dtk-node-agent 0.7.7 → 0.8.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -13
- data/README.md +21 -4
- data/bin/dtk-node-agent +17 -0
- data/lib/config/install.config +2 -2
- data/lib/dtk-node-agent/installer.rb +30 -25
- data/lib/dtk-node-agent/version.rb +18 -1
- metadata +23 -110
- data/mcollective_additions/debian.mcollective.init +0 -92
- data/mcollective_additions/plugins/README.md +0 -1
- data/mcollective_additions/plugins/v1.2/agent/discovery.rb +0 -39
- data/mcollective_additions/plugins/v1.2/agent/get_log_fragment.ddl +0 -15
- data/mcollective_additions/plugins/v1.2/agent/get_log_fragment.rb +0 -79
- data/mcollective_additions/plugins/v1.2/agent/git_access.ddl +0 -9
- data/mcollective_additions/plugins/v1.2/agent/git_access.rb +0 -79
- data/mcollective_additions/plugins/v1.2/agent/netstat.ddl +0 -9
- data/mcollective_additions/plugins/v1.2/agent/netstat.rb +0 -34
- data/mcollective_additions/plugins/v1.2/agent/puppet_apply.ddl +0 -9
- data/mcollective_additions/plugins/v1.2/agent/puppet_apply.rb +0 -630
- data/mcollective_additions/plugins/v1.2/agent/rpcutil.ddl +0 -204
- data/mcollective_additions/plugins/v1.2/agent/rpcutil.rb +0 -101
- data/mcollective_additions/plugins/v1.2/facts/pbuilder_facts.rb +0 -35
- data/mcollective_additions/plugins/v2.2/agent/action_agent.ddl +0 -9
- data/mcollective_additions/plugins/v2.2/agent/action_agent.rb +0 -47
- data/mcollective_additions/plugins/v2.2/agent/dev_manager.ddl +0 -9
- data/mcollective_additions/plugins/v2.2/agent/dev_manager.rb +0 -111
- data/mcollective_additions/plugins/v2.2/agent/discovery.rb +0 -39
- data/mcollective_additions/plugins/v2.2/agent/dtk_node_agent_git_client.rb +0 -94
- data/mcollective_additions/plugins/v2.2/agent/execute_tests.ddl +0 -9
- data/mcollective_additions/plugins/v2.2/agent/execute_tests.rb +0 -111
- data/mcollective_additions/plugins/v2.2/agent/execute_tests_v2.ddl +0 -9
- data/mcollective_additions/plugins/v2.2/agent/execute_tests_v2.rb +0 -131
- data/mcollective_additions/plugins/v2.2/agent/get_log_fragment.ddl +0 -15
- data/mcollective_additions/plugins/v2.2/agent/get_log_fragment.rb +0 -79
- data/mcollective_additions/plugins/v2.2/agent/git_access.ddl +0 -9
- data/mcollective_additions/plugins/v2.2/agent/git_access.rb +0 -61
- data/mcollective_additions/plugins/v2.2/agent/netstat.ddl +0 -9
- data/mcollective_additions/plugins/v2.2/agent/netstat.rb +0 -34
- data/mcollective_additions/plugins/v2.2/agent/ps.ddl +0 -9
- data/mcollective_additions/plugins/v2.2/agent/ps.rb +0 -37
- data/mcollective_additions/plugins/v2.2/agent/puppet_apply.ddl +0 -9
- data/mcollective_additions/plugins/v2.2/agent/puppet_apply.rb +0 -818
- data/mcollective_additions/plugins/v2.2/agent/puppet_cancel.ddl +0 -10
- data/mcollective_additions/plugins/v2.2/agent/puppet_cancel.rb +0 -78
- data/mcollective_additions/plugins/v2.2/agent/rpcutil.ddl +0 -204
- data/mcollective_additions/plugins/v2.2/agent/rpcutil.rb +0 -101
- data/mcollective_additions/plugins/v2.2/agent/ssh_agent.ddl +0 -13
- data/mcollective_additions/plugins/v2.2/agent/ssh_agent.rb +0 -97
- data/mcollective_additions/plugins/v2.2/agent/sync_agent_code.ddl +0 -10
- data/mcollective_additions/plugins/v2.2/agent/sync_agent_code.rb +0 -85
- data/mcollective_additions/plugins/v2.2/agent/tail.ddl +0 -11
- data/mcollective_additions/plugins/v2.2/agent/tail.rb +0 -67
- data/mcollective_additions/plugins/v2.2/audit/logfile.rb +0 -26
