manageiq-appliance_console 1.0.0

data/lib/manageiq/appliance_console/logical_volume_management.rb

@@ -0,0 +1,94 @@
+require 'linux_admin'
+require 'fileutils'
+
+module ManageIQ
+module ApplianceConsole
+  class LogicalVolumeManagement
+    include ManageIQ::ApplianceConsole::Logging
+
+    # Required instantiation parameters
+    attr_accessor :disk, :mount_point, :name
+
+    # Derived or optionally provided instantiation parameters
+    attr_accessor :volume_group_name, :filesystem_type, :logical_volume_path
+
+    # Logical Disk creation objects
+    attr_reader :logical_volume, :partition, :physical_volume, :volume_group
+
+    def initialize(options = {})
+      # Required instantiation parameters
+      self.disk        = options[:disk]        || raise(ArgumentError, "disk object required")
+      self.mount_point = options[:mount_point] || raise(ArgumentError, "mount point required")
+      self.name        = options[:name]        || raise(ArgumentError, "unique name required")
+
+      # Derived or optionally provided instantiation parameters
+      self.volume_group_name   ||= "vg_#{name}"
+      self.filesystem_type     ||= "xfs"
+      self.logical_volume_path ||= "/dev/#{volume_group_name}/lv_#{name}"
+    end
+
+    # Helper method
+    def setup
+      create_partition_to_fill_disk
+      create_physical_volume
+      create_volume_group
+      create_logical_volume_to_fill_volume_group
+      format_logical_volume
+      mount_disk
+      update_fstab
+    end
+
+    private
+
+    def create_partition_to_fill_disk
+      disk.create_partition_table
+      AwesomeSpawn.run!("parted -s #{disk.path} mkpart primary 0% 100%")
+
+      self.disk = LinuxAdmin::Disk.local.find { |d| d.path == disk.path }
+      @partition = disk.partitions.first
+    end
+
+    def create_physical_volume
+      @physical_volume = LinuxAdmin::PhysicalVolume.create(partition)
+    end
+
+    def create_volume_group
+      @volume_group = LinuxAdmin::VolumeGroup.create(volume_group_name, physical_volume)
+    end
+
+    def create_logical_volume_to_fill_volume_group
+      @logical_volume = LinuxAdmin::LogicalVolume.create(logical_volume_path, volume_group, 100)
+    end
+
+    def format_logical_volume
+      AwesomeSpawn.run!("mkfs.#{filesystem_type} #{logical_volume.path}")
+    end
+
+    def mount_disk
+      if mount_point.symlink?
+        FileUtils.rm_rf(mount_point)
+        FileUtils.mkdir_p(mount_point)
+      end
+      AwesomeSpawn.run!("mount", :params => {"-t" => filesystem_type,
+                                             nil  => [logical_volume.path, mount_point]})
+    end
+
+    def update_fstab
+      fstab = LinuxAdmin::FSTab.instance
+      return if fstab.entries.find { |e| e.mount_point == mount_point }
+
+      entry = LinuxAdmin::FSTabEntry.new(
+        :device        => logical_volume.path,
+        :mount_point   => mount_point,
+        :fs_type       => filesystem_type,
+        :mount_options => "rw,noatime",
+        :dumpable      => 0,
+        :fsck_order    => 0
+      )
+
+      fstab.entries << entry
+      fstab.write! # Test this more, whitespace is removed
+    end
+  end
+end
+end

data/lib/manageiq/appliance_console/principal.rb

@@ -0,0 +1,46 @@
+require 'awesome_spawn'
+
+module ManageIQ
+module ApplianceConsole
+  # Kerberos principal
+  class Principal
+    attr_accessor :ca_name
+    attr_accessor :hostname
+    attr_accessor :realm
+    attr_accessor :service
+    # kerberos principal name
+    attr_accessor :name
+
+    def initialize(options = {})
+      options.each { |n, v| public_send("#{n}=", v) }
+      @ca_name ||= "ipa"
+      @realm = @realm.upcase if @realm
+      @name ||= "#{service}/#{hostname}@#{realm}"
+    end
+
+    def register
+      request if ipa? && !exist?
+    end
+
+    def subject_name
+      "CN=#{hostname},OU=#{service},O=#{realm}"
+    end
+
+    def ipa?
+      @ca_name == "ipa"
+    end
+
+    private
+
+    def exist?
+      AwesomeSpawn.run("/usr/bin/ipa", :params => ["-e", "skip_version_check=1", "service-find", "--principal", name]).success?
+    end
+
+    def request
+      # using --force because these services tend not to be in dns
+      # this is like VERIFY_NONE
+      AwesomeSpawn.run!("/usr/bin/ipa", :params => ["-e", "skip_version_check=1", "service-add", "--force", name])
+    end
+  end
+end
+end

