diff --git a/README.repo b/README.repo new file mode 100644 index 0000000..42f8b97 --- /dev/null +++ b/README.repo @@ -0,0 +1,4 @@ +This is a conveyor-workflow repository and is intended for use with conveyor-workflow +porcelain. For further information, please refer to: + +http://dogfoodsoftware.com/documentation/conveyor-workflow diff --git a/bin/harden b/bin/harden new file mode 100644 index 0000000..485b94a --- /dev/null +++ b/bin/harden @@ -0,0 +1,124 @@ +#!/bin/bash +#/** +# *
+# *
+# * Script to harden a Vagabond environment account. Specifically, the script +# * does two things: +# *
    +# *
  1. Generates a unique environment key and distributes to all (Vagrant) +# * machine images in the environment.
    2. +# *
  2. Generates or accepts an environment password (used to sign into the +# * user account) and updates all machine images in the +# * environment.
    3. +# *
+# *
+# *
+# *
+# *
Single Machine Environments
+# *
+# * The current implementation is assumes single machine environments in which +# * the single machine configuration is an immediate child of the provided +# * environment path. Future versions will traverse all sub-directories, +# * applying correctness tests to each. The -f|--force option +# * will allow users to skip the checks and harden each machine that matches +# * and ignore anything that doesn't. Otherwise, any correctness failure will +# * cause the entire process to fail. +# *
+# *
+# * It would be interesting to locate the checks in a separate file that could +# * be inculded by a runtime check as well. This would be in support of +# * expanding the standard tests to support runtime / production checks as +# * well / in parallel with code checks. We could support code checks for +# * development and initial install and runtime checks to help verify +# * integrity of the running system. +# *
+# *
General Account Management +# *
+# * Future versions will accept a -a|--account-handle flag +# * indicating the account to update in place of the default user +# * account. +# *
+# *
Macine Subsets +# *
+# * Future versions will accept multiple environment paths allowing the +# * process to operate on multiple environments or environment +# * subsets. Subsets simply specify a path within an environment rather than +# * the environment root. +# *
+# *
Authorization Checks +# *
+# * The current implementation performs no authorization checks. In general, +# * the bash scripts are trusted, and access to the script imlicitly grants +# * authorization. In order to support web services, however, we do want to +# * provide the ability to request an authorization check prior to executing +# * the command with the --check-authorizations option. The +# * implementation would process the normalized set of target machines against +# * the user's environment local account name as specified by the +# * -a|--account-handle. The user user account is +# * incompatible with this option and always exits with an authorization +# * failure, which is checked by the script. For all other accounts, we check +# * authorizations/?subject=/users/<environment>/<handle>&operation=/vagrants/manage-account&target=/vagrants/<machine +# * path> resource to determine authorization. +# *
+# *
Web Service Considerations +# *
+# * With the above in place, we believe we have a solid and secure foundation +# * for exposing these operations through a web service. The web service will +# * probably want to do it's own authorization checks. This small amount of +# * duplicate code is acceptable to support consistency in implementation. The +# * script would support updating the SSH key and user password. +# *
+# *
+# *
+# *
Implementation
+# */ + +ENVIRONMENT_PATH="$1" +# For aesthetics, we want to set up ENVIRONMENT_PATH as an absolute +# directory. In bash, it's a bit of a trick, using the 'PWD' environment +# var. Notice that we're using '$0' rather than specifying the Conveyor +# development path. This is because Vagabond supports stand alone +# installation, and the project directory is not guaranteed to be deployed in +# a Conveyor context. +VAGABOND_BASE="`dirname $0`/../" +cd $VAGABOND_BASE +VAGABOND_BASE="$PWD" +ENVIRONMENT_BASE="$VAGABOND_BASE/data/environment" + +if [ ! -d "$ENVIRONMENT_PATH" ]; then + echo "Environment not found in '$ENVIRONMENT_PATH'." 1>&2 + exit 1 +fi +if [ ! -f "$ENVIRONMENT_PATH/Vagrantfile" ]; then + echo "Environment incomplete, no 'Vagrantfile'." 1>&2 + exit 1 +fi +if [ ! -f "$ENVIRONMENT_PATH/machine.rb" ]; then + echo "Environment incomplete, no 'machine.rb'." 1>&2 + exit 1 +fi +# everything looks good +ACCOUNT_NAME=user + +# First, set up working directory. +WORKING_DIR="$VAGABOND_BASE/data/harden/$ACCOUNT_NAME/" +if [ -d "$WORKING_DIR" ]; then + # TODO: Check no '.lock' file; exit if so. + # Clean out any lingering work directory. + rm -rf "$WORKING_DIR" +fi +touch "$WORKING_DIR/lock" +# TODO: Add exit handler to delete lock file. + +# Generate key. +# TODO: Look into using the -G/-T modality tests. +ssh-keygen -f "$WORKING_DIR/id_rsa" -t rsa -b 2048 + +# Distribute key. +# TODO: would be nice to do a 'secure delete' just to be safe +# update password + +rm "$WORKING_DIR/lock" +#/** +# *
