onering-agent 0.4.3

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    NTliNjI0MzU5MTllMGFkNDg1OGQxMjBhNzBmZmFhOTIyMWY2ZTBkYg==
+  data.tar.gz: !binary |-
+    YjQ5Y2NiOTlkZjQ5YjE3OTIyZmZiNjZhNjdhOWI3MGJhNjhhMzgxZQ==
+SHA512:
+  metadata.gz: !binary |-
+    YzFiYjNlMWYyMmY0MzZkM2NhMjBlZGVlYzE4Y2UyZjRjNDlhOGNmNzk1ZDdk
+    M2E2Njg2MDM2ZDg2YzcwYzk3ZjY0YmRlYWMyNzgzMmMyZDNiZGJhMWJjNWZj
+    MGNkNGU1NjNhYmRhMDY4MDA2NWVhYTNhMzk5N2Y4NThiMTI3MjA=
+  data.tar.gz: !binary |-
+    MjE5MzQ5ZTlhYzc1ZjIxNDkxMmE5NDM5OWRlYjgzNWVlYzQyNmVhN2U4ZTQ4
+    YjM2ZWM2MTZjODEwNWI2ZDM3Mjc5NTNkMjlkMTQzZDk1NWJlOTVmZDIyYmRm
+    OWIzOGU4MTZlZGNiNTQ5MzRhMmRiZGFmNDdkNTc2YTg5ZGUwZGU=

data/bin/onering

@@ -0,0 +1,68 @@
+#!/usr/bin/env ruby
+$:.push 'lib'
+require 'trollop'
+require 'onering'
+require 'hashlib'
+require 'rainbow'
+require 'pp'
+
+plugins = Onering::CLI::Plugin.registered_plugins.collect{|i| i.name.split('::').last.downcase }
+exclude_plugins = %w{devices}
+
+global = Trollop::options do
+  banner <<-EOS
+onering command line client utility - version #{Onering::Client::VERSION}
+
+Usage:
+    onering [global] [plugin] [subcommand] [options]
+
+Plugins (onering <plugin> --help for usage details):
+  #{(plugins - exclude_plugins).sort.join(', ')}
+
+where [global] options are:
+EOS
+
+  opt :url,         "The URL of the Onering server to connect to", :short => '-s', :type => :string
+  opt :path,        "The base path to prepend to all requests (default: /api)", :type => :string
+  opt :source,      "Specify the source IP address to use (i.e. which network interface the request should originate from)", :short => '-I', :type => :string
+  opt :param,       "Additional query string parameters to include with the request in the format FIELD=VALUE. Can be specified multiple times.", :short => '-p', :type => :string, :multi => true
+  opt :format,      "The output format for return values (i.e.: json, yaml, text)", :short => '-t', :type => :string
+  opt :sslkey,      "Location of the SSL client key to use for authentication", :short => '-c', :type => :string
+  opt :nosslverify, "Disable verification of the server SSL certificate", :type => :boolean
+  opt :apikey,      "The API token to use for authentication", :short => '-k', :type => :string
+  opt :quiet,       "Suppress standard output", :short => '-q'
+  opt :separator,   "A string used to separate output values of delimited tabular data", :short => '-S', :default => "\t"
+  opt :verbosity,   "Set the log level (fatal, error, warn, info, debug)", :short => '-v', :type => :string, :default => 'warn'
+
+  stop_on plugins
+end
+
+
+plugin = ARGV.shift
+Trollop::die("plugin argument is requried") if plugin.nil?
+
+Onering::Logger.setup({
+  :destination => 'stdout',
+  :threshold   => global[:verbosity]
+})
+
+if plugins.include?(plugin)
+  begin
+    plugin = Onering::CLI.const_get(plugin.capitalize)
+    plugin.configure(global)
+
+    Onering::Logger.debug("Executing plugin #{plugin}\#run()", $0)
+    rv = plugin.run(ARGV)
+    Onering::CLI.output(rv, (global[:format] || plugin.default_format(rv, ARGV) || 'text'))
+
+  rescue Onering::API::Errors::Exception => e
+    Onering::Logger.fatal(e.message, e.class.name.split('::').last) rescue nil
+    exit 1
+
+  rescue Onering::Client::FatalError => e
+    exit 255
+
+  end
+else
+  Trollop::die("unknown plugin #{plugin}")
+end

