forj 1.0.11 → 1.0.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5c59dea68c4b93b5a88af774d515d0d5c6aece5a
-  data.tar.gz: ba80c68baec1fada231973d365f7bc3d46cb6306
+  metadata.gz: 998ddeee3c77bd0d8e98530ff7cff93a8fcc984c
+  data.tar.gz: bc302480b7d7f348f6d6a014c42b2084d728ff28
 SHA512:
-  metadata.gz: d8f0791f66cb366aef89a6845e0a8ac13869e08e3e27e659824513b0056b27950503f2c354ddf4d5b00798ea60c34e3a0d94d2e56a6da992dc6bb290319f5e12
-  data.tar.gz: de46007515850844f71c4dbc2d7375991c58c2be4c9118b39b432694ecb7939a9c552945fc3a5cb19d830f953c77158f7f5096228e534828647418b65e45e9cb
+  metadata.gz: 54cbd2285c243d19bdac2dfa2a23abb7eb0844309c1bfcf71f5aa1d8a88c5e1d36dab36f4c6c341533a169e4c17120fa21714995e1e5a533eab48b321b045862
+  data.tar.gz: 3f942f2dfde94c97074488914c0ffd42ce7fe463a5a26dbd8f5d11b3a096867090678b741e45d1e3864d1c24fccf437bedf5ec4afb7fbd7d66c1d21766b60566

data/bin/forj

@@ -173,6 +173,9 @@ If you want to check/updated them, use `forj get [-a account]`
   method_option :extra_metadata,   :aliases => '-e',   :desc => 'Custom' \
     ' server metadata format key1=value1,key2=value2...,keyN=valueN'
 
+  method_option :ca_root_cert,  :desc => 'Certificate Authorities file used by'\
+    ' your compagny to authenticate your intranet servers.'
+
   def boot(blueprint, on_or_name, old_accountname = nil, as = nil,
            old_name = nil)
     Forj::Settings.common_options(options)

data/forj.gemspec

@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
   s.name        = 'forj'
   s.homepage = 'https://www.forj.io'
 
-  s.version     = '1.0.11'
+  s.version     = '1.0.12'
   s.date        = '2015-05-22'
   s.summary     = 'forj command line'
   s.description = 'forj cli - See https://www.forj.io for documentation/information'

data/lib/boot.rb

@@ -141,6 +141,7 @@ module Forj
                       :branch         => :branch,
                       :test_box       => :test_box,
                       :tb_path        => :test_box_path,
+                      :ca_root_cert   => :ca_root_cert,
                       :extra_metadata => :extra_metadata }
 
       load_options(options, options_map) { |k, v| complete_boot_options(k, v) }
@@ -171,6 +172,8 @@ module Forj
         value = tb_repo_detect(value)
       when :tb_path
         value = tb_bin_detect(value)
+      when :ca_root_cert
+        value = ca_root_file_detect(value)
       end
       value
     end
@@ -245,5 +248,21 @@ pwd
       return script if File.executable?(script)
       nil
     end
+
+    def self.ca_root_file_detect(param)
+      res_found = param.match(/^(.*)#(.*)$/)
+
+      if res_found
+        cert_file = res_found[1]
+      else
+        cert_file = param
+      end
+
+      unless File.readable?(cert_file)
+        PrcLib.error("Unable to read the Root Certificate file '%s'", cert_file)
+        return nil
+      end
+      param
+    end
   end
 end

data/lib/process/forj_core/data.yaml

@@ -158,6 +158,7 @@
          :pre_step_function:  :forj_dns_settings?
          :ask_step:           :dns_config
 
+  # Defines maestro environment.
   :maestro:
     :tenant_name:
       :desc:            "Tenant name required by fog/openstack on gardener"
@@ -252,7 +253,13 @@
     :bootstrap_extra_dir:
       :desc:            "Additional bootstrap directory to add in the bootstrap loop, before :bootstrap_dirs and after maestro default bootstrap directory."
 
-# As forj_core is based on lorj_cloud, we have to disable Lorj_cloud data defaults.
+
+  # Defines certificates
+
+  :certs:
+    :ca_root_cert:
+      :desc:            "Certificate Authority file to add to servers."
+  # As forj_core is based on lorj_cloud, we have to disable Lorj_cloud data defaults.
   :server:
     :network_name:
       :set:             false

