RubyGems - dtk-node-agent - Versions diffs - 0.7.7 → 0.8.0 - Mend

dtk-node-agent 0.7.7 → 0.8.0

Files changed (94) hide show

data/mcollective_additions/plugins/v2.2/discovery/flatfile.ddl DELETED Viewed

@@ -1,11 +0,0 @@
-metadata    :name        => "flatfile",
-            :description => "Flatfile based discovery for node identities",
-            :author      => "R.I.Pienaar <rip@devco.net>",
-            :license     => "ASL 2.0",
-            :version     => "0.1",
-            :url         => "http://marionette-collective.org/",
-            :timeout     => 0
-discovery do
-    capabilities :identity
-end

data/mcollective_additions/plugins/v2.2/discovery/flatfile.rb DELETED Viewed

@@ -1,48 +0,0 @@
-# discovers against a flatfile instead of the traditional network discovery
-# the flat file must have a node name per line which should match identities
-# as configured
-module MCollective
-  class Discovery
-    class Flatfile
-      def self.discover(filter, timeout, limit=0, client=nil)
-        unless client.options[:discovery_options].empty?
-          file = client.options[:discovery_options].first
-        else
-          raise "The flatfile discovery method needs a path to a text file"
-        end
-        raise "Cannot read the file %s specified as discovery source" % file unless File.readable?(file)
-        discovered = []
-        hosts = []
-        File.readlines(file).each do |host|
-          host = host.chomp.strip
-          if host.empty? || host.match(/^#/)
-            next
-          end
-          raise 'Identities can only match /^[\w\.\-]+$/' unless host.match(/^[\w\.\-]+$/)
-          hosts << host
-        end
-        # this plugin only supports identity filters, do regex matches etc against
-        # the list found in the flatfile
-        if !(filter["identity"].empty?)
-          filter["identity"].each do |identity|
-            identity = Regexp.new(identity.gsub("\/", "")) if identity.match("^/")
-            if identity.is_a?(Regexp)
-              discovered = hosts.grep(identity)
-            elsif hosts.include?(identity)
-              discovered << identity
-            end
-          end
-        else
-          discovered = hosts
-        end
-        discovered
-      end
-    end
-  end
-end

data/mcollective_additions/plugins/v2.2/discovery/mc.ddl DELETED Viewed

@@ -1,11 +0,0 @@
-metadata    :name        => "mc",
-            :description => "MCollective Broadcast based discovery",
-            :author      => "R.I.Pienaar <rip@devco.net>",
-            :license     => "ASL 2.0",
-            :version     => "0.1",
-            :url         => "http://marionette-collective.org/",
-            :timeout     => 2
-discovery do
-    capabilities [:classes, :facts, :identity, :agents, :compound]
-end

data/mcollective_additions/plugins/v2.2/discovery/mc.rb DELETED Viewed

@@ -1,30 +0,0 @@
-module MCollective
-  class Discovery
-    class Mc
-      def self.discover(filter, timeout, limit, client)
-        begin
-          hosts = []
-          Timeout.timeout(timeout) do
-            reqid = client.sendreq("ping", "discovery", filter)
-            Log.debug("Waiting #{timeout} seconds for discovery replies to request #{reqid}")
-            loop do
-              reply = client.receive(reqid)
-              Log.debug("Got discovery reply from #{reply.payload[:senderid]}")
-              hosts << reply.payload[:senderid]
-              return hosts if limit > 0 && hosts.size == limit
-            end
-          end
-        rescue Timeout::Error => e
-        rescue Exception => e
-          raise
-        ensure
-          client.unsubscribe("discovery", :reply)
-        end
-        hosts
-      end
-    end
-  end
-end

data/mcollective_additions/plugins/v2.2/discovery/stdin.ddl DELETED Viewed

@@ -1,11 +0,0 @@
-metadata    :name        => "stdin",
-            :description => "STDIN based discovery for node identities",
-            :author      => "Tomas Doran <bobtfish@bobtfish.net.net>",
-            :license     => "ASL 2.0",
-            :version     => "0.1",
-            :url         => "http://marionette-collective.org/",
-            :timeout     => 0
-discovery do
-    capabilities :identity
-end