- data/mcollective_additions/plugins/v2.2/connector/r8stomp.rb +0 -238
- data/mcollective_additions/plugins/v2.2/connector/stomp.rb +0 -349
- data/mcollective_additions/plugins/v2.2/connector/stomp_em.rb +0 -191
- data/mcollective_additions/plugins/v2.2/data/agent_data.ddl +0 -22
- data/mcollective_additions/plugins/v2.2/data/agent_data.rb +0 -17
- data/mcollective_additions/plugins/v2.2/data/collective_data.ddl +0 -20
- data/mcollective_additions/plugins/v2.2/data/collective_data.rb +0 -9
- data/mcollective_additions/plugins/v2.2/data/fact_data.ddl +0 -28
- data/mcollective_additions/plugins/v2.2/data/fact_data.rb +0 -55
- data/mcollective_additions/plugins/v2.2/data/fstat_data.ddl +0 -89
- data/mcollective_additions/plugins/v2.2/data/fstat_data.rb +0 -56
- data/mcollective_additions/plugins/v2.2/discovery/flatfile.ddl +0 -11
- data/mcollective_additions/plugins/v2.2/discovery/flatfile.rb +0 -48
- data/mcollective_additions/plugins/v2.2/discovery/mc.ddl +0 -11
- data/mcollective_additions/plugins/v2.2/discovery/mc.rb +0 -30
- data/mcollective_additions/plugins/v2.2/discovery/stdin.ddl +0 -11
- data/mcollective_additions/plugins/v2.2/discovery/stdin.rb +0 -66
- data/mcollective_additions/plugins/v2.2/facts/pbuilder_facts.rb +0 -37
- data/mcollective_additions/plugins/v2.2/facts/yaml_facts.rb +0 -61
- data/mcollective_additions/plugins/v2.2/registration/agentlist.rb +0 -10
- data/mcollective_additions/plugins/v2.2/security/sshkey.ddl +0 -9
- data/mcollective_additions/plugins/v2.2/security/sshkey.rb +0 -362
- data/mcollective_additions/plugins/v2.2/util/puppetrunner.rb +0 -36
- data/mcollective_additions/plugins/v2.2/validator/array_validator.ddl +0 -7
- data/mcollective_additions/plugins/v2.2/validator/array_validator.rb +0 -9
- data/mcollective_additions/plugins/v2.2/validator/ipv4address_validator.ddl +0 -7
- data/mcollective_additions/plugins/v2.2/validator/ipv4address_validator.rb +0 -16
- data/mcollective_additions/plugins/v2.2/validator/ipv6address_validator.ddl +0 -7
- data/mcollective_additions/plugins/v2.2/validator/ipv6address_validator.rb +0 -16
- data/mcollective_additions/plugins/v2.2/validator/length_validator.ddl +0 -7
- data/mcollective_additions/plugins/v2.2/validator/length_validator.rb +0 -11
- data/mcollective_additions/plugins/v2.2/validator/regex_validator.ddl +0 -7
- data/mcollective_additions/plugins/v2.2/validator/regex_validator.rb +0 -9
- data/mcollective_additions/plugins/v2.2/validator/shellsafe_validator.ddl +0 -7
- data/mcollective_additions/plugins/v2.2/validator/shellsafe_validator.rb +0 -13
- data/mcollective_additions/plugins/v2.2/validator/typecheck_validator.ddl +0 -7
- data/mcollective_additions/plugins/v2.2/validator/typecheck_validator.rb +0 -28
- data/mcollective_additions/redhat.mcollective.init +0 -139
- data/mcollective_additions/redhat.mcollective.service +0 -14
- data/mcollective_additions/server.cfg +0 -22
- data/src/etc/logrotate.d/mcollective +0 -10
- data/src/etc/mcollective.default +0 -6
@@ -1,78 +0,0 @@
|
|
1
|
-
require 'rubygems'
|
2
|
-
require 'puppet'
|
3
|
-
require 'grit'
|
4
|
-
require 'tempfile'
|
5
|
-
require 'fileutils'
|
6
|
-
|
7
|
-
#TODO: move to be shared by agents
|
8
|
-
PuppetApplyLogDir = "/var/log/puppet"
|
9
|
-
ModulePath = "/etc/puppet/modules"
|
10
|
-
|
11
|
-
module MCollective
|
12
|
-
module Agent
|
13
|
-
class Puppet_cancel < RPC::Agent
|
14
|
-
def initialize()
|
15
|
-
super()
