puppetfactory 0.4.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ed93b40457051de5d2851c3ec2dcffd491d292ee
+  data.tar.gz: 19f16c05357c6c9d2a8dc6d0d4109ce72acbaf81
+SHA512:
+  metadata.gz: ed0b47fdac3c0b0133809422900eaf137e92ea9b1d55c77bc35a01b26f6f3e9b3abc537d98f96f1696afe2530b99ca660358e7d2c3303cc64892e34fbae10e43
+  data.tar.gz: c27f57e1691131f6be87d27a1011676d9ef7b9d3266cce444dbe7341c8cd2fbbc756d23b5d4786814a61695456e7cd8bf72c1fe9b4b12b1bb1078ee1ac05be55

data/LICENSE

@@ -0,0 +1,13 @@
+Copyright (c) 2014-2016 Ben Ford, Josh Samuelson, Puppet, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/bin/pfsh

@@ -0,0 +1,31 @@
+#! /usr/bin/env ruby
+
+require 'rubygems'
+require 'yaml'
+require 'puppetfactory'
+
+if File.exist? '/etc/puppetfactory/config.yaml'
+  options = YAML.load_file('/etc/puppetfactory/config.yaml') rescue {}
+else
+  options = YAML.load_file('/etc/puppetfactory.yaml') rescue {}
+end
+
+options[:plugins] ||= [:LoginShell]
+options[:logfile] ||= STDOUT
+options[:session] ||= '12345'
+
+$logger = Logger.new(options[:logfile])
+
+plugins = options[:plugins].map do |plugin|
+  require "puppetfactory/plugins/#{plugin.snake_case}"
+  Puppetfactory::Plugins::const_get(plugin).new(options)
+end
+
+resp = plugins.select { |plugin| plugin.respond_to? :login }
+raise "The login action is not exposed by any plugins" if resp.size == 0
+raise "The login action is exposed by multiple loaded plugins! (#{resp.map {|p| p.class }})" unless resp.size == 1
+
+print 'Please enter the session ID: '
+raise 'Incorrect session ID' unless STDIN.gets.strip == options[:session]
+
+resp.first.send(:login)

