leap_cli 1.2.5

data/lib/leap_cli/commands/compile.rb

@@ -0,0 +1,134 @@
+
+module LeapCli
+  module Commands
+
+    desc "Compile generated files."
+    command :compile do |c|
+      c.desc 'Compiles node configuration files into hiera files used for deployment.'
+      c.command :all do |all|
+        all.action do |global_options,options,args|
+          compile_hiera_files
+        end
+      end
+
+      c.desc "Compile a DNS zone file for your provider."
+      c.command :zone do |zone|
+        zone.action do |global_options, options, args|
+          compile_zone_file
+        end
+      end
+
+      c.default_command :all
+    end
+
+    protected
+
+    def compile_hiera_files(nodes=nil)
+      # these must come first
+      update_compiled_ssh_configs
+
+      # export generated files
+      manager.export_nodes(nodes)
+      manager.export_secrets(nodes.nil?) # only do a "clean" export if we are examining all the nodes
+    end
+
+    def update_compiled_ssh_configs
+      update_authorized_keys
+      update_known_hosts
+    end
+
+    ##
+    ## ZONE FILE
+    ##
+
+    def relative_hostname(fqdn)
+      @domain_regexp ||= /\.?#{Regexp.escape(provider.domain)}$/
+      fqdn.sub(@domain_regexp, '')
+    end
+
+    #
+    # serial is any number less than 2^32 (4294967296)
+    #
+    def compile_zone_file
+      hosts_seen = {}
+      f = $stdout
+      f.puts ZONE_HEADER % {:domain => provider.domain, :ns => provider.domain, :contact => provider.contacts.default.first.sub('@','.')}
+      max_width = manager.nodes.values.inject(0) {|max, node| [max, relative_hostname(node.domain.full).length].max }
+      put_line = lambda do |host, line|
+        host = '@' if host == ''
+        f.puts("%-#{max_width}s %s" % [host, line])
+      end
+
+      f.puts ORIGIN_HEADER
+      # 'A' records for primary domain
+      manager.nodes[:environment => '!local'].each_node do |node|
+        if node.dns['aliases'] && node.dns.aliases.include?(provider.domain)
+          put_line.call "", "IN A      #{node.ip_address}"
+        end
+      end
+
+      # NS records
+      if provider['dns'] && provider.dns['nameservers']
+        provider.dns.nameservers.each do |ns|
+          put_line.call "", "IN NS #{ns}."
+        end
+      end
+
+      # all other records
+      manager.environments.each do |env|
+        next if env == 'local'
+        nodes = manager.nodes[:environment => env]
+        next unless nodes.any?
+        f.puts ENV_HEADER % (env.nil? ? 'default' : env)
+        nodes.each_node do |node|
+          if node.dns.public
+            hostname = relative_hostname(node.domain.full)
+            put_line.call relative_hostname(node.domain.full), "IN A      #{node.ip_address}"
+          end
+          if node.dns['aliases']
+            node.dns.aliases.each do |host_alias|
+              if host_alias != node.domain.full && host_alias != provider.domain
+                put_line.call relative_hostname(host_alias), "IN CNAME  #{relative_hostname(node.domain.full)}"
+              end
+            end
+          end
+          if node.services.include? 'mx'
+            put_line.call relative_hostname(node.domain.full_suffix), "IN MX 10  #{relative_hostname(node.domain.full)}"
+          end
+        end
+      end
+    end
+
+    ENV_HEADER = %[
+;;
+;; ENVIRONMENT %s
+;;
+
+]
+
+    ZONE_HEADER = %[
+;;
+;; BIND data file for %{domain}
+;;
+
+$TTL 600
+$ORIGIN %{domain}.
+
+@ IN SOA %{ns}. %{contact}. (
+  0000          ; serial
+  7200          ; refresh (  24 hours)
+  3600          ; retry   (   2 hours)
+  1209600       ; expire  (1000 hours)
+  600 )         ; minimum (   2 days)
+;
+]
+
+    ORIGIN_HEADER = %[
+;;
+;; ZONE ORIGIN
+;;
+
+]
+
+  end
+end

