dust-deploy 0.4.1 → 0.4.2

data/changelog.md

@@ -1,6 +1,13 @@
 Changelog
 =============
 
+0.4.2
+------------
+
+adds hash_check recipe, which can check for weak hashes (according to provided list) in your /etc/shadow files.
+can be used e.g. for making sure that none of your servers still has the template password.
+
+
 0.4.1
 ------------
 

data/lib/dust.rb

@@ -1,6 +1,5 @@
 require 'dust/helper'
 require 'dust/print_status'
-require 'dust/convert_size'
 require 'dust/server'
 require 'dust/recipe'
 

data/lib/dust/examples/templates/hash_check/weak_passwords

@@ -0,0 +1,26 @@
+root
+toor
+user
+123456
+12345
+password
+password1
+123456789
+12345678
+1234567890
+abc123
+computer
+tigger
+1234
+qwerty
+money
+carmen
+mickey
+secret
+summer
+internet
+a1b2c3
+123
+service
+hello
+123abc

data/lib/dust/helper.rb

@@ -49,3 +49,24 @@ class String
         false
     end
 end
+
+
+module Dust
+  # converts string to kilobytes (rounded)
+  def self.convert_size s
+    i, unit = s.split(' ')
+  
+    case unit.downcase
+    when 'kb'
+      return i.to_i
+    when 'mb'
+      return (i.to_f * 1024).to_i
+    when 'gb'
+      return (i.to_f * 1024 * 1024).to_i
+    when 'tb'
+      return (i.to_f * 1024 * 1024 * 1024).to_i
+    else
+      return false
+    end
+  end
+end

data/lib/dust/recipes/aliases.rb

@@ -2,7 +2,8 @@ class Aliases < Recipe
   desc 'aliases:deploy', 'installs email aliases'
   def deploy 
     return unless @node.package_installed? 'postfix'
-    @node.scp "#{@template_path}/aliases", '/etc/aliases'
+    
+    @node.deploy_file "#{@template_path}/aliases", '/etc/aliases', :binding => binding
 
     ::Dust.print_msg 'running newaliases'
     ::Dust.print_result @node.exec('newaliases')[:exit_code]

data/lib/dust/recipes/basic_setup.rb

@@ -25,7 +25,7 @@ class BasicSetup < Recipe
     ::Dust.print_msg "deploying configuration files for root\n"
     Dir["#{@template_path}/.*"].each do |file|
       next unless File.file? file
-      @node.scp file, "/root/#{File.basename file}", :indent => 2
+      @node.deploy_file file, "/root/#{File.basename file}", { :binding => binding, :indent => 2 }
     end
 
   end

data/lib/dust/recipes/duplicity.rb

@@ -1,5 +1,3 @@
-require 'erb'
-
 class Duplicity < Recipe
   desc 'duplicity:deploy', 'installs and configures duplicity backups'
   def deploy
@@ -46,11 +44,11 @@ class Duplicity < Recipe
       cronjob_path = "/etc/cron.#{config['interval']}/duplicity-#{scenario}"
 
       # adjust and upload cronjob
-      template = ERB.new File.read("#{@template_path}/cronjob.erb"), nil, '%<>'
-      ::Dust.print_msg "adjusting and deploying cronjob (scenario: #{scenario}, interval: #{config['interval']})\n"
+      ::Dust.print_msg "adjusting and deploying cronjob (scenario: #{scenario}, interval: #{config['interval']})\n"      
       config['options'].each { |option| ::Dust.print_ok "adding option: #{option}", :indent => 2 }
-      @node.write cronjob_path, template.result(binding)
- 
+      
+      @node.deploy_file "#{@template_path}/cronjob", cronjob_path, :binding => binding
+      
       # making cronjob executeable
       @node.chmod '0700', cronjob_path
       puts

data/lib/dust/recipes/etc_hosts.rb

@@ -1,7 +1,7 @@
 class EtcHosts < Recipe
   desc 'etc_hosts:deploy', 'deploys /etc/hosts'
   def deploy
-    @node.scp "#{@template_path}/hosts", '/etc/hosts'
+    @node.deploy_file "#{@template_path}/hosts", '/etc/hosts', :binding => binding
 
