forj 1.0.11 → 1.0.12
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/forj +3 -0
- data/forj.gemspec +1 -1
- data/lib/boot.rb +19 -0
- data/lib/process/forj_core/data.yaml +8 -1
- data/lib/process/forj_core/process/ca_root_cert.rb +100 -0
- data/lib/process/forj_core/process/declare.rb +6 -5
- data/lib/process/forj_core/process/forj_process.rb +5 -8
- data/lib/process/forj_core_process.rb +1 -1
- data/lib/ssh.rb +15 -30
- metadata +2 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 998ddeee3c77bd0d8e98530ff7cff93a8fcc984c
|
4
|
+
data.tar.gz: bc302480b7d7f348f6d6a014c42b2084d728ff28
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 54cbd2285c243d19bdac2dfa2a23abb7eb0844309c1bfcf71f5aa1d8a88c5e1d36dab36f4c6c341533a169e4c17120fa21714995e1e5a533eab48b321b045862
|
7
|
+
data.tar.gz: 3f942f2dfde94c97074488914c0ffd42ce7fe463a5a26dbd8f5d11b3a096867090678b741e45d1e3864d1c24fccf437bedf5ec4afb7fbd7d66c1d21766b60566
|
data/bin/forj
CHANGED
@@ -173,6 +173,9 @@ If you want to check/updated them, use `forj get [-a account]`
|
|
173
173
|
method_option :extra_metadata, :aliases => '-e', :desc => 'Custom' \
|
174
174
|
' server metadata format key1=value1,key2=value2...,keyN=valueN'
|
175
175
|
|
176
|
+
method_option :ca_root_cert, :desc => 'Certificate Authorities file used by'\
|
177
|
+
' your compagny to authenticate your intranet servers.'
|
178
|
+
|
176
179
|
def boot(blueprint, on_or_name, old_accountname = nil, as = nil,
|
177
180
|
old_name = nil)
|
178
181
|
Forj::Settings.common_options(options)
|
data/forj.gemspec
CHANGED
@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
|
|
19
19
|
s.name = 'forj'
|
20
20
|
s.homepage = 'https://www.forj.io'
|
21
21
|
|
22
|
-
s.version = '1.0.
|
22
|
+
s.version = '1.0.12'
|
23
23
|
s.date = '2015-05-22'
|
24
24
|
s.summary = 'forj command line'
|
25
25
|
s.description = 'forj cli - See https://www.forj.io for documentation/information'
|
data/lib/boot.rb
CHANGED
@@ -141,6 +141,7 @@ module Forj
|
|
141
141
|
:branch => :branch,
|
142
142
|
:test_box => :test_box,
|
143
143
|
:tb_path => :test_box_path,
|
144
|
+
:ca_root_cert => :ca_root_cert,
|
144
145
|
:extra_metadata => :extra_metadata }
|
145
146
|
|
146
147
|
load_options(options, options_map) { |k, v| complete_boot_options(k, v) }
|
@@ -171,6 +172,8 @@ module Forj
|
|
171
172
|
value = tb_repo_detect(value)
|
172
173
|
when :tb_path
|
173
174
|
value = tb_bin_detect(value)
|
175
|
+
when :ca_root_cert
|
176
|
+
value = ca_root_file_detect(value)
|
174
177
|
end
|
175
178
|
value
|
176
179
|
end
|
@@ -245,5 +248,21 @@ pwd
|
|
245
248
|
return script if File.executable?(script)
|
246
249
|
nil
|
247
250
|
end
|
251
|
+
|
252
|
+
def self.ca_root_file_detect(param)
|
253
|
+
res_found = param.match(/^(.*)#(.*)$/)
|
254
|
+
|
255
|
+
if res_found
|
256
|
+
cert_file = res_found[1]
|
257
|
+
else
|
258
|
+
cert_file = param
|
259
|
+
end
|
260
|
+
|
261
|
+
unless File.readable?(cert_file)
|
262
|
+
PrcLib.error("Unable to read the Root Certificate file '%s'", cert_file)
|
263
|
+
return nil
|
264
|
+
end
|
265
|
+
param
|
266
|
+
end
|
248
267
|
end
|
249
268
|
end
|
@@ -158,6 +158,7 @@
|
|
158
158
|
:pre_step_function: :forj_dns_settings?
|
159
159
|
:ask_step: :dns_config
|
160
160
|
|
161
|
+
# Defines maestro environment.
|
161
162
|
:maestro:
|
162
163
|
:tenant_name:
|
163
164
|
:desc: "Tenant name required by fog/openstack on gardener"
|
@@ -252,7 +253,13 @@
|
|
252
253
|
:bootstrap_extra_dir:
|
253
254
|
:desc: "Additional bootstrap directory to add in the bootstrap loop, before :bootstrap_dirs and after maestro default bootstrap directory."
