simp-cli 1.0.12

data/lib/simp/cli/config/item/add_ldap_to_hiera.rb

@@ -0,0 +1,43 @@
+require "resolv"
+require File.expand_path( '../item', File.dirname(__FILE__) )
+require File.expand_path( '../utils', File.dirname(__FILE__) )
+
+module Simp; end
+class Simp::Cli; end
+module Simp::Cli::Config
+  class Item::AddLdapToHiera < ActionItem
+    attr_accessor :dir
+
+    def initialize
+      super
+      @key         = 'puppet::add_ldap_to_hiera'
+      @description = %Q{Adds simp::ldap_server to hieradata/hosts/puppet.your.domain.yaml (apply-only; noop).}
+      @dir         = "/etc/puppet/environments/simp/hieradata/hosts"
+      @file        = nil
+    end
+
+    def apply
+      success = true
+      fqdn    = @config_items.fetch( 'hostname' ).value
+      file    = File.join( @dir, "#{fqdn}.yaml")
+
+      say_green 'Adding simp::ldap_server to the <domain>.yaml file' if !@silent
+
+      if File.exists?(file)
+        success = true
+        yaml = File.open(file, "a") do |f|
+          f.puts "  - 'simp::ldap_server'"
+        end
+      else
+        success = false
+        say_yellow "WARNING: file not found: #{file}"
+      end
+      success
+    end
+
+
+    def contains_ldap?( line )
+      (line =~ /^\s*-\s+(([a-z_:'"]*::)*(open)*ldap|(open)*ldap[a-z_:'"]*)/m) ? true : false
+    end
+  end
+end

data/lib/simp/cli/config/item/answers_yaml_file_writer.rb

@@ -0,0 +1,58 @@
+require "resolv"
+require 'highline/import'
+require File.expand_path( '../item', File.dirname(__FILE__) )
+require File.expand_path( '../utils', File.dirname(__FILE__) )
+
+module Simp; end
+class Simp::Cli; end
+module Simp::Cli::Config
+  class Item::AnswersYAMLFileWriter < ActionItem
+    attr_accessor :file, :backup_old_file
+
+    def initialize
+      super
+      @key             = 'yaml::file_writer'
+      @description     = %Q{Writes Config::Item answers so far to YAML file (apply-only; noop).}
+      @file            = '/etc/puppet/environments/simp/hieradata/simp_def.yaml'
+      @backup_old_file = false
+    end
+
+
+    # prints an answers file to an iostream
+    def print_answers_yaml( iostream, answers )
+      iostream.puts "#======================================="
+      iostream.puts "# simp config answers"
+      iostream.puts "#"
+      iostream.puts "# generated on #{Time.now.to_s}"
+      iostream.puts "#---------------------------------------"
+      iostream.puts "# you can use these answers to quickly configure subsequent simp installations
+                     # by running the command:
+                     #
+                     #   simp config -a /PATH/TO/THIS/FILE
+                     #
+                     # simp config will prompt for any missing items
+                     ".gsub(/^\s+/, '').strip
+      iostream.puts "#======================================="
+      iostream.puts "---"
+      answers.each do |k,v|
+        if yaml = v.to_yaml_s  # filter out nil results (for ruby 1.8)
+          iostream.puts yaml
+          iostream.puts
+        end
+      end
+    end
+
+
+    # write a file
+    def write_answers_yaml_file( file, answers )
+      say_green "Writing answers to: #{file}" if !@silent
+      FileUtils.mkdir_p( File.dirname( file ) )
+      File.open( file, 'w' ){ |fh| print_answers_yaml( fh, answers ) }
+    end
+
+
+    def apply
+      write_answers_yaml_file( @file, @config_items ) if @config_items.size > 0
+    end
+  end
+end

