ConfigLMM 0.3.0 → 0.5.0

data/Plugins/Services/DNS/PowerDNS.lmm.rb

@@ -4,6 +4,7 @@ require 'uri'
 require 'addressable/uri'
 require 'addressable/idna'
 require 'fog/powerdns'
+require 'http'
 
 module ConfigLMM
     module LMM
@@ -48,11 +49,42 @@ module ConfigLMM
             def actionPowerDNSDeploy(id, target, activeState, context, options)
                 #actionPowerDNSDiff(id, target, activeState, context, options)
 
-                deploySettings(target, options)
-                if target['DNS']
-                    connect(id, target, activeState, context, options) do |host, port, key|
+                deploySettings(target, activeState, context, options)
+                connect(id, target, activeState, context, options) do |host, port, key|
+                    if target['TSIG']
+                        updateTSIG(host, port, key, target, context)
+                    end
+                    if target['DNS']
                         updateDNS(host, port, key, target['DNS'])
                     end
+                    if target['Metadata']
+                        updateMetadata(host, port, key, target['Metadata'])
+                    end
+                end
+            end
+
+            def cleanup(configs, state, context, options)
+                cleanupType(:PowerDNS, configs, state, context, options) do |item, id, state, context, options, connection|
+                    if item['Config']['Deploy']
+                        Linux.withConnection(connection) do |linuxConnection|
+                            linuxConnection.stopService(SERVICE_NAME, options)
+                            linuxConnection.firewallRemoveService('dns', options)
+                            linuxConnection.removePackage(PACKAGE_NAME, options)
+
+                            state.item(id)['Status'] = State::STATUS_DELETED unless options[:dry]
+
+                            if options[:destroy]
+                                item['Config']['Database'] ||= {}
+                                PostgreSQL.withConnection(item['Config']['Database'], linuxConnection) do |connectionDB|
+                                    connectionDB.dropUserAndDB(USER, options)
+                                end
+                                linuxConnection.rm('/etc/pdns', options[:dry])
+                                state.item(id)['Status'] = State::STATUS_DESTROYED unless options[:dry]
+                            end
+                        end
+                    else
+                        # TODO
+                    end
                 end
             end
 
@@ -99,7 +131,9 @@ module ConfigLMM
                     canonicalDomain = domain + '.'
 
                     if !dns.list_zones(server).map { |zone| zone['name'].downcase }.include?(canonicalDomain.downcase)
-                        dns.create_zone(server, canonicalDomain, [], { kind: 'Native' })
+                        dns.create_zone(server, canonicalDomain, [], { kind: 'Native' }.update(info['!'].to_h))
+                    elsif !info['!'].to_h.empty?
+                        dns.update_zone(server, canonicalDomain, { kind: 'Native' }.update(info['!'].to_h))
                     end
 
                     zone = dns.get_zone(server, canonicalDomain)
@@ -107,9 +141,10 @@ module ConfigLMM
                     rrsets = []
                     remove = []
                     info.each do |name, data|
+                        next if name == '!'
                         fullName = Addressable::IDNA.to_ascii(name) + '.' + Addressable::IDNA.to_ascii(domain) + '.'
                         fullName = Addressable::IDNA.to_ascii(domain) + '.' if name == '@'
-                        self.processDNS(domain, data).each do |type, records|
+                        self.processDNS(domain, data, context).each do |type, records|
                             #remove += removeConflicting(zone, fullName, type)
                             rrset = {
                                 name: fullName,
@@ -119,11 +154,20 @@ module ConfigLMM
                                 records: []
                             }
                             records.each do |record|
-                                record[:content] = Addressable::IDNA.to_ascii(record[:content]) + '.' if type == 'CNAME' || type == 'ALIAS'
+                                record[:content] = Addressable::IDNA.to_ascii(record[:content]) + '.' if type == 'CNAME' || type == 'ALIAS' || type == 'NS'
                                 if type == 'MX'
                                     priority, name = record[:content].split(' ')
                                     name = Addressable::IDNA.to_ascii(name) + '.'
                                     record[:content] = [priority, name].join(' ')
+                                elsif type == 'SOA'
+                                    ns, email, serial, refresh, again, expire, ttl = record[:content].split(' ')
+                                    record[:content] = [Addressable::IDNA.to_ascii(ns) + '.',
+                                                        Addressable::IDNA.to_ascii(email) + '.',
+                                                        serial.to_s,
+                                                        refresh.to_s,
+                                                        again.to_s,
+                                                        expire.to_s,
+                                                        ttl.to_s].join(' ')
                                 end
                                 rrset[:records] << { content: record[:content], disabled: false }
                             end
@@ -139,6 +183,42 @@ module ConfigLMM
 
