inprovise 0.2.2

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    YTllYTMyMWNhN2ViNTk2YWQ1M2ZlYWUxNDA1ZWJhNjYxMDhiNmE1OQ==
+  data.tar.gz: !binary |-
+    YTJkNjFhNjkxODU5ZGU1MDE5YmRlNWU5OGQxYzE0Y2RkNzU0ZjVhZQ==
+SHA512:
+  metadata.gz: !binary |-
+    ZGFmYzI0MGUwYWIyODY3NzM3MDNkNjI1NjQzZTVlNDZhZDViMzAwOTM1ZWFh
+    MGNlYWE4YTU5ZDc2ZjA2YzA4ODA2ZTk1Mjk2OTQ2MmY3ZDUxZmU2OTZkNjk5
+    YzQ4ZjRhYmQ2ODFlNDFmY2RkMzVjMDI4ZThjYTgyOTk4M2M4NDg=
+  data.tar.gz: !binary |-
+    ZGU3M2M4NzY2OGJlMmY3NGFiOTJmZGVjOWY3YTE0MTQ4YjZmZWUxNGQ5OWEx
+    MzU4MWRiZDE3YWY2NDdjY2U2MzViNWU2NWE1MjYxYzcxOTYwN2ExYTA1NTFi
+    ZmVmYmEyMWY2Yjk0ZmIwNmJlZTBmNDBhZDNhZmVlNDY3M2UzOTA=

data/.gitignore

@@ -0,0 +1,4 @@
+
+.*
+pkg/*.gem
+Gemfile.lock

data/.travis.yml

@@ -0,0 +1,28 @@
+before_install:
+- gem install bundler
+bundler_args: "--verbose"
+script: rake test
+rvm:
+- 2.0.0
+- 2.1
+- 2.2
+- 2.3.1
+- ruby-head
+gemfile:
+- Gemfile
+matrix:
+  allow_failures:
+  - rvm: ruby-head
+env: CODECLIMATE_REPO_TOKEN=2b46019558c79326fc3cc87f2e4261610256aee236063c4b62b8ed8d2c2ce21d
+  bundle exec rake
+addons:
+  code_climate:
+    repo_token: 2b46019558c79326fc3cc87f2e4261610256aee236063c4b62b8ed8d2c2ce21d
+deploy:
+  provider: rubygems
+  api_key:
+    secure: nkx4D7AGMCSZrWXj+KLwk+3PFErq70xiKSg8oY0woeBxQbLcWkqZaR0j6p8OI5rAJNN5bDQbdylnq9J+YS8rzNOFC/V8CUlgQp/AhWIfsd9wezAjcu820XHw/4nPPWdD5TKb8Zjb/P25h0y4SpkSaysaJzOTELfdaNXEcKC8LNW+sLXKgMBByj6aMmw0gRPHZcZRb6KjnJAHsDa+vUhZhXPO9VecBk5SToFHK145zW52HA2Y2Th9iCKhl5p6+x5ENy81fW51ub2IBjFl+oGS1nW5xE62b6yLRKhjyMv0P69UhTP+AxHBo/Ef0Ke4JAzlAszbS4ymPKjVkOdto2gRf3jvO82tUnvIvv7F+a5oi6R61ZFM0S5fNvU0rxFcHt88spjU+DZuvNx8Yxqu3U2Iy65qeDOhCJOPjyVW5X9b20l7nqKEXZL7syPxSFwX/iq8utZRjgF/8rUkS26LhRQAhT1uHme5YdrJLVNw7MdZxlRiSDfzVOPVitvK34V71lPrK16U60crZ2HUCn7Bq93ENMkNRaIHAGrsTmHxCzX+G7nsnlh8CuErEtDvNt9tQZXjNl7EE4w+4srULS8SExDNt6LMpEGDFNtMtr9Hka3MAdgFs+Qz1p5LtV0uKsD5h1jLk0X7HBrJRMoMjEtNS5WVtI0tpDx2y6mB49nGLeHMvhY=
+  gemspec: inprovise.gemspec
+  on:
+    tags: true
+    repo: mcorino/Inprovise

data/Gemfile

@@ -0,0 +1,9 @@
+source 'https://rubygems.org'
+
+gemspec
+
+gem 'rake'
+gem 'minitest'
+gem 'mocha', :require => false
+
+gem "codeclimate-test-reporter", group: :test, require: nil

