cheftacular 2.12.1 → 2.13.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cheftacular/README.md +70 -108
- data/lib/cheftacular/actions/deploy.rb +2 -0
- data/lib/cheftacular/actions/migrate.rb +3 -3
- data/lib/cheftacular/auditor.rb +4 -2
- data/lib/cheftacular/cloud_provider.rb +3 -0
- data/lib/cheftacular/file_system.rb +42 -0
- data/lib/cheftacular/helper.rb +2 -1
- data/lib/cheftacular/initializer.rb +2 -9
- data/lib/cheftacular/pleasantries.rb +25 -0
- data/lib/cheftacular/stateless_actions/arguments.rb +1 -1
- data/lib/cheftacular/stateless_actions/bootstrappers/ubuntu_bootstrap_from_queue.rb +1 -1
- data/lib/cheftacular/stateless_actions/check_cheftacular_yml_keys.rb +6 -0
- data/lib/cheftacular/stateless_actions/cheftacular_config.rb +5 -1
- data/lib/cheftacular/stateless_actions/cleanup_logs.rb +38 -0
- data/lib/cheftacular/stateless_actions/client_list.rb +6 -1
- data/lib/cheftacular/stateless_actions/disk_report.rb +1 -21
- data/lib/cheftacular/stateless_actions/get_active_ssh_connections.rb +38 -5
- data/lib/cheftacular/version.rb +1 -1
- metadata +4 -4
- data/lib/cheftacular/stateless_actions/cleanup_log_files.rb +0 -15
- data/lib/cheftacular/stateless_actions/get_shorewall_allowed_connections.rb +0 -130
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c17eeab4b20203f67317841f8f8bfbef7b0d63ae
|
|
4
|
+
data.tar.gz: b890661e40949e1b6588298e363899ad4b54445d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1c89fe7d7a292a2490e8c4f86a7d4d0485dcb37b3a7729e7bad0d35d67df6f5a14b6e98708304060e099d945a2e0d01fe5a203d944a3e406e6f4221752aad44c
|
|
7
|
+
data.tar.gz: a5e6ced3e2072ff71c093267bb665af25dfc20b3bd1a07d73ed57f589a11cab9469615af6021a2e2e581eb36391c37211647fb4d596da7db986d3eaacccaa03d
|
data/lib/cheftacular/README.md
CHANGED
|
@@ -7,66 +7,6 @@
|
|
|
7
7
|
3. [DevOps Commands](https://github.com/SocialCentivPublic/cheftacular/blob/master/lib/cheftacular/README.md#commands-that-can-only-be-run-in-the-devops-context)
|
|
8
8
|
|
|
9
9
|
|
|
10
|
-
## Arguments and flags for cheftacular
|
|
11
|
-
|
|
12
|
-
### Environment flags
|
|
13
|
-
|
|
14
|
-
1. `-d|--dev-remote` toggles on dev-remote mode. Commands passed to cft will hit the devremote server(s) instead of the default server(s)
|
|
15
|
-
|
|
16
|
-
2. `--env ENV` sets the environment commands hit to one you specify instead of the default one.
|
|
17
|
-
|
|
18
|
-
3. `-p|--prod` toggles on production mode. Commands passed to cft will hit the production server(s) instead of the default server(s)
|
|
19
|
-
|
|
20
|
-
4. `-Q|--qa` toggles on QA mode. Commands passed to cft will hit the QA server(s) instead of the default server(s)
|
|
21
|
-
|
|
22
|
-
5. `-s|--staging` toggles on staging mode. Commands passed to cft will hit the staging server(s) instead of the default server(s)
|
|
23
|
-
|
|
24
|
-
6. `--split-env SPLIT_ENV_NAME` sets the sub-environment to SPLIT_ENV_NAME. This only slightly affects certain commands.
|
|
25
|
-
|
|
26
|
-
7. `-t|--test` toggles on test mode. Commands passed to cft will hit the test server(s) instead of the default server(s)
|
|
27
|
-
|
|
28
|
-
### General Flags
|
|
29
|
-
|
|
30
|
-
1. `-a|--address ADDRESS` will force the command to only run against the specified address if it belongs to a node
|
|
31
|
-
|
|
32
|
-
2. `-D|--debug` toggles on extremely verbose logging. Chef-client runs will generate ~10 times the amounts of logs including any additional effects that the `-v` flag will activate
|
|
33
|
-
|
|
34
|
-
3. `--no-logs` will make the cft commands not generate log files, you must still specify `-v` if you want output of most verbose commands to your terminal.
|
|
35
|
-
|
|
36
|
-
4. `-n|--node-name NODE_NAME` will force the command to only run against the specified name if it belongs to a node
|
|
37
|
-
|
|
38
|
-
5. `-q|--quiet` will make the cft commands only output information that is a direct result of the command being run
|
|
39
|
-
|
|
40
|
-
6. `-r|--role-name ROLE_NAME` will force the command to only run against the specified role if it exists (this argument is generally not needed though it can be used to deploy a codebase for an application you're not currently cd'd into when running this as a gem)
|
|
41
|
-
|
|
42
|
-
7. `-R|--repository NAME` will make the command run against a specific repository or context (automatically set for application mode)
|
|
43
|
-
|
|
44
|
-
8. `-s|--search-node-name NODE_NAME` option will make this command return results that INCLUDE the NODE_NAME.
|
|
45
|
-
|
|
46
|
-
9. `-S|--search-role-name ROLE_NAME` option will make this command return results that INCLUDE the ROLE_NAME.
|
|
47
|
-
|
|
48
|
-
10. `-E|--search-env-name ENV_NAME` option will make this command return results that have this environment.
|
|
49
|
-
|
|
50
|
-
11. `-v|--verbose` toggles on verbose logging. All commands that write logs will also output to terminal AND write the logs.
|
|
51
|
-
|
|
52
|
-
### Help Related
|
|
53
|
-
|
|
54
|
-
1. `-h|--help` Displays the full readme and exits.
|
|
55
|
-
|
|
56
|
-
### Action Flags
|
|
57
|
-
|
|
58
|
-
1. `-e|--except-role ROLE_NAME` will *prevent* any server with this role from being *deployed to* for the deploy command. Other commands will ignore this argument.
|
|
59
|
-
|
|
60
|
-
2. `-z|--unset-github-deploy-args` will unset a custom revision specified in the arg below and make the codebase utilize the default.
|
|
61
|
-
|
|
62
|
-
3. `-Z|--revision REVISION` will force the role you're deploying to to utilize the revision specified here. This can be a specific commit, a branch name or even a tag.
|
|
63
|
-
|
|
64
|
-
1. Note: The system does not check if the revision exists, if you pass a non-existent revision no one will be able to deploy to that role until -Z with a correction revision or -z is passed.
|
|
65
|
-
|
|
66
|
-
4. The `-O ORGANIZATION` flag can be used with TheCheftacularCookbook to set an *organization* your app can try deploying from, your git user needs access to these forks / organization(s).
|
|
67
|
-
|
|
68
|
-
3. The `-z|--unset-github-deploy-args` option will clear your current `-Z` and `-O` flags.
|
|
69
|
-
|
|
70
10
|
## Arguments and flags for cheftacular
|
|
71
11
|
|
|
72
12
|
### Environment flags
|
|
@@ -168,17 +108,25 @@
|
|
|
168
108
|
|
|
169
109
|
3. `sync` will sync your local cheftacular yaml keys ONTO the server's keys. Will send a slack notification if slack is configured (the slack notification contains the diffed keys). The sync only occurs if there are CHANGES to the file.
|
|
170
110
|
|
|
111
|
+
4. This command is aliased to `cc`
|
|
112
|
+
|
|
171
113
|
5. `cft cheftacular_yml_help KEY` this commandallows you to get help on the meaning of each key in your cheftacular.yml overall config.
