simp-cli 1.0.12

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    MGNhMzQ0NTM3Y2Q2MWM2NTRhNmE5NjdkYzk2ZjcxZmUzZTBmMjBhMA==
+  data.tar.gz: !binary |-
+    YTUyY2E3M2JmNDYwNTMwMDU0MmVkZmUwMzk5NjBhZjQ3MjI1ZDYzNA==
+SHA512:
+  metadata.gz: !binary |-
+    ZDM3ZTEwNzkyZDA4N2E5ZDZlYmU1NzQ2ZWIxYzMwMWZkODQ3NDZlOTM0OTMw
+    ZTlhNTJkOTU4ZDFiMTQ3YjcwMDZlMTQyZjRlY2ZhZWE5YmJmMmE3ZTVhOWNi
+    ZTVmYmY4ZThmYjdkZjc4Yjc4M2ZlMDVkOWNkYWUzOGNjZTI0YWQ=
+  data.tar.gz: !binary |-
+    OWIxODU0MGNjYjVlMWY1Nzk3YjVlMjA1Y2UxZWRlZGM1OWQ0MzdmZGFjZWU0
+    ZTFkMzQ1ODIxYmI2NzBhNWY4M2VhN2UxMjAzZjAwNzlhMWYwOTA3ZjY4MDZk
+    YjQ5Njg3ZWQzOGI2NmQ4N2MzYjUxOTFjNzE5NjkxZjdiNTUxYTM=

data/LICENSE

@@ -0,0 +1,27 @@
+rubygem-simp-cli - The command line interface to SIMP
+
+--
+
+Per Section 105 of the Copyright Act of 1976, these works are not entitled to
+domestic copyright protection under US Federal law.
+
+The US Government retains the right to pursue copyright protections outside of
+the United States.
+
+The United States Government has unlimited rights in this software and all
+derivatives thereof, pursuant to the contracts under which it was developed and
+the License under which it falls.
+
+---
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md

@@ -0,0 +1,48 @@
+# simp-cli
+
+A cli interface to configure SIMP and simplify administrative tasks.
+
+## Usage
+
+```bash
+simp COMMAND [OPTIONS]
+```
+
+**NOTE:** The `simp` cli command is intended to be run from a SIMP-managed OS.
+
+### Commands
+#### Configuration
+##### `bootstrap`
+Bootstraps a SIMP system (requires configuration data generated by `simp config`).
+
+**NOTE:** If you have an existing 'production' environment it will be backed up and
+mapped to a 'simp' environment when bootstrap is run.
+
+##### `config`
+Creates SIMP configuration files with an interactive questionnaire.
+
+
+#### Adminstration
+##### `doc`
+Displays SIMP documentation in elinks.
+
+##### `passgen`
+Controls user passwords.
+
+#### Recently deprecated
+##### `check` _(removed)_
+Validates various subsystems
+
+##### `cleancerts` _(deprecated - use `puppet cert clean CERTNAME` instead)_
+Revokes and removed Puppet certificates from a list of hosts.
+
+##### `runpuppet`_(deprecated - use [mcollective](http://puppetlabs.com/mcollective) instead._
+Runs puppet on a list of hosts.
+
+
+##### `puppeteval` _(deprecated - use `puppet agent --evaltrace` instead)_
+Gathers metrics information on Puppet runs.
+
+
+## License
+See [LICENSE](LICENSE)

