dust-deploy 0.14.1 → 0.15.0

data/changelog.md

@@ -1,6 +1,21 @@
 Changelog
 =============
 
+0.15.0
+------------
+
+-  node.create_user -> node.migrate_user (supports now more options, make sure to migrate from :home -> 'home' if you use options
+-  introduces users recipe
+-  removes ssh_authorized_keys in favor of new users recipe (migrate your .yaml files!)
+
+    recipes:
+      users:
+        myuser: { ssh_keys: kk, chmod: 0750, authorized_keys: [ user1, user2 ] }
+        deploy: { shell: /bin/bash, home: /var/www, ssh_keys: deploy, skel: deploy }
+        daemon: { system: true }
+        unwanted_user: { remove: true }
+
+
 0.14.1
 ------------
 

data/lib/dust/recipes/chrony.rb

@@ -9,7 +9,7 @@ class Chrony < Recipe
     end
 
     # install package
-    @node.install_package('chrony')
+    return false unless @node.install_package('chrony')
 
     # set config file and service name according to distribution used
     if @node.uses_apt?
@@ -52,9 +52,9 @@ class Chrony < Recipe
       'logdir' => '/var/log/chrony',
       'logchange' => 0.5,
       'maxupdateskew' => 100.0,       # Stop bad estimates upsetting machine clock.
-      'dumponexit' => '',             # Dump measurements when daemon exits.
-      'dumpdir' => '/var/lib/chrony',
-      'rtconutc' => ''                # CMOS clock is on UTC (GMT)
+#      'dumponexit' => '',             # Dump measurements when daemon exits.
+#      'dumpdir' => '/var/lib/chrony',
+#      'rtconutc' => ''                # CMOS clock is on UTC (GMT)
     }
 
     if @node.uses_rpm?

data/lib/dust/recipes/cjdroute.rb

@@ -11,21 +11,23 @@ class Cjdroute< Recipe
 
     # clean up building directory, if --restart is given
     # using --restart, since there's no --cleanup
-    return unless make_clean if @options.restart?
+    # return unless make_clean if @options.restart?
 
     # compiling action
     return unless run_make
 
-    stop_cjdroute
-
-    # copy binary
-    return unless @node.mkdir @config['bin_dir']
-    return unless @node.cp "#{@config['build_dir']}/build/cjdroute", "#{@config['bin_dir']}/cjdroute"
-
     # create the config file and place it into etc_dir
     return unless generate_config
 
-    start_cjdroute
+    if options.restart?
+      stop_cjdroute
+
+      # copy binary
+      return unless @node.mkdir @config['bin_dir']
+      return unless @node.cp "#{@config['build_dir']}/build/cjdroute", "#{@config['bin_dir']}/cjdroute"
+
+      start_cjdroute
+    end
   end
 
 

