RubyGems - dust-deploy - Versions diffs - 0.16.4 → 0.16.5 - Mend

dust-deploy 0.16.4 → 0.16.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

checksums.yaml +7 -0
data/LICENSE +3 -3
data/README.md +1 -1
data/changelog.md +14 -0
data/dust.gemspec +8 -7
data/lib/dust/examples/nodes/postgresql.yaml +4 -3
data/lib/dust/examples/templates/duplicity/cronjob.erb +2 -2
data/lib/dust/helper.rb +0 -7
data/lib/dust/recipes/apt.rb +4 -4
data/lib/dust/recipes/debsecan.rb +26 -30
data/lib/dust/recipes/dnsmasq.rb +1 -1
data/lib/dust/recipes/dovecot.rb +1 -1
data/lib/dust/recipes/duplicity.rb +1 -1
data/lib/dust/recipes/iptables.rb +1 -1
data/lib/dust/recipes/limits.rb +1 -1
data/lib/dust/recipes/nginx.rb +2 -2
data/lib/dust/recipes/packages.rb +1 -1
data/lib/dust/recipes/postfix.rb +2 -2
data/lib/dust/recipes/postgres.rb +6 -3
data/lib/dust/recipes/rc_local.rb +1 -1
data/lib/dust/recipes/repositories.rb +9 -4
data/lib/dust/recipes/resolv_conf.rb +1 -1
data/lib/dust/recipes/skel.rb +2 -2
data/lib/dust/recipes/ssh_config.rb +2 -2
data/lib/dust/recipes/sshd.rb +3 -4
data/lib/dust/recipes/sysctl.rb +1 -1
data/lib/dust/recipes/users.rb +1 -1
data/lib/dust/recipes/zabbix_agent.rb +1 -1
data/lib/dust/runner.rb +3 -3
data/lib/dust/server.rb +3 -873
data/lib/dust/server/facter.rb +33 -0
data/lib/dust/server/file.rb +152 -0
data/lib/dust/server/osdetect.rb +112 -0
data/lib/dust/server/package.rb +215 -0
data/lib/dust/server/selinux.rb +40 -0
data/lib/dust/server/service.rb +82 -0
data/lib/dust/server/ssh.rb +182 -0
data/lib/dust/server/user.rb +117 -0
data/lib/dust/version.rb +1 -1
metadata +32 -39

data/lib/dust/server/selinux.rb ADDED

@@ -0,0 +1,40 @@
+require 'dust/server/ssh'
+module Dust
+  class Server
+    def selinuxenabled?
+      return true if exec('selinuxenabled')[:exit_code] == 0
+      false
+    end
+    # check if restorecon (selinux) is available
+    # if so, run it on "path" recursively
+    def restorecon(path, options={})
+      options = default_options.merge(options)
+      # if selinux is not enabled, just return
+      return true unless selinuxenabled?
+      msg = messages.add("restoring selinux labels for #{path}", options)
+      msg.parse_result(exec("restorecon -R #{path}")[:exit_code])
+    end
+    def chcon(permissions, file, options={})
+      options = default_options.merge(options)
+      # just return if selinux is not enabled
+      return true unless selinuxenabled?
+      args  = ""
+      args << " --type #{permissions['type']}" if permissions['type']
+      args << " --recursive #{permissions['recursive']}" if permissions['recursive']
+      args << " --user #{permissions['user']}" if permissions['user']
+      args << " --range #{permissions['range']}" if permissions['range']
+      args << " --role #{permissions['role']}" if permissions['role']
+      msg = messages.add("setting selinux permissions of #{File.basename(file)}", options)
+      msg.parse_result(exec("chcon #{args} #{file}")[:exit_code])
+    end
+  end
+end