data/LICENSE

@@ -0,0 +1,8 @@
+Copyright (c) 2016 Martin Corino
+Portions Copyright (c) 2012 Andrew Kent
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,197 @@
+
+Inprovise
+=========
+
+**Because provisioning small computing infrastructures should be simple, intuitive and NOT require additional infrastructure or elaborate setups just to run your provisioning scripts.** 
+
+Inprovise (Intuitive Provisioning Environment) is a super simple way to provision servers and virtual machines.
+
+[![Build Status](https://travis-ci.org/mcorino/Inprovise.png)](https://travis-ci.org/mcorino/Inprovise)
+[![Code Climate](https://codeclimate.com/github/mcorino/Inprovise/badges/gpa.png)](https://codeclimate.com/github/mcorino/Inprovise)
+[![Test Coverage](https://codeclimate.com/github/mcorino/Inprovise/badges/coverage.png)](https://codeclimate.com/github/mcorino/Inprovise/coverage)
+
+If you've found yourself stuck in the gap between deployment tools like Capistrano and full blown infrastructure tools like Puppet and Chef then Inprovise might be a good fit for you. 
+This is especially the case if you choose to cycle machines and prefer baking from scratch when changes are required rather than attempting to converge system state 
+(although Inprovise is flexible and extensible enough to achieve anything you would like).
+
+Acknowledgement
+---------------
+
+First off a very big acknowledgement.
+When searching (yet again) for a usable (as in 'easy' and 'intuitive') tool for managing the provisioning of our smallish computing farm 
+(consisting of <10 host servers each running 6-12 VMs each) and yet again becoming disappointed by the requirements and overkill offered by tools like
+Chef and Puppet, I finally found the *Orca* tool by Andy Kent (https://github.com/andykent/orca).
+*This* was what I was thinking of!
+
+Unfortunately Andy some time ago deprecated his project and there were some aspects of Orca I did not really like (a major one being the definition of the infrastructure nodes and groups inside the provisioning schemes) 
+as well as some missing bits (like more flexibility in the platform support).
+I really did like the agent-less setup and the simple and elegant structure of the DSL though as well as the fact it was written in one of my favorite programming languages. As Andy's arguments for discontinuing 
+did not apply to us I decided to take up his code and rework it to my ideas and provide it with a minimum of multi platform support to also be able to manage the non-*nix nodes we needed to provision. 
+
+As Andy indicated the Orca name was (to be) handed over to another gem maintainer and I did not particularly like it anyway (sorry Andy) I renamed the package. Andy's code proved quite resilient to my changes
+though and (apart from the name changes) I was able to copy large chunks more or less verbatim and rework those step by step thereby increasing my coding production significantly.
+
+What problem does Inprovise try to solve?
+------------------------------------
+
+All too often you need to get a new server up and running to a known state so that you can get an app deployed. Before Inprovise (and Orca) there were broadly 4 options...
+
+1. Start from scratch and hand install all the packages, files, permissions, etc. yourself over SSH.
+2. Use a deployment tool like Capistrano to codeify your shell scripts into semi-reusable steps.
+3. Use Puppet or Chef in single machine mode, requiring to install these tools on each host server.
+4. Use Full blown Puppet or Chef, this requires a server.
+
+Inprovise fills the rather large gap between (2) and (3). It's a bigger gap then you think as both Puppet and Chef require...
+
+- bootstrapping a machine to a point where you are able to run them
+- Creating a seperate repository describing the configuration you require
+- learning their complex syntaxes and structures
+- hiding the differences of different host OSes
+
+Inprovise fixes these problems by...
+
+- working directly over standardized protocols (SSH by default), all you need is a box that you can connect to
+- Inprovise maintains a simple (JSON) file based registry of your infrastructure  
+- scripting definitions can all go in a single file (although Inprovise supports modularization) and most servers can be configured in ~50 lines
+- scripts are defined in a ruby based DSL that consists of a very small number of basic commands to learn
+- Inprovise only requires a minimum operations (for cmd execution and file management) to be supported for any OS the details of which are abstracted through configurable handlers
+- apart from the protocol and minimal operation set Inprovise makes no assumptions about the underlying OS
+- Inprovise is extensible and adding platform specific features like package manager support can be achieved in a small amount of code using the core support 
+
+
+What problems is Inprovise avoiding?
+-------------------------------
+
+Inprovise intentionally skirts around some important things that may or may not matter to you. 
+If they do then you are probably better using tools such as Puppet or Chef.
+
+Inprovise doesn't...
+
+- try to scale beyond a smallish (2-100) number of nodes
+- have any algorithms that attempt to run periodically and converge divergent configurations
