RubyGems - dtk-node-agent - Versions diffs - 0.7.7 → 0.8.0 - Mend

dtk-node-agent 0.7.7 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (94) hide show

data/mcollective_additions/plugins/v2.2/discovery/flatfile.ddl DELETED Viewed

@@ -1,11 +0,0 @@
-metadata    :name        => "flatfile",
-            :description => "Flatfile based discovery for node identities",
-            :author      => "R.I.Pienaar <rip@devco.net>",
-            :license     => "ASL 2.0",
-            :version     => "0.1",
-            :url         => "http://marionette-collective.org/",
-            :timeout     => 0
-discovery do
-    capabilities :identity
-end

data/mcollective_additions/plugins/v2.2/discovery/flatfile.rb DELETED Viewed

@@ -1,48 +0,0 @@
-# discovers against a flatfile instead of the traditional network discovery
-# the flat file must have a node name per line which should match identities
-# as configured
-module MCollective
-  class Discovery
-    class Flatfile
-      def self.discover(filter, timeout, limit=0, client=nil)
-        unless client.options[:discovery_options].empty?
-          file = client.options[:discovery_options].first
-        else
-          raise "The flatfile discovery method needs a path to a text file"
-        end
-        raise "Cannot read the file %s specified as discovery source" % file unless File.readable?(file)
-        discovered = []
-        hosts = []
-        File.readlines(file).each do |host|
-          host = host.chomp.strip
-          if host.empty? || host.match(/^#/)
-            next
-          end
-          raise 'Identities can only match /^[\w\.\-]+$/' unless host.match(/^[\w\.\-]+$/)
-          hosts << host
-        end
-        # this plugin only supports identity filters, do regex matches etc against
-        # the list found in the flatfile
-        if !(filter["identity"].empty?)
-          filter["identity"].each do |identity|
-            identity = Regexp.new(identity.gsub("\/", "")) if identity.match("^/")
-            if identity.is_a?(Regexp)
-              discovered = hosts.grep(identity)
-            elsif hosts.include?(identity)
-              discovered << identity
-            end
-          end
-        else
-          discovered = hosts
-        end
-        discovered
-      end
-    end
-  end
-end

data/mcollective_additions/plugins/v2.2/discovery/mc.ddl DELETED Viewed

@@ -1,11 +0,0 @@
-metadata    :name        => "mc",
-            :description => "MCollective Broadcast based discovery",
-            :author      => "R.I.Pienaar <rip@devco.net>",
-            :license     => "ASL 2.0",
-            :version     => "0.1",
-            :url         => "http://marionette-collective.org/",
-            :timeout     => 2
-discovery do
-    capabilities [:classes, :facts, :identity, :agents, :compound]
-end

data/mcollective_additions/plugins/v2.2/discovery/mc.rb DELETED Viewed

@@ -1,30 +0,0 @@
-module MCollective
-  class Discovery
-    class Mc
-      def self.discover(filter, timeout, limit, client)
-        begin
-          hosts = []
-          Timeout.timeout(timeout) do
-            reqid = client.sendreq("ping", "discovery", filter)
-            Log.debug("Waiting #{timeout} seconds for discovery replies to request #{reqid}")
-            loop do
-              reply = client.receive(reqid)
-              Log.debug("Got discovery reply from #{reply.payload[:senderid]}")
-              hosts << reply.payload[:senderid]
-              return hosts if limit > 0 && hosts.size == limit
-            end
-          end
-        rescue Timeout::Error => e
-        rescue Exception => e
-          raise
-        ensure
-          client.unsubscribe("discovery", :reply)
-        end
-        hosts
-      end
-    end
-  end
-end

data/mcollective_additions/plugins/v2.2/discovery/stdin.ddl DELETED Viewed

@@ -1,11 +0,0 @@
-metadata    :name        => "stdin",
-            :description => "STDIN based discovery for node identities",
-            :author      => "Tomas Doran <bobtfish@bobtfish.net.net>",
-            :license     => "ASL 2.0",
-            :version     => "0.1",
-            :url         => "http://marionette-collective.org/",
-            :timeout     => 0
-discovery do
-    capabilities :identity
-end