data/mcollective_additions/plugins/v2.2/discovery/stdin.rb DELETED Viewed

@@ -1,66 +0,0 @@
-# discovers against stdin instead of the traditional network discovery
-# the input must be a flat file with a node name per line which should match identities as configured,
-# or it should be a json string as output by the -j option of mco rpc
-require 'mcollective/rpc/helpers'
-module MCollective
-  class Discovery
-    class Stdin
-      def self.discover(filter, timeout, limit=0, client=nil)
-        unless client.options[:discovery_options].empty?
-          type = client.options[:discovery_options].first.downcase
-        else
-          type = 'auto'
-        end
-        discovered = []
-        file = STDIN.read
-        if file =~ /^\s*$/
-              raise("data piped on STDIN contained only whitespace - could not discover hosts from it.")
-        end
-        if type == 'auto'
-          if file =~ /^\s*\[/
-            type = 'json'
-          else
-            type = 'text'
-          end
-        end
-        if type == 'json'
-          hosts = MCollective::RPC::Helpers.extract_hosts_from_json(file)
-        elsif type == 'text'
-          hosts = file.split("\n")
-        else
-          raise("stdin discovery plugin only knows the types auto/text/json, not \"#{type}\"")
-        end
-        hosts.map do |host|
-          raise 'Identities can only match /\w\.\-/' unless host.match(/^[\w\.\-]+$/)
-          host
-        end
-        # this plugin only supports identity filters, do regex matches etc against
-        # the list found in the flatfile
-        unless filter["identity"].empty?
-          filter["identity"].each do |identity|
-            identity = Regexp.new(identity.gsub("\/", "")) if identity.match("^/")
-            if identity.is_a?(Regexp)
-              discovered = hosts.grep(identity)
-            elsif hosts.include?(identity)
-              discovered << identity
-            end
-          end
-        else
-          discovered = hosts
-        end
-        discovered
-      end
-    end
-  end
-end

data/mcollective_additions/plugins/v2.2/facts/pbuilder_facts.rb DELETED Viewed

@@ -1,37 +0,0 @@
-require 'open-uri'
-require 'timeout'
-require 'yaml'
-module MCollective
-  module Facts
-    # A factsource for pbuilder
-    class Pbuilder_facts < Base
-      def load_facts_from_source
-        # ret = {"pbuilderid" => get_pbuilderid()}
-        ret = {}
-        yaml_file = '/etc/mcollective/facts.yaml'
-        if File.exists?(yaml_file)
-          yaml_facts = YAML.load_file(yaml_file)
-          ret.merge!(yaml_facts)
-        end
-        ret.merge!("pbuilderid" => get_pbuilderid()) unless ret.keys.include?('pbuilderid')
-        ret
-      end
-      def get_pbuilderid()
-        ret = nil
-        begin
-          addr = "169.254.169.254"
-          wait_sec = 2
-          Timeout::timeout(wait_sec) {open("http://#{addr}:80/")}
-          ret = OpenURI.open_uri("http://#{addr}/2008-02-01/meta-data/instance-id").read
-        rescue Timeout::Error
-        rescue
-          #TODO: unexpected; write to log what error is
-        end
-        ret
-      end
-    end
-  end
-end