data/lib/etc/facter.list

@@ -0,0 +1,19 @@
+serialnumber:serial
+manufacturer:make
+productname:model
+boardmanufacturer:mbmake
+boardproductname:mbmodel
+boardserialnumber:mbserial
+hostname
+fqdn
+default_ipaddress:ip
+default_macaddress:mac
+default_gateway:gateway
+kernelrelease:kernel
+kernelarguments:@kernelarguments
+architecture:arch
+operatingsystem:distro
+operatingsystemrelease:version
+signature
+boottime:booted_at
+onering:@onering

data/lib/onering.rb

@@ -0,0 +1,32 @@
+$: << File.expand_path(File.dirname(__FILE__))
+
+module Onering
+  FULL_CLIENT = true
+end
+
+require 'onering/version'
+require 'onering/logger'
+
+if not ENV['ONERING_LOGLEVEL'].nil?
+  Onering::Logger.setup({
+    :destination => 'stderr',
+    :threshold   => ENV['ONERING_LOGLEVEL']
+  })
+end
+
+require 'onering/util'
+require 'onering/api'
+require 'onering/cli'
+
+# require plugins
+Dir[File.join(File.expand_path(File.dirname(__FILE__)),"onering","plugins","*.rb")].each do |i|
+  require i
+end
+
+# require cli submodules
+Dir[File.join(File.expand_path(File.dirname(__FILE__)),"onering","cli","*.rb")].each do |i|
+  require i
+end
+
+# you've loaded the library, now load the config
+Onering::Config.load()