|
16
|
-
@log = Log.instance
|
17
|
-
@reply_data = nil
|
18
|
-
end
|
19
|
-
|
20
|
-
#
|
21
|
-
# Amar:
|
22
|
-
# puppet_cancel agent gets 'task_id' in request
|
23
|
-
# And goes through list of live threads inside stomp/mcollective process.
|
24
|
-
# If thread with matching 'task_id' is found that thread is killed
|
25
|
-
# If thread with matching 'task_id' is not found, error is returned in response
|
26
|
-
#
|
27
|
-
def run_action
|
28
|
-
task_id = request[:top_task_id]
|
29
|
-
@log.info("Terminating puppet apply thread for task_id=#{task_id}")
|
30
|
-
|
31
|
-
ret ||= Response.new()
|
32
|
-
|
33
|
-
Thread.list.each do |t|
|
34
|
-
if t[:task_id] == task_id
|
35
|
-
t[:is_canceled] = true
|
36
|
-
t.kill
|
37
|
-
@log.info("Puppet apply thread for task_id=#{task_id} terminated.")
|
38
|
-
ret.set_status_succeeded!()
|
39
|
-
return ret
|
40
|
-
end
|
41
|
-
end
|
42
|
-
|
43
|
-
@log.info("Puppet apply thread for task_id=#{task_id} is not running on this node.")
|
44
|
-
ret.set_status_failed!()
|
45
|
-
error_info = { :error => { :message => "Puppet apply thread for task_id=#{task_id} is not running on the node." } }
|
46
|
-
ret.merge!(error_info)
|
47
|
-
end
|
48
|
-
|
49
|
-
end
|
50
|
-
#TODO: this should be common accross Agents
|
51
|
-
class Response < Hash
|
52
|
-
def initialize(hash={})
|
53
|
-
super()
|
54
|
-
self.merge!(hash)
|
55
|
-
self[:status] = :unknown unless hash.has_key?(:status)
|
56
|
-
end
|
57
|
-
|
58
|
-
def to_hash()
|
59
|
-
Hash.new.merge(self)
|
60
|
-
end
|
61
|
-
|
62
|
-
def failed?()
|
63
|
-
self[:status] == :failed
|
64
|
-
end
|
65
|
-
|
66
|
-
def set_status_failed!()
|
67
|
-
self[:status] = :failed
|
68
|
-
end
|
69
|
-
def set_status_succeeded!()
|
70
|
-
self[:status] = :succeeded
|
71
|
-
end
|
72
|
-
def set_dynamic_attributes!(dynamic_attributes)
|
73
|
-
self[:dynamic_attributes] = dynamic_attributes
|
74
|
-
end
|
75
|
-
end
|
76
|
-
end
|
77
|
-
end
|
78
|
-
|
@@ -1,204 +0,0 @@
|
|
1
|
-
metadata :name => "rpcutil",
|
2
|
-
:description => "General helpful actions that expose stats and internals to SimpleRPC clients",
|
3
|
-
:author => "R.I.Pienaar <rip@devco.net>",
|
4
|
-
:license => "Apache License, Version 2.0",
|
5
|
-
:version => "1.0",
|
6
|
-
:url => "http://marionette-collective.org/",
|
7
|
-
:timeout => 10
|
8
|
-
|
9
|
-
action "collective_info", :description => "Info about the main and sub collectives" do
|
10
|
-
display :always
|
11
|
-
|
12
|
-
output :main_collective,
|
13
|
-
:description => "The main Collective",
|
14
|
-
:display_as => "Main Collective"
|
15
|
-
|
16
|
-
output :collectives,
|
17
|
-
:description => "All Collectives",
|
18
|
-
:display_as => "All Collectives"
|
19
|
-
|
20
|
-
summarize do
|
21
|
-
aggregate summary(:collectives)
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
action "inventory", :description => "System Inventory" do
|
26
|
-
display :always
|
27
|
-
|
28
|
-
output :agents,
|
29
|
-
:description => "List of agent names",
|
30
|
-
:display_as => "Agents"
|
31
|
-
|
32
|
-
output :facts,
|
33
|
-
:description => "List of facts and values",
|
34
|
-
:display_as => "Facts"
|
35
|
-
|
36
|
-
output :classes,
|
37
|
-
:description => "List of classes on the system",
|
38
