Platforms/libvirt/libvirt.lmm.rb +41 -15
data/Plugins/Platforms/porkbun.lmm.rb +12 -2
data/Plugins/Platforms/porkbun_spec.rb +2 -2
data/Plugins/Services/DNS/AmberBit.lmm.rb +1 -1
data/Plugins/Services/DNS/ArubaItDNS.lmm.rb +1 -1
data/Plugins/Services/DNS/NICLV.lmm.rb +1 -1
data/Plugins/Services/DNS/PowerDNS.lmm.rb +130 -41
data/Plugins/Services/DNS/tonic.lmm.rb +22 -12
data/bootstrap.sh +41 -3
data/lib/ConfigLMM/Framework/plugins/dns.rb +4 -3
data/lib/ConfigLMM/Framework/plugins/linuxApp.rb +187 -144
data/lib/ConfigLMM/Framework/plugins/nginxApp.rb +54 -6
data/lib/ConfigLMM/Framework/plugins/plugin.rb +68 -140
data/lib/ConfigLMM/Framework/plugins/store.rb +4 -4
data/lib/ConfigLMM/Framework/variables.rb +75 -0
data/lib/ConfigLMM/Framework.rb +1 -0
data/lib/ConfigLMM/cli.rb +13 -5
data/lib/ConfigLMM/commands/cleanup.rb +1 -0
data/lib/ConfigLMM/commands/configsCommand.rb +38 -5
data/lib/ConfigLMM/commands/diff.rb +33 -9
data/lib/ConfigLMM/context.rb +22 -3
data/lib/ConfigLMM/io/configList.rb +85 -7
data/lib/ConfigLMM/io/connection.rb +143 -0
data/lib/ConfigLMM/io/dhcp.rb +330 -0
data/lib/ConfigLMM/io/http.rb +78 -0
data/lib/ConfigLMM/io/local.rb +207 -0
data/lib/ConfigLMM/io/pxe.rb +92 -0
data/lib/ConfigLMM/io/ssh.rb +156 -0
data/lib/ConfigLMM/io/tftp.rb +105 -0
data/lib/ConfigLMM/io.rb +2 -0
data/lib/ConfigLMM/secrets/envStore.rb +39 -0
data/lib/ConfigLMM/secrets/fileStore.rb +43 -0
data/lib/ConfigLMM/state.rb +12 -3
data/lib/ConfigLMM/version.rb +2 -1
data/lib/ConfigLMM.rb +1 -0
data/{Examples → scripts}/configlmmAuth.sh +7 -5
metadata +257 -9

data/Plugins/Platforms/GitHub.lmm.rb CHANGED Viewed

@@ -5,53 +5,98 @@ module ConfigLMM
     module LMM
         class GitHub < Framework::Plugin
-            def actionGitHubOrganizationRefresh(id, target, activeState, context, options)
-                client = Octokit::Client.new(:access_token => ENV['GITHUB_TOKEN'])
-                orgs = client.organizations.select { |org| org[:login] == target['Name'] }
-                if orgs.empty?
-                    prompt.say("Didn\'t find organization with name #{target['Name']}")
-                    prompt.say('You need to create it manually - https://github.com/organizations/plan')
-                    raise Framework::PluginPrerequisite.new('Organization must exist!')
+            def actionGitHubRefresh(id, target, activeState, context, options)
+                if !target['Organizations'].to_h.empty?
+                    activeState['Organizations'] = {}
+                    target['Organizations'].each do |name, organization|
+                        organizationRefresh(name, target, activeState, context, options)
+                    end
                 end
+            end
-                raise "This shouldn't happen!" if orgs.length != 1
-                activeState.clear
+            def actionGitHubDiff(id, target, activeState, context, options)
+                state = prepareState(target, activeState)
+                shouldMatch(id, state, 'Organizations', target, 'Organizations')
+            end
-                orgs.first.each do |name, value|
-                    activeState[name.to_s] = value
+            def actionGitHubDeploy(id, target, activeState, context, options)
+                actionGitHubDiff(id, target, activeState, context, options)
+                diff.each do |name, states|
+                    # TODO FIXME
                 end
             end
-            def actionGitHubOrganizationDiff(id, target, activeState, context, options)
-                shouldMatch(id, 'Name', 'login', target, activeState)
-                shouldMatch(id, 'Description', 'description', target, activeState)
+            def prepareState(target, activeState)
+                state = activeState.dup
+                state['Organizations'] ||= {}
+                state['Organizations'].each do |name, data|
+                    #state['Organizations'][name]['Name'] = state['Organizations'][name].delete('Login')
+                    state['Organizations'][name]['Description'] = state['Organizations'][name].delete('description')
+                end
+                state
             end
-            def actionGitHubOrganizationDeploy(id, target, activeState, context, options)
-                actionGitHubOrganizationDiff(id, target, activeState, context, options)
-                diff.each do |name, states|
-                    if name == 'Name'
-                        # TODO
-                    elsif name == 'Description'
-                        # TODO
+            def organizationRefresh(name, target, activeState, context, options)
+                authToken = context.secrets.load(target['SecretId'], 'TOKEN')
+                authToken = context.secrets.load('GITHUB', 'TOKEN') if authToken.nil?
