dust-deploy 0.15.2 → 0.16.0

data/changelog.md

@@ -1,6 +1,36 @@
 Changelog
 =============
 
+0.16.0
+------------
+
+-  fixes an issue where the user was set to the sudo user when using node.scp, now defaults to root:root
+-  updates and fixes for cjdroute recipe
+-  adds node.selinuxenabled? and node.chcon
+-  users recipe now changes selinux content of home and ssh dirs
+-  improves motd recipe, now supports update-motd as well. there are three possible ways of maintaining the motd now:
+   using a motd string in the config file, and static file or a ERB template file. for more information see:
+   https://github.com/kechagia/dust-deploy/wiki/motd
+
+-  introduces node.get_gid()
+-  users recipe now chowns to primary gid
+-  users recipe now checks if public_keys.yaml and the requested user is actually present
+-  removes the leading 10- from sysctl.d files, so they can be set individually if needed
+-  sysctl recipe only applies rules directly if --restart is given
+-  also enables support for multiple files, please migrate
+
+    recipes:
+      # old (deprecated)
+      sysctl:
+        key: value
+     
+      sysctl:
+        # new
+        name:
+          key: value
+        othername: { key: value }
+
+
 0.15.2
 ------------
 

data/lib/dust/messaging.rb

@@ -45,6 +45,9 @@ module Dust
         l = [ 'warning', 'failed' ]
       when 'failed'
         l = [ 'failed' ]
+      else
+        puts "WARNING: unknown error level '#{level}', using 'all'".yellow
+        l = [ 'none', 'ok', 'warning', 'failed' ]
       end
 
       errors = {}

data/lib/dust/recipes/cjdroute.rb

@@ -9,10 +9,6 @@ class Cjdroute< Recipe
     return unless install_dependencies
     return unless get_latest_version
 
-    # clean up building directory, if --restart is given
-    # using --restart, since there's no --cleanup
-    # return unless make_clean if @options.restart?
-
     # compiling action
     return unless run_make
 
@@ -23,8 +19,8 @@ class Cjdroute< Recipe
       stop_cjdroute
 
       # copy binary
-      return unless @node.mkdir @config['bin_dir']
-      return unless @node.cp "#{@config['build_dir']}/build/cjdroute", "#{@config['bin_dir']}/cjdroute"
+      return unless @node.mkdir(@config['bin_dir'])
+      return unless @node.cp("#{@config['build_dir']}/cjdroute", "#{@config['bin_dir']}/cjdroute")
 
       start_cjdroute
     end
@@ -103,23 +99,23 @@ class Cjdroute< Recipe
   def install_dependencies
     @node.messages.add("installing build dependencies\n")
 
-    return false unless @node.install_package 'cmake', :indent => 2
+    return false unless @node.install_package('cmake', :indent => 2)
 
     # check cmake version
-    ret = @node.exec 'cmake --version'
+    ret = @node.exec('cmake --version')
     ver = ret[:stdout].match(/2.[0-9]/)[0].to_f
     return @node.messages.add('cjdroute requires cmake 2.8 or higher').failed if ver < 2.8
 
 
     if @node.uses_apt?
-      return false unless @node.install_package 'git-core', :indent => 2
-      return false unless @node.install_package 'build-essential', :indent => 2
-      return false unless @node.install_package 'psmisc', :indent => 2
-      return false unless @node.install_package 'coreutils', :indent => 2
+      return false unless @node.install_package('git-core', :indent => 2)
+      return false unless @node.install_package('build-essential', :indent => 2)
+      return false unless @node.install_package('psmisc', :indent => 2)
+      return false unless @node.install_package('coreutils', :indent => 2)
     else
-      return false unless @node.install_package 'git', :indent => 2
-      return false unless @node.install_package 'gcc', :indent => 2
-      return false unless @node.install_package 'make', :indent => 2
+      return false unless @node.install_package('git', :indent => 2)
+      return false unless @node.install_package('gcc', :indent => 2)
+      return false unless @node.install_package('make', :indent => 2)
     end
 
     true
@@ -127,10 +123,10 @@ class Cjdroute< Recipe
 
   # gets/updates latest version from cjdns git repository
   def get_latest_version
-    if @node.dir_exists? @config['build_dir'], :quiet => true
+    if @node.dir_exists?(@config['build_dir'], :quiet => true)
 