|
-
:display_as => "Classes"
|
39
|
-
|
40
|
-
output :version,
|
41
|
-
:description => "MCollective Version",
|
42
|
-
:display_as => "Version"
|
43
|
-
|
44
|
-
output :main_collective,
|
45
|
-
:description => "The main Collective",
|
46
|
-
:display_as => "Main Collective"
|
47
|
-
|
48
|
-
output :collectives,
|
49
|
-
:description => "All Collectives",
|
50
|
-
:display_as => "All Collectives"
|
51
|
-
|
52
|
-
output :data_plugins,
|
53
|
-
:description => "List of data plugin names",
|
54
|
-
:display_as => "Data Plugins"
|
55
|
-
end
|
56
|
-
|
57
|
-
action "get_fact", :description => "Retrieve a single fact from the fact store" do
|
58
|
-
display :always
|
59
|
-
|
60
|
-
input :fact,
|
61
|
-
:prompt => "The name of the fact",
|
62
|
-
:description => "The fact to retrieve",
|
63
|
-
:type => :string,
|
64
|
-
:validation => '^[\w\-\.]+$',
|
65
|
-
:optional => false,
|
66
|
-
:maxlength => 40
|
67
|
-
|
68
|
-
output :fact,
|
69
|
-
:description => "The name of the fact being returned",
|
70
|
-
:display_as => "Fact"
|
71
|
-
|
72
|
-
output :value,
|
73
|
-
:description => "The value of the fact",
|
74
|
-
:display_as => "Value"
|
75
|
-
|
76
|
-
summarize do
|
77
|
-
aggregate summary(:value)
|
78
|
-
end
|
79
|
-
end
|
80
|
-
|
81
|
-
action "daemon_stats", :description => "Get statistics from the running daemon" do
|
82
|
-
display :always
|
83
|
-
|
84
|
-
output :threads,
|
85
|
-
:description => "List of threads active in the daemon",
|
86
|
-
:display_as => "Threads"
|
87
|
-
|
88
|
-
output :agents,
|
89
|
-
:description => "List of agents loaded",
|
90
|
-
:display_as => "Agents"
|
91
|
-
|
92
|
-
output :pid,
|
93
|
-
:description => "Process ID of the daemon",
|
94
|
-
:display_as => "PID"
|
95
|
-
|
96
|
-
output :times,
|
97
|
-
:description => "Processor time consumed by the daemon",
|
98
|
-
:display_as => "Times"
|
99
|
-
|
100
|
-
output :validated,
|
101
|
-
:description => "Messages that passed security validation",
|
102
|
-
:display_as => "Security Validated"
|
103
|
-
|
104
|
-
output :unvalidated,
|
105
|
-
:description => "Messages that failed security validation",
|
106
|
-
:display_as => "Failed Security"
|
107
|
-
|
108
|
-
output :passed,
|
109
|
-
:description => "Passed filter checks",
|
110
|
-
:display_as => "Passed Filter"
|
111
|
-
|
112
|
-
output :filtered,
|
113
|
-
:description => "Didn't pass filter checks",
|
114
|
-
:display_as => "Failed Filter"
|
115
|
-
|
116
|
-
output :starttime,
|
117
|
-
:description => "Time the server started",
|
118
|
-
:display_as => "Start Time"
|
119
|
-
|
120
|
-
output :total,
|
121
|
-
:description => "Total messages received",
|
122
|
-
:display_as => "Total Messages"
|
123
|
-
|
124
|
-
output :replies,
|
125
|
-
:description => "Replies sent back to clients",
|
126
|
-
:display_as => "Replies"
|
127
|
-
|
128
|
-
output :configfile,
|
129
|
-
:description => "Config file used to start the daemon",
|
130
|
-
:display_as => "Config File"
|
131
|
-
|
132
|
-
output :version,
|
133
|
-
:description => "MCollective Version",
|
134
|
-
:display_as => "Version"
|
135
|
-
|
136
|
-
output :ttlexpired,
|
137
|
-
:description => "Messages that did pass TTL checks",
|
138
|
-
:display_as => "TTL Expired"
|
139
