dust-deploy 0.4.3 → 0.4.4
Sign up to get free protection for your applications and to get access to all the features.
- data/changelog.md +8 -0
- data/lib/dust/helper.rb +21 -15
- data/lib/dust/recipes/iptables.rb +1 -1
- data/lib/dust/recipes/repositories.rb +97 -80
- data/lib/dust/recipes/ssh_authorized_keys.rb +53 -41
- data/lib/dust/recipes/sshd.rb +5 -0
- data/lib/dust/version.rb +1 -1
- metadata +3 -3
data/changelog.md
CHANGED
@@ -1,6 +1,14 @@
|
|
1
1
|
Changelog
|
2
2
|
=============
|
3
3
|
|
4
|
+
0.4.4
|
5
|
+
------------
|
6
|
+
|
7
|
+
sshd recipe
|
8
|
+
- default PrintMotd to false on apt systems (will be displayed 2 times otherwise)
|
9
|
+
- no and yes can be specified in config file, without getting converted to booleans automatically
|
10
|
+
|
11
|
+
|
4
12
|
0.4.3
|
5
13
|
------------
|
6
14
|
|
data/lib/dust/helper.rb
CHANGED
@@ -15,9 +15,8 @@ class Array
|
|
15
15
|
end
|
16
16
|
end
|
17
17
|
|
18
|
-
# stole this from rails
|
19
|
-
# https://github.com/rails/rails/blob/c0262827cacc1baf16668af65c35a09138166394/activesupport/lib/active_support/core_ext/hash/deep_merge.rb
|
20
18
|
class Hash
|
19
|
+
# stole this from rails
|
21
20
|
# Returns a new hash with +self+ and +other_hash+ merged recursively.
|
22
21
|
def deep_merge(other_hash)
|
23
22
|
dup.deep_merge!(other_hash)
|
@@ -33,26 +32,33 @@ class Hash
|
|
33
32
|
self
|
34
33
|
end
|
35
34
|
|
35
|
+
|
36
36
|
# converts each value to an array, so .each and .combine won't get hickups
|
37
37
|
def values_to_array!
|
38
|
-
self.each { |k
|
38
|
+
self.keys.each { |k| self[k] = [ self[k] ] unless self[k].is_a? Array }
|
39
39
|
end
|
40
|
+
|
41
|
+
# converts each value that is a boolean to 'yes' resp. 'no' strings
|
42
|
+
def boolean_to_string!
|
43
|
+
self.each { |k, v| self[k] = v ? 'yes' : 'no' if v.is_a? TrueClass or v.is_a? FalseClass }
|
44
|
+
end
|
40
45
|
end
|
41
46
|
|
42
|
-
|
43
|
-
# adds ability to check if a class with the name of a string exists
|
47
|
+
|
44
48
|
class String
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
49
|
+
# stole this from Afz902k who posted something similar at stackoverflow.com
|
50
|
+
# adds ability to check if a class with the name of a string exists
|
51
|
+
def to_class
|
52
|
+
Kernel.const_get self.capitalize
|
53
|
+
rescue NameError
|
54
|
+
nil
|
55
|
+
end
|
50
56
|
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
57
|
+
def is_a_defined_class?
|
58
|
+
true if self.to_class
|
59
|
+
rescue NameError
|
60
|
+
false
|
61
|
+
end
|
56
62
|
end
|
57
63
|
|
58
64
|
|
@@ -69,7 +69,7 @@ class Iptables < Recipe
|
|
69
69
|
rule['table'] ||= ['filter']
|
70
70
|
rule['jump'] ||= ['ACCEPT']
|
71
71
|
rule['protocol'] ||= ['tcp'] if rule['dport'] or rule['sport']
|
72
|
-
rule.
|
72
|
+
rule.values_to_array!
|
73
73
|
end
|
74
74
|
end
|
75
75
|
end
|
@@ -3,90 +3,107 @@ class Repositories < Recipe
|
|
3
3
|
def deploy
|
4
4
|
@node.collect_facts
|
5
5
|
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
"deb-src http://security.ubuntu.com/ubuntu/ #{repo['release']}-security #{repo['components']}\n\n"
|
43
|
-
end
|
44
|
-
|
45
|
-
# updates
|
46
|
-
sources += "deb #{repo['url']} #{repo['release']}-updates #{repo['components']}\n" +
|
47
|
-
"deb-src #{repo['url']} #{repo['release']}-updates #{repo['components']}\n\n"
|
48
|
-
|
49
|
-
# proposed
|
50
|
-
if @node.is_ubuntu?