|
|
172
114
|
|
|
173
115
|
1. This command can also by run with `cft yaml_help`.
|
|
174
116
|
|
|
175
117
|
2. To examine nested keys, you can use colons inbetween the keys like cloud_authentication:rackspace:email
|
|
176
118
|
|
|
177
|
-
6. `cft
|
|
119
|
+
6. `cft cleanup_logs [DIRECTORIES_TO_NOT_DELETE]` this command allows you to clear your local log files
|
|
120
|
+
|
|
121
|
+
1. By default, this command will delete all the cheftacular directories in your log folder.
|
|
122
|
+
|
|
123
|
+
2. This command supports a comma separated list of folders you don't want to delete.
|
|
124
|
+
|
|
125
|
+
7. `cft clear_caches` this command allows you to clear all of your local caches.
|
|
178
126
|
|
|
179
127
|
1. This command will force you to refetch all previously cached chef server data on the next `cft` run.
|
|
180
128
|
|
|
181
|
-
|
|
129
|
+
8. `cft client_list` Allows you check the basic information for all the servers setup via chef. Shows the server's short name, its public ip address and roles (run_list) by default.
|
|
182
130
|
|
|
183
131
|
1. `-v` option will make this command display the server's domain name, whether its password is stored on the chef server and what that password is.
|
|
184
132
|
|
|
@@ -190,17 +138,21 @@
|
|
|
190
138
|
|
|
191
139
|
5. `-E|--search-env-name ENV_NAME` option will make this command return results that have this environment.
|
|
192
140
|
|
|
193
|
-
|
|
141
|
+
6. This command is aliased to `cft clients` and `cft c`
|
|
142
|
+
|
|
143
|
+
9. `cft console` will create a console session on the first node found for a repository.
|
|
194
144
|
|
|
195
145
|
1. Attempts to setup a console for the unique stack, stacks currently supported for console is only Rails.
|
|
196
146
|
|
|
197
|
-
|
|
147
|
+
2. If there is a node in the repository set that has the role `preferred_console`, this node will come before others.
|
|
148
|
+
|
|
149
|
+
10. `cft db_console` will create a database console session on the first node found for a database stack in the current environment.
|
|
198
150
|
|
|
199
151
|
1. This command is aliased to psql, typing `cft psql` will drop you into a rails stack database psql session.
|
|
200
152
|
|
|
201
153
|
2. This command is also aliased to mongo, typing `cft mongo` will drop you into a mongodb mongo session.
|
|
202
154
|
|
|
203
|
-
|
|
155
|
+
11. `cft deploy` will do a simple chef-client run on the servers for a role. Logs of the run itself will be sent to the local log directory in the application (or chef-repo) where the run was conducted.
|
|
204
156
|
|
|
205
157
|
1. The `-Z REVISION` flag can be used with TheCheftacularCookbook to set a revision your app will run.
|
|
206
158
|
|
|
@@ -212,9 +164,9 @@
|
|
|
212
164
|
|
|
213
165
|
5. The `-v|--verbose` option will cause failed deploys to output to the terminal window and to their normal log file. Useful for debugging.
|
|
214
166
|
|
|
215
|
-
|
|
167
|
+
12. `cft disk_report` will fetch useful statistics from every server for every environment and output it into your log directory.
|
|
216
168
|
|
|
217
|
-
|
|
169
|
+
13. `cft environment boot|boot_without_deploy|destroy|destroy_raw_servers [SERVER_NAMES]` will boot / destroy the current environment
|
|
218
170
|
|
|
219
171
|
1. `boot` will spin up servers and bring them to a stable state. This includes setting up their subdomains for the target environment.
|
|
220
172
|
|
|
@@ -228,7 +180,7 @@
|
|
|
228
180
|
|
|
229
181
|
6. This command also accepts a *comma delimited list* of server names to boot / destroy instead of all the stored ones for an environment.
|
|
230
182
|
|
|
231
|
-
|
|
183
|
+
14. `cft file NODE_NAME LOCATION_ALIAS MODE FILE_NAME` interacts with a file on the remote server
|
|
232
184
|
|
|
233
185
|
1. `LOCATION_ALIAS` will be parsed as a path if it has backslash characters. Otherwise it will be parsed from your location_aliases hash in your cheftacular.yml
|
|
234
186
|
|
|
@@ -244,7 +196,7 @@
|
|
|
244
196
|
|
|
245
197
|
3. `edit:TEXT_EDITOR` will attempt to edit the file with the TEXT_EDITOR listed. NOTE! This editor must be installed on the node you're accessing. If the editor is not present via a `which` command, the cft file command will say so.
|
|
246
198
|
|
|
247
|
-
4. `fetch|scp` will attempt to fetch the FILE_NAME listed via SCP. This file is saved to /Users/
|
|
199
|
+
4. `fetch|scp` will attempt to fetch the FILE_NAME listed via SCP. This file is saved to /Users/louis/Code/chef-repo/tmp (based on your directory structure) under the same FILE_NAME as the remote file.
|
|
248
200
|
|
|
249
201
|
1. The deploy must have access to said file without sudo!
|
|
250
202
|
|
|
@@ -258,25 +210,29 @@
|
|
|
258
210
|
|
|
259
211
|
1. `--save-to-file FILE_PATH` can also be used in the `fetch` context to specify where exactly to save the file and what to name it as.
|
|
260
212
|
|
|
261
|
-
|
|
213
|
+
15. `cft fix_known_hosts [HOSTNAME]` this command will delete entries in your known_hosts file for all the servers that are in our system (ip addresses AND dns names)
|
|
262
214
|
|
|
263
215
|
1. Passing in a hostname will make the command only remove entries with that hostname / ip specifically
|
|
264
216
|
|
|
265
|
-
|
|
217
|
+
16. `cft get_active_ssh_connections` will fetch the active ssh connections from every server and output it into your log directory.
|
|
218
|
+
|
|
219
|
+
1. This command runs on all servers in an environment by default
|
|
220
|
+
|
|
221
|
+
17. `cft get_haproxy_log` this command will generate a haproxy html file for the load balancer(s) associated with a repository in the log directory. Opening this log file in the browser will show the status of that haproxy at the time of the log.
|
|
266
222
|
|
|
267
223
|
1. In devops mode, this command will not do anything without the -R repository passed.
|
|
268
224
|
|
|
269
|
-
|
|
225
|
+
18. `cft get_log_from_bag <NODE_NAME-COMMAND_TYPE>` this command grabs the latest command run log from the data bags and saves it to your log directory. There are different types of logs saved per server depending on command.
|
|
270
226
|
|
|
271
|
-
|
|
227
|
+
19. `cft get_pg_pass ['clip']` command will output the current environment's pg_password to your terminal. Optionally you can pass in clip like `cft get_pg_pass clip` to have it also copy the pass to your clipboard.
|
|
272
228
|
|
|
273
|
-
|
|
229
|
+
20. `cft help COMMAND|MODE` this command returns the documentation for a specific command if COMMAND matches the name of a command. Alternatively, it can be passed `action|arguments|application|current|devops|stateless_action` to fetch the commands for a specific mode.Misspellings of commands will display near hits.
|
|
274
230
|
|
|
275
|
-
|
|
231
|
+
21. `cft list_toggleable_roles NODE_NAME` This command will allow you to see all toggleable roles for a node
|
|
276
232
|
|
|
277
|
-
|
|
233
|
+
22. `cft location_aliases` will list all location aliases listed in your cheftacular.yml. These aliases can be used in the `cft file` command.
|
|
278
234
|
|
|
279
|
-
|
|
235
|
+
23. `cft log` this command will output the last 500 lines of logs from every server set for the repository (can be given additional args to specify) to the log directory
|
|
280
236
|
|
|
281
237
|
1. `--nginx` will fetch the nginx logs as well as the application logs
|
|
282
238
|
|
|
@@ -288,13 +244,13 @@
|
|
|
288
244
|
|
|
289
245
|
4. `--fetch-backup` If doing a pg_data log, this will fetch the latest logs from the pg_data log directory for each database.