       # check if build directory is maintained by git
-      unless @node.dir_exists? "#{@config['build_dir']}/.git", :quiet => true
+      unless @node.dir_exists?("#{@config['build_dir']}/.git", :quiet => true)
         return @node.messages.add("#{@config['build_dir']} doesn't appear to be a git repository").failed
       end
 
@@ -145,7 +141,7 @@ class Cjdroute< Recipe
 
     else
       # create build directory
-      unless @node.mkdir @config['build_dir']
+      unless @node.mkdir(@config['build_dir'])
         return @node.messages.add("couldn't create build directory #{@config['build_dir']}").failed
       end
 
@@ -164,12 +160,6 @@ class Cjdroute< Recipe
     true
   end
 
-  # remove and recreate building directory
-  def make_clean
-    msg = @node.messages.add('cleaning up')
-    msg.parse_result(@node.exec("rm -rf #{@config['build_dir']}/build")[:exit_code])
-  end
-
   def run_make
     msg = @node.messages.add('compiling cjdns')
     msg.parse_result(@node.exec("export Log_LEVEL=#{@config['loglevel']}; cd #{@config['build_dir']}; ./do", :live => true)[:exit_code])
@@ -183,11 +173,11 @@ class Cjdroute< Recipe
     end
 
     msg = @node.messages.add('generating config file')
-    ret = @node.exec("#{@config['bin_dir']}/cjdroute --genconf")
+    ret = @node.exec("#{@config['build_dir']}/cjdroute --genconf")
     return false unless msg.parse_result(ret[:exit_code])
 
     # parse generated json
-    cjdroute_conf = JSON.parse ret[:stdout]
+    cjdroute_conf = JSON.parse(ret[:stdout])
 
     # add some public peers, so we can get started directly
     msg = @node.messages.add('adding public peers', :indent => 2)
@@ -197,8 +187,8 @@ class Cjdroute< Recipe
     # exchange tun0 with configured tun device
     cjdroute_conf['router']['interface']['tunDevice'] = @config['tun']
 
-    return false unless @node.mkdir @config['etc_dir']
-    return @node.write "#{@config['etc_dir']}/cjdroute.conf", JSON.pretty_generate(cjdroute_conf)
+    return false unless @node.mkdir(@config['etc_dir'])
+    return @node.write("#{@config['etc_dir']}/cjdroute.conf", JSON.pretty_generate(cjdroute_conf))
   end
 
   # kill any cjdroute processes that might be running

data/lib/dust/recipes/motd.rb

@@ -1,7 +1,41 @@
+require 'erb'
+
 class Motd < Recipe
   desc 'motd:deploy', 'creates message of the day'
-  def deploy    
-    @node.deploy_file "#{@template_path}/motd", '/etc/motd', :binding => binding
+  def deploy
+    return @node.messages.add('no motd or motd template given') unless @config.is_a? String
+
+    file = "#{@template_path}/#{@config}"
+
+    # use the file, or file.erb if present
+    # if not, use the given string
+    if File.exists?(file)
+      @node.messages.add("found static motd file '#{File.basename(file)}'").ok
+      message = File.read(file)
+    elsif File.exists?(file + '.erb')
+      @node.messages.add("found template motd file '#{File.basename(file)}.erb'").ok
+      message = ERB.new(File.read(file + '.erb'), nil, '%<>').result(binding)
+    else
+      @node.messages.add("found motd string in config file").ok
+      message = ERB.new(@config, nil, '%<>').result(binding)
+    end
+
+    # check if /etc/update-motd.d is present
+    if @node.dir_exists?('/etc/update-motd.d', :quiet => true)
+      file = '/etc/update-motd.d/50-dust'
+      msg = @node.messages.add("update-motd was found, deploying motd to #{file}")
+
+      # create a simple shellscript that echos the motd, and deploy it
+      msg.parse_result(@node.write(file, shellscriptify(message), :quiet => true))
+
+      # since we've deployed a shellscript, make it executeable
+      @node.chmod('0755', file)
+
+    # not using update-motd, simply modify /etc/motd
+    else
+      msg = @node.messages.add('deploying message of the day directly to /etc/motd')
+      msg.parse_result(@node.write('/etc/motd', message, :quiet => true))
+    end
   end
   
