appforce-spawn 0.5.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7817cea2096d669789f0d3248310881e250a169b
+  data.tar.gz: c4f73c8a425d966b31f8b05f072ca4de4869ed36
+SHA512:
+  metadata.gz: 3b9040432f79b6d60d1cc5c7054e45f6b517b4831e1a51ac7bfb0b6d600bf03304a438492deee6c020567635725673107a252dd0757633fd0e125b8554e06bc2
+  data.tar.gz: 78d17949f4f5566f765c14d504c5dcb62095734d1e7051b216d726f8a4cc2b6519106aa3760f56c412a72799dcce8fda9c750eb7a190522bf3ba55142f3f08cf

data/.appforce.example

@@ -0,0 +1,4 @@
+---
+api_host: https://afuka.synctree.com
+api_version: api/v1
+api_token: INVALID_TOKEN

data/.gitignore

@@ -0,0 +1,8 @@
+.vagrant
+ansible/tmp
+*.gem
+Gemfile.lock
+.idea/
+coverage/
+tmp/.app*
+tmp/*.rb

data/Gemfile

@@ -0,0 +1,17 @@
+source 'https://rubygems.org'
+gemspec
+
+gem 'rake'
+gem 'httparty'
+gem 'highline'
+
+group :development do
+  gem 'guard'
+  gem 'guard-rspec'
+  gem 'guard-bundler'
+end
+
+group :test do
+  gem 'rspec',    '~> 3.1'
+  gem 'simplecov', require: false
+end

data/History

@@ -0,0 +1,85 @@
+== 0.5.1 2015-06-25
+
+* remove inactive users from groups
+
+== 0.5.0 2015-06-24
+
+* updated to work with new users API
+
+== 0.4.1 2015-06-11
+
+* added version checking
+
+== 0.4.0 2015-06-10
+
+* new scout install procedure for host machines
+* added version print commands
+
+== 0.3.3a
+
+* added external dependencies check before running ansible
+
+== 0.3.2 2015-03-30
+
+* added ability to supply a pem file
+
+== 0.3.1 2015-03-25
+
+* hotfix for ssh
+
+== 0.3.0 2015-03-25
+
+* added client host SSH feature
+* cleaned up presentation
+
+== 0.2.5 2015-03-20
+
+* Added rvm install support
+* added Scout App install support
+
+== 0.2.4 2015-03-17
+
+* Add rspec tests
+* 90% test coverage
+
+== 0.2.3 2015-03-13
+
+* Moved to production API endpoint
+
+== 0.2.2 2015-03-13
+
+* Cleaned up structure of code
+* Added ping helper methods
+* Added Ansible ping command
+* Improved logging and output
+
+== 0.2.1 2015-03-12
+
+* Fixed release timestamp
+
+== 0.2.0 2015-03-12
+
+* Added ansible run commands
+* Restructured commands and messages
+* Improved error messages
+
+== 0.1.2 2015-03-12
+
+* Updated Dependency on httparty
+
+== 0.1.1 2015-03-12
+
+* Updated Dependency on httparty
+* Changed default config location to ~/.appforce
+* Added example config dump option
+* Cleaned up output
+* Moved output to STDERR for messages from the script on API calls that render API output to STDOUT. This should allow for piping of STDOUT from the script without issue.
+
+== 0.1.0 2015-03-11
+
+* Initial POC complete
+* Templating engine in place and functional
+
+== 0.0.1 2015-03-10
+
+* Initial development

