RubyGems - dust-deploy - Versions diffs - 0.16.4 → 0.16.5 - Mend

dust-deploy 0.16.4 → 0.16.5

Files changed (40) hide show

checksums.yaml +7 -0
data/LICENSE +3 -3
data/README.md +1 -1
data/changelog.md +14 -0
data/dust.gemspec +8 -7
data/lib/dust/examples/nodes/postgresql.yaml +4 -3
data/lib/dust/examples/templates/duplicity/cronjob.erb +2 -2
data/lib/dust/helper.rb +0 -7
data/lib/dust/recipes/apt.rb +4 -4
data/lib/dust/recipes/debsecan.rb +26 -30
data/lib/dust/recipes/dnsmasq.rb +1 -1
data/lib/dust/recipes/dovecot.rb +1 -1
data/lib/dust/recipes/duplicity.rb +1 -1
data/lib/dust/recipes/iptables.rb +1 -1
data/lib/dust/recipes/limits.rb +1 -1
data/lib/dust/recipes/nginx.rb +2 -2
data/lib/dust/recipes/packages.rb +1 -1
data/lib/dust/recipes/postfix.rb +2 -2
data/lib/dust/recipes/postgres.rb +6 -3
data/lib/dust/recipes/rc_local.rb +1 -1
data/lib/dust/recipes/repositories.rb +9 -4
data/lib/dust/recipes/resolv_conf.rb +1 -1
data/lib/dust/recipes/skel.rb +2 -2
data/lib/dust/recipes/ssh_config.rb +2 -2
data/lib/dust/recipes/sshd.rb +3 -4
data/lib/dust/recipes/sysctl.rb +1 -1
data/lib/dust/recipes/users.rb +1 -1
data/lib/dust/recipes/zabbix_agent.rb +1 -1
data/lib/dust/runner.rb +3 -3
data/lib/dust/server.rb +3 -873
data/lib/dust/server/facter.rb +33 -0
data/lib/dust/server/file.rb +152 -0
data/lib/dust/server/osdetect.rb +112 -0
data/lib/dust/server/package.rb +215 -0
data/lib/dust/server/selinux.rb +40 -0
data/lib/dust/server/service.rb +82 -0
data/lib/dust/server/ssh.rb +182 -0
data/lib/dust/server/user.rb +117 -0
data/lib/dust/version.rb +1 -1
metadata +32 -39

@@ -0,0 +1,40 @@
+require 'dust/server/ssh'
+module Dust
+  class Server
+    def selinuxenabled?
+      return true if exec('selinuxenabled')[:exit_code] == 0
+      false
+    end
+    # check if restorecon (selinux) is available
+    # if so, run it on "path" recursively
+    def restorecon(path, options={})
+      options = default_options.merge(options)
+      # if selinux is not enabled, just return
+      return true unless selinuxenabled?
+      msg = messages.add("restoring selinux labels for #{path}", options)
+      msg.parse_result(exec("restorecon -R #{path}")[:exit_code])
+    end
+    def chcon(permissions, file, options={})
+      options = default_options.merge(options)
+      # just return if selinux is not enabled
+      return true unless selinuxenabled?
+      args  = ""
+      args << " --type #{permissions['type']}" if permissions['type']
+      args << " --recursive #{permissions['recursive']}" if permissions['recursive']
+      args << " --user #{permissions['user']}" if permissions['user']
+      args << " --range #{permissions['range']}" if permissions['range']
+      args << " --role #{permissions['role']}" if permissions['role']
+      msg = messages.add("setting selinux permissions of #{File.basename(file)}", options)
+      msg.parse_result(exec("chcon #{args} #{file}")[:exit_code])
+    end
+  end
+end