+# */ diff --git a/bin/vagabond b/bin/vagabond index 9b070a7..d4cb0bc 100644 --- a/bin/vagabond +++ b/bin/vagabond @@ -93,7 +93,7 @@ # *
vagabond-environments
# *
# * Whereas a vagabond-templates item describes a -# * meta-environment, a code-environment item relates to +# * meta-environment, a vagabond-environment item relates to # * a runnable environment. Environments exist as vagabond-boxes
- +# *
+# * A vagabond-box is a running virtual machine instance. +# *
+# *
+# *
vagabond-images
+# *
+# * A vagabond-image is a base box image used to create a runtime +# * vagabond-box +# *
+# *
+# *
vagabond-snapshot
+# *
+# * A vagabond-image is a disk-snapshot of an enviornment +# * runtime; a live backup. +# *
# *
# *
# */ + +# Within environmonts, you can have any number of sub-environments. So, the +# environment cookbook might pull in a 'apache cloud' environment to provide +# self-scaling HTTP front end processing. Each vagabond-box is a minimal +# vagabond-envioronment + +vagabond snapshot PUT auto-id source=/vagabond-environment/jmfa-fraudmanager diff --git a/kdata/templates/conveyor-workstation/Vagrantfile b/kdata/templates/conveyor-workstation/Vagrantfile deleted file mode 100644 index 2199719..0000000 --- a/kdata/templates/conveyor-workstation/Vagrantfile +++ /dev/null @@ -1,34 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : - -# /** -# *
-# * See documentation on understanding -# * confugiration resolution for the details of how the machine -# * level configuration is bounded and interacts with the template defined -# * configuration. -# *
-# */ -require "#{File.expand_path(File.dirname(__FILE__))}/machine-config.rb" - -Vagrant.configure("2") do |config| - config.vm.provider :virtualbox do |v| - v.customize ["modifyvm", :id, "--memory", "2048"] - end -end - -Vagrant.configure("1") do |config| - # First, we check our required inputs - if defined? $ip == nil - raise 'Configuration variable must be defined by file \'machine_config.rb\' in same directory as this file before template may be executed.' - end - - config.vm.box = "whitebox-opensuse-12_3x64-desktop" - config.vm.box_url = "file:///#{File.expand_path('~')}/vagabond/data/boxes/whitebox-opensuse-12_3x64-desktop.box" - - config.ssh.username = 'user' - config.ssh.forward_x11 = true -# config.ssh.private_key_path = '/home/user/vagabond/secure_id_rsa' -end diff --git a/runnable b/runnable deleted file mode 120000 index f7ffedd..0000000 --- a/runnable +++ /dev/null @@ -1 +0,0 @@ -./src \ No newline at end of file diff --git a/src/lib/vagabond-lib.rb b/src/lib/vagabond-lib.rb deleted file mode 100644 index 9792195..0000000 --- a/src/lib/vagabond-lib.rb +++ /dev/null @@ -1,33 +0,0 @@ -class VagabondSession - def initialize() - end # def initialize - - def execute(resource, verb, params) - # We could do this with a totally dynamic call if we got a few more nouns. - if resource == 'boxes' - boxes_handler(verb, params) - elsif resource == 'environments' - environments_handler(verb, params) - elsif resource == 'templates' - templates_handler(verb, params) - else - return ErrorResponse("Unknown resource: '#{resource}'.") - end - end # def execute - - def boxes_handler(verb, params) - - end # def boxes_handler -end # class VagabondSession - -REST-CLI - -Takes 'verb url' and invokes 'curl'. Processes header and standard results for -user messsages and echos appropriately. - -Services support 'text/plain' response format (for GET) requests. - -Output from not get requests consists of action related messages only. Data is -generally ignored. A user would hawe to PUT or POST, then GET to 'see' results -like we would expect with a browser. (Auto-GET mode for standard re-get for UI -behavior?) diff --git a/kdata/documentation/Getting_Started b/static-resources/documentation/Getting-Started similarity index 97% rename from kdata/documentation/Getting_Started rename to static-resources/documentation/Getting-Started index f253008..7e67970 100644 --- a/kdata/documentation/Getting_Started +++ b/static-resources/documentation/Getting-Started @@ -111,8 +111,8 @@ about the versions not matching. In practice, the guest additions are compatible enough and everything should work fine. We do intend to automate the update of guest additions in the - future.There was a plugin + future.There was + a plugin for Vagrant v1, and in theory the process should be relatively easy to automate with a shell script. It's on the TODO list. diff --git a/kdata/documentation/Primer b/static-resources/documentation/Primer similarity index 100% rename from kdata/documentation/Primer rename to static-resources/documentation/Primer diff --git a/kdata/documentation/Project_Summary b/static-resources/documentation/Project-Summary similarity index 67% rename from kdata/documentation/Project_Summary rename to static-resources/documentation/Project-Summary index b66bb8b..ee50ceb 100644 --- a/kdata/documentation/Project_Summary +++ b/static-resources/documentation/Project-Summary @@ -1,6 +1,6 @@
Vagabond uses Vagrant - and Virtual Box. + and Virtual Box.
