dust-deploy 0.6.2 → 0.7.0

data/changelog.md

@@ -1,6 +1,27 @@
 Changelog
 =============
 
+0.7.0
+------------
+
+-  adds sudo support, you can now connect using an unpriviledged user. needs sudo rights, e.g.: 
+   <username> ALL=(ALL) ALL
+
+    hostname: myhost
+    port: 22
+    user: myuser
+    password: mypass # not needed when connecting using ssh keys
+    sudo: true
+
+
+-  adds status command to most recipes (you can now watch the status of current recipes/daemons with 'dust status'
+-  node.restart/reload now tries systemd, upstart, sysvconfig and then uses initscript as fallback
+-  node.autostart_service now uses systemd on rpm systems (if available), falls back to chkconfig
+-  adds node.print_service_status method, used to retrieve daemon status
+-  adds new ::Dust.print_ret method, used to print stderr/stdout from node.exec in different colors 
+-  mysql recipe now defaults to 0.7 of system ram for innodb buffer size, because 0.8 sometimes lead to oom situations
+
+
 0.6.2
 ------------
 
@@ -11,6 +32,7 @@ Changelog
         port: 6379
         daemonize: yes
 
+-  the redis recipe also supports the 'status' command
 -  fixes hash_check recipe, now works with centos-like machines as well
 -  improves mysql recipe: now sets shm sysctls as well (like the postgresql recipe does)
 -  small improvements to automatic innodb tuning

data/lib/dust/print_status.rb

@@ -50,6 +50,15 @@ module Dust
     print_msg "#{green}|#{recipe}|#{none}\n", options
   end
 
+  # prints stdout in grey and stderr in red (if existend)
+  def self.print_ret ret, options={:quiet => false, :indent => -1}
+    opts = options.clone
+
+    opts[:indent] += 1
+    print_msg "#{grey}#{ret[:stdout].chomp}#{none}\n", opts unless ret[:stdout].empty?
+    print_msg "#{red}#{ret[:stderr].chomp}#{none}\n", opts unless ret[:stderr].empty?
+  end
+
   # indent according to options[:indent]
   # indent 0
   #  - indent 1

data/lib/dust/recipes/aliases.rb

@@ -8,5 +8,13 @@ class Aliases < Recipe
     ::Dust.print_msg 'running newaliases'
     ::Dust.print_result @node.exec('newaliases')[:exit_code]
   end
+  
+  desc 'aliases:status', 'shows current aliases'
+  def status
+    ::Dust.print_msg 'getting /etc/aliases'
+    ret = @node.exec 'cat /etc/aliases'
+    ::Dust.print_result ret[:exit_code]
+    ::Dust.print_ret ret
+  end
 end
 

data/lib/dust/recipes/cups_client.rb

@@ -9,6 +9,13 @@ class CupsClient < Recipe
     @node.write '/etc/cups/client.conf', "ServerName #{@config}\n"
   end
   
+  desc 'cups_client:status', 'shows current /etc/cups/client.conf'
+  def status
+    ::Dust.print_msg 'getting /etc/cups/client.conf'
+    ret = @node.exec 'cat /etc/cups/client.conf'
+    ::Dust.print_result ret[:exit_code]
+    ::Dust.print_ret ret
+  end
   
   private
   

data/lib/dust/recipes/etc_hosts.rb

@@ -9,5 +9,13 @@ class EtcHosts < Recipe
       @node.restart_service @config
     end
   end
+
+  desc 'etc_hosts:status', 'shows current /etc/hosts'
+  def status
+    ::Dust.print_msg 'getting /etc/hosts'
+    ret = @node.exec 'cat /etc/hosts'
+    ::Dust.print_result ret[:exit_code]
+    ::Dust.print_ret ret
+  end
 end
 

data/lib/dust/recipes/hash_check.rb

@@ -6,8 +6,8 @@ class HashCheck < Recipe
     keys = [ '*', '!', '!!', '', 'LK', 'NP' ]
 
     weak_passwords = File.open "#{@template_path}/weak_passwords", 'r'
-    shadow = @node.exec('cat /etc/shadow')[:stdout]
 