|
|
290
246
|
|
|
291
|
-
|
|
247
|
+
24. `cft migrate` this command will grab the first alphabetical node for a repository and run a migration that will hit the database primary server.
|
|
292
248
|
|
|
293
249
|
1. Currently only supports rails stacks.
|
|
294
250
|
|
|
295
|
-
|
|
251
|
+
25. `cft pass NODE_NAME` will drop the server's sudo password into your clipboard. Useful for when you need to ssh into the server itself and try advanced linux commands
|
|
296
252
|
|
|
297
|
-
|
|
253
|
+
26. `cft role_toggle NODE_NAME ROLE_NAME activate|deactivate` This command will allow you to **toggle** roles on nodes without using `cft upload_nodes`
|
|
298
254
|
|
|
299
255
|
1. This command uses your *role_toggling:deactivated_role_suffix* attribute set in your cheftacular.yml to toggle the role, it checks to see if the toggled name exists then sets the node's run_list to include the toggled role
|
|
300
256
|
|
|
@@ -306,7 +262,7 @@
|
|
|
306
262
|
|
|
307
263
|
1. Please run `cft list_toggleable_roles NODE_NAME` to get a list of your org's toggleable roles for a node.
|
|
308
264
|
|
|
309
|
-
|
|
265
|
+
27. `cft run COMMAND [--all]` will trigger the command on the first server in the role. Can be used to run rake commands or anything else.
|
|
310
266
|
|
|
311
267
|
1. `--all` will make the command run against all servers in a role rather than the first server it comes across. Don't do this if you're modifying the database with the command.
|
|
312
268
|
|
|
@@ -316,11 +272,11 @@
|
|
|
316
272
|
|
|
317
273
|
4. IMPORTANT NOTE: You cannot run `cft run rake -T` as is, you have to enclose any command that uses command line dash arguments in quotes like `cft run "rake -T"`
|
|
318
274
|
|
|
319
|
-
|
|
275
|
+
28. `cft scale up|down [NUM_TO_SCALE]` will add (or remove) NUM_TO_SCALE servers from the server array. This command will not let you scale down below 1 server.
|
|
320
276
|
|
|
321
277
|
1. In the case of server creation, this command takes a great deal of time to execute. It will output what stage it is currently on to the terminal but <b>you must not kill this command while it is executing</b>.A failed build may require the server to be destroyed / examined by a DevOps engineer.
|
|
322
278
|
|
|
323
|
-
|
|
279
|
+
29. `cft tail [PATTERN_TO_MATCH]` will tail the logs (return continuous output) of the first node if finds that has an application matching the repository running on it. Currently only supports rails stacks
|
|
324
280
|
|
|
325
281
|
1. pass `-n NODE_NAME` to grab the output of a node other than the first.
|
|
326
282
|
|
|
@@ -328,22 +284,20 @@
|
|
|
328
284
|
|
|
329
285
|
3. if the `PATTERN_TO_MATCH` argument exists, the tail will only return entries that have that pattern rather than everything written to the file.
|
|
330
286
|
|
|
331
|
-
|
|
287
|
+
30. `cft update_cheftacular` this command attempts to update cheftacular to the latest version.
|
|
332
288
|
|
|
333
|
-
|
|
289
|
+
31. `cft version` this command prints out the current version of cheftacular.
|
|
334
290
|
|
|
335
291
|
|
|
336
292
|
## Commands that can ONLY be run in the devops context
|
|
337
293
|
|
|
338
|
-
1. [NYI]`cft
|
|
294
|
+
1. [NYI]`cft update_chef_client` attempts to update the chef-client of all nodes to the latest version. Should be done with caution and with the chef_server's version in mind.
|
|
339
295
|
|
|
340
|
-
2.
|
|
341
|
-
|
|
342
|
-
3. `cft add_ssh_key_to_bag "<NEW SSH PUB KEY>" [SPECIFIC_REPOSITORY]` this command will add the given ssh key to the default authentication data bag. After this your server recipes should read the contents of the 'default' 'authentication' bag for the authorized_keys array.
|
|
296
|
+
2. `cft add_ssh_key_to_bag "<NEW SSH PUB KEY>" [SPECIFIC_REPOSITORY]` this command will add the given ssh key to the default authentication data bag. After this your server recipes should read the contents of the 'default' 'authentication' bag for the authorized_keys array.
|
|
343
297
|
|
|
344
298
|
1. `SPECIFIC_REPOSITORY` is a special argument, if left blank the key will be placed in the authorized_keys array in the bag, otherwise it will be placed in the specific_authorized_keys hash under a key named for the repository that is passed. The script will error if SPECIFIC_REPOSITORY does not exist in the cheftacular.yml respositories hash. You can then use this data to give users selective ssh access to certain servers.
|
|
345
299
|
|
|
346
|
-
|
|
300
|
+
3. `cft backups [activate|deactivate|fetch|load|restore]` this command sets the fetch_backups and restore_backups flags in your config data bag for an environment. These can be used to give application developers a way to trigger / untrigger restores in an environment
|
|
347
301
|
|
|
348
302
|
1. `activate` will turn on automated backup running (turns on the flag for the env in the config bag).
|
|
349
303
|
|
|
@@ -355,13 +309,13 @@
|
|
|
355
309
|
|
|
356
310
|
5. `restore` will simply just run the _backup loading command_ to load the latest backup onto the server.
|
|
357
311
|
|
|
358
|
-
|
|
312
|
+
4. `cft check_cheftacular_yml_keys` allows you to check to see if your cheftacular yml keys are valid to the current version of cheftacular. It will also set your missing keys to their likely default and let you know to update the cheftacular.yml file.
|
|
359
313
|
|
|
360
|
-
|
|
314
|
+
5. `cft chef_bootstrap_from_queue` allows you to register a node in the chef system, remove any lingering data that may be associated with it and update the node's runlist if it has an entry in nodes_dir for its NODE_NAME.
|
|
361
315
|
|
|
362
316
|
1. This command is part of the `cft full_bootstrap` command and cannot be called directly
|
|
363
317
|
|
|
364
|
-
|
|
318
|
+
6. `cft chef_server [restart|processes|memory]` this command can be used to query the chef server for stats if the cheftacular.yml has the chef_server key filled out. Useful for low resource chef-servers.
|
|
365
319
|
|
|
366
320
|
1. `restart` restarts all chef processes on the chef server which may alleviate slow cheftacular load times for some users. (NOTE) do not run this command while the chef-server is performing actions or instability may result! Not tested for high volume chef servers.
|
|
367
321
|
|
|
@@ -373,7 +327,7 @@
|
|
|
373
327
|
|
|
374
328
|
5. NOTE 2! Cheftacular does not (and will not) support accessing your chef server over ssh with password auth. If you have done this, you should feel bad and immediately switch ssh access to key authentication...
|
|
375
329
|
|
|
376
|
-
|
|
330
|
+
7. `cft cheftacular_config [diff|display|sync|overwrite]` this command Allows you to interact with your complete cheftacular configuration, the union of all repository's cheftacular.ymls.
|
|
377
331
|
|
|
378
332
|
1. `display` will show the current overall configuration for cheftacular.
|
|
379
333
|
|
|
@@ -381,18 +335,26 @@
|
|
|
381
335
|
|
|
382
336
|
3. `sync` will sync your local cheftacular yaml keys ONTO the server's keys. Will send a slack notification if slack is configured (the slack notification contains the diffed keys). The sync only occurs if there are CHANGES to the file.
|
|
383
337
|
|
|
384
|
-
|
|
338
|
+
4. This command is aliased to `cc`
|
|
339
|
+
|
|
340
|
+
8. `cft cheftacular_yml_help KEY` this commandallows you to get help on the meaning of each key in your cheftacular.yml overall config.
