ucmt 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 2e407946f8dd4efc496b4232ae162ba9dc1bedb0bb9e530a0ba50d216d33f019
+  data.tar.gz: fb13b4a84d0452f2458bda86a950f4cd674e76e83662eaa4fdeed3aefbd912d9
+SHA512:
+  metadata.gz: db9af1c0b72d1154028c1de3789aeae0f3b940754ca5c2285cf34b115fa3f511c2c9472ca75ccd5a8daf3be466d0762d286f6ba387fade942f7a45258c35e653
+  data.tar.gz: 0c7dec652069964770fd42b06e3b65a240642a905d308370da4809efa68dd5e7907daa4135607cfb96aa10fc89e5313a78e47b14065a6e6925c23896a671255a

data/bin/ucmt

@@ -0,0 +1,36 @@
+#! /usr/bin/ruby
+
+require 'optimist'
+require "cheetah"
+
+bin_dirs = ENV["PATH"].split(":")
+commands = bin_dirs.each_with_object([]) do |dir, res|
+  Dir["#{dir}/ucmt-*"].each do |cmd|
+    res << File.basename(cmd).delete_prefix("ucmt-")
+  end
+end
+
+commands.uniq!
+commands.sort!
+
+opts = Optimist.options do
+  opt :list_commands, "List all available commands"
+  stop_on commands
+end
+
+if opts[:list_commands]
+  puts "Avaible commands:"
+  commands.each do |cmd|
+    help = Cheetah.run("ucmt-#{cmd}", "--help", stdout: :capture).lines.first.chomp
+    puts "#{cmd}\t#{help}"
+  end
+
+  exit 0
+end
+
+Optimist::educate if ARGV.empty?
+Optimist::die "Unknown command '#{ARGV.first}'" unless commands.include?(ARGV.first)
+
+cmd = ARGV.shift
+ARGV.unshift("ucmt-#{cmd}")
+exec(*ARGV)

data/bin/ucmt-ansible

@@ -0,0 +1,38 @@
+#! /usr/bin/ruby
+
+require "yaml"
+
+require "ucmt/ansible"
+require 'optimist'
+opts = Optimist::options do
+  banner "Ansible backend to write salt configuration from UCMT configuration, run it or dry run it."
+  opt :config, "Create salt configuration from ucmt configuration. Can be passed also as STDIN.", type: String
+  opt :ansible_directory, "Where to write respective read states.yml", type: String, default: "~/"
+  opt :dry_run, "Just prints state and what actions will be applied"
+  opt :apply, "Apply configuration to system"
+end
+Optimist::die :apply, "Cannot have apply and dry_run together" if opts[:dry_run] && opts[:apply]
+
+if opts[:config]
+  data = YAML.load_file(opts[:config])
+else
+  stdin = STDIN.tty? ? nil : STDIN.read
+  data = YAML.load(stdin) if stdin && !stdin.empty?
+end
+
+ansible = UCMT::Ansible.new(File.expand_path(opts[:ansible_directory]))
+nocmd = true
+if data
+  ansible.write(data)
+  nocmd = false
+end
+if opts[:dry_run]
+  ansible.dry_run
+  nocmd = false
+end
+if opts[:apply]
+  ansible.apply
+  nocmd = false
+end
+
+Optimist::die "At least one of UCMT configuration/apply/dry-run has to be specified." if nocmd

data/bin/ucmt-discovery

@@ -0,0 +1,22 @@
+#! /usr/bin/ruby
+
+require "yaml"
+require 'optimist'
+
+require "ucmt/discovery/local_users"
+
+def write(io, data)
+  io.puts(data.to_yaml)
+end
+
+opts = Optimist::options do
+  banner "Creates UCMT configuration from system configuration.\nCreated configuration contains more information when run as root user."
+  opt :path, "Path to UCMT configuration", type: String
+end
+
+users = UCMT::Discovery::LocalUsers.new.read_data
+if opts[:path]
+  File.open(opts[:path], "w") { |f| write(f, users) }
+else
+  write(STDOUT, users)
+end