|
-
|
140
|
-
summarize do
|
141
|
-
aggregate summary(:version)
|
142
|
-
aggregate summary(:agents)
|
143
|
-
end
|
144
|
-
end
|
145
|
-
|
146
|
-
action "agent_inventory", :description => "Inventory of all agents on the server" do
|
147
|
-
display :always
|
148
|
-
|
149
|
-
output :agents,
|
150
|
-
:description => "List of agents on the server",
|
151
|
-
:display_as => "Agents"
|
152
|
-
end
|
153
|
-
|
154
|
-
action "get_config_item", :description => "Get the active value of a specific config property" do
|
155
|
-
display :always
|
156
|
-
|
157
|
-
input :item,
|
158
|
-
:prompt => "Configuration Item",
|
159
|
-
:description => "The item to retrieve from the server",
|
160
|
-
:type => :string,
|
161
|
-
:validation => '^.+$',
|
162
|
-
:optional => false,
|
163
|
-
:maxlength => 50
|
164
|
-
|
165
|
-
output :item,
|
166
|
-
:description => "The config property being retrieved",
|
167
|
-
:display_as => "Property"
|
168
|
-
|
169
|
-
output :value,
|
170
|
-
:description => "The value that is in use",
|
171
|
-
:display_as => "Value"
|
172
|
-
|
173
|
-
summarize do
|
174
|
-
aggregate summary(:value)
|
175
|
-
end
|
176
|
-
end
|
177
|
-
|
178
|
-
action "get_data", :description => "Get data from a data plugin" do
|
179
|
-
display :always
|
180
|
-
|
181
|
-
input :source,
|
182
|
-
:prompt => "Data Source",
|
183
|
-
:description => "The data plugin to retrieve information from",
|
184
|
-
:type => :string,
|
185
|
-
:validation => '^\w+$',
|
186
|
-
:optional => false,
|
187
|
-
:maxlength => 50
|
188
|
-
|
189
|
-
input :query,
|
190
|
-
:prompt => "Query",
|
191
|
-
:description => "The query argument to supply to the data plugin",
|
192
|
-
:type => :string,
|
193
|
-
:validation => '^.+$',
|
194
|
-
:optional => true,
|
195
|
-
:maxlength => 50
|
196
|
-
end
|
197
|
-
|
198
|
-
action "ping", :description => "Responds to requests for PING with PONG" do
|
199
|
-
display :always
|
200
|
-
|
201
|
-
output :pong,
|
202
|
-
:description => "The local timestamp",
|
203
|
-
:display_as => "Timestamp"
|
204
|
-
end
|
@@ -1,101 +0,0 @@
|
|
1
|
-
module MCollective
|
2
|
-
module Agent
|
3
|
-
class Rpcutil<RPC::Agent
|
4
|
-
# Basic system inventory, same as the basic discovery agent
|
5
|
-
action "inventory" do
|
6
|
-
reply[:agents] = Agents.agentlist
|
7
|
-
reply[:facts] = PluginManager["facts_plugin"].get_facts
|
8
|
-
reply[:version] = MCollective.version
|
9
|
-
reply[:classes] = []
|
10
|
-
reply[:main_collective] = config.main_collective
|
11
|
-
reply[:collectives] = config.collectives
|
12
|
-
reply[:data_plugins] = PluginManager.grep(/_data$/)
|
13
|
-
|
14
|
-
cfile = Config.instance.classesfile
|
15
|
-
if File.exist?(cfile)
|
16
|
-
reply[:classes] = File.readlines(cfile).map {|i| i.chomp}
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
# Retrieve a single fact from the node
|
21
|
-
action "get_fact" do
|
22
|
-
validate :fact, String
|
23
|
-
|
24
|
-
reply[:fact] = request[:fact]
|
25
|
-
reply[:value] = Facts[request[:fact]]
|
26
|
-
end
|
27
|
-
|
28
|
-
# Get the global stats for this mcollectied
|
29
|
-
action "daemon_stats" do
|
30
|
-
stats = PluginManager["global_stats"].to_hash
|
31
|
-
|
32
|
-
reply[:threads] = stats[:threads]
|
33
|
-