data/mcollective_additions/plugins/v2.2/discovery/stdin.rb DELETED Viewed

@@ -1,66 +0,0 @@
-# discovers against stdin instead of the traditional network discovery
-# the input must be a flat file with a node name per line which should match identities as configured,
-# or it should be a json string as output by the -j option of mco rpc
-require 'mcollective/rpc/helpers'
-module MCollective
-  class Discovery
-    class Stdin
-      def self.discover(filter, timeout, limit=0, client=nil)
-        unless client.options[:discovery_options].empty?
-          type = client.options[:discovery_options].first.downcase
-        else
-          type = 'auto'
-        end
-        discovered = []
-        file = STDIN.read
-        if file =~ /^\s*$/
-              raise("data piped on STDIN contained only whitespace - could not discover hosts from it.")
-        end
-        if type == 'auto'
-          if file =~ /^\s*\[/
-            type = 'json'
-          else
-            type = 'text'
-          end
-        end
-        if type == 'json'
-          hosts = MCollective::RPC::Helpers.extract_hosts_from_json(file)
-        elsif type == 'text'
-          hosts = file.split("\n")
-        else
-          raise("stdin discovery plugin only knows the types auto/text/json, not \"#{type}\"")
-        end
-        hosts.map do |host|
-          raise 'Identities can only match /\w\.\-/' unless host.match(/^[\w\.\-]+$/)
-          host
-        end
-        # this plugin only supports identity filters, do regex matches etc against
-        # the list found in the flatfile
-        unless filter["identity"].empty?
-          filter["identity"].each do |identity|
-            identity = Regexp.new(identity.gsub("\/", "")) if identity.match("^/")
-            if identity.is_a?(Regexp)
-              discovered = hosts.grep(identity)
-            elsif hosts.include?(identity)
-              discovered << identity
-            end
-          end
-        else
-          discovered = hosts
-        end
-        discovered
-      end
-    end
-  end
-end

data/mcollective_additions/plugins/v2.2/facts/pbuilder_facts.rb DELETED Viewed

@@ -1,37 +0,0 @@
-require 'open-uri'
-require 'timeout'
-require 'yaml'
-module MCollective
-  module Facts
-    # A factsource for pbuilder
-    class Pbuilder_facts < Base
-      def load_facts_from_source
-        # ret = {"pbuilderid" => get_pbuilderid()}
-        ret = {}
-        yaml_file = '/etc/mcollective/facts.yaml'
-        if File.exists?(yaml_file)
-          yaml_facts = YAML.load_file(yaml_file)
-          ret.merge!(yaml_facts)
-        end
-        ret.merge!("pbuilderid" => get_pbuilderid()) unless ret.keys.include?('pbuilderid')
-        ret
-      end
-      def get_pbuilderid()
-        ret = nil
-        begin
-          addr = "169.254.169.254"
-          wait_sec = 2
-          Timeout::timeout(wait_sec) {open("http://#{addr}:80/")}
-          ret = OpenURI.open_uri("http://#{addr}/2008-02-01/meta-data/instance-id").read
-        rescue Timeout::Error
-        rescue
-          #TODO: unexpected; write to log what error is
-        end
-        ret
-      end
-    end
-  end
-end