data/mcollective_additions/plugins/v2.2/facts/yaml_facts.rb DELETED Viewed

@@ -1,61 +0,0 @@
-module MCollective
-  module Facts
-    require 'yaml'
-    # A factsource that reads a hash of facts from a YAML file
-    #
-    # Multiple files can be specified seperated with a : in the
-    # config file, they will be merged with later files overriding
-    # earlier ones in the list.
-    class Yaml_facts<Base
-      def initialize
-        @yaml_file_mtimes = {}
-        super
-      end
-      def load_facts_from_source
-        config = Config.instance
-        fact_files = config.pluginconf["yaml"].split(File::PATH_SEPARATOR)
-        facts = {}
-        fact_files.each do |file|
-          begin
-            if File.exist?(file)
-              facts.merge!(YAML.load_file(file))
-            else
-              raise("Can't find YAML file to load: #{file}")
-            end
-          rescue Exception => e
-            Log.error("Failed to load yaml facts from #{file}: #{e.class}: #{e}")
-          end
-        end
-        facts
-      end
-      # force fact reloads when the mtime on the yaml file change
-      def force_reload?
-        config = Config.instance
-        fact_files = config.pluginconf["yaml"].split(File::PATH_SEPARATOR)
-        fact_files.each do |file|
-          @yaml_file_mtimes[file] ||= File.stat(file).mtime
-          mtime = File.stat(file).mtime
-          if mtime > @yaml_file_mtimes[file]
-            @yaml_file_mtimes[file] = mtime
-            Log.debug("Forcing fact reload due to age of #{file}")
-            return true
-          end
-        end
-        false
-      end
-    end
-  end
-end

data/mcollective_additions/plugins/v2.2/registration/agentlist.rb DELETED Viewed

@@ -1,10 +0,0 @@
-module MCollective
-  module Registration
-    # A registration plugin that simply sends in the list of agents we have
-    class Agentlist<Base
-      def body
-        Agents.agentlist
-      end
-    end
-  end
-end

data/mcollective_additions/plugins/v2.2/security/sshkey.ddl DELETED Viewed

@@ -1,9 +0,0 @@
-metadata  :name        => 'sshkey',
-          :description => 'Security Plugin that uses ssh keys for signing',
-          :author      => 'Pieter Loubser <pieter.loubser@puppetlabs.com>',
-          :license     => 'ASL 2.0',
-          :version     => '0.4',
-          :url         => 'http://projects.puppetlabs.com/projects/mcollective-plugins/wiki',
-          :timeout     => 10
-requires :mcollective => '2.2.1'