|
|
385
341
|
|
|
386
342
|
1. This command can also by run with `cft yaml_help`.
|
|
387
343
|
|
|
388
344
|
2. To examine nested keys, you can use colons inbetween the keys like cloud_authentication:rackspace:email
|
|
389
345
|
|
|
390
|
-
|
|
346
|
+
9. `cft clean_cookbooks [force] [remove_cookbooks]` allows you to update the internal chef-repo's cookbooks easily. By default this script will force you to decide what to do with each cookbook individually (shows version numbers and whether to overwrite it to cookbooks or not).
|
|
391
347
|
|
|
392
348
|
1. `force` argument will cause the downloaded cookbooks to *always* overwrite the chef-repo's cookbooks as long as the downloaded cookbook has a higher version number.
|
|
393
349
|
|
|
394
350
|
2. If you would like to remove all the cookbooks on the chef server, run `knife cookbook bulk delete '.*' -p -c ~/.chef/knife.rb`
|
|
395
351
|
|
|
352
|
+
10. `cft cleanup_logs [DIRECTORIES_TO_NOT_DELETE]` this command allows you to clear your local log files
|
|
353
|
+
|
|
354
|
+
1. By default, this command will delete all the cheftacular directories in your log folder.
|
|
355
|
+
|
|
356
|
+
2. This command supports a comma separated list of folders you don't want to delete.
|
|
357
|
+
|
|
396
358
|
11. `cft clear_caches` this command allows you to clear all of your local caches.
|
|
397
359
|
|
|
398
360
|
1. This command will force you to refetch all previously cached chef server data on the next `cft` run.
|
|
@@ -409,6 +371,8 @@
|
|
|
409
371
|
|
|
410
372
|
5. `-E|--search-env-name ENV_NAME` option will make this command return results that have this environment.
|
|
411
373
|
|
|
374
|
+
6. This command is aliased to `cft clients` and `cft c`
|
|
375
|
+
|
|
412
376
|
13. `cft cloud <FIRST_LEVEL_ARG> [<SECOND_LEVEL_ARG>[:<SECOND_LEVEL_ARG_QUERY>]*] ` this command handles talking to various cloud APIs. If no args are passed nothing will happen.
|
|
413
377
|
|
|
414
378
|
1. `domain` first level argument for interacting with cloud domains
|
|
@@ -563,7 +527,7 @@
|
|
|
563
527
|
|
|
564
528
|
3. `edit:TEXT_EDITOR` will attempt to edit the file with the TEXT_EDITOR listed. NOTE! This editor must be installed on the node you're accessing. If the editor is not present via a `which` command, the cft file command will say so.
|
|
565
529
|
|
|
566
|
-
4. `fetch|scp` will attempt to fetch the FILE_NAME listed via SCP. This file is saved to /Users/
|
|
530
|
+
4. `fetch|scp` will attempt to fetch the FILE_NAME listed via SCP. This file is saved to /Users/louis/Code/chef-repo/tmp (based on your directory structure) under the same FILE_NAME as the remote file.
|
|
567
531
|
|
|
568
532
|
1. The deploy must have access to said file without sudo!
|
|
569
533
|
|
|
@@ -585,21 +549,17 @@
|
|
|
585
549
|
|
|
586
550
|
1. This command is run by `cft cloud_bootstrap` and should not be run on its own.
|
|
587
551
|
|
|
588
|
-
24. `cft
|
|
552
|
+
24. `cft get_active_ssh_connections` will fetch the active ssh connections from every server and output it into your log directory.
|
|
589
553
|
|
|
590
|
-
1.
|
|
554
|
+
1. This command runs on all servers in an environment by default
|
|
591
555
|
|
|
592
|
-
25. `cft
|
|
556
|
+
25. `cft get_haproxy_log` this command will generate a haproxy html file for the load balancer(s) associated with a repository in the log directory. Opening this log file in the browser will show the status of that haproxy at the time of the log.
|
|
593
557
|
|
|
594
|
-
|
|
595
|
-
|
|
596
|
-
27. `cft get_shorewall_allowed_connections [PATH_TO_LOCAL_FILE] -n NODE_NAME` command will query a single server and return all of its ACCEPT connections from shorewall in it's syslog and return the results in a CSV format. Useful for tracking IP activity.
|
|
597
|
-
|
|
598
|
-
1. You must pass in a node name to query with `-n NODE_NAME`
|
|
558
|
+
1. In devops mode, this command will not do anything without the -R repository passed.
|
|
599
559
|
|
|
600
|
-
|
|
560
|
+
26. `cft get_log_from_bag <NODE_NAME-COMMAND_TYPE>` this command grabs the latest command run log from the data bags and saves it to your log directory. There are different types of logs saved per server depending on command.
|
|
601
561
|
|
|
602
|
-
|
|
562
|
+
27. `cft get_pg_pass ['clip']` command will output the current environment's pg_password to your terminal. Optionally you can pass in clip like `cft get_pg_pass clip` to have it also copy the pass to your clipboard.
|
|
603
563
|
|
|
604
564
|
28. `cft help COMMAND|MODE` this command returns the documentation for a specific command if COMMAND matches the name of a command. Alternatively, it can be passed `action|arguments|application|current|devops|stateless_action` to fetch the commands for a specific mode.Misspellings of commands will display near hits.
|
|
605
565
|
|
|
@@ -615,6 +575,8 @@
|
|
|
615
575
|
|
|
616
576
|
1. The force option will add the force option to knife upload.
|
|
617
577
|
|
|
578
|
+
2. Utilize `knife cookbook upload -a -V --cookbook-path ./cookbooks` if this command gives you trouble
|
|
579
|
+
|
|
618
580
|
32. `cft list_toggleable_roles NODE_NAME` This command will allow you to see all toggleable roles for a node
|
|
619
581
|
|
|
620
582
|
33. `cft location_aliases` will list all location aliases listed in your cheftacular.yml. These aliases can be used in the `cft file` command.
|
|
@@ -705,7 +667,7 @@
|
|
|
705
667
|
|
|
706
668
|
3. The argument `skip_update_tld` will stop the long process of checking and updating all the server domains _before_ cloudflare is updated. Only skip if you believe your domain info on your cloud is accurate.