+    shadow = @node.exec('getent shadow')[:stdout]
     ::Dust.print_msg "checking for weak password hashes\n"
 
     found_weak = false

data/lib/dust/recipes/iptables.rb

@@ -37,13 +37,21 @@ class Iptables < Recipe
     end
   end
 
+  desc 'iptables:status', 'displays iptables rules'
+  def status
+    ::Dust.print_ok 'displaying iptables rules (ipv4)'
+    ::Dust.print_msg @node.exec('iptables -L -v -n')[:stdout], :indent => 0
+    puts
+    ::Dust.print_ok 'displaying iptables rules (ipv6)'
+    ::Dust.print_msg @node.exec('ip6tables -L -v -n')[:stdout], :indent => 0
+  end
 
   private
 
   # install iptables
   def install
     return false unless @node.install_package 'iptables'
-    return false unless @node.install_package 'iptables-ipv6' if @node.uses_rpm?
+    return false unless @node.install_package 'iptables-ipv6' if @node.uses_rpm? and not @node.is_fedora?
     true
   end
   

data/lib/dust/recipes/locale.rb

@@ -17,5 +17,21 @@ class Locale < Recipe
       ::Dust.print_failed 'os not supported'
     end
   end
+  
+  desc 'locale:status', 'shows current locale'
+  def status
+    ::Dust.print_msg 'getting current locale'
+
+    if @node.uses_apt?
+      ret = @node.exec 'cat /etc/default/locale'
+    elsif @node.uses_rpm?
+      ret = @node.exec 'cat /etc/sysconfig/i18n'
+    else
+      return ::Dust.print_failed
+    end
+    
+    ::Dust.print_result ret[:exit_code]
+    ::Dust.print_ret ret
+  end  
 end
 

data/lib/dust/recipes/motd.rb

@@ -3,4 +3,12 @@ class Motd < Recipe
   def deploy    
     @node.deploy_file "#{@template_path}/motd", '/etc/motd', :binding => binding
   end
+  
+  desc 'motd:status', 'shows current message of the day'
+  def status
+    ::Dust.print_msg 'getting /etc/motd'
+    ret = @node.exec 'cat /etc/motd'
+    ::Dust.print_result ret[:exit_code]
+    ::Dust.print_ret ret
+  end  
 end

data/lib/dust/recipes/mysql.rb

@@ -21,6 +21,12 @@ class Mysql < Recipe
     @node.reload_service 'mysql' if options.reload?
   end
   
+  desc 'mysql:status', 'displays status of the mysql daemon'
+  def status
+    return unless @node.package_installed? 'mysql-server'
+    @node.print_service_status 'mysql'
+  end
+
   
   private
   
@@ -82,7 +88,7 @@ class Mysql < Recipe
       system_mem = ::Dust.convert_size @node['memorysize']
   
       # allocate 80% of the available ram to mysql
-      buffer_pool = (system_mem * 0.8).to_i
+      buffer_pool = (system_mem * 0.7).to_i
       
       ::Dust.print_ok
       "#{buffer_pool / 1024}M"

data/lib/dust/recipes/nginx.rb

@@ -2,9 +2,9 @@ class Nginx < Recipe
   desc 'nginx:deploy', 'installs and configures nginx web server'
   def deploy
     # abort if nginx cannot be installed
-    return unless @node.install_package('nginx')
+    return unless @node.install_package 'nginx'
 
-    @node.scp("#{@template_path}/nginx.conf", '/etc/nginx/nginx.conf')
+    @node.scp "#{@template_path}/nginx.conf", '/etc/nginx/nginx.conf'
 
     # remove old sites that may be present
     ::Dust.print_msg 'deleting old sites in /etc/nginx/sites-*'
@@ -31,5 +31,11 @@ class Nginx < Recipe
       ::Dust.print_failed
     end
   end
+  
+  desc 'nginx:status', 'displays nginx status'
+  def status
+    return unless @node.package_installed? 'nginx'
+    @node.print_service_status 'nginx'
+  end  
 end
 

data/lib/dust/recipes/pacemaker.rb

@@ -32,4 +32,12 @@ class Pacemaker < Recipe
     # not restarting automatically, because it provokes switching of ha services
     #@node.restart_service 'corosync' if @options.restart
   end
+  
+  desc 'pacemaker:status', 'shows status of pacemaker/corosync cluster'
+  def status
+    ::Dust.print_msg 'running crm_mon'
+    ret = @node.exec 'crm_mon -1'
+    ::Dust.print_result ret[:exit_code]
+    ::Dust.print_ret ret
+  end 
 end

data/lib/dust/recipes/postgres.rb

@@ -22,7 +22,13 @@ class Postgres < Recipe
     @node.restart_service @config['service_name'] if options.restart?
     @node.reload_service @config['service_name'] if options.reload?
   end
-    
+
+  desc 'postgres:status', 'displays status of postgres cluster'
+  def status
+    return unless @node.package_installed? [ 'postgresql-server', "postgresql-#{@config['version']}" ]
+    set_default_directories
+    @node.print_service_status @config['service_name']
+  end
   