data/mcollective_additions/plugins/v2.2/facts/yaml_facts.rb DELETED Viewed

@@ -1,61 +0,0 @@
-module MCollective
-  module Facts
-    require 'yaml'
-    # A factsource that reads a hash of facts from a YAML file
-    #
-    # Multiple files can be specified seperated with a : in the
-    # config file, they will be merged with later files overriding
-    # earlier ones in the list.
-    class Yaml_facts<Base
-      def initialize
-        @yaml_file_mtimes = {}
-        super
-      end
-      def load_facts_from_source
-        config = Config.instance
-        fact_files = config.pluginconf["yaml"].split(File::PATH_SEPARATOR)
-        facts = {}
-        fact_files.each do |file|
-          begin
-            if File.exist?(file)
-              facts.merge!(YAML.load_file(file))
-            else
-              raise("Can't find YAML file to load: #{file}")
-            end
-          rescue Exception => e
-            Log.error("Failed to load yaml facts from #{file}: #{e.class}: #{e}")
-          end
-        end
-        facts
-      end
-      # force fact reloads when the mtime on the yaml file change
-      def force_reload?
-        config = Config.instance
-        fact_files = config.pluginconf["yaml"].split(File::PATH_SEPARATOR)
-        fact_files.each do |file|
-          @yaml_file_mtimes[file] ||= File.stat(file).mtime
-          mtime = File.stat(file).mtime
-          if mtime > @yaml_file_mtimes[file]
-            @yaml_file_mtimes[file] = mtime
-            Log.debug("Forcing fact reload due to age of #{file}")
-            return true
-          end
-        end
-        false
-      end
-    end
-  end
-end

data/mcollective_additions/plugins/v2.2/registration/agentlist.rb DELETED Viewed

@@ -1,10 +0,0 @@
-module MCollective
-  module Registration
-    # A registration plugin that simply sends in the list of agents we have
-    class Agentlist<Base
-      def body
-        Agents.agentlist
-      end
-    end
-  end
-end

data/mcollective_additions/plugins/v2.2/security/sshkey.ddl DELETED Viewed

@@ -1,9 +0,0 @@
-metadata  :name        => 'sshkey',
-          :description => 'Security Plugin that uses ssh keys for signing',
-          :author      => 'Pieter Loubser <pieter.loubser@puppetlabs.com>',
-          :license     => 'ASL 2.0',
-          :version     => '0.4',
-          :url         => 'http://projects.puppetlabs.com/projects/mcollective-plugins/wiki',
-          :timeout     => 10
-requires :mcollective => '2.2.1'

