manageiq-appliance_console 1.0.0

data/lib/manageiq/appliance_console/internal_database_configuration.rb

@@ -0,0 +1,187 @@
+require "pathname"
+require "util/postgres_admin"
+require "pg"
+require "linux_admin"
+
+module ManageIQ
+module ApplianceConsole
+  class InternalDatabaseConfiguration < DatabaseConfiguration
+    attr_accessor :disk, :ssl, :run_as_evm_server
+
+    DEDICATED_DB_SHARED_BUFFERS = "'1GB'".freeze
+    SHARED_DB_SHARED_BUFFERS = "'128MB'".freeze
+
+    def self.postgres_dir
+      PostgresAdmin.data_directory.relative_path_from(Pathname.new("/"))
+    end
+
+    def self.postgresql_template
+      PostgresAdmin.template_directory.join(postgres_dir)
+    end
+
+    def initialize(hash = {})
+      set_defaults
+      super
+    end
+
+    def set_defaults
+      self.host              = 'localhost'
+      self.username          = "root"
+      self.database          = "vmdb_production"
+      self.run_as_evm_server = true
+    end
+
+    def activate
+      if PostgresAdmin.initialized?
+        say(<<-EOF.gsub!(/^\s+/, ""))
+          An internal database already exists.
+          Choose "Reset Configured Database" to reset the existing installation
+          EOF
+        return false
+      end
+      initialize_postgresql_disk if disk
+      initialize_postgresql
+      return super if run_as_evm_server
+      true
+    end
+
+    def ask_questions
+      choose_disk
+      check_disk_is_mount_point
+      self.run_as_evm_server = !ask_yn?(<<-EOS.gsub!(/^ +/m, ""), "N")
+
+        Should this appliance run as a standalone database server?
+
+        NOTE:
+        * The #{I18n.t("product.name")} application will not be running.
+        * This is required when using highly available database deployments.
+        * CAUTION: This is not reversible.
+
+      EOS
+      # TODO: Assume we want to create a region for a new internal database disk
+      # until we allow for the internal selection against an already initialized disk.
+      create_new_region_questions(false) if run_as_evm_server
+      ask_for_database_credentials
+    end
+
+    def choose_disk
+      @disk = ask_for_disk("database disk")
+    end
+
+    def check_disk_is_mount_point
+      error_message = "The disk for database must be a mount point"
+      raise error_message unless disk || pg_mount_point?
+    end
+
+    def initialize_postgresql_disk
+      log_and_feedback(__method__) do
+        LogicalVolumeManagement.new(:disk                => disk,
+                                    :mount_point         => mount_point,
+                                    :name                => "pg",
+                                    :volume_group_name   => PostgresAdmin.volume_group_name,
+                                    :filesystem_type     => PostgresAdmin.database_disk_filesystem,
+                                    :logical_volume_path => PostgresAdmin.logical_volume_path).setup
+      end
+    end
+
+    def initialize_postgresql
+      log_and_feedback(__method__) do
+        PostgresAdmin.prep_data_directory
+        run_initdb
+        relabel_postgresql_dir
+        configure_postgres
+        start_postgres
+        create_postgres_root_user
+        create_postgres_database
+        apply_initial_configuration
+      end
+    end
+
+    def configure_postgres
+      self.ssl = File.exist?(PostgresAdmin.certificate_location.join("postgres.key"))
+
+      copy_template "postgresql.conf"
+      copy_template "pg_hba.conf.erb"
+      copy_template "pg_ident.conf"
+    end
+
+    def post_activation
+      start_evm if run_as_evm_server
+    end
+
+    private
+
+    def mount_point
+      PostgresAdmin.mount_point
+    end
+
+    def copy_template(src, src_dir = self.class.postgresql_template, dest_dir = PostgresAdmin.data_directory)
+      full_src = src_dir.join(src)
+      if src.include?(".erb")
+        full_dest = dest_dir.join(src.gsub(".erb", ""))
+        File.open(full_dest, "w") { |f| f.puts ERB.new(File.read(full_src), nil, '-').result(binding) }
+      else
+        FileUtils.cp full_src, dest_dir
+      end
+    end
+
+    def pg_mount_point?
+      LinuxAdmin::LogicalVolume.mount_point_exists?(mount_point.to_s)
+    end
+
+    def run_initdb
+      AwesomeSpawn.run!("service", :params => {nil => [PostgresAdmin.service_name, "initdb"]})
+    end
+
+    def start_postgres
+      LinuxAdmin::Service.new(PostgresAdmin.service_name).enable.start
+      block_until_postgres_accepts_connections
+    end
+
+    def restart_postgres
+      LinuxAdmin::Service.new(PostgresAdmin.service_name).restart
+      block_until_postgres_accepts_connections
+    end
+
+    def block_until_postgres_accepts_connections
+      loop do
+        break if AwesomeSpawn.run("psql -U postgres -c 'select 1'").success?
+      end
+    end
+
+    def create_postgres_root_user
+      with_pg_connection do |conn|
+        esc_pass = conn.escape_string(password)
+        conn.exec("CREATE ROLE #{username} WITH LOGIN CREATEDB SUPERUSER PASSWORD '#{esc_pass}'")
+      end
+    end
+
+    def create_postgres_database
+      with_pg_connection do |conn|
+        conn.exec("CREATE DATABASE #{database} OWNER #{username} ENCODING 'utf8'")
+      end
+    end
+
+    def relabel_postgresql_dir
+      AwesomeSpawn.run!("/sbin/restorecon -R -v #{mount_point}")
+    end
+
+    def with_pg_connection
+      conn = PG.connect(:user => "postgres", :dbname => "postgres")
+      yield conn
+    ensure
+      conn.close
+    end
+
+    def apply_initial_configuration
+      shared_buffers = run_as_evm_server ? SHARED_DB_SHARED_BUFFERS : DEDICATED_DB_SHARED_BUFFERS
+      with_pg_connection do |conn|
+        conn.exec("ALTER SYSTEM SET ssl TO on") if ssl
+        conn.exec("ALTER SYSTEM SET shared_buffers TO #{shared_buffers}")
+      end
+
+      restart_postgres
+    end
+  end
+end
+end