data/Rakefile

@@ -0,0 +1,142 @@
+$: << File.expand_path( '../lib/', __FILE__ )
+
+require 'rubygems'
+require 'rake/clean'
+require 'simp/cli'
+require 'fileutils'
+require 'find'
+
+@package='simp-cli'
+@rakefile_dir=File.dirname(__FILE__)
+
+
+CLEAN.include "#{@package}-*.gem"
+CLEAN.include 'pkg'
+CLEAN.include 'dist'
+Find.find( @rakefile_dir ) do |path|
+  if File.directory? path
+    CLEAN.include path if File.basename(path) == 'tmp'
+  else
+    Find.prune
+  end
+end
+
+
+desc 'Ensure gemspec-safe permissions on all files'
+task :chmod do
+  gemspec = File.expand_path( "#{@package}.gemspec", @rakefile_dir ).strip
+  spec = Gem::Specification::load( gemspec )
+  spec.files.each do |file|
+    FileUtils.chmod 'go=r', file
+  end
+end
+
+desc 'special notes about these rake commands'
+task :help do
+  puts %Q{
+== environment variables ==
+SIMP_RPM_BUILD     when set, alters the gem produced by pkg:gem to be RPM-safe.
+                   'pkg:gem' sets this automatically.
+  }
+end
+
+desc 'run all RSpec tests'
+task :spec do
+  Dir.chdir @rakefile_dir
+  sh 'bundle exec rspec spec'
+end
+
+desc %q{run all RSpec tests (alias of 'spec')}
+task :test => :spec
+
+namespace :pkg do
+  @specfile_template = "rubygem-#{@package}.spec.template"
+  @specfile          = "build/rubygem-#{@package}.spec"
+
+  # ----------------------------------------
+  # DO NOT UNCOMMENT THIS: the spec file requires a lot of tweaking
+  # ----------------------------------------
+  #  desc "generate RPM spec file for #{@package}"
+  #  task :spec => [:clean, :gem] do
+  #    Dir.glob("pkg/#{@package}*.gem") do |pkg|
+  #      sh %Q{gem2rpm -t "#{@specfile_template}" "#{pkg}" > "#{@specfile}"}
+  #    end
+  #  end
+
+  desc "build rubygem package for #{@package}"
+  task :gem => :chmod do
+    Dir.chdir @rakefile_dir
+    Dir['*.gemspec'].each do |spec_file|
+      cmd = %Q{SIMP_RPM_BUILD=1 bundle exec gem build "#{spec_file}"}
+      sh cmd
+      FileUtils.mkdir_p 'dist'
+      FileUtils.mv Dir.glob("#{@package}*.gem"), 'dist/'
+    end
+  end
+
+
+  desc "build and install rubygem package for #{@package}"
+  task :install_gem => [:clean, :gem] do
+    Dir.chdir @rakefile_dir
+    Dir.glob("dist/#{@package}*.gem") do |pkg|
+      sh %Q{bundle exec gem install #{pkg}}
+    end
+  end
+
+
+  desc "generate RPM for #{@package}"
+    require 'tmpdir'
+    task :rpm, [:mock_root] => [:clean, :gem] do |t, args|
+      mock_root  = args[:mock_root]
+      # TODO : Get rid of this terrible code.  Shoe-horned in until
+      # we have a better idea for auto-decet
+      if mock_root =~ /^epel-6/ then el_version = '6'
+      elsif mock_root =~ /^epel-7/ then el_version = '7'
+      else puts 'WARNING: Did not detect epel version'
+      end
+      tmp_dir = ''
+
+      if tmp_dir = ENV.fetch( 'SIMP_MOCK_SIMPGEM_ASSETS_DIR', false )
+         FileUtils.mkdir_p tmp_dir
+      else
+         tmp_dir = Dir.mktmpdir( "build_#{@package}" )
+      end
+
+      begin
+        Dir.chdir tmp_dir
+        specfile     = "#{@rakefile_dir}/build/rubygem-#{@package}.el#{el_version}.spec"
+        tmp_specfile = "#{tmp_dir}/rubygem-#{@package}.el#{el_version}.spec"
+
+        # We have to copy to a local directory because mock bugs out in NFS
+        # home directories (where SIMP devs often work)
+        FileUtils.cp specfile, tmp_specfile, :preserve => true
+        Dir.glob("#{@rakefile_dir}/dist/#{@package}*.gem") do |pkg|
+          FileUtils.cp pkg, tmp_dir, :preserve => true
+        end
+
+        # Build SRPM from specfile
+        sh %Q{mock -r #{mock_root} --buildsrpm --source="#{tmp_dir}" --spec="#{tmp_specfile}" --resultdir="#{tmp_dir}"}
+
+        # Build RPM from SRPM
+        Dir.glob("#{tmp_dir}/rubygem-#{@package}-*.el#{el_version}*.src.rpm") do |pkg|
+          sh %Q{mock -r #{mock_root} --rebuild "#{pkg}" --resultdir=#{tmp_dir} --no-cleanup-after}
+        end
+
+        sh %Q{ls -l "#{tmp_dir}"}
+
+        # copy RPM back into pkg/
+        Dir.glob("#{tmp_dir}/rubygem-#{@package}-*.el#{el_version}*.rpm") do |pkg|
+          sh %Q{cp "#{pkg}" "#{@rakefile_dir}/dist/"}
+          FileUtils.cp pkg, "#{@rakefile_dir}/dist/"
+        end
+      ensure
+        Dir.chdir @rakefile_dir
+        # cleanup if needed
+        if ! ENV.fetch( 'SIMP_MOCK_SIMPGEM_ASSETS_DIR', false )
+           FileUtils.remove_entry_secure tmp_dir
+        end
+      end
+  end
+end
+
+# vim: syntax=ruby