   private
   

data/lib/dust/recipes/rc_local.rb

@@ -20,5 +20,13 @@ class RcLocal < Recipe
       ::Dust.print_failed 'os not supported'
     end
   end
+  
+  desc 'rc_local:status', 'shows current /etc/rc.local'
+  def status
+    ::Dust.print_msg 'getting /etc/rc.local'
+    ret = @node.exec 'cat /etc/rc.local'
+    ::Dust.print_result ret[:exit_code]
+    ::Dust.print_ret ret
+  end
 end
 

data/lib/dust/recipes/redis.rb

@@ -10,7 +10,11 @@ class Redis < Recipe
   desc 'redis:status', 'displays redis-cli info'
   def status
     return false unless @node.package_installed? 'redis-server'
-    puts @node.exec('redis-cli info')[:stdout]
+    ::Dust.print_msg 'running "redis-cli info"'
+    ret = @node.exec 'redis-cli info'
+    ::Dust.print_result ret[:exit_code]
+
+    ::Dust.print_msg ret[:stdout], :indent => 0 unless ret[:stdout].empty?
   end
   
   
@@ -88,4 +92,4 @@ class Redis < Recipe
       ::Dust.print_warning 'sysctl configuration not supported for your os'
     end
   end
-end
+end

data/lib/dust/recipes/resolv_conf.rb

@@ -38,5 +38,13 @@ class ResolvConf < Recipe
  
     @node.write '/etc/resolv.conf', config_file
   end
+  
+  desc 'resolv_conf:status', 'shows current /etc/resolv.conf'
+  def status
+    ::Dust.print_msg 'getting /etc/resolv.conf'
+    ret = @node.exec 'cat /etc/resolv.conf'
+    ::Dust.print_result ret[:exit_code]
+    ::Dust.print_ret ret
+  end  
 end
 

data/lib/dust/recipes/zabbix_agent.rb

@@ -13,6 +13,14 @@ class ZabbixAgent < Recipe
     @node.restart_service daemon if options.restart?
   end
 
+  desc 'zabbix_agent:status', 'displays status of the zabbix agent'
+  def status
+    daemon = @node.uses_emerge? ? 'zabbix-agentd' : 'zabbix-agent'
+    return unless @node.package_installed? daemon
+    @node.print_service_status  daemon
+  end
+  
+  
   private
   # installs zabbix and its dependencies
   def install_zabbix

data/lib/dust/server.rb

@@ -18,6 +18,7 @@ module Dust
       @node['user'] ||= 'root'
       @node['port'] ||= 22
       @node['password'] ||= ''
+      @node['sudo'] ||= false
     end
 
     def connect 
@@ -50,15 +51,36 @@ module Dust
     end
   
     def exec command
+      sudo_authenticated = false
       stdout = ''
       stderr = ''
       exit_code = nil
       exit_signal = nil
-  
+
       @ssh.open_channel do |channel|
+        
+        # request a terminal (sudo needs it)
+        # and prepend "sudo"
+        if @node['sudo']          
+          channel.request_pty
+          command = "sudo #{command}"
+        end
+        
         channel.exec command do |ch, success|
           abort "FAILED: couldn't execute command (ssh.channel.exec)" unless success
-          channel.on_data { |ch, data| stdout += data }
+          
+          channel.on_data do |ch, data|
+            # only send password if sudo mode is enabled,
+            # sudo password string matches
+            # and only send password once in a session (trying to prevent attacks reading out the password)
+            if @node['sudo'] and data =~ /^\[sudo\] password for #{@node['user']}/ and not sudo_authenticated
+              channel.send_data "#{@node['password']}\n"
+              sudo_authenticated = true
+            else
+              stdout += data
+            end            
+          end
+
           channel.on_extended_data { |ch, type, data| stderr += data }
           channel.on_request('exit-status') { |ch, data| exit_code = data.read_long }
           channel.on_request('exit-signal') { |ch, data| exit_signal = data.read_long }
@@ -66,10 +88,12 @@ module Dust
       end
   
       @ssh.loop
-  
+
+      # sudo usage provokes a heading newline that's unwanted.
+      stdout.sub! /^(\r\n|\n|\r)/, '' if @node['sudo'] 
+
       { :stdout => stdout, :stderr => stderr, :exit_code => exit_code, :exit_signal => exit_signal }
     end
- 
 
     def write destination, content, options = {}
       options = default_options.merge options
@@ -101,8 +125,29 @@ module Dust
       options = default_options.merge options
 
