arver 0.1.0 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.textile +5 -0
- data/README.textile +1 -0
- data/lib/arver.rb +2 -2
- data/lib/arver/bootstrap.rb +3 -1
- data/lib/arver/cli.rb +6 -3
- data/lib/arver/gpg_key_manager.rb +2 -2
- data/lib/arver/initial_config_action.rb +44 -0
- data/lib/arver/version.rb +1 -1
- data/man/arver.5 +26 -31
- metadata +25 -13
data/CHANGELOG.textile
CHANGED
data/README.textile
CHANGED
data/lib/arver.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
|
-
%w{ singleton yaml fileutils active_support gpgme escape openssl}.each {|f| require f }
|
1
|
+
%w{ singleton yaml fileutils active_support highline/import gpgme escape openssl}.each {|f| require f }
|
2
2
|
$:.unshift(File.dirname(__FILE__)) unless
|
3
3
|
$:.include?(File.dirname(__FILE__)) || $:.include?(File.expand_path(File.dirname(__FILE__)))
|
4
4
|
|
5
|
-
%w{ gpg_key_manager luks_wrapper action create_action list_action gc_action adduser_action deluser_action info_action close_action open_action target_list command_wrapper ssh_command_wrapper log_levels io_logger log string bootstrap local_config config test_config_loader node_with_script_hooks partition_hierarchy_node host hostgroup tree partition test_partition key_generator key_saver keystore runtime_config key_info_action}.each {|f| require "arver/#{f}" }
|
5
|
+
%w{ gpg_key_manager luks_wrapper action initial_config_action create_action list_action gc_action adduser_action deluser_action info_action close_action open_action target_list command_wrapper ssh_command_wrapper log_levels io_logger log string bootstrap local_config config test_config_loader node_with_script_hooks partition_hierarchy_node host hostgroup tree partition test_partition key_generator key_saver keystore runtime_config key_info_action}.each {|f| require "arver/#{f}" }
|
6
6
|
|
data/lib/arver/bootstrap.rb
CHANGED
@@ -4,6 +4,8 @@ class Arver::Bootstrap
|
|
4
4
|
local = Arver::LocalConfig.instance
|
5
5
|
local.config_dir = options[:config_dir] unless options[:config_dir].empty?
|
6
6
|
local.username = options[:user] unless options[:user].empty?
|
7
|
+
|
8
|
+
return true if options[:action] == :init
|
7
9
|
|
8
10
|
unless local.username.present?
|
9
11
|
Arver::Log.error( "No user defined" )
|
@@ -14,7 +16,7 @@ class Arver::Bootstrap
|
|
14
16
|
config.load
|
15
17
|
|
16
18
|
self.load_runtime_config(options)
|
17
|
-
|
19
|
+
|
18
20
|
unless Arver::Config.instance.exists?(local.username)
|
19
21
|
Arver::Log.error( "No such user #{local.username}" )
|
20
22
|
return false
|
data/lib/arver/cli.rb
CHANGED
@@ -73,6 +73,8 @@ module Arver
|
|
73
73
|
"LUKS info about a target.") { |arg| options[:argument][:target] = arg; options[:action] = :info; }
|
74
74
|
opts.on_tail( "-l", "--list-targets",
|
75
75
|
"List targets." ) { options[:action] = :list; }
|
76
|
+
opts.on_tail( "--init",
|
77
|
+
"Setup a sample configuration." ) { options[:action] = :init; }
|
76
78
|
|
77
79
|
begin
|
78
80
|
opts.parse!(arguments)
|
@@ -85,18 +87,18 @@ module Arver
|
|
85
87
|
end
|
86
88
|
|
87
89
|
if options[:action].nil? ||
|
88
|
-
( options[:action] != :list && options[:action] != :gc && ! options[:argument][:target] ) ||
|
90
|
+
( options[:action] != :list && options[:action] != :gc && options[:action] != :init && ! options[:argument][:target] ) ||
|
89
91
|
( ( options[:action] == :adduser || options[:action] == :deluser ) && ! options[:argument][:target] )
|
90
92
|
Arver::Log.write opts; return
|
91
93
|
end
|
92
94
|
end
|
93
|
-
|
95
|
+
|
94
96
|
unless( Arver::Bootstrap.run( options ) )
|
95
97
|
return
|
96
98
|
end
|
97
99
|
|
98
100
|
target_list = TargetList.get_list( options[:argument][:target] )
|
99
|
-
if target_list.empty? && ( options[:action] != :list && options[:action] != :gc )
|
101
|
+
if target_list.empty? && ( options[:action] != :list && options[:action] != :gc && options[:action] != :init )
