dust-deploy 0.16.4 → 0.16.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +3 -3
- data/README.md +1 -1
- data/changelog.md +14 -0
- data/dust.gemspec +8 -7
- data/lib/dust/examples/nodes/postgresql.yaml +4 -3
- data/lib/dust/examples/templates/duplicity/cronjob.erb +2 -2
- data/lib/dust/helper.rb +0 -7
- data/lib/dust/recipes/apt.rb +4 -4
- data/lib/dust/recipes/debsecan.rb +26 -30
- data/lib/dust/recipes/dnsmasq.rb +1 -1
- data/lib/dust/recipes/dovecot.rb +1 -1
- data/lib/dust/recipes/duplicity.rb +1 -1
- data/lib/dust/recipes/iptables.rb +1 -1
- data/lib/dust/recipes/limits.rb +1 -1
- data/lib/dust/recipes/nginx.rb +2 -2
- data/lib/dust/recipes/packages.rb +1 -1
- data/lib/dust/recipes/postfix.rb +2 -2
- data/lib/dust/recipes/postgres.rb +6 -3
- data/lib/dust/recipes/rc_local.rb +1 -1
- data/lib/dust/recipes/repositories.rb +9 -4
- data/lib/dust/recipes/resolv_conf.rb +1 -1
- data/lib/dust/recipes/skel.rb +2 -2
- data/lib/dust/recipes/ssh_config.rb +2 -2
- data/lib/dust/recipes/sshd.rb +3 -4
- data/lib/dust/recipes/sysctl.rb +1 -1
- data/lib/dust/recipes/users.rb +1 -1
- data/lib/dust/recipes/zabbix_agent.rb +1 -1
- data/lib/dust/runner.rb +3 -3
- data/lib/dust/server.rb +3 -873
- data/lib/dust/server/facter.rb +33 -0
- data/lib/dust/server/file.rb +152 -0
- data/lib/dust/server/osdetect.rb +112 -0
- data/lib/dust/server/package.rb +215 -0
- data/lib/dust/server/selinux.rb +40 -0
- data/lib/dust/server/service.rb +82 -0
- data/lib/dust/server/ssh.rb +182 -0
- data/lib/dust/server/user.rb +117 -0
- data/lib/dust/version.rb +1 -1
- metadata +32 -39
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 0ca3ac3d86aaf5370dac1798875626c970efcf4d
|
4
|
+
data.tar.gz: 38e60b7ecbeecd8e4c1727bee0e3bbb588839a23
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 08a8f2270086db219eec7ac306709cb2fceb66596015b99eda4260fb0c50668622bb0d7e389da83693888fd690d7ce11cd18477197c9aa8b1b25889c237482da
|
7
|
+
data.tar.gz: 465f588108249f894792e35dc76f56dab480f209eb34ed604f38f8bdb7ff67b036f50667520b24a080d0533fcfa485ac6d7e4dae9efcf5c84eb36ae00bd4a9bb
|
data/LICENSE
CHANGED
@@ -631,8 +631,8 @@ to attach them to the start of each source file to most effectively
|
|
631
631
|
state the exclusion of warranty; and each file should have at least
|
632
632
|
the "copyright" line and a pointer to where the full notice is found.
|
633
633
|
|
634
|
-
|
635
|
-
Copyright (C)
|
634
|
+
dust-deploy - a ssh only server deployment tool
|
635
|
+
Copyright (C) 2012 kris kechagia
|
636
636
|
|
637
637
|
This program is free software: you can redistribute it and/or modify
|
638
638
|
it under the terms of the GNU General Public License as published by
|
@@ -652,7 +652,7 @@ Also add information on how to contact you by electronic and paper mail.
|
|
652
652
|
If the program does terminal interaction, make it output a short
|
653
653
|
notice like this when it starts in an interactive mode:
|
654
654
|
|
655
|
-
|
655
|
+
dust-deploy Copyright (C) 2012 kris kechagia
|
656
656
|
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
657
657
|
This is free software, and you are welcome to redistribute it
|
658
658
|
under certain conditions; type `show c' for details.