+- fully abstract the differences of different host OSes (in particular specific system support options and package management)
+- provide a server to supervise infrastructure configuration
+
+
+Installation
+------------
+
+To install Inprovise you will need to be running Ruby 2+ and then install the inprovise gem...
+
+    gem install inprovise
+
+or ideally add it to your gemfile...
+
+    gem 'inprovise'
+
+
+Command Line Usage
+------------------
+
+Inprovise provides a CLI tool called `rig`
+
+To get started from within your project you can run...
+
+    rig init
+
+This will create an empty infra.json and an example inprovise.rb file for you to get started with.
+
+To manage nodes you can run...
+
+    rig node [add|remove|update] [options] [arguments]
+
+To manage groups you can run...
+
+    rig group [add|remove|update] [options] [arguments]
+
+To run a command the syntax is as follows...
+
+    rig [command] [script] [group_or_node]
+
+So here are some examples (assuming you have a script called "app" and a node called "server" defined)...
+
+    rig apply app server
+    rig revert app server
+    rig validate app server
+
+If you have a script with the same name as a group or node you can abreviate this to...
+
+    rig apply server
+    rig remove server
+    rig validate server
+
+You can also directly trigger actions from the CLI like so...
+
+    rig trigger nginx:reload web-1
+    rig trigger firewall:add[allow,80] web-1
+
+Options, all commands support the following optional parameters...
+
+    --demonstrate       | dont actually run any commands just pretend like you are
+    --sequential        | dont attempt to run commands across multiple nodes in parrallel
+    --verbose=LEVEL     | increase logging level to see exceptions printed as well as SSH commands and results
+    --skip-dependencies | Don't validate and run dependancies, only the script specified
+
+The `help` command shows basic or command specific help info if you run...
+
+    rig help [command]
+
+The Inprovise DSL
+------------
+
+Inprovise provides a Ruby based DSL to write your provisioning specifications. Files containing these provisioning
+specs are called `schemes`.
+Inprovise provisioning schemes are pure Ruby code and should preferably be stored in files with the '.rb' extension. When
+no scheme is specified Inprovise looks for the scheme `inprovise.rb` in the projects root (where the `infa.json` is located) by default. 
+Scheme scripts are really simple to learn in less than 5 mins. Below is an example inprovise.rb file with some hints to help you get started. 
+A more complete WIP example can be found in this gist... https://gist.github.com/andykent/5814997
+
+````ruby
+# define a new script called 'gem' that provides some actions for managing rubygems
+script 'gem' do
+  depends_on 'ruby-1.9.3'                     # this script depends on another script called ruby-1.9.3
+  action 'exists' do |gem_name|               # define an action that other scripts can trigger called 'exists'
+    run("gem list -i #{gem_name}") =~ /true/  # execute the command, get the output and check it contains 'true'
+  end
+  action 'install' do |gem_name|
+    run "gem install #{gem_name} --no-ri --no-rdoc"
+  end
+  action 'uninstall' do |gem_name|
+    run "gem uninstall #{gem_name} -x -a"
+  end
+end
+
+# define a script called 'bundler' that can be used to manage the gem by the same name
+script 'bundler' do
+  depends_on 'gem'
+  apply do                                # apply gets called whenever this script or a script that depends on it is applied
+    trigger('gem:install', 'bundler')     # trigger triggers defined actions, in this case the action 'install' on 'gem'
+  end
+  remove do                               # remove gets called whenever this script or a script that depends on it is removed
+    trigger('gem:uninstall', 'bundler')
+  end
+  validate do                             # validate is used internally to check if the script is applied correctly or not
+    trigger('gem:exists', 'bundler')      # validate should return true if the script is applied correctly
+  end
+end
+````
+
+Configuration
+-------------
+
+The `rig` CLI tool loads a file named 'rigrc' at startup if available in the root of your project (where the 'infra.json' is located). This file is assumed
+to contain pure Ruby code and is loaded as such. You can use this to require and setup any libraries, extensions etc. you want to be available to your
+scripts defined in your project's scheme files.
+
+As the scheme files themselves are also pure Ruby code you can also put configuration code there if that suites your use case better (for example if certain settings
+should only be available to scripts defined in one particular scheme file).  
+
+Extensions
+----------
+
+The core of Inprovise only provides a minimum of platform specific logic but is designed to be a foundation to build apon.
+Basically the core currently supports using the SSH(+SFTP) protocol and provides operation handlers for `linux` and `cygwin` type OS environments.
+
+Extensions can be written in their own files, projects or gems and loaded through the `rigrc` config file or any of your project's scheme files.
+As these files are all pure Ruby code you can use 'require' statements and/or any other valid Ruby code to initialize your extensions.
+

