arnold 0.0.1

data/LICENSE

@@ -0,0 +1,21 @@
+Copyright (c) 2013 Puppet Labs, info@puppetlabs.com  
+Copyright (c) 2013 FBL Financial, puppet@fblfinancial.com
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,92 @@
+Introduction
+============
+
+### Arnold: *the provisionator*
+
+This is the start of a Razor provisioning system.
+
+Currently, all it does is provide a web service that will read & write YAML files
+and a few functions to read them and apply classes to a node.
+
+Very soon, I plan to provide Razor functionality to spin up new instances after
+classifying them, and then it will be a simplistic self service provisioner.
+
+Configuration
+=============
+
+* Installing
+    * It's a Puppet module, yo! Copy the `arnold` subdirectory to your modulepath.
+    * Alternately, you can install by hand by running the little installer script.
+* Setup the server
+  1. Classify your server with `arnold::provisionator` and apply.
+  2. Configure by editing `/etc/arnold/config.yaml`
+      * You will probably want to point the `datadir` to wherever you've configured Hiera to use.
+      * You may configure Arnold to reuse Puppet certs if you wish.
+      * If you choose to generate your own SSL certs, drop them in /etc/arnold/certs
+          * `openssl genrsa -out server.key 1024`
+          * `openssl req -new -key server.key -out server.csr`
+          * `openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt`
+  3. Point a web browser at the configured port
+      * Clicky clicky
+      * List nodes, create nodes, modify nodes, etc
+  4. Enable arnold for clients:
+      * In `site.pp` on your master, outside of any node definitions, simply call the `arnold()` function.
+      * Alternately, you can classify your nodes with `arnold`
+        * If you place this class in your default group, it will automatically be applied to all nodes.
+
+Provisioner backend configuration
+=============
+
+Currently only the CloudProvisioner provisioning backend exits. You can enable it by
+adding a stanza like this to your `config.yaml`
+
+    backend:      CloudProvisioner
+    keyfile:      ~/.ssh/private_key.pem
+    enc_password: <password>
+
+If a backend is not configured, Arnold will not perform any provisioning actions.
+It is entirely useful like this, as it will instead only manage the Hiera datafiles.
+
+Limitations
+============
+
+* It does not currently manage parameterized classes.
+* Razor support is not yet included.
+
+Contact
+=======
+
+* Author: Ben Ford
+* Email: ben.ford@puppetlabs.com
+* Twitter: @binford2k
+* IRC (Freenode): binford2k
+
+Credit
+=======
+
+The development of this code was sponsored by FBL Financial.
+
+License
+=======
+
+Copyright (c) 2013 Puppet Labs, info@puppetlabs.com  
+Copyright (c) 2013 FBL Financial, puppet@fblfinancial.com
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/bin/arnold

@@ -0,0 +1,82 @@
+#! /usr/bin/env ruby
+
+require 'fileutils'
+require 'yaml'
+require 'optparse'
+require 'pathname'
+
+require 'arnold/node'
+require 'arnold/node_manager'
+require 'arnold/monkeypatch'
+require 'arnold/controller'
+
+cmdlineopts = {}
+optparse = OptionParser.new { |opts|
+    opts.banner = "Usage : arnold [-c <confdir>] [-d]
+
+        Runs the arnold daemon.
+
+"
+
+    opts.on("-b", "--backend BACKEND", "Choose an alternate provisioning backend.") do |opt|
+        cmdlineopts[:backend] = opt
+    end
+
+    opts.on("-c CONFIG", "--config CONFIG", "Choose an alternate config file. Defaults to /etc/arnold/config.yaml") do |opt|
+        configfile = opt
+    end
+
+    opts.on("-d", "--debug", "Run in the foreground and display debugging messages") do
+        # Separate options so daemonize = false doesn't force debug
+        cmdlineopts[:debug]     = true
+        cmdlineopts[:daemonize] = false
+    end
+
+    opts.separator('')
+
+    opts.on("-h", "--help", "Displays this help") do
+        puts opts
+        exit
+    end
+}
+optparse.parse!
+
+# Load default configuration data, deferring to command line overrides
+configfile ||= '/etc/arnold/config.yaml'
+
+begin
+  $CONFIG = YAML.load_file(configfile)
+  $CONFIG.merge!(cmdlineopts)
+rescue Errno::ENOENT => e
+  puts "Config file doesn't exist; loading defaults! (#{e})" if cmdlineopts[:debug]
+  $CONFIG={}
+end
+
+$CONFIG[:docroot]    ||= File.dirname(__FILE__) + '/../' # well isn't this ugly
+$CONFIG[:backend]    ||= 'Null'
+$CONFIG[:datadir]    ||= '/etc/arnold/data'
+$CONFIG[:sslcert]    ||= '/etc/arnold/certs/server.crt'
+$CONFIG[:sslkey]     ||= '/etc/arnold/certs/server.key'
+$CONFIG[:port]       ||= 9090
+$CONFIG[:enc_server] ||= 'localhost'
+$CONFIG[:enc_port]   ||= 443
+$CONFIG[:enc_user]   ||= 'console'
+
+begin
+  # load up our provisioning backend
+  require "arnold/provisioner/#{$CONFIG[:backend].to_underscore}"
+  $CONFIG[:provisioner] = Arnold::Provisioner::const_get($CONFIG[:backend]).new
+rescue LoadError, NameError => e
+  puts "No such provisioning backend, loading null backend! (#{e})"
+  require 'arnold/provisioner/null'
+  $CONFIG[:provisioner] = Arnold::Provisioner::Null.new
+end
+
+case ARGV[0]
+when 'serve'
+  Arnold::Controller::Web.new
+
+else
+  Arnold::Controller::Cli.new(ARGV)
+
+end