data/bin/simp

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH << File.expand_path( '../lib', File.dirname(__FILE__) )
+require 'simp/cli'
+Simp::Cli.start

data/lib/simp/cli.rb

@@ -0,0 +1,88 @@
+$LOAD_PATH << File.expand_path( '..', File.dirname(__FILE__) )
+
+# namespace for SIMP logic
+module Simp; end
+
+# namespace for SIMP CLI commands
+class Simp::Cli
+  VERSION = '1.0.12'
+
+  require 'optparse'
+  require 'simp/cli/lib/utils'
+
+  def self.menu
+    puts 'Usage: simp [command]'
+    puts
+    puts '  Commands'
+    @commands.keys.each do |command_name|
+      puts "    - #{command_name}"
+    end
+    puts '    - help [command]'
+    puts
+  end
+
+  def self.help  # <-- lol.
+    puts @opt_parser.to_s
+    puts
+  end
+
+  def self.run(*)
+    @opt_parser.parse!
+  end
+
+  private
+  def self.version
+    cmd = 'rpm -q simp'
+    begin
+      `#{cmd}`.split(/\n/).last.match(/([0-9]+\.[0-9]+\.?[0-9]*)/)[1]
+    rescue
+      msg = "Cannot find SIMP OS installation via `#{cmd}`!"
+      say '<%= color( "WARNING: ", BOLD, YELLOW ) %>' +
+          "<%= color( '#{msg}', YELLOW) %>"
+    end
+  end
+
+  def self.start
+    # load each command
+    commands_path = File.expand_path( 'cli/commands/*.rb', File.dirname(__FILE__) )
+
+    # load the commands from commands/*.rb and grab the classes that are simp commands
+    Dir.glob( commands_path ).sort_by(&:to_s).each do |command_file|
+      require command_file
+    end
+
+    @commands = {}
+    Simp::Cli::Commands::constants.each{ |constant|
+      obj = Simp::Cli::Commands.const_get(constant)
+      if obj.respond_to?(:superclass) and obj.superclass == Simp::Cli
+        @commands[constant.to_s.downcase] = obj
+      end
+    }
+    @commands['version'] = self
+
+    if ARGV.length == 0 or (ARGV.length == 1 and ARGV[0] == 'help')
+      menu
+    elsif ARGV[0] == 'version'
+      puts version
+    elsif ARGV[0] == 'help'
+      if (command = @commands[ARGV[1]]).nil?
+        puts "\n\033[31m#{ARGV[1]} is not a recognized command\033[39m\n\n"
+        menu
+      elsif ARGV[1] == 'version'
+        puts "Display the current version of SIMP."
+      else
+        command.help
+      end
+    elsif (command = @commands[ARGV[0]]).nil?
+      puts "\n\033[31m#{ARGV[0]} is not a recognized command\033[39m\n\n"
+      menu
+    else
+      begin
+        command.run(ARGV.drop(1))
+      rescue => e
+        puts "\n\033[31m#{e.message}\033[39m\n\n"
+        e.backtrace.first(10).each{|l| puts l }
+      end
+    end
+  end
+end

