odysseus-core 0.1.0

data/lib/odysseus/caddy/client.rb

@@ -0,0 +1,338 @@
+# lib/odysseus/caddy/client.rb
+
+require 'json'
+
+module Odysseus
+  module Caddy
+    class Client
+      ADMIN_API_PORT = 2019
+      CONTAINER_NAME = 'odysseus-caddy'
+      CADDY_IMAGE = 'caddy:2-alpine'
+
+      # @param ssh [Odysseus::Deployer::SSH] SSH connection to server
+      # @param docker [Odysseus::Docker::Client] Docker client
+      def initialize(ssh:, docker:)
+        @ssh = ssh
+        @docker = docker
+      end
+
+      # Ensure Caddy is running
+      # @return [Boolean] true if caddy is running
+      def ensure_running
+        return true if running?
+
+        start_caddy
+        running?
+      end
+
+      # Check if Caddy container is running
+      # @return [Boolean]
+      def running?
+        @docker.running?(CONTAINER_NAME)
+      end
+
+      # Start Caddy container
+      def start_caddy
+        # Create network if not exists (with label to protect from prune)
+        @ssh.execute("docker network create --label odysseus.managed=true odysseus 2>/dev/null || true")
+
+        # Create data directory for certificates
+        @ssh.execute("mkdir -p /var/lib/odysseus/caddy")
+
+        # Run Caddy with admin API enabled and persistent storage for certs
+        @docker.run(
+          name: CONTAINER_NAME,
+          image: CADDY_IMAGE,
+          options: {
+            service: 'odysseus-proxy',
+            ports: ['80:80', '443:443', "#{ADMIN_API_PORT}:#{ADMIN_API_PORT}"],
+            network: 'odysseus',
+            restart: 'unless-stopped',
+            volumes: ['/var/lib/odysseus/caddy:/data'],
+            env: {
+              'CADDY_ADMIN' => "0.0.0.0:#{ADMIN_API_PORT}"
+            },
+            labels: {
+              'odysseus.managed' => 'true'
+            }
+          }
+        )
+
+        # Wait for Caddy to be ready
+        sleep 2
+      end
+
+      # Add an upstream server to a route
+      # @param service [String] service name (used as route identifier)
+      # @param hosts [Array<String>] domain hosts for this service
+      # @param upstream [String] upstream address (container:port)
+      # @param healthcheck [Hash] healthcheck config (optional)
+      # @param ssl [Boolean] enable automatic HTTPS (default: true)
+      # @param ssl_email [String] email for Let's Encrypt registration
+      def add_upstream(service:, hosts:, upstream:, healthcheck: nil, ssl: true, ssl_email: nil)
+        # Enable TLS for these hosts if ssl is enabled
+        enable_tls_for_hosts(hosts, email: ssl_email) if ssl
+
+        # Check if route already exists for this service
+        routes = api_request('GET', "/config/apps/http/servers/srv0/routes") || []
+        existing_idx = routes.find_index { |r| r['@id'] == "route-#{service}" }
+
+        if existing_idx
+          # Update existing route's upstreams
+          current_upstreams = routes[existing_idx].dig('handle', 0, 'upstreams') || []
+          unless current_upstreams.any? { |u| u['dial'] == upstream }
+            current_upstreams << { 'dial' => upstream }
+            api_request('PATCH', "/config/apps/http/servers/srv0/routes/#{existing_idx}/handle/0/upstreams", current_upstreams)
+          end
+        else
+          # Create new route - prepend at index 0 so it matches before default routes
+          config = build_route_config(
+            service: service,
+            hosts: hosts,
+            upstreams: [upstream],
+            healthcheck: healthcheck
+          )
+          api_request('PUT', "/config/apps/http/servers/srv0/routes/0", config)
+        end
+      end
+
+      # Remove an upstream from a service (or entire route if upstream is nil)
+      # @param service [String] service name
+      # @param upstream [String, nil] upstream to remove, or nil to remove entire route
+      def remove_upstream(service:, upstream:)
+        # Get current config
+        routes = api_request('GET', "/config/apps/http/servers/srv0/routes")
+        return unless routes
+
+        # Find route for this service and remove the upstream
+        routes.each_with_index do |route, idx|
+          next unless route.dig('@id') == "route-#{service}"
+
+          # If no specific upstream, remove the entire route
+          if upstream.nil?
+            api_request('DELETE', "/config/apps/http/servers/srv0/routes/#{idx}")
+            break
+          end
+
+          upstreams = route.dig('handle', 0, 'upstreams') || []
+          upstreams.reject! { |u| u['dial'] == upstream }
+
+          if upstreams.empty?