|
100
102
|
Arver::Log.write( "No targets found" )
|
101
103
|
return false
|
102
104
|
end
|
@@ -115,6 +117,7 @@ module Arver
|
|
115
117
|
:deluser => Arver::DeluserAction,
|
116
118
|
:info => Arver::InfoAction,
|
117
119
|
:key_info => Arver::KeyInfoAction,
|
120
|
+
:init => Arver::InitialConfigAction,
|
118
121
|
}
|
119
122
|
|
120
123
|
action = (actions[ action ]).new( target_list )
|
@@ -11,7 +11,7 @@ module Arver
|
|
11
11
|
return false
|
12
12
|
end
|
13
13
|
key = key.first
|
14
|
-
if fp.size
|
14
|
+
if fp.size != 8 && fp != key.fingerprint
|
15
15
|
return false
|
16
16
|
end
|
17
17
|
key
|
@@ -34,7 +34,7 @@ module Arver
|
|
34
34
|
return false
|
35
35
|
end
|
36
36
|
fp = fp.gsub(" ","")
|
37
|
-
if fp.size
|
37
|
+
if fp.size == 8
|
38
38
|
Arver::Log.error( "Please use the full fingerprint to define the gpg key for #{user}. The current config might be ambiguous." )
|
39
39
|
end
|
40
40
|
|
@@ -0,0 +1,44 @@
|
|
1
|
+
module Arver
|
2
|
+
class InitialConfigAction < Action
|
3
|
+
def post_action
|
4
|
+
if LocalConfig.instance.username.empty?
|
5
|
+
Log.warn( "Please choose a username using '-u'" )
|
6
|
+
return
|
7
|
+
end
|
8
|
+
local_config = LocalConfig.instance.path
|
9
|
+
if File.exist?( local_config )
|
10
|
+
Log.warn( "#{local_config} already exists" )
|
11
|
+
else
|
12
|
+
content = { 'username' => LocalConfig.instance.username }
|
13
|
+
f = File.new(local_config, "w")
|
14
|
+
f.write(content.to_yaml)
|
15
|
+
f.close
|
16
|
+
end
|
17
|
+
|
18
|
+
config_path = LocalConfig.instance.config_dir
|
19
|
+
|
20
|
+
if File.exist?( config_path )
|
21
|
+
Log.warn( "#{config_path} already exists" )
|
22
|
+
else
|
23
|
+
Config.instance.users = {
|
24
|
+
LocalConfig.instance.username => {
|
25
|
+
'slot' => "<the next free luks slot>",
|
26
|
+
'gpg' => "<gpg fingerprint of #{LocalConfig.instance.username}>"
|
27
|
+
}
|
28
|
+
}
|
29
|
+
Config.instance.tree = {
|
30
|
+
'default' => {
|
31
|
+
'sample_machine' => {
|
32
|
+
'address' => 'foo.bar.com',
|
33
|
+
'post_open' => 'script-after-opening-the-disks.sh',
|
34
|
+
'a_disk' => {
|
35
|
+
'device' => '/dev/sda'
|
36
|
+
}
|
37
|
+
}
|
38
|
+
}
|
39
|
+
}
|
40
|
+
Config.instance.save
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
data/lib/arver/version.rb
CHANGED
data/man/arver.5
CHANGED
@@ -109,10 +109,10 @@ To run an action on all possible disks use \fBALL\fR as target\.
|
|
109
109
|
Working with arver is quite simple and straight forward\. Within the next paragraphs you\'ll find a detailed overview on the concept of arver, as well as how to set it up and what the different actions are doing exactly\.
|
110
110
|
.
|
111
111
|
.SH "Concept"
|
112
|
-
To setup arver we only need to define in the corresponding configuration files our (admin\-)users and our disks\.
|
112
|
+
To setup arver we only need to define in the corresponding configuration files our (admin\-)users and our disks\. See section \fBBootstrapping a new arverdata directory\fR on how to setup your config\.
|
113
113
|
.
|
114
114
|
.P
|
115
|
-
Arver\'s configuration files are contained in a single directory which contains all the necessary (non\-private) information to manage your disks\. This directory will be referred to as \fBarverdata\fR\. We recommend you to share that directory
|
115
|
+
Arver\'s configuration files are contained in a single directory which contains all the necessary (non\-private) information to manage your disks\. This directory will be referred to as \fBarverdata\fR\. We recommend you to share that directory among your group with a distributed version control system such as git\.
|
116
116
|
.
|
117
117
|
.P
|
118
118
|
Eeach admin will be assigned one global LUKS slot\. Arver will use this information to grant or revoke privileges to other users\. See the \fBManaging users\fR section for a detailed descripton of how this is done\.