data/lib/manageiq/appliance_console/prompts.rb

@@ -0,0 +1,211 @@
+require 'resolv'
+
+module ManageIQ
+module ApplianceConsole
+  CANCEL = 'Cancel'.freeze
+
+  module Prompts
+    CLEAR_CODE    = `clear`
+    IPV4_REGEXP   = Resolv::IPv4::Regex
+    IPV6_REGEXP   = Resolv::IPv6::Regex
+    IP_REGEXP     = Regexp.union(Resolv::IPv4::Regex, Resolv::IPv6::Regex).freeze
+    DOMAIN_REGEXP = /^[a-z0-9]+([\-\.]{1}[a-z0-9]+)*(\.[a-z]{2,13})?$/
+    INT_REGEXP    = /^[0-9]+$/
+    NONE_REGEXP   = /^('?NONE'?)?$/i.freeze
+    HOSTNAME_REGEXP = /^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])$/
+
+    SAMPLE_URLS = {
+      'nfs' => 'nfs://host.mydomain.com/exported/my_exported_folder/db.backup',
+      'smb' => 'smb://host.mydomain.com/my_share/daily_backup/db.backup',
+    }
+
+    def sample_url(scheme)
+      SAMPLE_URLS[scheme]
+    end
+
+    def ask_for_uri(prompt, expected_scheme)
+      require 'uri'
+      just_ask(prompt, nil, nil, 'a valid URI') do |q|
+        q.validate = lambda do |a|
+          # Convert all backslashes in the URI to forward slashes and strip whitespace
+          a.tr!('\\', '/')
+          a.strip!
+          u = URI(a)
+          # validate it has a hostname/ip and a share
+          u.scheme == expected_scheme &&
+            (u.host =~ HOSTNAME_REGEXP || u.hostname =~ IP_REGEXP) &&
+            !u.path.empty?
+        end
+      end
+    end
+
+    def press_any_key
+      say("\nPress any key to continue.")
+      begin
+        system("stty raw -echo")
+        STDIN.getc
+      ensure
+        system("stty -raw echo")
+      end
+    end
+
+    def clear_screen
+      print CLEAR_CODE
+    end
+
+    def are_you_sure?(clarifier = nil)
+      clarifier = " you want to #{clarifier}" if clarifier && !clarifier.include?("want")
+      agree("Are you sure#{clarifier}? (Y/N): ")
+    end
+
+    def ask_yn?(prompt, default = nil)
+      ask("#{prompt}? (Y/N): ") do |q|
+        q.default = default if default
+        q.validate = ->(p) { (p.blank? && default) || %w(y n).include?(p.downcase[0]) }
+        q.responses[:not_valid] = "Please provide yes or no."
+      end.downcase[0] == 'y'
+    end
+
+    def ask_for_domain(prompt, default = nil, validate = DOMAIN_REGEXP, error_text = "a valid Domain.", &block)
+      just_ask(prompt, default, validate, error_text, &block)
+    end
+
+    def ask_for_ip(prompt, default, validate = IP_REGEXP, error_text = "a valid IP Address.", &block)
+      just_ask(prompt, default, validate, error_text, &block)
+    end
+
+    def ask_for_ipv4(prompt, default)
+      ask_for_ip(prompt, default, IPV4_REGEXP)
+    end
+
+    def ask_for_ipv4_or_none(prompt, default = nil)
+      ask_for_ip(prompt, default, Regexp.union(NONE_REGEXP, IPV4_REGEXP)).gsub(NONE_REGEXP, "")
+    end
+
+    def ask_for_ipv6(prompt, default)
+      ask_for_ip(prompt, default, IPV6_REGEXP)
+    end
+
+    def ask_for_ipv6_or_none(prompt, default = nil)
+      ask_for_ip(prompt, default, Regexp.union(IPV6_REGEXP, NONE_REGEXP)).gsub(NONE_REGEXP, '')
+    end
+
+    def ask_for_hostname(prompt, default = nil, validate = HOSTNAME_REGEXP, error_text = "a valid Hostname.", &block)
+      just_ask(prompt, default, validate, error_text, &block)
+    end
+
+    def ask_for_ip_or_hostname(prompt, default = nil)
+      validation = ->(h) { (h =~ HOSTNAME_REGEXP || h =~ IP_REGEXP) && h.length > 0 }
+      ask_for_ip(prompt, default, validation, "a valid Hostname or IP Address.")
+    end
+
+    def ask_for_ip_or_hostname_or_none(prompt, default = nil)
+      validation = Regexp.union(NONE_REGEXP, HOSTNAME_REGEXP, IP_REGEXP)
+      ask_for_ip(prompt, default, validation, "a valid Hostname or IP Address.").gsub(NONE_REGEXP, "")
+    end
+
