zool 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- data/Rakefile +1 -1
- data/lib/zool/server.rb +0 -1
- metadata +2 -4
- data/README.md +0 -110
data/Rakefile
CHANGED
@@ -25,7 +25,7 @@ begin
|
|
25
25
|
s.email = "paukul@gmail.com"
|
26
26
|
s.homepage = "http://github.com/paukul/zool"
|
27
27
|
s.authors = ["Pascal Friederich"]
|
28
|
-
s.version = ["0.1.
|
28
|
+
s.version = ["0.1.3"]
|
29
29
|
s.files.exclude 'vendor', 'spec', 'features', '.gitignore', 'Gemfile'
|
30
30
|
s.test_files.include 'features/**/*'
|
31
31
|
s.test_files.exclude 'features/tmp'
|
data/lib/zool/server.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: zool
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Pascal Friederich
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2010-01-
|
12
|
+
date: 2010-01-27 00:00:00 +01:00
|
13
13
|
default_executable: zool
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
@@ -180,7 +180,6 @@ extensions: []
|
|
180
180
|
|
181
181
|
extra_rdoc_files:
|
182
182
|
- LICENSE
|
183
|
-
- README.md
|
184
183
|
files:
|
185
184
|
- LICENSE
|
186
185
|
- Rakefile
|
@@ -192,7 +191,6 @@ files:
|
|
192
191
|
- lib/zool/key_file_writer.rb
|
193
192
|
- lib/zool/server.rb
|
194
193
|
- lib/zool/server_pool.rb
|
195
|
-
- README.md
|
196
194
|
has_rdoc: true
|
197
195
|
homepage: http://github.com/paukul/zool
|
198
196
|
licenses: []
|
data/README.md
DELETED
@@ -1,110 +0,0 @@
|
|
1
|
-
Zool
|
2
|
-
=================
|
3
|
-
zool (which is named after Zuul, "The Gatekeeper", from the movie [Ghostbusters](http://en.wikipedia.org/wiki/Ghostbusters)) is a gem to manage authorized_keys files on a set of n servers.
|
4
|
-
It comes with a command-line client named zool which gives you access to the common tasks.
|
5
|
-
|
6
|
-
Installation
|
7
|
-
------------
|
8
|
-
|
9
|
-
* install [ruby](http://www.ruby-lang.org)
|
10
|
-
* install [rubygems](http://docs.rubygems.org/read/chapter/3)
|
11
|
-
* gem install [zool](http://github.com/paukul/zool)
|
12
|
-
|
13
|
-
You also need a zool.conf file and a keys directory (where the public keys are stored) to use the command-line client.
|
14
|
-
|
15
|
-
The command-line client
|
16
|
-
-----------------------
|
17
|
-
|
18
|
-
the command-line client currently supports 3 commands:
|
19
|
-
|
20
|
-
* __fetch__<br>
|
21
|
-
fetches the authorized_keys files from a file (defaults to /etc/hosts) or a list of hosts (see zool -h for more info), splits them up, removes duplicates and saves them to a .pub file in the keys (will be configurable... later...) directory.
|
22
|
-
It tries to generate the name of the keyfile by parsing the key for a someuser@somehost value at the end of the key. It only uses the someuser value to generate the keyfile name. That may become configurable later
|
23
|
-
You can specify a user / password for the fetch and setup tasks. See zool -h for details.
|
24
|
-
* __setup__<br>
|
25
|
-
this task creates the keys directory, fetches the keys and naively creates a simple version of a zool.conf. That will experience some overhaul for sure because it is only capable to create server directives for every server and isn't smart enough to group keys.
|
26
|
-
You can specify a user / password for the fetch and setup tasks. See zool -h for details.
|
27
|
-
* __apply__<br>
|
28
|
-
reads the zool.conf and distributes the keys to the servers specified in the configuration file. <br>
|
29
|
-
|
30
|
-
The zool.conf
|
31
|
-
---------------
|
32
|
-
|
33
|
-
The zool.conf describes which keys should be deployed to which servers. It supports group, role and server directives.