   desc 'motd:status', 'shows current message of the day'
@@ -9,6 +43,14 @@ class Motd < Recipe
     msg = @node.messages.add('getting /etc/motd')
     ret = @node.exec 'cat /etc/motd'
     msg.parse_result(ret[:exit_code])
-    msg.print_output(ret)
-  end  
+    msg.parse_output(ret)
+  end
+
+
+  private
+
+  # creates a shellscript echoing string
+  def shellscriptify(string)
+    "#!/bin/sh\n\ncat <<EOF\n#{string}\nEOF\n"
+  end
 end

data/lib/dust/recipes/postgres.rb

@@ -20,25 +20,25 @@ class Postgres < Recipe
     set_permissions
 
     # configure pacemaker profile
-    if @config['profile'].to_array.include? 'pacemaker'
-      deploy_pacemaker_script if @node.package_installed? 'pacemaker'
+    if @config['profile'].to_array.include?('pacemaker')
+      deploy_pacemaker_script if @node.package_installed?('pacemaker')
     end
 
     # configure zabbix profile
-    if @config['profile'].to_array.include? 'zabbix'
+    if @config['profile'].to_array.include?('zabbix')
       configure_for_zabbix if zabbix_installed?
     end
 
     # reload/restart postgres if command line option is given
-    @node.restart_service @config['service_name'] if options.restart?
-    @node.reload_service @config['service_name'] if options.reload?
+    @node.restart_service(@config['service_name']) if options.restart?
+    @node.reload_service(@config['service_name']) if options.reload?
   end
 
   desc 'postgres:status', 'displays status of postgres cluster'
   def status
-    return unless @node.package_installed? [ 'postgresql-server', "postgresql-#{@config['version']}" ]
+    return unless @node.package_installed?([ 'postgresql-server', "postgresql-#{@config['version']}" ])
     set_default_directories
-    @node.print_service_status @config['service_name']
+    @node.print_service_status(@config['service_name'])
   end
 
 
@@ -55,7 +55,7 @@ class Postgres < Recipe
       return @node.messages.add('os not supported, please specify "package: <package name>" in your config').failed
     end
 
-    @node.install_package package
+    @node.install_package(package)
   end
 
   # set conf-dir and data-dir as well as service-name
@@ -85,25 +85,30 @@ class Postgres < Recipe
 
   # deploy postgresql.conf, pg_hba.conf and pg_ident.conf
   def deploy_config
-    @node.write "#{@config['conf_directory']}/postgresql.conf", generate_postgresql_conf
-    @node.write "#{@config['conf_directory']}/pg_hba.conf", generate_pg_hba_conf
-    @node.write "#{@config['conf_directory']}/pg_ident.conf", generate_pg_ident_conf
+    @node.write("#{@config['conf_directory']}/postgresql.conf", generate_postgresql_conf)
+    @node.write("#{@config['conf_directory']}/pg_hba.conf", generate_pg_hba_conf)
+    @node.write( "#{@config['conf_directory']}/pg_ident.conf", generate_pg_ident_conf)
   end
 
   # copy recovery.conf to either recovery.conf or recovery.done
   # depending on which file already exists.
   def deploy_recovery
-    if @node.file_exists? "#{@config['postgresql.conf']['data_directory']}/recovery.conf", :quiet => true
-      @node.write "#{@config['postgresql.conf']['data_directory']}/recovery.conf", generate_recovery_conf
+    if @node.file_exists?("#{@config['postgresql.conf']['data_directory']}/recovery.conf", :quiet => true)
+      @node.write("#{@config['postgresql.conf']['data_directory']}/recovery.conf", generate_recovery_conf)
     else
-      @node.write "#{@config['postgresql.conf']['data_directory']}/recovery.done", generate_recovery_conf
+      @node.write("#{@config['postgresql.conf']['data_directory']}/recovery.done", generate_recovery_conf)
     end
   end
 
   # deploy certificates to data-dir
   def deploy_certificates
-    @node.deploy_file "#{@template_path}/#{@config['server.crt']}", "#{@config['postgresql.conf']['data_directory']}/server.crt", :binding => binding
-    @node.deploy_file "#{@template_path}/#{@config['server.key']}", "#{@config['postgresql.conf']['data_directory']}/server.key", :binding => binding
+    @node.deploy_file("#{@template_path}/#{@config['server.crt']}",
+                      "#{@config['postgresql.conf']['data_directory']}/server.crt",
+                      :binding => binding)
+
+    @node.deploy_file("#{@template_path}/#{@config['server.key']}",
+                      "#{@config['postgresql.conf']['data_directory']}/server.key",
+                      :binding => binding)
   end
 