|
@@ -133,18 +133,27 @@ keys/public/ <\- contains gpg public keys of the admins (managed by arver)
|
|
133
133
|
.
|
134
134
|
.IP "" 0
|
135
135
|
.
|
136
|
+
.SH "Bootstrapping a new arverdata directory"
|
137
|
+
To bootstrap a new \fBarverdata\fR directory just run:
|
138
|
+
.
|
139
|
+
.P
|
140
|
+
arver \-u \fInew_username\fR \-\-init
|
141
|
+
.
|
142
|
+
.P
|
143
|
+
This will create ~/\.arverdata with a sample configuration\. See the next two sections on how to adapt it to your setup:
|
144
|
+
.
|
136
145
|
.SS "Users"
|
137
|
-
The \fBuser\fR config file contains all your
|
146
|
+
The \fBuser\fR config file contains all your users\. It is very important that all users use exactly the same configuration! It has the following structure:
|
138
147
|
.
|
139
148
|
.IP "" 4
|
140
149
|
.
|
141
150
|
.nf
|
142
151
|
|
143
|
-
|
144
|
-
slot:
|
152
|
+
me:
|
153
|
+
slot: 1
|
145
154
|
gpg: BEAFAFFEBEAFAFFEBEAFAFFEBEAFAFFEBEAFAFFE
|
146
|
-
|
147
|
-
slot
|
155
|
+
foo:
|
156
|
+
slot 2
|
148
157
|
gpg: AFFEBEAFAFFEBEAFAFFEBEAFAFFEBEAFAFFEBEAF
|
149
158
|
.
|
150
159
|
.fi
|
@@ -152,7 +161,16 @@ foo2:
|
|
152
161
|
.IP "" 0
|
153
162
|
.
|
154
163
|
.P
|
155
|
-
\
|
164
|
+
\fBme\fR is the identifier you selected on \fB\-\-init\fR\. \fBslot\fR referes to the LUKS slot which will be used\. This has to be a unique number between 0 and 7\. If you\'d like to migrate existing LUKS devices take care to avoid the currently used slot number (usually 0)\. \fBgpg\fR is the (40 digit) fingerprint of the gpg\-key\. We recommend to use a dedicated gpg key just for \fBarver\fR\. You can create one with:
|
165
|
+
.
|
166
|
+
.P
|
167
|
+
gpg \-\-gen\-key
|
168
|
+
.
|
169
|
+
.P
|
170
|
+
And you can find out the fingerprint of your key with:
|
171
|
+
.
|
172
|
+
.P
|
173
|
+
gpg \-\-fingerprint \-\-list\-key \fIkey\-id\fR
|
156
174
|
.
|
157
175
|
.SS "Disks"
|
158
176
|
The \fBdisks\fR file contains the following hash tree in yaml notation:
|
@@ -218,29 +236,6 @@ You can also add script hooks to any host or disk\. Those will be run during the
|
|
218
236
|
.P
|
219
237
|
Any other entry within the hosts\-object are actual disks entries of that particular host\. These disks are represented by an identifier and at least a \fBdevice\fR entry pointing to the actual disk path\. So for example the disks on \fBhost1\fR are: \fB/dev/storage/disk1\fR identified by \fBdisk1\fR and \fB/dev/sdb1\fR idetified by \fBdisk2\fR\. The prefix \fB/dev/\fR is alays added to the disk path\.
|
220
238
|
.
|
221
|
-
.SH "Bootstrapping a new arverdata"
|
222
|
-
How do you start and bootstrap a new \fBarverdata\fR, so you can use arver for your storage?
|
223
|
-
.
|
224
|
-
.P
|
225
|
-
First you need to create the basic structure for your \fBarverdata\fR:
|
226
|
-
.
|
227
|
-
.IP "" 4
|
228
|
-
.
|
229
|
-
.nf
|
230
|
-
|
231
|
-
$ mkdir ~/\.arverdata # the location is configurable\. We use the default one\.
|
232
|
-
$ gpg \-\-gen\-key # create a dedicated gpg key for arver
|
233
|
-
$ vi users # add your user and the key\-id of your new public gpg\-key
|
234
|
-
$ vi disks # add your hostgroups, hosts and disks
|
235
|
-
$ echo "\'username\': \'<your_arver_username>\' > ~/\.arver #set your default user
|
236
|
-
.
|
237
|
-
.fi
|
238
|
-
.
|
239
|
-
.IP "" 0
|
240
|
-
.
|
241
|
-
.P
|
242
|
-
Then we can create the encrypted harddisk:
|
243
|
-
.
|
244
239
|
.SH "Action Create"
|
245
240
|
To initially create an arver managed LUKS device you first need to add the device to the disks config\. See above for various examples\. You can create the LUKS device by invoking the following command:
|
246
241
|
.