data/doc/certs/README

@@ -0,0 +1 @@
+# Place certificates in this directory

data/doc/certs/server.crt

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICRzCCAbACCQDZGL+AiHPpyjANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJV
+UzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEUMBIGA1UEChML
+UHVwcGV0IExhYnMxCzAJBgNVBAsTAlBTMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcN
+MTIwOTE5MTcxMTQyWhcNMTMwOTE5MTcxMTQyWjBoMQswCQYDVQQGEwJVUzEPMA0G
+A1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEUMBIGA1UEChMLUHVwcGV0
+IExhYnMxCzAJBgNVBAsTAlBTMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZI
+hvcNAQEBBQADgY0AMIGJAoGBAKjECcBJqQx5G479gtFVSF7M9noXEcTG6tV/Z3SW
+h/N5PjZzovcc9tKzCRfeCzVGupkUblkxwhjP+gWSjcPoioIvG1twfQIDuiG6wtH5
+FfS2q8creJZwd9OxGMTb4mkmfaY+88N9vt0a+OyLE6L9Cw6+CoB2XNAwgcNWKdzs
+QzfPAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAbItcPsOqCqktv+TuXrCgiYdmQjEl
+R/xKqDUGSNkkUJCEjmff6VJslPzdteIkv42trJZMbbQY2SR1eylt7/AmLXmSqEJh
+ivnAF3MCAg59RF3P5RoqFmjUJZcsoGZp7v6d5y2/HB712JKmiohIWj82H6iayW+k
+43jfo4DvdfNUL7I=
+-----END CERTIFICATE-----

data/doc/certs/server.key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCoxAnASakMeRuO/YLRVUhezPZ6FxHExurVf2d0lofzeT42c6L3
+HPbSswkX3gs1RrqZFG5ZMcIYz/oFko3D6IqCLxtbcH0CA7ohusLR+RX0tqvHK3iW
+cHfTsRjE2+JpJn2mPvPDfb7dGvjsixOi/QsOvgqAdlzQMIHDVinc7EM3zwIDAQAB
+AoGAWsFJaSFziiSagFOuBLpy96ALL+61/HboFDW2QckthO3/WbLnwTHPPdFPo4kh
+x92oPOfyy35pnYRCNLryB5dG3Al9b6x9G5wx5PqXASShFhgjrUYTA0bPnAeMM7po
+b8x5rMssVhCPYYxmrKVyTEsmzL8EhGcEArEyFfL4JSaEA0ECQQDaMies6EeTeQ3v
+v2hJUiknC4T++RfAubo1/mk4y4U7WUbmLGUXOE6txCbqRMs7HUZrL/kDmxORWudo
+XSevQSPvAkEAxgF2WFMR0C1PpMbKaE8CSQfAOawt9u3eJ+TSRBHa3k+IRb8dg2OQ
+yfbEc1YvUBE3Ycz8eOu5WBzoFLf7uq3KIQJAToNJn4AdcUVX7HL1dZyozjHo805y
+a5jpFlCrUBJ7qHVhe6Vx4r8SIJi6YAXNE0JfemZStidxDRamufj7NKa95QJBALIG
+po0LQzzVQIJ6aYoXX4qh+WbhNAKMI+3iglrJYuv2viNXjgWQA6JSyJaaqrdmg1Df
+qTBfYKmkc9YNBbv2fYECQQDMSMx9gkDu/Rhv8fF8y4gUrVqSh8/aSWqrbaEQwEkp
+MPbCuYg/dh0Epb+btmed5+b3zcQImlPccP0JZGs0nFa4
+-----END RSA PRIVATE KEY-----