data/mcollective_additions/plugins/v2.2/security/sshkey.rb DELETED Viewed

@@ -1,362 +0,0 @@
-module MCollective
-  module Security
-    # Configuration
-    #
-    # Client:
-    #   client.private_key                      : A private key used to sign requests with - defaults to ssh-agent
-    #   client.known_hosts                      : The known_hosts file to use - defaults to /home/callerid/.ssh/known_hosts
-    #   client.send_key                         : Send the client's public key with the request - doesn not send the key by default.
-    #                                             To send a key specify the key file to send.
-    #
-    # Server:
-    #   server.private_key                      : The private key used to sign replies with - Defaults to /etc/ssh/ssh_host_rsa_key * required
-    #   server.authorized_keys                  : The authorized_keys file to use - defaults to the caller's authorized_keys file in his home directory
-    #   server.send_key                         : Send the server's public key with the request - does not send the key by default.
-    #                                             To send a key specify the key file to send.
-    #
-    # Shared:
-    #   (client|server).publickey_dir          : Directory to store received keys - defaults to none
-    #   (client|server).learn_public_keys      : Allow writing public keys to publickey_dir - defaults to not sending.
-    #   (client|server).overwrite_stored_keys  : Overwrite received keys - defaults to false
-    class Sshkey < Base
-      gem 'sshkeyauth', '>= 0.0.4'
-      require 'ssh/key/signer'
-      require 'ssh/key/verifier'
-      require 'etc'
-      def decodemsg(msg)
-        body = Marshal.load(msg.payload)
-        if validrequest?(body)
-          body[:body] = Marshal.load(body[:body])
-          return body
-        else
-          nil
-        end
-      end
-      def encodereply(sender, msg, requestid, requestcallerid=nil)
-        serialized_msg = Marshal.dump(msg)
-        reply = create_reply(requestid, sender, serialized_msg)
-        reply[:serialized_data] = Marshal.dump(create_hash_fields(serialized_msg, reply[:msgtime], requestid))
-        reply[:hash] = makehash(reply[:serialized_data])
-        if server_key = lookup_config_option('send_key')
-          if File.exists?(server_key)
-            reply[:public_key] = load_key(server_key)
-          else
-            raise("Cannot create reply. sshkey.server.send_key set but key '%s' does not exist." % server_key)
-          end
-        end
-        Marshal.dump(reply)
-      end
-      def encoderequest(sender, msg, requestid, filter, target_agent, target_collective, ttl=60)
-        serialized_msg = Marshal.dump(msg)
-        req = create_request(requestid, filter, serialized_msg, @initiated_by, target_agent, target_collective, ttl)
-        if client_key = lookup_config_option('send_key')
-          if File.exists?(client_key)
-            req[:public_key] = load_key(client_key)
-          else
-            raise("Cannot create request. sshkey.client.send_key set but key '%s' does not exist." % client_key)
-          end
-        end
-        req[:serialized_data] = Marshal.dump(create_hash_fields(serialized_msg, req[:msgtime], requestid, ttl, callerid))
-        req[:hash] = makehash(req[:serialized_data])
-        Marshal.dump(req)
-      end
-      def validrequest?(req)
-        # Check if verification keys are correctly configured
-        valid_configuration?
-        # Check if key should be written to disk and write it
-        write_key_to_disk(req[:public_key], (req[:callerid] || req[:senderid]).split('=')[-1] ) if req[:public_key]
-        if @initiated_by == :client
-          Log.debug('Validating reply from node %s' % req[:senderid])
-          verifier = client_verifier(req[:senderid])
-        else
-          Log.debug('Validating request from client %s' % req[:callerid])
-          verifier = node_verifier(req[:callerid], (req[:agent] == 'registration'), req[:public_key])
-        end
-        signatures = Marshal.load(req[:hash])
-        if verifier.verify?(signatures, req[:serialized_data])
-          @stats.validated
-          return true
-        else
-          @stats.unvalidated
-          Log.debug('Received an invalid signature in message.')
-          raise SecurityValidationFailed
-        end
-      end
-      def callerid
-        'sshkey=%s' % Etc.getlogin
-      end
-      private
-      # Checks that publickey_dir and known_hosts|authorized_keys are not set at the same time.
-      def valid_configuration?
-        if @initiated_by == :client
-          if lookup_config_option('publickey_dir') && lookup_config_option('known_hosts')
-            raise('Both publickey_dir and known_hosts are defined in client config. Cannot lookup public key')
-          end
-        elsif @initiated_by == :node
-          if lookup_config_option('publickey_dir') && lookup_config_option('authorized_keys')