data/lib/dust/server/service.rb ADDED

@@ -0,0 +1,82 @@
+require 'dust/server/ssh'
+module Dust
+  class Server
+    def autostart_service(service, options={})
+      options = default_options.merge(options)
+      msg = messages.add("autostart #{service} on boot", options)
+      if uses_rpm?
+        if file_exists? '/bin/systemctl', :quiet => true
+          msg.parse_result(exec("systemctl enable #{service}.service")[:exit_code])
+        else
+          msg.parse_result(exec("chkconfig #{service} on")[:exit_code])
+        end
+      elsif uses_apt?
+        msg.parse_result(exec("update-rc.d #{service} defaults")[:exit_code])
+      elsif uses_emerge?
+        msg.parse_result(exec("rc-update add #{service} default")[:exit_code])
+      # archlinux needs his autostart daemons in /etc/rc.conf, in the DAEMONS line
+      #elsif uses_pacman?
+      else
+        msg.failed
+      end
+    end
+    # invoke 'command' on the service (e.g. @node.service 'postgresql', 'restart')
+    def service(service, command, options={})
+      options = default_options.merge(options)
+      return messages.add("service: '#{service}' unknown", options).failed unless service.is_a? String
+      # try systemd, then upstart, then sysvconfig, then rc.d, then initscript
+      if file_exists? '/bin/systemctl', :quiet => true
+        msg = messages.add("#{command}ing #{service} (via systemd)", options)
+        ret = exec("systemctl #{command} #{service}.service")
+      elsif file_exists? "/etc/init/#{service}", :quiet => true
+        msg = messages.add("#{command}ing #{service} (via upstart)", options)
+        ret = exec("#{command} #{service}")
+      elsif file_exists? '/sbin/service', :quiet => true or file_exists? '/usr/sbin/service', :quiet => true
+        msg = messages.add("#{command}ing #{service} (via sysvconfig)", options)
+        ret = exec("service #{service} #{command}")
+      elsif file_exists? '/usr/sbin/rc.d', :quiet => true
+        msg = messages.add("#{command}ing #{service} (via rc.d)", options)
+        ret = exec("rc.d #{command} #{service}")
+      else
+        msg = messages.add("#{command}ing #{service} (via initscript)", options)
+        ret = exec("/etc/init.d/#{service} #{command}")
+      end
+      msg.parse_result(ret[:exit_code])
+      ret
+    end
+    def restart_service(service, options={})
+      options = default_options.merge(options)
+      service(service, 'restart', options)
+    end
+    def reload_service(service, options={})
+      options = default_options.merge(options)
+      service(service, 'reload', options)
+    end
+    def print_service_status(service, options={})
+      options = default_options.merge(:indent => 0).merge(options)
+      ret = service(service, 'status', options)
+      messages.add('', options).print_output(ret)
+      ret
+    end
+  end
+end