data/bin/ucmt-salt

@@ -0,0 +1,39 @@
+#! /usr/bin/ruby
+
+require "yaml"
+
+require "ucmt/salt"
+require 'optimist'
+
+opts = Optimist::options do
+  banner "Salt backend to write salt configuration from UCMT configuration, run it or dry run it."
+  opt :config, "Create salt configuration from ucmt configuration. Can be passed also as STDIN.", type: String
+  opt :salt_directory, "Where to write respective read salt configuration", type: String, default: "/srv/salt"
+  opt :dry_run, "Just prints state and what actions will be applied"
+  opt :apply, "Apply configuration to system"
+end
+Optimist::die :apply, "Cannot have apply and dry_run together" if opts[:dry_run] && opts[:apply]
+
+if opts[:config]
+  data = YAML.load_file(opts[:config])
+else
+  stdin = STDIN.tty? ? nil : STDIN.read
+  data = YAML.load(stdin) if stdin && !stdin.empty?
+end
+
+salt = UCMT::Salt.new(opts[:salt_directory])
+nocmd = true
+if data
+  salt.write(data)
+  nocmd = false
+end
+if opts[:dry_run]
+  salt.dry_run
+  nocmd = false
+end
+if opts[:apply]
+  salt.apply
+  nocmd = false
+end
+
+Optimist::die "At least one of UCMT configuration/apply/dry-run has to be specified." if nocmd

data/bin/ucmt-users

@@ -0,0 +1,109 @@
+#! /usr/bin/ruby
+
+require "yaml"
+require 'optimist'
+
+require 'ucmt/users'
+
+def write(io, data)
+  io.puts(data.to_yaml)
+end
+
+subcommands = [ "add", "edit", "remove", "ignore", "list", "show"]
+
+user_opts = Optimist::options do
+  banner("CLI for user managent in UCMT configuration.\n" \
+    "Configuration can be passed on stdin and then modified one to stdout or edit in place when using config option.\n" \
+    "Usage:\n\n" \
+    "  ucmt-users <users options> <action> <action options>\n\n" \
+    "Available actions: add, edit, remove, ignore, list, show\n" \
+    "Use ucmt-users <action> --help for more details for specific actions.\n" \
+    "Users options:\n")
+  opt :config, "Configuration to edit in place.", type: String
+  stop_on subcommands
+end
+
+if user_opts[:config]
+  data = File.exist?(user_opts[:config]) && YAML.load_file(user_opts[:config])
+else
+  stdin = STDIN.tty? ? nil : STDIN.read
+  data = YAML.load(stdin) if stdin && !stdin.empty?
+end
+data ||= {}
+
+users = UCMT::Users.new(data)
+
+write_result = false
+
+loop do
+  command = ARGV.shift
+  case command
+  when "add", "edit"
+    write_result = true
+    cmd_opts = Optimist::options do
+      banner "Adds/Edits user"
+      opt :name, "Name of user. Mandatory argument.", type: String
+      opt :fullname, "Full name of user.", type: String
+      opt :no_fullname, "Do not specify full name of user."
+      opt :uid, "User ID number.", type: Integer
+      opt :no_uid, "Do not specify User ID."
+      opt :primary_group, "User primary group specified by name.", type: String
+      opt :no_primary_group, "Do not specify primary group."
+      opt :shell, "User shell.", type: String
+      opt :no_shell, "Do not specify user shell."
+      opt :home, "User home directory.", type: String
+      opt :no_home, "Do not specify user home directory."
+# TODO: password support
+#      opt :password, "Set user password. Both already encrypted and plain password is accepted. Always stored as encrypted.", type: String
+#      opt :no_password, "Do not specify user password."
+#      opt :forbid_logging, "Do not allow user to login"
+      stop_on subcommands
+    end
+    Optimist::die :name, "Name is mandatory" unless cmd_opts[:name]
+    users.edit(cmd_opts)
+  when "remove"
+    write_result = true
+    cmd_opts = Optimist::options do
+      banner "Marks user to be removed."
+      opt :name, "Name of user. Mandatory argument.", type: String
+      stop_on subcommands
+    end
+    Optimist::die :name, "Name is mandatory" unless cmd_opts[:name]
+    users.remove(cmd_opts[:name])
+  when "ignore"
+    write_result = true
+    cmd_opts = Optimist::options do
+      banner "Mark user to not be modified."
+      opt :name, "Name of user. Mandatory argument.", type: String
+      stop_on subcommands
+    end
+    Optimist::die :name, "Name is mandatory" unless cmd_opts[:name]
+    users.ignore(cmd_opts[:name])
+  when "list"
+    cmd_opts = Optimist::options do
+      banner "List all user to modify."
+      stop_on subcommands
+    end
+    users.list
+  when "show"
+    cmd_opts = Optimist::options do
+      banner "Mark user to not be modified."
+      opt :name, "Name of user. Mandatory argument.", type: String
+      stop_on subcommands
+    end
+    Optimist::die :name, "Name is mandatory" unless cmd_opts[:name]
+    users.show(cmd_opts[:name])
+  when nil
+    break
+  else
+    Optimist.die "Invalid action '#{command}'"
+  end
+end
+
+if write_result
+  if user_opts[:config]
+    File.open(user_opts[:config], "w") { |f| write(f, data) }
+  else
+    write(STDOUT, data)
+  end
+end