+    def ask_for_schedule_frequency(prompt, default = nil)
+      validation = ->(h) { %w(hourly daily weekly monthly).include?(h) }
+      just_ask(prompt, default, validation, "hourly, daily, weekly or monthly")
+    end
+
+    def ask_for_hour_number(prompt)
+      ask_for_integer(prompt, (0..23))
+    end
+
+    def ask_for_week_day_number(prompt)
+      ask_for_integer(prompt, (0..6))
+    end
+
+    def ask_for_month_day_number(prompt)
+      ask_for_integer(prompt, (1..31))
+    end
+
+    def ask_for_many(prompt, collective = nil, default = nil, max_length = 255, max_count = 6)
+      collective ||= "#{prompt}s"
+      validate = ->(p) { (p.length < max_length) && (p.split(/[\s,;]+/).length <= max_count) }
+      error_message = "up to #{max_count} #{prompt}s separated by a space and up to #{max_length} characters"
+      just_ask(collective, default, validate, error_message).split(/[\s,;]+/).collect(&:strip)
+    end
+
+    def ask_for_password(prompt, default = nil)
+      pass = just_ask(prompt, default.present? ? "********" : nil) do |q|
+        q.echo = '*'
+        yield q if block_given?
+      end
+      pass == "********" ? (default || "") : pass
+    end
+
+    def ask_for_string(prompt, default = nil)
+      just_ask(prompt, default)
+    end
+
+    def ask_for_integer(prompt, range = nil, default = nil)
+      just_ask(prompt, default, INT_REGEXP, "an integer", Integer) { |q| q.in = range if range }
+    end
+
+    def ask_for_disk(disk_name, verify = true)
+      require "linux_admin"
+      disks = LinuxAdmin::Disk.local.select { |d| d.partitions.empty? }
+
+      if disks.empty?
+        say "No partition found for #{disk_name}. You probably want to add an unpartitioned disk and try again."
+      else
+        default_choice = disks.size == 1 ? "1" : nil
+        disk = ask_with_menu(
+          disk_name,
+          disks.collect { |d| [("#{d.path}: #{d.size.to_i / 1.megabyte} MB"), d] },
+          default_choice
+        ) do |q|
+          q.choice("Don't partition the disk") { nil }
+        end
+      end
+
+      if verify && disk.nil?
+        say ""
+        raise MiqSignalError unless are_you_sure?(" you don't want to partition the #{disk_name}")
+      end
+      disk
+    end
+
+    # use the integer index for menu prompts
+    # ensure default is a string
+    def default_to_index(default, options)
+      return unless default
+      default_index = if options.kind_of?(Hash)
+                        options.values.index(default) || options.keys.index(default)
+                      else
+                        options.index(default)
+                      end
+      default_index ? (default_index.to_i + 1).to_s : default.to_s
+    end
+
+    def ask_with_menu(prompt, options, default = nil, clear_screen_after = true)
+      say("#{prompt}\n\n")
+
+      default = default_to_index(default, options)
+      selection = nil
+      choose do |menu|
+        menu.default      = default
+        menu.index        = :number
+        menu.index_suffix = ") "
+        menu.prompt       = "\nChoose the #{prompt.downcase}:#{" |#{default}|" if default} "
+        options.each { |o, v| menu.choice(o) { |c| selection = v || c } }
+        yield menu if block_given?
+      end
+      clear_screen if clear_screen_after
+      selection
+    end
+
+    def just_ask(prompt, default = nil, validate = nil, error_text = nil, klass = nil)
+      ask("Enter the #{prompt}: ", klass) do |q|
+        q.readline = true
+        q.default = default.to_s if default
+        q.validate = validate if validate
+        q.responses[:not_valid] = error_text ? "Please provide #{error_text}" : "Please provide in the specified format"
+        yield q if block_given?
+      end
+    end
+  end
+end
+end

