Class: Promotion::Enforcer

Inherits:

Object

• Object
• Promotion::Enforcer

Defined in:

lib/promotion/enforcer.rb

Overview

The Enforcer handles the first half of the promotion process: moving the files into place, setting permissions, ensuring that users and groups are set up correctly, etc.

Constant Summary

DEFAULT_FOLDER_OWNER =

root

"root"

DEFAULT_FOLDER_GROUP =

wheel

"wheel"

DEFAULT_FOLDER_MODE =

0750

"0750"

DEFAULT_FOLDER_CLEAR =

false

"false"

DEFAULT_FILE_OWNER =

root

"root"

DEFAULT_FILE_GROUP =

wheel

"wheel"

DEFAULT_FILE_MODE =

0640

"0640"

DEFAULT_FILE_SOURCE =

‘.’ the current folder

"."

Instance Attribute Summary

• #spec ⇒ Object readonly

  returns the XML specification for the selected application.

Instance Method Summary

• #build_zip_file(zipfile) ⇒ Object

  Creates a zip archive from the specified files.

• #clear_folder(path) ⇒ Object

  Removes a folder unconditionally.

• #create_group(gid, name) ⇒ Object

  Create a group in the operating system.

• #create_user(uid, name, gid, uclass, gecos, home, shell, groups) ⇒ Object

  Creates a user account for the operating system.

• #ensure_allfiles(path, owner, group, mode, source) ⇒ Object

  Ensures that all specified files are moved into place with the correct ownership and permissions.

• #ensure_file(path, owner, group, mode, source, empty, overwrite = true, backup = false) ⇒ Object

  Ensures that a file exists at the given path, with the ownership and permissions specified.

• #ensure_folder(path, owner, group, mode, clear) ⇒ Object

  Creates a folder (and any intermediate parent folders), sets the ownership and permissions.

• #ensure_link(path, owner, group, mode, target) ⇒ Object

  Ensures that a link exists at the given path, with the ownership and permissions specified.

• #group_exist?(gid, name) ⇒ Boolean

  Detects if a group exists with the given gid and name.

• #initialize(appname) ⇒ Enforcer constructor

  Creates a new Enforcer for the selected application.

• #start ⇒ Object

  Enforces the conditions needed for the selected app to function properly, as specified in the deployment descriptor: - ensure that certain groups exist - ensure that certain users exist (belonging to certain groups) - ensure that certain folders exist, if not create them; set permissions correctly; if desired, make sure they are empty - move specified files into place, set ownerships and permissions; create empty, or make empty, or preserve contents as desired.

• #svn_check_out(url, folder) ⇒ Object

  Check out a repository path to the specified folder or update it if it is already installed.

• #user_exist?(uid, name) ⇒ Boolean

  Detects if a user account exists with the given uid and name.

Constructor Details

#initialize(appname) ⇒ Enforcer

Creates a new Enforcer for the selected application.

# File 'lib/promotion/enforcer.rb', line 33

def initialize(appname)
  appFolder = File.expand_path(appname, Folders::Staging)
  Dir.chdir(appFolder)
  specfile = File.expand_path(Files::Spec, appFolder)
  unless File.exist?(specfile)
    puts("\nSpecification file #{specfile} does not exist.\n" )
    exit 1
  end
  doc = REXML::Document.new(File.new(specfile))
  @spec = doc.root
  $log.info("\n#{'_'*40}\nEnforcer created for #{appname}")
end

Instance Attribute Details

#spec ⇒ Object (readonly)

returns the XML specification for the selected application

# File 'lib/promotion/enforcer.rb', line 13

def spec
  @spec
end

Instance Method Details

#build_zip_file(zipfile) ⇒ Object

Creates a zip archive from the specified files

# File 'lib/promotion/enforcer.rb', line 312

def build_zip_file(zipfile)
  begin
    path = zipfile.elements["Zip"].text().strip()
    owner = zipfile.elements["Zip"].attributes["Owner"] || "root"
    group = zipfile.elements["Zip"].attributes["Group"] || "wheel"
    mode  = zipfile.elements["Zip"].attributes["Mode"] || "0644"
    mode = mode.oct()
    filelist = []
    zipfile.elements.each("Source") { |src|
      sourceFile = src.text().strip()
      unless File.exist?(sourceFile)
        $log.error("Missing source file #{sourceFile} to add to zip archive #{path}")
        exit 1
      end
      filelist << sourceFile
    }
    targetFolder = File.dirname(path)
    unless File.directory?(targetFolder)
      $log.warn("Missing folder #{targetFolder} is being created but may have wrong ownership and permissions.")
      FileUtils.mkdir_p(targetFolder)
    end
    system("#{Files::Zip} #{path} #{filelist.join(' ')} ")
    FileUtils.chown(owner, group, path)
    FileUtils.chmod(mode, path)
    $log.info("Created zip archive #{path}, owned by #{owner}:#{group} with mode #{sprintf('%04o',mode)}")
  rescue => e
    $log.error("Unable to create zip archive #{path}, owned by #{owner}:#{group} with mode #{sprintf('%04o',mode)}\n#{e.message}\n#{e.backtrace}")
    exit 1
  end
end