     # restart dns service
     if @options.restart? and @config.is_a? String

data/lib/dust/recipes/hash_check.rb

@@ -0,0 +1,44 @@
+class HashCheck < Recipe
+  
+  desc 'hash_check:deploy', 'checks /etc/shadow for weak hashes'
+  def deploy
+    # mkpasswd is in the package 'whois' resp. 'expect'
+    @node.install_package 'whois' if @node.uses_apt?
+    @node.install_package 'expect' if @node.uses_rpm?
+
+    # those keys indicate that no password is set, or login is disabled
+    keys = [ '*', '!', '!!', '', 'LK', 'NP' ]
+
+    # mapping the magic numbers to the actual hash algorithms
+    algorithms = { '1' => 'md5', '2' => 'blowfish', '5' => 'sha-256', '6' => 'sha-512' }
+
+    weak_passwords = File.open "#{@template_path}/weak_passwords", 'r'
+    shadow = @node.exec('cat /etc/shadow')[:stdout]
+
+    ::Dust.print_msg "checking for weak password hashes\n"
+
+    found_weak = false
+
+    shadow.each do |line|
+      user, hash = line.split(':')[0..1]
+      next if keys.include? hash
+      method, salt = hash.split('$')[1..2]
+  
+      weak_passwords.each_line do |password|
+        password.chomp!
+
+        # generate the hash for this password, according to salt and method
+        weak_hash = @node.exec("mkpasswd -m #{algorithms[method.to_s]} -S '#{salt}' '#{password}'")[:stdout]
+        weak_hash.chomp!
+
+        if weak_hash == hash
+          ::Dust.print_failed "user #{user} has a weak password! (#{password})", :indent => 2
+          found_weak= true
+        end
+      end
+    end
+
+    weak_passwords.close
+    ::Dust.print_ok 'none found.', :indent => 2 unless found_weak
+  end
+end

data/lib/dust/recipes/motd.rb

@@ -1,10 +1,6 @@
-require 'erb'
-
 class Motd < Recipe
   desc 'motd:deploy', 'creates message of the day'
-  def deploy
-    # configure node using erb template
-    template = ERB.new File.read("#{@template_path}/motd.erb"), nil, '%<>'
-    @node.write '/etc/motd', template.result(binding)
+  def deploy    
+    @node.deploy_file "#{@template_path}/motd", '/etc/motd', :binding => binding
   end
 end

data/lib/dust/recipes/mysql.rb

@@ -1,5 +1,3 @@
-require 'erb'
-
 class Mysql < Recipe
   desc 'mysql:deploy', 'installs and configures mysql database'
   def deploy
@@ -36,8 +34,7 @@ class Mysql < Recipe
 
     ::Dust.print_ok "setting innodb buffer pool to '#{@config['innodb_buffer_pool_size']}'", :indent => 2
 
-    template = ERB.new( File.read("#{@template_path}/my.cnf.erb"), nil, '%<>')
-    @node.write '/etc/mysql/my.cnf', template.result(binding)
+    @node.deploy_file "#{@template_path}/my.cnf", '/etc/mysql/my.cnf', :binding => binding
     @node.chmod '644', '/etc/mysql/my.cnf'
 
     @node.restart_service 'mysql-server' if options.restart?

data/lib/dust/recipes/newrelic.rb

@@ -4,8 +4,10 @@ class Newrelic < Recipe
     return Dust.print_failed 'no key specified' unless @config
     return unless @node.uses_apt? :quiet=>false
 
-    ::Dust.print_msg 'updating repositories'
-    ::Dust.print_result @node.exec('aptitude update')[:exit_code]
+    if @options.restart? or @options.reload?
+      ::Dust.print_msg 'updating repositories'
+      ::Dust.print_result @node.exec('aptitude update')[:exit_code]
+    end
 
     unless @node.install_package 'newrelic-sysmond'
       ::Dust.print_failed 'installing newrelic monitoring daemon failed, did you setup the newrelic repositories?'

data/lib/dust/recipes/nginx.rb

@@ -1,5 +1,3 @@
-require 'erb'
-
 class Nginx < Recipe
   desc 'nginx:deploy', 'installs and configures nginx web server'
   def deploy
@@ -14,27 +12,13 @@ class Nginx < Recipe
     ::Dust.print_ok
 