data/lib/manageiq/appliance_console/scap.rb

@@ -0,0 +1,53 @@
+require 'linux_admin'
+
+module ManageIQ
+module ApplianceConsole
+  class Scap
+    def initialize(rules_dir)
+      @rules_dir = rules_dir
+    end
+
+    def lockdown
+      if packages_installed? && config_exists?
+        say("Locking down the appliance for SCAP...")
+        require 'yaml'
+        scap_config = YAML.load_file(yaml_filename)
+        begin
+          LinuxAdmin::Scap.new("rhel7").lockdown(*scap_config['rules'], scap_config['values'])
+        rescue => e
+          say("Configuration failed: #{e.message}")
+        else
+          say("Complete")
+        end
+      end
+    end
+
+    private
+
+    def yaml_filename
+      File.expand_path("scap_rules.yml", @rules_dir)
+    end
+
+    def packages_installed?
+      if !LinuxAdmin::Scap.openscap_available?
+        say("OpenSCAP has not been installed")
+        false
+      elsif !LinuxAdmin::Scap.ssg_available?("rhel7")
+        say("SCAP Security Guide has not been installed")
+        false
+      else
+        true
+      end
+    end
+
+    def config_exists?
+      if File.exist?(yaml_filename)
+        true
+      else
+        say("SCAP rules configuration file missing")
+        false
+      end
+    end
+  end
+end
+end

data/lib/manageiq/appliance_console/temp_storage_configuration.rb

@@ -0,0 +1,79 @@
+module ManageIQ
+module ApplianceConsole
+  class TempStorageConfiguration
+    TEMP_DISK_FILESYSTEM_TYPE = "xfs".freeze
+    TEMP_DISK_MOUNT_POINT     = Pathname.new("/var/www/miq_tmp").freeze
+    TEMP_DISK_MOUNT_OPTS      = "rw,noatime,nobarrier".freeze
+
+    attr_reader :disk
+
+    include ManageIQ::ApplianceConsole::Logging
+
+    def initialize(config = {})
+      @disk = config[:disk]
+    end
+
+    def activate
+      say("Configuring #{disk.path} as temp storage...")
+      add_temp_disk(disk)
+    end
+
+    def ask_questions
+      @disk = ask_for_disk("temp storage disk", false)
+      disk && are_you_sure?("configure #{disk.path} as temp storage")
+    end
+
+    def add_temp_disk(disk)
+      log_and_feedback(__method__) do
+        partition = create_partition_to_fill_disk(disk)
+        format_partition(partition)
+        mount_temp_disk(partition)
+        update_fstab(partition)
+      end
+    end
+
+    def format_partition(partition)
+      AwesomeSpawn.run!("mkfs.#{TEMP_DISK_FILESYSTEM_TYPE} #{partition.path}")
+    end
+
+    def mount_temp_disk(partition)
+      # TODO: should this be moved into LinuxAdmin?
+      FileUtils.rm_rf(TEMP_DISK_MOUNT_POINT)
+      FileUtils.mkdir_p(TEMP_DISK_MOUNT_POINT)
+      AwesomeSpawn.run!("mount", :params => {
+                        "-t" => TEMP_DISK_FILESYSTEM_TYPE,
+                        "-o" => TEMP_DISK_MOUNT_OPTS,
+                        nil  => [partition.path, TEMP_DISK_MOUNT_POINT]
+                      })
+    end
+
+    def update_fstab(partition)
+      fstab = LinuxAdmin::FSTab.instance
+      return if fstab.entries.detect { |e| e.mount_point == TEMP_DISK_MOUNT_POINT }
+
+      entry = LinuxAdmin::FSTabEntry.new(
+        :device        => partition.path,
+        :mount_point   => TEMP_DISK_MOUNT_POINT,
+        :fs_type       => TEMP_DISK_FILESYSTEM_TYPE,
+        :mount_options => TEMP_DISK_MOUNT_OPTS,
+        :dumpable      => 0,
+        :fsck_order    => 0
+      )
+
+      fstab.entries << entry
+      fstab.write!  # Test this more, whitespace is removed
+    end
+
+    # FIXME: Copied from InternalDatabaseConfiguration - remove both when LinuxAdmin updated
+    def create_partition_to_fill_disk(disk)
+      # @disk.create_partition('primary', '100%')
+      disk.create_partition_table # LinuxAdmin::Disk.create_partition has this already...
+      AwesomeSpawn.run!("parted -s #{disk.path} mkpart primary 0% 100%")
+
+      # FIXME: Refetch the disk after creating the partition
+      disk = LinuxAdmin::Disk.local.find { |d| d.path == disk.path }
+      disk.partitions.first
+    end
+  end # class TempStorageConfiguration
+end # module ApplianceConsole
+end