|
data/README.md
CHANGED
@@ -62,7 +62,7 @@ you should see dust connecting to the node, checking if the requested packages a
|
|
62
62
|
|
63
63
|
## supported distributions
|
64
64
|
|
65
|
-
dust works with **
|
65
|
+
dust works with **apt-get**, **yum**, **emerge**, **pacman** (since 0.10.3) and **opkg** (since 0.12.0) systems at the moment (testet with recent versions of **ubuntu**, **debian**, **gentoo**, **fedora**, **scientificlinux**, **centos** and **archlinux** as well as **openwrt**). should work on rhel without any problem, too.
|
66
66
|
|
67
67
|
|
68
68
|
## contribute
|
data/changelog.md
CHANGED
@@ -1,6 +1,20 @@
|
|
1
1
|
Changelog
|
2
2
|
=============
|
3
3
|
|
4
|
+
0.16.5
|
5
|
+
------------
|
6
|
+
|
7
|
+
- fixes ppa support in repositories recipe for quantal
|
8
|
+
- removes support for .to_array helper, use Array() instead
|
9
|
+
- removes AcceptEnv directive from sshd default configuration
|
10
|
+
- automatically start postgres on boot
|
11
|
+
- fixes invalid yaml syntax in example (thank you Marcos Alejandro Vanetta)
|
12
|
+
- uses apt-get rather than aptitude (thank you Stuart Ellis)
|
13
|
+
- fails gracefully on debian system without facter [debsecan] (thank you Stuart Ellis)
|
14
|
+
- uses ubuntu update-manager for system_update (thank you Stuart Ellis)
|
15
|
+
|
16
|
+
|
17
|
+
|
4
18
|
0.16.4
|
5
19
|
------------
|
6
20
|
|
data/dust.gemspec
CHANGED
@@ -1,22 +1,23 @@
|
|
1
1
|
# -*- encoding: utf-8 -*-
|
2
2
|
$:.push File.expand_path("../lib", __FILE__)
|
3
|
-
require
|
3
|
+
require 'dust/version'
|
4
4
|
|
5
5
|
Gem::Specification.new do |s|
|
6
|
-
s.name =
|
6
|
+
s.name = 'dust-deploy'
|
7
7
|
s.version = Dust::VERSION
|
8
|
-
s.
|
9
|
-
s.
|
10
|
-
s.
|
8
|
+
s.licenses = 'GPLv3'
|
9
|
+
s.authors = ['kris kechagia']
|
10
|
+
s.email = ['kk@rndsec.net']
|
11
|
+
s.homepage = 'https://github.com/kechagia/dust-deploy'
|
11
12
|
s.summary = %q{small server deployment tool for complex environments}
|
12
13
|
s.description = %q{when puppet and chef suck because you want to be in control and sprinkle just cannot do enough for you}
|
13
14
|
|
14
|
-
s.rubyforge_project =
|
15
|
+
s.rubyforge_project = 'dust-deploy'
|
15
16
|
|
16
17
|
s.files = `git ls-files`.split("\n")
|
17
18
|
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
18
19
|
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
19
|
-
s.require_paths = [
|
20
|
+
s.require_paths = ['lib']
|
20
21
|
|
21
22
|
# specify any dependencies here
|
22
23
|
s.add_runtime_dependency 'json'
|
@@ -8,8 +8,8 @@ recipes:
|
|
8
8
|
dbuser: 'postgres:postgres'
|
9
9
|
|
10
10
|
postgresql.conf:
|
11
|
-
listen_addresses: *
|
12
|
-
port: 5432
|
11
|
+
listen_addresses: '*'
|
12
|
+
port: 5432
|
13
13
|
ssl: on
|
14
14
|
full_page_writes: on
|
15
15
|
|
@@ -44,5 +44,6 @@ recipes:
|
|
44
44
|
state: new
|
45
45
|
in-interface: eth1
|
46
46
|
source: 10.0.0.0/8
|
47
|
-
|
47
|
+
|
48
48
|
rc_local: blockdev --setra 8192 /dev/vda
|
49
|
+
|
@@ -41,10 +41,10 @@ nice -n $NICE slapcat > /root/.ldap-<%= config['interval'] %> &> /dev/null
|
|
41
41
|
# backup selected directories
|
42
42
|
nice -n <%= config['nice'] %> duplicity --archive-dir <%= config['archive'] %> \
|
43
43
|
--full-if-older-than <%= config['full-if-older-than'] %> --exclude-device-files / \
|
44
|
-
% config['exclude'].