data/lib/leap_cli/commands/deploy.rb

@@ -0,0 +1,172 @@
+
+module LeapCli
+  module Commands
+
+    desc 'Apply recipes to a node or set of nodes.'
+    long_desc 'The FILTER can be the name of a node, service, or tag.'
+    arg_name 'FILTER'
+    command :deploy do |c|
+
+      # --fast
+      c.switch :fast, :desc => 'Makes the deploy command faster by skipping some slow steps. A "fast" deploy can be used safely if you recently completed a normal deploy.',
+                      :negatable => false
+
+      # --force
+      c.switch :force, :desc => 'Deploy even if there is a lockfile.', :negatable => false
+
+      # --tags
+      c.flag :tags, :desc => 'Specify tags to pass through to puppet (overriding the default).',
+                    :default_value => DEFAULT_TAGS.join(','), :arg_name => 'TAG[,TAG]'
+
+      c.flag :port, :desc => 'Override the default SSH port.',
+                    :arg_name => 'PORT'
+
+      c.flag :ip,   :desc => 'Override the default SSH IP address.',
+                    :arg_name => 'IPADDRESS'
+
+      c.action do |global,options,args|
+        init_submodules
+
+        nodes = filter_deploy_nodes(args)
+        if nodes.size > 1
+          say "Deploying to these nodes: #{nodes.keys.join(', ')}"
+          if !global[:yes] && !agree("Continue? ")
+            quit! "OK. Bye."
+          end
+        end
+
+        compile_hiera_files(nodes)
+
+        ssh_connect(nodes, connect_options(options)) do |ssh|
+          ssh.leap.log :checking, 'node' do
+            ssh.leap.check_for_no_deploy
+            ssh.leap.assert_initialized
+          end
+          ssh.leap.log :synching, "configuration files" do
+            sync_hiera_config(ssh)
+            sync_support_files(ssh)
+          end
+          ssh.leap.log :synching, "puppet manifests" do
+            sync_puppet_files(ssh)
+          end
+          ssh.leap.log :applying, "puppet" do
+            ssh.puppet.apply(:verbosity => LeapCli.log_level, :tags => tags(options), :force => options[:force])
+          end
+        end
+      end
+    end
+
+    private
+
+    def sync_hiera_config(ssh)
+      dest_dir = provider.hiera_sync_destination
+      ssh.rsync.update do |server|
+        node = manager.node(server.host)
+        hiera_file = Path.relative_path([:hiera, node.name])
+        ssh.leap.log hiera_file + ' -> ' + node.name + ':' + dest_dir + '/hiera.yaml'
+        {
+          :source => hiera_file,
+          :dest => dest_dir + '/hiera.yaml',
+          :flags => "-rltp --chmod=u+rX,go-rwx"
+        }
+      end
+    end
+
+    def sync_support_files(ssh)
+      dest_dir = provider.hiera_sync_destination
+      ssh.rsync.update do |server|
+        node = manager.node(server.host)
+        files_to_sync = node.file_paths.collect {|path| Path.relative_path(path, Path.provider) }
+        if files_to_sync.any?
+          ssh.leap.log(files_to_sync.join(', ') + ' -> ' + node.name + ':' + dest_dir)
+          {
+            :chdir => Path.provider,
+            :source => ".",
+            :dest => dest_dir,
+            :excludes => "*",
+            :includes => calculate_includes_from_files(files_to_sync),
+            :flags => "-rltp --chmod=u+rX,go-rwx --relative --delete --delete-excluded --filter='protect hiera.yaml' --copy-links"
+          }
+        else
+          nil
+        end
+      end
+    end
+
+    def sync_puppet_files(ssh)
+      ssh.rsync.update do |server|
+        ssh.leap.log(Path.platform + '/[bin,tests,puppet] -> ' + server.host + ':' + LeapCli::PUPPET_DESTINATION)
+        {
+          :dest => LeapCli::PUPPET_DESTINATION,
+          :source => '.',
+          :chdir => Path.platform,
+          :excludes => '*',
+          :includes => ['/bin', '/bin/**', '/puppet', '/puppet/**', '/tests', '/tests/**'],
+          :flags => "-rlt --relative --delete --copy-links"
+        }
+      end
+    end
+
+    def init_submodules
+      Dir.chdir Path.platform do
+        assert_run! "git submodule sync"
+        statuses = assert_run! "git submodule status"
+        statuses.strip.split("\n").each do |status_line|
+          if status_line =~ /^[\+-]/
+            submodule = status_line.split(' ')[1]
+            log "Updating submodule #{submodule}"
+            assert_run! "git submodule update --init #{submodule}"
+          end
+        end
+      end
+    end
+
+    def calculate_includes_from_files(files)
+      return nil unless files and files.any?
+
+      # prepend '/' (kind of like ^ for rsync)
+      includes = files.collect {|file| '/' + file}
+
+      # include all sub files of specified directories
+      includes.size.times do |i|
+        if includes[i] =~ /\/$/
+          includes << includes[i] + '**'
+        end
+      end
+
+      # include all parent directories (required because of --exclude '*')
+      includes.size.times do |i|
+        path = File.dirname(includes[i])
+        while(path != '/')
+          includes << path unless includes.include?(path)
+          path = File.dirname(path)
+        end
+      end
+
+      return includes
+    end
+
+    def tags(options)
+      if options[:tags]
+        tags = options[:tags].split(',')
+      else
+        tags = LeapCli::DEFAULT_TAGS.dup
+      end
+      tags << 'leap_slow' unless options[:fast]
+      tags.join(',')
+    end
+
+    #
+    # for safety, we allow production deploys to be turned off in the Leapfile.
+    #
+    def filter_deploy_nodes(filter)
+      nodes = manager.filter!(filter)
+      if !leapfile.allow_production_deploy
+        nodes = nodes[:environment => "!production"]
+        assert! nodes.any?, "Skipping deploy because @allow_production_deploy is disabled."
+      end
+      nodes
+    end
+
+  end
+end