diff --git a/kdata/documentation/dev/Environment-Runtime-Primer b/static-resources/documentation/dev/Environment-Runtime-Primer similarity index 100% rename from kdata/documentation/dev/Environment-Runtime-Primer rename to static-resources/documentation/dev/Environment-Runtime-Primer diff --git a/static-resources/documentation/ref/Operations-Manual/Vagabond-Host/3ware-9000-Series-RAID-Maintenance b/static-resources/documentation/ref/Operations-Manual/Vagabond-Host/3ware-9000-Series-RAID-Maintenance new file mode 100644 index 0000000..3c6333e --- /dev/null +++ b/static-resources/documentation/ref/Operations-Manual/Vagabond-Host/3ware-9000-Series-RAID-Maintenance @@ -0,0 +1,32 @@ +
+
Reference Documentation
+
+ +
+
+
+
Weekly Manual Check
+
+
    +
  1. Log into Vagabond Host via SSH.
    2. +
  2. From the bash prompt, execute: sudo ./raid.9.5.3/cli/tw_cli
    3. +
  3. From the RAID CLI prompt, execute: show. Note the value + in the 'Ctl' column for each controller.
    4. +
  4. Form the RAID CLI prompt, execute: show /<controller + ID>. Verify that the 'Status' of each 'Unit', 'VPort' and + 'bbu' is 'OK'.
    5. +
  5. Cound the number of 'ports' == hard drives. +
  6. From the RAID CLI prompt, execute: quit.
    7. +
  7. From the bash prompt, execute: smartctl -A -data -d 3ware,0 + /dev/twa0. If SSD, you will see a 'Media_Wearout_Indicator' or + 'SSDLife'. '100' is best, '0' is worst. Mark drive for replacement + at... 25?.
    8. +
  8. Repeat command with '3ware,1', '3ware,2', etc. for each drive. Check + all SSD. For non-SSD... I'm not really sure. Need to update this + section. An 'input/output' error means there's no drive connected to + that port (or the drive is totally toast). +
+
diff --git a/static-resources/templates/conveyor-base/Vagrantfile b/static-resources/templates/conveyor-base/Vagrantfile new file mode 100644 index 0000000..cb2d352 --- /dev/null +++ b/static-resources/templates/conveyor-base/Vagrantfile @@ -0,0 +1,118 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : +# /** +# *
+# *
+# * Sets up a Vagrant VM as a minimal Conveyor workstation with git-convey +# * project checked out. +# *
+# *
+# *
+# *
Implementation
+# */ + +VAGRANTFILE_API_VERSION_2 = "2" +OUR_DIR=File.dirname(File.expand_path(__FILE__)) +# Once we standardize on ruby 1.9, we prefer: +# KEYS_DIR="#{Dir.home}/.conveyor/keys" +KEYS_DIR="#{File.expand_path('~')}/.conveyor/keys" + +Vagrant.configure(VAGRANTFILE_API_VERSION_2) do |config| + # Set up base box parameters. + config.vm.box = "opensuse-13.1-64bit-20GB-server" + config.vm.box_url = "http://dogfoodsoftware.com/bitbucket/opensuse-13.1-64bit-20GB-server.box" + + config.vm.hostname = 'conveyor-base' + + # Expose the (naughty) HTTP port on the host. + config.vm.network :forwarded_port, guest: 42069, host: 42069, auto_correct: true + + config.vm.provider :virtualbox do |vb| + # If you'd like more memory, override default 1GB memory for the base box. + # vb.customize ["modifyvm", :id, "--memory", "2048"] + end + + # Configure SSH. + config.ssh.username = 'user' + config.ssh.forward_x11 = true + + setup_keys config + + $INSTALL_WORKSTATION_DISTRO_PACKAGES = <