+            # Remove entire route if no upstreams left
+            api_request('DELETE', "/config/apps/http/servers/srv0/routes/#{idx}")
+          else
+            # Update route with remaining upstreams
+            api_request('PATCH', "/config/apps/http/servers/srv0/routes/#{idx}/handle/0/upstreams", upstreams)
+          end
+
+          break
+        end
+      end
+
+      # Drain connections from an upstream (mark as down)
+      # @param service [String] service name
+      # @param upstream [String] upstream to drain
+      def drain_upstream(service:, upstream:)
+        # Caddy doesn't have built-in drain, so we set health to down
+        # This will stop new connections from being sent to this upstream
+        # The upstream will be removed after existing connections close
+
+        # For now, we just remove it - Caddy will gracefully close existing connections
+        remove_upstream(service: service, upstream: upstream)
+      end
+
+      # Remove stale upstreams that point to stopped/non-existent containers
+      # @param service [String] service name
+      # @return [Array<String>] list of removed upstreams
+      def cleanup_stale_upstreams(service:)
+        routes = api_request('GET', '/config/apps/http/servers/srv0/routes') || []
+        route_idx = routes.find_index { |r| r['@id'] == "route-#{service}" }
+        return [] unless route_idx
+
+        upstreams = routes[route_idx].dig('handle', 0, 'upstreams') || []
+        removed = []
+
+        upstreams.each do |upstream|
+          dial = upstream['dial']
+          # Extract container name from upstream (format: container_name:port)
+          container_name = dial.split(':').first
+          next if container_name.nil? || container_name.empty?
+
+          # Check if container is running
+          unless @docker.running?(container_name)
+            remove_upstream(service: service, upstream: dial)
+            removed << dial
+          end
+        end
+
+        removed
+      end
+
+      # Get current Caddy config
+      # @return [Hash] current config
+      def config
+        api_request('GET', '/config/')
+      end
+
+      # List all configured services/routes
+      # @return [Array<Hash>] list of services with their config
+      def list_services
+        routes = api_request('GET', '/config/apps/http/servers/srv0/routes') || []
+
+        routes.map do |route|
+          id = route['@id'] || 'unknown'
+          service_name = id.sub(/^route-/, '')
+          hosts = route.dig('match', 0, 'host') || []
+          upstreams = route.dig('handle', 0, 'upstreams') || []
+
+          {
+            service: service_name,
+            hosts: hosts,
+            upstreams: upstreams.map { |u| u['dial'] },
+            has_healthcheck: route.dig('handle', 0, 'health_checks').nil? ? false : true
+          }
+        end
+      end
+
+      # Get TLS/SSL status for domains
+      # @return [Hash] TLS configuration info
+      def tls_status
+        tls_config = api_request('GET', '/config/apps/tls') || {}
+        policies = tls_config.dig('automation', 'policies') || []
+
+        {
+          enabled: !policies.empty?,
+          policies: policies.map do |policy|
+            {
+              subjects: policy['subjects'] || [],
+              issuer: policy.dig('issuers', 0, 'module') || 'unknown',
+              email: policy.dig('issuers', 0, 'email')
+            }
+          end
+        }
+      end
+
+      # Get server listen addresses
+      # @return [Array<String>] listen addresses
+      def listen_addresses
+        servers = api_request('GET', '/config/apps/http/servers') || {}
+        servers.dig('srv0', 'listen') || []
+      end
+
+      # Print formatted status (for CLI use)
+      # @return [Hash] full status summary
+      def status
+        {
+          running: running?,
+          listen: listen_addresses,
+          services: list_services,
+          tls: tls_status
+        }
+      end
+
+      # Enable TLS/HTTPS for hosts
+      # @param hosts [Array<String>] domain hosts
+      # @param email [String] email for Let's Encrypt
+      def enable_tls_for_hosts(hosts, email: nil)
+        # Get existing TLS config to merge with
+        existing_tls = api_request('GET', '/config/apps/tls') || {}