-            raise('Both publickey_dir and authorized_keys are defiend in server config. Cannot lookup public key')
-          end
-        end
-      end
-      # Checks if the attached public key needs to be stored locally
-      # Overwriting is disabled by default
-      # - The publickey_directory config option needs to be set before
-      #   the file will be written.
-      # - The directory must exist before writing.
-      # - The learn_public_keys configuration option must be enabled.
-      def write_key_to_disk(key, identity)
-        # Writing is disabled. Don't bother checking any other states.
-        return unless lookup_config_option('learn_public_keys') =~ /^1|y/
-        publickey_dir = lookup_config_option('publickey_dir')
-        unless publickey_dir
-          Log.info("Public key sent with request but no publickey_dir defined in configuration. Not writing key to disk.")
-          return
-        end
-        if File.directory?(publickey_dir)
-          if File.exists?(old_keyfile = File.join(publickey_dir, "#{identity}_pub.pem"))
-            old_key = File.read(old_keyfile).chomp
-            unless old_key == key
-              unless lookup_config_option('overwrite_stored_keys', 'n') =~ /^1|y/
-                Log.warn("Public key sent from '%s' does not match the stored key. Not overwriting." % identity)
-              else
-                Log.warn("Public key sent from '%s' does not match the stored key. Overwriting." % identity)
-                File.open(File.join(publickey_dir, "#{identity}_pub.pem"), 'w') { |f| f.puts key }
-              end
-            end
-          else
-            Log.debug("Discovered a new public key for '%s'. Writing to '%s'" % [identity, publickey_dir])
-            File.open(File.join(publickey_dir, "#{identity}_pub.pem"), 'w') { |f| f.puts key }
-          end
-        else
-          raise("Cannot write public key to '%s'. Directory does not exist." % publickey_dir)
-        end
-      end
-      # Fetches the correct configuration option for a client or a server
-      def lookup_config_option(opt, default = nil)
-        if @initiated_by == :client
-          result = @config.pluginconf.fetch("sshkey.client.#{opt}", default)
-          if result && ["authorized_keys", "private_key", "send_key", "publickey_dir", "known_hosts"].include?(opt)
-            return File.expand_path(result)
-          else
-            return result
-          end
-        elsif @initiated_by == :node
-          return @config.pluginconf.fetch("sshkey.server.#{opt}", default)
-        end
-      end
-      # Creates a hash of the fields used to sign a message
-      # Response messages use the msg, msgtime and requestid fields.
-      # Request messages use the same fields as response, but include
-      # ttl and callerid.
-      def create_hash_fields(msg, msgtime, requestid, ttl = nil, callerid = nil)
-        map = {:msg       => msg,
-               :msgtime   => msgtime,
-               :requestid => requestid}
-        # Check if this is a server hash
-        return map if (ttl == nil && callerid == nil)
-        map[:ttl] = ttl
-        map[:callerid] = callerid
-        map
-      end
-      # Adds a key to a signer object and disables ssh-agent
-      def add_key_to_signer(signer, key)
-        signer.add_key_file(key)
-        signer.use_agent = false
-      end
-      # Creates a signed hash of fields using the node's private key
-      def makehash(data)
-        signer = SSH::Key::Signer.new
-        # Check if the client is signing its request with a predefined
-        # private key. If this is the case, disable ssh-agent.
-        if @initiated_by == :client && (private_key = lookup_config_option('private_key'))
-          unless File.exists?(private_key)
-            raise("Cannot sign request - private key not found: '%s'" % private_key)
-          else
-            add_key_to_signer(signer, private_key)
-          end
-        elsif @initiated_by == :node
-          if private_key = lookup_config_option('private_key')
-            add_key_to_signer(signer, private_key)
-          else
-            # First try and default to ssh_host_dsa_key
-            if File.exists?(private_key = '/etc/ssh/ssh_host_dsa_key')
-              add_key_to_signer(signer, private_key)
-            # If that fails, try ssh_host_rsa_key
-            elsif File.exists?(private_key = '/etc/ssh/ssh_host_rsa_key')
-              add_key_to_signer(signer, private_key)
-            else
-              raise("Cannot sign reply - private key not found: 's'" % private_key)
-            end
-          end
-        end
-        # Default to using ssh-agent for key signing
-        signatures = signer.sign(data).collect { |s| s.signature }
-        Marshal.dump(signatures)
-      end
-      #Returns the contents of a key file on disk
-      def load_key(key)
-        if File.exists?(key)
-          return File.read(key).strip