data/lib/ucmt/ansible.rb

@@ -0,0 +1,76 @@
+require "yaml"
+require "cheetah"
+require "fileutils"
+
+module UCMT
+  class Ansible
+    def initialize(output_dir)
+      @output_dir = output_dir
+    end
+
+    def write(data)
+      FileUtils.mkdir_p(@output_dir)
+
+      result = local_users_content(data)
+
+      content = [{
+        "name" => "UCMT defined tasks",
+        "hosts" => "localhost",
+        "connection" => "local",
+        "tasks" => result
+      }]
+
+      File.write(File.join(@output_dir, "states.yml"), content.to_yaml)
+    end
+
+    def dry_run
+      Cheetah.run("ansible-playbook", File.join(@output_dir, "states.yml"), "--check", "--diff", stdout: STDOUT)
+    end
+
+    def apply
+      Cheetah.run("ansible-playbook", File.join(@output_dir, "states.yml"), stdout: STDOUT)
+    end
+
+  private
+
+    USERS_MAPPING = {
+      "fullname" => "comment",
+      "name" => "name",
+      "uid" => "uid",
+      "groups" => "groups",
+      "primary_group" => "group",
+      "shell" => "shell",
+      "home" => "home",
+      "password" => "password"
+    }
+    def local_users_content(data)
+      result = []
+
+      users_data = data["local_users"]
+      return [] unless users_data
+
+      (users_data["add"] || []).each do |user|
+        res = { "name" => "User #{user["name"]}" }
+        key2 = "ansible.builtin.user"
+        res[key2] = {}
+        USERS_MAPPING.each_pair do |k, v|
+          res[key2][v] = user[k] if user[k]
+        end
+
+        result << res
+      end
+
+      (users_data["remove"] || []).each do |user|
+        res = { "name" => "remove " + user["name"] }
+        key2 = "ansible.builtin.user"
+        res[key2] = { "name" => user["name"],
+          "state" => "absent", "remove" => "yes" }
+
+        result << res
+      end
+
+      result
+    end
+  end
+end
+