+        existing_policies = existing_tls.dig('automation', 'policies') || []
+
+        # Collect all existing subjects
+        all_subjects = existing_policies.flat_map { |p| p['subjects'] || [] }
+
+        # Add new hosts (avoid duplicates)
+        hosts.each do |host|
+          all_subjects << host unless all_subjects.include?(host)
+        end
+
+        # Build issuer config
+        issuer = { 'module' => 'acme' }
+        issuer['email'] = email if email
+
+        # Configure TLS automation with Let's Encrypt (single policy for all domains)
+        tls_config = {
+          'automation' => {
+            'policies' => [
+              {
+                'subjects' => all_subjects,
+                'issuers' => [issuer]
+              }
+            ]
+          }
+        }
+
+        # Use PUT to create/replace TLS config
+        api_request('PUT', '/config/apps/tls', tls_config)
+
+        # Ensure HTTPS server exists and listens on 443
+        ensure_https_server
+      end
+
+      private
+
+      def ensure_https_server
+        # Check if we have an HTTPS server configured
+        servers = api_request('GET', '/config/apps/http/servers') || {}
+
+        unless servers['srv0']&.dig('listen')&.include?(':443')
+          # Add :443 to listen addresses
+          current_listen = servers.dig('srv0', 'listen') || [':80']
+          unless current_listen.include?(':443')
+            current_listen << ':443'
+            api_request('PATCH', '/config/apps/http/servers/srv0/listen', current_listen)
+          end
+        end
+      end
+
+      def build_route_config(service:, hosts:, upstreams:, healthcheck: nil)
+        route = {
+          '@id' => "route-#{service}",
+          'match' => [{ 'host' => hosts }],
+          'handle' => [
+            {
+              'handler' => 'reverse_proxy',
+              'upstreams' => upstreams.map { |u| { 'dial' => u } }
+            }
+          ]
+        }
+
+        # Add health checks if configured
+        if healthcheck
+          active_check = {
+            'uri' => healthcheck[:path] || '/health',
+            'interval' => "#{healthcheck[:interval] || 10}s",
+            'timeout' => "#{healthcheck[:timeout] || 5}s"
+          }
+
+          # Add expected status code if specified (e.g., 200, 301, or 2 for 2xx)
+          if healthcheck[:expect_status]
+            status = healthcheck[:expect_status].to_s
+            # Caddy expects just the first digit for ranges like "2xx"
+            expect_value = status.end_with?('xx') ? status[0].to_i : status.to_i
+            active_check['expect_status'] = expect_value
+          end
+
+          route['handle'][0]['health_checks'] = { 'active' => active_check }
+        end
+
+        route
+      end
+
+      def api_request(method, path, body = nil)
+        # Build curl command to hit Caddy's admin API
+        cmd = "curl -s -X #{method} "
+        cmd += "-H 'Content-Type: application/json' "
+        cmd += "-d '#{body.to_json}' " if body
+        cmd += "http://localhost:#{ADMIN_API_PORT}#{path}"
+
+        output = @ssh.execute(cmd)
+        return nil if output.strip.empty?
+
+        JSON.parse(output)
+      rescue JSON::ParserError
+        output
+      end
+    end
+  end
+end

data/lib/odysseus/config/parser.rb

@@ -0,0 +1,225 @@
+# lib/odysseus/config/parser.rb
+
+require 'yaml'
+
+module Odysseus
+  module Config
+    class Parser
+      # @param config_path [String] Path to deploy.yml
+      def initialize(config_path)
+        @config_path = config_path
+      end
+
+      # Parse and return config hash
+      # @return [Hash]
+      # @raise [Odysseus::ConfigError] if invalid
+      def parse
+        raw_config = load_yaml
+        validate!(raw_config)
+        normalize(raw_config)
+      rescue Psych::SyntaxError => e
+        raise Odysseus::ConfigParseError, "Failed to parse YAML: #{e.message}"
+      end
+
+      private
+
+      # Load YAML file
+      def load_yaml
+        YAML.load_file(@config_path)
+      rescue Errno::ENOENT
+        raise Odysseus::ConfigError, "Config file not found: #{@config_path}"
+      end
+
+      # Validate config structure
+      def validate!(config)
+        validator = Odysseus::Validators::Config.new(config)
+        validator.validate!