       Dust.print_msg "deploying #{File.basename source}", options
-      @ssh.scp.upload! source, destination
-      Dust.print_ok '', options
+
+      # if in sudo mode, copy file to temporary place, then move using sudo
+      if @node['sudo'] 
+        ret = exec 'mktemp --tmpdir dust.XXXXXXXXXX' 
+        if ret[:exit_code] != 0
+          ::Dust.print_failed 'could not create temporary file (needed for sudo)'
+          return false
+        end
+
+        tmpfile = ret[:stdout].chomp
+
+        # allow user to write file without sudo (for scp)
+        # then change file back to root, and copy to the destination
+        chown @node['user'], tmpfile, :quiet => true
+        @ssh.scp.upload! source, tmpfile
+        chown 'root', tmpfile, :quiet => true
+        Dust.print_result exec("mv -f #{tmpfile} #{destination}")[:exit_code], options
+
+      else
+        @ssh.scp.upload! source, destination
+        Dust.print_ok '', options
+      end
+
       restorecon destination, options # restore SELinux labels
     end
   
@@ -272,12 +317,8 @@ module Dust
         return false
       end
      
-      Dust.print_result ret[:exit_code], options 
-
-      # display stderr and stdout
-      puts
-      puts "#{Dust.grey}#{ret[:stdout]}#{Dust.none}"
-      puts "#{Dust.red}#{ret[:stderr]}#{Dust.none}"
+      Dust.print_result ret[:exit_code], options
+      Dust.print_ret ret, options
     end
 
     # determining the system packet manager has to be done without facter
@@ -383,29 +424,69 @@ module Dust
       options = default_options.merge options
 
       Dust.print_msg "autostart #{service} on boot", options
+
       if uses_rpm?
-        Dust.print_result exec("chkconfig #{service} on")[:exit_code], options
+        if file_exists? '/bin/systemctl', :quiet => true
+          Dust.print_result exec("systemctl enable #{service}.service")[:exit_code], options
+        else
+          Dust.print_result exec("chkconfig #{service} on")[:exit_code], options
+        end
+
       elsif uses_apt?
         Dust.print_result exec("update-rc.d #{service} defaults")[:exit_code], options
+
       elsif uses_emerge?
         Dust.print_result exec("rc-update add #{service} default")[:exit_code], options
       end
     end
- 
+
+    # invoke 'command' on the service (e.g. @node.service 'postgresql', 'restart') 
+    def service service, command, options = {}
+      options = default_options.merge options
+
+      return ::Dust.print_failed "service: '#{service}' unknown", options unless service.is_a? String
+
+      # try systemd, then upstart, then sysvconfig, then initscript
+      if file_exists? '/bin/systemctl', :quiet => true
+        Dust.print_msg "#{command}ing #{service} (via systemd)", options
+        ret = exec("systemctl #{command} #{service}.service")
+
+      elsif file_exists? "/etc/init/#{service}", :quiet => true
+        Dust.print_msg "#{command}ing #{service} (via upstart)", options
+        ret = exec("#{command} #{service}")
+
+      elsif file_exists? '/sbin/service', :quiet => true or file_exists? '/usr/sbin/service', :quiet => true
+        Dust.print_msg "#{command}ing #{service} (via sysvconfig)", options
+        ret = exec("service #{service} #{command}")
+
+      else
+        Dust.print_msg "#{command}ing #{service} (via initscript)", options
+        ret = exec("/etc/init.d/#{service} #{command}")
+      end
+
+      Dust.print_result ret[:exit_code], options
+      ret
+    end
+
     def restart_service service, options = {}
       options = default_options.merge options
 
-      Dust.print_msg "restarting #{service}", options
-      Dust.print_result exec("/etc/init.d/#{service} restart")[:exit_code], options
+      service service, 'restart', options
     end
-  
+
     def reload_service service, options = {}
       options = default_options.merge options
 
-      Dust.print_msg "reloading #{service}", options
-      Dust.print_result exec("/etc/init.d/#{service} reload")[:exit_code], options
+      service service, 'reload', options
     end
-  
+
+    def print_service_status service, options = {}
+      options = default_options.merge options
+      ret = service service, 'status', options
+      Dust.print_ret ret, options
+      ret
+    end
+
     # check whether a user exists on this node
     def user_exists? user, options = {}
       options = default_options.merge options
@@ -487,7 +568,7 @@ module Dust
     
     
     private
-
+    
     def method_missing method, *args, &block
       # make server nodeibutes accessible via server.nodeibute
       if @node[method.to_s]

data/lib/dust/version.rb

@@ -1,3 +1,3 @@
 module Dust
-  VERSION = "0.6.2"
+  VERSION = "0.7.0"
 end

metadata

@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
   prerelease: false
   segments: 
   - 0
-  - 6
-  - 2
-  version: 0.6.2
+  - 7
+  - 0
+  version: 0.7.0
 platform: ruby
 authors: 
 - kris kechagia
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-02-02 00:00:00 +01:00
+date: 2012-02-08 00:00:00 +01:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency