dust-deploy 0.4.4 → 0.4.5

data/changelog.md

@@ -1,6 +1,16 @@
 Changelog
 =============
 
+0.4.5
+------------
+
+-  node.write and node.append now not using echo for writing files on the server anymore.
+   this solves problems with binary files and files including backticks (`)
+-  adds pacemaker recipe, for basic setup and configuration of corosync/pacemaker
+-  adds sudoers recipe for maintaining your sudoers rules
+-  postgres recipe now checks if zabbix is installed, and if so configures the node for monitoring
+
+
 0.4.4
 ------------
 

data/lib/dust/recipes/duplicity.rb

@@ -34,9 +34,9 @@ class Duplicity < Recipe
       # add hostkey to known_hosts
       if config['hostkey']
         ::Dust.print_msg 'checking if ssh key is in known_hosts'
-        unless ::Dust.print_result @node.exec("grep -q '#{config['hostkey']}' ~/.ssh/known_hosts")[:exit_code] == 0
-          @node.mkdir '~/.ssh', :indent => 2
-          @node.append '~/.ssh/known_hosts', config['hostkey'], :indent => 2
+        unless ::Dust.print_result @node.exec("grep -q '#{config['hostkey']}' /root/.ssh/known_hosts")[:exit_code] == 0
+          @node.mkdir '/root/.ssh', :indent => 2
+          @node.append '/root/.ssh/known_hosts', config['hostkey'], :indent => 2
         end
       end
 

data/lib/dust/recipes/pacemaker.rb

@@ -0,0 +1,35 @@
+require 'base64'
+
+class Pacemaker < Recipe
+  
+  desc 'pacemaker:deploy', 'installs and configures corosync/pacemaker'
+  def deploy 
+    # this recipe is only tested with ubuntu
+    return unless @node.uses_apt?
+    return unless @node.install_package 'pacemaker'
+
+    # return if no authkey is given
+    unless @config['authkey']
+      return ::Dust.print_failed 'no authkey given. generate it using "corosync-keygen" ' +
+                                 'and convert it to base64 using "base64 -w0 /etc/corosync/authkey"'
+    end
+
+    @node.collect_facts
+    
+    # set defaults
+    @config['interface'] ||= 'eth0'
+    @config['mcastaddr'] ||= '226.13.37.1'
+    @config['mcastport'] ||= 5405
+
+    # set bindnetaddr to the ip address of @config['interface']
+    # unless it is specified manually in node config
+    @config['bindnetaddr'] ||= @node["ipaddress_#{@config['interface']}"]
+
+    # decode base64 authkey
+    @node.write '/etc/corosync/authkey', Base64.decode64(@config['authkey'])
+    @node.deploy_file "#{@template_path}/corosync.conf", '/etc/corosync/corosync.conf', :binding => binding
+    
+    # not restarting automatically, because it provokes switching of ha services
+    #@node.restart_service 'corosync' if @options.restart
+  end
+end

data/lib/dust/recipes/postgres.rb

@@ -2,7 +2,26 @@ class Postgres < Recipe
   desc 'postgres:deploy', 'installs and configures postgresql database'
   def deploy
     return ::Dust.print_failed 'no version specified' unless @config['version']
-
+    return ::Dust.print_failed 'os not supported' unless default_config
+    
+    deploy_config
+    deploy_recovery
+    deploy_certificates
+    configure_sysctl
+    
+    deploy_pacemaker_script if @node.package_installed? 'pacemaker'
+    configure_for_zabbix if zabbix_installed?
+    
+    # reload/restart postgres if command line option is given
+    @node.restart_service @config['service-name'] if options.restart?
+    @node.reload_service @config['service-name'] if options.reload?
+  end
+    
+  
+  private
+  
+  # set default variables and make sure postgres is installed
+  def default_config
     if @node.uses_emerge?
       return unless @node.package_installed? 'postgresql-server'
       @config['data-dir'] ||= "/var/lib/postgresql/#{@config['version']}/data"
@@ -18,10 +37,12 @@ class Postgres < Recipe
       @config['service-name'] ||= 'postgresql'
 
     else
-      return 'os not supported'
+      return ::Dust.print_failed 'os not supported yet'
     end
+  end
 