data/lib/simp/cli/commands/bootstrap.rb

@@ -0,0 +1,275 @@
+module Simp::Cli::Commands; end
+
+class Simp::Cli::Commands::Bootstrap < Simp::Cli
+  require 'pty'
+  require 'timeout'
+  require 'facter'
+
+  @verbose = false
+  @track = true
+  @opt_parser = OptionParser.new do |opts|
+    opts.banner = "\n === The SIMP Bootstrap Tool === "
+    opts.separator "\nThe SIMP Bootstrap Tool aids initial configuration of the system by"
+    opts.separator "bootstrapping it. This should be run after 'simp config' has applied a new"
+    opts.separator "system configuration."
+    opts.separator ""
+    opts.separator "Logging information about the run is written to ~/.simp/simp_bootstrap.log"
+    opts.separator ""
+    opts.separator "OPTIONS:\n"
+
+    opts.on("-v", "--[no-]verbose", "Enables/disables verbose mode. Prints out verbose information.") do |v|
+      @verbose = v
+    end
+
+    opts.on("-t", "--[no-]track", "Enables/disables the tracker. Default is enabled.") do |t|
+      @track = t
+    end
+
+    opts.on("-h", "--help", "Print out this message.") do
+      puts opts
+      exit
+    end
+  end
+
+
+  # Ensure the puppetserver is running ca on the specified port.
+  # Used ensure the puppetserver service is running.
+  def self.ensure_running(port = nil)
+    if port == nil
+      port = `puppet config print ca_port`.strip
+    end
+    begin
+      running = (%x{curl -sS --cert /var/lib/puppet/ssl/certs/`hostname`.pem --key /var/lib/puppet/ssl/private_keys/`hostname`.pem -k -H "Accept: s" https://localhost:#{port}/production/certificate_revocation_list/ca 2>&1} =~ /CRL/)
+      unless running
+        system('puppet resource service puppetserver ensure="running" enable=true > /dev/null 2>&1 &')
+        stages = %w{. o O @ *}
+        rest = 0.4
+        timeout = 5
+
+        Timeout::timeout(timeout*60) {
+          while not running do
+            running = (%x{curl -sS --cert /var/lib/puppet/ssl/certs/`hostname`.pem --key /var/lib/puppet/ssl/private_keys/`hostname`.pem -k -H "Accept: s" https://localhost:#{port}/production/certificate_revocation_list/ca 2>&1} =~ /CRL/)
+            stages.each{ |x|
+              $stdout.flush
+              print "Waiting for Puppet Server to Start  " + x + "\r"
+              sleep(rest)
+            }
+          end
+        }
+        $stdout.flush
+        puts
+      end
+    rescue Timeout::Error
+      fail("The Puppet Server did not start within #{timeout} minutes. Please start puppetserver by hand and inspect any issues.")
+    end
+  end
+
+  # Track a running process by following its STDOUT output
+  # Prints a '#' for each line of output
+  # returns -1 if error occured, otherwise the line count if PTY.spawn succeeded
+  def self.track_output(command, port = nil)
+    ensure_running(port)
+    successful = true
+
+    @logfile.print '#' * 80
+    @logfile.puts("\nStarting #{command}\n")
+
+    start_time = Time.now
+    linecount = 0
+    if @track
+      print 'Track => '
+      begin
+        ::PTY.spawn("#{command}") do |read, write, pid|
+          begin
+            read.each do |line|
+              print '#'
+              @logfile.puts(line)
+              linecount += 1
+            end
+          rescue Errno::EIO
+          end
+        end
+      rescue PTY::ChildExited => e
+        print '!!!'
+        @logfile.puts("Child exited unexpectedly:\n\t#{e.message}")
+        successful = false
+      rescue
+        # If we don't have a PTY, just run the command.
+        @logfile.puts "Running without a PTY!"
+        output = %x{#{command}}