     @config.each do |state, site|
-      file = "#{@template_path}/sites/#{site}"
-
-      # if this site is just a regular file, copy it to sites-available
-      if File.exists? file
-        @node.scp file, "/etc/nginx/sites-available/#{site}"
-
-       # if this site is an erb template, render it and deploy
-      elsif File.exists? "#{file}.erb"
-        template = ERB.new( File.read("#{file}.erb"), nil, '%<>')
-        @node.write "/etc/nginx/sites-available/#{site}", template.result(binding)
-
-      # skip to next site if template wasn't found
-      else
-        ::Dust.print_failed "couldn't find template for #{site}", :indent => 2
-        next
-      end
-
+      
+      @node.deploy_file "#{@template_path}/sites/#{site}", "/etc/nginx/sites-available/#{site}", :binding => binding
+    
       # symlink to sites-enabled if this is listed as an enabled site
       if state == 'sites-enabled'
         ::Dust.print_msg "enabling #{site}", :indent => 2
-        ::Dust.print_result( @node.exec("cd /etc/nginx/sites-enabled && ln -s ../sites-available/#{site} #{site}")[:exit_code] )
+        ::Dust.print_result @node.exec("cd /etc/nginx/sites-enabled && ln -s ../sites-available/#{site} #{site}")[:exit_code]
       end
     end
 

data/lib/dust/recipes/postgres.rb

@@ -1,5 +1,3 @@
-require 'erb'
-
 class Postgres < Recipe
   desc 'postgres:deploy', 'installs and configures postgresql database'
   def deploy
@@ -24,9 +22,9 @@ class Postgres < Recipe
     end
 
 
-    deploy_file 'postgresql.conf', "#{@config['conf-dir']}/postgresql.conf"
-    deploy_file 'pg_hba.conf', "#{@config['conf-dir']}/pg_hba.conf"
-    deploy_file 'pg_ident.conf', "#{@config['conf-dir']}/pg_ident.conf"
+    @node.deploy_file "#{@template_path}/postgresql.conf", "#{@config['conf-dir']}/postgresql.conf", :binding => binding
+    @node.deploy_file "#{@template_path}/pg_hba.conf", "#{@config['conf-dir']}/pg_hba.conf", :binding => binding
+    @node.deploy_file "#{@template_path}/pg_ident.conf", "#{@config['conf-dir']}/pg_ident.conf", :binding => binding
 
     @node.chmod '644', "#{@config['conf-dir']}/postgresql.conf"
     @node.chmod '644', "#{@config['conf-dir']}/pg_hba.conf"
@@ -34,21 +32,21 @@ class Postgres < Recipe
 
     # deploy pacemaker script
     if @node.package_installed? 'pacemaker'
-      deploy_file 'pacemaker.sh', "#{@config['conf-dir']}/pacemaker.sh"
+      @node.deploy_file "#{@template_path}/pacemaker.sh", "#{@config['conf-dir']}/pacemaker.sh", :binding => binding
       @node.chmod '755', "#{@config['conf-dir']}/pacemaker.sh"
     end
 
     # copy recovery.conf to either recovery.conf or recovery.done
     # depending on which file already exists.
     if @node.file_exists? "#{@config['data-dir']}/recovery.conf", :quiet => true
-      deploy_file 'recovery.conf', "#{@config['data-dir']}/recovery.conf"
+      @node.deploy_file "#{@template_path}/recovery.conf", "#{@config['data-dir']}/recovery.conf", :binding => binding
     else
-      deploy_file 'recovery.conf', "#{@config['data-dir']}/recovery.done"
+      @node.deploy_file "#{@template_path}/recovery.conf", "#{@config['data-dir']}/recovery.done", :binding => binding
     end
 
     # deploy certificates to data-dir
-    deploy_file 'server.crt', "#{@config['data-dir']}/server.crt"
-    deploy_file 'server.key', "#{@config['data-dir']}/server.key"
+    @node.deploy_file "#{@template_path}/server.crt", "#{@config['data-dir']}/server.crt", :binding => binding
+    @node.deploy_file "#{@template_path}/server.key", "#{@config['data-dir']}/server.key", :binding => binding
 