#clear_folder(path) ⇒ Object

Removes a folder unconditionally

# File 'lib/promotion/enforcer.rb', line 184

def clear_folder(path)
  begin
    FileUtils.rm_rf(path)
    $log.info("Removed folder #{path} in preparation for a fresh installation.")
  rescue
    $log.error("Unable to remove folder #{path} prior to installation.")
    exit 1
  end
end

#create_group(gid, name) ⇒ Object

Create a group in the operating system

# File 'lib/promotion/enforcer.rb', line 172

def create_group(gid, name)
  begin
    command = Files::Groupadd + " -v -g #{gid} #{name}"
    raise unless system(command)
    $log.info("Group #{name}(#{gid}) created.")
  rescue => e
    $log.error("Unable to create group #{name}(#{gid})\n#{e.message}")
    exit 1
  end
end

#create_user(uid, name, gid, uclass, gecos, home, shell, groups) ⇒ Object

Creates a user account for the operating system

# File 'lib/promotion/enforcer.rb', line 143

def create_user(uid, name, gid, uclass, gecos, home, shell, groups)
  begin
    FileUtils.mkdir_p(home) unless File.directory?(home)  # ensure no warning about missing folder
    command = Files::Useradd + " -u #{uid} -g #{gid} -L #{uclass} "
    command += "-c '#{gecos}' -d #{home} -s #{shell} -p '*************' "
    command += "-G #{groups} " if groups.length > 0
    command += " #{name} "
    raise unless system(command)
    $log.info("User #{name}(#{uid})created.")
  rescue => e
    $log.error("Unable to create user #{name}(#{uid})\n#{e.message}")
    exit 1
  end
end

#ensure_allfiles(path, owner, group, mode, source) ⇒ Object

Ensures that all specified files are moved into place with the correct ownership and permissions

# File 'lib/promotion/enforcer.rb', line 210

def ensure_allfiles(path, owner, group, mode, source)
  unless File.directory?(source)
    $log.error("Missing source folder #{source} to install contents to #{path}")
    exit 1
  end
  # modify the mode for folders so they are executable
  perms = sprintf('%9b', mode)
  perms[2] = "1"
  perms[5] = "1"
  perms[8] = "1"
  folderMode = perms.to_i(2)
  begin
    Dir.chdir(source)
    Dir["**/*"].each { |file|
      targetPath = File.expand_path(file, path) # file could be app/media/shared/mypic.png
      if File.directory?(file)
        ensure_folder(targetPath, owner, group, folderMode, false)
      else
        ensure_file(targetPath, owner, group, mode, File.dirname(file), false, true)
      end
    }
  rescue => e
    $log.error("Unable to install allfiles from #{source} to #{path}\n#{e.message}")
    exit 1
  end
end

#ensure_file(path, owner, group, mode, source, empty, overwrite = true, backup = false) ⇒ Object

Ensures that a file exists at the given path, with the ownership and permissions specified. The source file is derived from the source folder and path basename If the empty parameter is true, create an empty file If Overwrite="false" then set ownerships and permissions but leave the contents alone (ie. create but no update) path = full path to file to be created source = folder within the project to copy file from If backup, preserve a copy of the original file if it has never been backed up yet (good for preserving original system config files)

# File 'lib/promotion/enforcer.rb', line 247

def ensure_file(path, owner, group, mode, source, empty, overwrite=true, backup=false)
  unless empty
    sourceFile = File.expand_path(File.basename(path), source)
    unless File.exist?(sourceFile)
      $log.error("Missing source file #{sourceFile} to install to #{path}")
      exit 1
    end
  end
  begin
    targetFolder = File.dirname(path)
    unless File.directory?(targetFolder)
      $log.warn("Missing folder #{targetFolder} is being created but may have wrong ownership and permissions.")
      FileUtils.mkdir_p(targetFolder)
    end
    if empty
      FileUtils.touch(path)
    elsif !overwrite and File.exists?(path)
      # preserve the contents
    else
      FileUtils.cp(path, path+"-original") if backup and not File.exist?(path+"-original")
      FileUtils.cp(sourceFile, path)
    end
    FileUtils.chown(owner, group, path)
    FileUtils.chmod(mode, path)
    $log.info("Installed file #{path}, owned by #{owner}:#{group} with mode #{sprintf('%04o',mode)}")
  rescue => e
    $log.error("Unable to install file #{path}, owned by #{owner}:#{group} with mode #{sprintf('%04o',mode)}\n#{e.message}")
    exit 1
  end
end

#ensure_folder(path, owner, group, mode, clear) ⇒ Object

Creates a folder (and any intermediate parent folders), sets the ownership and permissions

# File 'lib/promotion/enforcer.rb', line 196

def ensure_folder(path, owner, group, mode, clear)
  begin
    FileUtils.mkdir_p(path) unless File.directory?(path)
    FileUtils.chown(owner, group, path)
    FileUtils.chmod(mode, path)
    $log.info("Ensured folder #{path} is owned by #{owner}:#{group} with mode #{sprintf('%04o',mode)}")
  rescue => e
    $log.error("Unable to ensure folder #{path} is owned by #{owner}:#{group} with mode #{sprintf('%04o',mode)}\n#{e.message}")
    exit 1
  end
end

#ensure_link(path, owner, group, mode, target) ⇒ Object

Ensures that a link exists at the given path, with the ownership and permissions specified.