|
|
707
669
|
|
|
708
|
-
49. `cft update_cookbook [COOKBOOK_NAME]` allows you to specifically update a single cookbook
|
|
670
|
+
49. `cft update_cookbook [COOKBOOK_NAME] [INSTALL_VERSION]` allows you to specifically update a single cookbook
|
|
709
671
|
|
|
710
672
|
1. This command passed with no arguments will update TheCheftacularCookbook
|
|
711
673
|
|
|
@@ -36,6 +36,8 @@ class Cheftacular
|
|
|
36
36
|
|
|
37
37
|
deployment_args = { in: :groups, limit: 10, wait: 5 } if @options['env'] == 'production'
|
|
38
38
|
|
|
39
|
+
@config['pleasantries'].good_luck_fridays if @config['cheftacular']['pleasantries']
|
|
40
|
+
|
|
39
41
|
#on is namespaced to SSHKit::Backend::Netssh.on
|
|
40
42
|
on ( nodes.map { |n| @config['cheftacular']['deploy_user'] + "@" + n.public_ipaddress } ), deployment_args do |host|
|
|
41
43
|
n = get_node_from_address(nodes, host.hostname)
|
|
@@ -52,13 +52,13 @@ class Cheftacular
|
|
|
52
52
|
end
|
|
53
53
|
|
|
54
54
|
def migrate_wordpress nodes=[]
|
|
55
|
-
puts
|
|
55
|
+
puts("Method #{ __method__ } is not yet implemented") if @options['verbose']
|
|
56
56
|
|
|
57
57
|
return false
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
def migrate_nodejs nodes=[]
|
|
61
|
-
puts
|
|
61
|
+
puts("Method #{ __method__ } is not yet implemented") if @options['verbose']
|
|
62
62
|
|
|
63
63
|
return false
|
|
64
64
|
end
|
|
@@ -68,7 +68,7 @@ class Cheftacular
|
|
|
68
68
|
end
|
|
69
69
|
|
|
70
70
|
def migrate_ nodes=[]
|
|
71
|
-
puts
|
|
71
|
+
puts("Migrate method tried to migrate the role \"#{ @options['role'] }\" but it doesn't appear to have a repository set! Skipping...") if @options['verbose']
|
|
72
72
|
|
|
73
73
|
return false
|
|
74
74
|
end
|
data/lib/cheftacular/auditor.rb
CHANGED
|
@@ -23,6 +23,7 @@ class Cheftacular
|
|
|
23
23
|
def audit_run_as_hash ret_hash={}, options_to_ignore=[]
|
|
24
24
|
ret_hash['hostname'] = Socket.gethostname
|
|
25
25
|
ret_hash['directory'] = @config['locs']['root']
|
|
26
|
+
ret_hash['version'] = Cheftacular::VERSION
|
|
26
27
|
ret_hash['command'] = @options['command']
|
|
27
28
|
|
|
28
29
|
options_to_ignore << :preferred_cloud if @options['preferred_cloud'] == @config['cheftacular']['preferred_cloud']
|
|
@@ -40,11 +41,12 @@ class Cheftacular
|
|
|
40
41
|
ret_hash
|
|
41
42
|
end
|
|
42
43
|
|
|
43
|
-
def compile_audit_hash_entry_as_array audit_hash, entry_number=0, ret_array=[], directory_content=''
|
|
44
|
+
def compile_audit_hash_entry_as_array audit_hash, entry_number=0, ret_array=[], directory_content='', version_content=''
|
|
44
45
|
directory_content = " (#{ audit_hash['directory'] })" if audit_hash.has_key?('directory')
|
|
46
|
+
version_content = " [#{ audit_hash['version'] }]" if audit_hash.has_key?('version')
|
|
45
47
|
|
|
46
48
|
ret_array << "#{ (entry_number.to_s + '. ') unless entry_number == 0 }#{ audit_hash['command'] }"
|
|
47
|
-
ret_array << " Hostname: #{ audit_hash['hostname'] }#{ directory_content }"
|
|
49
|
+
ret_array << " Hostname: #{ audit_hash['hostname'] }#{ directory_content }#{ version_content }"
|
|
48
50
|
ret_array << " Arguments: #{ audit_hash['arguments'] }" if !audit_hash['arguments'].nil? && !audit_hash['arguments'].empty?
|
|
49
51
|
ret_array << " Options: #{ audit_hash['options'].to_hash }" unless audit_hash['options'].empty?
|
|
50
52
|
|
|
@@ -23,6 +23,9 @@ class Cheftacular
|
|
|
23
23
|
raise "CRITICAL! Unable to capture addresses for the server!" if ret_array[0].nil? || ret_array[1].nil?
|
|
24
24
|
|
|
25
25
|
ret_array
|
|
26
|
+
rescue StandardError => e
|
|
27
|
+
puts "Encountered #{ e } for server hash:"
|
|
28
|
+
ap cloud_server_hash
|
|
26
29
|
end
|
|
27
30
|
|
|
28
31
|
def parse_server_root_password_from_server_create_hash server_hash, real_node_name
|
|
@@ -4,6 +4,10 @@ class Cheftacular
|
|
|
4
4
|
@options, @config = options, config
|
|
5
5
|
end
|
|
6
6
|
|
|
7
|
+
def log_directories
|
|
8
|
+
['applog', 'deploy', 'failed-deploy', 'rolelog', 'rvm', 'server-setup', 'stashedlog']
|
|
9
|
+
end
|
|
10
|
+
|
|
7
11
|
def write_version_file version
|
|
8
12
|
File.open( current_version_file_path, "w") { |f| f.write(version) }
|
|
9
13
|
end
|
|
@@ -214,6 +218,44 @@ class Cheftacular
|
|
|
214
218
|
end
|
|
215
219
|
end
|
|
216
220
|
|
|
221
|
+
def initialize_log_directories should_cleanup_file_caches=true
|
|
222
|
+
log_directories.each do |sub_log_directory|
|
|
223
|
+
FileUtils.mkdir_p File.join( @config['locs']['chef-log'], sub_log_directory )
|
|
224
|
+
end
|
|
225
|
+
|
|
226
|
+
FileUtils.mkdir_p File.join( @config['locs']['app-tmp'], @config['helper'].declassify)
|
|
227
|
+
|
|
228
|
+
FileUtils.mkdir_p @config['filesystem'].current_nodes_file_cache_path
|
|
229
|
+
|
|
230
|
+
cleanup_file_caches if should_cleanup_file_caches
|
|
231
|
+
end
|
|
232
|
+
|
|
233
|
+
def remove_log_directories directories_to_not_remove_array=[]
|
|
234
|
+
(log_directories - directories_to_not_remove_array).each do |log_directory|
|
|
235
|
+
FileUtils.rm_rf File.join( @config['locs']['chef-log'], log_directory.strip )
|
|
236
|
+
end
|
|
237
|
+
end
|
|
238
|
+
|
|
239
|
+
def generate_report_from_node_hash report_name, node_hash={}, out=[]
|
|
240
|
+
node_hash.each_pair do |serv_name, output|
|
|
241
|
+
out << "#{ serv_name }:"
|
|
242
|
+
|
|
243
|
+
output.join("\n").split("\n").each do |line|
|
|
244
|
+
out << " #{ line }"
|
|
245
|
+
end
|
|
246
|
+
|
|
247
|
+
out << "\n"
|
|
248
|
+
end
|
|
249
|
+
|
|
250
|
+
puts(out) if @options['no_logs'] || @options['verbose']
|
|
251
|
+
|
|
252
|
+
log_loc, timestamp = @config['helper'].set_log_loc_and_timestamp
|
|
253
|
+
|
|
254
|
+
puts("Generating log file for #{ report_name } at #{ log_loc }/#{ report_name.gsub(' ', '-') }-#{ timestamp }.txt") unless @options['quiet']
|
|
255
|
+
|
|
256
|
+
File.open("#{ log_loc }/#{ report_name.gsub(' ', '-') }-#{ timestamp }.txt", "w") { |f| f.write(out.join("\n").scrub_pretty_text) } unless @options['no_logs']
|
|
257
|
+
end
|
|
258
|
+
|
|
217
259
|
private
|
|
218
260
|
def current_file_path file_name, use_timestamp=true
|
|
219
261
|
File.join( @config['locs']['app-root'], 'tmp', @config['helper'].declassify, ( use_timestamp ? "#{ Time.now.strftime("%Y%m%d") }-#{ file_name }" : file_name ))
|
data/lib/cheftacular/helper.rb
CHANGED
|
@@ -325,7 +325,8 @@ class Cheftacular
|
|
|
325
325
|
diff_hash = @config['initial_cheftacular_yml'].deep_diff(@config['default']['cheftacular_bag_hash'], true).except('mode', 'default_repository').compact
|
|
326
326
|
|
|
327
327
|
recursive_hash_scrub(diff_hash)
|
|
328
|
-
|
|
328
|
+
|
|
329
|
+
recursive_hash_scrub(diff_hash) unless diff_hash.empty? #scrub out any leftover empty hashes
|
|
329
330
|
|
|
330
331
|
if diff_hash.empty?
|
|
331
332
|
puts "No difference detected between your cheftacular.yml and the global environment."