data/lib/dust/server/ssh.rb ADDED

@@ -0,0 +1,182 @@
+require 'net/ssh'
+require 'net/scp'
+require 'net/ssh/proxy/socks5'
+require 'dust/server/file'
+require 'dust/server/osdetect'
+require 'dust/server/package'
+require 'dust/server/selinux'
+module Dust
+  class Server
+    attr_reader :ssh
+    def connect
+      messages.print_hostname_header(@node['hostname']) unless $parallel
+      begin
+        # connect to proxy if given
+        if @node['proxy']
+          host, port = @node['proxy'].split ':'
+          proxy = Net::SSH::Proxy::SOCKS5.new(host, port)
+        else
+          proxy = nil
+        end
+        @ssh = Net::SSH.start @node['fqdn'], @node['user'],
+                              { :password => @node['password'],
+                                :port => @node['port'],
+                                :proxy => proxy }
+      rescue Exception
+        error_message = "coudln't connect to #{@node['fqdn']}"
+        error_message << " (via socks5 proxy #{@node['proxy']})" if proxy
+        messages.add(error_message, :indent => 0).failed
+        return false
+      end
+      true
+    end
+    def disconnect
+      @ssh.close
+    end
+    def exec(command, options={:live => false, :as_user => false})
+      sudo_authenticated = false
+      stdout = ''
+      stderr = ''
+      exit_code = nil
+      exit_signal = nil
+      # prepend a newline, if output is live
+      messages.add("\n", :indent => 0) if options[:live]
+      @ssh.open_channel do |channel|
+        # if :as_user => user is given, execute as user (be aware of ' usage)
+        command = "su #{options[:as_user]} -l -c '#{command}'" if options[:as_user]
+        # request a terminal (sudo needs it)
+        # and prepend "sudo"
+        # command is wrapped in ", escapes " in the command string
+        # and then executed using "sh -c", so that
+        # the use of > < && || | and ; doesn't screw things up
+        if @node['sudo']
+          channel.request_pty
+          command = "sudo -k -- sh -c \"#{command.gsub('"','\\"')}\""
+        end
+        channel.exec command do |ch, success|
+          abort "FAILED: couldn't execute command (ssh.channel.exec)" unless success
+          channel.on_data do |ch, data|
+            # only send password if sudo mode is enabled,
+            # and only send password once in a session (trying to prevent attacks reading out the password)
+            if data =~ /\[sudo\] password for #{@node['user']}/
+              raise 'password requested, but none given in config!' if @node['password'].empty?
+              raise 'already sent password, but sudo requested the password again. (wrong password?)' if sudo_authenticated
+              # we're not authenticated yet, send password
+              channel.send_data "#{@node['password']}\n"
+              sudo_authenticated = true
+            else
+              # skip everything util authenticated (if sudo is used and password given in config)
+              next if @node['sudo'] and not @node['password'].empty? and not sudo_authenticated
+              stdout += data
+              messages.add(data.green, :indent => 0) if options[:live] and not data.empty?
+            end
+          end
+          channel.on_extended_data do |ch, type, data|
+            stderr += data
+            messages.add(data.red, :indent => 0) if options[:live] and not data.empty?
+          end
+          channel.on_request('exit-status') { |ch, data| exit_code = data.read_long }
+          channel.on_request('exit-signal') { |ch, data| exit_signal = data.read_long }
+        end
+      end
+      @ssh.loop
+      # sudo usage provokes a heading newline that's unwanted.
+      stdout.sub! /^(\r\n|\n|\r)/, '' if @node['sudo']
+      { :stdout => stdout, :stderr => stderr, :exit_code => exit_code, :exit_signal => exit_signal }
+    end
+    def scp(source, destination, options={})
+      options = default_options.merge(options)
+      # make sure scp is installed on client
+      install_package('openssh-clients', :quiet => true) if uses_rpm?
+      msg = messages.add("deploying #{File.basename source}", options)
+      # check if destination is a directory
+      is_dir = dir_exists?(destination, :quiet => true)
+      # save permissions if the file already exists
+      ret = exec("stat -c %a:%u:%g #{destination}")
+      if ret[:exit_code] == 0 and not is_dir
+        permissions, user, group = ret[:stdout].chomp.split(':')
+      else
+        # files = 644, dirs = 755
+        permissions = 'ug-x,o-wx,u=rwX,g=rX,o=rX'
+        user = 'root'
+        group = 'root'
+      end
+      # if in sudo mode, copy file to temporary place, then move using sudo
+      if @node['sudo']
+        tmpdir = mktemp(:type => 'directory')
+        return msg.failed('could not create temporary directory (needed for sudo)') unless tmpdir
+        # temporary destination in tmpdir
+        tmpdest = "#{tmpdir}/#{File.basename(destination)}"
+        # allow user to write file without sudo (for scp)
+        # then change file back to root, and copy to the destination
+        chown(@node['user'], tmpdir, :quiet => true)
+        @ssh.scp.upload!(source, tmpdest, :recursive => true)
+        # set file permissions
+        chown("#{user}:#{group}", tmpdest, :quiet => true) if user and group
+        chmod(permissions, tmpdest, :quiet => true)
+        # if destination is a directory, append real filename
+        destination = "#{destination}/#{File.basename(source)}" if is_dir
+        # move the file from the temporary location to where it actually belongs
+        msg.parse_result(exec("mv -f #{tmpdest} #{destination}")[:exit_code])
+        # remove temporary directory
+        rm(tmpdir, :quiet => true)
+      else
+        @ssh.scp.upload!(source, destination, :recursive => true)
+        msg.ok
+        # set file permissions
+        chown("#{user}:#{group}", destination, :quiet => true) if user and group
+        chmod(permissions, destination, :quiet => true)
+      end
+      restorecon(destination, options) # restore SELinux labels
+    end
+    # download a file (sudo not yet supported)
+    def download(source, destination, options={})
+      options = default_options.merge(options)
+      # make sure scp is installed on client
+      install_package('openssh-clients', :quiet => true) if uses_rpm?
+      msg = messages.add("downloading #{File.basename source}", options)
+      msg.parse_result(@ssh.scp.download!(source, destination))
+    end
+  end
+end