data/lib/process/forj_core/process/ca_root_cert.rb

@@ -0,0 +1,100 @@
+# encoding: UTF-8
+
+# (c) Copyright 2014 Hewlett-Packard Development Company, L.P.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+# Functions for test-box
+class ForjCoreProcess
+  # This function detects if the server requires the certificate file to be sent
+
+  def ca_root_detect(hParams, log_output)
+    return unless hParams['certs#ca_root_cert'] && !config.exist?(:cert_error)
+    cert_file = hParams['certs#ca_root_cert']
+
+    re = /forj-cli: ca-root-cert=(.*)/
+    res = log_output.split("\n")[-4].match(re)
+
+    return unless res
+
+    res_found = cert_file.match(/^(.*)#(.*)$/)
+
+    if res_found
+      cert_file = res_found[1]
+      dest_file = "/tmp/#{File.basename(res_found[2])}"
+    else
+      dest_file = File.basename(cert_file)
+    end
+
+    unless File.readable?(cert_file)
+      PrcLib.error("Unable to read the Root Certificate file '%s'"\
+                   "You will need install it yourself in /tmp + '"\
+                   ".done' flag file", cert_file)
+      config[:cert_error] = true
+      return
+    end
+
+    server = hParams[:server, :name]
+    public_ip = hParams[:public_ip, :public_ip]
+    identity = File.join(hParams[:keypairs, :keypair_path],
+                         hParams[:keypairs, :private_key_name])
+    # Get ssh user
+    user = hParams[:image, :ssh_user]
+
+    PrcLib.info("Copying local file '#{cert_file}' to #{server}:#{dest_file}")
+
+    ssh_options = '-o StrictHostKeyChecking=no -o ServerAliveInterval=180'
+    ssh_options += " -i #{identity}"
+
+    cmd = "scp #{ssh_options} #{cert_file} #{user}@#{public_ip}:#{dest_file}"
+    PrcLib.debug("Running command '%s'", cmd)
+    res = `#{cmd}`
+
+    # For any reason, $CHILD_STATUS is empty, while $? is not.
+    # Ruby bug. tested with:
+    # ruby 2.0.0p353 (2013-11-22 revision 43784) [x86_64-linux]
+    # rubocop: disable Style/SpecialGlobalVars
+    unless $?.exitstatus == 0
+      # rubocop: enable Style/SpecialGlobalVars
+      PrcLib.error("Unable to send the Root Certificate file '%s' "\
+                   "You will need install it yourself in /tmp + '"\
+                   ".done' flag file\n%s", cert_file, res)
+      config[:cert_error] = true
+      return
+    end
+
+    PrcLib.debug('Flagging the server copy.')
+    `ssh #{ssh_options} #{user}@#{public_ip} touch #{dest_file}.done`
+  end
+
+  # function to add extra meta data to support ca_root_cert
+  #
+  # * *Args*:
+  #   - metadata : Hash. Hash structure to update.
+  #
+  # * * returns*:
+  #   - nothing
+  def ca_root_metadata(hParams, metadata)
+    return unless hParams.exist?('certs#ca_root_cert')
+
+    res_found = hParams['certs#ca_root_cert'].match(/^(.*)#(.*)$/)
+
+    if res_found
+      dest_file = "#{res_found[2]}"
+    else
+      dest_file = File.basename(cert_file)
+    end
+
+    metadata['CA_ROOT_CERT'] = dest_file
+  end
+end

data/lib/process/forj_core/process/declare.rb

@@ -69,6 +69,7 @@ class Lorj::BaseDefinition # rubocop: disable Style/ClassAndModuleChildren
   obj_needs :data,   'dns#dns_tenant_id'
   obj_needs :data,   :test_box
   obj_needs :data,   :test_box_path
+  obj_needs :data,   'certs#ca_root_cert'
 
   # If requested by user, ask Maestro to instantiate a blueprint.
   obj_needs :data,   :blueprint
@@ -114,6 +115,10 @@ class Lorj::BaseDefinition # rubocop: disable Style/ClassAndModuleChildren
   # Adding support of test-box script
   obj_needs :data,        :test_box,          :for => [:create_e]
   obj_needs :data,        :test_box_path,     :for => [:create_e]
+
+  # Adding support of ca-root-cert file to send out.
+  obj_needs :data,      'certs#ca_root_cert', :for => [:create_e]
+
   # Defines how cli will control FORJ features
   # boot/down/ssh/...
 
@@ -124,12 +129,8 @@ class Lorj::BaseDefinition # rubocop: disable Style/ClassAndModuleChildren
 
              :create_e => :ssh_connection
             )
-  obj_needs :CloudObject,  :forge
-  obj_needs :data,         :instance_name
-  obj_needs :data,         'credentials#keypair_name'
-  obj_needs :data,         :keypair_path
+  obj_needs :data,  :server
 
   obj_needs_optional
-  obj_needs :data,         :forge_server
   obj_needs :data,         :ssh_user
 end

data/lib/process/forj_core/process/forj_process.rb

@@ -297,6 +297,7 @@ class ForjCoreProcess
         i_cur_act = output_options[:cur_act]
 
         tb_detect(hParams, o_old_log)
+        ca_root_detect(hParams, o_old_log)
 
         if pending_count == 60
           image = server_get_image o_server
@@ -618,7 +619,8 @@ class ForjCoreProcess
       end
     end
 