data/lib/dust/server/service.rb ADDED

@@ -0,0 +1,82 @@
+require 'dust/server/ssh'
+module Dust
+  class Server
+    def autostart_service(service, options={})
+      options = default_options.merge(options)
+      msg = messages.add("autostart #{service} on boot", options)
+      if uses_rpm?
+        if file_exists? '/bin/systemctl', :quiet => true
+          msg.parse_result(exec("systemctl enable #{service}.service")[:exit_code])
+        else
+          msg.parse_result(exec("chkconfig #{service} on")[:exit_code])
+        end
+      elsif uses_apt?
+        msg.parse_result(exec("update-rc.d #{service} defaults")[:exit_code])
+      elsif uses_emerge?
+        msg.parse_result(exec("rc-update add #{service} default")[:exit_code])
+      # archlinux needs his autostart daemons in /etc/rc.conf, in the DAEMONS line
+      #elsif uses_pacman?
+      else
+        msg.failed
+      end
+    end
+    # invoke 'command' on the service (e.g. @node.service 'postgresql', 'restart')
+    def service(service, command, options={})
+      options = default_options.merge(options)
+      return messages.add("service: '#{service}' unknown", options).failed unless service.is_a? String
+      # try systemd, then upstart, then sysvconfig, then rc.d, then initscript
+      if file_exists? '/bin/systemctl', :quiet => true
+        msg = messages.add("#{command}ing #{service} (via systemd)", options)
+        ret = exec("systemctl #{command} #{service}.service")
+      elsif file_exists? "/etc/init/#{service}", :quiet => true
+        msg = messages.add("#{command}ing #{service} (via upstart)", options)
+        ret = exec("#{command} #{service}")
+      elsif file_exists? '/sbin/service', :quiet => true or file_exists? '/usr/sbin/service', :quiet => true
+        msg = messages.add("#{command}ing #{service} (via sysvconfig)", options)
+        ret = exec("service #{service} #{command}")
+      elsif file_exists? '/usr/sbin/rc.d', :quiet => true
+        msg = messages.add("#{command}ing #{service} (via rc.d)", options)
+        ret = exec("rc.d #{command} #{service}")
+      else
+        msg = messages.add("#{command}ing #{service} (via initscript)", options)
+        ret = exec("/etc/init.d/#{service} #{command}")
+      end
+      msg.parse_result(ret[:exit_code])
+      ret
+    end
+    def restart_service(service, options={})
+      options = default_options.merge(options)
+      service(service, 'restart', options)
+    end
+    def reload_service(service, options={})
+      options = default_options.merge(options)
+      service(service, 'reload', options)
+    end
+    def print_service_status(service, options={})
+      options = default_options.merge(:indent => 0).merge(options)
+      ret = service(service, 'status', options)
+      messages.add('', options).print_output(ret)
+      ret
+    end
+  end
+end