   # default settings for postgresql.conf
@@ -122,10 +127,10 @@ class Postgres < Recipe
 
   def generate_postgresql_conf
     @config['postgresql.conf'] ||= {}
-    @config['postgresql.conf'] = default_postgres_conf.merge @config['postgresql.conf']
+    @config['postgresql.conf'] = default_postgres_conf.merge(@config['postgresql.conf'])
 
     # calculate values if dedicated profile is given
-    profile_dedicated if @config['profile'].to_array.include? 'dedicated'
+    profile_dedicated if @config['profile'].to_array.include?('dedicated')
 
     postgresql_conf = ''
     @config['postgresql.conf'].each do |key, value|
@@ -150,18 +155,18 @@ class Postgres < Recipe
 
   def generate_pg_hba_conf
     @config['pg_hba.conf'] ||= [ 'local   all         postgres                trust' ]
-    @config['pg_hba.conf'].join "\n"
+    @config['pg_hba.conf'].join("\n")
   end
 
   def generate_pg_ident_conf
     @config['pg_ident.conf'] ||= []
-    @config['pg_ident.conf'].join "\n"
+    @config['pg_ident.conf'].join("\n")
   end
 
   # try to find good values (but don't overwrite if set in config file) for
   # shared_buffers, work_mem and maintenance_work_mem, effective_cache_size and wal_buffers
   def profile_dedicated
-    @node.collect_facts :quiet => true
+    @node.collect_facts(:quiet => true)
     system_mem = ::Dust.convert_size(@node['memorysize']).to_f
 
     msg = @node.messages.add("calculating recommended settings for a dedicated databse server with #{kb2mb system_mem} ram\n")
@@ -198,22 +203,24 @@ class Postgres < Recipe
 
   # give the configured dbuser the data_directory
   def set_permissions
-    @node.chown @config['dbuser'], @config['postgresql.conf']['data_directory'] if @config['dbuser']
-    @node.chmod 'u+Xrw,g-rwx,o-rwx', @config['postgresql.conf']['data_directory']
+    if @config['dbuser']
+      @node.chown("#{@config['dbuser']}:#{@node.get_gid(@config['dbuser'])}", @config['postgresql.conf']['data_directory'])
+    end
+    @node.chmod('u+Xrw,g-rwx,o-rwx', @config['postgresql.conf']['data_directory'])
   end
 
   # deploy the pacemaker script
   def deploy_pacemaker_script
-    @node.deploy_file "#{@template_path}/pacemaker.sh", "#{@config['conf_directory']}/pacemaker.sh", :binding => binding
-    @node.chmod '755', "#{@config['conf_directory']}/pacemaker.sh"
+    @node.deploy_file("#{@template_path}/pacemaker.sh", "#{@config['conf_directory']}/pacemaker.sh", :binding => binding)
+    @node.chmod('755', "#{@config['conf_directory']}/pacemaker.sh")
   end
 
   # check if zabbix is installed
   def zabbix_installed?
     if @node.uses_emerge?
-      return @node.package_installed? 'zabbix', :quiet => true
+      return @node.package_installed?('zabbix', :quiet => true)
     else
-      return @node.package_installed? 'zabbix-agent', :quiet => true
+      return @node.package_installed?('zabbix-agent', :quiet => true)
     end
   end
 
@@ -225,7 +232,7 @@ class Postgres < Recipe
     msg = @node.messages.add('adding zabbix user to postgres group', :indent => 2)
     msg.parse_result(@node.exec('usermod -a -G postgres zabbix')[:exit_code])
 
-    if is_master? :indent => 2
+    if is_master?(:indent => 2)
       msg = @node.messages.add('checking if zabbix user exists in postgres', :indent => 3)
       ret = msg.parse_result(@node.exec('psql -U postgres -c ' +
                                            '  "SELECT usename FROM pg_user WHERE usename = \'zabbix\'"' +
@@ -243,9 +250,9 @@ class Postgres < Recipe
   end
 