data/lib/manageiq/appliance_console/key_configuration.rb

@@ -0,0 +1,118 @@
+require 'pathname'
+require 'fileutils'
+require 'net/scp'
+require 'active_support/all'
+require 'util/miq-password'
+
+module ManageIQ
+module ApplianceConsole
+  CERT_DIR = ENV['KEY_ROOT'] || ManageIQ::ApplianceConsole::RAILS_ROOT.join("certs")
+  KEY_FILE = "#{CERT_DIR}/v2_key".freeze
+  NEW_KEY_FILE = "#{KEY_FILE}.tmp".freeze
+
+  class KeyConfiguration
+    attr_accessor :host, :login, :password, :key_path, :action, :force
+
+    def initialize(options = {})
+      options.each { |k, v| public_send("#{k}=", v) }
+      @action ||= :create
+      @login ||= "root"
+      @key_path ||= KEY_FILE
+    end
+
+    def ask_questions
+      if key_exist?
+        @force = agree("Overwrite existing encryption key (v2_key)? (Y/N): ")
+        return false unless @force
+      end
+
+      @action = ask_for_action(@action)
+
+      if fetch_key?
+        say("")
+        @host      = ask_for_ip_or_hostname("hostname for appliance with encryption key", @host)
+        @login     = ask_for_string("appliance SSH login", @login)
+        @password  = ask_for_password("appliance SSH password", @password)
+        @key_path  = ask_for_string("path of remote encryption key", @key_path)
+      end
+      @action
+    end
+
+    def ask_question_loop
+      loop do
+        return false unless ask_questions
+        return true if activate
+        return false unless agree("Try again? (Y/N) ")
+      end
+    end
+
+    def activate
+      if !key_exist? || force
+        if get_new_key
+          save_new_key
+        else
+          remove_new_key_if_any
+          false
+        end
+      else
+        # probably only got here via the cli
+        $stderr.puts
+        $stderr.puts "Only generate one encryption key (v2_key) per installation."
+        $stderr.puts "Chances are you did not want to overwrite this file."
+        $stderr.puts "If you do this all encrypted secrets in the database will not be readable."
+        $stderr.puts "Please backup your key and run this command again with --force-key."
+        $stderr.puts
+        false
+      end
+    end
+
+    def save_new_key
+      begin
+        FileUtils.mv(NEW_KEY_FILE, KEY_FILE, :force => true)
+      rescue => e
+        say("Failed to overwrite original key, original key kept. #{e.message}")
+        return false
+      end
+      FileUtils.chmod(0o400, KEY_FILE)
+    end
+
+    def remove_new_key_if_any
+      FileUtils.rm(NEW_KEY_FILE) if File.exist?(NEW_KEY_FILE)
+    end
+
+    def key_exist?
+      File.exist?(KEY_FILE)
+    end
+
+    def fetch_key?
+      @action == :fetch
+    end
+
+    def create_key
+      MiqPassword.generate_symmetric(NEW_KEY_FILE) && true
+    end
+
+    def fetch_key
+      # use :verbose => 1 (or :debug for later versions) to see actual errors
+      Net::SCP.start(host, login, :password => password) do |scp|
+        scp.download!(key_path, NEW_KEY_FILE)
+      end
+      File.exist?(NEW_KEY_FILE)
+    rescue => e
+      say("Failed to fetch key: #{e.message}")
+      false
+    end
+
+    private
+
+    def ask_for_action(default_action)
+      options = {'Create key' => :create, 'Fetch key from remote machine' => :fetch}
+      ask_with_menu("Encryption Key", options, default_action, false)
+    end
+
+    def get_new_key
+      fetch_key? ? fetch_key : create_key
+    end
+  end
+end
+end