|
34
|
-
|
35
|
-
[group devs]
|
36
|
-
members = peter, paul, danny
|
37
|
-
|
38
|
-
[group sysadmins]
|
39
|
-
members = tony, frank
|
40
|
-
|
41
|
-
[role app]
|
42
|
-
servers = 10.12.11.1, 10.12.11.2
|
43
|
-
keys = &devs, tony
|
44
|
-
user : my_deploy_user
|
45
|
-
password : mypassword
|
46
|
-
|
47
|
-
[server 10.11.1.4]
|
48
|
-
keys = &sysadmins
|
49
|
-
user = adminuser
|
50
|
-
|
51
|
-
The members are specified as the name of the keyfile containing the key, without the succeeding .pub extension.
|
52
|
-
A _group_ groups several keys, a _role_ groups several _servers_. A server, well, is a single server. (__Note__: you can have servers in several groups and even in an additional server directive at once)
|
53
|
-
Roles and servers can have multiple _keys_. The keys can be supplied like in the _group_ directive or if you want to reference to a groups keys, by prepending a _&_ (if you would want to reference the group _devs_ you would use _&devs_).
|
54
|
-
You can optionally specify the user/password to use to connect to servers/roles. If those values aren't configured, it defaults to root for the user and an empty password/tries to authenticate with the current users ssh key.
|
55
|
-
|
56
|
-
__NOTE__
|
57
|
-
Currently the first appearance of a server in the key file sets its user/password. So it is not possible to have multiple key configurations with a different user for a single server. That might change soon!
|
58
|
-
|
59
|
-
Security?
|
60
|
-
----------
|
61
|
-
When zool creates a authorized_keys file on a server, it always creates a backup of the existing one (it uses `authorized_keys_timestamp` as the backups filename).
|
62
|
-
It also opens a backup connection to the server before uploading the keyfiles and tries to open another one after uploading them. If it fails to open another conncetion it uses the backup connection to restore the original keyfile.
|
63
|
-
See how it looks like if that happens:
|
64
|
-
|
65
|
-
*In the logfile*
|
66
|
-
|
67
|
-
INFO -- : Fetching key from 13.11.2.200
|
68
|
-
INFO -- : Trying to connect to 13.11.2.200 to see if I still have access
|
69
|
-
WARN -- : !!!!!! Could not login to server after upload operation! Rolling back !!!!!!
|
70
|
-
INFO -- : Trying to connect to 13.11.2.200 to see if I still have access
|
71
|
-
INFO -- : Backup channel connection succeeded. Assuming everything went fine!
|
72
|
-
|
73
|
-
*At the command-line*
|
74
|
-
|
75
|
-
NOW pray to the gods...
|
76
|
-
Going to deploy to 13.11.2.200
|
77
|
-
Uploading... [FAIL]
|
78
|
-
Could not connect to a Server after updating the authorized_keys file. Tried to roll back!
|
79
|
-
Error after uploading the keyfile to 13.11.2.200
|
80
|
-
|
81
|
-
Known issues
|
82
|
-
------------
|
83
|
-
|
84
|
-
__Bugs / Issues__
|
85
|
-
|
86
|
-
* numbering of "similar" keys is only done when generating the key files. when writing the config files it uses the unnumbered version all the time
|
87
|
-
* tests on the fallback mechanism are not present
|
88
|
-
|
89
|
-
__Feature Todos__
|
90
|
-
|
91
|
-
* generating the config from a serverpool / hostfile is pretty dump at the moment. is doesn't use the groups and roles directives, instead stupidly adds server directives with the appropriate keys. That could be made smarter...
|
92
|
-
* if keys are in subfolders, the subfolders could automatically act as usable groups, with the folder name as reference
|
93
|
-
|
94
|
-
Developing
|
95
|
-
==========
|
96
|
-
|
97
|
-
Bundler
|
98
|
-
-------
|
99
|
-
|
100
|
-
To get a working development/testing setup you can use bundler to fetch all the dependencies. Just `gem install bundler` and `gem bundle` in the checkout directory afterwards. Be sure to use the executables (rake, cucumber, ...) from the bundler_bin directory instead your regular versions.
|
101
|
-
|
102
|
-
Running the tests
|
103
|
-
-----------------
|
104
|
-
|
105
|
-
To run the cucumber features you need to have an ssh server running on your machine and your own public key in your authorized_keys file.
|
106
|
-
The tests use your authorized_keys file only to login to _localhost_ and fake authorized_keys and key files for testing.
|
107
|
-
|
108
|
-
Copyright
|
109
|
-
---------
|
110
|
-
Copyright (c) 2010 Pascal Friederich. See LICENSE for details.
|