     @node.chown @config['dbuser'], @config['data-dir'] if @config['dbuser']
     @node.chmod 'u+Xrw,g-rwx,o-rwx', @config['data-dir']
@@ -91,23 +89,5 @@ class Postgres < Recipe
     @node.reload_service @config['service-name'] if options.reload?
   end
 
-  private
-  def deploy_file file, target
-    # if file is just a regular file, copy it to sites-available
-    if File.exists? "#{@template_path}/#{file}"
-      @node.scp "#{@template_path}/#{file}", target
-
-    # if file is an erb template, render it and deploy
-    elsif File.exists? "#{@template_path}/#{file}.erb"
-      ::Dust.print_msg "adjusting and deploying #{file}"
-      template = ERB.new( File.read("#{@template_path}/#{file}.erb"), nil, '%<>')
-      ::Dust.print_result @node.write(target, template.result(binding), :quiet => true)
-
-    # file was not found, return
-    else
-      return ::Dust.print_failed "file '#{@template_path}/#{file}' not found."
-    end
-  end
-
 end
 

data/lib/dust/recipes/zabbix_agent.rb

@@ -1,24 +1,16 @@
-require 'erb'
-
 class ZabbixAgent < Recipe
   desc 'zabbix_agent:deploy', 'installs and configures zabbix agent'
   def deploy 
     return unless install_zabbix
 
-    # configure @node using erb template
-    template = ERB.new File.read("#{@template_path}/zabbix_agentd.conf.erb"), nil, '%<>'
-    ::Dust.print_msg 'adjusting and deploying zabbix_agentd.conf'
-    @node.write '/etc/zabbix/zabbix_agentd.conf', template.result(binding), :quiet => true
-    ::Dust.print_ok
-
+    @node.deploy_file "#{@template_path}/zabbix_agentd.conf", '/etc/zabbix/zabbix_agentd.conf', :binding => binding
+    
+    # set daemon name, according zu distribution
+    daemon = @node.uses_emerge? ? 'zabbix-agentd' : 'zabbix-agent'
+    
     # restart using new configuration
-    if @node.uses_emerge? :quiet => true
-      @node.autostart_service 'zabbix-agentd'
-      @node.restart_service 'zabbix-agentd' if options.restart?
-    else 
-      @node.autostart_service 'zabbix-agent'
-      @node.restart_service 'zabbix-agent' if options.restart?
-    end
+    @node.autostart_service daemon
+    @node.restart_service daemon if options.restart?
   end
 
   private
@@ -26,15 +18,13 @@ class ZabbixAgent < Recipe
   def install_zabbix
 
     if @node.uses_apt?
+      # debsecan is needed for zabbix checks (security updates)      
       return false unless @node.install_package 'zabbix-agent'
-
-      # debsecan is needed for zabbix checks (security updates)
       return false unless @node.install_package 'debsecan'
 
     elsif @node.uses_emerge?
+      # glsa-check (part of gentoolkit) is needed for zabbix checks (security updates)      
       return false unless @node.install_package 'zabbix', :env => 'USE=agent'
-
-      # glsa-check (part of gentoolkit) is needed for zabbix checks (security updates)
       return false unless @node.install_package 'gentoolkit'
 
     elsif @node.uses_rpm?
@@ -49,6 +39,9 @@ class ZabbixAgent < Recipe
     true
   end
 
+  
+  # below this line is unfinished code, not in use yet
+  
   # TODO (not yet finished)
   desc 'zabbix_agent:postgres', 'configure postgres database for zabbix monitoring'
   def postgres
@@ -69,7 +62,7 @@ class ZabbixAgent < Recipe
       ::Dust.print_result( @node.exec('createuser -U postgres zabbix -RSD')[:exit_code] )
     end
 
