smart_proxy_remote_execution_ssh_core 0.0.13

data/README.md

@@ -0,0 +1,57 @@
+[![Build Status](https://img.shields.io/jenkins/s/http/ci.theforeman.org/test_plugin_smart_proxy_remote_execution_ssh_master.svg)](http://ci.theforeman.org/job/test_plugin_smart_proxy_remote_execution_ssh_master)
+[![Gem Version](https://img.shields.io/gem/v/smart_proxy_remote_execution_ssh.svg)](https://rubygems.org/gems/smart_proxy_remote_execution_ssh)
+[![Code Climate](https://codeclimate.com/github/theforeman/smart_proxy_remote_execution_ssh/badges/gpa.svg)](https://codeclimate.com/github/theforeman/smart_proxy_remote_execution_ssh)
+[![GPL License](https://img.shields.io/github/license/theforeman/smart_proxy_remote_execution_ssh.svg)](https://github.com/theforeman/smart_proxy_remote_execution_ssh/blob/master/LICENSE)
+
+# Smart-proxy Ssh plugin 
+
+This a plugin for foreman smart-proxy allowing using ssh for the
+[remote execution](http://theforeman.github.io/foreman_remote_execution/)
+
+## Installation
+
+Add this line to your smart proxy bundler.d/ssh.rb gemfile:
+
+```ruby
+gem 'smart_proxy_dynflow', :git => 'https://github.com/iNecas/smart_proxy_dynflow.git'
+gem 'smart_proxy_ssh', :git => 'https://github.com/iNecas/smart_proxy_ssh.git'
+```
+
+Enable the plugins in your smart proxy:
+
+```bash
+cat > config/settings.d/dynflow.yml <<EOF
+---
+:enabled: true
+EOF
+
+cat > config/settings.d/remote_execution_ssh.yml <<EOF
+---
+:enabled: true
+EOF
+```
+
+Install the dependencies
+
+    $ bundle
+
+## Usage
+
+To configure this plugin you can use template from settings.d/remote_execution_ssh.yml.example.
+You must place remote_execution_ssh.yml config file (based on this template) to your
+smart-proxy config/settings.d/ directory.
+
+Also, you need to have the `dynflow` plugin enabled to be able to
+trigger the tasks.
+
+The simplest thing one can do is just to trigger a command:
+
+```
+curl http://my-proxy.example.com:9292/dynflow/tasks \
+      -X POST -H 'Content-Type: application/json'\
+      -d '{"action_name":  "Proxy::RemoteExecution::Ssh::CommandAction",
+           "action_input": {"task_id" : "1234'$RANDOM'",
+                            "script": "/usr/bin/ls",
+                            "hostname": "localhost",
+                            "effective_user": "root"}}'
+```

data/bundler.d/Gemfile.local.rb

@@ -0,0 +1 @@
+gem 'pry'

data/bundler.d/remote_execution_ssh.rb

@@ -0,0 +1 @@
+gem 'smart_proxy_remote_execution_ssh'

data/lib/smart_proxy_remote_execution_ssh_core.rb

@@ -0,0 +1,49 @@
+require 'smart_proxy_remote_execution_ssh_core/settings'
+require 'smart_proxy_remote_execution_ssh_core/version'
+require 'smart_proxy_dynflow_core'
+require 'smart_proxy_remote_execution_ssh_core/command_action'
+require 'smart_proxy_remote_execution_ssh_core/command_update'
+require 'smart_proxy_remote_execution_ssh_core/connector'
+require 'smart_proxy_remote_execution_ssh_core/dispatcher'
+require 'smart_proxy_remote_execution_ssh_core/session'
+
+module Proxy
+  module RemoteExecution
+    module Ssh
+      class << self
+        def initialize
+          unless private_key_file
+            raise "settings for `ssh_identity_key` not set"
+          end
+
+          unless File.exist?(private_key_file)
+            raise "Ssh public key file #{private_key_file} doesn't exist.\n"\
+              "You can generate one with `ssh-keygen -t rsa -b 4096 -f #{private_key_file} -N ''`"
+          end
+
+          unless File.exist?(public_key_file)
+            raise "Ssh public key file #{public_key_file} doesn't exist"
+          end
+
+          @dispatcher = Proxy::RemoteExecution::Ssh::Dispatcher.spawn('proxy-ssh-dispatcher',
+                                                                      :clock  => SmartProxyDynflowCore::Core.instance.world.clock,
+                                                                      :logger => SmartProxyDynflowCore::Core.instance.world.logger)
+        end
+
+        def dispatcher
+          @dispatcher || initialize
+        end
+
+        def private_key_file
+          File.expand_path(Settings.instance.ssh_identity_key_file)
+        end
+
+        def public_key_file
+          File.expand_path("#{private_key_file}.pub")
+        end
+      end
+    end
+  end
+end
+
+SmartProxyDynflowCore::Core.after_initialize { Proxy::RemoteExecution::Ssh.initialize }