|
51
|
-
sources += "deb #{repo['url']} #{repo['release']}-proposed #{repo['components']}\n" +
|
52
|
-
"deb-src #{repo['url']} #{repo['release']}-proposed #{repo['components']}\n\n"
|
53
|
-
end
|
54
|
-
|
55
|
-
# backports is enabled per default in ubuntu oneiric
|
56
|
-
if @node.is_ubuntu?
|
57
|
-
sources += "deb #{repo['url']} #{repo['release']}-backports #{repo['components']}\n" +
|
58
|
-
"deb-src #{repo['url']} #{repo['release']}-backports #{repo['components']}\n\n"
|
59
|
-
end
|
60
|
-
|
61
|
-
::Dust.print_result @node.write('/etc/apt/sources.list', sources, :quiet => true)
|
62
|
-
|
63
|
-
else
|
64
|
-
# add url to sources.list
|
65
|
-
sources = ''
|
66
|
-
sources += "deb #{repo['url']} #{repo['release']} #{repo['components']}\n" if repo['binary']
|
67
|
-
sources += "deb-src #{repo['url']} #{repo['release']} #{repo['components']}\n" if repo['source']
|
68
|
-
|
69
|
-
::Dust.print_msg "adding repository '#{name}' to sources"
|
70
|
-
::Dust.print_result @node.write("/etc/apt/sources.list.d/#{name}.list", sources, :quiet => true)
|
71
|
-
|
72
|
-
# add the repository key
|
73
|
-
if repo['key']
|
74
|
-
::Dust.print_msg "adding #{name} repository key"
|
75
|
-
::Dust.print_result @node.exec("wget -O- '#{repo['key']}' | apt-key add -")[:exit_code]
|
76
|
-
end
|
77
|
-
end
|
6
|
+
delete_old_repositories
|
7
|
+
deploy_repositories
|
8
|
+
|
9
|
+
# fetch new stuff
|
10
|
+
puts
|
11
|
+
@node.update_repos if options.restart? or options.reload?
|
12
|
+
end
|
13
|
+
|
14
|
+
|
15
|
+
private
|
16
|
+
|
17
|
+
# deletes all .list files under /etc/apt/sources.list.d
|
18
|
+
def delete_old_repositories
|
19
|
+
:: Dust.print_msg 'deleting old repositories'
|
20
|
+
@node.rm '/etc/apt/sources.list.d/*.list', :quiet => true if @node.uses_apt?
|
21
|
+
::Dust.print_ok
|
22
|
+
end
|
23
|
+
|
24
|
+
def deploy_repositories
|
25
|
+
@config.each do |name, repo|
|
26
|
+
|
27
|
+
# if repo is present but not a hash use defaults
|
28
|
+
repo = {} unless repo.is_a? Hash
|
29
|
+
|
30
|
+
merge_with_default_settings repo
|
31
|
+
|
32
|
+
# the default repository in /etc/apt/sources.list (debian)
|
33
|
+
if name == 'default'
|
34
|
+
::Dust.print_msg 'deploying default repository'
|
35
|
+
sources = generate_default_repo repo
|
36
|
+
::Dust.print_result @node.write('/etc/apt/sources.list', sources, :quiet => true)
|
37
|
+
else
|
38
|
+
::Dust.print_msg "adding repository '#{name}' to sources"
|
39
|
+
sources = generate_repo repo
|
40
|
+
::Dust.print_result @node.write("/etc/apt/sources.list.d/#{name}.list", sources, :quiet => true)
|
41
|
+
add_repo_key name, repo
|
78
42
|
end
|
43
|
+
end
|
44
|
+
end
|
79
45
|
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
46
|
+
# merge repo configuration with default settings
|
47
|
+
def merge_with_default_settings repo
|
48
|
+
# setting defaults
|
49
|
+
repo['url'] ||= 'http://ftp.debian.org/debian/' if @node.is_debian?
|
50
|
+
repo['url'] ||= 'http://archive.ubuntu.com/ubuntu/' if @node.is_ubuntu?