-# TODO: only GRANT is this is a master
+    # TODO: only GRANT is this is a master
     ::Dust.print_msg 'GRANT zabbix user access to postgres database'
     ::Dust.print_result( @node.exec('psql -U postgres -c "GRANT SELECT ON pg_stat_database TO zabbix" postgres')[:exit_code] )
 

data/lib/dust/server.rb

@@ -2,37 +2,41 @@ require 'rubygems'
 require 'net/ssh'
 require 'net/scp'
 require 'net/ssh/proxy/socks5'
+require 'erb'
   
 module Dust
   class Server
     attr_reader :ssh
   
-    def initialize attr
-      @attr = attr
-  
-      @attr['user'] ||= 'root'
-      @attr['port'] ||= 22
-      @attr['password'] ||= ''
+    def default_options options = {}
+      { :quiet => false, :indent => 1 }.merge options
+    end
+    
+    def initialize node
+      @node = node
+      @node['user'] ||= 'root'
+      @node['port'] ||= 22
+      @node['password'] ||= ''
     end
 
     def connect 
-      Dust.print_hostname @attr['hostname']
+      Dust.print_hostname @node['hostname']
       begin
         # connect to proxy if given
-        if @attr['proxy']
-          host, port = @attr['proxy'].split ':'
+        if @node['proxy']
+          host, port = @node['proxy'].split ':'
           proxy = Net::SSH::Proxy::SOCKS5.new host, port
         else
           proxy = nil
         end
 
-        @ssh = Net::SSH.start @attr['fqdn'], @attr['user'],
-                              { :password => @attr['password'],
-                                :port => @attr['port'],
+        @ssh = Net::SSH.start @node['fqdn'], @node['user'],
+                              { :password => @node['password'],
+                                :port => @node['port'],
                                 :proxy => proxy }
       rescue Exception
-        error_message = "coudln't connect to #{@attr['fqdn']}"
-        error_message += " (via socks5 proxy #{@attr['proxy']})" if proxy
+        error_message = "coudln't connect to #{@node['fqdn']}"
+        error_message += " (via socks5 proxy #{@node['proxy']})" if proxy
         Dust.print_failed error_message
         return false
       end
@@ -66,7 +70,9 @@ module Dust
     end
  
 
-    def write target, text, options={:quiet => false, :indent => 1}
+    def write target, text, options = {}
+      options = default_options.merge options
+
       Dust.print_msg "deploying #{File.basename target}", options
 
       # escape $ signs and \ at the end of line
@@ -84,40 +90,54 @@ module Dust
       restorecon target, options # restore SELinux labels
     end
 
-    def append target, text, options={:quiet => false, :indent => 1}
+    def append target, text, options = {}
+      options = default_options.merge options
+
       Dust.print_msg "appending to #{File.basename target}", options
       Dust.print_result exec("cat << EOF >> #{target}\n#{text}\nEOF")[:exit_code], options
     end
  
-    def scp source, destination, options={:quiet => false, :indent => 1}
+    def scp source, destination, options = {}
+      options = default_options.merge options
+
       Dust.print_msg "deploying #{File.basename(source)}", options
       @ssh.scp.upload! source, destination
       Dust.print_ok '', options
       restorecon destination, options # restore SELinux labels
     end
   
-    def symlink source, destination, options={:quiet => false, :indent => 1}
+    def symlink source, destination, options = {}
+      options = default_options.merge options
+
       Dust.print_msg "symlinking #{File.basename(source)} to '#{destination}'", options
       Dust.print_result exec("ln -s #{source} #{destination}")[:exit_code], options
       restorecon destination, options # restore SELinux labels
     end
   
-    def chmod mode, file, options={:quiet => false, :indent => 1}
+    def chmod mode, file, options = {}
+      options = default_options.merge options
+
       Dust.print_msg "setting mode of #{File.basename(file)} to #{mode}", options
       Dust.print_result exec("chmod -R #{mode} #{file}")[:exit_code], options
     end
 
-    def chown user, file, options={:quiet => false, :indent => 1}
+    def chown user, file, options = {}
+      options = default_options.merge options
+
       Dust.print_msg "setting owner of #{File.basename(file)} to #{user}", options
       Dust.print_result exec("chown -R #{user} #{file}")[:exit_code], options
     end
 
-    def rm file, options={:quiet => false, :indent => 1}
+    def rm file, options = {}
+      options = default_options.merge options
+
       Dust.print_msg "deleting #{file}", options
       Dust.print_result exec("rm -rf #{file}")[:exit_code], options
     end
 
-    def mkdir dir, options={:quiet => false, :indent => 1}
+    def mkdir dir, options = {}
+      options = default_options.merge options
+
       return true if dir_exists? dir, :quiet => true
 