data/lib/leap_cli/commands/facts.rb

@@ -0,0 +1,93 @@
+#
+# Gather facter facts
+#
+
+module LeapCli; module Commands
+
+  desc 'Gather information on nodes.'
+  command :facts do |facts|
+    facts.desc 'Query servers to update facts.json.'
+    facts.long_desc "Queries every node included in FILTER and saves the important information to facts.json"
+    facts.arg_name 'FILTER'
+    facts.command :update do |update|
+      update.action do |global_options,options,args|
+        update_facts(global_options, options, args)
+      end
+    end
+  end
+
+  protected
+
+  def facter_cmd
+    'facter --json ' + Leap::Platform.facts.join(' ')
+  end
+
+  def remove_node_facts(name)
+    if file_exists?(:facts)
+      update_facts_file({name => nil})
+    end
+  end
+
+  def update_node_facts(name, facts)
+    update_facts_file({name => facts})
+  end
+
+  def rename_node_facts(old_name, new_name)
+    if file_exists?(:facts)
+      facts = JSON.parse(read_file(:facts) || {})
+      facts[new_name] = facts[old_name]
+      facts[old_name] = nil
+      update_facts_file(facts, true)
+    end
+  end
+
+  #
+  # if overwrite = true, then ignore existing facts.json.
+  #
+  def update_facts_file(new_facts, overwrite=false)
+    replace_file!(:facts) do |content|
+      if overwrite || content.nil? || content.empty?
+        old_facts = {}
+      else
+        old_facts = JSON.parse(content)
+      end
+      facts = old_facts.merge(new_facts)
+      facts.each do |name, value|
+        if value.is_a? String
+          if value == ""
+            value = nil
+          else
+            value = JSON.parse(value)
+          end
+        end
+        if value.is_a? Hash
+          value.delete_if {|key,v| v.nil?}
+        end
+        facts[name] = value
+      end
+      facts.delete_if do |name, value|
+        value.nil? || value.empty?
+      end
+      if facts.empty?
+        nil
+      else
+        JSON.sorted_generate(facts) + "\n"
+      end
+    end
+  end
+
+  private
+
+  def update_facts(global_options, options, args)
+    nodes = manager.filter(args)
+    new_facts = {}
+    ssh_connect(nodes) do |ssh|
+      ssh.leap.run_with_progress(facter_cmd) do |response|
+        new_facts[response[:host]] = response[:data].strip
+      end
+    end
+    overwrite_existing = args.empty?
+    update_facts_file(new_facts, overwrite_existing)
+  end
+
+end; end