+                client = Octokit::Client.new(:access_token => authToken)
+                allOrgs = client.organizations
+                if allOrgs.empty?
+                    # Fine-grained access token never returns any orgs
+                    org = client.organization(name)
+                else
+                    orgs = allOrgs.select { |org| org[:login] == name }
+                    if orgs.empty?
+                        prompt.say("Didn\'t find organization with name #{name}")
+                        prompt.say('You need to create it manually - https://github.com/organizations/plan')
+                        raise Framework::PluginPrerequisite.new('Organization must exist!')
                     end
+                    org = orgs.first
+                end
+                activeState['Organizations'][org.login] ||= {}
+                org.each do |name, value|
+                    data = value
+                    data = value.to_h if value && value.respond_to?(:to_h)
+                    data = value.to_s if value.is_a?(Time)
+                    activeState['Organizations'][org.login][name.to_s] = data
                 end
-                # TODO FIXME
-                raise 'Not implemented!'
             end
             def authenticate(actionMethod, target, activeState, context, options)
-                authToken = ENV['GITHUB_TOKEN']
+                authToken = context.secrets.load(target['SecretId'], 'TOKEN')
+                authToken = context.secrets.load('GITHUB', 'TOKEN') if authToken.nil?
                 if authToken.to_s.empty?
                     prompt.say('Open https://github.com/settings/tokens and create a token!')
-                    prompt.say('Then set it\'s value to GITHUB_TOKEN as Environment Variable')
-                    raise Framework::PluginPrerequisite.new('Need GITHUB_TOKEN!')
+                    prompt.say("Then set it\'s value in #{target['SecretId']}_TOKEN")
+                    raise Framework::PluginPrerequisite.new('Need GitHub token!')
                 end
                 true
             end
+            def self.getReleases(repoId, logger, context, options)
+                response = HTTP.get("https://api.github.com/repos/#{repoId}/releases")
+                if response.status.success?
+                    releases = response.parse
+                    releases.reject! { |release| release['draft'] || release['prerelease'] }
+                    return releases
+                end
+                logger.error("Failed to load GitHub release for #{repoId}")
+                raise response
+            end
+            def self.getReleaseAsset(name, releases)
+                pattern = name.gsub('.', '\\.').gsub('*', '.*')
+                releases.each do |release|
+                    release['assets'].each do |asset|
+                        return asset if asset['name'].match?(pattern)
+                    end
+                end
+                raise "Couldn't find GitHub asset #{name}!"
+            end
         end
     end
 end

data/Plugins/Platforms/GoDaddy/GoDaddy.lmm.rb CHANGED Viewed

@@ -21,10 +21,10 @@ module ConfigLMM
                 template = ERB.new(File.read(__dir__ + '/zone.txt.erb'))
-                target['DNS'].each do |domain, data|
+                target['DNS'].to_h.each do |domain, data|
                     config = { 'Domain' => domain, 'Records' => '' }
                     data.each do |name, data|
-                        self.processDNS(domain, data).each do |type, records|
+                        self.processDNS(domain, data, context).each do |type, records|
                             records.each do |record|
                                 shortName = Addressable::IDNA.to_ascii(name) + '.' if type == 'CNAME' || type == 'ALIAS'
                                 if record[:type] == 'MX'
@@ -42,7 +42,9 @@ module ConfigLMM
             def actionGoDaddyDNSRefresh(id, target, activeState, context, options)
                 if USE_API
-                    http = HTTP.auth("sso-key #{ENV['GODADDY_SECRET']}")
+                    authSecret = context.secrets.load(target['SecretId'], 'SECRET')
+                    authSecret = context.secrets.load('GODADDY', 'SECRET') if authSecret.nil?