data/bin/puppetfactory

@@ -0,0 +1,153 @@
+#! /usr/bin/env ruby
+
+require 'rubygems'
+require 'puppetfactory'
+require 'optparse'
+require 'yaml'
+
+NAME = File.basename($PROGRAM_NAME)
+
+if File.exist? '/etc/puppetfactory/config.yaml'
+  options = YAML.load_file('/etc/puppetfactory/config.yaml') rescue {}
+else
+  options = YAML.load_file('/etc/puppetfactory.yaml') rescue {}
+end
+
+optparse = OptionParser.new { |opts|
+  opts.banner = "Usage : #{NAME} [command] [target]
+
+When called with no arguments, this will start the PuppetFactory server.
+You can also pass arguments to invoke CLI commands.
+  * ls | list
+      * List all PuppetFactory users
+  * new |create <username> [password]
+      * Create a new PuppetFactory user with an optional password
+  * remove | delete <username>
+      * Delete a PuppetFactory user
+  * repair | reprovision <username>
+      * Reprovision a PuppetFactory user container
+  * redeploy <username>
+      * Delete a user's environment from disk and redeploy it with r10k
+  * configprint
+      * Display the value of all Puppetfactory options.
+
+This will send commands to the PuppetFactory server specified in
+/etc/puppetfactory/config.yaml, defaulting to localhost if unspecified.
+"
+
+  opts.on("-s SERVER", "--server SERVER", "Remote PuppetFactory server.") do |arg|
+    options[:server] = arg
+  end
+
+  opts.on("-d", "--debug", "Display extra debugging information.") do
+    options[:debug] = true
+  end
+
+  opts.separator('')
+
+  opts.on("-h", "--help", "Displays this help") do
+    puts opts
+    exit
+  end
+}
+optparse.parse!
+
+options[:puppet]       ||= '/opt/puppetlabs/bin/puppet'
+options[:confdir]      ||= '/etc/puppetlabs/puppet'
+options[:codedir]      ||= '/etc/puppetlabs/code'
+options[:environments] ||= "#{options[:codedir]}/environments"
+
+options[:root]         ||= File.expand_path(File.join(File.dirname(__FILE__), '..'))
+options[:logfile]      ||= '/var/log/puppetfactory'
+options[:templatedir]  ||= "#{File.dirname(__FILE__)}/../templates"
+
+options[:port]         ||= 8000
+options[:bind]         ||= '0.0.0.0'
+
+options[:user]         ||= 'admin'
+options[:password]     ||= 'admin'
+options[:session]      ||= '12345'
+
+options[:master]       ||= `hostname`.strip
+options[:usersuffix]   ||= 'puppetfactory.vm'
+options[:usergroups]   ||= []
+
+options[:puppetcode]   ||= '/var/opt/puppetcode'
+options[:modulepath]   ||= :none
+
+options[:gitserver]    ||= 'https://github.com'
+options[:gituser]      ||= 'puppetlabs'
+options[:controlrepo]  ||= 'control-repo.git'
+options[:repomodel]    ||= :single
+
+options[:plugins]      ||= [:ShellUser, :Logs]
+
+def validate(options, option, values)
+  unless values.include? options[option]
+    raise "#{option} must be one of #{values.inspect}"
+  end
+end
+
+validate(options, :modulepath, [:readwrite, :readonly, :none])
+validate(options, :repomodel, [:single, :peruser])
+
+Puppetfactory::Helpers.configure(options)
+
+# why do I have to do this? This page implies I shouldn't.
+# https://github.com/sinatra/sinatra#logging
+$logger = Logger::new(options[:logfile])
+$logger.level     = options[:debug] ? Logger::DEBUG : Logger::INFO
+$logger.formatter = proc { |severity,datetime,progname,msg| "[#{datetime}] #{severity}: #{msg}\n" }
+
+# if no arguments, start up the server
+if ARGV.size == 0
+ Puppetfactory.run! options
+
+#   opts = {
+#           :Port               => 8000,
+#           :Host               => '0.0.0.0',
+#           :Logger             => WEBrick::Log::new(options[:logfile], WEBrick::Log::INFO),
+#           :ServerType         => options[:debug] ? WEBrick::SimpleServer : WEBrick::Daemon,
+#           :DocumentRoot       => options[:docroot],
+#           :SSLEnable          => false,
+#   #         :SSLVerifyClient    => OpenSSL::SSL::VERIFY_NONE,
+#   #         :SSLCertificate     => OpenSSL::X509::Certificate.new(  File.open(File.join(CERT_PATH, 'server.crt')).read),
+#   #         :SSLPrivateKey      => OpenSSL::PKey::RSA.new(          File.open(File.join(CERT_PATH, 'server.key')).read),
+#   #         :SSLCertName        => [ [ "CN",WEBrick::Utils::getservername ] ]
+#   }.merge(options)
+#
+#   Rack::Handler::WEBrick.run(Puppetfactory, opts) do |server|
+#     require 'pry'
+#     binding.pry
+#
+#           [:INT, :TERM].each { |sig| trap(sig) { server.stop } }
+#   end
+else
+  require 'puppetfactory/cli'
+
+  puppetfactory = Puppetfactory::Cli.new(options)
+
+  command, user, password = ARGV
+  case command
+  when 'ls', 'list'
+    puppetfactory.list
+
+  when 'new', 'create'
+    puppetfactory.create(user, password)
+
+  when 'remove', 'delete'
+    puppetfactory.delete(user)
+
+  when 'repair', 'reprovision'
+    puppetfactory.repair(user)
+  when 'redeploy'
+    puppetfactory.redeploy(user)
+  when 'configprint'
+    puts options.to_yaml
+
+  else
+    puts "Unknown command: #{command}"
+    puts "Run #{NAME} -h for usage."
+    exit 1
+  end
+end