data/lib/simp/cli/config/item/certificates.rb

@@ -0,0 +1,39 @@
+require "resolv"
+require 'highline/import'
+require File.expand_path( '../item',  File.dirname(__FILE__) )
+require File.expand_path( '../utils', File.dirname(__FILE__) )
+
+module Simp; end
+class Simp::Cli; end
+module Simp::Cli::Config
+  class Item::Certificates < ActionItem
+    attr_accessor :dirs
+    def initialize
+      super
+      @key         = 'certificates'
+      @description = %Q{Sets up the cerificates for SIMP on apply. (apply-only; noop)}
+      @dirs        = {
+        :keydist => '/etc/puppet/environments/simp/keydist',
+        :fake_ca => '/etc/puppet/environments/simp/FakeCA',
+      }
+      @die_on_apply_fail = true
+    end
+
+
+    def apply
+      # Certificate Management
+      say_green 'Checking system certificates...' if !@silent
+      hostname = @config_items.fetch( 'hostname' ).value
+
+      if !(
+        File.exist?("#{@dirs[:keydist]}/#{hostname}/#{hostname}.pub") &&
+        File.exist?("#{@dirs[:fake_ca]}/#{hostname}/#{hostname}.pem")
+      )
+        say_green "INFO: No certificates were found for '#{hostname}, generating..." if !@silent
+        Simp::Cli::Config::Utils.generate_certificates([hostname], @dirs[:fake_ca])
+      else
+        say_yellow "WARNING: Found existing certificates for #{hostname}, not recreating" if !@silent
+      end
+    end
+  end
+end

data/lib/simp/cli/config/item/client_nets.rb

@@ -0,0 +1,65 @@
+require 'ipaddr'
+require 'highline/import'
+require File.expand_path( '../item', File.dirname(__FILE__) )
+
+module Simp; end
+class Simp::Cli; end
+module Simp::Cli::Config
+  class Item::ClientNets < ListItem
+    def initialize
+      super
+      @key         = 'client_nets'
+      @description = %Q{
+        A list of client networks for your systems, in CIDR notation.
+        If you need this to be more (or less) restrictive for a given class,
+        you can override it in Hiera.}.gsub(/^\s+/, '' )
+      @allow_empty_list = false
+    end
+
+    def os_value
+      # NOTE: the logic that would normally go here is in recommended_value
+      # client_nets is an administrative concept, not an os configuration
+      nil
+    end
+
+    # infer base network/CIDR values from IP/netmask
+    def recommended_value
+      begin
+        address = @config_items.fetch('ipaddress').value
+        nm      = @config_items.fetch('netmask').value
+      rescue IndexError => e
+        say_yellow("WARNING: #{e}") if !@silent
+        return nil
+      end
+
+      # snarfed from:
+      #   http://stackoverflow.com/questions/1825928/netmask-to-cidr-in-ruby
+      subnet = IPAddr.new( nm ).to_i.to_s( 2 ).count('1')
+
+      mucky_cidr = "#{address}/#{subnet}"
+      cidr = "#{ IPAddr.new( mucky_cidr ).to_range.first.to_s}/#{subnet}"
+
+      [ cidr ]
+    end
+
+    # validate subnet
+    def validate_item( net )
+      ### warn "'#{net}' doesn't end like a CIDR";
+      return false if net !~ %r{/\d+$}
+
+      ### warn "list item '#{net}' is not in proper CIDR notation";
+      return false if net.split('/').size > 2
+
+      subnet,cidr = net.split('/')
+
+      # NOTE: if we support IPv6, we should redo netmask & validations
+      ### warn "subnet '#{subnet}' is not a valid IP!";
+      return false if !((subnet =~ Resolv::IPv4::Regex) || (subnet =~ Resolv::IPv6::Regex))
+
+      ### warn "/#{cidr} is not a valid CIDR suffix";
+      return false if !(cidr.to_i >= 0 && cidr.to_i <= 32)
+
+      true
+    end
+  end
+end