+                    http = HTTP.auth("sso-key #{authSecret}")
                     apiDomain = (options['dry'] || target['Test']) ? TEST_API_DOMAIN : API_DOMAIN
                     target['DNS'].each do |domain, records|
@@ -65,7 +67,7 @@ module ConfigLMM
                 if USE_API
                     # TODO
                 else
-                    showManualDNSSteps(target, "Click on DNS tab and either import generated Zone file or add these records:") do |domain|
+                    showManualDNSSteps(target, "Click on DNS tab and either import generated Zone file or add these records:", context) do |domain|
                         prompt.say("Open https://dcc.godaddy.com/control/portfolio/#{domain}/settings", :color => :magenta)
                     end
                 end
@@ -73,11 +75,12 @@ module ConfigLMM
             def authenticate(actionMethod, target, activeState, context, options)
                 if USE_API
-                    authSecret = ENV['GODADDY_SECRET']
+                    authSecret = context.secrets.load(target['SecretId'], 'SECRET')
+                    authSecret = context.secrets.load('GODADDY', 'SECRET') if authSecret.nil?
                     if authSecret.to_s.empty?
                         prompt.say('Open https://developer.godaddy.com/keys and create API Key!')
-                        prompt.say('Then set "KEY:SECRET" to GODADDY_SECRET as Environment Variable')
-                        raise Framework::PluginPrerequisite.new('Need GODADDY_SECRET')
+                        prompt.say("Then set \"KEY:SECRET\" in #{target['SecretId']}_SECRET")
+                        raise Framework::PluginPrerequisite.new('Need GoDaddy secret!')
                     end
                 end
                 true

data/Plugins/Platforms/Proxmox/Proxmox.lmm.rb ADDED Viewed

@@ -0,0 +1,402 @@
+require_relative 'XTerm'
+require 'fog/proxmox'
+require 'cgi'
+require 'addressable/uri'
+module ConfigLMM
+    module LMM
+        class Proxmox < Framework::Plugin
+            def self.buildURI(uri)
+                uri = uri.dup
+                uri.scheme = 'https'
+                uri.host = Addressable::IDNA.to_ascii(uri.host)
+                uri.port = 8006 if uri.port.nil?
+                uri.path = '/api2/json' if uri.path.to_s.empty? || uri.path == '/'
+                uri.query = nil
+                uri
+            end
+            def self.getAuthParams(uri, context)
+                uri = Addressable::URI.parse(uri) if uri.is_a?(String)
+                raise 'Invalid Proxmox URL!' unless uri.scheme == 'proxmox'
+                connectionOptions = { }
+                parsedQuery = CGI.parse(uri.query)
+                if parsedQuery['insecure']
+                    connectionOptions[:ssl_verify_peer] = false
+                end
+                secretId = parsedQuery['proxmoxSecretId'].to_a.first || 'PROXMOX'
+                uri = self.buildURI(uri)
+                proxmoxUsername = context.secrets.load(secretId, 'PROXMOX_USER')
+                proxmoxPassword = context.secrets.load(secretId, 'PROXMOX_PASSWORD')
+                if !proxmoxPassword
+                    proxmoxUsername = 'root@pam'
+                    proxmoxPassword = context.secrets.load(secretId, 'ROOT_PASSWORD')
+                end
+                raise 'Missing Proxmox password!' unless proxmoxPassword
+                authParams = {
+                    proxmox_url: uri.to_s,
+                    connection_options: connectionOptions,
+                    proxmox_auth_method: 'access_ticket',
+                    proxmox_username: proxmoxUsername,
+                    proxmox_password: proxmoxPassword
+                }
+                authParams
+            end
+            def self.getNode(authParams)
+                # For some reason Proxmox doesn't handle SSL shutdown correctly so we use this workaround
+                OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] |= OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF
+                compute = Fog::Compute.new(provider: :proxmox, **authParams)
+                node = compute.nodes.find { |node| node.node == 'pve' }
+                raise 'Couldn\'t find pve node!' unless node
+                [node, compute]
+            ensure
+                OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] &= ~OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF
+            end
+            def actionProxmoxDeploy(id, target, activeState, context, options)
+                authParams = self.class.getAuthParams(target['Location'], context)
+                OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] |= OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF
+                if !target['Storage'].to_h.empty?
