prepd 0.1.1 → 0.3.0

data/lib/prepd/models/data.rb

@@ -0,0 +1,5 @@
+module Prepd
+  class Data < Base
+    # Stuff for encyrpting data and so forth
+  end
+end

data/lib/prepd/models/developer.rb

@@ -0,0 +1,129 @@
+module Prepd
+  class Developer < Base
+    WORK_DIR = 'developer'
+    include Prepd::Component
+  end
+end
+
+=begin
+    #
+    # Create AWS credential files for Terraform and Ansible, ssh keys and and ansible-vault encryption key
+    # NOTE: The path to credentials is used in the ansible-role prepd
+    #
+    def generate_credentials
+      # self.tf_creds = '/Users/rjayroach/Documents/c2p4/aws/legos-terraform.csv'
+      # self.ansible_creds = '/Users/rjayroach/Documents/c2p4/aws/legos-ansible.csv'
+      generate_tf_creds
+      generate_ansible_creds
+      generate_ssh_keys
+      generate_vault_password
+    end
+
+    def generate_tf_creds
+      self.tf_key, self.tf_secret = CSV.read(tf_creds).last.slice(2,2) if tf_creds
+      unless tf_key and tf_secret
+        STDOUT.puts 'tf_key and tf_secret need to be set (or set tf_creds to path to CSV file)'
+        return
+      end
+      require 'csv'
+      Dir.chdir(path) do
+        File.open('.terraform-vars.txt', 'w') do |f|
+          f.puts("aws_access_key_id = \"#{tf_key}\"")
+          f.puts("aws_secret_access_key = \"#{tf_secret}\"")
+        end
+      end
+    end
+
+    def generate_ansible_creds
+      self.ansible_key, self.ansible_secret = CSV.read(ansible_creds).last.slice(2,2) if ansible_creds
+      unless ansible_key and ansible_secret
+        STDOUT.puts 'ansible_key and ansible_secret need to be set (or set ansible_creds to path to CSV file)'
+        return
+      end
+      Dir.chdir(path) do
+        File.open('.boto', 'w') do |f|
+          f.puts('[Credentials]')
+          f.puts("aws_access_key_id = #{ansible_key}")
+          f.puts("aws_secret_access_key = #{ansible_secret}")
+        end
+      end
+    end
+
+    #
+    # Generate a key pair to be used as the EC2 key pair
+    #
+    def generate_ssh_keys(file_name = '.id_rsa')
+      Dir.chdir(path) { system("ssh-keygen -b 2048 -t rsa -f #{file_name} -q -N '' -C 'ansible@#{name}.#{client.name}.local'") }
+    end
+
+    #
+    # Use ansible-vault to encrypt the inventory group_vars
+    #
+    def encrypt_vault_files
+      Dir.chdir("#{path}/ansible") do
+        %w(all development local production staging).each do |env|
+          system("ansible-vault encrypt inventory/group_vars/#{env}/vault")
+        end
+      end
+    end
+
+    def encrypt(mode = :vault)
+      return unless executable?('gpg')
+      Dir.chdir(path) do
+        system "tar cf #{archive(:credentials)} #{file_list(mode)}"
+      end
+      system "gpg -c #{archive(:credentials)}"
+      FileUtils.rm(archive(:credentials))
+      "File created: #{archive(:credentials)}.gpg"
+    end
+
+    def encrypt_data
+      return unless executable?('gpg')
+      archive_path = "#{path}/#{client.name}-#{name}-data.tar"
+      Dir.chdir(path) do
+        system "tar cf #{archive_path} data"
+      end
+      system "gpg -c #{archive_path}"
+      FileUtils.rm(archive_path)
+      FileUtils.mv("#{archive_path}.gpg", "#{archive(:data)}.gpg")
+      "File created: #{archive(:data)}.gpg"
+    end
+
+    def decrypt(type = :credentials)
+      return unless %i(credentials data).include? type
+      return unless executable?('gpg')
+      unless File.exists?("#{archive(type)}.gpg")
+        STDOUT.puts "File not found: #{archive(type)}.gpg"
+        return
+      end
+      system "gpg #{archive(type)}.gpg"
+      Dir.chdir(path) do
+        system "tar xf #{archive(type)}"
+      end
+      FileUtils.rm(archive(type))
+      "File processed: #{archive(type)}.gpg"
+    end
+
+    def executable?(name = 'gpg')
+      require 'mkmf'
+      rv = find_executable(name)
+      STDOUT.puts "#{name} executable not found" unless rv
+      FileUtils.rm('mkmf.log')
+      rv
+    end
+
+    def file_list(mode)
+      return ".boto .id_rsa .id_rsa.pub .terraform-vars.txt .vault-password.txt" if mode.eql?(:all)
+      ".vault-password.txt"
+    end
+
+    def archive(type = :credentials)
+      "#{data_path}/#{client.name}-#{name}-#{type}.tar"
+    end
+
+    def data_path
+      "#{path}/data"
+    end
+  end
+end
+=end