+        @logfile.puts output
+        linecount = output.split("\n").length
+        successful = false if $? != 0
+      end
+    else # don't track
+      print "Running, please wait ... "
+      $stdout.flush
+      output = %x{#{command}}
+      @logfile.puts output
+      linecount = output.split("\n").length
+      successful = false if $? != 0
+    end
+    puts " Done!"
+    @logfile.puts("\n#{command} - Done!")
+    end_time = Time.now
+    puts "Duration of Puppet run: #{end_time - start_time} seconds" if @verbose
+    @logfile.puts("Duration of Puppet run: #{end_time - start_time} seconds")
+
+    return successful ? linecount : -1
+  end
+
+  def self.run(args = [])
+    super
+
+    bootstrap_start_time = Time.now
+
+    # Set us up to use the SIMP environment. Be careful to preserve the
+    # existing 'production' environment if one exists.
+    environment_path = '/etc/puppet/environments'
+    simp_env = "#{environment_path}/simp"
+
+    fail("Could not find the environment path at #{environment_path}") unless File.exist?(environment_path)
+
+    Dir.chdir(environment_path) do
+      fail("Could not find a 'simp' installation at #{simp_env}") unless File.exist?(simp_env)
+
+      if File.exist?('production')
+        if File.symlink?('production')
+          unless File.readlink('production') == 'simp'
+            FileUtils.mv('production',"pre_simp_production_#{bootstrap_start_time.to_i}")
+          end
+        else
+            FileUtils.mv('production',"pre_simp_production_#{bootstrap_start_time.to_i}")
+        end
+      end
+
+      FileUtils.ln_s('simp','production')
+    end
+
+    linecounts = Array.new
+
+    # Open log file
+    logfilepath = File.expand_path('~/.simp/simp_bootstrap.log')
+    FileUtils.mkpath(File.dirname(logfilepath)) unless File.exists?(logfilepath)
+    @logfile = File.open(logfilepath, 'w')
+
+    # Define the puppet command call and the run command options
+    pupcmd = "/usr/bin/puppet agent --pluginsync --onetime --no-daemonize --no-show_diff --verbose --no-splay --masterport=8150 --ca_port=8150"
+    pupruns = [
+      'pki,stunnel,concat',
+      'firstrun,concat',
+      'rsync,concat,apache,iptables',
+      'user',
+      'group'
+    ]
+
+    # Print intro
+    system('clear')
+    puts
+    puts "*** Starting SIMP Bootstrap ***"
+    puts "   If this runs quickly, something wrong happened. To debug the problem,"
+    puts "   run 'puppet agent --test' by hand or read the log. The log can be found"
+    puts "   at '#{@logfile.path}'."
+    puts
+
+    # Kill all puppet processes and stop specific services
+    puts "Killing all Puppet processes, httpd and removing Puppet ssl certs.\n\n" if @verbose
+    system("pkill -9 -f puppetmasterd >& /dev/null")
+    system("pkill -9 -f puppet >& /dev/null")
+    system('pkill -f pserver_tmp')
+    system("puppet resource service puppetserver ensure=stopped >& /dev/null")
+    system("puppet resource service httpd ensure=stopped >& /dev/null")
+    FileUtils.rm_rf(Dir.glob('/var/lib/puppet/ssl'))
+    FileUtils.rm_f(Dir.glob('/var/run/puppet/*'))
+    FileUtils.touch('/.autorelabel')
+
+    puts "*** Starting the Puppetmaster ***"
+    puts
+
+    FileUtils.mkdir_p('/var/lib/puppet/pserver_tmp')
+    FileUtils.chown('puppet','puppet','/var/lib/puppet/pserver_tmp')
+    system(%{puppet resource simp_file_line puppetserver path='/etc/sysconfig/puppetserver' match='^JAVA_ARGS' line='JAVA_ARGS="-Xms2g -Xmx2g -XX:MaxPermSize=256m -Djava.io.tmpdir=/var/lib/puppet/pserver_tmp"' 2>&1 > /dev/null})