data/Rakefile.rb

@@ -0,0 +1,9 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.pattern = 'test/**/*_test.rb'
+end
+
+task :default => :test

data/bin/rig

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require_relative '../lib/inprovise'
+
+exit Inprovise::Cli.run(ARGV)

data/inprovise.gemspec

@@ -0,0 +1,22 @@
+require File.join(File.dirname(__FILE__), 'lib/inprovise/version')
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Martin Corino"]
+  gem.email         = ["mcorino@remedy.nl"]
+  gem.description   = %q{InProvisE is Intuitive Provisioning Environment}
+  gem.summary       = %q{Simple, easy and intuitive infrastructure provisioning}
+  gem.homepage      = ""
+
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "inprovise"
+  gem.require_paths = ["lib"]
+  gem.version       = Inprovise::VERSION
+  gem.add_dependency('colored')
+  gem.add_dependency('net-ssh')
+  gem.add_dependency('net-sftp')
+  gem.add_dependency('gli')
+  gem.add_dependency('tilt')
+  gem.post_install_message = ''
+end

data/lib/inprovise/channel/ssh.rb

@@ -0,0 +1,202 @@
+# SSH Command channel for Inprovise
+#
+# Author::    Martin Corino
+# License::   Distributes under the same license as Ruby
+
+require 'net/ssh'
+require 'net/sftp'
+require 'digest/sha1'
+
+Inprovise::CmdChannel.define('ssh') do
+
+  def initialize(node)
+    super(node)
+    @connection = nil
+    @sftp = nil
+    if @node.config.has_key?(:credentials) && @node.config[:credentials].has_key?(:'public-key')
+      install_pubkey(@node.config[:credentials][:'public-key'])
+    end
+  end
+
+  def close
+    disconnect
+  end
+
+  # command execution
+
+  def run(command, forcelog=false)
+    execute(command, forcelog)
+  end
+
+  # file management
+
+  def upload(from, to)
+    @node.log.remote("SFTP.UPLOAD: #{from} => #{to}") if Inprovise.verbosity > 1
+    sftp.upload!(from, to)
+  end
+
+  def download(from, to)
+    @node.log.remote("SFTP.DOWNLOAD: #{to} <= #{from}") if Inprovise.verbosity > 1
+    sftp.download!(from, to)
+  end
+
+  def mkdir(path)
+    @node.log.remote("SFTP.MKDIR: #{path}") if Inprovise.verbosity > 1
+    sftp.mkdir!(path)
+  end
+
+  def exists?(path)
+    @node.log.remote("SFTP.EXISTS?: #{path}") if Inprovise.verbosity > 1
+    begin
+      sftp.stat!(path) != nil
+    rescue Net::SFTP::StatusException => ex
+      raise ex unless ex.code == Net::SFTP::Response::FX_NO_SUCH_FILE
+      false
+    end
+  end
+
+  def file?(path)
+    @node.log.remote("SFTP.FILE?: #{path}") if Inprovise.verbosity > 1
+    begin
+      sftp.stat!(path).symbolic_type == :regular
+    rescue Net::SFTP::StatusException => ex
+      raise ex unless ex.code == Net::SFTP::Response::FX_NO_SUCH_FILE
+      false
+    end
+  end
+
+  def directory?(path)
+    @node.log.remote("SFTP.DIRECTORY?: #{path}") if Inprovise.verbosity > 1
+    begin
+      sftp.stat!(path).symbolic_type == :directory
+    rescue Net::SFTP::StatusException => ex
+      raise ex unless ex.code == Net::SFTP::Response::FX_NO_SUCH_FILE
+      false
+    end
+  end
+
+  def content(path)
+    @node.log.remote("SFTP.READ: #{path}") if Inprovise.verbosity > 1
+    sftp.file.open(path) do |io|
+      return io.read
+    end
+  end
+
+  def delete(path)
+    @node.log.remote("SFTP.DELETE: #{path}") if Inprovise.verbosity > 1
+    sftp.delete!(path) if exists?(path)
+  end
+
+  def permissions(path)
+    @node.log.remote("SFTP.PERMISSIONS: #{path}") if Inprovise.verbosity > 1
+    begin
+      sftp.stat!(path).permissions & 0x0FFF
+    rescue Net::SFTP::StatusException => ex
+      raise ex unless ex.code == Net::SFTP::Response::FX_NO_SUCH_FILE
+      0
+    end