data/lib/prepd/models/machine.rb

@@ -0,0 +1,146 @@
+require 'yaml'
+require 'erb'
+require 'json'
+
+module Prepd
+  class Machine < Base
+    WORK_DIR = 'machines'
+    USER_CONFIG_FILE = 'build.yml'
+    VALID_BUMP_NAMES = %w(major minor patch)
+
+    include Prepd::Component
+
+    attr_accessor :bump
+
+    before_validation :set_defaults
+
+    validates :bump, inclusion: { in: VALID_BUMP_NAMES, message: "must be one of #{VALID_BUMP_NAMES.join(', ')}" }
+    validate :name_included_in_yaml
+
+    after_create :perform
+
+    def set_defaults
+      self.bump ||= Prepd.config.bump || 'patch'
+    end
+
+    def name_included_in_yaml
+      return if valid_build_names.include? name
+      errors.add(:invalid_name, "valid names are #{valid_build_names.join(', ')}")
+    end
+
+    def valid_build_names
+      yml['images'].keys
+    end
+
+    def yml
+      return @yml if @yml
+      in_component_root do
+        @yml = YAML.load(ERB.new(File.read("#{workspace_root}/prepd-workspace.yml")).result(binding)).merge(
+          YAML.load(ERB.new(File.read("#{component_root}/#{USER_CONFIG_FILE}")).result(binding)))
+      end
+    end
+
+    #
+    # Execute the builder
+    #
+    def perform
+      # return "#{build_action}\n#{build_env}" if Prepd.config.no_op
+      in_component_root do
+        # binding.pry
+        # TODO: remove the preseed copy when running packer command from the gem directory
+        FileUtils.cp("#{Prepd.files_dir}/machine/#{os_env['base_dir']}/preseed.cfg", '.')
+        system(build_env, "packer build #{action_file}")
+        FileUtils.rm('preseed.cfg')
+      end
+    end
+
+    def action_file
+      return "#{Prepd.files_dir}/machine/#{build_action}.json" unless build_action.eql?(:iso)
+      "#{Prepd.files_dir}/machine/#{os_env['base_dir']}/iso.json"
+    end
+
+    def build
+      yml['images'][name]
+    end
+
+    # Get references to current build, the os build and the os env
+    def os_build
+      os_build = build
+      loop do
+        break if os_build['source'].has_key?('os_image')
+        os_build = yml['images'][os_build['source']['image']]
+      end
+      os_build
+    end
+
+    def os_env
+      yml['os_images'][os_build['source']['os_image']]
+    end
+
+    #
+    # Derive values for image and box
+    #
+    def base_dir; os_env['base_dir'] end
+    # def build_image_dir; "#{yml['name']}/images/#{name}" end
+    def build_image_dir; "images/#{name}" end
+    def build_image_name; "#{os_env['base_name']}-#{name}" end
+    # def build_box_dir; "#{Dir.pwd}/#{yml['name']}/boxes" end
+    def build_box_dir; "#{Dir.pwd}/boxes" end
+    def box_json_file; "#{build_box_dir}/#{build_image_name}.json" end
+
+    #
+    # Caclulate the packer builder to run: :iso, :build, :rebuild or :push
+    #
+    def build_action
+      return :push if Prepd.config.push
+      return :rebuild if File.exists?("#{build_image_dir}/#{build_image_name}-disk1.vmdk")
+      build['source'].has_key?('os_image') ? :iso : :build
+    end
+
+    #
+    # Setup env vars for the builder
+    #
+    def build_env
+      xbuild_env = {
+        'VM_BASE_NAME' => os_env['base_name'],
+        'VM_INPUT' => build_action.eql?(:build) ? build['source']['image'] : name,
+        'VM_OUTPUT' => name,
+        'BOX_NAMESPACE' => yml['name'],
+        'BOX_VERSION' => box_version,
+        'PLAYBOOK_FILE' => build['provisioner'],
+        'JSON_RB_FILE' => "#{Prepd.files_dir}/machine/json.rb"
+      }
+
+      xbuild_env.merge!({
+        'ISO_CHECKSUM' => os_env['iso_checksum'],
+        'ISO_URL' => os_env['iso_url']
+      }) if build_action.eql?(:iso)
+
+      xbuild_env.merge!({
+        'AWS_PROFILE' => yml['aws']['profile'],
+        'S3_BUCKET' => yml['aws']['s3_bucket'],
+        'S3_REGION' => yml['aws']['s3_region'],
+        'S3_BOX_DIR' => "#{yml['aws']['box_dir']}/#{yml['namesapce']}"
+      }) if build_action.eql?(:push)
+      xbuild_env
+    end
+
+    # Calculate the next box version
+    def box_version
+      return '0.0.1' unless File.exists?(box_json_file)
+      json = JSON.parse(File.read(box_json_file))
+      current_version = json['versions'].first['version']
+      return current_version if build_action.eql?(:push)
+      inc(current_version, type: bump)
+    end
+
+    def inc(version, type: 'patch')
+      idx = { 'major' => 0, 'minor' => 1, 'patch' => 2 }
+      ver = version.split('.')
+      ver[idx['patch']] = 0 if %w(major minor).include? type
+      ver[idx['minor']] = 0 if %w(major).include? type
+      ver[idx[type]] = ver[idx[type]].to_i + 1
+      ver.join('.')
+    end
+  end
+end