data/lib/dust/server/user.rb ADDED

@@ -0,0 +1,117 @@
+require 'dust/server/ssh'
+require 'dust/server/selinux'
+module Dust
+  class Server
+    def get_system_users(options={})
+      options = default_options.merge(options)
+      msg = messages.add("getting all system users", options)
+      ret = exec 'getent passwd |cut -d: -f1'
+      msg.parse_result(ret[:exit_code])
+      users = []
+      ret[:stdout].each do |user|
+        users.push(user.chomp)
+      end
+      users
+    end
+    # check whether a user exists on this node
+    def user_exists? user, options={}
+      options = default_options.merge(options)
+      msg = messages.add("checking if user #{user} exists", options)
+      msg.parse_result(exec("id #{user}")[:exit_code])
+    end
+    # manages users (create, modify)
+    def manage_user(user, options={})
+      options = default_options.merge(options)
+      options = { 'home' => nil, 'shell' => nil, 'uid' => nil, 'remove' => false,
+                  'gid' => nil, 'groups' => nil, 'system' => false }.merge(options)
+      # delete user from system
+      if options['remove']
+        if user_exists?(user, :quiet => true)
+           msg = messages.add("deleting user #{user} from system", { :indent => options[:indent] }.merge(options))
+           return msg.parse_result(exec("userdel --remove #{user}")[:exit_code])
+        end
+        return messages.add("user #{user} not present in system", options).ok
+      end
+      if user_exists?(user, :quiet => true)
+        args  = ""
+        args << " --move-home --home #{options['home']}" if options['home']
+        args << " --shell #{options['shell']}" if options['shell']
+        args << " --uid #{options['uid']}" if options['uid']
+        args << " --gid #{options['gid']}" if options['gid']
+        args << " --append --groups #{Array(options['groups']).join(',')}" if options['groups']
+        if args.empty?
+          ret = messages.add("user #{user} already set up correctly", options).ok
+        else
+          msg = messages.add("modifying user #{user}", { :indent => options[:indent] }.merge(options))
+          ret = msg.parse_result(exec("usermod #{args} #{user}")[:exit_code])
+        end
+      else
+        args =  ""
+        args =  "--create-home" unless options['system']
+        args << " --system" if options['system']
+        args << " --home #{options['home']}" if options['home'] and not options['system']
+        args << " --shell #{options['shell']}" if options['shell']
+        args << " --uid #{options['uid']}" if options['uid']
+        args << " --gid #{options['gid']}" if options['gid']
+        args << " --groups #{Array(options['groups']).join(',')}" if options['groups']
+        msg = messages.add("creating user #{user}", { :indent => options[:indent] }.merge(options))
+        ret = msg.parse_result(exec("useradd #{user} #{args}")[:exit_code])
+      end
+      # set selinux permissions
+      chcon({ 'type' => 'user_home_dir_t' }, get_home(user), options)
+      return ret
+    end
+    # returns the home directory of this user
+    def get_home(user, options={})
+      options = default_options(:quiet => true).merge(options)
+      msg = messages.add("getting home directory of #{user}", options)
+      ret = exec("getent passwd |cut -d':' -f1,6 |grep '^#{user}' |head -n1 |cut -d: -f2")
+      if msg.parse_result(ret[:exit_code]) and not ret[:stdout].chomp.empty?
+        return ret[:stdout].chomp
+      else
+        return false
+      end
+    end
+    # returns shell of this user
+    def get_shell(user, options={})
+      options = default_options(:quiet => true).merge(options)
+      msg = messages.add("getting shell of #{user}", options)
+      ret = exec("getent passwd |cut -d':' -f1,7 |grep '^#{user}' |head -n1 |cut -d: -f2")
+      if msg.parse_result(ret[:exit_code])
+        return ret[:stdout].chomp
+      else
+        return false
+      end
+    end
+    # returns primary group id of this user
+    def get_gid(user, options={})
+      options = default_options(:quiet => true).merge(options)
+      msg = messages.add("getting primary gid of #{user}", options)
+      ret = exec("id -g #{user}")
+      if msg.parse_result(ret[:exit_code])
+        return ret[:stdout].chomp
+      else
+        return false
+      end
+    end
+  end
+end

data/lib/dust/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Dust
-  VERSION = "0.16.4"
+  VERSION = "0.16.5"
 end

metadata CHANGED

@@ -1,126 +1,111 @@
 --- !ruby/object:Gem::Specification
 name: dust-deploy
 version: !ruby/object:Gem::Version
-  version: 0.16.4
-  prerelease:
+  version: 0.16.5
 platform: ruby
 authors:
 - kris kechagia
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-11-04 00:00:00.000000000 Z
+date: 2013-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: net-ssh
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: net-scp
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: net-sftp
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: ipaddress
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: colorize
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: when puppet and chef suck because you want to be in control and sprinkle
@@ -205,29 +190,37 @@ files:
 - lib/dust/recipes/zabbix_agent.rb
 - lib/dust/runner.rb
 - lib/dust/server.rb
+- lib/dust/server/facter.rb
+- lib/dust/server/file.rb
+- lib/dust/server/osdetect.rb
+- lib/dust/server/package.rb
+- lib/dust/server/selinux.rb
+- lib/dust/server/service.rb
+- lib/dust/server/ssh.rb
+- lib/dust/server/user.rb
 - lib/dust/version.rb
-homepage: ''
-licenses: []
+homepage: https://github.com/kechagia/dust-deploy
+licenses:
+- GPLv3
+metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: dust-deploy
-rubygems_version: 1.8.23
+rubygems_version: 2.0.0
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: small server deployment tool for complex environments
 test_files: []