leap_cli 1.7.4 → 1.8

data/lib/leap_cli/commands/node.rb

@@ -1,165 +0,0 @@
-#
-# fyi: the `node init` command lives in node_init.rb,
-#      but all other `node x` commands live here.
-#
-
-autoload :IPAddr, 'ipaddr'
-
-module LeapCli; module Commands
-
-  ##
-  ## COMMANDS
-  ##
-
-  desc 'Node management'
-  command [:node, :n] do |node|
-    node.desc 'Create a new configuration file for a node named NAME.'
-    node.long_desc ["If specified, the optional argument SEED can be used to seed values in the node configuration file.",
-                    "The format is property_name:value.",
-                    "For example: `leap node add web1 ip_address:1.2.3.4 services:webapp`.",
-                    "To set nested properties, property name can contain '.', like so: `leap node add web1 ssh.port:44`",
-                    "Separeate multiple values for a single property with a comma, like so: `leap node add mynode services:webapp,dns`"].join("\n\n")
-    node.arg_name 'NAME [SEED]' # , :optional => false, :multiple => false
-    node.command :add do |add|
-      add.switch :local, :desc => 'Make a local testing node (by automatically assigning the next available local IP address). Local nodes are run as virtual machines on your computer.', :negatable => false
-      add.action do |global_options,options,args|
-        # argument sanity checks
-        name = args.first
-        assert_valid_node_name!(name, options[:local])
-        assert_files_missing! [:node_config, name]
-
-        # create and seed new node
-        node = Config::Node.new(manager)
-        if options[:local]
-          node['ip_address'] = pick_next_vagrant_ip_address
-        end
-        seed_node_data(node, args[1..-1])
-        validate_ip_address(node)
-        begin
-          write_file! [:node_config, name], node.dump_json + "\n"
-          node['name'] = name
-          if file_exists? :ca_cert, :ca_key
-            generate_cert_for_node(manager.reload_node!(node))
-          end
-        rescue LeapCli::ConfigError => exc
-          remove_node_files(name)
-        end
-      end
-    end
-
-    node.desc 'Renames a node file, and all its related files.'
-    node.arg_name 'OLD_NAME NEW_NAME'
-    node.command :mv do |mv|
-      mv.action do |global_options,options,args|
-        node = get_node_from_args(args)
-        new_name = args.last
-        assert_valid_node_name!(new_name, node.vagrant?)
-        ensure_dir [:node_files_dir, new_name]
-        Leap::Platform.node_files.each do |path|
-          rename_file! [path, node.name], [path, new_name]
-        end
-        remove_directory! [:node_files_dir, node.name]
-        rename_node_facts(node.name, new_name)
-      end
-    end
-
-    node.desc 'Removes all the files related to the node named NAME.'
-    node.arg_name 'NAME' #:optional => false #, :multiple => false
-    node.command :rm do |rm|
-      rm.action do |global_options,options,args|
-        node = get_node_from_args(args)
-        remove_node_files(node.name)
-        if node.vagrant?
-          vagrant_command("destroy --force", [node.name])
-        end
-        remove_node_facts(node.name)
-      end
-    end
-  end
-
-  ##
-  ## PUBLIC HELPERS
-  ##
-
-  def get_node_from_args(args, options={})
-    node_name = args.first
-    node = manager.node(node_name)
-    if node.nil? && options[:include_disabled]
-      node = manager.disabled_node(node_name)
-    end
-    assert!(node, "Node '#{node_name}' not found.")
-    node
-  end
-
-  def seed_node_data(node, args)
-    args.each do |seed|
-      key, value = seed.split(':')
-      value = format_seed_value(value)
-      assert! key =~ /^[0-9a-z\._]+$/, "illegal characters used in property '#{key}'"
-      if key =~ /\./
-        key_parts = key.split('.')