+  end
+
+  def set_permissions(path, perm)
+    @node.log.remote("SFTP.SETPERMISSIONS: #{path} #{'%o' % perm}") if Inprovise.verbosity > 1
+    sftp.setstat!(path, :permissions => perm)
+  end
+
+  def owner(path)
+    @node.log.remote("SFTP.OWNER: #{path}") if Inprovise.verbosity > 1
+    begin
+      result = sftp.stat!(path)
+      {:user => result.owner, :group => result.group}
+    rescue Net::SFTP::StatusException => ex
+      raise ex unless ex.code == Net::SFTP::Response::FX_NO_SUCH_FILE
+      nil
+    end
+  end
+
+  def set_owner(path, user, group=nil)
+    @node.log.remote("SFTP.SET_OWNER: #{path} #{user} #{group}") if Inprovise.verbosity > 1
+    attrs = { :owner => user }
+    attrs.merge({ :group => group }) if group
+    sftp.setstat!(path, attrs)
+  end
+
+  private
+
+  def options_for_ssh
+    opts = [
+      :auth_methods, :compression, :compression_level, :config, :encryption , :forward_agent , :global_known_hosts_file ,
+      :hmac , :host_key , :host_key_alias , :host_name, :kex , :keys , :key_data , :keys_only , :logger , :paranoid ,
+      :passphrase , :password , :port , :properties , :proxy , :rekey_blocks_limit , :rekey_limit , :rekey_packet_limit ,
+      :timeout , :user , :user_known_hosts_file , :verbose ]
+    ssh_cfg  = @node.config.reduce({}) do |hsh, (k,v)|
+      hsh[k] = v if opts.include?(k)
+      hsh
+    end
+    (@node.config[:credentials] || {}).reduce(ssh_cfg) do |hsh, (k,v)|
+      hsh[k] = v if k == :password || k == :passphrase
+      hsh
+    end
+  end
+
+  def install_pubkey(pubkey_path)
+    log_bak = @node.log
+    begin
+      @node.log_to(Inprovise::Logger.new(@node, 'ssh[init]'))
+      unless exists?('./.ssh')
+        mkdir('./.ssh') rescue run('mkdir .ssh')
+        set_permissions('./.ssh', 755) rescue run('chmod 0755 ./.ssh')
+      end
+      pubkey = File.read(pubkey_path)
+      # check if public key already configured
+      if exists?('./.ssh/authorized_keys')
+        auth_keys = begin
+                      content('./.ssh/authorized_keys')
+                    rescue
+                      run('cat ./.ssh/authorized_keys')
+                    end.split("\n")
+        return if auth_keys.any? { |key| key == pubkey }
+      end
+      begin
+        @node.log.remote("APPEND: #{pubkey_path} -> ./.ssh/authorized_keys") if Inprovise.verbosity > 0
+        sftp.file.open('./.ssh/authorized_keys', 'a') do |f|
+          f.puts pubkey
+        end
+      rescue
+        # using the SFTP option failed, let's try a more basic approach
+        upload_path = "inprovise-upload-#{Digest::SHA1.file(pubkey_path).hexdigest}"
+        upload(pubkey_path, upload_path)
+        run("cat #{upload_path} >> ./.ssh/authorized_keys")
+        run("rm #{upload_path}")
+      end
+      set_permissions('./.ssh/authorized_keys', 644) rescue run('chmod 0644 ./.ssh/authorized_keys')
+    ensure
+      @node.log_to(log_bak)
+    end
+  end
+
+  def execute(cmd, forcelog=false)
+    @node.log.remote("SSH: #{cmd}") if Inprovise.verbosity > 1 || forcelog
+    output = ''
+    connection.exec! cmd do |channel, stream, data|
+      output << data if stream == :stdout
+      data.split("\n").each do |line|
+        @node.log.send(stream, line, forcelog)
+      end if Inprovise.verbosity > 1 || forcelog
+    end
+    output
+  end
+
+  def connection
+    return @connection if @connection && !@connection.closed?
+    @connection = Net::SSH.start(@node.host, @node.user, options_for_ssh)
+  end
+
+  def disconnect
+    @connection.close if @connection && !@connection.closed?
+  end
+
+  def sftp
+    @sftp ||= connection.sftp.connect
+  end
+
+end