data/lib/dust/recipes/users.rb

@@ -0,0 +1,75 @@
+class Users < Recipe
+
+  desc 'users:deploy', 'creates users and user settings (incl. ssh keys)'
+  def deploy
+    @config.each do |user, options|
+      # just create the user, without any arguments
+      options = {} if options.nil? or options.is_a? TrueClass
+      next unless @node.manage_user(user, options)
+
+      # don't deploy anything if the user just has been removed
+      unless options['remove']
+        deploy_ssh_keys(user, options['ssh_keys']) if options['ssh_keys']
+        deploy_authorized_keys(user, options['authorized_keys']) if options['authorized_keys']
+      end
+   end
+  end
+
+
+  private
+
+  # deploys ssh keys to users homedir
+  def deploy_ssh_keys(user, key_dir)
+    ssh_dir = create_ssh_dir(user)
+    @node.messages.add("deploying ssh keys for #{user}\n")
+
+    Dir["#{@template_path}/#{key_dir}/*"].each do |file|
+      destination = "#{ssh_dir}/#{File.basename(file)}"
+      @node.scp(file, destination, :indent => 2)
+      @node.chown("#{user}:#{user}", destination)
+
+      # chmod private key
+      if File.basename(file) =~ /^(id_rsa|id_dsa|id_ecdsa)$/
+        msg = @node.messages.add('setting private key access to 0600', :indent => 3)
+        msg.parse_result(@node.chmod('0600', destination, :quiet => true))
+      end
+    end
+  end
+
+  # generates and deploy authorized_keys to users homedir
+  def deploy_authorized_keys(user, ssh_users)
+    @node.messages.add("generating authorized_keys for #{user}\n")
+    ssh_dir = create_ssh_dir(user)
+    authorized_keys = generate_authorized_keys(ssh_users)
+    @node.write("#{ssh_dir}/authorized_keys", authorized_keys)
+    @node.chown("#{user}:#{user}", "#{ssh_dir}/authorized_keys")
+  end
+
+  def create_ssh_dir(user)
+    ssh_dir = @node.get_home(user) + '/.ssh'
+    @node.mkdir(ssh_dir)
+    @node.chown("#{user}:#{user}", ssh_dir)
+    ssh_dir
+  end
+
+  def generate_authorized_keys(ssh_users)
+    # load users and their ssh keys from yaml file
+    users = YAML.load_file("#{@template_path}/public_keys.yaml")
+    authorized_keys = ''
+
+    # create the authorized_keys hash for this user
+    ssh_users.to_array.each do |ssh_user|
+      users[ssh_user]['name'] ||= ssh_user
+      msg = @node.messages.add("adding user #{users[ssh_user]['name']}", :indent => 2)
+      users[ssh_user]['keys'].each do |key|
+        authorized_keys << "#{key}"
+        authorized_keys << " #{users[ssh_user]['name']}" if users[ssh_user]['name']
+        authorized_keys << " <#{users[ssh_user]['email']}>" if users[ssh_user]['email']
+        authorized_keys << "\n"
+      end
+      msg.ok
+    end
+
+    authorized_keys
+  end
+end

data/lib/dust/server.rb

@@ -713,19 +713,48 @@ module Dust
       msg.parse_result(exec("id #{user}")[:exit_code])
     end
 
-    # create a user
-    def create_user user, options = {}
-      options = default_options.merge options
-      options[:home] ||= nil
-      options[:shell] ||= nil
+    # manages users (create, modify)
+    def manage_user(user, options = {})
+      options = default_options.merge(options)
+      options = { 'home' => nil, 'shell' => nil, 'uid' => nil, 'remove' => false,
+                  'gid' => nil, 'groups' => nil, 'system' => false }.merge(options)
+
+      # delete user from system
+      if options['remove']
+        if user_exists?(user, :quiet => true)
+           msg = messages.add("deleting user #{user} from system", :indent => options[:indent])
+           return msg.parse_result(exec("userdel --remove #{user}")[:exit_code])
+        end
+
+        return messages.add("user #{user} not present in system").ok
+      end
 
-      return true if user_exists? user, options
+      if user_exists?(user, :quiet => true)
+        args  = ""
+        args << " --move-home --home #{options['home']}" if options['home']
+        args << " --shell #{options['shell']}" if options['shell']
+        args << " --uid #{options['uid']}" if options['uid']
+        args << " --gid #{options['gid']}" if options['gid']
+        args << " --append --groups #{Array(options['groups']).join(',')}" if options['groups']
+
+        unless args.empty?
+          msg = messages.add("modifying user #{user}", :indent => options[:indent])
+          return msg.parse_result(exec("usermod #{user} #{args}")[:exit_code])
+        end
 
-      msg = messages.add("creating user #{user}", :indent => options[:indent])
-      cmd = "useradd #{user} -m"
-      cmd += " -d #{options[:home]}" if options[:home]
-      cmd += " -s #{options[:shell]}" if options[:shell]
-      msg.parse_result(exec(cmd)[:exit_code])
+      else
+        args =  ""
+        args =  "--create-home" unless options['system']
+        args << " --system" if options['system']
+        args << " --home #{options['home']}" if options['home'] and not options['system']
+        args << " --shell #{options['shell']}" if options['shell']
+        args << " --uid #{options['uid']}" if options['uid']
+        args << " --gid #{options['gid']}" if options['gid']
+        args << " --groups #{Array(options['groups']).join(',')}" if options['groups']
+
+        msg = messages.add("creating user #{user}", :indent => options[:indent])
+        return msg.parse_result(exec("useradd #{user} #{args}")[:exit_code])
+      end
     end
 