             end
 
+            def updateTSIG(host, port, key, target, context)
+                server = 'localhost'
+                url = "http://#{host}:#{port}/api/v1/servers/#{server}/tsigkeys"
+                headers = { 'X-Api-Key' => key }
+                target['TSIG'].each do |name, info|
+                    data = { name: name, algorithm: info['Algorithm'] }
+                    response = HTTP.headers(headers).post(url, json: data)
+                    if response.status == 201
+                        result = response.parse(:json)
+                        key = result['key']
+                        context.secrets.store(target['SecretId'], "TSIG_#{result['name'].upcase}_KEY", key)
+                        context.secrets.print("TSIG #{result['name']} Key", key)
+                    elsif response.status != 409
+                        prompt.say(response.body.to_s, :color => :red)
+                        raise 'Failed to create TSIG key!'
+                    end
+                end
+            end
+
+            def updateMetadata(host, port, key, targetMetadata)
+                server = 'localhost'
+                headers = { 'X-Api-Key' => key }
+                targetMetadata.each do |zone, info|
+                    info.each do |kind, metadata|
+                        url = "http://#{host}:#{port}/api/v1/servers/#{server}/zones/#{Addressable::IDNA.to_ascii(zone)}/metadata/#{kind}"
+                        metadata = [metadata] unless metadata.is_a?(Array)
+                        data = { kind: kind, metadata: metadata }
+                        response = HTTP.headers(headers).put(url, json: data)
+                        if response.status != 200
+                            prompt.say(response.body.to_s, :color => :red)
+                            raise "Failed to update Metadata for #{zone}!"
+                        end
+                    end
+                end
+            end
+
             def prepareSettings(target)
                 if !target['Settings'].key?('api')
                     target['Settings']['api'] = 'yes'
@@ -154,62 +234,71 @@ module ConfigLMM
                 end
             end
 