|
51
|
+
|
52
|
+
repo['release'] ||= @node['lsbdistcodename']
|
53
|
+
repo['components'] ||= 'main'
|
54
|
+
|
55
|
+
# ||= doesn't work for booleans
|
56
|
+
repo['source'] = repo['source'].nil? ? true : repo['source']
|
57
|
+
repo['binary'] = repo['binary'].nil? ? true : repo['binary']
|
58
|
+
end
|
59
|
+
|
60
|
+
def generate_default_repo repo
|
61
|
+
sources = ''
|
62
|
+
sources.concat "deb #{repo['url']} #{repo['release']} #{repo['components']}\n"
|
63
|
+
sources.concat "deb-src #{repo['url']} #{repo['release']} #{repo['components']}\n\n"
|
64
|
+
|
65
|
+
# security
|
66
|
+
if @node.is_debian?
|
67
|
+
sources.concat "deb http://security.debian.org/ #{repo['release']}/updates #{repo['components']}\n"
|
68
|
+
sources.concat "deb-src http://security.debian.org/ #{repo['release']}/updates #{repo['components']}\n\n"
|
69
|
+
elsif @node.is_ubuntu?
|
70
|
+
sources.concat "deb http://security.ubuntu.com/ubuntu/ #{repo['release']}-security #{repo['components']}\n"
|
71
|
+
sources.concat "deb-src http://security.ubuntu.com/ubuntu/ #{repo['release']}-security #{repo['components']}\n\n"
|
72
|
+
end
|
73
|
+
|
74
|
+
# updates
|
75
|
+
sources.concat "deb #{repo['url']} #{repo['release']}-updates #{repo['components']}\n"
|
76
|
+
sources.concat "deb-src #{repo['url']} #{repo['release']}-updates #{repo['components']}\n\n"
|
77
|
+
|
78
|
+
# proposed
|
79
|
+
if @node.is_ubuntu?
|
80
|
+
sources.concat "deb #{repo['url']} #{repo['release']}-proposed #{repo['components']}\n"
|
81
|
+
sources.concat "deb-src #{repo['url']} #{repo['release']}-proposed #{repo['components']}\n\n"
|
82
|
+
end
|
83
|
+
|
84
|
+
# backports is enabled per default in ubuntu oneiric
|
85
|
+
if @node.is_ubuntu?
|
86
|
+
sources.concat "deb #{repo['url']} #{repo['release']}-backports #{repo['components']}\n"
|
87
|
+
sources.concat "deb-src #{repo['url']} #{repo['release']}-backports #{repo['components']}\n\n"
|
85
88
|
end
|
86
89
|
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
+
sources
|
91
|
+
end
|
92
|
+
|
93
|
+
def generate_repo repo
|
94
|
+
# add url to sources.list
|
95
|
+
sources = ''
|
96
|
+
sources.concat "deb #{repo['url']} #{repo['release']} #{repo['components']}\n" if repo['binary']
|
97
|
+
sources.concat "deb-src #{repo['url']} #{repo['release']} #{repo['components']}\n" if repo['source']
|
98
|
+
sources
|
99
|
+
end
|
100
|
+
|
101
|
+
def add_repo_key name, repo
|
102
|
+
# add the repository key
|
103
|
+
if repo['key']
|
104
|
+
::Dust.print_msg "adding #{name} repository key"
|
105
|
+
::Dust.print_result @node.exec("wget -O- '#{repo['key']}' | apt-key add -")[:exit_code]
|
106
|
+
end
|
90
107
|
end
|
91
108
|
end
|
92
109
|
|
@@ -3,55 +3,67 @@ require 'yaml'
|
|
3
3
|
class SshAuthorizedKeys < Recipe
|
4
4
|
desc 'ssh_authorized_keys:deploy', 'configures ssh authorized_keys'
|
5
5
|
def deploy
|
6
|
-
# load users and their ssh keys from yaml file
|
7
|
-
users = YAML.load_file "#{@template_path}/users.yaml"
|
8
6
|
|
9
|
-
authorized_keys = {}
|
10
7
|
@config.each do |remote_user, ssh_users|
|
11
8
|
::Dust.print_msg "generating authorized_keys for #{remote_user}\n"
|
12
|
-
authorized_keys =
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
authorized_keys += " #{users[ssh_user]['name']}" if users[ssh_user]['name']
|
21
|
-
authorized_keys += " <#{users[ssh_user]['email']}>" if users[ssh_user]['email']