data/lib/simp/cli/config/item/common_runlevel_default.rb

@@ -0,0 +1,32 @@
+require 'highline/import'
+require File.expand_path( '../item', File.dirname(__FILE__) )
+require File.expand_path( '../utils', File.dirname(__FILE__) )
+
+module Simp; end
+class Simp::Cli; end
+module Simp::Cli::Config
+  class Item::CommonRunLevelDefault < Item
+    def initialize
+      super
+      @key         = 'common::runlevel'
+      @description = %Q{The default system runlevel (1-5).}
+    end
+
+    def validate( x )
+      (x.to_s =~ /\A[1-5]\Z/) ? true : false
+    end
+
+    def not_valid_message
+      'Must be a number between 1 and 5'
+    end
+
+    def os_value
+      # FIXME: Facter fact
+      %x{runlevel | awk '{print $2}'}.strip
+    end
+
+    def recommended_value
+      '3'
+    end
+  end
+end

data/lib/simp/cli/config/item/dns_search.rb

@@ -0,0 +1,48 @@
+require 'highline/import'
+require File.expand_path( '../item', File.dirname(__FILE__) )
+require File.expand_path( '../utils', File.dirname(__FILE__) )
+
+module Simp; end
+class Simp::Cli; end
+module Simp::Cli::Config
+  class Item::DNSSearch < ListItem
+    attr_accessor :file
+    def initialize
+      super
+      @key         = 'dns::search'
+      @description = %Q{The DNS domain search string.\nRemember to put these in the appropriate order for your environment!}
+      @file        = '/etc/resolv.conf'
+    end
+
+    def os_value
+      # TODO: make this a custom fact?
+      # NOTE: the resolver only uses the last of multiple search declarations
+      File.readlines( @file ).select{ |x| x =~ /^search\s+/ }.last.to_s.gsub( /\bsearch\s+/, '').split( /\s+/ )
+    end
+
+    # recommend:
+    #   - os_value  when present, or:
+    #   - ipaddress when present, or:
+    #   - a must-change value
+    def recommended_value
+      os = os_value
+      if os.empty?
+        if fqdn = @config_items.fetch( 'hostname', nil )
+          [fqdn.value.split('.')[1..-1].join('.')]
+        else
+          ['domain.name (change this)']
+        end
+      else
+        os
+      end
+    end
+
+    # Each item must be a valid dns domain
+    # TODO: def validate should notice if the search string will contain > 6
+    # items or 256 chars
+    def validate_item item
+      # return false if !fqdn.is_a? String
+      Simp::Cli::Config::Utils.validate_fqdn item
+    end
+  end
+end

data/lib/simp/cli/config/item/dns_servers.rb

@@ -0,0 +1,57 @@
+require 'highline/import'
+require File.expand_path( '../item', File.dirname(__FILE__) )
+require File.expand_path( '../utils', File.dirname(__FILE__) )
+
+module Simp; end
+class Simp::Cli; end
+module Simp::Cli::Config
+  class Item::DNSServers < ListItem
+    attr_accessor :file
+    def initialize
+      super
+      @key         = 'dns::servers'
+      @description = %Q{A list of DNS servers for the managed hosts.
+
+        If the first entry of this list is set to '127.0.0.1', then
+        all clients will configure themselves as caching DNS servers
+        pointing to the other entries in the list.
+
+        If you have a system that's including the 'named' class and
+        is *not* in this list, then you'll need to set a variable at
+        the top of that node entry called $named_server to 'true'.
+        This will get around the convenience logic that was put in
+        place to handle the caching entries and will not attempt to
+        convert your system to a caching DNS server. You'll know
+        that you have this situation if you end up with a duplicate
+        definition for File['/etc/named.conf'].}.gsub(/^ +/, '')
+      @file = '/etc/resolv.conf'
+    end
+
+    def os_value
+      # TODO: make this a custom fact?
+      File.readlines( @file ).select{ |x| x =~ /^nameserver\s+/ }.map{ |x| x.gsub( /nameserver\s+(.*)\s*/, '\\1' ) }
+    end
+
+    # recommend:
+    #   - os_value  when present, or:
+    #   - ipaddress when present, or:
+    #   - a must-change value
+    def recommended_value
+      os = os_value
+      if os.empty?
+        if ip = @config_items.fetch( 'ipaddress', nil )
+          [ip.value]
+        else
+          ['8.8.8.8 (change this)']
+        end
+      else
+        os
+      end
+    end
+
+    # Each DNS server should be a valid IP address
+    def validate_item item
+      Simp::Cli::Config::Utils.validate_ip item
+    end
+  end
+end