data/doc/config.yaml

@@ -0,0 +1,16 @@
+---
+:sslcert:   /etc/arnold/certs/server.crt
+:sslkey:    /etc/arnold/certs/server.key
+:datadir:   /etc/arnold/data
+
+:user:      admin
+:password:  admin
+
+:daemonize: false
+:port:      9090
+
+:classes:
+  apache:      Manage the Apache webserver
+  mysql:       Manage the MySQL database
+  ntp::server: Install the NTP server
+  ntp::client: Install the NTP client and configure the node to query the internal NTP server

data/doc/postjson.rb

@@ -0,0 +1,42 @@
+#! /usr/bin/env ruby
+
+# A quick 'n dirty example of a simple script to exercise Arnold's REST API
+
+require 'net/https'
+require 'rubygems'
+require 'json'
+require 'uri'
+
+user   = 'admin'
+pass   = 'admin'
+server = 'localhost'
+
+def provision()
+  # Call VMware APIs to create a new machine, configure, and boot it.
+  # Return its MAC address.
+  return '00:0C:29:D1:03:A4'
+end
+
+macaddr = provision()
+
+payload = {
+  'macaddr'    => macaddr,
+  'name'       => 'this.is.another.brand.new.system',
+  'parameters' => {
+                    'booga'   => 'wooga',
+                    'fiddle'  => 'faddle',
+                  },
+  'classes'    => [ 'test', 'mysql', 'ntp' ],
+}.to_json
+ 
+uri = URI.parse("https://#{server}:9090/api/v1/create")
+http = Net::HTTP.new(uri.host, uri.port)
+http.use_ssl = true
+http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+request = Net::HTTP::Post.new(uri.request_uri)
+request.add_field('Content-Type', 'application/json')
+request.basic_auth(user, pass)
+request.body = payload
+response = http.request(request)
+puts "Response #{response.code} #{response.message}: #{response.body}"
+

data/lib/arnold/controller.rb

@@ -0,0 +1,6 @@
+module Arnold
+  module Controller
+    autoload :Web, 'arnold/controller/web'
+    autoload :Cli, 'arnold/controller/cli'
+  end
+end

data/lib/arnold/controller/cli.rb

@@ -0,0 +1,65 @@
+require 'arnold/node'
+require 'arnold/node_manager'
+
+module Arnold
+  module Controller
+    class Cli
+
+      def initialize(args)
+        @manager = Arnold::NodeManager.new
+
+        case args[0]
+        when "help"
+          usage
+        when "list"
+          listnodes
+          exit 0
+        when "new"
+          args.shift
+          @data = {}
+          args.each do |arg|
+            name, value = arg.split("=")
+            @data[name] = value
+          end
+
+          begin
+            node = Arnold::Node.new(nil,
+                                    @data['name'],
+                                    @data['macaddr'],
+                                    Arnold::Node.munge(@data, :params),
+                                    @data['classes'].split(','))
+            @manager.write(node)
+
+            $CONFIG[:provisioner].provision(node)
+          rescue RuntimeError => e
+            puts "Whoops: #{e}"
+          end
+        else
+          puts "WAT"
+          usage
+        end
+      end
+
+      def listnodes
+        nodes = @manager.loadall
+        puts
+        puts "________GUID______________________Name____________________MAC Address___"
+        nodes.each do |node|
+          printf "%18s │ %30s │ %18s\n", node.guid, node.name, node.macaddr
+        end
+        puts
+      end
+
+      def usage
+        puts
+        puts "Usage:"
+        puts "    * arnold help"
+        puts "    * arnold list"
+        puts "    * arnold new [name=<name>] [macaddr=<macaddr>] [template=<template>] [group=<group>] [classes=<class1,class2,...>] [param1=value1]..."
+        puts
+        exit 1
+      end
+
+    end
+  end
+end