data/lib/puppetfactory.rb

@@ -0,0 +1,300 @@
+#! /usr/bin/env ruby
+
+require 'rubygems'
+require 'sinatra/base'
+require 'webrick'
+# require 'webrick/https'
+# require 'openssl'
+require 'resolv'
+require 'json'
+require 'fileutils'
+require 'erb'
+require 'yaml'
+require 'time'
+require 'docker'
+require 'rest-client'
+require 'open3'
+
+class Puppetfactory < Sinatra::Base
+  require 'puppetfactory/helpers'
+  require 'puppetfactory/monkeypatches'
+  require 'puppetfactory/plugins'
+
+  set :views, File.dirname(__FILE__) + '/../views'
+  set :public_folder, File.dirname(__FILE__) + '/../public'
+  set :erb, :trim => '-'
+
+  configure :production, :development do
+    enable :logging
+    enable :sessions
+  end
+
+  def initialize(app=nil)
+    super(app)
+
+    # lets us pretend that the settings object is a hash in our plugins
+    def settings.[](opt)
+      settings.send(opt) if settings.respond_to? opt
+    end
+
+    # Add a link back to the server so that plugins can add routes
+    def settings.puppetfactory
+      self
+    end
+
+    @loaded_plugins = settings.plugins.map do |plugin|
+      require "puppetfactory/plugins/#{plugin.snake_case}"
+      Puppetfactory::Plugins::const_get(plugin).new(settings)
+    end
+    @loaded_plugins = @loaded_plugins.sort_by { |plugin| plugin.weight }
+
+    ensure_single_action(:users)
+    ensure_single_action(:login)
+#    ensure_single_action(:deploy) # TODO: maybe this shouldn't be limited like this.
+                                  #       But if not, we need a plugin.suitability() method.
+  end
+
+  # UI tab endpoints
+  get '/' do
+    @tabs = merge(plugins(:tabs, privileged?))
+
+    erb :index
+  end
+
+  get '/home' do
+    erb :home
+  end
+
+  get '/users' do
+    @users   = load_users()
+    @current = merge(plugins(:userinfo, session[:username], true)) if session.include? :username
+
+    erb :users
+  end
+
+  get '/shell' do
+    erb :shell
+  end
+  # End UI tabs
+
+  # set the currently active user. This should probably be a PUT action.
+  get '/users/active/:username' do |username|
+    session[:username] = username
+    {"status" => "ok"}.to_json
+  end
+
+  # admin login
+  get '/login' do
+    protected!
+    redirect '/'
+  end
+
+  # create a new username with the default password.
+  get '/new/:username' do |username|
+    protected!
+    create(username)
+  end
+
+  post '/new' do
+    confined!
+    session[:username] = params[:username]
+    create(params[:username], params[:password])
+  end
+
+  get '/shell/login' do
+    redirect "http://#{request.host}:4200"
+  end
+
+  get '/port/:port/' do |port|
+    redirect "http://#{request.host}:#{port}"
+  end
+
+  # RESTful API endpoints
+  # Return details for all users as JSON
+  get '/api/users' do
+    load_users(true).to_json
+  end
+
+  # create a user
+  post '/api/users' do
+    # no need for all the returned status. That was a workaround for not having any real logging
+    create(params[:username], params[:password])
+  end
+
+  # Return details for single user
+  get '/api/users/:username' do
+    username = params[:username]
+    load_user(username).to_json
+  end
+
+  # perform an action on a given user
+  put '/api/users/:username' do |username|
+    case params[:action]
+    when 'deploy'
+      resp = plugins(:deploy, username)
+
+    when 'redeploy'
+      resp = plugins(:redeploy, username)
+
+    when 'repair'
+      resp = plugins(:repair, username)
+
+    when 'select'
+      session[:username] = username
+      resp = [true]
+
+    else
+      raise "Unknown user action: #{params[:action]}."
+    end
+    if resp.select { |response| response == false }.size == 0
+      {"status" => "success"}.to_json
+    else
+      {"status" => "failure"}.to_json
+    end
+  end
+
+  # delete a user
+  delete '/api/users/:username' do
+    delete(params[:username])
+  end
+
+
+# These endpoints don't seemed to be used for anything
+#   get '/api/users/:username/port' do
+#     user_port(params[:username])
+#   end
+#
+#   get '/api/users/:username/node_group_status' do