|
22
|
-
authorized_keys += "\n"
|
23
|
-
end
|
9
|
+
authorized_keys = generate_authorized_keys ssh_users
|
10
|
+
deploy_authorized_keys remote_user, authorized_keys
|
11
|
+
puts
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
|
16
|
+
private
|
24
17
|
|
25
|
-
|
18
|
+
def generate_authorized_keys ssh_users
|
19
|
+
# load users and their ssh keys from yaml file
|
20
|
+
users = YAML.load_file "#{@template_path}/users.yaml"
|
21
|
+
authorized_keys = ''
|
22
|
+
|
23
|
+
# create the authorized_keys hash for this user
|
24
|
+
ssh_users.each do |ssh_user|
|
25
|
+
users[ssh_user]['name'] ||= ssh_user
|
26
|
+
::Dust.print_msg "adding user #{users[ssh_user]['name']}", :indent => 2
|
27
|
+
users[ssh_user]['keys'].each do |key|
|
28
|
+
authorized_keys.concat"#{key}"
|
29
|
+
authorized_keys.concat " #{users[ssh_user]['name']}" if users[ssh_user]['name']
|
30
|
+
authorized_keys.concat " <#{users[ssh_user]['email']}>" if users[ssh_user]['email']
|
31
|
+
authorized_keys.concat "\n"
|
26
32
|
end
|
33
|
+
::Dust.print_ok
|
34
|
+
end
|
27
35
|
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
36
|
+
authorized_keys
|
37
|
+
end
|
38
|
+
|
39
|
+
# deploy the authorized_keys file for this user
|
40
|
+
# creating user if not existent
|
41
|
+
def deploy_authorized_keys user, authorized_keys
|
42
|
+
# create user, if not existent
|
43
|
+
next unless @node.create_user user
|
44
|
+
|
45
|
+
# check and create necessary directories
|
46
|
+
next unless @node.mkdir("~#{user}/.ssh")
|
47
|
+
|
48
|
+
# deploy authorized_keys
|
49
|
+
next unless @node.write "~#{user}/.ssh/authorized_keys", authorized_keys
|
50
|
+
|
51
|
+
# check permissions
|
52
|
+
@node.chown "#{user}:#{user}", "~#{user}/.ssh"
|
53
|
+
@node.chmod '0644', "~#{user}/.ssh/authorized_keys"
|
54
|
+
end
|
55
|
+
|
56
|
+
# remove authorized_keys files for all other users
|
57
|
+
# TODO: add this option
|
58
|
+
def cleanup
|
59
|
+
if options.cleanup?
|
60
|
+
::Dust.print_msg "deleting other authorized_keys files\n"
|
61
|
+
@node.get_system_users(:quiet => true).each do |user|
|
62
|
+
next if users.keys.include? user
|
63
|
+
if @node.file_exists? "~#{user}/.ssh/authorized_keys", :quiet => true
|
64
|
+
@node.rm "~#{user}/.ssh/authorized_keys", :indent => 2
|
51
65
|
end
|
52
66
|
end
|
53
|
-
|
54
|
-
puts
|
55
67
|
end
|
56
68
|
end
|
57
69
|
end
|
data/lib/dust/recipes/sshd.rb
CHANGED
@@ -34,6 +34,7 @@ class Sshd < Recipe
|
|
34
34
|
end
|
35
35
|
|
36
36
|
def generate_default_config
|
37
|
+
@config.boolean_to_string!
|
37
38
|
@config = default_config.merge @config
|
38
39
|
|
39
40
|
unless @config['sftp']
|
@@ -45,6 +46,10 @@ class Sshd < Recipe
|
|
45
46
|
@config['SyslogFacility'] ||= 'AUTHPRIV'
|
46
47
|
@config['GSSAPIAuthentication'] ||= 'yes'
|
47
48
|
end
|
49
|
+
|
50
|
+
if @node.uses_apt?
|
51
|
+
@config['PrintMotd'] ||= 'no'
|
52
|
+
end
|
48
53
|
end
|
49
54
|
|
50
55
|
def apply_configuration
|
data/lib/dust/version.rb
CHANGED
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 4
|
8
|
-
-
|
9
|
-
version: 0.4.
|
8
|
+
- 4
|
9
|
+
version: 0.4.4
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- kris kechagia
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2012-01-
|
17
|
+
date: 2012-01-20 00:00:00 +01:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|