data/lib/ucmt/discovery/local_users.rb

@@ -0,0 +1,96 @@
+require "json"
+require "cheetah"
+
+module UCMT
+  module Discovery
+    class LocalUsers
+      # TODO: remote machine
+      def initialize
+      end
+
+      def read_data
+        {
+          "local_users" => {
+            "add" => read
+          }
+        }
+      end
+
+    private
+
+      def read_users
+        output = Cheetah.run("ansible", "localhost", "-m", "getent", "-a", "database=passwd", stdout: :capture)
+
+        res = JSON.parse(output.sub(/^.*=>/, ""))
+        res["ansible_facts"]["getent_passwd"]
+      end
+
+      def read_groups
+        output = Cheetah.run("ansible", "localhost", "-m", "getent", "-a", "database=group", stdout: :capture)
+
+        res = JSON.parse(output.sub(/^.*=>/, ""))
+        res["ansible_facts"]["getent_group"]
+      end
+
+      def read_passwords
+        output = Cheetah.run("ansible", "localhost", "-m", "getent", "-a", "database=shadow", stdout: :capture)
+
+        res = JSON.parse(output.sub(/^.*=>/, ""))
+        res["ansible_facts"]["getent_shadow"]
+      end
+
+      USERS_KEYS_MAPPING = {
+        "uid" => 1,
+        "gid" => 2,
+        "fullname" => 3,
+        "home" => 4,
+        "shell" => 5
+      }
+      INTEGER_KEYS = ["uid", "gid"]
+      SYSTEM_USER_LIMIT = 500
+
+      GROUPS_KEYS_MAPPING = {
+        "gid" => 1,
+        "users" => 2
+      }
+
+      def read
+        # reading shadow need root permissions
+        # TODO: for remote check needs to be different
+        if Process.euid == 0
+          passwd = read_passwords
+        else
+          passwd = {}
+        end
+
+        groups = read_groups
+
+        users = read_users.map do |dk, dv|
+          USERS_KEYS_MAPPING.each_with_object({"name" => dk}) { |(k, v), r| r[k] = dv[v] }
+        end
+        users.each { |u| INTEGER_KEYS.each { |i| u[i] = u[i].to_i } }
+        users.select! { |v| v["uid"] == 0 || v["uid"] > SYSTEM_USER_LIMIT } # select only non system users
+        users.each do |user|
+          user["groups"] = []
+
+          groups.each do |name, group|
+            gid = group[GROUPS_KEYS_MAPPING["gid"]].to_i
+            group_users = group[GROUPS_KEYS_MAPPING["users"]].split(",") # see man group
+
+            if user["gid"] == gid || group_users.include?(user["name"])
+              user["groups"] << name
+            end
+
+            if user["gid"] == gid
+              user["primary_group"] = name
+              user.delete("gid")
+            end
+          end
+          user["password"] = passwd[user["name"]].first if passwd[user["name"]]
+        end
+
+        users
+      end
+    end
+  end
+end

data/lib/ucmt/salt.rb

@@ -0,0 +1,73 @@
+require "yaml"
+require "cheetah"
+require "fileutils"
+
+module UCMT
+  class Salt
+    def initialize(output_dir)
+      @output_dir = output_dir
+    end
+
+    def write(data)
+      FileUtils.mkdir_p(@output_dir)
+
+      states = []
+      states << "local_users" if write_local_users(data)
+
+      write_states(states)
+    end
+
+    def dry_run
+      Cheetah.run("salt-call", "--local", "--file-root=#{@output_dir}", "state.apply", "test=true", stdout: STDOUT)
+    end
+
+    def apply
+      Cheetah.run("salt-call", "--local", "--file-root=#{@output_dir}", "state.apply", stdout: STDOUT)
+    end
+
+  private
+
+    def write_states(states)
+      content = { "base" => { "*" => states } }
+
+      File.write(File.join(@output_dir, "top.sls"), content.to_yaml)
+    end
+
+    USERS_MAPPING = {
+      "fullname" => "fullname",
+      "name" => "name",
+      "uid" => "uid",
+      "groups" => "groups",
+      "primary_group" => "gid",
+      "shell" => "shell",
+      "home" => "home",
+      "password" => "password"
+    }
+    def write_local_users(data)
+      result = {}
+
+      users_data = data["local_users"]
+      return false unless users_data
+
+      (users_data["add"] || []).each do |user|
+        key = user["name"]
+        key2 = "user.present"
+        result[key] = { key2 => [] }
+        target = result[key][key2]
+        USERS_MAPPING.each_pair do |k, v|
+          target << { v => user[k] } if user[k]
+        end
+      end
+
+      (users_data["remove"] || []).each do |user|
+        key = "remove " + user["name"]
+        key2 = "user.absent"
+        result[key] = { key2 => [{"name" => user["name"]}] }
+      end
+
+      File.write(File.join(@output_dir, "local_users.sls"), result.to_yaml)
+
+      return true
+    end
+  end
+end