|
|
@@ -489,6 +489,7 @@ class Cheftacular
|
|
|
489
489
|
@config['action_documentation'] = Cheftacular::ActionDocumentation.new(@options, @config)
|
|
490
490
|
@config['stateless_action_documentation'] = Cheftacular::StatelessActionDocumentation.new(@options, @config)
|
|
491
491
|
@config['error'] = Cheftacular::Error.new(@options, @config)
|
|
492
|
+
@config['pleasantries'] = Cheftacular::Pleasantries.new(@options, @config)
|
|
492
493
|
@config['dummy_sshkit'] = SSHKit::Backend::Netssh.new(SSHKit::Host.new('127.0.0.1'))
|
|
493
494
|
@config['DNS'] = Cheftacular::DNS.new(@options, @config)
|
|
494
495
|
@config['queue_master'] = Cheftacular::QueueMaster.new(@options, @config)
|
|
@@ -496,15 +497,7 @@ class Cheftacular
|
|
|
496
497
|
end
|
|
497
498
|
|
|
498
499
|
def initialize_directories
|
|
499
|
-
['
|
|
500
|
-
FileUtils.mkdir_p File.join( @config['locs']['chef-log'], sub_log_directory )
|
|
501
|
-
end
|
|
502
|
-
|
|
503
|
-
FileUtils.mkdir_p File.join( @config['locs']['app-tmp'], @config['helper'].declassify)
|
|
504
|
-
|
|
505
|
-
FileUtils.mkdir_p @config['filesystem'].current_nodes_file_cache_path
|
|
506
|
-
|
|
507
|
-
@config['filesystem'].cleanup_file_caches
|
|
500
|
+
@config['filesystem'].initialize_log_directories
|
|
508
501
|
end
|
|
509
502
|
|
|
510
503
|
def initialize_cloud_checks exit_on_finish = false
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
class Cheftacular
|
|
2
|
+
class Pleasantries
|
|
3
|
+
def initialize options, config
|
|
4
|
+
@options, @config = options, config
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
def good_luck_fridays #https://gist.github.com/exAspArk/4f18795bc89b6e2666ee
|
|
8
|
+
friday_jumper = %{
|
|
9
|
+
┓┏┓┏┓┃
|
|
10
|
+
┛┗┛┗┛┃⟍ ○⟋
|
|
11
|
+
┓┏┓┏┓┃ ∕ Friday
|
|
12
|
+
┛┗┛┗┛┃ノ)
|
|
13
|
+
┓┏┓┏┓┃ deploy,
|
|
14
|
+
┛┗┛┗┛┃
|
|
15
|
+
┓┏┓┏┓┃ good
|
|
16
|
+
┛┗┛┗┛┃
|
|
17
|
+
┓┏┓┏┓┃ luck!
|
|
18
|
+
┃┃┃┃┃┃
|
|
19
|
+
┻┻┻┻┻┻
|
|
20
|
+
}.strip!
|
|
21
|
+
|
|
22
|
+
puts(friday_jumper) if Time.now.friday? && @options['env'] == 'production'
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -62,7 +62,7 @@ class Cheftacular
|
|
|
62
62
|
"deploying from, your git user needs access to these forks / organization(s).",
|
|
63
63
|
|
|
64
64
|
" 3. The `-z|--unset-github-deploy-args` option will clear your current `-Z` and `-O` flags."
|
|
65
|
-
]
|
|
65
|
+
] if @config['documentation']['arguments'].empty?
|
|
66
66
|
end
|
|
67
67
|
|
|
68
68
|
alias_method :flags, :arguments
|
|
@@ -175,7 +175,7 @@ class Cheftacular
|
|
|
175
175
|
|
|
176
176
|
if execution_hash.has_key?(:retries)
|
|
177
177
|
execution_hash[:retries] = execution_hash[:retries] -= 1
|
|
178
|
-
puts "There are #{ execution_hash[:retries] } tries left to evaluate the command."
|
|
178
|
+
puts "#{ server_name_output(server_hash) }_@@@@@@@@@@@ There are #{ execution_hash[:retries] } tries left to evaluate the above command."
|
|
179
179
|
|
|
180
180
|
sleep 60
|
|
181
181
|
|
|
@@ -15,6 +15,12 @@ class Cheftacular
|
|
|
15
15
|
class StatelessAction
|
|
16
16
|
def check_cheftacular_yml_keys out=[], exit_on_missing=false, warn_on_missing=false
|
|
17
17
|
base_message = "Your cheftacular.yml is missing the key KEY, its default value is being set to DEFAULT for this run."
|
|
18
|
+
|
|
19
|
+
#############################2.13.0################################################
|
|
20
|
+
|
|
21
|
+
unless @config['cheftacular'].has_key?('pleasantries')
|
|
22
|
+
@config['cheftacular']['pleasantries'] = true
|
|
23
|
+
end
|
|
18
24
|
|
|
19
25
|
#############################2.11.0################################################
|
|
20
26
|
|
|
@@ -13,7 +13,9 @@ class Cheftacular
|
|
|
13
13
|
" 2. `diff` will show the difference between your current cheftacular.yml and the server's. Run automatically on a sync.",
|
|
14
14
|
|
|
15
15
|
" 3. `sync` will sync your local cheftacular yaml keys ONTO the server's keys. Will send a slack notification " +
|
|
16
|
-
"if slack is configured (the slack notification contains the diffed keys). The sync only occurs if there are CHANGES to the file."
|
|
16
|
+
"if slack is configured (the slack notification contains the diffed keys). The sync only occurs if there are CHANGES to the file.",
|
|
17
|
+
|
|
18
|
+
" 4. This command is aliased to `cc`"
|
|
17
19
|
]
|
|
18
20
|
]
|
|
19
21
|
|
|
@@ -32,6 +34,8 @@ class Cheftacular
|
|
|
32
34
|
self.send("cheftacular_config_#{ command }")
|
|
33
35
|
end
|
|
34
36
|
|
|
37
|
+
alias_method :cc, :cheftacular_config
|
|
38
|
+
|
|
35
39
|
private
|
|
36
40
|
|
|
37
41
|
def cheftacular_config_display
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
|
|
2
|
+
class Cheftacular
|
|
3
|
+
class StatelessActionDocumentation
|
|
4
|
+
def cleanup_logs
|
|
5
|
+
@config['documentation']['stateless_action'][__method__] ||= {}
|
|
6
|
+
@config['documentation']['stateless_action'][__method__]['long_description'] = [
|
|
7
|
+
"`cft cleanup_logs [DIRECTORIES_TO_NOT_DELETE]` this command allows you to clear your local log files",
|
|
8
|
+
|
|
9
|
+
[
|
|
10
|
+
" 1. By default, this command will delete all the cheftacular directories in your log folder.",
|
|
11
|
+
|
|
12
|
+
" 2. This command supports a comma separated list of folders you don't want to delete."
|
|
13
|
+
]
|
|
14
|
+
]
|
|
15
|
+
|
|
16
|
+
@config['documentation']['stateless_action'][__method__]['short_description'] = 'Clears cheftacular log directories'
|
|
17
|
+
|
|
18
|
+
@config['documentation']['application'][__method__] = @config['documentation']['stateless_action'][__method__]
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
class InitializationAction
|
|
23
|
+
def cleanup_logs
|
|
24
|
+
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
class StatelessAction
|
|
29
|
+
def cleanup_logs directories_to_not_delete=''
|
|
30
|
+
directories_to_not_delete = ARGV[1] if directories_to_not_delete.blank?
|
|
31
|
+
directories_to_not_delete ||= ''
|
|
32
|
+
|
|
33
|
+
@config['filesystem'].remove_log_directories(directories_to_not_delete.split(','))
|
|
34
|
+
|
|
35
|
+
@config['filesystem'].initialize_log_directories(false)
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
@@ -18,7 +18,9 @@ class Cheftacular
|
|
|
18
18
|
|
|
19
19
|
" 4. `-S|--search-role-name ROLE_NAME` option will make this command return results that INCLUDE the ROLE_NAME.",
|
|
20
20
|
|
|
21
|
-
" 5. `-E|--search-env-name ENV_NAME` option will make this command return results that have this environment."