|
44
|
+
% Array(config['exclude']).each do |dir|
|
45
45
|
--exclude <%= dir %> \
|
46
46
|
% end
|
47
|
-
% config['include'].
|
47
|
+
% Array(config['include']).each do |dir|
|
48
48
|
--include <%= dir %> \
|
49
49
|
% end
|
50
50
|
--exclude '**' \
|
data/lib/dust/helper.rb
CHANGED
@@ -1,10 +1,3 @@
|
|
1
|
-
class Object
|
2
|
-
# turns an object into an array
|
3
|
-
# this is needed, since 1.9 doesnt support "string".to_a and "string".each anymore
|
4
|
-
def to_array
|
5
|
-
Array(self)
|
6
|
-
end
|
7
|
-
end
|
8
1
|
|
9
2
|
# combines two arrays
|
10
3
|
# stolen from Juan Matias (jmrepetti) from stackoverflow.com
|
data/lib/dust/recipes/apt.rb
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
class Apt < Recipe
|
2
|
-
desc 'apt:deploy', 'configures apt
|
2
|
+
desc 'apt:deploy', 'configures apt'
|
3
3
|
def deploy
|
4
|
-
return unless @node.uses_apt?
|
4
|
+
return unless @node.uses_apt?
|
5
5
|
|
6
6
|
@config = default_config.merge @config
|
7
7
|
|
@@ -11,7 +11,7 @@ class Apt < Recipe
|
|
11
11
|
@config.each do |name, settings|
|
12
12
|
@node.messages.add("deploying apt settings #{name}\n")
|
13
13
|
conf = ''
|
14
|
-
settings.
|
14
|
+
Array(settings).each do |setting|
|
15
15
|
conf << "#{setting}\n"
|
16
16
|
end
|
17
17
|
|
@@ -65,7 +65,7 @@ class Apt < Recipe
|
|
65
65
|
end
|
66
66
|
|
67
67
|
return if config.is_a? FalseClass or config == 'disabled'
|
68
|
-
|
68
|
+
|
69
69
|
@node.messages.add("deploying proxy configuration\n")
|
70
70
|
proxy = "Acquire::http::Proxy \"#{config}\";\n"
|
71
71
|
|
@@ -1,45 +1,41 @@
|
|
1
1
|
class Debsecan < Recipe
|
2
2
|
desc 'debsecan:deploy', 'installs and configures debian security package "debsecan"'
|
3
3
|
def deploy
|
4
|
+
return @node.messages.add('os not supported').failed() unless @node.is_debian?