data/lib/prepd/models/project.rb

@@ -0,0 +1,94 @@
+module Prepd
+  class Project < Base
+    WORK_DIR = 'projects'
+    REPOSITORY_VERSION = '0.1.1'.freeze
+    REPOSITORY_NAME = 'prepd-project'.freeze
+
+    include Prepd::Component
+    # If production? then remove the .git directory in order to start with a clean repository
+    # If development? then clone the master branch and return
+  end
+end
+
+=begin
+module Prepd
+  class Project < Base
+
+    has_many :machine_projects
+    has_many :machines, through: :machine_projects
+
+    after_save :write_config
+
+    after_create :set_machine, :clone_repository, :write_password_file
+    validates :name, presence: true, uniqueness: true  # "You must supply APP_PATH" unless name
+
+    # Gets the machine that this project is created on and add it to the array and then save
+    # Both the project and the machine are saved which triggers an update of both machine and project YAML files
+    def set_machine
+      Machine.ref.projects << self
+      Machine.ref.save
+    end
+
+    #
+    # TODO: project's ansible.cfg needs a custom path to vault_password_file
+    # TODO: dir hierarchy for new projects:
+    # ~/projects/hashapp/apps/devops/app/ansible
+    # ~/projects/hashapp/config/vault
+    # ~/prepd/config/projects/hashapp/data
+    # ~/prepd/config/projects/hashapp/vars/setup.yml
+    # ~/prepd/config/projects/hashapp/vault-keys
+    #
+    # TODO: so prepd new <project_name> does this:
+    # mdkir ~/projects/<project_name>/app/ansible
+    # mdkir ~/projects/<project_name>/code
+    # mdkir ~/projects/<project_name>/config/vault
+    #
+    def clone_repository
+      Dir.mkdir(name)
+      Dir.chdir(name) do
+        Prepd.log('cloning git project') if config.no_op
+        system("git clone #{Prepd.git_log} git@github.com:rjayroach/#{self.class::REPOSITORY_NAME}.git .") unless config.no_op
+        if config.production?
+          Prepd.log("checking out version v#{self.class::REPOSITORY_VERSION}") if config.no_op
+          tag_checkout_ok = system("git checkout #{Prepd.git_log} -b v#{self.class::REPOSITORY_VERSION} tags/v#{self.class::REPOSITORY_VERSION}") unless config.no_op
+          fail "Could not checkout out tag v#{self.class::REPOSITORY_VERSION}" unless tag_checkout_ok or config.no_op
+          Prepd.log('initializing new .git repository') if config.no_op
+          FileUtils.rm_rf('.git') unless config.no_op
+          system("git init #{Prepd.git_log}") unless config.no_op
+          Prepd.log('adding all files to the first commit') if config.no_op
+          system('git add .') unless config.no_op
+          system("git commit #{Prepd.git_log} -m 'First commit from Prepd'") unless config.no_op
+        end
+      end
+      nil
+    end
+
+    def write_password_file
+      Prepd.create_password_file(config_dir)
+    end
+
+    # TODO: Projects have a client/project path, not just a name
+    def config_dir
+      "#{config.prepd_dir}/config/projects/#{name}"
+    end
+
+    # as_json with machines array included
+    def for_yaml
+      as_json
+    end
+
+    # If credentials=host then
+    # Make a directory on the host for this project's credentials
+    # Link to the host's config directory
+    # def setup_config
+    #   if config.credentials.eql?('host')
+    #     dir = "#{config.host_dir}/#{config.app_name}/credentials".gsub('~', Dir.home)
+    #     FileUtils.mkdir_p(dir)
+    #     Dir.chdir('config') do
+    #       FileUtils.ln_s(dir, 'credentials')
+    #     end
+    #   end
+    # end
+  end
+end
+=end

