automateit 0.71021 → 0.71030

data/lib/automateit/account_manager/passwd_expect.rb

@@ -0,0 +1,40 @@
+# == AccountManager::PasswdExpect
+#
+# An AccountManager driver for the +passwd+ command found on Unix-like systems
+# using the +expect+ program as a wrapper because the Ruby PTY implementation
+# is unreliable.
+class ::AutomateIt::AccountManager::PasswdExpect < ::AutomateIt::AccountManager::BaseDriver
+  depends_on :programs => %w(passwd expect)
+
+  def suitability(method, *args) # :nodoc:
+    # Level must be higher than PasswdPTY
+    return available? ? 9 : 0
+  end
+
+  # See AccountManager#passwd
+  def passwd(user, password, opts={})
+    _passwd_helper(user, password, opts) do |user, password, opts|
+      log.silence(Logger::WARN) do
+        interpreter.mktemp do |filename|
+          # Script derived from /usr/share/doc/expect/examples/autopasswd
+          interpreter.render(:text => <<-HERE, :to => filename)
+set password "#{password}"
+spawn passwd "#{user}"
+expect "assword:"
+sleep 0.1
+send "$password\\r"
+expect "assword:"
+sleep 0.1
+send "$password\\r"
+expect eof
+          HERE
+
+          cmd = "expect #{filename} #{user} #{password}"
+          cmd << " > /dev/null" if opts[:quiet]
+          return(interpreter.sh cmd)
+        end
+      end
+    end
+  end
+end
+

data/lib/automateit/account_manager/passwd_pty.rb

@@ -0,0 +1,67 @@
+# == AccountManager::PasswdPTY
+#
+# An AccountManager driver for +passwd+ command found on Unix-like systems
+# using the Ruby PTY implementation.
+#
+# *WARNING*: The Ruby PTY module is unreliable or unavailable on most
+# platforms. It may hang indefinitely or report incorrect results. Every
+# attempt has been made to work around these problems, but this is a low-level
+# problem. You are strongly encouraged to install the +expect+ program, which
+# works flawlessly. Once the +expect+ program is installed, passwords will be
+# changed using the AccountManager::PasswdExpect driver, which works properly.
+class ::AutomateIt::AccountManager::PasswdPTY < ::AutomateIt::AccountManager::BaseDriver
+  depends_on \
+    :programs => %w(passwd),
+    :libraries => %w(open3 expect pty)
+
+  def suitability(method, *args) # :nodoc:
+    # Level must be higher than Linux
+    return available? ? 3 : 0
+  end
+
+  # See AccountManager#passwd
+  def passwd(user, password, opts={})
+    log.info(PERROR+"Setting password with flaky Ruby PTY, which hangs or fails randomly. Install 'expect' (http://expect.nist.gov/) for reliable operation.")
+    _passwd_helper(user, password, opts) do
+      log.silence(Logger::WARN) do
+        interpreter.mktemp do |filename|
+          tries = 5
+          exitstatus = nil
+          begin
+            exitstruct = _passwd_raw(user, password, opts)
+            if exitstatus and not exitstruct.exitstatus.zero?
+              # FIXME AccountManager::Linux#passwd -- The `passwd` command randomly returns exit status 10 even when it succeeds. What does this mean and how to deal with it?! Temporary workaround is to throw an error and force a retry.
+              raise Errno::EPIPE.new("bad exitstatus %s" % exitstruct.exitstatus)
+            end
+          rescue Errno::EPIPE => e
+            # FIXME AccountManager::Linux#passwd -- EPIPE exception randomly thrown even when `passwd` succeeds. How to eliminate it? How to differentiate between this false error and a real one?
+            if tries <= 0
+              raise e
+            else
+              tries -= 1
+              retry
+            end
+          end
+          return exitstruct.exitstatus.zero?
+        end
+      end
+    end
+
+  end
+
+  def _passwd_raw(user, password, opts={})
+    quiet = (opts[:quiet] or not log.info?)
+
+    require 'open4'
+    return Open4::popen4("passwd %s 2>&1" % user) do |pid, sin, sout, serr|
+      $expect_verbose = ! quiet
+      2.times do
+        sout.expect(/:/)
+        sleep 0.1 # Reduce chance of passwd thinking we're a robot :(
+        sin.puts password
+        puts "*" * 12 unless quiet
+      end
+    end
+  end
+  protected :_passwd_raw
+end