-
+  # deploy standard postgres config
+  def deploy_config
     @node.deploy_file "#{@template_path}/postgresql.conf", "#{@config['conf-dir']}/postgresql.conf", :binding => binding
     @node.deploy_file "#{@template_path}/pg_hba.conf", "#{@config['conf-dir']}/pg_hba.conf", :binding => binding
     @node.deploy_file "#{@template_path}/pg_ident.conf", "#{@config['conf-dir']}/pg_ident.conf", :binding => binding
@@ -29,22 +50,20 @@ class Postgres < Recipe
     @node.chmod '644', "#{@config['conf-dir']}/postgresql.conf"
     @node.chmod '644', "#{@config['conf-dir']}/pg_hba.conf"
     @node.chmod '644', "#{@config['conf-dir']}/pg_ident.conf"
-
-    # deploy pacemaker script
-    if @node.package_installed? 'pacemaker'
-      @node.deploy_file "#{@template_path}/pacemaker.sh", "#{@config['conf-dir']}/pacemaker.sh", :binding => binding
-      @node.chmod '755', "#{@config['conf-dir']}/pacemaker.sh"
-    end
-
-    # copy recovery.conf to either recovery.conf or recovery.done
-    # depending on which file already exists.
+  end
+  
+  # copy recovery.conf to either recovery.conf or recovery.done
+  # depending on which file already exists.
+  def deploy_recovery
     if @node.file_exists? "#{@config['data-dir']}/recovery.conf", :quiet => true
       @node.deploy_file "#{@template_path}/recovery.conf", "#{@config['data-dir']}/recovery.conf", :binding => binding
     else
       @node.deploy_file "#{@template_path}/recovery.conf", "#{@config['data-dir']}/recovery.done", :binding => binding
     end
-
-    # deploy certificates to data-dir
+  end
+    
+  # deploy certificates to data-dir  
+  def deploy_certificates
     @node.deploy_file "#{@template_path}/server.crt", "#{@config['data-dir']}/server.crt", :binding => binding
     @node.deploy_file "#{@template_path}/server.key", "#{@config['data-dir']}/server.key", :binding => binding
 
@@ -55,9 +74,11 @@ class Postgres < Recipe
     @node.mkdir @config['archive-dir']
     @node.chown @config['dbuser'], @config['archive-dir'] if @config['dbuser']
     @node.chmod 'u+Xrw,g-rwx,o-rwx', @config['archive-dir']
+  end
 
-
-    # increase shm memory
+  # increase shm memory  
+  def configure_sysctl
+    
     if @node.uses_apt?
       ::Dust.print_msg "setting postgres sysctl keys\n"
       @node.collect_facts :quiet => true
@@ -83,11 +104,56 @@ class Postgres < Recipe
 
       @node.write "/etc/sysctl.d/30-postgresql-shm.conf", file
     end
-
-    # reload/restart postgres if command line option is given
-    @node.restart_service @config['service-name'] if options.restart?
-    @node.reload_service @config['service-name'] if options.reload?
   end
 
+  def deploy_pacemaker_script
+    @node.deploy_file "#{@template_path}/pacemaker.sh", "#{@config['conf-dir']}/pacemaker.sh", :binding => binding
+    @node.chmod '755', "#{@config['conf-dir']}/pacemaker.sh"
+  end
+  
+  # below this line is unfinished code, not in use yet
+  def zabbix_installed?
+    if @node.uses_emerge?
+      return @node.package_installed? 'zabbix', :quiet => true
+    else
+      return @node.package_installed? 'zabbix-agent', :quiet => true
+    end
+  end
+  
+  # adds zabbix user to postgres group
+  # creates zabbix user in postgres and grant access to postgres database
+  def configure_for_zabbix
+    ::Dust.print_msg "configuring postgres for zabbix monitoring\n"
+    ::Dust.print_msg 'adding zabbix user to postgres group', :indent => 2
+    ::Dust.print_result @node.exec('usermod -a -G postgres zabbix')[:exit_code]
+    
+    if is_master? :indent => 2
+      ::Dust.print_msg 'checking if zabbix user exists in postgres', :indent => 3
+      ret = ::Dust.print_result @node.exec('psql -U postgres -c ' +
+                                           '  "SELECT usename FROM pg_user WHERE usename = \'zabbix\'"' +
+                                           '  postgres |grep -q zabbix')[:exit_code]
+      
+      # if user was not found, create him
+      unless ret
+        ::Dust.print_msg 'create zabbix user in postgres', :indent => 4
+        ::Dust.print_result @node.exec('createuser -U postgres zabbix -RSD')[:exit_code]
+      end
+      
+      ::Dust.print_msg 'GRANT zabbix user access to postgres database', :indent => 3
+      ::Dust.print_result( @node.exec('psql -U postgres -c "GRANT SELECT ON pg_stat_database TO zabbix" postgres')[:exit_code] )
+    end
+  end  
+  
+  # checks if this server is a postgres master
+  def is_master? options = {}
+    ::Dust.print_msg 'checking if this host is the postgres master: ', options
+    if @node.file_exists? "#{@config['data-dir']}/recovery.done", :quiet => true
+      ::Dust.print_ok 'yes', :indent => 0
+      return true
+    else
+      ::Dust.print_ok 'no', :indent => 0
+      return false
+    end
+  end
 end
 