data/lib/smart_proxy_remote_execution_ssh_core/command_action.rb

@@ -0,0 +1,86 @@
+module Proxy
+  module RemoteExecution
+    module Ssh
+      class CommandAction < ::Dynflow::Action
+        include Dynflow::Action::Cancellable
+        include ::SmartProxyDynflowCore::Callback::PlanHelper
+
+        def plan(input)
+          if callback = input['callback']
+            input[:task_id] = callback['task_id']
+          else
+            input[:task_id] ||= SecureRandom.uuid
+          end
+          plan_with_callback(input)
+        end
+
+        def run(event = nil)
+          case event
+          when nil
+            init_run
+          when CommandUpdate
+            process_update(event)
+          when Dynflow::Action::Cancellable::Cancel
+            kill_run
+          when Dynflow::Action::Skip
+            # do nothing
+          else
+            raise "Unexpected event #{event.inspect}"
+          end
+        rescue => e
+          action_logger.error(e)
+          process_update(CommandUpdate.new(CommandUpdate.encode_exception("Proxy error", e)))
+        end
+
+        def finalize
+          # To mark the task as a whole as failed
+          error! "Script execution failed" if failed_run?
+        end
+
+        def rescue_strategy_for_self
+          Dynflow::Action::Rescue::Skip
+        end
+
+        def command
+          @command ||= Dispatcher::Command.new(:id                    => input[:task_id],
+                                               :host                  => input[:hostname],
+                                               :ssh_user              => input[:ssh_user] || 'root',
+                                               :effective_user        => input[:effective_user],
+                                               :script                => input[:script],
+                                               :effective_user_method => input[:effective_user_method],
+                                               :host_public_key       => input[:host_public_key],
+                                               :verify_host           => input[:verify_host],
+                                               :suspended_action      => suspended_action)
+        end
+
+        def init_run
+          output[:result] = []
+          Proxy::RemoteExecution::Ssh.dispatcher.tell([:initialize_command, command])
+          suspend
+        end
+
+        def kill_run
+          Proxy::RemoteExecution::Ssh.dispatcher.tell([:kill, command])
+          suspend
+        end
+
+        def finish_run(update)
+          output[:exit_status] = update.exit_status
+        end
+
+        def process_update(update)
+          output[:result].concat(update.buffer_to_hash)
+          if update.exit_status
+            finish_run(update)
+          else
+            suspend
+          end
+        end
+
+        def failed_run?
+          output[:exit_status] != 0
+        end
+      end
+    end
+  end
+end

data/lib/smart_proxy_remote_execution_ssh_core/command_update.rb

@@ -0,0 +1,78 @@
+module Proxy
+  module RemoteExecution
+    module Ssh
+      # update sent back to the suspended action
+      class CommandUpdate
+        attr_reader :buffer, :exit_status
+
+        def initialize(buffer)
+          @buffer = buffer
+          extract_exit_status
+        end
+
+        def extract_exit_status
+          @buffer.delete_if do |data|
+            if data.is_a? StatusData
+              @exit_status = data.data
+              true
+            end
+          end
+        end
+
+        def buffer_to_hash
+          buffer.map(&:to_hash)
+        end
+
+        def self.encode_exception(description, exception, fatal = true)
+          ret = [DebugData.new("#{description}\n#{exception.class} #{exception.message}")]
+          ret << StatusData.new('EXCEPTION') if fatal
+          return ret
+        end
+
+        class Data
+          attr_reader :data, :timestamp
+
+          def initialize(data, timestamp = Time.now)
+            @data = data
+            @data = @data.force_encoding('UTF-8') if @data.is_a? String
+            @timestamp = timestamp
+          end
+
+          def data_type
+            raise NotImplemented
+          end
+
+          def to_hash
+            { :output_type => data_type,
+              :output => data,
+              :timestamp => timestamp.to_f }
+          end
+        end
+
+        class StdoutData < Data
+          def data_type
+            :stdout
+          end
+        end
+
+        class StderrData < Data
+          def data_type
+            :stderr
+          end
+        end
+
+        class DebugData < Data
+          def data_type
+            :debug
+          end
+        end
+
+        class StatusData < Data
+          def data_type
+            :status
+          end
+        end
+      end
+    end
+  end
+end