+                    storage = Fog::Storage.new(provider: :proxmox, **authParams)
+                    all = storage.list
+                    target['Storage'].each do |name, data|
+                        if all.none? { |entry| entry['storage'] == name }
+                            storage.create({ 'storage' => name, **data })
+                        end
+                    end
+                end
+            ensure
+                OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] &= ~OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF
+            end
+            def createVM(serverName, serverInfo, targetUri, iso, activeState, context)
+                authParams = self.class.getAuthParams(targetUri, context)
+                node, compute = self.class.getNode(authParams)
+                OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] |= OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF
+                server = node.servers.find { |server| server.name == serverName }
+                if server
+                    if server.status != 'running'
+                        server.action('start')
+                        server.wait_for { server.ready? }
+                    end
+                    return false
+                end
+                isoStorages = node.storages.list_by_content_type('iso')
+                isoStorageName = isoStorages.first.storage
+                storage = Fog::Storage.new(provider: :proxmox, **authParams)
+                file = File.open(iso, 'rb')
+                filename = File.basename(iso)
+                storage.upload({
+                                   node: node.node,
+                                   storage: isoStorageName
+                               },
+                               {
+                                   content: 'iso',
+                                   file: file,
+                                   filename: filename
+                               }
+                )
+                settings = {
+                    vmid: node.servers.next_id,
+                    name: serverName,
+                    bios: 'ovmf',
+                    boot: 'order=virtio0;scsi0;net0',
+                    cpu: 'cputype=host',
+                    machine: 'q35',
+                    onboot: 1,
+                    ostype: 'l26',
+                    scsi0: "#{isoStorageName}:iso/#{filename},media=cdrom",
+                    scsihw: 'virtio-scsi-pci',
+                    serial0: 'socket',
+                    vga: 'qxl'
+                }
+                if serverInfo['CPU']
+                    settings[:cores] = serverInfo['CPU']
+                end
+                if serverInfo['RAM']
+                    settings[:memory] = Filesize.from(serverInfo['RAM']).to_f('MiB').to_i
+                end
+                if serverInfo['NIC']
+                    nics = serverInfo['NIC']
+                    nics = [nics] unless nics.is_a?(Array)
+                    nics.each_with_index do |nic, i|
+                        nic.transform_keys!(&:downcase)
+                        nic['model'] = 'virtio' unless nic['model']
+                        if nic['mac']
+                            nic['macaddr'] = nic['mac']
+                            nic.delete('mac')
+                        end
+                        if nic['vlan']
+                            nic['tag'] = nic['vlan']
+                            nic.delete('vlan')
+                        end
+                        settings["net#{i}"] = nic.map { |name_value| name_value.join('=') }.join(',')
+                    end
+                elsif serverInfo['NetworkBridge']
+                    settings['net0'] = "virtio,bridge=#{serverInfo['NetworkBridge']}"
+                end
+                server = node.servers.create(settings)
+                imageStorages = node.storages.list_by_content_type('images')
+                imageStorageName = imageStorages.first.storage
+                efidisk = { id: 'efidisk0', storage: imageStorageName, size: '528' }
+                server.attach(efidisk, { efitype: '4m', 'pre-enrolled-keys': 1 })
+                if serverInfo['Storage']
+                    disk = { id: 'virtio0', storage: imageStorageName, size: Filesize.from(serverInfo['Storage']).to_f('GiB').to_i }
+                    server.attach(disk, { replicate: 0 })
+                end
+                if server.status != 'running'
+                    server.action('start')
+                    server.wait_for { server.ready? }
+                end
+                true
+            ensure
+                OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] &= ~OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF
+            end
+            def createContainer(serverInfo, targetUri, flavourInfo, activeState, context)
+                authParams = self.class.getAuthParams(targetUri, context)
+                node, compute = self.class.getNode(authParams)
+                OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] |= OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF
+                serverInfo['Domain'] = serverInfo['Name'] unless serverInfo['Domain']