       Dust.print_msg "creating directory #{dir}", options
@@ -127,7 +147,9 @@ module Dust
 
     # check if restorecon (selinux) is available
     # if so, run it on "path" recursively
-    def restorecon path, options={:quiet => false, :indent => 1}
+    def restorecon path, options = {}
+      options = default_options.merge options
+
 
       # if restorecon is not installed, just return true
       ret = exec 'which restorecon'
@@ -137,7 +159,9 @@ module Dust
       Dust.print_result exec("#{ret[:stdout].chomp} -R #{path}")[:exit_code], options
     end
  
-    def get_system_users options={:quiet => false, :indent => 1} 
+    def get_system_users options = {}
+      options = default_options.merge options
+ 
       Dust.print_msg "getting all system users", options
       ret = exec 'getent passwd |cut -d: -f1'
       Dust.print_result ret[:exit_code], options
@@ -150,7 +174,9 @@ module Dust
     end
 
     # checks if one of the packages is installed
-    def package_installed? packages, options={:quiet => false, :indent => 1}
+    def package_installed? packages, options = {}
+      options = default_options.merge options
+
       packages = [ packages ] if packages.is_a? String
 
       Dust.print_msg "checking if #{packages.join(' or ')} is installed", options
@@ -168,10 +194,16 @@ module Dust
       Dust.print_failed '', options
     end
  
-    def install_package package, options={:quiet => false, :indent => 1, :env => ''}
-      return true if package_installed? package, options
+    def install_package package, options = {}
+      options = default_options.merge options
+      options[:env] ||= ''
+      
+      if package_installed? package, :quiet=>true
+        return Dust.print_ok "package #{package} already installed"
+      end
+
+      Dust.print_msg "installing #{package}", :indent => options[:indent] + 1
 
-      Dust.print_msg "installing #{package}", {:quiet => options[:quiet], :indent => options[:indent] + 1}
       if uses_apt?
         exec "DEBIAN_FRONTEND=noninteractive aptitude install -y #{package}"
       elsif uses_emerge?
@@ -186,7 +218,9 @@ module Dust
       Dust.print_result package_installed? package, :quiet => true
     end
 
-    def remove_package package, options={:quiet => false, :indent => 1}
+    def remove_package package, options = {}
+      options = default_options.merge options
+
       unless package_installed? package, :quiet => true
         return Dust.print_ok "package #{package} not installed", options
       end
@@ -203,7 +237,9 @@ module Dust
       end
     end
 
-    def update_repos options={:quiet => false, :indent => 1}
+    def update_repos options = {}
+      options = default_options.merge options
+
       Dust.print_msg 'updating system repositories', options
 
       if uses_apt?
@@ -217,7 +253,9 @@ module Dust
       end
     end
 
-    def system_update options={:quiet => false, :indent => 1}
+    def system_update options = {}
+      options = default_options.merge options
+
       Dust.print_msg 'installing system updates', options
 
       if uses_apt?
@@ -241,27 +279,35 @@ module Dust
 
     # determining the system packet manager has to be done without facter
     # because it's used to find out whether facter is installed / install facter
-    def uses_apt? options={:quiet => true, :indent => 1}
+    def uses_apt? options = {}
+      options = default_options(:quiet => true).merge options
+
       Dust.print_msg 'determining whether node uses apt', options
       Dust.print_result exec('test -e /etc/debian_version')[:exit_code], options
     end
 
-    def uses_rpm? options={:quiet => true, :indent => 1}
+    def uses_rpm? options = {}
+      options = default_options(:quiet => true).merge options
+
       Dust.print_msg 'determining whether node uses rpm', options
       Dust.print_result exec('test -e /etc/redhat-release')[:exit_code], options
     end
 
-    def uses_emerge? options={:quiet => true, :indent => 1}
+    def uses_emerge? options = {}
+      options = default_options(:quiet => true).merge options
+
       Dust.print_msg 'determining whether node uses emerge', options
       Dust.print_result exec('test -e /etc/gentoo-release')[:exit_code], options
     end
   