+      end
+
+      # Normalize config to standard format
+      def normalize(config)
+        {
+          service: config['service'],
+          image: config['image'],
+          servers: parse_servers(config['servers']),
+          proxy: parse_proxy(config['proxy']),
+          env: parse_env(config['env']),
+          secrets_file: config['secrets_file'],
+          ssh: parse_ssh(config['ssh']),
+          accessories: parse_accessories(config['accessories']),
+          builder: parse_builder(config['builder']),
+          registry: parse_registry(config['registry'])
+        }
+      end
+
+      # Parse servers config
+      # @param servers [Hash] servers block from config
+      # @return [Hash] normalized servers config
+      def parse_servers(servers)
+        return {} unless servers
+
+        servers.each_with_object({}) do |(role, config), acc|
+          acc[role.to_sym] = {
+            hosts: config['hosts'] || [],
+            aws: parse_aws_config(config['aws']),
+            options: symbolize_keys(config['options'] || {}),
+            cmd: config['cmd'],
+            volumes: config['volumes'],
+            healthcheck: parse_server_healthcheck(config['healthcheck'])
+          }
+        end
+      end
+
+      # Parse AWS host provider config
+      # @param aws [Hash] aws block from server config
+      # @return [Hash, nil] normalized aws config or nil
+      def parse_aws_config(aws)
+        return nil unless aws
+
+        {
+          asg: aws['asg'],
+          region: aws['region'],
+          use_private_ip: aws['use_private_ip'] || false,
+          state: aws['state'] || 'InService'
+        }
+      end
+
+      # Parse server-level healthcheck (for workers/jobs)
+      def parse_server_healthcheck(healthcheck)
+        return nil unless healthcheck
+
+        {
+          cmd: healthcheck['cmd'],
+          interval: healthcheck['interval'] || 30,
+          timeout: healthcheck['timeout'] || 10,
+          retries: healthcheck['retries'] || 3
+        }
+      end
+
+      # Parse proxy (Caddy) config
+      def parse_proxy(proxy)
+        return {} unless proxy
+
+        {
+          ssl: proxy.key?('ssl') ? proxy['ssl'] : true,
+          ssl_email: proxy['ssl_email'],
+          hosts: proxy['hosts'] || [],
+          app_port: proxy['app_port'],
+          healthcheck: parse_healthcheck(proxy['healthcheck']),
+          response_timeout: proxy['response_timeout'] || 60
+        }
+      end
+
+      # Parse healthcheck config
+      def parse_healthcheck(healthcheck)
+        return {} unless healthcheck
+
+        {
+          interval: healthcheck['interval'] || 5,
+          path: healthcheck['path'] || '/',
+          timeout: healthcheck['timeout'] || 5,
+          expect_status: healthcheck['expect_status'] # e.g., 200, 301, or "2xx"
+        }
+      end
+
+      # Parse environment variables
+      def parse_env(env)
+        return { clear: {}, secret: [] } unless env
+
+        {
+          clear: symbolize_keys(env['clear'] || {}),
+          secret: env['secret'] || []
+        }
+      end
+
+      # Parse SSH config
+      def parse_ssh(ssh)
+        return { user: 'root', keys: [] } unless ssh
+
+        {
+          user: ssh['user'] || 'root',
+          keys: ssh['keys'] || []
+        }
+      end
+
+      # Parse accessories config
+      def parse_accessories(accessories)
+        return {} unless accessories
+
+        accessories.each_with_object({}) do |(name, config), acc|
+          acc[name.to_sym] = {
+            image: config['image'],
+            hosts: config['hosts'],
+            cmd: config['cmd'],
+            ports: config['ports'],
+            volumes: config['volumes'],
+            env: parse_env(config['env']),
+            healthcheck: parse_accessory_healthcheck(config['healthcheck']),
+            proxy: parse_accessory_proxy(config['proxy'])
+          }
+        end
+      end
+
+      # Parse accessory healthcheck
+      def parse_accessory_healthcheck(healthcheck)
+        return nil unless healthcheck
+
+        {
+          cmd: healthcheck['cmd'],
+          interval: healthcheck['interval'] || 30,
+          timeout: healthcheck['timeout'] || 10,
+          retries: healthcheck['retries'] || 3
+        }
+      end
+
+      # Parse accessory proxy config
+      def parse_accessory_proxy(proxy)
+        return nil unless proxy
+
+        {
+          hosts: proxy['hosts'] || [],
+          app_port: proxy['app_port'],
+          ssl: proxy.key?('ssl') ? proxy['ssl'] : true,
+          ssl_email: proxy['ssl_email']
+        }
+      end
+
+      # Parse builder config
+      def parse_builder(builder)
+        return {} unless builder
+
+        {
+          strategy: (builder['strategy'] || 'local').to_sym,
+          host: builder['host'],
+          dockerfile: builder['dockerfile'] || 'Dockerfile',
+          context: builder['context'] || '.',
+          arch: builder['arch'],
+          platforms: builder['platforms'] || [],
+          build_args: symbolize_keys(builder['build_args'] || {}),
+          cache: builder.key?('cache') ? builder['cache'] : true,
+          push: builder['push'] || false,
+          multiarch: builder['multiarch'] || false
+        }
+      end
+
+      # Parse registry config
+      def parse_registry(registry)
+        return {} unless registry
+
+        {
+          server: registry['server'],
+          username: registry['username'],
+          password: registry['password']
+        }
+      end
+
+      # Convert string keys to symbols
+      def symbolize_keys(hash)
+        hash.each_with_object({}) do |(key, value), result|
+          sym_key = key.to_s.tr('-', '_').to_sym
+          result[sym_key] = value
+        end
+      end
+    end
+  end
+end

data/lib/odysseus/core/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Odysseus
+  module Core
+    VERSION = "0.1.0"
+  end
+end

data/lib/odysseus/core.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require_relative "core/version"
+
+module Odysseus
+  module Core
+    class Error < StandardError; end
+    # Your code goes here...
+  end
+end