-        final_key = key_parts.pop
-        current_object = node
-        key_parts.each do |key_part|
-          current_object[key_part] ||= Config::Object.new
-          current_object = current_object[key_part]
-        end
-        current_object[final_key] = value
-      else
-        node[key] = value
-      end
-    end
-  end
-
-  def remove_node_files(node_name)
-    (Leap::Platform.node_files + [:node_files_dir]).each do |path|
-      remove_file! [path, node_name]
-    end
-  end
-
-  #
-  # conversions:
-  #
-  #   "x,y,z" => ["x","y","z"]
-  #
-  #   "22" => 22
-  #
-  #   "5.1" => 5.1
-  #
-  def format_seed_value(v)
-    if v =~ /,/
-      v = v.split(',')
-      v.map! do |i|
-        i = i.to_i if i.to_i.to_s == i
-        i = i.to_f if i.to_f.to_s == i
-        i
-      end
-    else
-      v = v.to_i if v.to_i.to_s == v
-      v = v.to_f if v.to_f.to_s == v
-    end
-    return v
-  end
-
-  def validate_ip_address(node)
-    IPAddr.new(node['ip_address'])
-  rescue ArgumentError
-    bail! do
-      if node['ip_address']
-        log :invalid, "ip_address #{node['ip_address'].inspect}"
-      else
-        log :missing, "ip_address"
-      end
-    end
-  end
-
-  def assert_valid_node_name!(name, local=false)
-    assert! name, 'No <node-name> specified.'
-    if local
-      assert! name =~ /^[0-9a-z]+$/, "illegal characters used in node name '#{name}' (note: Vagrant does not allow hyphens or underscores)"
-    else
-      assert! name =~ /^[0-9a-z-]+$/, "illegal characters used in node name '#{name}' (note: Linux does not allow underscores)"
-    end
-  end
-
-end; end

data/lib/leap_cli/commands/node_init.rb

@@ -1,169 +0,0 @@
-#
-# Node initialization.
-# Most of the fun stuff is in tasks.rb.
-#
-
-module LeapCli; module Commands
-
-  desc 'Node management'
-  command :node do |node|
-    node.desc 'Bootstraps a node or nodes, setting up SSH keys and installing prerequisite packages'
-    node.long_desc "This command prepares a server to be used with the LEAP Platform by saving the server's SSH host key, " +
-                   "copying the authorized_keys file, installing packages that are required for deploying, and registering important facts. " +
-                   "Node init must be run before deploying to a server, and the server must be running and available via the network. " +
-                   "This command only needs to be run once, but there is no harm in running it multiple times."
-    node.arg_name 'FILTER'
-    node.command :init do |init|
-      init.switch 'echo', :desc => 'If set, passwords are visible as you type them (default is hidden)', :negatable => false
-      init.flag :port, :desc => 'Override the default SSH port.', :arg_name => 'PORT'
-      init.flag :ip,   :desc => 'Override the default SSH IP address.', :arg_name => 'IPADDRESS'
-
-      init.action do |global,options,args|
-        assert! args.any?, 'You must specify a FILTER'
-        finished = []
-        manager.filter!(args).each_node do |node|
-          is_node_alive(node, options)
-          save_public_host_key(node, global, options) unless node.vagrant?
-          update_compiled_ssh_configs
-          ssh_connect_options = connect_options(options).merge({:bootstrap => true, :echo => options[:echo]})
-          ssh_connect(node, ssh_connect_options) do |ssh|
-            if node.vagrant?
-              ssh.install_insecure_vagrant_key
-            end
-            ssh.install_authorized_keys
-            ssh.install_prerequisites
-            unless node.vagrant?
-              ssh.leap.log(:checking, "SSH host keys") do
-                ssh.leap.capture(get_ssh_keys_cmd) do |response|
-                  update_local_ssh_host_keys(node, response[:data]) if response[:exitcode] == 0
-                end
-              end
-            end
-            ssh.leap.log(:updating, "facts") do
-              ssh.leap.capture(facter_cmd) do |response|
-                if response[:exitcode] == 0
-                  update_node_facts(node.name, response[:data])
-                else
-                  log :failed, "to run facter on #{node.name}"
-                end
-              end
-            end
-          end
-          finished << node.name
-        end
-        log :completed, "initialization of nodes #{finished.join(', ')}"
-      end
-    end
-  end
-
-  private
-
-  ##
-  ## PRIVATE HELPERS
-  ##
-
-  def is_node_alive(node, options)
-    address = options[:ip] || node.ip_address
-    port = options[:port] || node.ssh.port
-    log :connecting, "to node #{node.name}"
-    assert_run! "nc -zw3 #{address} #{port}",
-      "Failed to reach #{node.name} (address #{address}, port #{port}). You can override the configured IP address and port with --ip or --port."
-  end
-
-  #
-  # saves the public ssh host key for node into the provider directory.