data/lib/dust/server/ssh.rb ADDED

@@ -0,0 +1,182 @@
+require 'net/ssh'
+require 'net/scp'
+require 'net/ssh/proxy/socks5'
+require 'dust/server/file'
+require 'dust/server/osdetect'
+require 'dust/server/package'
+require 'dust/server/selinux'
+module Dust
+  class Server
+    attr_reader :ssh
+    def connect
+      messages.print_hostname_header(@node['hostname']) unless $parallel
+      begin
+        # connect to proxy if given
+        if @node['proxy']
+          host, port = @node['proxy'].split ':'
+          proxy = Net::SSH::Proxy::SOCKS5.new(host, port)
+        else
+          proxy = nil
+        end
+        @ssh = Net::SSH.start @node['fqdn'], @node['user'],
+                              { :password => @node['password'],
+                                :port => @node['port'],
+                                :proxy => proxy }
+      rescue Exception
+        error_message = "coudln't connect to #{@node['fqdn']}"
+        error_message << " (via socks5 proxy #{@node['proxy']})" if proxy
+        messages.add(error_message, :indent => 0).failed
+        return false
+      end
+      true
+    end
+    def disconnect
+      @ssh.close
+    end
+    def exec(command, options={:live => false, :as_user => false})
+      sudo_authenticated = false
+      stdout = ''
+      stderr = ''
+      exit_code = nil
+      exit_signal = nil
+      # prepend a newline, if output is live
+      messages.add("\n", :indent => 0) if options[:live]
+      @ssh.open_channel do |channel|
+        # if :as_user => user is given, execute as user (be aware of ' usage)
+        command = "su #{options[:as_user]} -l -c '#{command}'" if options[:as_user]
+        # request a terminal (sudo needs it)
+        # and prepend "sudo"
+        # command is wrapped in ", escapes " in the command string
+        # and then executed using "sh -c", so that
+        # the use of > < && || | and ; doesn't screw things up
+        if @node['sudo']
+          channel.request_pty
+          command = "sudo -k -- sh -c \"#{command.gsub('"','\\"')}\""
+        end
+        channel.exec command do |ch, success|
+          abort "FAILED: couldn't execute command (ssh.channel.exec)" unless success
+          channel.on_data do |ch, data|
+            # only send password if sudo mode is enabled,
+            # and only send password once in a session (trying to prevent attacks reading out the password)
+            if data =~ /\[sudo\] password for #{@node['user']}/
+              raise 'password requested, but none given in config!' if @node['password'].empty?
+              raise 'already sent password, but sudo requested the password again. (wrong password?)' if sudo_authenticated
+              # we're not authenticated yet, send password
+              channel.send_data "#{@node['password']}\n"
+              sudo_authenticated = true
+            else
+              # skip everything util authenticated (if sudo is used and password given in config)
+              next if @node['sudo'] and not @node['password'].empty? and not sudo_authenticated
+              stdout += data
+              messages.add(data.green, :indent => 0) if options[:live] and not data.empty?
+            end
+          end
+          channel.on_extended_data do |ch, type, data|
+            stderr += data
+            messages.add(data.red, :indent => 0) if options[:live] and not data.empty?
+          end
+          channel.on_request('exit-status') { |ch, data| exit_code = data.read_long }
+          channel.on_request('exit-signal') { |ch, data| exit_signal = data.read_long }
+        end
+      end
+      @ssh.loop
+      # sudo usage provokes a heading newline that's unwanted.
+      stdout.sub! /^(\r\n|\n|\r)/, '' if @node['sudo']
+      { :stdout => stdout, :stderr => stderr, :exit_code => exit_code, :exit_signal => exit_signal }
+    end
+    def scp(source, destination, options={})
+      options = default_options.merge(options)
+      # make sure scp is installed on client
+      install_package('openssh-clients', :quiet => true) if uses_rpm?
+      msg = messages.add("deploying #{File.basename source}", options)
+      # check if destination is a directory
+      is_dir = dir_exists?(destination, :quiet => true)
+      # save permissions if the file already exists
+      ret = exec("stat -c %a:%u:%g #{destination}")
+      if ret[:exit_code] == 0 and not is_dir
+        permissions, user, group = ret[:stdout].chomp.split(':')
+      else
+        # files = 644, dirs = 755
+        permissions = 'ug-x,o-wx,u=rwX,g=rX,o=rX'
+        user = 'root'
+        group = 'root'
+      end
+      # if in sudo mode, copy file to temporary place, then move using sudo
+      if @node['sudo']
+        tmpdir = mktemp(:type => 'directory')
+        return msg.failed('could not create temporary directory (needed for sudo)') unless tmpdir
+        # temporary destination in tmpdir
+        tmpdest = "#{tmpdir}/#{File.basename(destination)}"
+        # allow user to write file without sudo (for scp)
+        # then change file back to root, and copy to the destination
+        chown(@node['user'], tmpdir, :quiet => true)
+        @ssh.scp.upload!(source, tmpdest, :recursive => true)
+        # set file permissions
+        chown("#{user}:#{group}", tmpdest, :quiet => true) if user and group
+        chmod(permissions, tmpdest, :quiet => true)
+        # if destination is a directory, append real filename
+        destination = "#{destination}/#{File.basename(source)}" if is_dir
+        # move the file from the temporary location to where it actually belongs
+        msg.parse_result(exec("mv -f #{tmpdest} #{destination}")[:exit_code])
+        # remove temporary directory
+        rm(tmpdir, :quiet => true)
+      else
+        @ssh.scp.upload!(source, destination, :recursive => true)
+        msg.ok
+        # set file permissions
+        chown("#{user}:#{group}", destination, :quiet => true) if user and group
+        chmod(permissions, destination, :quiet => true)
+      end
+      restorecon(destination, options) # restore SELinux labels
+    end
+    # download a file (sudo not yet supported)
+    def download(source, destination, options={})
+      options = default_options.merge(options)
+      # make sure scp is installed on client
+      install_package('openssh-clients', :quiet => true) if uses_rpm?
+      msg = messages.add("downloading #{File.basename source}", options)
+      msg.parse_result(@ssh.scp.download!(source, destination))
+    end
+  end
+end