data/lib/automateit/account_manager/posix.rb

@@ -0,0 +1,126 @@
+# == AccountManager::POSIX
+#
+# A POSIX driver for the AccountManager.
+class ::AutomateIt::AccountManager::POSIX < ::AutomateIt::AccountManager::Etc
+  depends_on :programs => %w(useradd usermod userdel groupadd groupmod groupdel)
+
+  def suitability(method, *args) # :nodoc:
+    # Level must be higher than Portable
+    return available? ? 2 : 0
+  end
+
+  #.......................................................................
+
+  # See AccountManager#add_user
+  def add_user(username, opts={})
+    return _add_user_helper(username, opts) do |username, opts|
+      cmd = "useradd"
+      cmd << " -c #{opts[:description] || username}"
+      cmd << " -d #{opts[:home]}" if opts[:home]
+      cmd << " -m" unless opts[:create_home] == false
+      cmd << " -G #{opts[:groups].join(',')}" if opts[:groups]
+      cmd << " -s #{opts[:shell] || "/bin/bash"}"
+      cmd << " -u #{opts[:uid]}" if opts[:uid]
+      cmd << " -g #{opts[:gid]}" if opts[:gid]
+      cmd << " #{username} < /dev/null"
+      cmd << " > /dev/null 2>&1 | grep -v blocks" if opts[:quiet]
+      interpreter.sh(cmd)
+    end
+  end
+
+  # TODO AccountManager#update_user -- implement
+  ### def update_user(username, opts={}) dispatch(username, opts) end
+
+  # See AccountManager#remove_user
+  def remove_user(username, opts={})
+    return _remove_user_helper(username, opts) do |username, opts|
+      # Options: -r -- remove the home directory and mail spool
+      cmd = "userdel"
+      cmd << " -r" unless opts[:remove_home] == false
+      cmd << " #{username}"
+      cmd << " > /dev/null" if opts[:quiet]
+      interpreter.sh(cmd)
+    end
+  end
+
+  # See AccountManager#add_groups_to_user
+  def add_groups_to_user(groups, username)
+    return _add_groups_to_user_helper(groups, username) do |missing, username|
+      targets = (groups_for_user(username) + missing).uniq
+
+      cmd = "usermod -G #{targets.join(',')} #{username}"
+      interpreter.sh(cmd)
+    end
+  end
+
+  # See AccountManager#remove_groups_from_user
+  def remove_groups_from_user(groups, username)
+    return _remove_groups_from_user_helper(groups, username) do |present, username|
+      matches = (groups_for_user(username) - [groups].flatten).uniq
+      cmd = "usermod -G #{matches.join(',')} #{username}"
+      interpreter.sh(cmd)
+    end
+  end
+
+  #.......................................................................
+
+  # See AccountManager#add_group
+  def add_group(groupname, opts={})
+    modified = false
+    unless has_group?(groupname)
+      modified = true
+
+      cmd = "groupadd"
+      cmd << " -g #{opts[:gid]}" if opts[:gid]
+      cmd << " #{groupname}"
+      interpreter.sh(cmd)
+
+      manager.invalidate(:groups)
+    end
+
+    if opts[:members]
+      modified = true
+      add_users_to_group(opts[:members], groupname)
+    end
+
+    return modified ? groups[groupname] : false
+  end
+
+  # TODO AccountManager#update_group -- implement
+  ### def update_group(groupname, opts={}) dispatch(groupname, opts) end
+
+  # See AccountManager#remove_group
+  def remove_group(groupname, opts={})
+    return false unless has_group?(groupname)
+    cmd = "groupdel #{groupname}"
+    interpreter.sh(cmd)
+
+    manager.invalidate(:groups)
+
+    return true
+  end
+
+  # See AccountManager#add_users_to_group
+  def add_users_to_group(users, groupname)
+    _add_users_to_group_helper(users, groupname) do |missing, groupname|
+      for username in missing
+        targets = (groups_for_user(username) + [groupname]).uniq
+        cmd = "usermod -G #{targets.join(',')} #{username}"
+        interpreter.sh(cmd)
+      end
+    end
+  end
+
+  # See AccountManager#remove_users_from_group
+  def remove_users_from_group(users, groupname)
+    _remove_users_from_group_helper(users, groupname) do |present, groupname|
+      u2g = users_to_groups
+      for username in present
+        user_groups = u2g[username]
+        # FIXME tries to include non-present groups, should use some variant of present
+        cmd = "usermod -G #{(user_groups.to_a-[groupname]).join(',')} #{username}"
+        interpreter.sh(cmd)
+      end
+    end
+  end
+end