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: arver
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.2
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -15,7 +15,7 @@ date: 2012-04-30 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: gpgme
|
18
|
-
requirement: &
|
18
|
+
requirement: &7240120 !ruby/object:Gem::Requirement
|
19
19
|
none: false
|
20
20
|
requirements:
|
21
21
|
- - ! '>='
|
@@ -23,10 +23,10 @@ dependencies:
|
|
23
23
|
version: 2.0.0
|
24
24
|
type: :runtime
|
25
25
|
prerelease: false
|
26
|
-
version_requirements: *
|
26
|
+
version_requirements: *7240120
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: escape
|
29
|
-
requirement: &
|
29
|
+
requirement: &7239180 !ruby/object:Gem::Requirement
|
30
30
|
none: false
|
31
31
|
requirements:
|
32
32
|
- - ! '>='
|
@@ -34,10 +34,10 @@ dependencies:
|
|
34
34
|
version: 0.0.2
|
35
35
|
type: :runtime
|
36
36
|
prerelease: false
|
37
|
-
version_requirements: *
|
37
|
+
version_requirements: *7239180
|
38
38
|
- !ruby/object:Gem::Dependency
|
39
39
|
name: activesupport
|
40
|
-
requirement: &
|
40
|
+
requirement: &7238020 !ruby/object:Gem::Requirement
|
41
41
|
none: false
|
42
42
|
requirements:
|
43
43
|
- - <
|
@@ -45,10 +45,21 @@ dependencies:
|
|
45
45
|
version: 3.0.0
|
46
46
|
type: :runtime
|
47
47
|
prerelease: false
|
48
|
-
version_requirements: *
|
48
|
+
version_requirements: *7238020
|
49
|
+
- !ruby/object:Gem::Dependency
|
50
|
+
name: highline
|
51
|
+
requirement: &7236760 !ruby/object:Gem::Requirement
|
52
|
+
none: false
|
53
|
+
requirements:
|
54
|
+
- - ! '>='
|
55
|
+
- !ruby/object:Gem::Version
|
56
|
+
version: 1.6.2
|
57
|
+
type: :runtime
|
58
|
+
prerelease: false
|
59
|
+
version_requirements: *7236760
|
49
60
|
- !ruby/object:Gem::Dependency
|
50
61
|
name: cucumber
|
51
|
-
requirement: &
|
62
|
+
requirement: &7235620 !ruby/object:Gem::Requirement
|
52
63
|
none: false
|
53
64
|
requirements:
|
54
65
|
- - ! '>='
|
@@ -56,10 +67,10 @@ dependencies:
|
|
56
67
|
version: 0.10.2
|
57
68
|
type: :development
|
58
69
|
prerelease: false
|
59
|
-
version_requirements: *
|
70
|
+
version_requirements: *7235620
|
60
71
|
- !ruby/object:Gem::Dependency
|
61
72
|
name: rspec
|
62
|
-
requirement: &
|
73
|
+
requirement: &7234840 !ruby/object:Gem::Requirement
|
63
74
|
none: false
|
64
75
|
requirements:
|
65
76
|
- - ! '>='
|
@@ -67,10 +78,10 @@ dependencies:
|
|
67
78
|
version: 2.5.0
|
68
79
|
type: :development
|
69
80
|
prerelease: false
|
70
|
-
version_requirements: *
|
81
|
+
version_requirements: *7234840
|
71
82
|
- !ruby/object:Gem::Dependency
|
72
83
|
name: rake
|
73
|
-
requirement: &
|
84
|
+
requirement: &7233720 !ruby/object:Gem::Requirement
|
74
85
|
none: false
|
75
86
|
requirements:
|
76
87
|
- - ! '>='
|
@@ -78,7 +89,7 @@ dependencies:
|
|
78
89
|
version: 0.9.2
|
79
90
|
type: :development
|
80
91
|
prerelease: false
|
81
|
-
version_requirements: *
|
92
|
+
version_requirements: *7233720
|
82
93
|
description: Arver helps you to manage a large amount of crypted devices easily and
|
83
94
|
safe amongst a certain amount of members
|
84
95
|
email: arver@lists.immerda.ch
|
@@ -102,6 +113,7 @@ files:
|
|
102
113
|
- lib/arver/host.rb
|
103
114
|
- lib/arver/hostgroup.rb
|
104
115
|
- lib/arver/info_action.rb
|
116
|
+
- lib/arver/initial_config_action.rb
|
105
117
|
- lib/arver/io_logger.rb
|
106
118
|
- lib/arver/key_generator.rb
|
107
119
|
- lib/arver/key_info_action.rb
|