data/lib/dust/recipes/sudoers.rb

@@ -0,0 +1,46 @@
+class Sudoers < Recipe
+  desc 'sudoers:deploy', 'installs email aliases'
+  def deploy 
+    return unless @node.install_package 'sudo'
+    
+    remove_rules
+    
+    @config.each do |name, rule|
+      ::Dust.print_msg "deploying sudo rules '#{name}'\n"
+      
+      # rulename: 'myrule' 
+      if rule.is_a? String
+        file = "#{rule}\n"
+        
+      # rulename: { user: [ user1, user2 ], command: [ cmd1, cmd2 ] }
+      else
+        unless rule['user'] and rule['command']
+          ::Dust.print_failed 'user or command missing', :indent => 2
+          next
+        end
+        
+        file = ''        
+        rule['user'].each do |u|
+          rule['command'].each { |c| file.concat "#{u} #{c}\n" }
+        end
+      end
+      
+      deploy_rule name, file
+    end
+    
+  end
+  
+
+  private
+  
+  def remove_rules
+    @node.rm '/etc/sudoers.d/*'
+  end
+  
+  def deploy_rule name, file
+    @node.write "/etc/sudoers.d/#{name}", file, :indent => 2
+    @node.chmod '0440', "/etc/sudoers.d/#{name}", :indent => 2
+    @node.chown 'root:root', "/etc/sudoers.d/#{name}", :indent => 2    
+  end
+end
+

data/lib/dust/recipes/zabbix_agent.rb

@@ -38,38 +38,4 @@ class ZabbixAgent < Recipe
 
     true
   end
-
-  
-  # below this line is unfinished code, not in use yet
-  
-  # TODO (not yet finished)
-  desc 'zabbix_agent:postgres', 'configure postgres database for zabbix monitoring'
-  def postgres
-    next unless @node.uses_emerge? :quiet=>false
-    next unless @node.package_installed?('postgresql-@node')
-
-    ::Dust.print_msg 'add zabbix system user to postgres group'
-    ::Dust.print_result( @node.exec('usermod -a -G postgres zabbix')[:exit_code] )
-
-    ::Dust.print_msg 'checking if zabbix user exists in postgres'
-    ret = ::Dust.print_result( @node.exec('psql -U postgres -c ' +
-                                       '  "SELECT usename FROM pg_user WHERE usename = \'zabbix\'"' +
-                                       '  postgres |grep -q zabbix')[:exit_code] )
-
-    # if user was not found, create him
-    unless ret
-      ::Dust.print_msg 'create zabbix user in postgres', :indent => 2
-      ::Dust.print_result( @node.exec('createuser -U postgres zabbix -RSD')[:exit_code] )
-    end
-
-    # TODO: only GRANT is this is a master
-    ::Dust.print_msg 'GRANT zabbix user access to postgres database'
-    ::Dust.print_result( @node.exec('psql -U postgres -c "GRANT SELECT ON pg_stat_database TO zabbix" postgres')[:exit_code] )
-
-    # reload postgresql
-    @node.reload_service('postgresql-9.0')
-
-    @node.disconnect
-    puts
-  end
 end

data/lib/dust/server.rb

@@ -3,7 +3,8 @@ require 'net/ssh'
 require 'net/scp'
 require 'net/ssh/proxy/socks5'
 require 'erb'
-  
+require 'tempfile'
+
 module Dust
   class Server
     attr_reader :ssh
@@ -70,37 +71,34 @@ module Dust
     end
  