data/lib/ucmt/users.rb

@@ -0,0 +1,89 @@
+require "yaml"
+require "cheetah"
+require "fileutils"
+
+module UCMT
+  class Users
+    attr_reader :data
+
+    def initialize(data)
+      @data = data
+    end
+
+    def ignore(name)
+      (users["add"] || []).delete_if { |u| u["name"] == name }
+      (users["remove"] || []).delete_if { |u| u["name"] == name }
+    end
+
+    def remove(name)
+      (users["add"] || []).delete_if { |u| u["name"] == name }
+      users["remove"] ||= []
+      users["remove"] << { "name" => name }
+    end
+
+    def edit(options)
+      name = options[:name]
+
+      # ensure that user is not removed
+      (users["remove"] || []).delete_if { |u| u["name"] == name }
+      users["add"] ||= []
+      user = users["add"].find { |u| u["name"] == name }
+      if !user
+        user = { "name" => name }
+        users["add"] << user
+      end
+
+      handle_option(:fullname, user, options)
+      handle_option(:uid, user, options)
+      handle_option(:primary_group, user, options)
+      handle_option(:shell, user, options)
+      handle_option(:home, user, options)
+
+      # TODO: PASSWORD
+      # TODO: groups
+    end
+
+    def list
+      puts "Users to add/edit:"
+      to_add = (users["add"] || []).map {|u| u["name"]}
+      puts to_add.to_yaml unless to_add.empty?
+      puts "\nUsers to remove:"
+      to_remove = (users["remove"] || []).map {|u| u["name"]}
+      puts to_remove.to_yaml unless to_remove.empty?
+      puts
+    end
+
+    def show(name)
+      remove = (users["remove"] || []).find { |u| u["name"] == name }
+      if remove
+        puts "User #{name} will be removed."
+        return
+      end
+      add = (users["add"] || []).find { |u| u["name"] == name }
+      if !add
+        puts "User #{name} won't be modified."
+        return
+      end
+
+      puts "User #{name} will have following settings:"
+      puts add.to_yaml
+    end
+
+  private
+
+    def handle_option(key, user, options)
+      if options[:"no_#{key}"]
+        user.delete(key.to_s)
+      elsif options[key]
+        user[key.to_s] = options[key]
+      end
+    end
+
+    def users
+      return @users if @users
+
+      @data["local_users"] ||= {}
+      @users = @data["local_users"]
+    end
+  end
+end

metadata

@@ -0,0 +1,86 @@
+--- !ruby/object:Gem::Specification
+name: ucmt
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Josef Reidinger
+autorequire: 
+bindir: bin/
+cert_chain: []
+date: 2021-03-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: optimist
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: cheetah
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.2
+description: A set of tools to generate configuration for various configuration management
+  tools like salt or ansible.
+email: jreidinger@suse.com
+executables:
+- ucmt-discovery
+- ucmt-ansible
+- ucmt-salt
+- ucmt
+- ucmt-users
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/ucmt
+- bin/ucmt-ansible
+- bin/ucmt-discovery
+- bin/ucmt-salt
+- bin/ucmt-users
+- lib/ucmt/ansible.rb
+- lib/ucmt/discovery/local_users.rb
+- lib/ucmt/salt.rb
+- lib/ucmt/users.rb
+homepage: https://github.com/jreidinger/ucmt
+licenses:
+- GPL-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6.2
+signing_key: 
+specification_version: 4
+summary: Universal configuration management tool
+test_files: []