   # checks if this server is a postgres master
-  def is_master? options = {}
+  def is_master?(options = {})
     msg = @node.messages.add('checking if this host is the postgres master: ', options)
-    if @node.file_exists? "#{@config['postgresql.conf']['data_directory']}/recovery.done", :quiet => true
+    if @node.file_exists?("#{@config['postgresql.conf']['data_directory']}/recovery.done", :quiet => true)
       msg.ok('yes')
       return true
       else

data/lib/dust/recipes/sudoers.rb

@@ -33,17 +33,22 @@ class Sudoers < Recipe
   private
   
   def remove_other_rules
-    @node.messages.add("deleting old rules\n")
+    msg = @node.messages.add("removing non-dust rules\n")
     ret = @node.exec('ls /etc/sudoers.d/* |cat')
     if ret[:exit_code] != 0
       return @node.messages.add('couldn\'t get installed rule list, skipping deletion of old rules').warning
     end
 
-    # delete file if not in config
+    # get unmaintained rules
+    old_rules = []
     ret[:stdout].each_line do |file|
       file.chomp!
-      @node.rm(file, :indent => 2) unless @config.keys.include?(File.basename(file))
+      old_rules << file unless @config.keys.include?(File.basename(file))
     end
+
+    # delete old rules, or display message that none were found
+    old_rules.each { |file| @node.rm(file, :indent => 2) }
+    @node.messages.add('none found', :indent => 2).ok if old_rules.empty?
   end
   
   def deploy_rule(name, file)

data/lib/dust/recipes/sysctl.rb

@@ -2,13 +2,13 @@ class Sysctl < Recipe
   desc 'sysctl:deploy', 'configures sysctl'
   def deploy
     # we need support for /etc/sysctl.d/
-    unless @node.dir_exists? '/etc/sysctl.d/'
+    unless @node.dir_exists?('/etc/sysctl.d/')
       return @node.messages.add('sysctl configuration not supported for your linux distribution').warning
     end
 
     # seperate templates from sysctls
     sysctls = @config.clone
-    templates = sysctls.delete 'templates'
+    templates = sysctls.delete('templates')
 
     # apply template sysctls
     if templates
@@ -18,24 +18,46 @@ class Sysctl < Recipe
       end
     end
 
-    # apply plain sysctls
-    @node.messages.add("configuring plain sysctls\n")
-    apply 'dust', sysctls
+    # apply sysctls
+    sysctls.each do |name, keys|
+      @node.messages.add("configuring sysctls (#{name})\n")
+      apply(name, keys)
+    end
+
+    # don't remove other rules for now
+    # remove_other_rules(sysctls.keys)
   end
 
 
   private
 
-  def apply name, sysctl
+  def apply(name, sysctl)
     sysctl_conf = ''
     sysctl.each do |key, value|
-      msg = @node.messages.add("setting #{key} = #{value}", :indent => 2)
-      msg.parse_result(@node.exec("sysctl -w #{key}=#{value}")[:exit_code])
+      if options.restart?
+        msg = @node.messages.add("setting #{key} = #{value}", :indent => 2)
+        msg.parse_result(@node.exec("sysctl -w #{key}=#{value}")[:exit_code])
+      end
       sysctl_conf << "#{key} = #{value}\n"
     end
 
-    msg = @node.messages.add("saving settings to /etc/sysctl.d/10-#{name}.conf", :indent => 2)
-    msg.parse_result(@node.write("/etc/sysctl.d/10-#{name}.conf", sysctl_conf, :quiet => true))
+    msg = @node.messages.add("saving settings to /etc/sysctl.d/#{name}.conf", :indent => 2)
+    msg.parse_result(@node.write("/etc/sysctl.d/#{name}.conf", sysctl_conf, :quiet => true))
+  end
+
+  # removes rules from /etc/sysctl.d/ that are not present in "names"
+  def remove_other(names)
+    @node.messages.add("deleting old rules\n")
+    ret = @node.exec('ls /etc/sysctl.d/* |cat')
+    if ret[:exit_code] != 0
+      return @node.messages.add('couldn\'t get list of files in /etc/sysctl.d, skipping deletion of old rules').warning
+    end
+
+    # delete file if not in config
+    ret[:stdout].each_line do |file|
+      file.chomp!
+      @node.rm(file, :indent => 2) unless names.include?(File.basename(file))
+    end
   end
 
 
@@ -43,7 +65,7 @@ class Sysctl < Recipe
 
   # disable allocation of more ram than actually there for postgres
   def postgres
-    database.merge 'vm.overcommit_memory' => 2
+    database.merge('vm.overcommit_memory' => 2)
   end
 