|
|
21
|
+
" 5. `-E|--search-env-name ENV_NAME` option will make this command return results that have this environment.",
|
|
22
|
+
|
|
23
|
+
" 6. This command is aliased to `cft clients` and `cft c`"
|
|
22
24
|
]
|
|
23
25
|
]
|
|
24
26
|
|
|
@@ -96,5 +98,8 @@ class Cheftacular
|
|
|
96
98
|
end
|
|
97
99
|
end
|
|
98
100
|
end
|
|
101
|
+
|
|
102
|
+
alias_method :clients, :client_list
|
|
103
|
+
alias_method :c, :client_list
|
|
99
104
|
end
|
|
100
105
|
end
|
|
@@ -35,27 +35,7 @@ class Cheftacular
|
|
|
35
35
|
disk_hash[n.name] = start_disk_report( n.name, n.public_ipaddress, options, locs, passwords)
|
|
36
36
|
end
|
|
37
37
|
|
|
38
|
-
|
|
39
|
-
out << "#{ serv_name }:"
|
|
40
|
-
|
|
41
|
-
line_count = 1
|
|
42
|
-
|
|
43
|
-
output.join("\n").split("\n").each do |line|
|
|
44
|
-
out << line_count == 1 ? " #{ line }" : " #{ line }"
|
|
45
|
-
|
|
46
|
-
line_count += 1
|
|
47
|
-
end
|
|
48
|
-
|
|
49
|
-
out << "\n"
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
puts(out) if @options['no_logs'] || @options['verbose']
|
|
53
|
-
|
|
54
|
-
log_loc, timestamp = @config['helper'].set_log_loc_and_timestamp
|
|
55
|
-
|
|
56
|
-
puts("Generating log file for disk report at #{ log_loc }/disk-report-#{ timestamp }.txt") unless @options['quiet']
|
|
57
|
-
|
|
58
|
-
File.open("#{ log_loc }/disk-report-#{ timestamp }.txt", "w") { |f| f.write(out.join("\n").scrub_pretty_text) } unless @options['no_logs']
|
|
38
|
+
@config['filesystem'].generate_report_from_node_hash('disk report', disk_hash)
|
|
59
39
|
end
|
|
60
40
|
end
|
|
61
41
|
end
|
|
@@ -3,17 +3,50 @@ class Cheftacular
|
|
|
3
3
|
def get_active_ssh_connections
|
|
4
4
|
@config['documentation']['stateless_action'][__method__] ||= {}
|
|
5
5
|
@config['documentation']['stateless_action'][__method__]['long_description'] = [
|
|
6
|
-
"
|
|
6
|
+
"`cft get_active_ssh_connections` will fetch the active ssh connections from every server and output it into your log directory.",
|
|
7
|
+
|
|
8
|
+
[
|
|
9
|
+
" 1. This command runs on all servers in an environment by default"
|
|
10
|
+
]
|
|
7
11
|
]
|
|
8
12
|
|
|
9
|
-
|
|
13
|
+
@config['documentation']['stateless_action'][__method__]['short_description'] = 'Check servers for active ssh connections'
|
|
14
|
+
@config['documentation']['application'][__method__] = @config['documentation']['stateless_action'][__method__]
|
|
10
15
|
end
|
|
11
16
|
end
|
|
12
17
|
|
|
13
18
|
class StatelessAction
|
|
14
|
-
def get_active_ssh_connections
|
|
15
|
-
|
|
16
|
-
|
|
19
|
+
def get_active_ssh_connections connections_hash={}, out=[]
|
|
20
|
+
nodes = @config['getter'].get_true_node_objects(true)
|
|
21
|
+
|
|
22
|
+
nodes = @config['parser'].exclude_nodes( nodes, [{ unless: { env: @options['env'] }}] )
|
|
23
|
+
|
|
24
|
+
options, locs, ridley, logs_bag_hash, pass_bag_hash, bundle_command, cheftacular, passwords = @config['helper'].set_local_instance_vars
|
|
25
|
+
|
|
26
|
+
on ( nodes.map { |n| @config['cheftacular']['deploy_user'] + "@" + n.public_ipaddress } ) do |host|
|
|
27
|
+
n = get_node_from_address(nodes, host.hostname)
|
|
28
|
+
|
|
29
|
+
puts "Beginning ssh connection check run for #{ n.name } (#{ n.public_ipaddress })"
|
|
30
|
+
|
|
31
|
+
connections_hash[n.name] = start_connection_report( n.name, n.public_ipaddress, options, locs, passwords)
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
@config['filesystem'].generate_report_from_node_hash('connections report', connections_hash)
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
module SSHKit
|
|
40
|
+
module Backend
|
|
41
|
+
class Netssh
|
|
42
|
+
def start_connection_report name, ip_address, options, locs, passwords, out=[]
|
|
43
|
+
|
|
44
|
+
out << capture( :netstat, '-atn', :|, :grep, ':22' )
|
|
45
|
+
|
|
46
|
+
puts(out.join("\n")) if options['output'] || options['verbose']
|
|
47
|
+
|
|
48
|
+
out
|
|
49
|
+
end
|
|
17
50
|
end
|
|
18
51
|
end
|
|
19
52
|
end
|
data/lib/cheftacular/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cheftacular
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.13.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Louis Alridge
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-01-
|
|
11
|
+
date: 2016-01-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: hashie
|
|
@@ -276,6 +276,7 @@ files:
|
|
|
276
276
|
- lib/cheftacular/initialization_action.rb
|
|
277
277
|
- lib/cheftacular/initializer.rb
|
|
278
278
|
- lib/cheftacular/parser.rb
|
|
279
|
+
- lib/cheftacular/pleasantries.rb
|
|
279
280
|
- lib/cheftacular/queue_master.rb
|
|
280
281
|
- lib/cheftacular/stateless_action.rb
|
|
281
282
|
- lib/cheftacular/stateless_actions/add_ssh_key_to_bag.rb
|
|
@@ -294,7 +295,7 @@ files:
|
|
|
294
295
|
- lib/cheftacular/stateless_actions/cheftacular_yml_help.rb
|
|
295
296
|
- lib/cheftacular/stateless_actions/clean_cookbooks.rb
|
|
296
297
|
- lib/cheftacular/stateless_actions/clean_server_passwords.rb
|
|
297
|
-
- lib/cheftacular/stateless_actions/
|
|
298
|
+
- lib/cheftacular/stateless_actions/cleanup_logs.rb
|
|
298
299
|
- lib/cheftacular/stateless_actions/clear_caches.rb
|
|
299
300
|
- lib/cheftacular/stateless_actions/client_list.rb
|
|
300
301
|
- lib/cheftacular/stateless_actions/cloud.rb
|
|
@@ -312,7 +313,6 @@ files:
|
|
|
312
313
|
- lib/cheftacular/stateless_actions/get_haproxy_log.rb
|
|
313
314
|
- lib/cheftacular/stateless_actions/get_log_from_bag.rb
|
|
314
315
|
- lib/cheftacular/stateless_actions/get_pg_pass.rb
|
|
315
|
-
- lib/cheftacular/stateless_actions/get_shorewall_allowed_connections.rb
|
|
316
316
|
- lib/cheftacular/stateless_actions/help.rb
|
|
317
317
|
- lib/cheftacular/stateless_actions/initialize_cheftacular_yml.rb
|
|
318
318
|
- lib/cheftacular/stateless_actions/initialize_data_bag_contents.rb
|
|
@@ -1,130 +0,0 @@
|
|
|
1
|
-
class Cheftacular
|
|
2
|
-
class StatelessActionDocumentation
|
|
3
|
-
def get_shorewall_allowed_connections
|
|
4
|
-
@config['documentation']['stateless_action'][__method__] ||= {}
|
|
5
|
-
@config['documentation']['stateless_action'][__method__]['long_description'] = [
|
|
6
|
-
"`cft get_shorewall_allowed_connections [PATH_TO_LOCAL_FILE] -n NODE_NAME` command will query a single server and return all of its ACCEPT connections " +
|
|
7
|
-
"from shorewall in it's syslog and return the results in a CSV format. Useful for tracking IP activity.",
|
|
8
|
-
|
|
9
|
-
[
|
|
10
|
-
" 1. You must pass in a node name to query with `-n NODE_NAME`",
|
|
11
|
-
|
|
12
|
-
" 2. This command will attempt to `dig` each ip address to give you the most likely culprit.",
|
|
13
|
-
|
|
14
|
-
" 3. If `PATH_TO_LOCAL_FILE` is not blank, the command will use that file instead of building a file on the remote server"
|
|
15
|
-
]
|
|
16
|
-
]
|
|
17
|
-
end
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
class StatelessAction
|
|
21
|
-
def get_shorewall_allowed_connections master_log_data=''
|
|
22
|
-
|
|
23
|
-
if ARGV[1].nil?