-            def deploySettings(target, options)
-                if target['Location']
-                    uri = Addressable::URI.parse(target['Location'])
-                    params = {}
-                    params = CGI.parse(uri.query) if uri.query
-                    if uri.scheme == 'ssh' && !params.key?('host')
-                        self.class.sshStart(uri) do |ssh|
-                            Framework::LinuxApp.ensurePackages([PACKAGE_NAME], ssh)
-                            Framework::LinuxApp.ensureServiceAutoStartOverSSH(SERVICE_NAME, ssh)
+            def deploySettings(target, activeState, context, options)
+                target['Deploy'] = !!target['Settings'] unless target.key?('Deploy')
+                if target['Deploy']
+                    self.withConnection(target['Location'], target) do |connection|
+                        Linux.withConnection(connection) do |linuxConnection|
+                            linuxConnection.ensurePackages([PACKAGE_NAME], options)
+                            linuxConnection.ensureServiceAutoStart(SERVICE_NAME, options)
                             if target['Settings']
                                 prepareSettings(target)
-                                self.class.sshExec!(ssh, "mkdir -p #{CONFIG_DIR}")
-                                self.class.sshExec!(ssh, "sed -i 's|# include-dir=|include-dir=#{CONFIG_DIR}|' /etc/pdns/pdns.conf")
-                                ssh.scp.upload!(options['output'] + CONFIG_DIR + '/configlmm.conf', CONFIG_DIR + '/configlmm.conf')
+                                linuxConnection.createDirs(options, CONFIG_DIR)
+                                linuxConnection.fileReplace('/etc/pdns/pdns.conf', '# include-dir=', "include-dir=#{CONFIG_DIR}", options)
+                                linuxConnection.upload(options['output'] + CONFIG_DIR + '/configlmm.conf', CONFIG_DIR + '/configlmm.conf', options)
                                 apiKeyFile = CONFIG_DIR + '/apiKey.conf'
-                                if !self.class.remoteFilePresent?(apiKeyFile, ssh)
-                                    apiKey = ENV['POWERDNS_API_KEY']
-                                    apiKey = SecureRandom.urlsafe_base64(60) unless apiKey
-                                    self.class.sshExec!(ssh, " echo 'api-key=#{apiKey}' > #{apiKeyFile}")
-                                    self.class.sshExec!(ssh, " chown #{USER}:#{USER} #{apiKeyFile}")
-                                    self.class.sshExec!(ssh, " chmod 400 #{apiKeyFile}")
-                                    prompt.say("PowerDNS API Key: #{apiKey}", )
+                                apiKey = context.secrets.load(target['SecretId'], 'POWERDNS_API_KEY')
+                                if linuxConnection.filePresent?(apiKeyFile, options)
+                                    if !apiKey
+                                        if options['dry']
+                                            linuxConnection.exec("cat #{apiKeyFile} | grep api-key | cut -d '=' -f 2", false, options)
+                                        end
+                                        apiKey = linuxConnection.exec("cat #{apiKeyFile} | grep api-key | cut -d '=' -f 2", false, { **options, 'dry' => false }).strip
+                                        context.secrets.store(target['SecretId'], 'POWERDNS_API_KEY', apiKey)
+                                    end
+                                else
+                                    if !apiKey
+                                        apiKey = SecureRandom.urlsafe_base64(60)
+                                        context.secrets.store(target['SecretId'], 'POWERDNS_API_KEY', apiKey)
+                                        context.secrets.print('PowerDNS API Key', apiKey)
+                                    end
+                                    linuxConnection.fileWrite(apiKeyFile, "api-key=#{apiKey}", options)
+                                    linuxConnection.setUserGroup(apiKeyFile, USER, USER, options)
+                                    linuxConnection.setPrivate(apiKeyFile, options)
+                                end
+                                if !target.key?('Database') || target['Database']
+                                    self.configurePostgreSQL(target['Settings'], linuxConnection, options)
                                 end
-                                self.configurePostgreSQL(target['Settings'], ssh)
                             end
-                            Framework::LinuxApp.startServiceOverSSH(SERVICE_NAME, ssh)
+                            linuxConnection.firewallAddService('dns', options)
+                            linuxConnection.restartService(SERVICE_NAME, options)
                         end
                     end
                 end
             end
 
-            def configurePostgreSQL(settings, ssh)
-                password = SecureRandom.alphanumeric(20)
-                if settings['gpgsql-host'] == 'localhost' || settings['gpgsql-host'].start_with?('/')
-                    PostgreSQL.createUserAndDBOverSSH(USER, password, ssh)
-                    PostgreSQL.importSQL(USER, USER, '/usr/share/doc/packages/pdns/schema.pgsql.sql', ssh)
-                else
-                    self.class.sshStart("ssh://#{settings['gpgsql-host']}/") do |ssh|
-                        PostgreSQL.createUserAndDBOverSSH(USER, password, ssh)
-                        PostgreSQL.importSQL(USER, USER, '/usr/share/doc/packages/pdns/schema.pgsql.sql', ssh)
-                    end
+            def configurePostgreSQL(settings, linuxConnection, options)
+                dbSettings = {}
+                dbSettings['HostName'] = settings['gpgsql-host']
+                dbSettings['HostName'] = 'localhost' if dbSettings['HostName'].start_with?('/')
+                PostgreSQL.withConnection(dbSettings, linuxConnection) do |postgresConnection|
+                    password = SecureRandom.alphanumeric(20)
+                    postgresConnection.createUserAndDB(USER, password, options)
+                    postgresConnection.importSQL(USER, USER, '/usr/share/doc/packages/pdns/schema.pgsql.sql', options)
+                    postgresConnection.updateOwner(USER, USER, options)
                 end
-                password
             end
 
             def connect(id, target, activeState, context, options)
                 host = DEFAULT_HOST
                 port = DEFAULT_PORT
-                key = ENV['POWERDNS_API_KEY']
-                key = target['Key'] if target['Key']
+                key = context.secrets.load(target['SecretId'], 'POWERDNS_API_KEY')
                 raise Framework::PluginProcessError.new('PowerDNS missing API key!') unless key
 