+    system(%{puppet resource simp_file_line puppetserver path='/etc/puppetserver/conf.d/webserver.conf' match='^\\s*ssl-host' line='    ssl-host = 0.0.0.0' 2>&1 > /dev/null})
+    system(%{puppet resource simp_file_line puppetserver path='/etc/puppetserver/conf.d/webserver.conf' match='^\\s*ssl-port' line='    ssl-port = 8150' 2>&1 > /dev/null})
+
+    puts
+
+    puts "Beginning Puppet agent runs ..."
+    pupruns.each do |puprun|
+      puts "... with tag#{puprun.include?(',') ? 's' : ''} '#{puprun}'"
+      linecounts << track_output("#{pupcmd} --tags #{puprun} 2> /dev/null", '8150')
+    end
+
+    puts
+
+    if Facter.value(:selinux) && !Facter.value(:selinux_current_mode).nil? && (Facter.value(:selinux_current_mode) != "disabled")
+      puts 'Relabeling filesystem for selinux...'
+      @logfile.puts('Relabeling filesystem for selinux.')
+      system("fixfiles -f relabel >> #{@logfile.path} 2>&1")
+    end
+
+    puts "*** Running Puppet Finalization ***"
+    puts
+
+    # First run of puppet without tags will configure puppetserver, causing
+    # a refresh of the puppetserver service.
+    track_output("#{pupcmd}",'8150')
+
+    # From this point on, run puppet without specifying the masterport since
+    # puppetserver is configured.
+    pupcmd = "puppet agent --pluginsync --onetime --no-daemonize --no-show_diff --verbose --no-splay"
+
+    # Run puppet agent up to 3X to get slapd running (unless it already is)
+    # If this fails, LDAP is probably not configured right
+    i = 0
+    while (i < 3) && !system('/bin/ps -C slapd >& /dev/null') do
+      # No longer running puppet against 8150.
+      track_output("#{pupcmd}")
+      i = i + 1
+    end
+    if (i == 3) && $use_ldap
+      puts "   \033[1mWarning\033[0m: It does not look like LDAP was properly configured to start."
+      puts "   Please check your configuration."
+    else
+      # At this point, we should be connected to LDAP properly.
+      # Run puppet up to 3 additional times if we can't verify that we're actually connected!
+      j = 0
+      while (j < 3) && !system('getent group administrators') do
+        track_output("#{pupcmd}")
+        j = j + 1
+      end
+      if j == 3
+        puts "   \033[1mWarning\033[0m: Could not find the administrators group."
+        puts "   Please check your configuration."
+      end
+      puts "Puppet Finalization - Done!"
+    end
+
+    # Clean up the leftover puppetserver process (if any)
+    begin
+      pserver_proc = %x{netstat -tlpn}.split("\n").select{|x| x =~ /\d:8150/}
+      unless pserver_proc.empty?
+        pserver_pid = pserver_proc.first.split.last.split('/').first.to_i
+        Process.kill('KILL',pserver_pid)
+      end
+    rescue Exception => e
+      puts e
+      puts "The Puppet Server process running on port 8150 could not be killed. Please check your configuration!"
+    end
+
+    # Print closing banner
+    puts
+    puts "*** SIMP Bootstrap Complete! ***"
+    puts "Duration of complete bootstrap: #{Time.now - bootstrap_start_time} seconds" if @verbose
+
+    if !system('ps -C httpd 2>&1 > /dev/null') && (linecounts.include?(-1) || (linecounts.uniq.length < linecounts.length))
+      puts "   \033[1mWarning\033[0m: Primitive checks indicate there may have been issues."
+      puts "   Check '#{@logfile.path}' for details."
+      puts "   Please run 'puppet agent -t' by hand to debug your configuration."
+    else
+      puts
+      puts "You should \033[1mreboot\033[0m your system to ensure consistency at this point."
+    end
+    puts
+  end
+end