data/README.md

@@ -0,0 +1,144 @@
+# appforce-ssh-manager
+Ansible tool to manage the deployment of ssh keys and user profiles to client servers
+
+# gem appforce-spawn
+---
+
+## Installation
+
+The gem is published on [RubyGems.org](https://rubygems.org/gems/appforce-spawn).
+
+```
+$ gem install appforce-spawn
+```
+
+This will install the gem and script.
+
+## Usage
+
+It requires a `.appforce` configuration file in your home directory to operate. Once the gem is installed you can run `appforce-spawn -D` to dump an example config to your home directory (`~/.appforce.example`). This will have all you need, except for your API token. This token can be found by logging into the [API Admin](http://afuka.synctree.com). If you do not have an account on the Admin, please contact [Derek Smith](https://github.com/clok). 
+
+The tool has help information and a list of available action commands. 
+
+```
+$ appforce-spawn -h
+USAGE: appforce-spawn [options]
+    -a, --action [ACTION]            Action to perform. Use '-l' to view all available actions
+    -l, --list_actions               List available Actions
+    -C, --client [CLIENT API NAME]   API Client Name to use for calls
+    -c, --config [PATH]              Optional custom config file
+    -D, --dump-config                Generate a example config template (to ~/.appforce.example)
+    -v, --verbose                    If set, print verbose output
+    -h, --help                       Show help documentation
+```
+
+```
+$ appforce-spawn -l
+ == Available Actions ==
+ clients          # Retrieve a complete list of Clients
+ generate         # Build out the Ansible template for a Client (client API name is required)
+ client:hosts     # Retrieve a Hosts file for a Client (client API name is required)
+ client:users     # Retrieve a Users file for a Client (client API name is required)
+ client:vars      # Retrieve a Vars file for a Client (client API name is required)
+ ping             # Test connection to host and API access
+ ping:host        # Test if API is available
+ ping:api         # Test if you have access to the API
+ spawn            # Run Ansible Playbook to spawn users to Client hosts
+ spawn:command    # Display Ansible command to run Playbook for a Client
+ spawn:ping       # Ansible ping Client hosts in the 'hosts' file
+ spawn:ping:command # Display ansible ping command
+ =========================
+```
+
+## Typical Workflow
+
+- `appforce-spawn -a clients` will return the list of available clients and API names for those clients.
+- `appforce-spawn -a generate -C [Client API Name]` will generate the Ansible template for that client, making directories and downloading files.
+- `cd [Client API Name]` change into the template directory that was just created.
+- `appforce-spawn -a spawn:ping` will test the configuration that was just downloaded as well as connectivity to the Client hosts.
+- `appforce-spawn -a spawn` will run the Ansible Playbook to generate the User Groups, Users and set permissions.
+
+# Testing Locally
+---
+
+## Notes
+
+Helpful [Ansible introduction](http://docs.ansible.com/intro_installation.html)
+
+For Mac use [Homebrew](http://brew.sh/) (brew):
+
+```
+$ brew update
+$ brew install ansible
+```
+
+You will need the [vagrant-triggers](https://github.com/emyl/vagrant-triggers) gem in order to properly teardown the test cluster. Just run the following command to install: `vagrant plugin install vagrant-triggers`
+
+Test structure will be a Single Test VM connecting to a Cluster of Test VMs.
+
+You should add `vagrant/config/users/local.key` to `assume-unchanged` in order to let users add their own ssh keys for inspecting test env. Use the following command:
+
+```
+$ git update-index --assume-unchanged vagrant/config/users/local.key
+```
+
+## How to Run Tests
+
+You will need to have `vagrant`, a VM provider (VirtualBox will do) and `ansible` installed.
+
+1. Ensure you have the required vagrant triggers module installed
+  - `vagrant plugin install vagrant-triggers`
+2. Build Vagrant test cluster. This will take some time.
+  - `cd vagrant/ && vagrant up`
+3. Change dirs to Ansible root and install Ansible RVM role.
+  - `cd ../ansible && ansible-galaxy install rvm_io.rvm1-ruby`
+4. Run the playbook.
+  - `ansible-playbook -i test site.yml --extra-vars="users_file=../vagrant/etc/users.yml"`
+5. Now, go to the vagrant root and ssh to the `nexus` VM
+  - `cd ../vagrant && vagrant ssh nexus`
+6. From here you can `sudo su - [USER]` to the users that were just created (derek, brown, melissa, cage)
+7. Once a new user, ssh to any of the 4 nodes in the cluster. You will need to accept the SSH fingerprint and that's it.
+8. Check the `group` settings by typing `groups`. `synctree-admin` has sudo permissions while `synctree-user` does not.
+
+One command to rule them all after you have installed the plugin, to be run form the project root:
+
+```
+cd vagrant/ && vagrant up && cd ../ansible && ansible-galaxy install rvm_io.rvm1-ruby && ansible-playbook -i test site.yml --extra-vars="ansible_user=ansible users_file=../vagrant/etc/users.yml"
+```
+
+# Developing appforce-spawn gem
+---
+
+```
+$ gem build appforce-spawn.gemspec
+$ gem install appforce-spawn-[version numnber].gem
+```
+
+The version number for the gem is controlled by `lib/appforce/spawn/version.rb`
+
+The list of included files in the gem build is controlled by what files are included in the `git index`. Look at the gemspec file to see the exact command.
+
+The `appforce-spawn` script resides in the `bin/` directory. There is a config file located in home directory of the user (`~/.appforce`) that configures the `appforce-spawn` script.
+
+To test connectivity with the API run:
+
+```
+$ appforce-spawn -a ping
+```
+
+Dependencies
+---
+
+Test:
+
+- Vagrant
+  - [vagrant-triggers](https://github.com/emyl/vagrant-triggers) gem
+- Ansible
+  - :godmode:
+- `httparty`
+
+Production:
+
+- Ansible
+  - :godmode:
+- `httparty`

data/ansible/README.md

@@ -0,0 +1,31 @@
+ansible help
+---
+If the automatic commands fail, you can rerun the ansible playbook with the following command. The `{{ ansible_user }}` value can be found in the `vars.yml` file in this directory.
+
+```
+$ ansible-playbook -i hosts site.yml --extra-vars="ansible_user={{ ansible_user }} users_file=./users.yml"
+```
+
+```
+gem install appforce-spawn
+appforce-spawn -h
+
+BOOYAH!
+```
+
+Then goto http://ec2-52-0-187-33.compute-1.amazonaws.com/admin/admin_users/3 and retrieve you API Token. Here is is aanyways. You just need to create a `.appforce` config file and either have in the root of where you are running the app or pass it in as an option.
+
+Here is what the file will need:
+```
+---
+api_host: http://afuka.synctree.com
+api_version: api/v1
+api_token: YOUR_TOKEN_HERE
+
+```
+
+ansible-galaxy reqs
+---
+```
+ansible-galaxy install rvm_io.rvm1-ruby
+```