data/lib/automateit/project.rb

@@ -51,6 +51,37 @@ module AutomateIt
   #
   #   Hello world!
   #
+  # === Partitioning recipes
+  #
+  # You should split up your recipe code into different recipe files. This will
+  # improve the clarity of your code because each file can perform one task,
+  # and you'll also be able to easily execute a specific recipe.
+  #
+  # For example, you can use a task-specific <tt>recipes/postgresql.rb</tt> to
+  # set up the PostgreSQL database server, and a <tt>recipes/apache.rb</tt> to
+  # setup the Apache web server.
+  #
+  # === Running recipes from other recipes
+  #
+  # You can run one recipe from another. It's a good idea to create a top-level
+  # recipe that invokes the other recipes. This lets you run a single recipe
+  # that will in turn run all your other recipes in the correct order, such as
+  # setting up the database server before the web server so that websites.
+  #
+  # For example, consider a <tt>recipes/all.rb</tt> file with these lines:
+  #
+  #  invoke 'postgresql' if tagged? :postgresql_server
+  #  invoke 'nginx' if tagged? :nginx_server
+  #  invoke 'apache' if tagged? :apache_server
+  #
+  # The first line above checks to see if the current host has the
+  # <tt>postgresql_server</tt> tag, and if it does, invokes the
+  # <tt>recipes/postgresql.rb</tt> recipe.
+  #
+  # You must run recipes from other recipes using AutomateIt's +invoke+ method
+  # and not Ruby's +require+, because the +invoke+ passes along the AutomateIt
+  # interpreter to the other recipes so they can continue execution.
+  #
   # === Using project libraries
   #
   # Any files ending with <tt>.rb</tt> that you put into the project's
@@ -133,8 +164,10 @@ module AutomateIt
   #   aifield -p /tmp/hello_project greeting
   #
   # The <tt>-p</tt> specifies the project path (its an alias for
-  # <tt>--project</tt>). More commands are available. You can see the
-  # documentation and examples for these commands by running:
+  # <tt>--project</tt>).
+  #
+  # More commands are available. For documentation and examples run the
+  # following commands from the Unix shell:
   #
   #   aifield --help
   #   aitag --help
@@ -151,21 +184,21 @@ module AutomateIt
   # If you want to share a project between different hosts, you're responsible for distributing the files between them. This isn't a big deal though because these are just text files and your OS has dozens of excellent ways to distribute these.
   #
   # Common approaches to distribution:
-  # * *Shared directory*: Your hosts mount a shared network directory (e.g., +nfs+ or +smb+) with your project. This is very easy if your hosts already have a shared directory, but can be a nuisance otherwise because it opens potential security holes and risks having you hosts hang if the master goes offline.
-  # * *Client pull*: Your hosts download the latest copy of your project from a master repository using a remote copy tool (e.g., +rsync+) or a revision control system (e.g., +cvs+, +svn+, +hg+). This is a safe, simple and secure option.
-  # * *Server push*: You have a master push out the project files to clients using a remote copy tool. This can be awkward and time-consuming because the server must go through a list of all hosts and copy files to them individually.