data/lib/smart_proxy_remote_execution_ssh_core/connector.rb

@@ -0,0 +1,151 @@
+require 'net/ssh'
+require 'net/scp'
+
+module Proxy
+  module RemoteExecution
+    module Ssh
+      # Service that handles running external commands for Actions::Command
+      # Dynflow action. It runs just one (actor) thread for all the commands
+      # running in the system and updates the Dynflow actions periodically.
+      class Connector
+        MAX_PROCESS_RETRIES = 3
+
+        def initialize(host, user, options = {})
+          @host = host
+          @user = user
+          @logger = options[:logger] || Logger.new($stderr)
+          @client_private_key_file = options[:client_private_key_file]
+          @known_hosts_file = options[:known_hosts_file]
+        end
+
+        # Initiates run of the remote command and yields the data when
+        # available. The yielding doesn't happen automatically, but as
+        # part of calling the `refresh` method.
+        def async_run(command)
+          started = false
+          session.open_channel do |channel|
+            channel.request_pty
+
+            channel.on_data { |ch, data| yield CommandUpdate::StdoutData.new(data) }
+
+            channel.on_extended_data { |ch, type, data| yield CommandUpdate::StderrData.new(data) }
+
+            # standard exit of the command
+            channel.on_request("exit-status") { |ch, data| yield CommandUpdate::StatusData.new(data.read_long) }
+
+            # on signal: sedning the signal value (such as 'TERM')
+            channel.on_request("exit-signal") do |ch, data|
+              yield(CommandUpdate::StatusData.new(data.read_string))
+              ch.close
+              # wait for the channel to finish so that we know at the end
+              # that the session is inactive
+              ch.wait
+            end
+
+            channel.exec(command) do |ch, success|
+              started = true
+              unless success
+                CommandUpdate.encode_exception("Error initializing command #{command}", e).each do |data|
+                  yield data
+                end
+              end
+            end
+          end
+          session.process(0) until started
+          return true
+        end
+
+        def run(command)
+          output = ""
+          exit_status = nil
+          channel = session.open_channel do |ch|
+            ch.on_data { |data| output.concat(data) }
+
+            ch.on_extended_data { |_, _, data| output.concat(data) }
+
+            ch.on_request("exit-status") { |_, data| exit_status = data.read_long }
+
+            # on signal: sedning the signal value (such as 'TERM')
+            ch.on_request("exit-signal") do |_, data|
+              exit_status = data.read_string
+              ch.close
+              ch.wait
+            end
+
+            ch.exec command do |_, success|
+              raise "could not execute command" unless success
+            end
+          end
+          channel.wait
+          return exit_status, output
+        end
+
+        # calls the callback registered in the `async_run` when some data
+        # for the session are available
+        def refresh
+          return if @session.nil?
+          tries = 0
+          begin
+            session.process(0)
+          rescue Net::SSH::Disconnect => e
+            session.shutdown!
+            raise e
+          rescue => e
+            @logger.error("Error while processing ssh channel: #{e.class} #{e.message}\n #{e.backtrace.join("\n")}")
+            tries += 1
+            if tries <= MAX_PROCESS_RETRIES
+              retry
+            else
+              raise e
+            end
+          end
+        end
+
+        def upload_file(local_path, remote_path)
+          ensure_remote_directory(File.dirname(remote_path))
+          scp = Net::SCP.new(session)
+          upload_channel = scp.upload(local_path, remote_path)
+          upload_channel.wait
+        ensure
+          if upload_channel
+            upload_channel.close
+            upload_channel.wait
+          end
+        end
+
+        def ensure_remote_directory(path)
+          exit_code, output = run("mkdir -p #{path}")
+          if exit_code != 0
+            raise "Unable to create directory on remote system #{path}: exit code: #{exit_code}\n #{output}"
+          end
+        end
+
+        def close
+          @logger.debug("closing session to #{@user}@#{@host}")
+          @session.close unless @session.nil? || @session.closed?
+        end
+
+        private
+
+        def session
+          @session ||= begin
+                         @logger.debug("opening session to #{@user}@#{@host}")
+                         Net::SSH.start(@host, @user, ssh_options)
+                       end
+        end
+
+        def ssh_options
+          ssh_options = {}
+          ssh_options[:keys] = [@client_private_key_file] if @client_private_key_file
+          ssh_options[:user_known_hosts_file] = @known_hosts_file if @known_hosts_file
+          ssh_options[:keys_only] = true
+          # if the host public key is contained in the known_hosts_file,
+          # verify it, otherwise, if missing, import it and continue
+          ssh_options[:paranoid] = true
+          ssh_options[:auth_methods] = ["publickey"]
+          return ssh_options
+        end
+      end
+    end
+  end
+end