                 sshServer = nil
                 sshUser = nil
                 sshPort = nil
-                sshPassword = ENV['POWERDNS_SSH_PASSWORD']
+                sshPassword = context.secrets.load(target['SecretId'], 'POWERDNS_SSH_PASSWORD')
 
                 if target['Location']
                     uri = Addressable::URI.parse(target['Location'])

data/Plugins/Services/DNS/tonic.lmm.rb

@@ -21,17 +21,26 @@ module ConfigLMM
                 errors
             end
 
+            def getPassword(target, context)
+                tonicPassword = context.secrets.load(target['SecretId'], 'PASSWORD')
+                tonicPassword = context.secrets.load('TONIC', 'PASSWORD') if tonicPassword.nil?
+                raise Framework::PluginProcessError.new('Missing Tonic DNS password!') unless tonicPassword
+                tonicPassword
+            end
+
             def actionTonicDNSRefresh(id, target, activeState, context, options)
                 domain = target['Domain'].split('.').first
                 if domain.empty?
                     raise Framework::PluginProcessError.new('Invalid Domain for ' + id)
                 end
-                activeState['Domain'] = target['Domain']
+
+                tonicPassword = getPassword(target, context)
+
                 response = HTTP.post(EDIT_URL, :form => {
                                             command: 'editdns',
                                             error: 'badpass.htm',
                                             sld: domain,
-                                            password: ENV['TONIC_PASSWORD'],
+                                            password: tonicPassword,
                                             'B1.x' => "40",
                                             'B1.y' => "20"
                                     })
@@ -50,15 +59,15 @@ module ConfigLMM
                         raise Framework::PluginProcessError.new('Unexpected value in response for  ' + id)
                     end
                 else
-                    raise Framework::PluginProcessError.new("Couldn't refresh " + id + "! Invalid TONIC_PASSWORD ?")
+                    raise Framework::PluginProcessError.new("Couldn't refresh " + id + "! Invalid Tonic password?")
                 end
             end
 
             def actionTonicDNSDiff(id, target, activeState, context, options)
-                shouldMatch(id, 'Domain', 'Domain', target, activeState)
+                shouldMatch(id, activeState['Config'], 'Domain', target, 'Domain')
                 nameservers = activeState['Nameservers']&.transform_keys { |ns| Addressable::IDNA.to_unicode(ns) }
                 if target['Nameservers'] != nameservers
-                    @Diff.update({'Nameservers' => [target['Nameservers'], nameservers]})
+                    @Diff.update({'Nameservers' => [nameservers, target['Nameservers']]})
                 end
             end
 
@@ -73,11 +82,13 @@ module ConfigLMM
                 hosts = target['Nameservers'].keys.map { |ns| Addressable::IDNA.to_ascii(ns) }
                 addrs = target['Nameservers'].values
 
+                tonicPassword = getPassword(target, context)
+
                 response = HTTP.post(EDIT_URL, :form => {
                                             command: 'editdns',
                                             error: 'badpass.htm',
                                             sld: domain,
-                                            password: ENV['TONIC_PASSWORD'],
+                                            password: tonicPassword,
                                             'B1.x' => "40",
                                             'B1.y' => "20"
                                     })
@@ -105,18 +116,17 @@ module ConfigLMM
                                            'B1.y': 30
                                         })
 
-                    activeState['Domain'] = target['Domain']
-                    activeState['Nameservers'] = target['Nameservers']
-
                     prompt.say(Nokogiri::HTML(response.to_s).at('//title/text()'))
+                    activeState['Nameservers'] = target['Nameservers']
                 end
             end
 
             def authenticate(actionMethod, target, activeState, context, options)
-                authSecret = ENV['TONIC_PASSWORD']
+                authSecret = context.secrets.load(target['SecretId'], 'PASSWORD')
+                authSecret = context.secrets.load('TONIC', 'PASSWORD') if authSecret.nil?
                 if authSecret.to_s.empty?
-                    prompt.say('Set your Tonic DNS password to TONIC_PASSWORD as Environment Variable')
-                    raise Framework::PluginPrerequisite.new('Need TONIC_PASSWORD')
+                    prompt.say("Set your Tonic DNS password in #{target['SecretId']}_PASSWORD")
+                    raise Framework::PluginPrerequisite.new('Need Tonic DNS password!')
                 end
                 true
             end