data/lib/leap_cli/commands/inspect.rb

@@ -0,0 +1,140 @@
+module LeapCli; module Commands
+
+  desc 'Prints details about a file. Alternately, the argument FILE can be the name of a node, service or tag.'
+  arg_name 'FILE'
+  command :inspect do |c|
+    c.switch 'base', :desc => 'Inspect the FILE from the provider_base (i.e. without local inheritance).', :negatable => false
+    c.action do |global_options,options,args|
+      object = args.first
+      assert! object, 'A file path or node/service/tag name is required'
+      method = inspection_method(object)
+      if method && defined?(method)
+        self.send(method, object, options)
+      else
+        log "Sorry, I don't know how to inspect that."
+      end
+    end
+  end
+
+  private
+
+  FTYPE_MAP = {
+    "PEM certificate"         => :inspect_x509_cert,
+    "PEM RSA private key"     => :inspect_x509_key,
+    "OpenSSH RSA public key"  => :inspect_ssh_pub_key,
+    "PEM certificate request" => :inspect_x509_csr
+  }
+
+  def inspection_method(object)
+    if File.exists?(object)
+      ftype = `file #{object}`.split(':').last.strip
+      log 2, "file is of type '#{ftype}'"
+      if FTYPE_MAP[ftype]
+        FTYPE_MAP[ftype]
+      elsif File.extname(object) == ".json"
+        full_path = File.expand_path(object, Dir.pwd)
+        if path_match?(:node_config, full_path)
+          :inspect_node
+        elsif path_match?(:service_config, full_path)
+          :inspect_service
+        elsif path_match?(:tag_config, full_path)
+          :inspect_tag
+        elsif path_match?(:provider_config, full_path)
+          :inspect_provider
+        elsif path_match?(:common_config, full_path)
+          :inspect_common
+        else
+          nil
+        end
+      end
+    elsif manager.nodes[object]
+      :inspect_node
+    elsif manager.services[object]
+      :inspect_service
+    elsif manager.tags[object]
+      :inspect_tag
+    elsif object == "common"
+      :inspect_common
+    elsif object == "provider"
+      :inspect_provider
+    else
+      nil
+    end
+  end
+
+  #
+  # inspectors
+  #
+
+  def inspect_x509_key(file_path, options)
+    assert_bin! 'openssl'
+    puts assert_run! 'openssl rsa -in %s -text -check' % file_path
+  end
+
+  def inspect_x509_cert(file_path, options)
+    assert_bin! 'openssl'
+    puts assert_run! 'openssl x509 -in %s -text -noout' % file_path
+    log 0, :"SHA256 fingerprint", X509.fingerprint("SHA256", file_path)
+  end
+
+  def inspect_x509_csr(file_path, options)
+    assert_bin! 'openssl'
+    puts assert_run! 'openssl req -text -noout -verify -in %s' % file_path
+  end
+
+  #def inspect_ssh_pub_key(file_path)
+  #end
+
+  def inspect_node(arg, options)
+    inspect_json manager.nodes[name(arg)]
+  end
+
+  def inspect_service(arg, options)
+    if options[:base]
+      inspect_json manager.base_services[name(arg)]
+    else
+      inspect_json manager.services[name(arg)]
+    end
+  end
+
+  def inspect_tag(arg, options)
+    if options[:base]
+      inspect_json manager.base_tags[name(arg)]
+    else
+      inspect_json manager.tags[name(arg)]
+    end
+  end
+
+  def inspect_provider(arg, options)
+    if options[:base]
+      inspect_json manager.base_provider
+    else
+      inspect_json manager.provider
+    end
+  end
+
+  def inspect_common(arg, options)
+    if options[:base]
+      inspect_json manager.base_common
+    else
+      inspect_json manager.common
+    end
+  end
+
+  #
+  # helpers
+  #
+
+  def name(arg)
+    File.basename(arg).sub(/\.json$/, '')
+  end
+
+  def inspect_json(config)
+    puts JSON.sorted_generate(config)
+  end
+
+  def path_match?(path_symbol, path)
+    Dir.glob(Path.named_path([path_symbol, '*'])).include?(path)
+  end
+
+end; end

