gogetit 0.11.0 → 0.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 74c7dc23671b41961916855a8ccb7129d67ca051
-  data.tar.gz: 366f2f5e0dfee9692e40e9ea96401ce69b627a9d
+  metadata.gz: 5df3c7e2708fbc2aab8624208af8e66b1799d938
+  data.tar.gz: faa1cd7100db42852572c149576c53b768d69817
 SHA512:
-  metadata.gz: d73e3e77111979f7770c8337dfded6e948d3a949f1891e2548bfef6c3c2d5c6166e07bc779422d1557a66a02be4347e1346b8398573d95e933585ae6e793dc82
-  data.tar.gz: b3b508fe66965b6a3e21abc16ae22ef324a19d84fa7ec716a70c9ea98f78e6ee1af8c06a1bed74d0d51e6c7f08d9eb7b2ea3b576e46adbd83964fc07822add32
+  metadata.gz: db901044d47f43dc044e353c2995e61b63b4c486d1ed7b0f881ecb33e2c10515e2378046a1ecebf7c68803760b89c392e7d7e15ac8fad83bff9ced69664f0be1
+  data.tar.gz: 3a570bd71ce4d20413dfd21f2c15bc0e18127a3b0cd8582400bfcd8346f4750b746673789b8612dd26d22e44a29ea2f3a057de65cdc0317d25a99c9972cc2fd8

data/gogetit.gemspec

@@ -40,4 +40,5 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'oga', '~> 2.10'
   spec.add_runtime_dependency 'net-ssh', '~> 4.1.0'
   spec.add_runtime_dependency 'thor', '~> 0.19.0'
+  spec.add_runtime_dependency 'hashie', '~> 3.5.5'
 end

data/lib/gogetit/config.rb

@@ -2,6 +2,7 @@ require 'yaml'
 require 'logger'
 require 'gogetit/util'
 require 'gogetit/multilogger'
+require 'hashie'
 
 module Gogetit
   module Config
@@ -60,6 +61,6 @@ module Gogetit
       FileUtils.cp(src, dst)
       abort('Please define default configuration for GoGetIt at ~/.gogetit/gogetit.yml.')
     end
-    config.merge!(symbolize_keys(YAML.load_file(conf_file)))
+    config.merge!(Hashie.symbolize_keys YAML.load_file(conf_file))
   end
 end

data/lib/gogetit/util.rb

@@ -144,19 +144,6 @@ module Gogetit
       end
     end
 
-    # taken from https://gist.github.com/andrewpcone/11359798
-		def symbolize_keys(thing)
-		  case thing
-		  when Array
-		    thing.map{|v| symbolize_keys(v)}
-		  when Hash
-		    inj = thing.inject({}) {|h, (k,v)| h[k] = symbolize_keys(v); h}
-		    inj.symbolize_keys
-		  else
-		    thing
-		  end
-		end
-
     def wait_until_available(ip_or_fqdn, distro_name, logger)
       logger.info("Calling <#{__method__.to_s}>")
       until ping_available?(ip_or_fqdn, logger)

data/lib/gogetit/version.rb

@@ -1,3 +1,3 @@
 module Gogetit
-  VERSION = "0.11.0"
+  VERSION = "0.12.0"
 end

data/lib/providers/lxd.rb

@@ -1,6 +1,7 @@
 require 'hyperkit'
 require 'gogetit/util'
 require 'yaml'
+require 'hashie'
 
 module Gogetit
   class GogetLXD
@@ -77,12 +78,24 @@ module Gogetit
       args[:config][:'user.user-data']['package_update'] = false
       args[:config][:'user.user-data']['package_upgrade'] = false
 
+      generate_cloud_init_config(config, args)
+
+      args[:config][:"user.user-data"] = \
+        "#cloud-config\n" + YAML.dump(args[:config][:"user.user-data"])[4..-1]
+
+      return args
+    end
+
+    def generate_cloud_init_config(config, args)
+      logger.info("Calling <#{__method__.to_s}>")
       # To add truested root CA certificates
-      if config[:'cloud-config'] && config[:'cloud-config'][:'ca-certs']
+      # https://cloudinit.readthedocs.io/en/latest/topics/examples.html
+      # #configure-an-instances-trusted-ca-certificates
+      if config[:cloud_init] && config[:cloud_init][:ca_certs]
         args[:config][:'user.user-data']['ca-certs'] = {}
         certs = []
 