data/lib/inprovise/cli/group.rb

@@ -0,0 +1,86 @@
+# CLI Group commands for Inprovise
+#
+# Author::    Martin Corino
+# License::   Distributes under the same license as Ruby
+
+class Inprovise::Cli
+
+  desc 'Manage infrastructure groups'
+  command :group do |cgrp|
+
+    cgrp.desc 'Add an infrastructure group'
+    cgrp.arg_name 'GROUP'
+    cgrp.command :add do |cgrp_add|
+
+      cgrp_add.flag [:t, :target], :arg_name => 'NAME', :multiple => true, :desc => 'Add a known target (node or group) to this new group.'
+      cgrp_add.flag [:c, :config], :arg_name => 'CFGKEY=CFGVAL', :multiple => true, :desc => 'Specify a configuration setting for the group.'
+
+      cgrp_add.action do |global,options,args|
+        raise ArgumentError, 'Missing or too many arguments!' unless args.size == 1
+        Inprovise::Controller.run(:add, options, :group, *args)
+        Inprovise::Controller.wait!
+      end
+
+    end
+
+    cgrp.desc 'Remove (an) infrastructure group(s)'
+    cgrp.arg_name 'GROUP[ GROUP [...]]'
+    cgrp.command :remove do |cgrp_del|
+
+      cgrp_del.action do |global,options,args|
+        raise ArgumentError, 'Missing argument!' if args.empty?
+        Inprovise::Controller.run(:remove, options, :group, *args)
+        Inprovise::Controller.wait!
+      end
+
+    end
+
+    cgrp.desc 'Update configuration for the given groups.'
+    cgrp.arg_name 'GROUP[ GROUP [...]]'
+    cgrp.command :update do |cgrp_update|
+
+      cgrp_update.flag [:c, :config], :arg_name => 'CFGKEY=CFGVAL', :multiple => true, :desc => 'Specify a configuration setting for the group(s)'
+      cgrp_update.switch [:r, :reset], negatable: false, :desc => 'Reset configuration before update (default is to merge updates)'
+      cgrp_update.flag [:t, :target], :arg_name => 'NAME', :multiple => true, :desc => 'Add a known target (node or group) to the group(s)'
+
+      cgrp_update.action do |global,options,args|
+        raise ArgumentError, 'Missing argument!' if args.empty?
+        Inprovise::Controller.run(:update, options, :group, *args)
+        Inprovise::Controller.wait!
+      end
+    end
+
+    cgrp.desc 'List infrastructure groups (all or specified group(s))'
+    cgrp.arg_name '[GROUP[ GROUP [...]]]'
+    cgrp.command :list do |cgrp_list|
+      cgrp_list.switch [:d, :details], negatable: false, :desc => 'Show group details'
+
+      cgrp_list.action do |global_options,options,args|
+        $stdout.puts "   INFRASTRUCTURE GROUPS"
+        $stdout.puts "   ====================="
+        if args.empty?
+          Inprovise::Infrastructure.list(Inprovise::Infrastructure::Group).each do |g|
+            Inprovise::Cli.show_target(g, options[:details])
+          end
+        else
+          args.each do |a|
+            tgt = Inprovise::Infrastructure.find(a)
+            case tgt
+              when Inprovise::Infrastructure::Node
+                $stdout.puts "ERROR: #{a} is not a group".red
+              when Inprovise::Infrastructure::Group
+                Inprovise::Cli.show_target(tgt, options[:details])
+              else
+                $stdout.puts "ERROR: #{a} is unknown".red
+            end
+          end
+        end
+        $stdout.puts
+      end
+    end
+
+    cgrp.default_command :list
+
+  end
+
+end