data/mcollective_additions/plugins/v2.2/security/sshkey.rb DELETED Viewed

@@ -1,362 +0,0 @@
-module MCollective
-  module Security
-    # Configuration
-    #
-    # Client:
-    #   client.private_key                      : A private key used to sign requests with - defaults to ssh-agent
-    #   client.known_hosts                      : The known_hosts file to use - defaults to /home/callerid/.ssh/known_hosts
-    #   client.send_key                         : Send the client's public key with the request - doesn not send the key by default.
-    #                                             To send a key specify the key file to send.
-    #
-    # Server:
-    #   server.private_key                      : The private key used to sign replies with - Defaults to /etc/ssh/ssh_host_rsa_key * required
-    #   server.authorized_keys                  : The authorized_keys file to use - defaults to the caller's authorized_keys file in his home directory
-    #   server.send_key                         : Send the server's public key with the request - does not send the key by default.
-    #                                             To send a key specify the key file to send.
-    #
-    # Shared:
-    #   (client|server).publickey_dir          : Directory to store received keys - defaults to none
-    #   (client|server).learn_public_keys      : Allow writing public keys to publickey_dir - defaults to not sending.
-    #   (client|server).overwrite_stored_keys  : Overwrite received keys - defaults to false
-    class Sshkey < Base
-      gem 'sshkeyauth', '>= 0.0.4'
-      require 'ssh/key/signer'
-      require 'ssh/key/verifier'
-      require 'etc'
-      def decodemsg(msg)
-        body = Marshal.load(msg.payload)
-        if validrequest?(body)
-          body[:body] = Marshal.load(body[:body])
-          return body
-        else
-          nil
-        end
-      end
-      def encodereply(sender, msg, requestid, requestcallerid=nil)
-        serialized_msg = Marshal.dump(msg)
-        reply = create_reply(requestid, sender, serialized_msg)
-        reply[:serialized_data] = Marshal.dump(create_hash_fields(serialized_msg, reply[:msgtime], requestid))
-        reply[:hash] = makehash(reply[:serialized_data])
-        if server_key = lookup_config_option('send_key')
-          if File.exists?(server_key)
-            reply[:public_key] = load_key(server_key)
-          else
-            raise("Cannot create reply. sshkey.server.send_key set but key '%s' does not exist." % server_key)
-          end
-        end
-        Marshal.dump(reply)
-      end
-      def encoderequest(sender, msg, requestid, filter, target_agent, target_collective, ttl=60)
-        serialized_msg = Marshal.dump(msg)
-        req = create_request(requestid, filter, serialized_msg, @initiated_by, target_agent, target_collective, ttl)
-        if client_key = lookup_config_option('send_key')
-          if File.exists?(client_key)
-            req[:public_key] = load_key(client_key)
-          else
-            raise("Cannot create request. sshkey.client.send_key set but key '%s' does not exist." % client_key)
-          end
-        end
-        req[:serialized_data] = Marshal.dump(create_hash_fields(serialized_msg, req[:msgtime], requestid, ttl, callerid))
-        req[:hash] = makehash(req[:serialized_data])
-        Marshal.dump(req)
-      end
-      def validrequest?(req)
-        # Check if verification keys are correctly configured
-        valid_configuration?
-        # Check if key should be written to disk and write it
-        write_key_to_disk(req[:public_key], (req[:callerid] || req[:senderid]).split('=')[-1] ) if req[:public_key]
-        if @initiated_by == :client
-          Log.debug('Validating reply from node %s' % req[:senderid])
-          verifier = client_verifier(req[:senderid])
-        else
-          Log.debug('Validating request from client %s' % req[:callerid])
-          verifier = node_verifier(req[:callerid], (req[:agent] == 'registration'), req[:public_key])
-        end
-        signatures = Marshal.load(req[:hash])
-        if verifier.verify?(signatures, req[:serialized_data])
-          @stats.validated
-          return true
-        else
-          @stats.unvalidated
-          Log.debug('Received an invalid signature in message.')
-          raise SecurityValidationFailed
-        end
-      end
-      def callerid
-        'sshkey=%s' % Etc.getlogin
-      end
-      private
-      # Checks that publickey_dir and known_hosts|authorized_keys are not set at the same time.
-      def valid_configuration?
-        if @initiated_by == :client
-          if lookup_config_option('publickey_dir') && lookup_config_option('known_hosts')
-            raise('Both publickey_dir and known_hosts are defined in client config. Cannot lookup public key')
-          end
-        elsif @initiated_by == :node
-          if lookup_config_option('publickey_dir') && lookup_config_option('authorized_keys')