data/lib/smart_proxy_remote_execution_ssh_core/dispatcher.rb

@@ -0,0 +1,97 @@
+require 'smart_proxy_remote_execution_ssh_core/session'
+
+module Proxy
+  module RemoteExecution
+    module Ssh
+      # Service that handles running external commands for Actions::Command
+      # Dynflow action. It runs just one (actor) thread for all the commands
+      # running in the system and updates the Dynflow actions periodically.
+      class Dispatcher < ::Dynflow::Actor
+        # command comming from action
+        class Command
+          attr_reader :id, :host, :ssh_user, :effective_user, :effective_user_method, :script, :host_public_key, :suspended_action
+
+          def initialize(data)
+            validate!(data)
+
+            @id                    = data[:id]
+            @host                  = data[:host]
+            @ssh_user              = data[:ssh_user]
+            @effective_user        = data[:effective_user]
+            @effective_user_method = data[:effective_user_method] || 'su'
+            @script                = data[:script]
+            @host_public_key       = data[:host_public_key]
+            @suspended_action      = data[:suspended_action]
+          end
+
+          def validate!(data)
+            required_fields = [:id, :host, :ssh_user, :script, :suspended_action]
+            missing_fields = required_fields.find_all { |f| !data[f] }
+            raise ArgumentError, "Missing fields: #{missing_fields}" unless missing_fields.empty?
+          end
+        end
+
+        def initialize(options = {})
+          @clock                   = options[:clock] || Dynflow::Clock.spawn('proxy-dispatcher-clock')
+          @logger                  = options[:logger] || Logger.new($stderr)
+
+          @session_args = { :logger => @logger,
+                            :clock => @clock,
+                            :connector_class => options[:connector_class] || Connector,
+                            :local_working_dir => options[:local_working_dir] || Settings.instance.local_working_dir,
+                            :remote_working_dir => options[:remote_working_dir] || Settings.instance.remote_working_dir,
+                            :client_private_key_file => Settings.instance.ssh_identity_key_file,
+                            :refresh_interval => options[:refresh_interval] || 1 }
+
+          @sessions = {}
+        end
+
+        def initialize_command(command)
+          @logger.debug("initalizing command [#{command}]")
+          open_session(command)
+        rescue => exception
+          handle_command_exception(command, exception)
+        end
+
+        def kill(command)
+          @logger.debug("killing command [#{command}]")
+          session = @sessions[command.id]
+          session.tell(:kill) if session
+        rescue => exception
+          handle_command_exception(command, exception, false)
+        end
+
+        def finish_command(command)
+          close_session(command)
+        rescue => exception
+          handle_command_exception(command, exception)
+        end
+
+        private
+
+        def handle_command_exception(command, exception, fatal = true)
+          @logger.error("error while dispatching command #{command} to session:"\
+                        "#{exception.class} #{exception.message}:\n #{exception.backtrace.join("\n")}")
+          command_data = CommandUpdate.encode_exception("Failed to dispatch the command", exception, fatal)
+          command.suspended_action << CommandUpdate.new(command_data)
+          close_session(command) if fatal
+        end
+
+        def open_session(command)
+          raise "Session already opened for command #{command}" if @sessions[command.id]
+          options = { :name => "proxy-ssh-session-#{command.host}-#{command.ssh_user}-#{command.id}",
+                      :args => [@session_args.merge(:command => command)],
+                      :supervise => true }
+          @sessions[command.id] = Proxy::RemoteExecution::Ssh::Session.spawn(options)
+        end
+
+        def close_session(command)
+          session = @sessions.delete(command.id)
+          return unless session
+          @logger.debug("closing session for command [#{command}], #{@sessions.size} session(s) left ")
+          session.tell([:start_termination, Concurrent.future])
+        end
+      end
+    end
+  end
+end