+                container = node.containers.find { |container| container.name == Addressable::IDNA.to_ascii(serverInfo['Domain']) }
+                if container
+                    if container.status != 'running'
+                        container.action('start')
+                        container.wait_for { container.ready? }
+                    end
+                    return false
+                end
+                raise Framework::PluginProcessError.new("Don't have LXC template!") unless flavourInfo['LXC']
+                storage = Fog::Storage.new(provider: :proxmox, **authParams)
+                appliances = storage.list_appliances({ node: node.node })
+                appliance = appliances.find { |appliance| appliance['package'] == flavourInfo['LXC'] }
+                raise "Couldn't find LXC template #{flavourInfo['LXC']}" unless appliance
+                templateStorages = node.storages.list_by_content_type('vztmpl')
+                templateStorageName = templateStorages.first.storage
+                storage.download_appliance({ node: node.node }, { storage: templateStorageName, template: appliance['template'] })
+                settings = {
+                    vmid: node.servers.next_id,
+                    ostemplate: "#{templateStorageName}:vztmpl/#{appliance['template']}",
+                    onboot: 1,
+                    unprivileged: 1
+                }
+                if serverInfo['CPU']
+                    settings[:cores] = serverInfo['CPU']
+                end
+                if serverInfo['RAM']
+                    settings[:memory] = Filesize.from(serverInfo['RAM'].to_s).to_f('MiB').to_i
+                end
+                if serverInfo['Swap']
+                    settings[:swap] = Filesize.from(serverInfo['Swap'].to_s).to_f('MiB').to_i
+                end
+                if serverInfo['Storage']
+                    storagePool = serverInfo['StoragePool']
+                    if !storagePool
+                        storages = node.storages.list_by_content_type('rootdir')
+                        storagePool = storages.first.storage
+                    end
+                    settings[:rootfs] = storagePool + ':' + Filesize.from(serverInfo['Storage'].to_s).to_f('GiB').to_i.to_s
+                end
+                if serverInfo['Domain']
+                    settings[:hostname] = Addressable::IDNA.to_ascii(serverInfo['Domain'])
+                end
+                if serverInfo['Network'].is_a?(Hash) && serverInfo['Network']['DNS']
+                    settings[:nameserver] = serverInfo['Network']['DNS']
+                end
+                if serverInfo['NIC']
+                    nics = serverInfo['NIC']
+                    nics = [nics] unless nics.is_a?(Array)
+                    nics.each_with_index do |nic, i|
+                        nic.transform_keys!(&:downcase)
+                        nic['name'] = "eth#{i}" unless nic['name']
+                        if nic['mac']
+                            nic['hwaddr'] = nic['mac']
+                            nic.delete('mac')
+                        end
+                        if nic['vlan']
+                            nic['tag'] = nic['vlan']
+                            nic.delete('vlan')
+                        end
+                        nic[:ip] = 'dhcp'
+                        if serverInfo['Network'].is_a?(Hash)
+                            if nic['name'] == 'eth0'
+                                if serverInfo['Network'].key?('IP')
+                                    nic[:ip] = serverInfo['Network']['IP']
+                                end
+                                if serverInfo['Network'].key?('Gateway')
+                                    nic[:gw] = serverInfo['Network']['Gateway']
+                                end
+                            else
+                                interface = serverInfo['Network']['Interfaces'][nic['name']]
+                                nic[:ip] = interface['IP'] if interface
+                            end
+                        end
+                        settings["net#{i}"] = nic.map { |name_value| name_value.join('=') }.join(',')
+                    end
+                elsif serverInfo['NetworkBridge']
+                    nic = {
+                        name: 'eth0',
+                        bridge: serverInfo['NetworkBridge'],
+                        ip: 'dhcp'
+                    }
+                    if serverInfo['Network'].is_a?(Hash)
+                        if serverInfo['Network'].key?('IP')
+                            nic[:ip] = serverInfo['Network']['IP']
+                        end
+                        if serverInfo['Network'].key?('Gateway')
+                            nic[:gw] = serverInfo['Network']['Gateway']
+                        end
+                    end
+                    settings['net0'] = nic.map { |name_value| name_value.join('=') }.join(',')
+                end
+                if flavourInfo['Type']
+                    settings[:ostype] = flavourInfo['Type']
+                end
+                if serverInfo['Users']['root'].key?('Password')
+                    settings[:password] = serverInfo['Users']['root']['Password']
+                end
+                if !serverInfo['Users']['root']['AuthorizedKeys'].to_a.empty?