     # returns the home directory of this user

data/lib/dust/version.rb

@@ -1,3 +1,3 @@
 module Dust
-  VERSION = "0.14.1"
+  VERSION = "0.15.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dust-deploy
 version: !ruby/object:Gem::Version
-  version: 0.14.1
+  version: 0.15.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-07-24 00:00:00.000000000 Z
+date: 2012-07-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -199,11 +199,11 @@ files:
 - lib/dust/recipes/resolv_conf.rb
 - lib/dust/recipes/ruby_rvm.rb
 - lib/dust/recipes/skel.rb
-- lib/dust/recipes/ssh_authorized_keys.rb
 - lib/dust/recipes/ssh_config.rb
 - lib/dust/recipes/sshd.rb
 - lib/dust/recipes/sudoers.rb
 - lib/dust/recipes/sysctl.rb
+- lib/dust/recipes/users.rb
 - lib/dust/recipes/zabbix_agent.rb
 - lib/dust/runner.rb
 - lib/dust/server.rb

data/lib/dust/recipes/ssh_authorized_keys.rb

@@ -1,69 +0,0 @@
-require 'yaml'
-
-class SshAuthorizedKeys < Recipe
-  desc 'ssh_authorized_keys:deploy', 'configures ssh authorized_keys'
-  def deploy
-
-    @config.each do |remote_user, ssh_users|
-      @node.messages.add("generating authorized_keys for #{remote_user}\n")
-      authorized_keys = generate_authorized_keys ssh_users
-      deploy_authorized_keys remote_user, authorized_keys
-    end
-  end
-  
-  
-  private
-
-  def generate_authorized_keys ssh_users
-    # load users and their ssh keys from yaml file
-    users = YAML.load_file "#{@template_path}/users.yaml"    
-    authorized_keys = ''
-    
-    # create the authorized_keys hash for this user
-    ssh_users.to_array.each do |ssh_user|
-      users[ssh_user]['name'] ||= ssh_user
-      msg = @node.messages.add("adding user #{users[ssh_user]['name']}", :indent => 2)
-      users[ssh_user]['keys'].each do |key|
-        authorized_keys << "#{key}"
-        authorized_keys << " #{users[ssh_user]['name']}" if users[ssh_user]['name']
-        authorized_keys << " <#{users[ssh_user]['email']}>" if users[ssh_user]['email']
-        authorized_keys << "\n"
-      end
-      msg.ok
-    end
-
-    authorized_keys    
-  end
-  
-  # deploy the authorized_keys file for this user
-  # creating user if not existent
-  def deploy_authorized_keys user, authorized_keys
-    # create user, if not existent
-    return unless @node.create_user user
-    
-    home = @node.get_home user
-    # check and create necessary directories
-    return unless @node.mkdir("#{home}/.ssh")
-    
-    # deploy authorized_keys
-    return unless @node.write "#{home}/.ssh/authorized_keys", authorized_keys
-    
-    # check permissions
-    @node.chown "#{user}:#{user}", "#{home}/.ssh"
-  end
-  
-  # remove authorized_keys files for all other users  
-  # TODO: add this option  
-  def cleanup
-    if options.cleanup?
-      @node.messages.add("deleting other authorized_keys files\n")
-      @node.get_system_users(:quiet => true).each do |user|
-        next if users.keys.include? user
-        home = @node.get_home user
-        if @node.file_exists? "#{home}/.ssh/authorized_keys", :quiet => true
-          @node.rm "#{home}/.ssh/authorized_keys", :indent => 2
-        end
-      end
-    end
-  end
-end