|
4
5
|
@node.collect_facts
|
6
|
+
@node.install_package 'debsecan'
|
5
7
|
|
6
|
-
|
7
|
-
@node.install_package 'debsecan'
|
8
|
+
msg = @node.messages.add('configuring debsecan')
|
8
9
|
|
9
|
-
|
10
|
+
# if config is simply set to "true", use defaults
|
11
|
+
config = {} unless config.is_a? Hash
|
10
12
|
|
11
|
-
|
12
|
-
|
13
|
+
# setting default config variables (unless already set)
|
14
|
+
config['report'] ||= false
|
15
|
+
config['mailto'] ||= 'root'
|
16
|
+
config['source'] ||= ''
|
13
17
|
|
14
|
-
|
15
|
-
config['report'] ||= false
|
16
|
-
config['mailto'] ||= 'root'
|
17
|
-
config['source'] ||= ''
|
18
|
+
config_file = ''
|
18
19
|
|
19
|
-
|
20
|
+
# configures whether daily reports are sent
|
21
|
+
config_file << "# If true, enable daily reports, sent by email.\n" +
|
22
|
+
"REPORT=#{config['report'].to_s}\n\n"
|
20
23
|
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
+
# configures the suite
|
25
|
+
config_file << "# For better reporting, specify the correct suite here, using the code\n" +
|
26
|
+
"# name (that is, \"sid\" instead of \"unstable\").\n" +
|
27
|
+
"SUITE=#{@node['lsbdistcodename']}\n\n"
|
24
28
|
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
"SUITE=#{@node['lsbdistcodename']}\n\n"
|
29
|
+
# which user gets the reports?
|
30
|
+
config_file << "# Mail address to which reports are sent.\n" +
|
31
|
+
"MAILTO=#{config['mailto']}\n\n"
|
29
32
|
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
+
# set vulnerability source
|
34
|
+
config_file << "# The URL from which vulnerability data is downloaded. Empty for the\n" +
|
35
|
+
"# built-in default.\n" +
|
36
|
+
"SOURCE=#{config['source']}\n\n"
|
33
37
|
|
34
|
-
|
35
|
-
|
36
|
-
"# built-in default.\n" +
|
37
|
-
"SOURCE=#{config['source']}\n\n"
|
38
|
-
|
39
|
-
@node.write '/etc/default/debsecan', config_file, :quiet => true
|
40
|
-
msg.ok
|
41
|
-
else
|
42
|
-
msg.failed('os not supported')
|
43
|
-
end
|
38
|
+
@node.write '/etc/default/debsecan', config_file, :quiet => true
|
39
|
+
msg.ok
|
44
40
|
end
|
45
41
|
end
|
data/lib/dust/recipes/dnsmasq.rb
CHANGED
@@ -12,7 +12,7 @@ class Dnsmasq < Recipe
|
|
12
12
|
# this will be translated to
|
13
13
|
# server=nameserver1
|
14
14
|
# server=/yourdomain/yournameserver/
|
15
|
-
values.
|
15
|
+
Array(values).each do |value|
|
16
16
|
|
17
17
|
# dnsmasq has some settings which are just set without a value
|
18
18
|
# in the node.yaml, this has to be specified using e.g.
|
data/lib/dust/recipes/dovecot.rb
CHANGED
@@ -53,7 +53,7 @@ class Duplicity < Recipe
|
|
53
53
|
|
54
54
|
# adjust and upload cronjob
|
55
55
|
@node.messages.add("adjusting and deploying cronjob (scenario: #{scenario}, interval: #{config['interval']})\n")
|
56
|
-
config['options'].
|
56
|
+
Array(config['options']).each { |option| @node.messages.add("adding option: #{option}", :indent => 2).ok }
|
57
57
|
|
58
58
|
@node.deploy_file "#{@template_path}/cronjob", cronjob_path, :binding => binding
|
59
59
|
|
data/lib/dust/recipes/limits.rb
CHANGED
@@ -17,7 +17,7 @@ class Limits < Recipe
|
|
17
17
|
@config.each do |name, rules|
|
18
18
|
limits_conf = ''
|
19
19
|
@node.messages.add("assembling system limits according to rule '#{name}'\n")
|
20
|
-
rules.
|
20
|
+
Array(rules).each do |rule|
|
21
21
|
|
22
22
|
# check if entry is valid
|
23
23
|
unless rule['domain']
|
data/lib/dust/recipes/nginx.rb
CHANGED
@@ -8,7 +8,7 @@ class Nginx < Recipe
|
|
8
8
|
@config['user'] ||= 'nginx' if @node.uses_rpm?
|
9
9
|
@config['user'] ||= 'www-data' if @node.uses_apt?
