escli 1.0.0

data/lib/canzea/core/registry.rb

@@ -0,0 +1,191 @@
+require 'net/http'
+require 'json'
+require 'base64'
+require 'openssl'
+
+class Registry
+   def getKeyValues (root)
+        uri = URI.parse(ENV["CONSUL_URL"] + "/v1/kv/#{root}?recurse=true")
+        http = prepareHttp(uri)
+
+        request = Net::HTTP::Get.new(uri.request_uri)
+        resp = http.request(request)
+
+        if ( Integer(resp.code) != 200 )
+            puts "-- KEY VALUE NOT FOUND! " + root
+            abort("Problem reading registry, response code #{resp.code}")
+        else
+            response = []
+            result = JSON.parse(resp.body)
+            result.each() do |item|
+              response.push({item["Key"] => Base64.decode64(item["Value"])})
+            end
+            return JSON.generate(response)
+        end
+   end
+
+   def getKeyValue (key)
+
+        uri = URI.parse(ENV["CONSUL_URL"] + "/v1/kv/#{key}")
+        http = prepareHttp(uri)
+
+        request = Net::HTTP::Get.new(uri.request_uri)
+        resp = http.request(request)
+
+        if Integer(resp.code) != 200
+            puts "-- KEY VALUE NOT FOUND! " + key
+            abort("Problem reading registry, response code #{resp.code}")
+        end
+
+        result = JSON.parse(resp.body)
+        return Base64.decode64(result[0]["Value"])
+   end
+
+   def setKeyValue (root, key, value)
+
+        uri = URI.parse(ENV["CONSUL_URL"] + "/v1/kv/#{root}/#{key}")
+        http = prepareHttp(uri)
+
+        request = Net::HTTP::Put.new(uri.request_uri)
+        request.body = "#{value}";
+        resp = http.request(request)
+
+        if Integer(resp.code) != 200
+            puts "-- KEY VALUE NOT SAVED! #{root} #{key}"
+            abort("Problem adding to registry, response code #{resp.code}")
+        end
+   end
+
+   def exists (key)
+        uri = URI.parse(ENV["CONSUL_URL"] + "/v1/kv/#{key}")
+        http = prepareHttp(uri)
+
+        request = Net::HTTP::Get.new(uri.request_uri)
+        resp = http.request(request)
+
+        if Integer(resp.code) == 200
+            return true
+        else
+            return false
+        end
+   end
+
+   def deleteDirectory (root)
+        uri = URI.parse(ENV["CONSUL_URL"] + "/v1/kv/#{root}?recurse=true")
+        http = prepareHttp(uri)
+
+        request = Net::HTTP::Delete.new(uri.request_uri)
+        resp = http.request(request)
+
+        if Integer(resp.code) != 200
+            puts "-- KEY NOT DELETED! " + root
+            abort("Response code #{resp.code}")
+        end
+   end
+
+   def registerDirectory (root)
+        uri = URI.parse(ENV["CONSUL_URL"] + "/v1/kv/#{root}?dir=true")
+        http = prepareHttp(uri)
+
+        request = Net::HTTP::Put.new(uri.request_uri)
+        resp = http.request(request)
+
+        if Integer(resp.code) > 202
+            puts "-- KEY DIRECTORY NOT SAVED! #{root}"
+            abort("Problem adding to registry, response code #{resp.code}")
+        end
+   end
+
+   def register (root, key, value)
+        setKeyValue root, key, value