+  # * <b>Shared directory</b>: Your hosts mount a shared network directory (e.g., +nfs+ or +smb+) with your project. This is very easy if your hosts already have a shared directory, but can be a nuisance otherwise because it opens potential security holes and risks having you hosts hang if the master goes offline.
+  # * <b>Client pull</b>: Your hosts download the latest copy of your project from a master repository using a remote copy tool (e.g., +rsync+) or a revision control system (e.g., +cvs+, +svn+, +hg+). This is a safe, simple and secure option.
+  # * <b>Server push</b>: You have a master push out the project files to clients using a remote copy tool and then invoke +automateit+ on them via SSH. This can be awkward and time-consuming because the server must go through a list of all hosts and copy files to them individually.
   #
   # An example of a complete solution for distributing system configuration management files:
-  # * Setup an +svn+ or +hg+ repository to store your project and create a special account for the hosts to use to checkout code.
-  # * Write a wrapper script for running the recipes, for example, write a "/usr/bin/myautomateit" shell script like:
+  # 1. Setup an +svn+ or other version control repository to store your project and create a special account for the hosts to use to checkout code.
+  # 2. Write a wrapper script for running the recipes, for example, write a "/usr/bin/myautomateit" shell script like:
   #
   #     #!/bin/sh
   #     cd /var/local/myautomateit
   #     svn update --quiet
   #     automateit recipe/default.rb
-  # * Run this wrapper once an hour using cron so that your systems are always up to date. AutomateIt only prints output when it makes a change, so cron will only email you when you commit new code to the repository and the hosts make changes.
-  # * If you need to run a recipe on the machine right now, SSH into it and run the wrapper.
-  # * If you need to run the script early on a bunch of machines and don't want to manually SSH into each one, you can leverage the +aitag+ (see <tt>aitag --help</tt>) to execute a Unix command across multiple systems. For example, you could use a Unix shell command like this to execute the wrapper on all hosts tagged with +apache_servers+:
+  # 3. Run this wrapper once an hour using cron so that your systems are always up to date. AutomateIt only prints output when it makes a change, so cron will only email you when you commit new code to the repository and the hosts make changes.
+  # 4. If you need to run a recipe on the machine right now, SSH into it and run the wrapper.
+  # 5. If you need to run the script early on a bunch of machines and don't want to manually SSH into each one, you can leverage the +aitag+ (see <tt>aitag --help</tt>) to execute a Unix command across multiple systems. For example, you could use a Unix shell command like this to execute the wrapper on all hosts tagged with +apache_servers+:
   #
   #     for host in `aitag -p /var/local/myautomateit -w apache_server`; do
   #         echo "# $host"