-        else
-          nil
-        end
-      end
-      # Looks for a specific key in a known hosts file
-      def find_key_in_known_hosts(hostname, known_hosts)
-        key = nil
-        search_for = /^#{hostname}/
-        if File.exists?(known_hosts)
-          File.read(known_hosts).each_line do |line|
-            fields = line.split
-            fields[0].split(',').each do |maybehost|
-              if maybehost =~ search_for
-                fields = line.split
-                key = fields[-2] << ' ' << fields[-1]
-                break
-              end
-            end
-            break unless key.nil?
-          end
-        end
-        unless key
-          Log.warn("Could not find a key for host '%s' in file '%s'" % [hostname, known_hosts])
-          raise SecurityValidationFailed
-        end
-        key
-      end
-      # Create a client verifier object which uses the correct public key
-      def client_verifier(senderid)
-        verifier = SSH::Key::Verifier.new(senderid)
-        verifier.use_authorized_keys = false
-        if publickey_dir = lookup_config_option('publickey_dir')
-          Log.debug("Using public key directory: '%s'" % publickey_dir)
-          verifier.add_public_key_data(find_shared_public_key(publickey_dir, senderid))
-        elsif (known_hosts = lookup_config_option('known_hosts'))
-          Log.debug("Using custom known_hosts file: '%s'" % known_hosts)
-          verifier.add_public_key_data(find_key_in_known_hosts(senderid, known_hosts))
-        elsif (authorized_keys = lookup_config_option('authorized_keys'))
-          Log.debug("Found custom authorized_keys file: '%s'" % authorized_keys)
-          verifier.authorized_keys_file = authorized_keys
-          verifier.use_authorized_keys = true
-        else
-          begin
-            user = Etc.getlogin
-            known_hosts = File.join(Etc.getpwnam(user).dir, '.ssh', 'known_hosts')
-            Log.debug("Using default known_hosts file for user '%s': ''" % [user, known_hosts])
-            verifier.add_public_key_data(find_key_in_known_hosts(senderid, "%s" % known_hosts))
-          rescue => e
-            raise("Cannot find known_hosts file for user '%s': '%s'" % [user, known_hosts])
-          end
-        end
-        verifier.use_agent = false
-        verifier
-      end
-      # Looks for a public key in a shared directory
-      def find_shared_public_key(dir, id)
-        unless File.directory?(dir)
-          raise("Cannot read shared public key directory: '%s'" % dir)
-        end
-        if File.exists?(key_file = File.join(dir, "#{id}_pub.pem"))
-          return File.read(key_file)
-        else
-          Log.warn("Cannot find public key for id '%s': '%s'" % [id, File.join(dir, "#{id}_pub.pem")])
-          raise SecurityValidationFailed
-        end
-      end
-      # Create a node verifier object which uses the correct public key
-      def node_verifier(callerid, registration = false, pubkey = nil)
-        user = callerid.split('=')[-1]
-        verifier = SSH::Key::Verifier.new(user)
-        verifier.use_agent = false
-        # Here we deal with the special case where a registration message
-        # is being validated. send_key has to be defined in the configuration.
-        # TODO : This is a stop gap measure we should remove when we fix
-        #        registration
-        if registration && pubkey
-          Log.debug("Found registration message. Using sender's public key")
-          verifier.add_public_key_data(pubkey)
-          verifier.use_authorized_keys = false
-        elsif registration && !pubkey
-          Log.warn("Cannot verify registration request. Server did not send its public key")
-          raise SecurityValidationFailed
-        elsif publickey_dir = lookup_config_option('publickey_dir')
-          if File.directory?(publickey_dir)
-            Log.debug("Found shared public key directory: '%s'" % publickey_dir)
-            verifier.add_public_key_data(find_shared_public_key(publickey_dir, user))
-            verifier.use_authorized_keys = false
-          else
-            raise("Public key directory '%s' does not exist" % publickey_dir)
-          end
-        elsif (authorized_keys = lookup_config_option('authorized_keys'))
-          authorized_keys = authorized_keys.sub('%u') { |c| user }
-          Log.debug("Found custom authorized_keys file: '%s'" % authorized_keys)
-          verifier.authorized_keys_file = authorized_keys
-        else
-          begin
-            authorized_keys = File.join(Etc.getpwnam(user).dir, '.ssh', 'authorized_keys')
-            Log.debug("No authorized_keys file or publickey_dir specified. Using '%s'" % authorized_keys)
-            verifier.authorized_keys_file = authorized_keys
-          rescue => e
-            raise("Cannot find authorized_keys file for user '%s': '%s'" % [user, authorized_keys])
-          end
-        end
-        verifier
-      end
-    end
-  end
-end