+   end
+
+   def getSecret (key)
+
+        uri = URI.parse(ENV["VAULT_URL"] + "/v1/secret/#{key}")
+        http = prepareHttpForVault(uri)
+
+        request = Net::HTTP::Get.new(uri.request_uri)
+        request['X-Vault-Token'] = ENV["VAULT_TOKEN"]
+        resp = http.request(request)
+
+        if Integer(resp.code) != 200
+            puts "-- UNABLE TO GET SECRET! #{key}"
+            abort("Problem getting secret from vault, response code #{resp.code}")
+        end
+        return JSON.parse(resp.body)['data']
+   end
+
+   def setVaultRecord (key, value)
+
+        uri = URI.parse(ENV["VAULT_URL"] + "/v1/#{key}")
+        http = prepareHttpForVault(uri)
+
+        request = Net::HTTP::Put.new(uri.request_uri)
+        request['Content-Type'] = 'application/json'
+        request['X-Vault-Token'] = ENV["VAULT_TOKEN"]
+        request.body = "#{value}";
+        resp = http.request(request)
+
+        if Integer(resp.code) != 204
+            puts "-- VAULT RECORD NOT SAVED! #{key}"
+            abort("Problem adding to vault, response code #{resp.code}")
+        end
+   end
+
+   def setSecret (key, value)
+
+        uri = URI.parse(ENV["VAULT_URL"] + "/v1/secret/#{key}")
+        http = prepareHttpForVault(uri)
+
+        request = Net::HTTP::Put.new(uri.request_uri)
+        request['Content-Type'] = 'application/json'
+        request['X-Vault-Token'] = ENV["VAULT_TOKEN"]
+        request.body = "#{value}";
+        resp = http.request(request)
+
+        if Integer(resp.code) != 204
+            puts "-- SECRET NOT SAVED! #{key}"
+            abort("Problem adding to vault, response code #{resp.code}")
+        end
+   end
+
+    def prepareHttp (uri)
+        http = Net::HTTP.new(uri.host, uri.port)
+
+        if (Canzea::config[:consul_tls])
+            pemCert = File.read(Canzea::config[:consul_tls_cert_file])
+            pemKey = File.read(Canzea::config[:consul_tls_key_file])
+
+            http.use_ssl = true
+            http.ca_file = Canzea::config[:consul_tls_ca_file]
+            http.cert = OpenSSL::X509::Certificate.new(pemCert)
+            http.key = OpenSSL::PKey::RSA.new(pemKey)
+            http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+            # http.set_debug_output($stdout)
+            http.ssl_version = :SSLv23
+        end
+
+        return http
+    end
+
+    def prepareHttpForVault (uri)
+        http = Net::HTTP.new(uri.host, uri.port)
+
+        if (Canzea::config[:consul_tls])
+            pemCert = File.read(Canzea::config[:vault_tls_cert_file])
+            pemKey = File.read(Canzea::config[:vault_tls_key_file])
+
+            http.use_ssl = true
+            http.ca_file = Canzea::config[:consul_tls_ca_file]
+            http.cert = OpenSSL::X509::Certificate.new(pemCert)
+            http.key = OpenSSL::PKey::RSA.new(pemKey)
+            http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+            # http.set_debug_output($stdout)
+            http.ssl_version = :SSLv23
+        end
+
+        return http
+    end
+
+end