data/bootstrap.sh

@@ -10,6 +10,29 @@ function admin {
     fi
 }
 
+if [ "$EUID" -ne "0" ]; then
+    if ! command -v sudo &> /dev/null; then
+        case $distro in
+
+        opensuse-leap)
+            echo "You don't have sudo! Enter root password to install it"
+            su root -c "zypper install --no-confirm sudo"
+            ;;
+
+        arch)
+            echo "You don't have sudo! Enter root password to install it"
+            admin pacman -S --noconfirm --needed sudo
+            ;;
+
+        *)
+            echo "Sudo not found but is needed!" >&2
+            echo "Don't know how to install it for your $distro distribution!" >&2
+            echo "Submit a PR :)" >&2
+            exit 3
+            ;;
+        esac
+    fi
+fi
 
 case $distro in
 
@@ -43,12 +66,27 @@ if [ "$rubyTooOld" -eq "1" ]; then
     echo "Ruby is too old! Will install RVM" >&2
     gpg2 --keyserver hkp://keyserver.ubuntu.com --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB >/dev/null
     curl -sSL https://get.rvm.io | bash -s stable --ruby=3.3.4
-    source /etc/profile.d/rvm.sh
+
+    if [ "$EUID" -eq "0" ]; then
+        source /etc/profile.d/rvm.sh
+    else
+        source ~/.rvm/scripts/rvm
+    fi
 
     if [ "$SHELL" = "/usr/bin/fish" ]; then
-        curl -L --create-dirs -o ~/.config/fish/functions/rvm.fish https://raw.github.com/lunks/fish-nuggets/master/functions/rvm.fish
+        curl -sSL --create-dirs -o ~/.config/fish/functions/rvm.fish https://raw.github.com/lunks/fish-nuggets/master/functions/rvm.fish
+        sed -i "/rvm default/d" ~/.config/fish/config.fish
         echo "rvm default" >> ~/.config/fish/config.fish
     fi
 fi
 
-gem install ConfigLMM
+if [ "$EUID" -eq "0" ]; then
+    # This shouldn't be needed but without it doesn't work
+    export PATH=/usr/local/rvm/gems/ruby-3.3.4/bin:/usr/local/rvm/rubies/ruby-3.3.4/bin:$PATH
+    export GEM_HOME=/usr/local/rvm/gems/ruby-3.3.4
+    export GEM_PATH=/usr/local/rvm/gems/ruby-3.3.4
+fi
+
+bash -lc 'gem install ConfigLMM'
+
+echo "You need to close and reopen your shell" >&2

data/lib/ConfigLMM/Framework/plugins/dns.rb

@@ -8,7 +8,7 @@ module ConfigLMM
         class DNS < Framework::Plugin
             DEFAULT_TTL = 600
 
-            def processDNS(domain, items)
+            def processDNS(domain, items, context)
                 records = {}
 
                 if items.is_a?(Hash)
@@ -25,6 +25,7 @@ module ConfigLMM
                     type, content = item.strip.split('=')
                     content = domain if content == '@'
                     content = self.class.externalIp if content == '@me'
+                    content = Variables.stringEval(content, context)
                     records[type] ||= []
                     records[type] << { type: type, content: content, ttl: DEFAULT_TTL }
                 end
@@ -32,13 +33,13 @@ module ConfigLMM
                 records
             end
 
-            def showManualDNSSteps(target, message)
+            def showManualDNSSteps(target, message, context)
                 if !target['DNS'].to_h.empty?
                     target['DNS'].each do |domain, data|
                         yield(domain)
                         prompt.say(message, :color => :magenta) if message
                         data.each do |name, data|
-                            self.processDNS(domain, data).each do |type, records|
+                            self.processDNS(domain, data, context).each do |type, records|
                                 records.each do |record|
                                     prompt.say("  * Type: #{record[:type]}\n    Name: #{name}\n    Content: #{record[:content]}", :color => :bold)
                                 end