data/lib/simp/cli/config/item/failover_log_servers.rb

@@ -0,0 +1,27 @@
+require "resolv"
+require 'highline/import'
+require File.expand_path( '../item',  File.dirname(__FILE__) )
+require File.expand_path( '../utils', File.dirname(__FILE__) )
+
+module Simp; end
+class Simp::Cli; end
+module Simp::Cli::Config
+  class Item::FailoverLogServers < ListItem
+    def initialize
+      super
+      @key         = 'failover_log_servers'
+      @description = 'Failover log server(s) in case your log servers(s) fail.'
+      @allow_empty_list = true
+    end
+
+    def os_value
+      nil
+    end
+
+    def validate_item item
+      ( Simp::Cli::Config::Utils.validate_hostname( item ) ||
+        Simp::Cli::Config::Utils.validate_fqdn( item ) ||
+        Simp::Cli::Config::Utils.validate_ip( item ) )
+    end
+  end
+end

data/lib/simp/cli/config/item/gateway.rb

@@ -0,0 +1,32 @@
+require File.expand_path( '../item', File.dirname(__FILE__) )
+require File.expand_path( '../utils', File.dirname(__FILE__) )
+
+module Simp; end
+class Simp::Cli; end
+module Simp::Cli::Config
+  class Item::Gateway < Item
+    def initialize
+      super
+      @key         = 'gateway'
+      @description = 'The default gateway.'
+      @__warning   = false
+    end
+
+
+    # FIXME: make this a custom Fact?
+    def os_value
+      `ip route show` =~ /default\s*via\s*(.*)\s*dev/
+      (($1 && $1.strip) || nil)
+    end
+
+
+    # Always recommend the default Gateway
+    # TODO IDEA: recommend the primary nic's gateway?
+    def recommended_value; os_value; end
+
+
+    def validate( x )
+      Simp::Cli::Config::Utils.validate_ip x
+    end
+  end
+end

data/lib/simp/cli/config/item/grub_password.rb

@@ -0,0 +1,51 @@
+require 'highline/import'
+require File.expand_path( '../item', File.dirname(__FILE__) )
+require File.expand_path( '../utils', File.dirname(__FILE__) )
+
+module Simp; end
+class Simp::Cli; end
+
+
+# NOTE: EL used GRUB 0.9 up through EL6. EL7 moved to Grub 2.0
+# NOTE: The two versions of GRUB use completely different configurations (files, encryption commands, etc)
+module Simp::Cli::Config
+  class Item::GrubPassword < PasswordItem
+    include Simp::Cli::Config::SafeApplying
+
+    def initialize
+      super
+      @key         = 'grub::password'
+      @description = %Q{The password to access GRUB}
+    end
+
+
+    def validate string
+      !string.to_s.strip.empty? && super
+    end
+
+
+    def encrypt string
+      result   = nil
+      password = string
+      if Facter.value('lsbmajdistrelease') > '6'
+        result = `grub2-mkpasswd-pbkdf2 <<EOM\n#{password}\n#{password}\nEOM`.split.last
+      else
+        require 'digest/sha2'
+        salt   = rand(36**8).to_s(36)
+        result = password.crypt("$6$" + salt)
+      end
+      result
+    end
+
+
+    def apply
+      if Facter.value('lsbmajdistrelease') > "6" then
+        # TODO: beg team hercules to make a augeas provider for grub2 passwords?
+        `sed -i 's/password_pbkdf2 root.*$/password_pbkdf2 root #{@value}/' /etc/grub.d/01_users`
+        `grub2-mkconfig -o /etc/grub2.cfg`
+      else
+        `sed -i '/password/ c\password --encrypted #{@value}' /boot/grub/grub.conf`
+      end
+    end
+  end
+end