   # redis complains if vm.overcommit_memory != 1
@@ -58,7 +80,7 @@ class Sysctl < Recipe
   # use half of the system memory for shmmax
   # and set shmall according to pagesize
   def database
-    @node.collect_facts :quiet => true
+    @node.collect_facts(:quiet => true)
 
     # get pagesize
     pagesize = @node.exec('getconf PAGESIZE')[:stdout].to_i || 4096

data/lib/dust/recipes/users.rb

@@ -26,7 +26,7 @@ class Users < Recipe
     Dir["#{@template_path}/#{key_dir}/*"].each do |file|
       destination = "#{ssh_dir}/#{File.basename(file)}"
       @node.scp(file, destination, :indent => 2)
-      @node.chown("#{user}:#{user}", destination)
+      @node.chown("#{user}:#{@node.get_gid(user)}", destination)
 
       # chmod private key
       if File.basename(file) =~ /^(id_rsa|id_dsa|id_ecdsa)$/
@@ -40,25 +40,38 @@ class Users < Recipe
   def deploy_authorized_keys(user, ssh_users)
     @node.messages.add("generating authorized_keys for #{user}\n")
     ssh_dir = create_ssh_dir(user)
+
     authorized_keys = generate_authorized_keys(ssh_users)
+    return false unless authorized_keys
+
     @node.write("#{ssh_dir}/authorized_keys", authorized_keys)
-    @node.chown("#{user}:#{user}", "#{ssh_dir}/authorized_keys")
+    @node.chown("#{user}:#{@node.get_gid(user)}", "#{ssh_dir}/authorized_keys")
+    @node.chcon({ 'type' => 'ssh_home_t' }, "#{ssh_dir}/authorized_keys")
   end
 
   def create_ssh_dir(user)
     ssh_dir = @node.get_home(user) + '/.ssh'
     @node.mkdir(ssh_dir)
-    @node.chown("#{user}:#{user}", ssh_dir)
+    @node.chown("#{user}:#{@node.get_gid(user)}", ssh_dir)
+    @node.chcon({ 'type' => 'ssh_home_t' }, ssh_dir)
     ssh_dir
   end
 
   def generate_authorized_keys(ssh_users)
     # load users and their ssh keys from yaml file
+    unless File.exists?("#{@template_path}/public_keys.yaml")
+      return @node.messages.add("#{@template_path}/public_keys.yaml not present").failed
+    end
+
     users = YAML.load_file("#{@template_path}/public_keys.yaml")
     authorized_keys = ''
 
     # create the authorized_keys hash for this user
     ssh_users.to_array.each do |ssh_user|
+      unless users[ssh_user]
+        return @node.messages.add("#{ssh_user} cannot be found in #{@template_path}/public_keys.yaml").failed
+      end
+
       users[ssh_user]['name'] ||= ssh_user
       msg = @node.messages.add("adding user #{users[ssh_user]['name']}", :indent => 2)
       users[ssh_user]['keys'].each do |key|

data/lib/dust/runner.rb

@@ -337,9 +337,9 @@ module  Dust
           inherited = {}
           node.delete('inherits').each do |file|
             template = YAML.load ERB.new( File.read("./nodes/#{file}.yaml"), nil, '%<>').result
-            inherited.deep_merge! template
+            inherited.deep_merge!(template)
           end
-          node = inherited.deep_merge node
+          node = inherited.deep_merge(node)
         end
 
         # if more than one hostname is specified, create a node

data/lib/dust/server.rb

@@ -164,6 +164,8 @@ module Dust
       else
         # files = 644, dirs = 755
         permissions = 'ug-x,o-wx,u=rwX,g=rX,o=rX'
+        user = 'root'
+        group = 'root'
       end
 
       # if in sudo mode, copy file to temporary place, then move using sudo
@@ -232,6 +234,28 @@ module Dust
       msg.parse_result(exec("chown -R #{user} #{file}")[:exit_code])
     end
 