-  #
-  # see `man sshd` for the format of known_hosts
-  #
-  def save_public_host_key(node, global, options)
-    log :fetching, "public SSH host key for #{node.name}"
-    address = options[:ip] || node.ip_address
-    port = options[:port] || node.ssh.port
-    host_keys = get_public_keys_for_ip(address, port)
-    pub_key_path = Path.named_path([:node_ssh_pub_key, node.name])
-
-    if Path.exists?(pub_key_path)
-      if host_keys.include? SshKey.load(pub_key_path)
-        log :trusted, "- Public SSH host key for #{node.name} matches previously saved key", :indent => 1
-      else
-        bail! do
-          log :error, "The public SSH host keys we just fetched for #{node.name} doesn't match what we have saved previously.", :indent => 1
-          log "Delete the file #{pub_key_path} if you really want to remove the trusted SSH host key.", :indent => 2
-        end
-      end
-    else
-      known_key = host_keys.detect{|k|k.in_known_hosts?(node.name, node.ip_address, node.domain.name)}
-      if known_key
-        log :trusted, "- Public SSH host key for #{node.name} is trusted (key found in your ~/.ssh/known_hosts)"
-      else
-        public_key = SshKey.pick_best_key(host_keys)
-        if public_key.nil?
-          bail!("We got back #{host_keys.size} host keys from #{node.name}, but we can't support any of them.")
-        else
-          say("   This is the SSH host key you got back from node \"#{node.name}\"")
-          say("   Type        -- #{public_key.bits} bit #{public_key.type.upcase}")
-          say("   Fingerprint -- " + public_key.fingerprint)
-          say("   Public Key  -- " + public_key.key)
-          if !global[:yes] && !agree("   Is this correct? ")
-            bail!
-          else
-            known_key = public_key
-          end
-        end
-      end
-      puts
-      write_file! [:node_ssh_pub_key, node.name], known_key.to_s
-    end
-  end
-
-  #
-  # Get the public host keys for a host using ssh-keyscan.
-  # Return an array of SshKey objects, one for each key.
-  #
-  def get_public_keys_for_ip(address, port=22)
-    assert_bin!('ssh-keyscan')
-    output = assert_run! "ssh-keyscan -p #{port} #{address}", "Could not get the public host key from #{address}:#{port}. Maybe sshd is not running?"
-    if output.empty?
-      bail! :failed, "ssh-keyscan returned empty output."
-    end
-
-    if output =~ /No route to host/
-      bail! :failed, 'ssh-keyscan: no route to %s' % address
-    else
-      keys = SshKey.parse_keys(output)
-      if keys.empty?
-        bail! "ssh-keyscan got zero host keys back (that we understand)! Output was: #{output}"
-      else
-        return keys
-      end
-    end
-  end
-
-  # run on the server to generate a string suitable for passing to SshKey.parse_keys()
-  def get_ssh_keys_cmd
-    "/bin/grep ^HostKey /etc/ssh/sshd_config | /usr/bin/awk '{print $2 \".pub\"}' | /usr/bin/xargs /bin/cat"
-  end
-
-  #
-  # Sometimes the ssh host keys on the server will be better than what we have
-  # stored locally. In these cases, ask the user if they want to upgrade.
-  #
-  def update_local_ssh_host_keys(node, remote_keys_string)
-    remote_keys = SshKey.parse_keys(remote_keys_string)
-    return unless remote_keys.any?
-    current_key = SshKey.load(Path.named_path([:node_ssh_pub_key, node.name]))
-    best_key = SshKey.pick_best_key(remote_keys)
-    return unless best_key && current_key
-    if current_key != best_key
-      say("   One of the SSH host keys for node '#{node.name}' is better than what you currently have trusted.")
-      say("     Current key: #{current_key.summary}")
-      say("     Better key: #{best_key.summary}")
-      if agree("   Do you want to use the better key? ")
-        write_file! [:node_ssh_pub_key, node.name], best_key.to_s
-      end
-    else
-      log(3, "current host key does not need updating")
-    end
-  end
-
-end; end

data/lib/leap_cli/commands/ssh.rb

@@ -1,220 +0,0 @@
-module LeapCli; module Commands
-
-  desc 'Log in to the specified node with an interactive shell.'
-  arg_name 'NAME' #, :optional => false, :multiple => false
-  command :ssh do |c|
-    c.flag 'ssh', :desc => "Pass through raw options to ssh (e.g. `--ssh '-F ~/sshconfig'`)."