data/lib/prepd/models/setup.rb

@@ -0,0 +1,48 @@
+module Prepd
+  class Setup < Base
+    validate :machine_is_host, :directory_cannot_exist
+
+    after_create :initialize_setup, :clone_ansible_roles
+
+    def machine_is_host
+      return if Prepd.config.machine_type.host?
+      errors.add(:machine_type, 'Setup can only run on the host machine')
+    end
+
+    def directory_cannot_exist
+      return if Prepd.config.force
+      errors.add(:directory_exists, requested_dir) if Dir.exists?(requested_dir)
+    end
+
+    def requested_dir
+      "#{Prepd.config_dir}/setup"
+    end
+
+    def initialize_setup
+      FileUtils.mkdir_p(requested_dir)
+      Dir.chdir(requested_dir) do
+        FileUtils.cp_r("#{Prepd.files_dir}/setup/.", '.')
+      end
+      Prepd.config.working_dir = Prepd.config_dir
+      Workspace.new(name: 'share').create
+    end
+
+    # TODO: add OS detection
+    # TODO: Externalize next two values to a yaml file?
+    ANSIBLE_ROLES_PATH = "#{Dir.home}/.ansible/roles".freeze
+    ANSIBLE_ROLES = {'prepd-roles' => 'prepd', 'terraplate' => 'terraplate', 'terraplate-components' => 'terraplate-components' }.freeze
+
+    #
+    # Clone Ansible roles
+    #
+    def clone_ansible_roles
+      FileUtils.mkdir_p(ANSIBLE_ROLES_PATH) unless Dir.exists? ANSIBLE_ROLES_PATH
+      Dir.chdir(ANSIBLE_ROLES_PATH) do
+        ANSIBLE_ROLES.each do |key, value|
+          next if Dir.exists? "#{ANSIBLE_ROLES_PATH}/#{value}"
+          system("git clone #{Prepd.git_log} git@github.com:rjayroach/#{key} #{value}")
+        end
+      end
+    end
+  end
+end

data/lib/prepd/models/workspace.rb

@@ -0,0 +1,51 @@
+module Prepd
+  class Workspace < Base
+    attr_accessor :name
+
+    validates :name, presence: true
+    validate :directory_cannot_exist
+
+    after_create :create_workspace, :initialize_workspace
+
+    def directory_cannot_exist
+      return if Prepd.config.force
+      errors.add(:directory_exists, requested_dir) if Dir.exists?(requested_dir)
+    end
+
+    def requested_dir
+      "#{Prepd.config.working_dir}/#{name}"
+    end
+
+    def create_workspace
+      Dir.chdir(Prepd.config.working_dir) do
+        FileUtils.rm_rf(name) if Prepd.config.force
+        FileUtils.mkdir_p(name)
+      end
+    end
+
+    def initialize_workspace
+      Dir.chdir(requested_dir) do
+        File.open('prepd-workspace.yml', 'w') { |f| f.write("---\nname: #{name}\n") }
+        Prepd.register_workspace(Dir.pwd)
+        FileUtils.cp_r("#{Prepd.files_dir}/workspace/.", '.')
+        Dir.chdir('developer') do
+          File.open('vars.yml', 'w') do |f|
+            f.puts("---\ngit_user:")
+            f.puts("  name: #{`git config --get user.name`.chomp}")
+            f.puts("  email: #{`git config --get user.email`.chomp}")
+          end
+          Prepd.write_password_file('vault-password.txt')
+          FileUtils.touch('vault.yml')
+          system('ansible-vault encrypt vault.yml')
+        end
+        # NOTE: remove after testing
+        # Dir.chdir('machines') do
+        #   FileUtils.mkdir('packer_cache')
+        #   Dir.chdir('packer_cache') do
+        #     FileUtils.cp('/tmp/50e697ab8edda5b0ac5ba2482c07003d2ff037315c7910af66efd3c28d23ed51.iso', '.')
+        #   end
+        # end
+      end
+    end
+  end
+end