data/lib/automateit/root.rb

@@ -1,7 +1,7 @@
 # See AutomateIt::Interpreter for usage information.
 module AutomateIt # :nodoc:
   # AutomateIt version
-  VERSION=Gem::Version.new("0.71021")
+  VERSION=Gem::Version.new("0.71030")
 
   # Instantiates a new Interpreter. See documentation for
   # Interpreter#setup.

data/spec/integration/account_manager_spec.rb

@@ -7,22 +7,65 @@ elsif not INTERPRETER.superuser?
 elsif not INTERPRETER.account_manager.available?(:add_user)
   puts "NOTE: Can't find AccountManager for this platform, #{__FILE__}"
 else
-  describe "AutomateIt::AccountManager" do
+  describe AutomateIt::AccountManager do
     before(:all) do
+      ### @independent = true
+      @independent = false
+
+      ### @a = AutomateIt.new(:verbosity => Logger::INFO)
       @a = AutomateIt.new(:verbosity => Logger::WARN)
       @m = @a.account_manager
+      @quiet = ! @a.log.info?
 
-      @username = "automateit_testuser"
-      @groupname = "automateit_testgroup"
+      # Some OSes are limited to 8 character names :(
+      @username =  "aitestus"
+      @groupname = "aitestgr"
 
-      raise "User named '#{@username}' found. If this isn't a real user, delete it so that the test can contineu. If this is a real user, change the spec to test with a user that shouldn't exist." if @m.users[@username]
-      raise "Group named '#{@groupname}' found. If this isn't a real group, delete it so that the test can contineu. If this is a real group, change the spec to test with a group that shouldn't exist." if @m.groups[@groupname]
+      begin
+        raise "User named '#{@username}' found. If this isn't a real user, delete it so that the test can contineu. If this is a real user, change the spec to test with a user that shouldn't exist." if @m.users[@username]
+        raise "Group named '#{@groupname}' found. If this isn't a real group, delete it so that the test can contineu. If this is a real group, change the spec to test with a group that shouldn't exist." if @m.groups[@groupname]
+      rescue Exception => e
+        @fail = true
+        raise e
+      end
     end
 
     after(:all) do
-      @m.remove_user(@username, :quiet => true)
-      @m.remove_group(@username, :quiet => true)
-      @m.remove_group(@groupname, :quiet => true)
+      unless @fail
+        @m.remove_user(@username, :quiet => true)
+        @m.remove_group(@username, :quiet => true)
+        @m.remove_group(@groupname, :quiet => true)
+      end
+    end
+
+    after(:each) do
+      unless @fail
+        if @independent
+          @m.remove_user(@username, :quiet => true)
+          @m.remove_group(@username, :quiet => true)
+          @m.remove_group(@groupname, :quiet => true)
+        end
+      end
+    end
+
+    def add_user(opts={})
+      # SunOS /home entries don't exist until you add them to auto_home, so
+      # work around this by using a directory we know can be used
+      home = INTERPRETER.tagged?(:sunos) ? "/var/tmp/#{@username}" : nil
+
+      defaults = { :passwd => "asdf", :shell => "/bin/false", :home => home,
+        :quiet => @quiet }
+
+      return @m.add_user(@username, defaults.merge(opts))
+    end
+
+    def add_group
+      return @m.add_group(@groupname)
+    end
+
+    def add_user_with_group
+      add_user
+      return @m.add_group(@groupname, :members => @username)
     end
 
     it "should find root user" do
@@ -36,27 +79,29 @@ else
     end
 
     it "should create a user" do
-      entry = @m.add_user(@username, :passwd => "asdf", :shell => "/bin/false")
+      entry = add_user
 
       entry.should_not be_nil
       entry.name.should == @username
-      # Leaves behind user for further tests
     end
 
     it "should have a user after one is created" do
-      # Depends on user to be created by previous tests
+      add_user if @independent
+
       @m.has_user?(@username).should be_true
     end
 
     it "should query user data by name" do
-      # Depends on user to be created by previous tests
+      add_user if @independent
+
       entry = @m.users[@username]
       entry.should_not be_nil
       entry.name.should == @username
     end
 
     it "should query user data by id" do
-      # Depends on user to be created by previous tests
+      add_user if @independent
+
       uid = @m.users[@username].uid
 
       entry = @m.users[uid]
@@ -69,12 +114,14 @@ else
     end
 
     it "should create user group" do
-      # Depends on user to be created by previous tests
+      add_user if @independent
+
       @m.groups[@username].should_not be_nil
     end
 
     it "should not re-add an existing user" do
-      # Depends on user to be created by previous tests
+      add_user if @independent
+
       @m.add_user(@username).should be_false
     end
 
@@ -83,23 +130,28 @@ else
     end
 
     it "should add a group" do
-      entry = @m.add_group(@groupname)
+      entry = add_group
+
       entry.should_not be_nil
       entry.name.should == @groupname
-      # Leaves behind group for further tests
     end
 
     it "should not re-add a group" do
+      add_group if @independent
+
       @m.add_group(@groupname).should be_false
     end
 
     it "should query group data by name" do
+      add_group if @independent
+
       entry = @m.groups[@groupname]
       entry.should_not be_nil
       entry.name.should == @groupname
     end
 
     it "should query group data by id" do
+      add_group if @independent
       gid = @m.groups[@groupname].gid
 
       entry = @m.groups[gid]
@@ -112,7 +164,8 @@ else
     end
 
     it "should remove a group" do
-      # Depends on group to be created by previous tests
+      add_group if @independent
+
       @m.remove_group(@groupname).should be_true
     end
 