-            raise('Both publickey_dir and authorized_keys are defiend in server config. Cannot lookup public key')
-          end
-        end
-      end
-      # Checks if the attached public key needs to be stored locally
-      # Overwriting is disabled by default
-      # - The publickey_directory config option needs to be set before
-      #   the file will be written.
-      # - The directory must exist before writing.
-      # - The learn_public_keys configuration option must be enabled.
-      def write_key_to_disk(key, identity)
-        # Writing is disabled. Don't bother checking any other states.
-        return unless lookup_config_option('learn_public_keys') =~ /^1|y/
-        publickey_dir = lookup_config_option('publickey_dir')
-        unless publickey_dir
-          Log.info("Public key sent with request but no publickey_dir defined in configuration. Not writing key to disk.")
-          return
-        end
-        if File.directory?(publickey_dir)
-          if File.exists?(old_keyfile = File.join(publickey_dir, "#{identity}_pub.pem"))
-            old_key = File.read(old_keyfile).chomp
-            unless old_key == key
-              unless lookup_config_option('overwrite_stored_keys', 'n') =~ /^1|y/
-                Log.warn("Public key sent from '%s' does not match the stored key. Not overwriting." % identity)
-              else
-                Log.warn("Public key sent from '%s' does not match the stored key. Overwriting." % identity)
-                File.open(File.join(publickey_dir, "#{identity}_pub.pem"), 'w') { |f| f.puts key }
-              end
-            end
-          else
-            Log.debug("Discovered a new public key for '%s'. Writing to '%s'" % [identity, publickey_dir])
-            File.open(File.join(publickey_dir, "#{identity}_pub.pem"), 'w') { |f| f.puts key }
-          end
-        else
-          raise("Cannot write public key to '%s'. Directory does not exist." % publickey_dir)
-        end
-      end
-      # Fetches the correct configuration option for a client or a server
-      def lookup_config_option(opt, default = nil)
-        if @initiated_by == :client
-          result = @config.pluginconf.fetch("sshkey.client.#{opt}", default)
-          if result && ["authorized_keys", "private_key", "send_key", "publickey_dir", "known_hosts"].include?(opt)
-            return File.expand_path(result)
-          else
-            return result
-          end
-        elsif @initiated_by == :node
-          return @config.pluginconf.fetch("sshkey.server.#{opt}", default)
-        end
-      end
-      # Creates a hash of the fields used to sign a message
-      # Response messages use the msg, msgtime and requestid fields.
-      # Request messages use the same fields as response, but include
-      # ttl and callerid.
-      def create_hash_fields(msg, msgtime, requestid, ttl = nil, callerid = nil)
-        map = {:msg       => msg,
-               :msgtime   => msgtime,
-               :requestid => requestid}
-        # Check if this is a server hash
-        return map if (ttl == nil && callerid == nil)
-        map[:ttl] = ttl
-        map[:callerid] = callerid
-        map
-      end
-      # Adds a key to a signer object and disables ssh-agent
-      def add_key_to_signer(signer, key)
-        signer.add_key_file(key)
-        signer.use_agent = false
-      end
-      # Creates a signed hash of fields using the node's private key
-      def makehash(data)
-        signer = SSH::Key::Signer.new
-        # Check if the client is signing its request with a predefined
-        # private key. If this is the case, disable ssh-agent.
-        if @initiated_by == :client && (private_key = lookup_config_option('private_key'))
-          unless File.exists?(private_key)
-            raise("Cannot sign request - private key not found: '%s'" % private_key)
-          else
-            add_key_to_signer(signer, private_key)
-          end
-        elsif @initiated_by == :node
-          if private_key = lookup_config_option('private_key')
-            add_key_to_signer(signer, private_key)
-          else
-            # First try and default to ssh_host_dsa_key
-            if File.exists?(private_key = '/etc/ssh/ssh_host_dsa_key')
-              add_key_to_signer(signer, private_key)
-            # If that fails, try ssh_host_rsa_key
-            elsif File.exists?(private_key = '/etc/ssh/ssh_host_rsa_key')
-              add_key_to_signer(signer, private_key)
-            else
-              raise("Cannot sign reply - private key not found: 's'" % private_key)
-            end
-          end
-        end
-        # Default to using ssh-agent for key signing
-        signatures = signer.sign(data).collect { |s| s.signature }
-        Marshal.dump(signatures)
-      end
-      #Returns the contents of a key file on disk
-      def load_key(key)
-        if File.exists?(key)
-          return File.read(key).strip