-    c.flag 'port', :arg_name => 'SSH_PORT', :desc => 'Override default SSH port used when trying to connect to the server. Same as `--ssh "-p SSH_PORT"`.'
-    c.action do |global_options,options,args|
-      exec_ssh(:ssh, options, args)
-    end
-  end
-
-  desc 'Log in to the specified node with an interactive shell using mosh (requires node to have mosh.enabled set to true).'
-  arg_name 'NAME'
-  command :mosh do |c|
-    c.flag 'ssh', :desc => "Pass through raw options to ssh (e.g. `--ssh '-F ~/sshconfig'`)."
-    c.flag 'port', :arg_name => 'SSH_PORT', :desc => 'Override default SSH port used when trying to connect to the server. Same as `--ssh "-p SSH_PORT"`.'
-    c.action do |global_options,options,args|
-      exec_ssh(:mosh, options, args)
-    end
-  end
-
-  desc 'Creates an SSH port forward (tunnel) to the node NAME. REMOTE_PORT is the port on the remote node that the tunnel will connect to. LOCAL_PORT is the optional port on your local machine. For example: `leap tunnel couch1:5984`.'
-  arg_name '[LOCAL_PORT:]NAME:REMOTE_PORT'
-  command :tunnel do |c|
-    c.flag 'ssh', :desc => "Pass through raw options to ssh (e.g. --ssh '-F ~/sshconfig')."
-    c.flag 'port', :arg_name => 'SSH_PORT', :desc => 'Override default SSH port used when trying to connect to the server. Same as `--ssh "-p SSH_PORT"`.'
-    c.action do |global_options,options,args|
-      local_port, node, remote_port = parse_tunnel_arg(args.first)
-      options[:ssh] = [options[:ssh], "-N -L 127.0.0.1:#{local_port}:0.0.0.0:#{remote_port}"].join(' ')
-      log("Forward port localhost:#{local_port} to #{node.name}:#{remote_port}")
-      if is_port_available?(local_port)
-        exec_ssh(:ssh, options, [node.name])
-      end
-    end
-  end
-
-  desc 'Secure copy from FILE1 to FILE2. Files are specified as NODE_NAME:FILE_PATH. For local paths, omit "NODE_NAME:".'
-  arg_name 'FILE1 FILE2'
-  command :scp do |c|
-    c.switch :r, :desc => 'Copy recursively'
-    c.action do |global_options, options, args|
-      if args.size != 2
-        bail!('You must specificy both FILE1 and FILE2')
-      end
-      from, to = args
-      if (from !~ /:/ && to !~ /:/) || (from =~ /:/ && to =~ /:/)
-        bail!('One FILE must be remote and the other local.')
-      end
-      src_node_name = src_file_path = src_node = nil
-      dst_node_name = dst_file_path = dst_node = nil
-      if from =~ /:/
-        src_node_name, src_file_path = from.split(':')
-        src_node = get_node_from_args([src_node_name], :include_disabled => true)
-        dst_file_path = to
-      else
-        dst_node_name, dst_file_path = to.split(':')
-        dst_node = get_node_from_args([dst_node_name], :include_disabled => true)
-        src_file_path = from
-      end
-      exec_scp(options, src_node, src_file_path, dst_node, dst_file_path)
-    end
-  end
-
-  protected
-
-  #
-  # allow for ssh overrides of all commands that use ssh_connect
-  #
-  def connect_options(options)
-    connect_options = {:ssh_options=>{}}
-    if options[:port]
-      connect_options[:ssh_options][:port] = options[:port]
-    end
-    if options[:ip]
-      connect_options[:ssh_options][:host_name] = options[:ip]
-    end
-    return connect_options
-  end
-
-  def ssh_config_help_message
-    puts ""
-    puts "Are 'too many authentication failures' getting you down?"
-    puts "Then we have the solution for you! Add something like this to your ~/.ssh/config file:"
-    puts "  Host *.#{manager.provider.domain}"
-    puts "  IdentityFile ~/.ssh/id_rsa"
-    puts "  IdentitiesOnly=yes"
-    puts "(replace `id_rsa` with the actual private key filename that you use for this provider)"
-  end
-
-  require 'socket'
-  def is_port_available?(port)
-    TCPServer.open('127.0.0.1', port) {}
-    true
-  rescue Errno::EACCES
-    bail!("You don't have permission to bind to port #{port}.")