+#     node_group_status(params[:username]).to_json
+#   end
+#
+#
+#   get '/api/users/:username/console_user_status' do
+#     console_user_status(params[:username]).to_json
+#   end
+
+
+  not_found do
+    halt 404, 'page not found'
+  end
+
+  helpers do
+    # call a method of a single named plugin.
+    def plugin(name, action, *args)
+      plugin = @loaded_plugins.find {|plugin| plugin.class.name == "Puppetfactory::Plugins::#{name.to_s}" }
+      plugin.send(action, *args)
+    end
+
+    # call a method on all plugins that implement it
+    def plugins(action, *args)
+      @loaded_plugins.map do |plugin|
+        next unless plugin.respond_to? action
+
+        plugin.send(action, *args)
+      end.compact
+    end
+
+    # call a method on all plugins that implement it
+    def reversedplugins(action, *args)
+      @loaded_plugins.reverse.map do |plugin|
+        next unless plugin.respond_to? action
+
+        plugin.send(action, *args)
+      end.compact
+    end
+
+    def ensure_single_action(action)
+      resp = @loaded_plugins.select { |plugin| plugin.respond_to? action }
+      raise "The #{action} action is not exposed by any plugins" if resp.size == 0
+      raise "The #{action} action is exposed by multiple loaded plugins! (#{resp.map {|p| p.class }})" unless resp.size == 1
+    end
+
+    def action_enabled?(action)
+      resp = @loaded_plugins.select { |plugin| plugin.respond_to? action }
+      resp.size != 0
+    end
+
+    # Take an array of hashes and squash them into a single hash.
+    # Keys later in the list override those which come earlier
+    def merge(elements)
+      elements.inject({}) do |memo, element|
+          memo.merge! element
+      end
+    end
+
+
+
+    def create(username, password = 'puppetlabs')
+      begin
+        responses = plugins(:create, username, password)
+        errors    = responses.select { |response| response == false }.size
+
+        if errors == 0
+          { :status => :success, :message => "Created user #{username}."}.to_json
+        else
+          # TODO: should we call delete to cleanup?
+          #plugins(:delete, username) # Don't leave artifacts.
+          { :status => :failure, :message => "There were #{errors} errors creating #{username}. See logs for details."}.to_json
+        end
+      rescue => e
+        $logger.warn e.backtrace
+        {:status => :failure, :message => "Fatal error creating #{username}: #{e.message}"}.to_json
+      end
+    end
+
+    def delete(username)
+      begin
+        responses = reversedplugins(:delete, username)
+        errors    = responses.select { |response| response == false }.size
+
+        if errors == 0
+          { :status => :success, :message => "Deleted user #{username}."}.to_json
+        else
+          { :status => :failure, :message => "There were #{errors} errors deleting #{username}. See logs for details."}.to_json
+        end
+      rescue => e
+          {:status => :failure, :message => "Fatal error deleting #{username}: #{e.message}"}.to_json
+      end
+    end
+
+    def load_users(extended = false)
+      users = {}
+      plugins(:users).flatten.each do |username|
+        users[username] = merge(plugins(:userinfo, username, extended))
+      end
+      users
+    end
+
+
+    # Basic auth boilerplate
+    def protected!
+      unless authorized?
+        response['WWW-Authenticate'] = %(Basic realm="Restricted Area")
+        throw(:halt, [401, "Not authorized\n"])
+      end
+    end
+
+    def confined!
+      unless params[:session] == settings.session
+        throw(:halt, [403, "Only classroom members are allowed to create accounts!\n"])
+      end
+    end
+
+    def privileged?
+      session[:privileges] == 'admin'
+    end
+
+    def authorized?
+      @auth ||=  Rack::Auth::Basic::Request.new(request.env)
+
+      if @auth.provided? && @auth.basic? && @auth.credentials == [settings.user, settings.password]
+        session[:privileges] = 'admin'
+        true
+      else
+        session.delete :privileges
+        false
+      end
+    end
+
+  end
+end