data/lib/onering/api.rb

@@ -0,0 +1,322 @@
+require 'openssl'
+require 'yaml'
+require 'hashlib'
+require 'deep_merge'
+require 'addressable/uri'
+require 'httparty'
+require 'onering/config'
+
+module Onering
+  class API
+    module Actions
+      class Retry < ::Exception; end
+    end
+
+    module Errors
+      class Exception < ::Exception; end
+      class NotConnected < Exception; end
+
+      class ClientError < Exception; end
+      class Unauthorized < ClientError; end
+      class Forbidden < ClientError; end
+      class NotFound < ClientError; end
+
+      class ServerError < Exception; end
+      class ConnectionTimeout < Exception; end
+      class AuthenticationMissing < Exception; end
+    end
+
+    include Onering::Util
+    include ::HTTParty
+
+    attr_accessor :url
+    format        :json
+
+    DEFAULT_BASE="https://onering"
+    DEFAULT_PATH="/api"
+    DEFAULT_CLIENT_PEM=["~/.onering/client.pem", "/etc/onering/client.pem"]
+    DEFAULT_CLIENT_KEY=["~/.onering/client.key", "/etc/onering/client.key"]
+    DEFAULT_VALIDATION_PEM="/etc/onering/validation.pem"
+
+
+    def initialize(options={})
+      @_plugins = {}
+      options = {} if options.nil?
+      @_connection_options = options
+
+    # load and merge all config file sources
+      Onering::Config.load(@_connection_options[:configfile], @_connection_options.get(:config, {}))
+
+      if options.get('config.nosslverify', false) == true
+      # deliberately break SSL verification
+        Onering::Logger.warn("Disabling SSL peer verification for #{options.get('config.url')}")
+        OpenSSL::SSL.send(:const_set, :OLD_VERIFY_PEER, OpenSSL::SSL::VERIFY_PEER)
+        OpenSSL::SSL.send(:remove_const, :VERIFY_PEER)
+        OpenSSL::SSL.send(:const_set, :VERIFY_PEER, OpenSSL::SSL::VERIFY_NONE)
+      else
+      # restore SSL verification if it's currently broken
+        if defined?(OpenSSL::SSL::OLD_VERIFY_PEER)
+          if OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE and OpenSSL::SSL::OLD_VERIFY_PEER != OpenSSL::SSL::VERIFY_NONE
+            OpenSSL::SSL.send(:remove_const, :VERIFY_PEER)
+            OpenSSL::SSL.send(:const_set, :VERIFY_PEER, OpenSSL::SSL::OLD_VERIFY_PEER)
+          end
+        end
+      end
+
+      if OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE
+        Onering::Logger.warn("Disabling SSL peer verification for #{options.get('config.url')}")
+      end
+
+      # source interface specified
+      # !! HAX !! HAX !! HAX !! HAX !! HAX !! HAX !! HAX !! HAX !! HAX !! HAX !!
+      #   Due to certain versions of Ruby's Net::HTTP not allowing you explicitly
+      #   specify the source IP/interface to use, this horrific monkey patch is
+      #   necessary, if not right.
+      #
+      #   If at least some of your code doesn't make you feel bottomless shame
+      #   then you aren't coding hard enough.
+      #
+      if options.get('config.source').is_a?(String)
+        if options.get('config.source') =~ /^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/
+        # insert firing pin into the hack
+          TCPSocket.instance_eval do
+            (class << self; self; end).instance_eval do
+              alias_method :_stock_open, :open
+              attr_writer  :_hack_local_ip
+
+              define_method(:open) do |conn_address, conn_port|
+                _stock_open(conn_address, conn_port, @_hack_local_ip)
+              end
+            end
+          end
+
+        # arm the hack
+          TCPSocket._hack_local_ip = options.get('config.source')
+
+        # sound the siren
+          Onering::Logger.info("Using local interface #{options.get('config.source')} to connect", "Onering::API")
+
+        else
+          raise "Invalid source IP address #{options.get('config.source')}"
+        end
+      end
+
+    # set API connectivity details
+      Onering::API.base_uri(options.get('config.url', Onering::Config.get(:url, DEFAULT_BASE)))
+      Onering::Logger.info("Server URL is #{Onering::API.base_uri}", "Onering::API")
+
+    # add default parameters
+      options.get('config.params',{}).each do |k,v|
+        _default_param(k,v)
+      end
+
+      connect(options) if options.get(:autoconnect, true)
+    end
+
+    def connect(options={})
+    # setup authentication
+      _setup_auth()
+
+      Onering::Logger.debug("Connection setup complete", "Onering::API")
+      return self
+    end
+
+
+    def request(method, endpoint, options={})
+      endpoint = [Onering::Config.get(:path, DEFAULT_PATH).strip, endpoint.sub(/^\//,'')].join('/')
+
+      Onering::Logger.debug("#{method.to_s.upcase} #{endpoint}#{(options[:query] || {}).empty? ? '' : '?'+options[:query].join('=', '&')}", "Onering::API")
+      options.get(:headers,[]).each do |name, value|
+        next if name == 'Content-Type' and value == 'application/json'
+        Onering::Logger.debug("+#{name}: #{value}", "Onering::API")
+      end
+
+      begin
+        case (method.to_sym rescue method)
+        when :post
+          rv = Onering::API.post(endpoint, options)
+        when :put
+          rv = Onering::API.put(endpoint, options)
+        when :delete
+          rv = Onering::API.delete(endpoint, options)
+        when :head
+          rv = Onering::API.head(endpoint, options)
+        else
+          rv = Onering::API.get(endpoint, options)
+        end
+      rescue SocketError => e
+        Onering::Logger.fatal!("Unable to connect to #{Onering::API.base_uri}", "Onering::API")
+      end
+
+      if rv.code >= 500
+        raise Errors::ServerError.new("HTTP #{rv.code} - #{Onering::Util.http_status(rv.code)} #{rv.parsed_response.get('error.message','') rescue ''}")
+      elsif rv.code >= 400
+        message = "HTTP #{rv.code} - #{Onering::Util.http_status(rv.code)} #{rv.parsed_response.get('error.message', '') rescue ''}"