-  rescue Errno::EADDRINUSE
-    bail!("Local port #{port} is already in use. Specify LOCAL_PORT to pick another.")
-  rescue Exception => exc
-    bail!(exc.to_s)
-  end
-
-  private
-
-  def exec_ssh(cmd, cli_options, args)
-    node = get_node_from_args(args, :include_disabled => true)
-    port = node.ssh.port
-    options = ssh_config(node)
-    username = 'root'
-    if LeapCli.log_level >= 3
-      options << "-vv"
-    elsif LeapCli.log_level >= 2
-      options << "-v"
-    end
-    if cli_options[:port]
-      port = cli_options[:port]
-    end
-    if cli_options[:ssh]
-      options << cli_options[:ssh]
-    end
-    ssh = "ssh -l #{username} -p #{port} #{options.join(' ')}"
-    if cmd == :ssh
-      command = "#{ssh} #{node.domain.full}"
-    elsif cmd == :mosh
-      command = "MOSH_TITLE_NOPREFIX=1 mosh --ssh \"#{ssh}\" #{node.domain.full}"
-    end
-    log 2, command
-
-    # exec the shell command in a subprocess
-    pid = fork { exec "#{command}" }
-
-    Signal.trap("SIGINT") do
-      Process.kill("KILL", pid)
-      Process.wait(pid)
-      exit(0)
-    end
-
-    # wait for shell to exit so we can grab the exit status
-    _, status = Process.waitpid2(pid)
-
-    if status.exitstatus == 255
-      ssh_config_help_message
-    elsif status.exitstatus != 0
-      exit(status.exitstatus)
-    end
-  end
-
-  def exec_scp(cli_options, src_node, src_file_path, dst_node, dst_file_path)
-    node = src_node || dst_node
-    options = ssh_config(node)
-    port = node.ssh.port
-    username = 'root'
-    options << "-r" if cli_options[:r]
-    scp = "scp -P #{port} #{options.join(' ')}"
-    if src_node
-      command = "#{scp} #{username}@#{src_node.domain.full}:#{src_file_path} #{dst_file_path}"
-    elsif dst_node
-      command = "#{scp} #{src_file_path} #{username}@#{dst_node.domain.full}:#{dst_file_path}"
-    end
-    log 2, command
-
-    # exec the shell command in a subprocess
-    pid = fork { exec "#{command}" }
-
-    Signal.trap("SIGINT") do
-      Process.kill("KILL", pid)
-      Process.wait(pid)
-      exit(0)
-    end
-
-    # wait for shell to exit so we can grab the exit status
-    _, status = Process.waitpid2(pid)
-    exit(status.exitstatus)
-  end
-
-  #
-  # SSH command line -o options. See `man ssh_config`
-  #
-  # NOTES:
-  #
-  # The option 'HostKeyAlias=#{node.name}' is oddly incompatible with ports in
-  # known_hosts file, so we must not use this or non-standard ports break.
-  #
-  def ssh_config(node)
-    options = [
-      "-o 'HostName=#{node.ip_address}'",
-      "-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'",
-      "-o 'UserKnownHostsFile=/dev/null'"
-    ]
-    if node.vagrant?
-      options << "-i #{vagrant_ssh_key_file}"    # use the universal vagrant insecure key
-      options << "-o IdentitiesOnly=yes"         # force the use of the insecure vagrant key
-      options << "-o 'StrictHostKeyChecking=no'" # blindly accept host key and don't save it
-                                                 # (since userknownhostsfile is /dev/null)
-    else
-      options << "-o 'StrictHostKeyChecking=yes'"
-    end
-    if !node.supported_ssh_host_key_algorithms.empty?
-      options << "-o 'HostKeyAlgorithms=#{node.supported_ssh_host_key_algorithms}'"
-    end
-    return options
-  end
-
-  def parse_tunnel_arg(arg)
-    if arg.count(':') == 1
-      node_name, remote = arg.split(':')
-      local = nil
-    elsif arg.count(':') == 2
-      local, node_name, remote = arg.split(':')
-    else
-      bail!('Argument NAME:REMOTE_PORT required.')
-    end
-    node = get_node_from_args([node_name], :include_disabled => true)
-    remote = remote.to_i
-    local = local || remote
-    local = local.to_i
-    return [local, node, remote]
-  end
-
-end; end