-    tb_metadata hParams, h_meta
+    tb_metadata(hParams, h_meta)
+    ca_root_metadata(hParams, h_meta)
 
     h_meta
   end
@@ -1449,13 +1451,10 @@ end
 # Functions for ssh
 class ForjCoreProcess
   def ssh_connection(sObjectType, hParams)
-    o_forge = hParams[:forge]
-
     # Get server information
     PrcLib.state('Getting server information')
-    o_server = o_forge[:servers, hParams[:forge_server]]
+    o_server = hParams[:server, :ObjectData]
     register(o_server)
-
     public_ip = ssh_server_public_ip(o_server)
 
     ssh_options = ssh_keypair(o_server)
@@ -1469,9 +1468,7 @@ class ForjCoreProcess
 
     begin
       PrcLib.state("creating ssh connection with '%s' box", o_server[:name])
-      session = Net::SSH.start(public_ip, user, ssh_options) do |_ssh|
-        ssh_login(ssh_options, user, public_ip)
-      end
+      ssh_login(ssh_options, user, public_ip)
       PrcLib.debug('Error closing ssh connection, box %s ',
                    o_server[:name]) unless session
    rescue => e

data/lib/process/forj_core_process.rb

@@ -19,7 +19,7 @@ FORJCORE_PATH = File.expand_path(File.dirname(__FILE__))
 
 # Define model
 
-lorj_objects = %w(forj_process test_box declare)
+lorj_objects = %w(forj_process test_box ca_root_cert declare)
 
 lorj_objects.each do |name|
   load File.join(FORJCORE_PATH, 'forj_core', 'process', name + '.rb')

data/lib/ssh.rb

@@ -41,7 +41,7 @@ module Forj
           o_server = validate_server_name(name, account, o_forge)
 
           if !o_server.nil?
-            ssh_connection(account, o_cloud, name, o_server[:id])
+            ssh_connection(account, o_cloud, name, o_server)
           else
             PrcLib.debug("server '%s.%s' was not found",
                          account[:box_ssh], name)
@@ -49,14 +49,9 @@ module Forj
                                   account[:box_ssh], name)
           end
         else
-          o_server_number = select_forge_server(o_forge)
-
-          ssh_connection(
-            account,
-            o_cloud,
-            name,
-            o_forge[:servers][o_server_number][:id]
-          )
+          server = select_forge_server(o_forge)
+
+          ssh_connection(account, o_cloud, name, server)
         end
       else
         PrcLib.high_level_msg("No server(s) found for instance name '%s' \n",
@@ -67,37 +62,27 @@ module Forj
     def self.select_forge_server(o_forge)
       # Ask the user to get server(s) to create ssh connection
       server_list = []
-      index = 0
+      servers = []
       s_default = nil
-      o_forge[:servers].each do |server|
-        server_list[index] = server[:name]
-        s_default = server[:name] if server[:name].include? 'maestro'
-        index += 1
+
+      o_forge[:servers].each do |server_type, server|
+        server_list << server[:name]
+        servers << server
+        s_default = server[:name] if server_type == 'maestro'
       end
 
-      say(format(
-            'Select box for ssh connection %s',
-            ((s_default.nil?) ? '' : format(
-              'Default: ' + "|%s|\n", s_default
-            ))
-      )
-         )
+      say(format('Select box for ssh connection %s',
+                 ((s_default.nil?) ? '' : "Default: #{s_default}")))
       value = choose do |q|
         q.choices(*server_list)
         q.default = s_default unless s_default.nil?
       end
 
-      o_server_number = server_list.index(value)
-      o_server_number
+      servers[server_list.index(value)]
     end
 
-    def self.ssh_connection(account, o_cloud, name, server_id)
-      # Property for :forge
-      account.set(:instance_name, name)
-      # Property for :ssh
-      account.set(:forge_server, server_id)
-
-      o_cloud.create(:ssh)
+    def self.ssh_connection(_account, o_cloud, _name, server)
+      o_cloud.create(:ssh, :server => server)
     end
 
     def self.validate_server_name(name, account, o_forge)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: forj
 version: !ruby/object:Gem::Version
-  version: 1.0.11
+  version: 1.0.12
 platform: ruby
 authors:
 - forj team
@@ -208,6 +208,7 @@ files:
 - lib/get.rb
 - lib/process/forj_core/data.yaml
 - lib/process/forj_core/defaults.yaml
+- lib/process/forj_core/process/ca_root_cert.rb
 - lib/process/forj_core/process/declare.rb
 - lib/process/forj_core/process/forj_process.rb
 - lib/process/forj_core/process/test_box.rb