-    def is_os? os_list, options={:quiet => true, :indent => 1}
+    def is_os? os_list, options = {}
+      options = default_options(:quiet => true).merge options
+
       Dust.print_msg "checking if this machine runs #{os_list.join(' or ')}", options
-      collect_facts options unless @attr['operatingsystem']
+      collect_facts options unless @node['operatingsystem']
 
       os_list.each do |os|
-        if @attr['operatingsystem'].downcase == os.downcase
+        if @node['operatingsystem'].downcase == os.downcase
           return Dust.print_ok '', options
         end
       end
@@ -270,46 +316,66 @@ module Dust
       false
     end
   
-    def is_debian? options={:quiet => true, :indent => 1}
+    def is_debian? options = {}
+      options = default_options(:quiet => true).merge options
+
       is_os? ['debian'], options
     end
   
-    def is_ubuntu? options={:quiet => true, :indent => 1}
+    def is_ubuntu? options = {}
+      options = default_options(:quiet => true).merge options
+
       is_os? ['ubuntu'], options
     end
   
-    def is_gentoo? options={:quiet => true, :indent => 1}
+    def is_gentoo? options = {}
+      options = default_options(:quiet => true).merge options
+
       is_os? ['gentoo'], options
     end
   
-    def is_centos? options={:quiet => true, :indent => 1}
+    def is_centos? options = {}
+      options = default_options(:quiet => true).merge options
+
       is_os? ['centos'], options
     end
   
-    def is_scientific? options={:quiet => true, :indent => 1}
+    def is_scientific? options = {}
+      options = default_options(:quiet => true).merge options
+
       is_os? ['scientific'], options
     end
 
-    def is_fedora? options={:quiet => true, :indent => 1}
+    def is_fedora? options = {}
+      options = default_options(:quiet => true).merge options
+
       is_os? ['fedora'], options
     end
   
-    def is_executable? file, options={:quiet => false, :indent => 1}
+    def is_executable? file, options = {}
+      options = default_options.merge options
+
       Dust.print_msg "checking if file #{file} exists and is executeable", options
       Dust.print_result exec("test -x $(which #{file})")[:exit_code], options
     end
   
-    def file_exists? file, options={:quiet => false, :indent => 1}
+    def file_exists? file, options = {}
+      options = default_options.merge options
+
       Dust.print_msg "checking if file #{file} exists", options
       Dust.print_result exec("test -e #{file}")[:exit_code], options
     end
 
-    def dir_exists? dir, options={:quiet => false, :indent => 1}
+    def dir_exists? dir, options = {}
+      options = default_options.merge options
+
       Dust.print_msg "checking if directory #{dir} exists", options
       Dust.print_result exec("test -d #{dir}")[:exit_code], options
     end
  
-    def autostart_service service, options={:quiet => false, :indent => 1}
+    def autostart_service service, options = {}
+      options = default_options.merge options
+
       Dust.print_msg "autostart #{service} on boot", options
       if uses_rpm?
         Dust.print_result exec("chkconfig #{service} on")[:exit_code], options
@@ -320,27 +386,37 @@ module Dust
       end
     end
  
-    def restart_service service, options={:quiet => false, :indent => 1}
+    def restart_service service, options = {}
+      options = default_options.merge options
+
       Dust.print_msg "restarting #{service}", options
       Dust.print_result exec("/etc/init.d/#{service} restart")[:exit_code], options
     end
   
-    def reload_service service, options={:quiet => false, :indent => 1}
+    def reload_service service, options = {}
+      options = default_options.merge options
+
       Dust.print_msg "reloading #{service}", options
       Dust.print_result exec("/etc/init.d/#{service} reload")[:exit_code], options
     end
   
     # check whether a user exists on this node
-    def user_exists? user, options={:quiet => false, :indent => 1}
+    def user_exists? user, options = {}
+      options = default_options.merge options
+
       Dust.print_msg "checking if user #{user} exists", options
       Dust.print_result exec("id #{user}")[:exit_code], options
     end
 
     # create a user
-    def create_user user, options={:home => nil, :shell => nil, :quiet => false, :indent => 1}
+    def create_user user, options = {}
+      options = default_options.merge options
+      options[:home] ||= nil
+      options[:shell] ||= nil
+      
       return true if user_exists? user, options
 