reply[:agents] = stats[:agents]
|
34
|
-
reply[:pid] = stats[:pid]
|
35
|
-
reply[:times] = stats[:times]
|
36
|
-
reply[:configfile] = Config.instance.configfile
|
37
|
-
reply[:version] = MCollective.version
|
38
|
-
|
39
|
-
reply.data.merge!(stats[:stats])
|
40
|
-
end
|
41
|
-
|
42
|
-
# Builds an inventory of all agents on teh machine
|
43
|
-
# including license, version and timeout information
|
44
|
-
action "agent_inventory" do
|
45
|
-
reply[:agents] = []
|
46
|
-
|
47
|
-
Agents.agentlist.sort.each do |target_agent|
|
48
|
-
agent = PluginManager["#{target_agent}_agent"]
|
49
|
-
actions = agent.methods.grep(/_agent/)
|
50
|
-
|
51
|
-
agent_data = {:agent => target_agent,
|
52
|
-
:license => "unknown",
|
53
|
-
:timeout => agent.timeout,
|
54
|
-
:description => "unknown",
|
55
|
-
:name => target_agent,
|
56
|
-
:url => "unknown",
|
57
|
-
:version => "unknown",
|
58
|
-
:author => "unknown"}
|
59
|
-
|
60
|
-
agent_data.merge!(agent.meta)
|
61
|
-
|
62
|
-
reply[:agents] << agent_data
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
|
-
# Retrieves a single config property that is in effect
|
67
|
-
action "get_config_item" do
|
68
|
-
validate :item, String
|
69
|
-
|
70
|
-
reply.fail! "Unknown config property #{request[:item]}" unless config.respond_to?(request[:item])
|
71
|
-
|
72
|
-
reply[:item] = request[:item]
|
73
|
-
reply[:value] = config.send(request[:item])
|
74
|
-
end
|
75
|
-
|
76
|
-
# Responds to PING requests with the local timestamp
|
77
|
-
action "ping" do
|
78
|
-
reply[:pong] = Time.now.to_i
|
79
|
-
end
|
80
|
-
|
81
|
-
# Returns all configured collectives
|
82
|
-
action "collective_info" do
|
83
|
-
config = Config.instance
|
84
|
-
reply[:main_collective] = config.main_collective
|
85
|
-
reply[:collectives] = config.collectives
|
86
|
-
end
|
87
|
-
|
88
|
-
action "get_data" do
|
89
|
-
validate :source, String
|
90
|
-
|
91
|
-
query = Data.ddl_transform_input(Data.ddl(request[:source]), request[:query].to_s)
|
92
|
-
|
93
|
-
data = Data[ request[:source] ].lookup(query)
|
94
|
-
|
95
|
-
data.keys.each do |key|
|
96
|
-
reply[key] = data[key]
|
97
|
-
end
|
98
|
-
end
|
99
|
-
end
|
100
|
-
end
|
101
|
-
end
|
@@ -1,13 +0,0 @@
|
|
1
|
-
metadata :name => "ssh agent",
|
2
|
-
:description => "SSH Agent allows adding of public keys, removing them and listing",
|
3
|
-
:author => "Reactor8",
|
4
|
-
:license => "",
|
5
|
-
:version => "",
|
6
|
-
:url => "",
|
7
|
-
:timeout => 2
|
8
|
-
action "grant_access", :description => "Add SSH access to host instance" do
|
9
|
-
end
|
10
|
-
action "revoke_access", :description => "Remove SSH access from host instance" do
|
11
|
-
end
|
12
|
-
action "list_access", :description => "List current SSH access for host instance" do
|
13
|
-
end
|
@@ -1,97 +0,0 @@
|
|
1
|
-
require 'base64'
|
2
|
-
|
3
|
-
module MCollective
|
4
|
-
module Agent
|
5
|
-
class Ssh_agent < RPC::Agent
|
6
|
-
|
7
|
-
AGENT_MCOLLECTIVE_LOCATION = "#{::MCollective::Config.instance.libdir.join}/mcollective/agent/"
|
8
|
-
SSH_AUTH_KEYS_FILE_NAME = "authorized_keys"
|
9
|
-
|
10
|
-
action "grant_access" do
|
11
|
-
validate :rsa_pub_key, String
|
12
|
-
validate :rsa_pub_name, String
|
13
|
-
validate :system_user, String
|
14
|
-
|
15