+    def chcon(permissions, file, options = {})
+      options = default_options.merge(options)
+
+      # just return if selinux is not enabled
+      return true unless selinuxenabled?
+
+      args  = ""
+      args << " --type #{permissions['type']}" if permissions['type']
+      args << " --recursive #{permissions['recursive']}" if permissions['recursive']
+      args << " --user #{permissions['user']}" if permissions['user']
+      args << " --range #{permissions['range']}" if permissions['range']
+      args << " --role #{permissions['role']}" if permissions['role']
+
+      msg = messages.add("setting selinux permissions of #{File.basename file}", options)
+      msg.parse_result(exec("chcon #{args} #{file}")[:exit_code])
+    end
+
+    def selinuxenabled?
+      return true if exec('selinuxenabled')[:exit_code] == 0
+      false
+    end
+
     def rm file, options = {}
       options = default_options.merge options
 
@@ -275,12 +299,11 @@ module Dust
     def restorecon path, options = {}
       options = default_options.merge options
 
-      # if restorecon is not installed, just return true
-      ret = exec 'which restorecon'
-      return true unless ret[:exit_code] == 0
+      # if selinux is not enabled, just return
+      return true unless selinuxenabled?
 
       msg = messages.add("restoring selinux labels for #{path}", options)
-      msg.parse_result(exec("#{ret[:stdout].chomp} -R #{path}")[:exit_code])
+      msg.parse_result(exec("restorecon -R #{path}")[:exit_code])
     end
 
     def get_system_users options = {}
@@ -738,10 +761,10 @@ module Dust
         args << " --append --groups #{Array(options['groups']).join(',')}" if options['groups']
 
         if args.empty?
-          return messages.add("user #{user} already set up correctly", options).ok
+          ret = messages.add("user #{user} already set up correctly", options).ok
         else
           msg = messages.add("modifying user #{user}", { :indent => options[:indent] }.merge(options))
-          return msg.parse_result(exec("usermod #{user} #{args}")[:exit_code])
+          ret = msg.parse_result(exec("usermod #{args} #{user}")[:exit_code])
         end
 
       else
@@ -755,16 +778,20 @@ module Dust
         args << " --groups #{Array(options['groups']).join(',')}" if options['groups']
 
         msg = messages.add("creating user #{user}", { :indent => options[:indent] }.merge(options))
-        return msg.parse_result(exec("useradd #{user} #{args}")[:exit_code])
+        ret = msg.parse_result(exec("useradd #{user} #{args}")[:exit_code])
       end
+
+      # set selinux permissions
+      chcon({ 'type' => 'user_home_dir_t' }, get_home(user), options)
+      return ret
     end
 
     # returns the home directory of this user
-    def get_home user, options = {}
-      options = default_options(:quiet => true).merge options
+    def get_home(user, options = {})
+      options = default_options(:quiet => true).merge(options)
 
       msg = messages.add("getting home directory of #{user}", options)
-      ret = exec "getent passwd |cut -d':' -f1,6 |grep '^#{user}' |head -n1 |cut -d: -f2"
+      ret = exec("getent passwd |cut -d':' -f1,6 |grep '^#{user}' |head -n1 |cut -d: -f2")
       if msg.parse_result(ret[:exit_code])
         return ret[:stdout].chomp
       else
@@ -773,11 +800,24 @@ module Dust
     end
 
     # returns shell of this user
-    def get_shell user, options = {}
-      options = default_options(:quiet => true).merge options
+    def get_shell(user, options = {})
+      options = default_options(:quiet => true).merge(options)
 
       msg = messages.add("getting shell of #{user}", options)
-      ret = exec "getent passwd |cut -d':' -f1,7 |grep '^#{user}' |head -n1 |cut -d: -f2"
+      ret = exec("getent passwd |cut -d':' -f1,7 |grep '^#{user}' |head -n1 |cut -d: -f2")
+      if msg.parse_result(ret[:exit_code])
+        return ret[:stdout].chomp
+      else
+        return false
+      end
+    end
+
+    # returns primary group id of this user
+    def get_gid(user, options = {})
+      options = default_options(:quiet => true).merge(options)
+
+      msg = messages.add("getting primary gid of #{user}", options)
+      ret = exec("getent passwd |cut -d':' -f1,4 |grep '^#{user}' |head -n1 |cut -d: -f2")
       if msg.parse_result(ret[:exit_code])
         return ret[:stdout].chomp
       else

data/lib/dust/version.rb

@@ -1,3 +1,3 @@
 module Dust
-  VERSION = "0.15.2"
+  VERSION = "0.16.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dust-deploy
 version: !ruby/object:Gem::Version
-  version: 0.15.2
+  version: 0.16.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-07-30 00:00:00.000000000 Z
+date: 2012-08-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json