|
10
10
|
|
11
|
-
@config['package'].
|
11
|
+
Array(@config['package']).each do |package|
|
12
12
|
return unless @node.install_package(package)
|
13
13
|
end
|
14
14
|
|
@@ -24,7 +24,7 @@ class Nginx < Recipe
|
|
24
24
|
msg.ok
|
25
25
|
|
26
26
|
@config['sites'].each do |state, sites|
|
27
|
-
sites.
|
27
|
+
Array(sites).each do |site|
|
28
28
|
@node.deploy_file("#{@template_path}/sites/#{site}", "/etc/nginx/sites-available/#{site}", :binding => binding)
|
29
29
|
|
30
30
|
# symlink to sites-enabled if this is listed as an enabled site
|
data/lib/dust/recipes/postfix.rb
CHANGED
@@ -4,7 +4,7 @@ class Postfix < Recipe
|
|
4
4
|
@config = default_config.merge @config
|
5
5
|
@config.boolean_to_string! # parse 'no/yes' as string, not as boolean
|
6
6
|
|
7
|
-
@config['package'].
|
7
|
+
Array(@config['package']).each do |package|
|
8
8
|
return unless @node.install_package(package)
|
9
9
|
end
|
10
10
|
|
@@ -26,7 +26,7 @@ class Postfix < Recipe
|
|
26
26
|
"#{s['unpriv']}\t#{s['chroot']}\t#{s['wakeup']}\t" +
|
27
27
|
"#{s['maxproc']}\t#{s['command']}\n"
|
28
28
|
if s['args']
|
29
|
-
s['args'].
|
29
|
+
Array(s['args']).each { |a| master_cf << " #{a}\n" }
|
30
30
|
master_cf << "\n"
|
31
31
|
end
|
32
32
|
end
|
@@ -25,15 +25,18 @@ class Postgres < Recipe
|
|
25
25
|
set_permissions
|
26
26
|
|
27
27
|
# configure pacemaker profile
|
28
|
-
if @config['profile'].
|
28
|
+
if Array(@config['profile']).include?('pacemaker')
|
29
29
|
deploy_pacemaker_script if @node.package_installed?('pacemaker')
|
30
30
|
end
|
31
31
|
|
32
32
|
# configure zabbix profile
|
33
|
-
if @config['profile'].
|
33
|
+
if Array(@config['profile']).include?('zabbix')
|
34
34
|
configure_for_zabbix if zabbix_installed?
|
35
35
|
end
|
36
36
|
|
37
|
+
# enable service to start at boot-time
|
38
|
+
@node.autostart_service(@config['service_name'])
|
39
|
+
|
37
40
|
# reload/restart postgres if command line option is given
|
38
41
|
@node.restart_service(@config['service_name']) if options.restart?
|
39
42
|
@node.reload_service(@config['service_name']) if options.reload?
|
@@ -140,7 +143,7 @@ class Postgres < Recipe
|
|
140
143
|
@config['postgresql.conf'] = default_postgres_conf.merge(@config['postgresql.conf'])
|
141
144
|
|
142
145
|
# calculate values if dedicated profile is given
|
143
|
-
profile_dedicated if @config['profile'].
|
146
|
+
profile_dedicated if Array(@config['profile']).include?('dedicated')
|
144
147
|
|
145
148
|
postgresql_conf = ''
|
146
149
|
@config['postgresql.conf'].each do |key, value|
|
@@ -1,5 +1,5 @@
|
|
1
1
|
class Repositories < Recipe
|
2
|
-
desc 'repositories:deploy', 'configures package management repositories (
|
2
|
+
desc 'repositories:deploy', 'configures package management repositories (apt-get, yum)'
|
3
3
|
def deploy
|
4
4
|
return unless @node.collect_facts
|
5
5
|
|
@@ -55,7 +55,7 @@ class Repositories < Recipe
|
|
55
55
|
|
56
56
|
repo['release'] ||= @node['lsbdistcodename']
|
57
57
|
repo['components'] ||= [ 'main' ]
|
58
|
-
repo['components'] = repo['components'].