data/ansible/common.yml

@@ -0,0 +1,6 @@
+---
+- hosts: cluster
+  remote_user: "{{ ansible_user }}"
+  sudo: yes
+  roles:
+    - common

data/ansible/roles/common/tasks/active_users.yml

@@ -0,0 +1,23 @@
+---
+# This is file that will drive the user generation
+- include_vars: "{{ active_users_file }}"
+
+# Walk the input users_file to create users on the systems
+- name: creating base synctree user
+  user: name=synctree
+        groups=synctree-admin
+        shell=/bin/bash
+        state=present
+
+# Walk the input users_file to create users on the systems
+- name: creating users
+  user: name={{ item.name }}
+        groups={{ item.groups }}
+        shell=/bin/bash
+        state=present
+  with_items: users
+
+# Adding auth keys to users
+- name: adding authorized keys to users
+  authorized_key: user={{ item.name }} key="{{ item.authorized | join ("\n") }}"
+  with_items: users

data/ansible/roles/common/tasks/groups.yml

@@ -0,0 +1,28 @@
+---
+# Create the base st-user group (non-sudo)
+- name: creating synctree user group
+  group: name=synctree-user state=present
+
+# Create the base st-admin group (will have sudo)
+- name: creating synctree admin group
+  group: name=synctree-admin state=present
+
+# Create the base st-admin group (will have sudo)
+- name: creating synctree base user group
+  group: name=synctree-base-user state=present
+
+# This is where we will modify the group sudo perms
+- name: configure synctree-admin group with NOPASSWD sudo rights
+  lineinfile: dest=/etc/sudoers.d/synctree-sudoers owner=root group=root mode=0440
+              line="%synctree-admin ALL=(ALL) NOPASSWD:ALL"
+              state=present
+              create=yes
+              validate='visudo -cf %s'
+
+# This is where we will modify the group sudo perms
+- name: configure synctree-admin group with NOPASSWD sudo rights
+  lineinfile: dest=/etc/sudoers.d/synctree-sudoers owner=root group=root mode=0440
+              line="%synctree-base-user ALL=(ALL) NOPASSWD:ALL"
+              state=present
+              create=yes
+              validate='visudo -cf %s'

data/ansible/roles/common/tasks/inactive_users.yml

@@ -0,0 +1,26 @@
+---
+# This is file that will drive the user generation
+- include_vars: "{{ inactive_users_file }}"
+
+# Removing auth keys from users and users from groups
+- name: Checking if {{ item }} exists
+  action: shell /usr/bin/getent passwd {{ item }} | /usr/bin/wc -l | tr -d ' '
+  register: users_exist
+  with_items: inactive_users
+
+- name: Removing authorized keys from users
+  authorized_key: user={{ item.0 }}
+                  exclusive=yes
+                  key=""
+  when: item.1.stdout != "0"
+  with_together:
+    - inactive_users
+    - users_exist.results
+
+- name: Removing users from groups
+  user: name={{ item.0 }}
+        groups=
+  when: item.1.stdout != "0"
+  with_together:
+    - inactive_users
+    - users_exist.results

data/ansible/roles/common/tasks/main.yml

@@ -0,0 +1,5 @@
+---
+- include: setup.yml
+- include: groups.yml
+- include: active_users.yml
+- include: inactive_users.yml

data/ansible/roles/common/tasks/setup.yml

@@ -0,0 +1,6 @@
+---
+- name: be sure libselinux-python are installed
+  yum:
+    name=libselinux-python
+    state=present
+  when: ansible_os_family == 'RedHat'

data/ansible/roles/scout/tasks/install.yml

@@ -0,0 +1,28 @@
+---
+# Read config vars from host specific files
+- include_vars: "{{ scout_config }}"
+  when: scout_config is defined
+
+- name: modify permissions on synctree rvm install
+  file: path=/home/synctree
+        state=directory
+        recurse=yes
+        mode=0755
+
+- name: installing requirements for RedHat like systems
+  yum:
+    name={{ item }}
+    state=present
+  with_items:
+    - ruby
+    - rubygems
+  when: ansible_os_family == 'RedHat'
+
+
+- name: pulling down install script - /tmp/scout_install.sh
+  get_url: url=https://scoutapp.com/scout_install.sh 
+           dest=/tmp/scout_install.sh
+           mode=0777
+
+- name: running install script - /tmp/scout_install.sh
+  shell: /tmp/scout_install.sh --yes --key {{ account_key }} --ruby-path {{ ruby_path }} --name {{ display_name }} --environment {{ scout_env }}

data/ansible/roles/scout/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+- include: install.yml