-      Dust.print_msg "creating user #{user}", {:quiet => options[:quiet], :indent => options[:indent] + 1}
+      Dust.print_msg "creating user #{user}", :indent => options[:indent]
       cmd = "useradd #{user} -m"
       cmd += " -d #{options[:home]}" if options[:home]
       cmd += " -s #{options[:shell]}" if options[:shell]
@@ -348,7 +424,9 @@ module Dust
     end
 
     # collect additional system facts using puppets facter
-    def collect_facts options={:quiet => false, :indent => 1}
+    def collect_facts options = {}
+      options = default_options.merge options
+
 
       # check if lsb-release (on apt systems) and facter are installed
       # and install them if not
@@ -362,23 +440,41 @@ module Dust
 
       Dust.print_msg "collecting additional system facts (using facter)", options
 
-      # run facter with -y for yaml output, and merge results into @attr
+      # run facter with -y for yaml output, and merge results into @node
       ret = exec 'facter -y'
-      @attr.merge! YAML.load ret[:stdout]
+      @node.merge! YAML.load ret[:stdout]
 
       Dust.print_result ret[:exit_code], options
     end
 
+    # if file is a regular file, copy it using scp
+    # if it's an file.erb exists, render template and push to server
+    def deploy_file file, destination, options = {}
+      options = default_options(:binding => binding).merge options
+      
+      if File.exists? file
+        scp file, destination, options
+        
+      elsif File.exists? "#{file}.erb"
+        template = ERB.new( File.read("#{file}.erb"), nil, '%<>')
+        write destination, template.result(options[:binding]), options
+        
+      else
+        ::Dust.print_failed "'#{file}' was not found."
+      end
+    end
+    
+    
     private
 
     def method_missing method, *args, &block
-      # make server attributes accessible via server.attribute
-      if @attr[method.to_s]
-        @attr[method.to_s]
+      # make server nodeibutes accessible via server.nodeibute
+      if @node[method.to_s]
+        @node[method.to_s]
    
-      # and as server['attribute']
-      elsif @attr[args.first]
-        @attr[args.first]
+      # and as server['nodeibute']
+      elsif @node[args.first]
+        @node[args.first]
 
       # default to super
       else

data/lib/dust/version.rb

@@ -1,3 +1,3 @@
 module Dust
-  VERSION = "0.4.1"
+  VERSION = "0.4.2"
 end

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 4
-  - 1
-  version: 0.4.1
+  - 2
+  version: 0.4.2
 platform: ruby
 authors: 
 - kris kechagia
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-01-15 00:00:00 +01:00
+date: 2012-01-17 00:00:00 +01:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -96,7 +96,6 @@ files:
 - changelog.md
 - dust.gemspec
 - lib/dust.rb
-- lib/dust/convert_size.rb
 - lib/dust/examples/nodes/_debian.yaml
 - lib/dust/examples/nodes/_default.yaml
 - lib/dust/examples/nodes/_newrelic.yaml
@@ -111,6 +110,7 @@ files:
 - lib/dust/examples/templates/basic_setup/.your-vimrc
 - lib/dust/examples/templates/duplicity/cronjob.erb
 - lib/dust/examples/templates/etc_hosts/hosts
+- lib/dust/examples/templates/hash_check/weak_passwords
 - lib/dust/examples/templates/motd/motd.erb
 - lib/dust/examples/templates/nginx/nginx.conf
 - lib/dust/examples/templates/nginx/sites/othersite.erb
@@ -130,6 +130,7 @@ files:
 - lib/dust/recipes/debsecan.rb
 - lib/dust/recipes/duplicity.rb
 - lib/dust/recipes/etc_hosts.rb
+- lib/dust/recipes/hash_check.rb
 - lib/dust/recipes/iptables.rb
 - lib/dust/recipes/locale.rb
 - lib/dust/recipes/memory_limit.rb

data/lib/dust/convert_size.rb

@@ -1,21 +0,0 @@
-module Dust
-
-  # converts string to kilobytes (rounded)
-  def self.convert_size s
-    i, unit = s.split(' ')
-
-    case unit.downcase
-    when 'kb'
-      return i.to_i
-    when 'mb'
-      return (i.to_f * 1024).to_i
-    when 'gb'
-      return (i.to_f * 1024 * 1024).to_i
-    when 'tb'
-      return (i.to_f * 1024 * 1024 * 1024).to_i
-    else
-      return false
-    end
-  end
-
-end