|
254
255
|
|
255
|
-
|
256
|
+
|
257
|
+
# Defines certificates
|
258
|
+
|
259
|
+
:certs:
|
260
|
+
:ca_root_cert:
|
261
|
+
:desc: "Certificate Authority file to add to servers."
|
262
|
+
# As forj_core is based on lorj_cloud, we have to disable Lorj_cloud data defaults.
|
256
263
|
:server:
|
257
264
|
:network_name:
|
258
265
|
:set: false
|
@@ -0,0 +1,100 @@
|
|
1
|
+
# encoding: UTF-8
|
2
|
+
|
3
|
+
# (c) Copyright 2014 Hewlett-Packard Development Company, L.P.
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Functions for test-box
|
18
|
+
class ForjCoreProcess
|
19
|
+
# This function detects if the server requires the certificate file to be sent
|
20
|
+
|
21
|
+
def ca_root_detect(hParams, log_output)
|
22
|
+
return unless hParams['certs#ca_root_cert'] && !config.exist?(:cert_error)
|
23
|
+
cert_file = hParams['certs#ca_root_cert']
|
24
|
+
|
25
|
+
re = /forj-cli: ca-root-cert=(.*)/
|
26
|
+
res = log_output.split("\n")[-4].match(re)
|
27
|
+
|
28
|
+
return unless res
|
29
|
+
|
30
|
+
res_found = cert_file.match(/^(.*)#(.*)$/)
|
31
|
+
|
32
|
+
if res_found
|
33
|
+
cert_file = res_found[1]
|
34
|
+
dest_file = "/tmp/#{File.basename(res_found[2])}"
|
35
|
+
else
|
36
|
+
dest_file = File.basename(cert_file)
|
37
|
+
end
|
38
|
+
|
39
|
+
unless File.readable?(cert_file)
|
40
|
+
PrcLib.error("Unable to read the Root Certificate file '%s'"\
|
41
|
+
"You will need install it yourself in /tmp + '"\
|
42
|
+
".done' flag file", cert_file)
|
43
|
+
config[:cert_error] = true
|
44
|
+
return
|
45
|
+
end
|
46
|
+
|
47
|
+
server = hParams[:server, :name]
|
48
|
+
public_ip = hParams[:public_ip, :public_ip]
|
49
|
+
identity = File.join(hParams[:keypairs, :keypair_path],
|
50
|
+
hParams[:keypairs, :private_key_name])
|
51
|
+
# Get ssh user
|
52
|
+
user = hParams[:image, :ssh_user]
|
53
|
+
|
54
|
+
PrcLib.info("Copying local file '#{cert_file}' to #{server}:#{dest_file}")
|
55
|
+
|
56
|
+
ssh_options = '-o StrictHostKeyChecking=no -o ServerAliveInterval=180'
|
57
|
+
ssh_options += " -i #{identity}"
|
58
|
+
|
59
|
+
cmd = "scp #{ssh_options} #{cert_file} #{user}@#{public_ip}:#{dest_file}"
|
60
|
+
PrcLib.debug("Running command '%s'", cmd)
|
61
|
+
res = `#{cmd}`
|
62
|
+
|
63
|
+
# For any reason, $CHILD_STATUS is empty, while $? is not.
|
64
|
+
# Ruby bug. tested with:
|
65
|
+
# ruby 2.0.0p353 (2013-11-22 revision 43784) [x86_64-linux]
|
66
|
+
# rubocop: disable Style/SpecialGlobalVars
|
67
|
+
unless $?.exitstatus == 0
|
68
|
+
# rubocop: enable Style/SpecialGlobalVars
|
69
|
+
PrcLib.error("Unable to send the Root Certificate file '%s' "\
|
70
|
+
"You will need install it yourself in /tmp + '"\
|
71
|
+
".done' flag file\n%s", cert_file, res)
|
72
|
+
config[:cert_error] = true
|
73
|
+
return
|
74
|
+
end
|
75
|
+
|
76
|
+
PrcLib.debug('Flagging the server copy.')