-        config[:'cloud-config'][:'ca-certs'][:trusted].each do |ca|
+        config[:cloud_init][:ca_certs].each do |ca|
           content = get_http_content(ca)
           certs.push(
             /^-----BEGIN CERTIFICATE-----.*-/m.match(content).to_s
@@ -92,8 +105,55 @@ module Gogetit
         args[:config][:'user.user-data']['ca-certs'] = { 'trusted' => certs }
       end
 
-      args[:config][:"user.user-data"] = \
-        "#cloud-config\n" + YAML.dump(args[:config][:"user.user-data"])[4..-1]
+      # To get CA public key to be used for SSH authentication
+      # https://cloudinit.readthedocs.io/en/latest/topics/examples.html
+      # #writing-out-arbitrary-files
+      if config[:cloud_init] && config[:cloud_init][:ssh_ca_public_key]
+        args[:config][:'user.user-data']['write_files'] = []
+        content = get_http_content(config[:cloud_init][:ssh_ca_public_key][:key_url])
+        if content
+          file = {
+            'content'     => content.chop!,
+            'path'        => config[:cloud_init][:ssh_ca_public_key][:key_path],
+            'owner'       => config[:cloud_init][:ssh_ca_public_key][:owner],
+            'permissions' => config[:cloud_init][:ssh_ca_public_key][:permissions]
+          }
+          args[:config][:'user.user-data']['write_files'].push(file)
+          args[:config][:'user.user-data']['bootcmd'] = []
+          args[:config][:'user.user-data']['bootcmd'].push(
+            "cloud-init-per once ssh-ca-pub-key \
+echo \"TrustedUserCAKeys #{file['path']}\" >> /etc/ssh/sshd_config"
+          )
+        end
+
+        if config[:cloud_init][:ssh_ca_public_key][:revocation_url]
+          content = get_http_content(config[:cloud_init][:ssh_ca_public_key][:revocation_url])
+          if content
+            args[:config][:'user.user-data']['bootcmd'].push(
+              "cloud-init-per once download-key-revocation-list \
+curl -o #{config[:cloud_init][:ssh_ca_public_key][:revocation_path]} \
+#{config[:cloud_init][:ssh_ca_public_key][:revocation_url]}"
+            )
+            args[:config][:'user.user-data']['bootcmd'].push(
+              "cloud-init-per once ssh-user-key-revocation-list \
+echo \"RevokedKeys #{config[:cloud_init][:ssh_ca_public_key][:revocation_path]}\" \
+>> /etc/ssh/sshd_config"
+            )
+          end
+        end
+      end
+
+      # To add users
+      # https://cloudinit.readthedocs.io/en/latest/topics/examples.html
+      # #including-users-and-groups
+      if config[:cloud_init] && config[:cloud_init][:users]
+        args[:config][:'user.user-data']['users'] = []
+        args[:config][:'user.user-data']['users'].push('default')
+
+        config[:cloud_init][:users].each do |user|
+          args[:config][:'user.user-data']['users'].push(Hashie.stringify_keys user)
+        end
+      end
 
       return args
     end

data/lib/sample_conf/gogetit.yml

@@ -2,14 +2,23 @@ default:
   user: ubuntu
   root_bridge: $root_bridge
 
-#cloud-init
-cloud-config:
-  write_files:
-    - ca_public_key_url: http://pki.example.com/site/ssh_ca.pub
-      path: /etc/ssh/ca.pub
-  ca-certs:
-    trusted:
-      - http://pki.example.com/site/root_ca.crt
+cloud_init:
+  users:
+    - name: usera
+      gecos: usera
+      sudo: ALL=(ALL) NOPASSWD:ALL
+      groups: users, admin
+      shell: /bin/bash
+      lock_passwd: true
+  ca_certs:
+    - http://pki.example.com/site/root_ca.crt
+  ssh_ca_public_key:
+    key_url: http://pki.example.com/site/ssh_ca.pub
+    key_path: /etc/ssh/ca.pub
+    revocation_url: http://pki.example.com/site/ssh-revoked-keys
+    revocation_path: /etc/ssh/ca.pub
+    owner: root:root
+    permissions: '0640'
 
 maas:
   key: K:E:Y

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gogetit
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.12.0
 platform: ruby
 authors:
 - Don Draper
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-01-08 00:00:00.000000000 Z
+date: 2018-01-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -178,6 +178,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.19.0
+- !ruby/object:Gem::Dependency
+  name: hashie
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.5.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.5.5
 description: |2
       This provides the ways that deal with mutiple virtualized and containerized solutions such as Libvirt(KVM) and LXD.
       This uses MAAS for bare-metal provision(KVM machine using Libvirt), DHCP and DNS.