data/lib/arnold/controller/web.rb

@@ -0,0 +1,31 @@
+require 'sinatra/base'
+require 'webrick'
+require 'webrick/https'
+require 'openssl'
+
+require 'arnold/server'
+
+module Arnold
+  module Controller
+    class Web
+      def initialize
+        opts = {
+                :Port               => $CONFIG[:port] || 8080,
+                :Logger             => WEBrick::Log::new($stderr, WEBrick::Log::DEBUG),
+                :ServerType         => $CONFIG[:daemonize] ? WEBrick::Daemon : WEBrick::SimpleServer,
+                :DocumentRoot       => $CONFIG[:docroot],
+                :SSLEnable          => true,
+                :SSLVerifyClient    => OpenSSL::SSL::VERIFY_NONE,
+                :SSLCertificate     => OpenSSL::X509::Certificate.new(  File.open($CONFIG[:sslcert]).read),
+                :SSLPrivateKey      => OpenSSL::PKey::RSA.new(          File.open($CONFIG[:sslkey]).read),
+                :SSLCertName        => [ [ "CN",WEBrick::Utils::getservername ] ]
+        }
+
+        # now it's off to the races!
+        Rack::Handler::WEBrick.run(Arnold::Server, opts) do |server|
+          [:INT, :TERM].each { |sig| trap(sig) { server.stop } }
+        end
+      end
+    end
+  end
+end

data/lib/arnold/monkeypatch.rb

@@ -0,0 +1,14 @@
+if not String.method_defined? :to_underscore
+  class String
+     # ruby mutation methods have the expectation to return self if a mutation
+     # occurred, nil otherwise.
+     # (see http://www.ruby-doc.org/core-1.9.3/String.html#method-i-gsub-21)
+     def to_underscore!
+       gsub!(/(.)([A-Z])/,'\1_\2') && downcase!
+     end
+
+     def to_underscore
+       dup.tap { |s| s.to_underscore! }
+     end
+  end
+end

data/lib/arnold/node.rb

@@ -0,0 +1,86 @@
+module Arnold
+  class Node
+    attr_reader :guid, :name, :macaddr, :parameters, :classes
+    @@reserved_params = ['guid', 'name', 'macaddr', 'classes']
+
+    def initialize(guid=nil, name=nil, macaddr=nil, parameters={}, classes = [])
+      # if no guid, this is intended to be a new node
+      self.guid       = guid
+      self.name       = name
+      self.macaddr    = macaddr
+      self.parameters = parameters
+      self.classes    = classes
+    end
+
+    def guid=(g)
+      @guid = validate(g, :filename)
+    end
+
+    def name=(n)
+      @name = validate(n, :filename)
+    end
+
+    def macaddr=(m)
+      @macaddr = validate(m, :macaddr)
+    end
+
+    def parameters=(p)
+      @parameters = validate(p, :params)
+    end
+
+    def classes=(c)
+      @classes = validate(c, :classes)
+    end
+
+    # returns classes and descriptions for classes enabled or disabled
+    def enabled
+      return {} if @classes.nil?
+      $CONFIG[:classes].select { |name, desc| @classes.include? name }
+    end
+
+    def disabled
+      return $CONFIG[:classes] if @classes.nil?
+      $CONFIG[:classes].reject { |name, desc| @classes.include? name }
+    end
+
+    # Raise exceptions if the given condition fails
+    #
+    def validate(value, type=:exists)
+      case type
+      when :classes
+        return if value.nil?
+        raise "Invalid type: #{value.class}" if not value.kind_of?(Array)
+        value.each { |n| raise "Invalid class: #{n}" if not $CONFIG[:classes].has_key?(n) }
+
+      when :params
+        return if value.nil?
+        raise "Invalid type: #{value.class}" if not value.kind_of?(Hash)
+        @@reserved_params.each { |n| raise "Invalid parameter: #{n}" if value.has_key?(n) }
+
+      when :macaddr
+        return if value.nil?
+        value.upcase!
+        raise "Invalid MAC address: #{value}" if not value =~ /^(([0-9A-F]{2}[:-]){5}([0-9A-F]{2}))?$/
+
+      when :filename
+        return if value.nil?
+        raise "Invalid name: #{value}" if not value =~ /^([^\/])*$/
+
+      when :exists
+        raise "Value does not exist." if (value.nil? || value.empty?)
+
+      end
+
+      return value
+    end
+
+    def self.munge(value, type=:upcase)
+      case type
+      when :upcase
+        return value.nil? ? nil : value.upcase
+      when :params
+        return value.reject { |name, val| @@reserved_params.include? name }
+      end
+    end
+  end
+end