|
-
if does_user_exist?(request[:system_user])
|
16
|
-
begin
|
17
|
-
puppet_params = {
|
18
|
-
:name => request[:rsa_pub_name],
|
19
|
-
:ensure => 'present',
|
20
|
-
:key =>normalize_rsa_pub_key(request[:rsa_pub_key]),
|
21
|
-
:type => 'ssh-rsa',
|
22
|
-
:user => request[:system_user]
|
23
|
-
}
|
24
|
-
|
25
|
-
::MCollective::Util.loadclass("MCollective::Util::PuppetRunner")
|
26
|
-
::MCollective::Util::PuppetRunner.apply(:ssh_authorized_key, puppet_params)
|
27
|
-
|
28
|
-
# There is a bug where we are expiriencing issues with above changes not taking effect for no apperent reason
|
29
|
-
# if detected we repeat puppet apply
|
30
|
-
|
31
|
-
unless key_added?(puppet_params[:user], puppet_params[:key])
|
32
|
-
Log.info("Fallback, repeating SSH access grant")
|
33
|
-
::MCollective::Util::PuppetRunner.apply(:ssh_authorized_key, puppet_params)
|
34
|
-
end
|
35
|
-
|
36
|
-
raise "We were not able to add SSH access for given node (PuppetError)" unless key_added?(puppet_params[:user], puppet_params[:key])
|
37
|
-
|
38
|
-
reply[:data] = { :message => "Access to system user '#{request[:system_user]}' has been granted for '#{request[:rsa_pub_name]}'"}
|
39
|
-
rescue Exception => e
|
40
|
-
reply[:data] = { :error => "Puppet error not able to process request, reason: '#{e.message}'" }
|
41
|
-
end
|
42
|
-
else
|
43
|
-
reply[:data] = { :error => "System user '#{request[:system_user]}' not found on given node" }
|
44
|
-
end
|
45
|
-
reply[:pbuilderid] = Facts["pbuilderid"]
|
46
|
-
reply[:status] = :ok
|
47
|
-
end
|
48
|
-
|
49
|
-
action "revoke_access" do
|
50
|
-
validate :rsa_pub_name, String
|
51
|
-
validate :system_user, String
|
52
|
-
|
53
|
-
if does_user_exist?(request[:system_user])
|
54
|
-
begin
|
55
|
-
::MCollective::Util.loadclass("MCollective::Util::PuppetRunner")
|
56
|
-
::MCollective::Util::PuppetRunner.apply(
|
57
|
-
:ssh_authorized_key,
|
58
|
-
{
|
59
|
-
:name => request[:rsa_pub_name],
|
60
|
-
:ensure => 'absent',
|
61
|
-
:type => 'ssh-rsa',
|
62
|
-
:user => request[:system_user]
|
63
|
-
}
|
64
|
-
)
|
65
|
-
reply[:data] = { :message => "Access for system user '#{request[:system_user]}' has been revoked" }
|
66
|
-
rescue Exception => e
|
67
|
-
reply[:data] = { :error => "Puppet error not able to process request, reason: '#{e.message}'" }
|
68
|
-
end
|
69
|
-
else
|
70
|
-
reply[:data] = { :error => "System user '#{request[:system_user]}' not found on given node" }
|
71
|
-
end
|
72
|
-
|
73
|
-
reply[:pbuilderid] = Facts["pbuilderid"]
|
74
|
-
reply[:status] = :ok
|
75
|
-
end
|
76
|
-
|
77
|
-
def does_user_exist?(system_user)
|
78
|
-
!File.open('/etc/passwd').grep(/^#{system_user}:/).empty?
|
79
|
-
end
|
80
|
-
|
81
|
-
def key_added?(system_user, pub_key)
|
82
|
-
if system_user == "root"
|
83
|
-
results = `more /#{system_user}/.ssh/#{SSH_AUTH_KEYS_FILE_NAME} | grep #{pub_key}`
|
84
|
-
else
|
85
|
-
results = `more /home/#{system_user}/.ssh/#{SSH_AUTH_KEYS_FILE_NAME} | grep #{pub_key}`
|
86
|
-
end
|
87
|
-
!results.empty?
|
88
|
-
end
|
89
|
-
|
90
|
-
def normalize_rsa_pub_key(rsa_pub_key)
|
91
|
-
rsa_pub_key.strip!()
|
92
|
-
rsa_pub_key.gsub!(/.* (.*) .*/,'\1')
|
93
|
-
rsa_pub_key
|
94
|
-
end
|
95
|
-
end
|
96
|
-
end
|
97
|
-
end
|