data/lib/manageiq/appliance_console/logfile_configuration.rb

@@ -0,0 +1,117 @@
+require 'linux_admin'
+require 'pathname'
+require 'fileutils'
+require 'util/miq-system.rb'
+
+module ManageIQ
+module ApplianceConsole
+  class LogfileConfiguration
+    LOGFILE_DIRECTORY = Pathname.new("/var/www/miq/vmdb/log").freeze
+    LOGFILE_NAME = "miq_logs".freeze
+    MIQ_LOGS_CONF = Pathname.new("/etc/logrotate.d/miq_logs.conf").freeze
+
+    attr_accessor :size, :disk, :current_logrotate_count, :new_logrotate_count, :evm_was_running
+
+    include ManageIQ::ApplianceConsole::Logging
+
+    def initialize(config = {})
+      self.disk                = config[:disk]
+      self.new_logrotate_count = nil
+
+      self.size = MiqSystem.disk_usage(LOGFILE_DIRECTORY)[0][:total_bytes]
+      self.current_logrotate_count = /rotate\s+(\d+)/.match(File.read(MIQ_LOGS_CONF))[1]
+      self.evm_was_running = LinuxAdmin::Service.new("evmserverd").running?
+    end
+
+    def activate
+      activate_new_disk && activate_new_logrotate_count
+    end
+
+    def ask_questions
+      clear_screen
+      choose_disk if use_new_disk
+      choose_logrotate_count if set_new_logrotate_count?
+      confirm_selection
+    end
+
+    private
+
+    def confirm_selection
+      return false unless disk || new_logrotate_count
+
+      clear_screen
+      if disk
+        say("\t#{disk.path} with #{disk.size.to_i / 1.gigabyte} GB will be configured as the new logfile disk.")
+      end
+
+      if new_logrotate_count
+        say("\tThe number of saved logratations will be updated to: #{new_logrotate_count}")
+      end
+
+      agree("Confirm continue with these updates (Y/N):")
+    end
+
+    def use_new_disk
+      agree("Configure a new logfile disk volume? (Y/N):")
+    end
+
+    def choose_disk
+      self.disk = ask_for_disk("logfile disk")
+    end
+
+    def set_new_logrotate_count?
+      agree("Change the saved logrotate count from #{current_logrotate_count}? (Y/N):")
+    end
+
+    def choose_logrotate_count
+      say "\t1 GB of disk space is recommended for each saved log rotation."
+      if disk
+        say "\tThe proposed new disk is #{disk.size.to_i / 1.gigabyte} GB"
+      else
+        say "\tThe current log disk is #{size.to_i / 1.gigabyte} GB"
+      end
+
+      self.new_logrotate_count = ask_for_integer("new log rotate count")
+    end
+
+    def activate_new_logrotate_count
+      return true unless new_logrotate_count
+      say 'Activating new logrotate count'
+      data = File.read(MIQ_LOGS_CONF)
+      data.gsub!(/rotate\s+\d+/, "rotate #{new_logrotate_count}")
+      File.write(MIQ_LOGS_CONF, data)
+      true
+    end
+
+    def activate_new_disk
+      return true unless disk
+      stop_evm if evm_was_running
+      initialize_logfile_disk
+      start_evm if evm_was_running
+      true
+    end
+
+    def initialize_logfile_disk
+      say 'Initializing logfile disk'
+      LogicalVolumeManagement.new(:disk => disk, :mount_point => LOGFILE_DIRECTORY, :name => LOGFILE_NAME).setup
+
+      FileUtils.mkdir_p("#{LOGFILE_DIRECTORY}/apache")
+      AwesomeSpawn.run!('/usr/sbin/semanage fcontext -a -t httpd_log_t "#{LOGFILE_DIRECTORY.to_path}(/.*)?"')
+      AwesomeSpawn.run!("/sbin/restorecon -R -v #{LOGFILE_DIRECTORY.to_path}") if File.executable?("/sbin/restorecon")
+      true
+    end
+
+    def start_evm
+      say 'Starting EVM'
+      LinuxAdmin::Service.new("evmserverd").enable.start
+      LinuxAdmin::Service.new("httpd").enable.start
+    end
+
+    def stop_evm
+      say 'Stopping EVM'
+      LinuxAdmin::Service.new("evmserverd").stop
+      LinuxAdmin::Service.new("httpd").stop
+    end
+  end
+end
+end