-        else
-          nil
-        end
-      end
-      # Looks for a specific key in a known hosts file
-      def find_key_in_known_hosts(hostname, known_hosts)
-        key = nil
-        search_for = /^#{hostname}/
-        if File.exists?(known_hosts)
-          File.read(known_hosts).each_line do |line|
-            fields = line.split
-            fields[0].split(',').each do |maybehost|
-              if maybehost =~ search_for
-                fields = line.split
-                key = fields[-2] << ' ' << fields[-1]
-                break
-              end
-            end
-            break unless key.nil?
-          end
-        end
-        unless key
-          Log.warn("Could not find a key for host '%s' in file '%s'" % [hostname, known_hosts])
-          raise SecurityValidationFailed
-        end
-        key
-      end
-      # Create a client verifier object which uses the correct public key
-      def client_verifier(senderid)
-        verifier = SSH::Key::Verifier.new(senderid)
-        verifier.use_authorized_keys = false
-        if publickey_dir = lookup_config_option('publickey_dir')
-          Log.debug("Using public key directory: '%s'" % publickey_dir)
-          verifier.add_public_key_data(find_shared_public_key(publickey_dir, senderid))
-        elsif (known_hosts = lookup_config_option('known_hosts'))
-          Log.debug("Using custom known_hosts file: '%s'" % known_hosts)
-          verifier.add_public_key_data(find_key_in_known_hosts(senderid, known_hosts))
-        elsif (authorized_keys = lookup_config_option('authorized_keys'))
-          Log.debug("Found custom authorized_keys file: '%s'" % authorized_keys)
-          verifier.authorized_keys_file = authorized_keys
-          verifier.use_authorized_keys = true
-        else
-          begin
-            user = Etc.getlogin
-            known_hosts = File.join(Etc.getpwnam(user).dir, '.ssh', 'known_hosts')
-            Log.debug("Using default known_hosts file for user '%s': ''" % [user, known_hosts])
-            verifier.add_public_key_data(find_key_in_known_hosts(senderid, "%s" % known_hosts))
-          rescue => e
-            raise("Cannot find known_hosts file for user '%s': '%s'" % [user, known_hosts])
-          end
-        end
-        verifier.use_agent = false
-        verifier
-      end
-      # Looks for a public key in a shared directory
-      def find_shared_public_key(dir, id)
-        unless File.directory?(dir)
-          raise("Cannot read shared public key directory: '%s'" % dir)
-        end
-        if File.exists?(key_file = File.join(dir, "#{id}_pub.pem"))
-          return File.read(key_file)
-        else
-          Log.warn("Cannot find public key for id '%s': '%s'" % [id, File.join(dir, "#{id}_pub.pem")])
-          raise SecurityValidationFailed
-        end
-      end
-      # Create a node verifier object which uses the correct public key
-      def node_verifier(callerid, registration = false, pubkey = nil)
-        user = callerid.split('=')[-1]
-        verifier = SSH::Key::Verifier.new(user)
-        verifier.use_agent = false
-        # Here we deal with the special case where a registration message
-        # is being validated. send_key has to be defined in the configuration.
-        # TODO : This is a stop gap measure we should remove when we fix
-        #        registration
-        if registration && pubkey
-          Log.debug("Found registration message. Using sender's public key")
-          verifier.add_public_key_data(pubkey)
-          verifier.use_authorized_keys = false
-        elsif registration && !pubkey
-          Log.warn("Cannot verify registration request. Server did not send its public key")
-          raise SecurityValidationFailed
-        elsif publickey_dir = lookup_config_option('publickey_dir')
-          if File.directory?(publickey_dir)
-            Log.debug("Found shared public key directory: '%s'" % publickey_dir)
-            verifier.add_public_key_data(find_shared_public_key(publickey_dir, user))
-            verifier.use_authorized_keys = false
-          else
-            raise("Public key directory '%s' does not exist" % publickey_dir)
-          end
-        elsif (authorized_keys = lookup_config_option('authorized_keys'))
-          authorized_keys = authorized_keys.sub('%u') { |c| user }
-          Log.debug("Found custom authorized_keys file: '%s'" % authorized_keys)
-          verifier.authorized_keys_file = authorized_keys
-        else
-          begin
-            authorized_keys = File.join(Etc.getpwnam(user).dir, '.ssh', 'authorized_keys')
-            Log.debug("No authorized_keys file or publickey_dir specified. Using '%s'" % authorized_keys)
-            verifier.authorized_keys_file = authorized_keys
-          rescue => e
-            raise("Cannot find authorized_keys file for user '%s': '%s'" % [user, authorized_keys])
-          end
-        end
-        verifier
-      end
-    end
-  end
-end