+
+        case rv.code
+        when 401
+          raise Errors::Unauthorized.new(message)
+        when 403
+          raise Errors::Forbidden.new(message)
+        when 404
+          raise Errors::NotFound.new(message)
+        else
+          raise Errors::ClientError.new(message)
+        end
+      else
+        rv
+      end
+    end
+
+
+    def get(endpoint, options={})
+      request(:get, endpoint, options)
+    end
+
+    def post(endpoint, options={}, &block)
+      if block_given?
+        request(:post, endpoint, options.merge({
+          :body => yield
+        }))
+      else
+        request(:post, endpoint, options)
+      end
+    end
+
+    def put(endpoint, options={}, &block)
+      if block_given?
+        request(:put, endpoint, options.merge({
+          :body => yield
+        }))
+      else
+        request(:put, endpoint, options)
+      end
+    end
+
+    def delete(endpoint, options={})
+      request(:delete, endpoint, options)
+    end
+
+
+  # I'm not a huge fan of what's happening here, but metaprogramming is hard...
+  #
+  # "Don't let the perfect be the enemy of the good."
+  #
+    def method_missing(method, *args, &block)
+      modname = method.to_s.split('_').map(&:capitalize).join
+
+      if not (plugin = (Onering::API.const_get(modname) rescue nil)).nil?
+        @_plugins[method] ||= plugin.new.connect(@_connection_options)
+        return @_plugins[method]
+      else
+        super
+      end
+    end
+
+    def status()
+      Onering::API.new.get("/").parsed_response
+    end
+
+# -----------------------------------------------------------------------------
+    def _setup_auth()
+      type = Onering::Config.get('authentication.type', :auto)
+      _setup_auth_token()
+    end
+
+# -----------------------------------------------------------------------------
+    def _default_param(key, value)
+      @_default_params ||= {}
+      @_default_params[key] = value
+      Onering::API.default_params(@_default_params)
+    end
+
+# -----------------------------------------------------------------------------
+    def _setup_auth_token()
+      Onering::Logger.info("Using token authentication mechanism", "Onering::API")
+
+    # get first keyfile found
+      key = Onering::Config.get('authentication.key', Onering::Config.get('authentication.keyfile'))
+
+      if key.nil?
+        if Onering::Config.get('authentication.bootstrap.enabled', true)
+          Onering::Logger.warn("Authentication token not found, attempting to autoregister client", "Onering::API")
+
+          if not (bootstrap = Onering::Config.get('authentication.bootstrap.key')).nil?
+            if bootstrap.to_s =~ /[0-9a-f]{32,64}/
+            # attempt to create key.yml from least-specific to most, first writable path wins
+              clients = [{
+                :path       => "/etc/onering",
+                :name       => fact('hardwareid'),
+                :keyname    => 'system',
+                :autodelete => true
+              },{
+                :path       => "~/.onering",
+                :name       => ENV['USER'],
+                :keyname    => 'cli',
+                :autodelete => false
+              }]
+
+            # for each client attempt...
+              clients.each do |client|
+              # expand and assemble path
+                client[:path] = (File.expand_path(client[:path]) rescue client[:path])
+                keyfile = File.join(client[:path], 'key.yml')
+
+              # skip this if we can't write to the parent directory
+                next unless File.writable?(client[:path])
+                Dir.mkdir(client[:path]) unless File.directory?(client[:path])
+                next if File.exists?(keyfile)
+
+                self.class.headers({
+                  'X-Auth-Bootstrap-Token' => bootstrap
+                })
+
+              # attempt to create/download the keyfile
+                Onering::Logger.debug("Requesting authentication token for #{client[:name].strip}; #{bootstrap}", "Onering::API")
+                response = self.class.get("/api/users/#{client[:name].strip}/tokens/#{client[:keyname]}")
+
+              # if successful, write the file
+                if response.code < 400 and response.body
+                  File.open(keyfile, 'w').puts(YAML.dump({
+                    'authentication' => {
+                      'key' => response.body.strip.chomp
+                    }
+                  }))
+
+                  key = response.body.strip.chomp
+
+                else
+              # all errors are fatal at this stage
+                  Onering::Logger.fatal!("Cannot autoregister client: HTTP #{response.code} - #{(response.parsed_response || {}).get('error.message', 'Unknown error')}", "Onering::API")
+                end
+
+                self.class.headers({})
+
+              # we're done here...
+                break
+              end
+            else
+              raise Errors::AuthenticationMissing.new("Autoregistration failed: invalid bootstrap token specified")
+            end
+         
+          else
+            raise Errors::AuthenticationMissing.new("Autoregistration failed: no bootstrap token specified")
+          end
+
+        else
+          raise Errors::AuthenticationMissing.new("Authentication token not found, and autoregistration disabled")
+        end
+      end
+
+      raise Errors::AuthenticationMissing.new("Token authentication specified, but cannot find a token config or as a command line argument") if key.nil?
+
+    # set auth mechanism
+      Onering::API.headers({
+        'X-Auth-Mechanism' => 'token'
+      })
+
+    # set default parameters
+      _default_param(:token, key)
+    end
+  end
+end