data/lib/canzea/core/ssh-base-cmd-class.rb

@@ -0,0 +1,103 @@
+# canzea --role=operatingsystem --solution=centos --remote --hostname=192.34.56.119 --privateKey=/var/go/.ssh/id_rsa_digitalocean
+
+require 'net/ssh'
+require 'net/sftp'
+require 'json'
+require 'openssl'
+require 'base64'
+
+class RemoteCall
+    def initialize ()
+        @log = Logger.new(Canzea::config[:logging_root] + '/plans.log')
+    end
+
+    def exec (hostname, privateKey, cmd, ref = "")
+
+        @username = "root"
+
+        @log.info("    R [#{ref}] COMMAND: #{cmd}")
+
+        begin
+            Net::SSH.start(hostname, @username, :paranoid => false, :keys => [privateKey]) do |ssh|
+
+                chan = ssh.open_channel do |channel|
+                    channel.request_pty
+                    channel.env("DIGITAL_OCEAN_API_KEY", ENV['DIGITAL_OCEAN_API_KEY'])
+                    channel.env("VAULT_TOKEN", ENV['VAULT_TOKEN'])
+                    channel.env("CONSUL_URL", ENV['CONSUL_URL'])
+                    channel.env("WORK_DIR", ENV['WORK_DIR'])
+                    channel.env("ES_REF", ref)
+                    channel.exec(cmd) do |ch, success|
+                        abort "could not execute command" unless success
+
+                        channel.on_data do |ch, data|
+                          puts data
+
+                          data.sub(/\n/, '').scan(/.{1,80}/).each do | line |
+                              @log.info("    R [#{ref}]  STDOUT: #{line}")
+                          end
+                        end
+
+                        channel.on_request("exit-status") do |ch, data|
+                            exit_code = data.read_long
+                            @log.info("    R [#{ref}] Exit status: #{exit_code}")
+                            if (exit_code == 0)
+                            else
+                                abort()
+                            end
+                        end
+
+                        channel.on_close do |ch|
+                        end
+                    end
+                end
+                chan.wait
+            end
+        rescue
+            @log.info("    R ABORTED!")
+            raise
+        end
+    end
+
+    def encrypt (contents, publicKey)
+        pubkey_pem = File.read publicKey
+        key = OpenSSL::PKey::RSA.new pubkey_pem
+        output = Base64.urlsafe_encode64 key.public_encrypt contents
+        puts output
+    end
+
+    def decrypt (contents, privateKey)
+        privkey_pem = File.read privateKey
+        key = OpenSSL::PKey::RSA.new privkey_pem
+        output = key.private_decrypt Base64.urlsafe_decode64 contents
+        puts output
+    end
+
+    # Secure copy - use the public key to encrypt the contents before sent across
+    #
+    def put (hostname, privateKey, localFile, remoteFile = nil)
+
+        @username = "root"
+
+        puts "Uploading #{localFile} to #{remoteFile}"
+        @log.info("    R : Uploading to #{hostname}")
+        @log.info("    R : Uploading #{localFile} to #{remoteFile}")
+        Net::SSH.start(hostname, @username, :paranoid => false, :keys => [privateKey]) do |ssh|
+            ssh.sftp.upload!(localFile, remoteFile)
+        end
+    end
+
+    def get (hostname, privateKey, remoteFile, localFile = nil)
+
+        @username = "root"
+
+        @log.info("    R : Getting from #{hostname}")
+        @log.info("    R : Getting file #{remoteFile}")
+
+        Net::SSH.start(hostname, @username, :paranoid => false, :keys => [privateKey]) do |ssh|
+            ssh.sftp.download!(remoteFile, localFile)
+        end
+        @log.info("    R : Saved to #{localFile}")
+    end
+
+end

data/lib/canzea/core/template-runner.rb

@@ -0,0 +1,41 @@
+require 'json'
+require 'mustache'
+
+
+module ViewHelpers
+  # {{#tf_name}}name{{/tf_name}}
+  def tf_name(name)
+    self[name].sub '.', '-'
+  end
+end
+
+class Template < Mustache
+  include ViewHelpers
+
+  def processAndWriteToFile (template, output, parameters)
+     contents = process template, parameters
+     File.write(output, contents)
+  end
+
+  def process (template, parameters)
+     self.template_file = template
+     ENV.each_pair do |k, v|
+       self[k] = v
+     end
+     parameters.each_pair do |k, v|
+       self[k] = v
+     end
+     return self.render
+  end
+
+  def processString (string, parameters)
+     self.template = string
+     ENV.each_pair do |k, v|
+       self[k] = v
+     end
+     parameters.each_pair do |k, v|
+       self[k] = v
+     end
+     return self.render
+  end
+end