|
|
24
|
-
raise "Please pass a NODE_NAME with -n NODE_NAME" if @options['node_name'].nil? || @options['node_name'].empty?
|
|
25
|
-
|
|
26
|
-
nodes = @config['getter'].get_true_node_objects true
|
|
27
|
-
|
|
28
|
-
nodes = @config['parser'].exclude_nodes(nodes, [{ unless: { env: @options['env'] }}, { unless: { node: @options['node_name'] }}], true)
|
|
29
|
-
|
|
30
|
-
#this must always precede on () calls so they have the instance variables they need
|
|
31
|
-
options, locs, ridley, logs_bag_hash, pass_bag_hash, bundle_command, cheftacular, passwords = @config['helper'].set_local_instance_vars
|
|
32
|
-
|
|
33
|
-
#on is namespaced to SSHKit::Backend::Netssh.on
|
|
34
|
-
on ( nodes.map { |n| @config['cheftacular']['deploy_user'] + "@" + n.public_ipaddress } ) do |host|
|
|
35
|
-
n = get_node_from_address(nodes, host.hostname)
|
|
36
|
-
|
|
37
|
-
puts("Beginning shorewall log capture run for #{ n.name } (#{ n.public_ipaddress })") unless options['quiet']
|
|
38
|
-
|
|
39
|
-
master_log_data = start_shorewall_log_capture( n.name, n.public_ipaddress, options, locs, cheftacular, passwords)
|
|
40
|
-
end
|
|
41
|
-
else
|
|
42
|
-
master_log_file = ARGV[1]
|
|
43
|
-
|
|
44
|
-
raise "File not found! Did you enter the path correctly?" unless File.exist?(master_log_file)
|
|
45
|
-
|
|
46
|
-
master_log_data = File.read(File.expand_path(master_log_file))
|
|
47
|
-
end
|
|
48
|
-
|
|
49
|
-
puts("Parsing addresses from log data...") unless @options['quiet']
|
|
50
|
-
|
|
51
|
-
addresses = {}
|
|
52
|
-
|
|
53
|
-
master_log_data.scan(/^.*Shorewall:net2fw:ACCEPT.*SRC=([\d]+\.[\d]+\.[\d]+\.[\d]+) DST.*DPT=80.*$/).each do |ip_address|
|
|
54
|
-
addresses[ip_address] ||= 0
|
|
55
|
-
addresses[ip_address] += 1
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
final_addresses = {}
|
|
59
|
-
check_count = 0
|
|
60
|
-
addresses.each_pair do |address, count|
|
|
61
|
-
next if count < 100
|
|
62
|
-
|
|
63
|
-
domain = `dig +short -x #{ address[0] }`.chomp.split("\n").join('|')
|
|
64
|
-
domain = domain[0..(domain.length-2)]
|
|
65
|
-
|
|
66
|
-
domain = address[0] if domain.blank?
|
|
67
|
-
|
|
68
|
-
final_addresses[domain] ||= {}
|
|
69
|
-
final_addresses[domain]['addresses'] ||= []
|
|
70
|
-
final_addresses[domain]['addresses'] << address[0] unless final_addresses[domain]['addresses'].include?(address[0])
|
|
71
|
-
final_addresses[domain]['count'] = count unless final_addresses[domain].has_key?('count')
|
|
72
|
-
final_addresses[domain]['count'] += count if final_addresses[domain].has_key?('count')
|
|
73
|
-
|
|
74
|
-
check_count += 1
|
|
75
|
-
|
|
76
|
-
puts("Processed #{ check_count } addresses (#{ address[0] }):#{ domain }:#{ count }") unless @options['quiet']
|
|
77
|
-
end
|
|
78
|
-
|
|
79
|
-
final_addresses = final_addresses.sort_by {|key, value_hash| value_hash['count']}.to_h
|
|
80
|
-
|
|
81
|
-
final_addresses = Hash[final_addresses.to_a.reverse]
|
|
82
|
-
|
|
83
|
-
ap(final_addresses) if @options['verbose']
|
|
84
|
-
|
|
85
|
-
log_loc, timestamp = @config['helper'].set_log_loc_and_timestamp
|
|
86
|
-
|
|
87
|
-
CSV.open(File.expand_path("#{ @config['locs']['chef-log'] }/shorewall-parse-#{ timestamp }.csv"), "wb") do |csv|
|
|
88
|
-
final_addresses.each_pair do |dns, info_hash|
|
|
89
|
-
csv << [dns, info_hash['addresses'].join('|'), info_hash['count']]
|
|
90
|
-
end
|
|
91
|
-
end
|
|
92
|
-
end
|
|
93
|
-
end
|
|
94
|
-
end
|
|
95
|
-
|
|
96
|
-
module SSHKit
|
|
97
|
-
module Backend
|
|
98
|
-
class Netssh
|
|
99
|
-
def start_shorewall_log_capture name, ip_address, options, locs, cheftacular, passwords, out=[]
|
|
100
|
-
log_loc, timestamp = set_log_loc_and_timestamp(locs)
|
|
101
|
-
|
|
102
|
-
puts("Generating master log file for shorewall for #{ name } (#{ ip_address }) at #{ log_loc }/#{ name }-shorewall-#{ timestamp }.html") unless options['quiet']
|
|
103
|
-
|
|
104
|
-
syslog_files = capture(:ls, '/var/log', :|, :grep, :syslog).split("\n")
|
|
105
|
-
|
|
106
|
-
puts("Found #{ syslog_files.count } syslog files to parse (#{ syslog_files.join(', ') }).\nPreparing to parse...") unless options['quiet']
|
|
107
|
-
|
|
108
|
-
syslog_files.each do |file|
|
|
109
|
-
puts("Parsing #{ file } into master log file...") unless options['quiet']
|
|
110
|
-
|
|
111
|
-
if file.include?('.gz')
|
|
112
|
-
sudo_execute(passwords[ip_address], :gunzip, '-c', "/var/log/#{ file }", '>>', '/tmp/syslog_master.log' )
|
|
113
|
-
else
|
|
114
|
-
sudo_execute(passwords[ip_address], :cat, "/var/log/#{ file }", '>>', '/tmp/syslog_master.log' )
|
|
115
|
-
end
|
|
116
|
-
end
|
|
117
|
-
|
|
118
|
-
puts("Writing master log...") unless options['quiet']
|
|
119
|
-
|
|
120
|
-
out << sudo_capture( passwords[ip_address], :cat, "/tmp/syslog_master.log" )
|
|
121
|
-
|
|
122
|
-
::File.open("#{ log_loc }/#{ name }-shorewall-#{ timestamp }.html", "w") { |f| f.write(out.join("\n").scrub_pretty_text.gsub('[sudo] password for deploy: ', '')) } unless options['no_logs']
|
|
123
|
-
|
|
124
|
-
sudo_execute(passwords[ip_address], :rm, '-f', '/tmp/syslog_master.log')
|
|
125
|
-
|
|
126
|
-
out.join("\n")
|
|
127
|
-
end
|
|
128
|
-
end
|
|
129
|
-
end
|
|
130
|
-
end
|