data/lib/manageiq/appliance_console/logger.rb

@@ -0,0 +1,23 @@
+require 'logger'
+
+module ManageIQ
+  module ApplianceConsole
+    class Logger < ::Logger
+      def self.log_dir
+        @log_dir ||= ManageIQ::ApplianceConsole::RAILS_ROOT.join("log")
+      end
+
+      def self.log_file
+        @log_file ||= log_dir.join("appliance_console.log").to_s
+      end
+
+      def self.instance
+        @instance ||= begin
+          require 'fileutils'
+          FileUtils.mkdir_p(log_dir.to_s)
+          new(log_file).tap { |l| l.level = Logger::INFO }
+        end
+      end
+    end
+  end
+end

data/lib/manageiq/appliance_console/logging.rb

@@ -0,0 +1,102 @@
+require 'awesome_spawn'
+require 'active_support/all'
+
+module ManageIQ
+module ApplianceConsole
+  module Logging
+    class << self
+      attr_accessor :interactive
+
+      def interactive?
+        @interactive != false
+      end
+    end
+
+    def interactive=(interactive)
+      ManageIQ::ApplianceConsole::Logging.interactive = interactive
+    end
+
+    def interactive?
+      ManageIQ::ApplianceConsole::Logging.interactive?
+    end
+
+    def interactive
+      ManageIQ::ApplianceConsole::Logging.interactive
+    end
+
+    def logger=(logger)
+      ManageIQ::ApplianceConsole.logger = logger
+    end
+
+    def logger
+      ManageIQ::ApplianceConsole.logger
+    end
+
+    # TODO: move say_error and say_info to prompting module?
+    def say_error(method, output)
+      log = "\nSee #{ManageIQ::ApplianceConsole::Logger.log_file} for details."
+      text = "#{method.to_s.humanize} failed with error - #{output.truncate(200)}.#{log}"
+      say(text)
+      press_any_key if interactive?
+      raise ManageIQ::ApplianceConsole::MiqSignalError
+    end
+
+    def say_info(method, output)
+      say("#{method.to_s.humanize} #{output}")
+    end
+
+    def log_and_feedback(method)
+      raise ArgumentError, "No block given" unless block_given?
+
+      log_and_feedback_info(method, "starting")
+
+      result = nil
+      begin
+        result = yield
+      rescue => err
+        log_and_feedback_exception(err, method)
+      else
+        log_and_feedback_info(method, "complete")
+      end
+      result
+    end
+
+    def log_prefix(method)
+      "MIQ(#{self.class.name}##{method}) "
+    end
+
+    def log_and_feedback_info(method, message)
+      logger.info("#{log_prefix(method)}: #{message}")
+      say_info(method, message)
+    end
+
+    def log_and_feedback_exception(error, failed_method)
+      feedback_error, logging = case error
+                                when AwesomeSpawn::CommandResultError
+                                  error_and_logging_from_command_result_error(error)
+                                else
+                                  error_and_logging_from_standard_error(error)
+                                end
+
+      log_error(failed_method, logging)
+      say_error(failed_method, feedback_error)
+    end
+
+    def error_and_logging_from_command_result_error(error)
+      result = error.result
+      location = error.backtrace.detect { |loc| !loc.match(/(linux_admin|awesome_spawn)/) }
+      return error.message, "Command failed: #{error.message}. Error: #{result.error}. Output: #{result.output}. At: #{location}"
+    end
+
+    def error_and_logging_from_standard_error(error)
+      debugging = "Error: #{error.class.name} with message: #{error.message}"
+      logging = "#{debugging}. Failed at: #{error.backtrace[0]}"
+      return debugging, logging
+    end
+
+    def log_error(failed_method, debugging)
+      logger.error("#{log_prefix(failed_method)} #{debugging}")
+    end
+  end # module Logging
+end # module ApplicationConsole
+end