+                    settings['ssh-public-keys'] = serverInfo['Users']['root']['AuthorizedKeys'].join("\n")
+                end
+                if serverInfo['Features']
+                    settings[:features] = serverInfo['Features'].map { |feature| "#{feature}=1" }.join(',')
+                end
+                container = node.containers.create(settings)
+                if serverInfo['LXC'].is_a?(Array)
+                    self.addLXCOptions(serverInfo, targetUri, compute, node.node, container.vmid, context)
+                end
+                # TODO - Need to be readable/executable by everyone. Otherwise some things will break inside container like `su`
+                # if storageIsSubvolume
+                #    proxmoxServer.exec("chmod +rx #{storagePath}/images/$ID/subvol-$ID-disk-0.subvol")
+                #end
+                if container.status != 'running'
+                    container.action('start')
+                    container.wait_for { container.ready? }
+                end
+                true
+            ensure
+                OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] &= ~OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF
+            end
+            def addLXCOptions(serverInfo, uri, compute, node, vmid, context)
+                options = serverInfo['LXC'].map { |option| 'lxc.' + option.map { |name, value| "#{name}: #{value}" }.first }.join("\n")
+                uri = Addressable::URI.parse(uri) if uri.is_a?(String)
+                self.class.xtermTunnel(uri, serverInfo, compute, node, nil, nil, context, prompt, logger) do |xterm|
+                    connection = IO::Connection.new(:Proxmox, xterm, prompt, logger)
+                    connection.exec("echo \"#{options}\" >> /etc/pve/lxc/#{vmid}.conf")
+                end
+            end
+            def self.withXTerm(targetUri, target, context, prompt, logger, &block)
+                targetUri.scheme = 'proxmox'
+                authParams = getAuthParams(targetUri, context)
+                node, compute = getNode(authParams)
+                name = nil
+                name = CGI.parse(targetUri.query)['name'] if targetUri.query
+                name = name.first if name
+                lxc = target['LXC']
+                if targetUri.query
+                    parsedQuery = CGI.parse(targetUri.query)
+                    name = parsedQuery['name']
+                    name = name.first if name
+                    lxc = true if parsedQuery['lxc'] && lxc.nil?
+                end
+                OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] |= OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF
+                if lxc
+                    unless name
+                        name = target['Name']
+                        name = Addressable::IDNA.to_ascii(target['Domain']) if target['Domain']
+                    end
+                    server = node.containers.find { |container| container.name == name }
+                    type = 'lxc'
+                else
+                    name = target['Name'] unless name
+                    server = node.servers.find { |server| server.name == name }
+                    type = 'qemu'
+                end
+                raise "Couldn't find server with name #{name}" unless server
+                self.xtermTunnel(targetUri, target, compute, node.node, type, server.vmid, context, prompt, logger, &block)
+            ensure
+                OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] &= ~OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF
+            end
+            def self.xtermTunnel(targetUri, target, compute, node, type, vmid, context, prompt, logger, &block)
+                OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] |= OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF
+                term = compute.create_term({ node: node, type: type, vmid: vmid }, {})
+                parsedQuery = CGI.parse(targetUri.query)
+                insecure = !!parsedQuery['insecure']
+                if target['Type'] == :Linux
+                    username = 'root'
+                    password = target['Users']['root']['Password']
+                else
+                    secretId = parsedQuery['secretId'].to_a.first || target['SecretId']
+                    username = context.secrets.load(secretId, 'ROOT_USER') || 'root'
+                    password = context.secrets.load(secretId, 'ROOT_PASSWORD')
+                end
+                uri = self.buildURI(targetUri)
+                uri.scheme = 'wss'
+                if type.nil? && vmid.nil?
+                    uri.path += "/nodes/#{node}/vncwebsocket"
+                else
+                    uri.path += "/nodes/#{node}/#{type}/#{vmid}/vncwebsocket"
+                end
+                uri.query = URI.encode_www_form({ port: term['port'], vncticket: term['ticket'] })
+                ProxmoxXTerm.tunnel(uri.to_s, insecure, compute.token, term, username, password, prompt, logger, &block)
+            ensure
+                OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] &= ~OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF
+            end
+            def self.getLocation(location)
+                uri = Addressable::URI.parse(location)
+                uri.hostname
+            end
+        end
+    end
+end