 
-    def write target, text, options = {}
+    def write destination, content, options = {}
       options = default_options.merge options
-
-      Dust.print_msg "deploying #{File.basename target}", options
-
-      # escape $ signs and \ at the end of line
-      text.gsub! '$','\$'
-      text.gsub! /\\$/, '\\\\\\'
-
-      # note: ` (backticks) somehow cannot be escaped.. don't use them
-      # in bash, use $(cmd) instead of `cmd` as a workaround
-      if exec("cat << EOF > #{target}\n#{text}\nEOF")[:exit_code] != 0
-        Dust.print_failed '', options
-        return false
-      end
-
-      Dust.print_ok '', options
-      restorecon target, options # restore SELinux labels
+      
+      Dust.print_msg "deploying #{File.basename destination}", options
+      
+      f = Tempfile.new 'dust-write'
+      f.print content
+      f.close
+      
+      Dust.print_result scp(f.path, destination, :quiet => true), options
+      f.unlink
     end
 
-    def append target, text, options = {}
+    def append destination, newcontent, options = {}
       options = default_options.merge options
-
-      Dust.print_msg "appending to #{File.basename target}", options
-      Dust.print_result exec("cat << EOF >> #{target}\n#{text}\nEOF")[:exit_code], options
+      
+      Dust.print_msg "appending to #{File.basename destination}", options
+      
+      content = exec("cat #{destination}")[:stdout]
+      content.concat newcontent
+      
+      Dust.print_result write(destination, content, :quiet => true), options      
     end
  
     def scp source, destination, options = {}
       options = default_options.merge options
 
-      Dust.print_msg "deploying #{File.basename(source)}", options
+      Dust.print_msg "deploying #{File.basename source}", options
       @ssh.scp.upload! source, destination
       Dust.print_ok '', options
       restorecon destination, options # restore SELinux labels
@@ -109,7 +107,7 @@ module Dust
     def symlink source, destination, options = {}
       options = default_options.merge options
 
-      Dust.print_msg "symlinking #{File.basename(source)} to '#{destination}'", options
+      Dust.print_msg "symlinking #{File.basename source} to '#{destination}'", options
       Dust.print_result exec("ln -s #{source} #{destination}")[:exit_code], options
       restorecon destination, options # restore SELinux labels
     end
@@ -117,14 +115,14 @@ module Dust
     def chmod mode, file, options = {}
       options = default_options.merge options
 
-      Dust.print_msg "setting mode of #{File.basename(file)} to #{mode}", options
+      Dust.print_msg "setting mode of #{File.basename file} to #{mode}", options
       Dust.print_result exec("chmod -R #{mode} #{file}")[:exit_code], options
     end
 
     def chown user, file, options = {}
       options = default_options.merge options
 
-      Dust.print_msg "setting owner of #{File.basename(file)} to #{user}", options
+      Dust.print_msg "setting owner of #{File.basename file} to #{user}", options
       Dust.print_result exec("chown -R #{user} #{file}")[:exit_code], options
     end
 
@@ -150,7 +148,6 @@ module Dust
     def restorecon path, options = {}
       options = default_options.merge options
 
-
       # if restorecon is not installed, just return true
       ret = exec 'which restorecon'
       return true unless ret[:exit_code] == 0

data/lib/dust/version.rb

@@ -1,3 +1,3 @@
 module Dust
-  VERSION = "0.4.4"
+  VERSION = "0.4.5"
 end

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 4
-  - 4
-  version: 0.4.4
+  - 5
+  version: 0.4.5
 platform: ruby
 authors: 
 - kris kechagia
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-01-20 00:00:00 +01:00
+date: 2012-01-23 00:00:00 +01:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -138,6 +138,7 @@ files:
 - lib/dust/recipes/mysql.rb
 - lib/dust/recipes/newrelic.rb
 - lib/dust/recipes/nginx.rb
+- lib/dust/recipes/pacemaker.rb
 - lib/dust/recipes/packages.rb
 - lib/dust/recipes/postgres.rb
 - lib/dust/recipes/rc_local.rb
@@ -146,6 +147,7 @@ files:
 - lib/dust/recipes/resolv_conf.rb
 - lib/dust/recipes/ssh_authorized_keys.rb
 - lib/dust/recipes/sshd.rb
+- lib/dust/recipes/sudoers.rb
 - lib/dust/recipes/unattended_upgrades.rb
 - lib/dust/recipes/zabbix_agent.rb
 - lib/dust/server.rb