|
77
|
+
`ssh #{ssh_options} #{user}@#{public_ip} touch #{dest_file}.done`
|
78
|
+
end
|
79
|
+
|
80
|
+
# function to add extra meta data to support ca_root_cert
|
81
|
+
#
|
82
|
+
# * *Args*:
|
83
|
+
# - metadata : Hash. Hash structure to update.
|
84
|
+
#
|
85
|
+
# * * returns*:
|
86
|
+
# - nothing
|
87
|
+
def ca_root_metadata(hParams, metadata)
|
88
|
+
return unless hParams.exist?('certs#ca_root_cert')
|
89
|
+
|
90
|
+
res_found = hParams['certs#ca_root_cert'].match(/^(.*)#(.*)$/)
|
91
|
+
|
92
|
+
if res_found
|
93
|
+
dest_file = "#{res_found[2]}"
|
94
|
+
else
|
95
|
+
dest_file = File.basename(cert_file)
|
96
|
+
end
|
97
|
+
|
98
|
+
metadata['CA_ROOT_CERT'] = dest_file
|
99
|
+
end
|
100
|
+
end
|
@@ -69,6 +69,7 @@ class Lorj::BaseDefinition # rubocop: disable Style/ClassAndModuleChildren
|
|
69
69
|
obj_needs :data, 'dns#dns_tenant_id'
|
70
70
|
obj_needs :data, :test_box
|
71
71
|
obj_needs :data, :test_box_path
|
72
|
+
obj_needs :data, 'certs#ca_root_cert'
|
72
73
|
|
73
74
|
# If requested by user, ask Maestro to instantiate a blueprint.
|
74
75
|
obj_needs :data, :blueprint
|
@@ -114,6 +115,10 @@ class Lorj::BaseDefinition # rubocop: disable Style/ClassAndModuleChildren
|
|
114
115
|
# Adding support of test-box script
|
115
116
|
obj_needs :data, :test_box, :for => [:create_e]
|
116
117
|
obj_needs :data, :test_box_path, :for => [:create_e]
|
118
|
+
|
119
|
+
# Adding support of ca-root-cert file to send out.
|
120
|
+
obj_needs :data, 'certs#ca_root_cert', :for => [:create_e]
|
121
|
+
|
117
122
|
# Defines how cli will control FORJ features
|
118
123
|
# boot/down/ssh/...
|
119
124
|
|
@@ -124,12 +129,8 @@ class Lorj::BaseDefinition # rubocop: disable Style/ClassAndModuleChildren
|
|
124
129
|
|
125
130
|
:create_e => :ssh_connection
|
126
131
|
)
|
127
|
-
obj_needs :
|
128
|
-
obj_needs :data, :instance_name
|
129
|
-
obj_needs :data, 'credentials#keypair_name'
|
130
|
-
obj_needs :data, :keypair_path
|
132
|
+
obj_needs :data, :server
|
131
133
|
|
132
134
|
obj_needs_optional
|
133
|
-
obj_needs :data, :forge_server
|
134
135
|
obj_needs :data, :ssh_user
|
135
136
|
end
|
@@ -297,6 +297,7 @@ class ForjCoreProcess
|
|
297
297
|
i_cur_act = output_options[:cur_act]
|
298
298
|
|
299
299
|
tb_detect(hParams, o_old_log)
|
300
|
+
ca_root_detect(hParams, o_old_log)
|
300
301
|
|
301
302
|
if pending_count == 60
|
302
303
|
image = server_get_image o_server
|
@@ -618,7 +619,8 @@ class ForjCoreProcess
|
|
618
619
|
end
|
619
620
|
end
|
620
621
|
|
621
|
-
tb_metadata
|
622
|
+
tb_metadata(hParams, h_meta)
|
623
|
+
ca_root_metadata(hParams, h_meta)
|
622
624
|
|
623
625
|
h_meta
|
624
626
|
end
|
@@ -1449,13 +1451,10 @@ end
|
|
1449
1451
|
# Functions for ssh
|
1450
1452
|
class ForjCoreProcess
|
1451
1453
|
def ssh_connection(sObjectType, hParams)
|
1452
|
-
o_forge = hParams[:forge]
|
1453
|
-
|
1454
1454
|
# Get server information
|
1455
1455
|
PrcLib.state('Getting server information')
|
1456
|
-
o_server =
|
1456
|
+
o_server = hParams[:server, :ObjectData]
|
1457
1457
|
register(o_server)
|
1458
|
-
|
1459
1458
|
public_ip = ssh_server_public_ip(o_server)
|
1460
1459
|
|
1461
1460
|
ssh_options = ssh_keypair(o_server)
|
@@ -1469,9 +1468,7 @@ class ForjCoreProcess
|
|
1469
1468
|
|
1470
1469
|
begin
|
1471
1470
|
PrcLib.state("creating ssh connection with '%s' box", o_server[:name])
|
1472
|
-
|
1473
|
-
ssh_login(ssh_options, user, public_ip)
|
1474
|
-
end
|
1471
|
+
ssh_login(ssh_options, user, public_ip)
|
1475
1472
|
PrcLib.debug('Error closing ssh connection, box %s ',
|
1476
1473
|
o_server[:name]) unless session
|
1477
1474
|
rescue => e
|
@@ -19,7 +19,7 @@ FORJCORE_PATH = File.expand_path(File.dirname(__FILE__))
|
|
19
19
|
|
20
20
|
# Define model
|
21
21
|
|
22
|
-
lorj_objects = %w(forj_process test_box declare)
|
22
|
+
lorj_objects = %w(forj_process test_box ca_root_cert declare)
|
23
23
|
|
24
24
|
lorj_objects.each do |name|
|
25
25
|
load File.join(FORJCORE_PATH, 'forj_core', 'process', name + '.rb')
|
data/lib/ssh.rb
CHANGED
@@ -41,7 +41,7 @@ module Forj
|
|
41
41
|
o_server = validate_server_name(name, account, o_forge)
|
42
42
|
|
43
43
|
if !o_server.nil?