|
58
|
+
repo['components'] = Array(repo['components']).join(' ')
|
59
59
|
|
60
60
|
# ||= doesn't work for booleans
|
61
61
|
repo['source'] = repo['source'].nil? ? true : repo['source']
|
@@ -96,7 +96,12 @@ class Repositories < Recipe
|
|
96
96
|
end
|
97
97
|
|
98
98
|
def add_ppa(repo)
|
99
|
-
|
99
|
+
if @node['lsbdistrelease'].to_f >= 12.10
|
100
|
+
return false unless @node.install_package('software-properties-common', :indent => 2)
|
101
|
+
else
|
102
|
+
return false unless @node.install_package('python-software-properties', :indent => 2)
|
103
|
+
end
|
104
|
+
|
100
105
|
msg = @node.messages.add('running add-apt-repository', :indent => 2)
|
101
106
|
cmd = "add-apt-repository -y ppa:#{repo['ppa']}"
|
102
107
|
if repo['keyserver']
|
@@ -109,7 +114,7 @@ class Repositories < Recipe
|
|
109
114
|
def generate_repo(repo)
|
110
115
|
# add url to sources.list
|
111
116
|
sources = ''
|
112
|
-
repo['release'].
|
117
|
+
Array(repo['release']).each do |release|
|
113
118
|
sources << "deb #{repo['url']} #{release} #{repo['components']}\n" if repo['binary']
|
114
119
|
sources << "deb-src #{repo['url']} #{release} #{repo['components']}\n" if repo['source']
|
115
120
|
end
|
@@ -30,7 +30,7 @@ class ResolvConf < Recipe
|
|
30
30
|
msg.ok
|
31
31
|
end
|
32
32
|
|
33
|
-
@config['nameservers'].
|
33
|
+
Array(@config['nameservers']).each do |nameserver|
|
34
34
|
msg = @node.messages.add("adding nameserver #{nameserver}", :indent => 2)
|
35
35
|
config_file << "nameserver #{nameserver}\n"
|
36
36
|
msg.ok
|
data/lib/dust/recipes/skel.rb
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
class Skel < Recipe
|
2
2
|
desc 'skel:deploy', 'copy default configuration files to users home directory'
|
3
3
|
def deploy
|
4
|
-
@config.
|
4
|
+
Array(@config).each do |user|
|
5
5
|
home = @node.get_home(user)
|
6
6
|
unless home
|
7
7
|
@node.messages.add("couldn't find home directory for user #{user}").failed
|
@@ -12,7 +12,7 @@ class Skel < Recipe
|
|
12
12
|
Dir["#{@template_path}/.*"].each do |file|
|
13
13
|
next unless File.file?(file)
|
14
14
|
@node.deploy_file(file, "#{home}/#{File.basename(file)}", { :binding => binding, :indent => 2 })
|
15
|
-
@node.chown("#{user}:#{@node.get_gid(user)}", "#{home}/#{File.basename(file)}")
|
15
|
+
@node.chown("#{user}:#{@node.get_gid(user)}", "#{home}/#{File.basename(file)}", :indent => 2)
|
16
16
|
end
|
17
17
|
end
|
18
18
|
end
|
@@ -37,10 +37,10 @@ class Ssh_config < Recipe
|
|
37
37
|
if value.is_a? Hash
|
38
38
|
ssh_config << "#{key}\n"
|
39
39
|
value.each do |k, v|
|
40
|
-
v.
|
40
|
+
Array(v).each { |x| ssh_config << " #{k} #{x}\n" }
|
41
41
|
end
|
42
42
|
else
|
43
|
-
value.
|
43
|
+
Array(value).each { |x| ssh_config << "#{key} #{x}\n" }
|
44
44
|
end
|
45
45
|
end
|
46
46
|
ssh_config
|