data/lib/dust/server/user.rb ADDED

@@ -0,0 +1,117 @@
+require 'dust/server/ssh'
+require 'dust/server/selinux'
+module Dust
+  class Server
+    def get_system_users(options={})
+      options = default_options.merge(options)
+      msg = messages.add("getting all system users", options)
+      ret = exec 'getent passwd |cut -d: -f1'
+      msg.parse_result(ret[:exit_code])
+      users = []
+      ret[:stdout].each do |user|
+        users.push(user.chomp)
+      end
+      users
+    end
+    # check whether a user exists on this node
+    def user_exists? user, options={}
+      options = default_options.merge(options)
+      msg = messages.add("checking if user #{user} exists", options)
+      msg.parse_result(exec("id #{user}")[:exit_code])
+    end
+    # manages users (create, modify)
+    def manage_user(user, options={})
+      options = default_options.merge(options)
+      options = { 'home' => nil, 'shell' => nil, 'uid' => nil, 'remove' => false,
+                  'gid' => nil, 'groups' => nil, 'system' => false }.merge(options)
+      # delete user from system
+      if options['remove']
+        if user_exists?(user, :quiet => true)
+           msg = messages.add("deleting user #{user} from system", { :indent => options[:indent] }.merge(options))
+           return msg.parse_result(exec("userdel --remove #{user}")[:exit_code])
+        end
+        return messages.add("user #{user} not present in system", options).ok
+      end
+      if user_exists?(user, :quiet => true)
+        args  = ""
+        args << " --move-home --home #{options['home']}" if options['home']
+        args << " --shell #{options['shell']}" if options['shell']
+        args << " --uid #{options['uid']}" if options['uid']
+        args << " --gid #{options['gid']}" if options['gid']
+        args << " --append --groups #{Array(options['groups']).join(',')}" if options['groups']
+        if args.empty?
+          ret = messages.add("user #{user} already set up correctly", options).ok
+        else
+          msg = messages.add("modifying user #{user}", { :indent => options[:indent] }.merge(options))
+          ret = msg.parse_result(exec("usermod #{args} #{user}")[:exit_code])
+        end
+      else
+        args =  ""
+        args =  "--create-home" unless options['system']
+        args << " --system" if options['system']
+        args << " --home #{options['home']}" if options['home'] and not options['system']
+        args << " --shell #{options['shell']}" if options['shell']
+        args << " --uid #{options['uid']}" if options['uid']
+        args << " --gid #{options['gid']}" if options['gid']
+        args << " --groups #{Array(options['groups']).join(',')}" if options['groups']
+        msg = messages.add("creating user #{user}", { :indent => options[:indent] }.merge(options))
+        ret = msg.parse_result(exec("useradd #{user} #{args}")[:exit_code])
+      end
+      # set selinux permissions
+      chcon({ 'type' => 'user_home_dir_t' }, get_home(user), options)
+      return ret
+    end
+    # returns the home directory of this user
+    def get_home(user, options={})
+      options = default_options(:quiet => true).merge(options)
+      msg = messages.add("getting home directory of #{user}", options)
+      ret = exec("getent passwd |cut -d':' -f1,6 |grep '^#{user}' |head -n1 |cut -d: -f2")
+      if msg.parse_result(ret[:exit_code]) and not ret[:stdout].chomp.empty?
+        return ret[:stdout].chomp
+      else
+        return false
+      end
+    end
+    # returns shell of this user
+    def get_shell(user, options={})
+      options = default_options(:quiet => true).merge(options)
+      msg = messages.add("getting shell of #{user}", options)
+      ret = exec("getent passwd |cut -d':' -f1,7 |grep '^#{user}' |head -n1 |cut -d: -f2")
+      if msg.parse_result(ret[:exit_code])
+        return ret[:stdout].chomp
+      else
+        return false
+      end
+    end
+    # returns primary group id of this user
+    def get_gid(user, options={})
+      options = default_options(:quiet => true).merge(options)
+      msg = messages.add("getting primary gid of #{user}", options)
+      ret = exec("id -g #{user}")
+      if msg.parse_result(ret[:exit_code])
+        return ret[:stdout].chomp
+      else
+        return false
+      end
+    end
+  end
+end

data/lib/dust/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Dust
-  VERSION = "0.16.4"
+  VERSION = "0.16.5"
 end

metadata CHANGED

@@ -1,126 +1,111 @@
 --- !ruby/object:Gem::Specification
 name: dust-deploy
 version: !ruby/object:Gem::Version
-  version: 0.16.4
-  prerelease:
+  version: 0.16.5
 platform: ruby
 authors:
 - kris kechagia
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-11-04 00:00:00.000000000 Z
+date: 2013-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: net-ssh
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: net-scp
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: net-sftp
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: ipaddress
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: colorize
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: when puppet and chef suck because you want to be in control and sprinkle
@@ -205,29 +190,37 @@ files:
 - lib/dust/recipes/zabbix_agent.rb
 - lib/dust/runner.rb
 - lib/dust/server.rb
+- lib/dust/server/facter.rb
+- lib/dust/server/file.rb
+- lib/dust/server/osdetect.rb
+- lib/dust/server/package.rb
+- lib/dust/server/selinux.rb
+- lib/dust/server/service.rb
+- lib/dust/server/ssh.rb
+- lib/dust/server/user.rb
 - lib/dust/version.rb
-homepage: ''
-licenses: []
+homepage: https://github.com/kechagia/dust-deploy
+licenses:
+- GPLv3
+metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: dust-deploy
-rubygems_version: 1.8.23
+rubygems_version: 2.0.0
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: small server deployment tool for complex environments
 test_files: []