@@ -124,41 +177,53 @@ else
       @m.users_for_group(@groupname).should == []
     end
 
-    it "should add a group with members" do
-      # Depends on user to be created by previous tests
-      @m.add_group(@groupname, :members => @username)
-      # Leaves behind group for further tests
-    end
+   it "should add a group with members" do
+     add_user_with_group.should_not be_nil
+   end
 
-    it "should query users in a group" do
-      # Depends on group to be created by previous tests
-      @m.users_for_group(@groupname).should == [@username]
-    end
+   it "should query users in a group" do
+     add_user_with_group if @independent
 
-    it "should query groups for a user" do
-      # Depends on user to be created by previous tests
-      # Depends on group to be created by previous tests
-      @m.groups_for_user(@username).should include(@groupname)
-    end
+     @m.users_for_group(@groupname).should == [@username]
+   end
 
-    it "should remove users from a group" do
-      # Depends on user to be created by previous tests
-      # Depends on group to be created by previous tests
-      @m.remove_users_from_group(@username, @groupname).should == [@username]
-    end
+   it "should query groups for a user" do
+     add_user_with_group if @independent
+
+     @m.groups_for_user(@username).should include(@groupname)
+   end
+
+   it "should remove users from a group" do
+     add_user_with_group if @independent
+
+     @m.remove_users_from_group(@username, @groupname).should == [@username]
+   end
 
     it "should add groups to a user" do
-      # Depends on user to be created by previous tests
+      add_user if @independent
+      add_group if @independent
+
       @m.add_groups_to_user(@groupname, @username).should == [@groupname]
+
+    end
+
+    it "should add users to group" do
+      @m.remove_groups_from_user(@groupname, @username) unless @independent
+      add_user if @independent
+      add_group if @independent
+
+      @m.add_users_to_group(@username, @groupname).should == [@username]
     end
 
     it "should remove groups from user" do
-      # Depends on user to be created by previous tests
+      add_user_with_group if @independent
+
       @m.remove_groups_from_user(@groupname, @username).should == [@groupname]
     end
 
     it "should remove a group with members" do
-      # Depends on group to be created by previous tests
+      add_group if @independent
+
       @m.remove_group(@groupname).should be_true
     end
 
@@ -189,7 +254,7 @@ else
     end
 
     it "should change password" do
-      # Depends on user to be created by previous tests
+      add_user if @independent
       pass = "automateit"
 
       # TODO This isn't portable
@@ -201,18 +266,38 @@ else
       end
 
       before = extract_pwent(@username)
-      @m.passwd(@username, pass).should be_true
+      @m.passwd(@username, pass, :quiet => @quiet).should be_true
       after = extract_pwent(@username)
       before.should_not eql(after)
     end
 
     it "should remove a user" do
-      # Depends on user to be created by previous tests
+      add_user if @independent
       @m.remove_user(@username, :quiet => true).should be_true
     end
 
     it "should not remove a non-existent user" do
       @m.remove_user(@username).should be_false
     end
+
+    it "should add user with multiple groups" do
+      # Find the first few users
+      groups_expected = []
+      size = 3
+      Etc.group do |group|
+        groups_expected << group.name
+        break if groups_expected.size >= size
+      end
+
+      # Create a user
+      (user = add_user(:groups => groups_expected)).should_not be_true
+
+      # Make sure they have the right number of groups
+      groups_found = @m.groups_for_user(@username)
+      for group in groups_expected
+        ### puts "%s : %s" % [group, groups_found.include?(group)]
+        groups_found.should include(group)
+      end
+    end
   end
 end