data/lib/leap_cli/commands/list.rb

@@ -0,0 +1,122 @@
+require 'command_line_reporter'
+
+module LeapCli; module Commands
+
+  desc 'List nodes and their classifications'
+  long_desc 'Prints out a listing of nodes, services, or tags. ' +
+            'If present, the FILTER can be a list of names of nodes, services, or tags. ' +
+            'If the name is prefixed with +, this acts like an AND condition. ' +
+            "For example:\n\n" +
+            "`leap list node1 node2` matches all nodes named \"node1\" OR \"node2\"\n\n" +
+            "`leap list openvpn +local` matches all nodes with service \"openvpn\" AND tag \"local\""
+
+  arg_name 'FILTER', :optional => true
+  command :list do |c|
+    c.flag 'print', :desc => 'What attributes to print (optional)'
+    c.switch 'disabled', :desc => 'Include disabled nodes in the list.', :negatable => false
+    c.action do |global_options,options,args|
+      puts
+      if options['disabled']
+        manager.load(:include_disabled => true) # reload, with disabled nodes
+      end
+      if options['print']
+        print_node_properties(manager.filter(args), options['print'])
+      else
+        if args.any?
+          NodeTable.new(manager.filter(args)).run
+        else
+          TagTable.new('SERVICES', manager.services).run
+          TagTable.new('TAGS', manager.tags).run
+          NodeTable.new(manager.nodes).run
+        end
+      end
+    end
+  end
+
+  private
+
+  def self.print_node_properties(nodes, properties)
+    node_list = manager.nodes
+    properties = properties.split(',')
+    max_width = nodes.keys.inject(0) {|max,i| [i.size,max].max}
+    nodes.each_node do |node|
+      node.evaluate
+      value = properties.collect{|prop|
+        if node[prop].nil?
+          "null"
+        elsif node[prop] == ""
+          "empty"
+        else
+          node[prop]
+        end
+      }.join(', ')
+      printf("%#{max_width}s  %s\n", node.name, value)
+    end
+    puts
+  end
+
+  class TagTable
+    include CommandLineReporter
+    def initialize(heading, tag_list)
+      @heading = heading
+      @tag_list = tag_list
+    end
+    def run
+      tags = @tag_list.keys.sort
+      max_width = [20, (tags+[@heading]).inject(0) {|max,i| [i.size,max].max}].max
+      table :border => false do
+        row :header => true, :color => 'cyan'  do
+          column @heading, :align => 'right', :width => max_width
+          column "NODES", :width => HighLine::SystemExtensions.terminal_size.first - max_width - 2, :padding => 2
+        end
+        tags.each do |tag|
+          row do
+            column tag
+            column @tag_list[tag].node_list.keys.sort.join(', ')
+          end
+        end
+      end
+      vertical_spacing
+    end
+  end
+
+  #
+  # might be handy: HighLine::SystemExtensions.terminal_size.first
+  #
+  class NodeTable
+    include CommandLineReporter
+    def initialize(node_list)
+      @node_list = node_list
+    end
+    def run
+      rows = @node_list.keys.sort.collect do |node_name|
+        [node_name, @node_list[node_name].services.sort.join(', '), @node_list[node_name].tags.sort.join(', ')]
+      end
+      unless rows.any?
+        puts Paint["no results", :red]
+        puts
+        return
+      end
+      padding = 2
+      max_node_width    = [20, (rows.map{|i|i[0]} + ["NODES"]   ).inject(0) {|max,i| [i.size,max].max}].max
+      max_service_width = (rows.map{|i|i[1]} + ["SERVICES"]).inject(0) {|max,i| [i.size+padding+padding,max].max}
+      max_tag_width     = (rows.map{|i|i[2]} + ["TAGS"]    ).inject(0) {|max,i| [i.size,max].max}
+      table :border => false do
+        row :header => true, :color => 'cyan'  do
+          column "NODES", :align => 'right', :width => max_node_width
+          column "SERVICES", :width => max_service_width, :padding => 2
+          column "TAGS", :width => max_tag_width
+        end
+        rows.each do |r|
+          row do
+            column r[0]
+            column r[1]
+            column r[2]
+          end
+        end
+      end
+      vertical_spacing
+    end
+  end
+
+end; end