|
44
|
-
ssh_connection(account, o_cloud, name, o_server
|
44
|
+
ssh_connection(account, o_cloud, name, o_server)
|
45
45
|
else
|
46
46
|
PrcLib.debug("server '%s.%s' was not found",
|
47
47
|
account[:box_ssh], name)
|
@@ -49,14 +49,9 @@ module Forj
|
|
49
49
|
account[:box_ssh], name)
|
50
50
|
end
|
51
51
|
else
|
52
|
-
|
53
|
-
|
54
|
-
ssh_connection(
|
55
|
-
account,
|
56
|
-
o_cloud,
|
57
|
-
name,
|
58
|
-
o_forge[:servers][o_server_number][:id]
|
59
|
-
)
|
52
|
+
server = select_forge_server(o_forge)
|
53
|
+
|
54
|
+
ssh_connection(account, o_cloud, name, server)
|
60
55
|
end
|
61
56
|
else
|
62
57
|
PrcLib.high_level_msg("No server(s) found for instance name '%s' \n",
|
@@ -67,37 +62,27 @@ module Forj
|
|
67
62
|
def self.select_forge_server(o_forge)
|
68
63
|
# Ask the user to get server(s) to create ssh connection
|
69
64
|
server_list = []
|
70
|
-
|
65
|
+
servers = []
|
71
66
|
s_default = nil
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
67
|
+
|
68
|
+
o_forge[:servers].each do |server_type, server|
|
69
|
+
server_list << server[:name]
|
70
|
+
servers << server
|
71
|
+
s_default = server[:name] if server_type == 'maestro'
|
76
72
|
end
|
77
73
|
|
78
|
-
say(format(
|
79
|
-
|
80
|
-
((s_default.nil?) ? '' : format(
|
81
|
-
'Default: ' + "|%s|\n", s_default
|
82
|
-
))
|
83
|
-
)
|
84
|
-
)
|
74
|
+
say(format('Select box for ssh connection %s',
|
75
|
+
((s_default.nil?) ? '' : "Default: #{s_default}")))
|
85
76
|
value = choose do |q|
|
86
77
|
q.choices(*server_list)
|
87
78
|
q.default = s_default unless s_default.nil?
|
88
79
|
end
|
89
80
|
|
90
|
-
|
91
|
-
o_server_number
|
81
|
+
servers[server_list.index(value)]
|
92
82
|
end
|
93
83
|
|
94
|
-
def self.ssh_connection(
|
95
|
-
|
96
|
-
account.set(:instance_name, name)
|
97
|
-
# Property for :ssh
|
98
|
-
account.set(:forge_server, server_id)
|
99
|
-
|
100
|
-
o_cloud.create(:ssh)
|
84
|
+
def self.ssh_connection(_account, o_cloud, _name, server)
|
85
|
+
o_cloud.create(:ssh, :server => server)
|
101
86
|
end
|
102
87
|
|
103
88
|
def self.validate_server_name(name, account, o_forge)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: forj
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.12
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- forj team
|
@@ -208,6 +208,7 @@ files:
|
|
208
208
|
- lib/get.rb
|
209
209
|
- lib/process/forj_core/data.yaml
|
210
210
|
- lib/process/forj_core/defaults.yaml
|
211
|
+
- lib/process/forj_core/process/ca_root_cert.rb
|
211
212
|
- lib/process/forj_core/process/declare.rb
|
212
213
|
- lib/process/forj_core/process/forj_process.rb
|
213
214
|
- lib/process/forj_core/process/test_box.rb
|