data/lib/canzea/core/trace-component.rb

@@ -0,0 +1,171 @@
+require 'json'
+require 'open3'
+require 'stringio'
+require 'logger'
+require 'canzea/core/audit'
+
+
+def time_diff_milli(start, finish)
+   (finish - start) * 1000.0
+end
+
+def handleIO(stillOpen, ioArray, io, log)
+  if ioArray.include?(io)
+    begin
+      log.write(io.readpartial(4096))
+    rescue EOFError
+      stillOpen.delete_if{|s| s == io}
+    end
+  end
+end
+
+class ManagedError < StandardError
+end
+
+class Worker
+    @test = false
+
+    def initialize ()
+        @log = Logger.new(Canzea::config[:logging_root] + '/plans.log')
+    end
+
+    def test (t)
+        @test = t
+    end
+
+    def find(command, list = [])
+        audit = Audit.new false
+
+        @log.info("     FIND: " + command)
+
+        File.foreach(command) { |l|
+            if ( l.start_with?('## ') )
+                @log.info "#{lines + 1} Label: " + l
+            elsif ( l.start_with?('#') )
+            elsif ( /\S/ !~ l )
+            elsif ( l.chomp.end_with?(".sh") && !l.chomp.end_with?(".atomic.sh") && !l.include?("cp ") && !l.include?("chmod") )
+                @log.info("     [#{ref}] RECURSE: " + l)
+
+                workingDir = "#{Pathname.new(Canzea::config[:catalog_location]).realpath}"
+
+                Dir.chdir(workingDir) {
+
+                    newCommand = "#{Pathname.new(l.chomp).realpath}"
+
+                    lines = find newCommand, list
+                }
+            else
+                list.push l
+            end
+        }
+        return list
+    end
+
+    def run(command, start, lines, statusIndicator = false, ref = "" )
+        audit = Audit.new false
+
+        @log.info("     [#{ref}] HANDLING: " + command)
+
+        File.foreach(command) { |l|
+            if ( l.start_with?('## ') )
+                @log.info "#{lines + 1} Label: " + l
+            elsif ( l.start_with?('#') )
+            elsif ( /\S/ !~ l )
+            elsif ( l.chomp.end_with?(".sh") && !l.chomp.end_with?(".atomic.sh") && !l.include?("cp ") && !l.include?("chmod") )
+                @log.info("     [#{ref}] RECURSE: " + l)
+
+                workingDir = "#{Pathname.new(Canzea::config[:catalog_location]).realpath}"
+
+                Dir.chdir(workingDir){
+
+                    newCommand = "#{Pathname.new(l.chomp).realpath}"
+
+                    lines = run newCommand, start, lines
+                }
+            else
+
+                if ( (lines + 1) < start )
+                    @log.info("     [#{ref}] Skipping : #{lines + 1} #{l}")
+                    lines += 1
+                    next
+                end
+
+
+                audit.start( "#{lines + 1 }", l.chomp)
+
+                @log.info("     [#{ref}] #{(lines + 1).to_s.rjust(2, "0")} : " + l)
+
+                if @test == false
+                    t1 = Time.now
+
+                    begin
+                        workingDir = "#{Pathname.new(Canzea::config[:catalog_location]).realpath}"
+
+                        puts "-- Executing [#{workingDir}] #{l}"
+                        Dir.chdir(workingDir){
+                            Open3.popen3(l) {|stdin, stdout, stderr, wait_thr|
+                              pid = wait_thr.pid # pid of the started process.
+
+                              log_w = StringIO.new
+
+                              stillOpen = [stdout, stderr]
+                              while !stillOpen.empty?
+                                fhs = select(stillOpen, nil, nil, nil)
+                                handleIO(stillOpen, fhs[0], stdout, log_w)
+                                handleIO(stillOpen, fhs[0], stderr, log_w)
+                              end
+
+                              exit_status = wait_thr.value # wait for it to finish
+
+                              log_w.close_write
+
+                              output = log_w.string
+
+                              begin
+                                  output.split(/\n/).each do | line |
+                                      puts "-- #{line}"
+                                  end
+                              rescue => exception
+                                  puts "-- WARNING : Unable to parse output, exception: #{exception.to_s}"
+                              end
+
+                              puts "-- Exit Status = #{exit_status}"
+
+                              @log.info("STDOUT #{output}")
+
+                              @log.info("Exit Status = #{exit_status}")
+
+                              # if exit status is failure then exit right away
+
+                              t2 = Time.now
+
+                              msecs = time_diff_milli t1, t2
+
+                              audit.complete("#{lines + 1}", l.chomp, exit_status.exitstatus, msecs, output)
+
+                              if (statusIndicator)
+                                  audit.status("#{lines + 1}", l.chomp, exit_status.exitstatus, msecs, output)
+                              end
+
+                              if exit_status.exitstatus != 0
+                                abort()
+                              end
+                            }
+                        }
+                    rescue => exception
+                        msecs = time_diff_milli t1, Time.now
+                        audit.complete("#{lines + 1}", l.chomp, "-1", msecs, exception.to_s)
+                        raise
+                    end
+                else
+                    puts "-- TEST [#{lines + 1}] FOUND: " + l
+                end
+
+            end
+
+            lines += 1
+        }
+        return lines
+
+    end
+end