# File 'lib/promotion/enforcer.rb', line 279

def ensure_link(path, owner, group, mode, target)
  begin
    targetFolder = File.dirname(path)
    unless File.directory?(targetFolder)
      $log.warn("Missing folder #{targetFolder} is being created but may have wrong ownership and permissions.")
      FileUtils.mkdir_p(targetFolder)
    end
    FileUtils.ln_sf(target, path)
    FileUtils.chown(owner, group, path)
    FileUtils.chmod(mode, path)
    $log.info("Installed link #{path} --> #{target}, owned by #{owner}:#{group} with mode #{sprintf('%04o',mode)}")
  rescue => e
    $log.error("Unable to install link #{path} --> #{target}, owned by #{owner}:#{group} with mode #{sprintf('%04o',mode)}\n#{e.message}")
    exit 1
  end
end

#group_exist?(gid, name) ⇒ Boolean

Detects if a group exists with the given gid and name

# File 'lib/promotion/enforcer.rb', line 159

def group_exist?(gid, name)
  begin
    group1 = Etc.getgrgid(gid)
    group2 = Etc.getgrnam(name)
    raise unless group1 == group2
    $log.info("Group #{name}(#{gid}) already exists.")
  rescue
    return(false)
  end
  return(true)
end

#start ⇒ Object

Enforces the conditions needed for the selected app to function properly, as specified in the deployment descriptor:

• ensure that certain groups exist

• ensure that certain users exist (belonging to certain groups)

• ensure that certain folders exist, if not create them; set permissions correctly; if desired, make sure they are empty

• move specified files into place, set ownerships and permissions; create empty, or make empty, or preserve contents as desired.

• ensure symbolic link exists, create if missing

• create a zip archive of certain files if desired.

# File 'lib/promotion/enforcer.rb', line 56

def start()
  @spec.elements.each("/Specification/Groups/Group") { |group|
    gid = group.attributes["Gid"].to_i
    name = group.attributes["Name"]
    create_group(gid, name) unless group_exist?(gid, name)
  }
  @spec.elements.each("/Specification/Users/User") { |user|
    uid = user.attributes["Uid"].to_i
    name = user.attributes["Name"]
    gid = user.attributes["Gid"].to_i
    uclass = user.attributes["Class"] || "default"
    gecos = user.attributes["Gecos"] || ""
    home = user.attributes["Home"] || "/home/#{name}"
    shell = user.attributes["Shell"] || "/bin/ksh"
    groups = user.attributes["Groups"] || ""
    groups = groups.gsub(/\s+/, ",")    # adduser needs comma-separated groups
    create_user(uid, name, gid, uclass, gecos, home, shell, groups) unless user_exist?(uid, name)
  }
  @spec.elements.each("/Specification/Folders/Folder[@Clear='true']") { |folder|
    path = folder.text().strip()
    clear_folder(path)
  }
  @spec.elements.each("/Specification/Folders/Folder") { |folder|
    path = folder.text().strip()
    owner = folder.attributes["Owner"] || folder.parent.attributes["Owner"] || DEFAULT_FOLDER_OWNER
    group = folder.attributes["Group"] || folder.parent.attributes["Group"] || DEFAULT_FOLDER_GROUP
    mode =  folder.attributes["Mode"]  || folder.parent.attributes["Mode"]  || DEFAULT_FOLDER_MODE
    clear = folder.attributes["Clear"]  || folder.parent.attributes["Clear"] || DEFAULT_FOLDER_MODE
    mode = mode.oct()
    clear = (clear == "true")
    ensure_folder(path, owner, group, mode, clear)
  }
  @spec.elements.each("/Specification/Files/File") { |file|
    path = file.text().strip()
    owner = file.attributes["Owner"] || file.parent.attributes["Owner"] || DEFAULT_FILE_OWNER
    group = file.attributes["Group"] || file.parent.attributes["Group"] || DEFAULT_FILE_GROUP
    mode =  file.attributes["Mode"]  || file.parent.attributes["Mode"]  || DEFAULT_FILE_MODE
    mode = mode.oct()
    source = file.attributes["Source"] || file.parent.attributes["Source"] || DEFAULT_FILE_SOURCE
    empty = file.attributes["Empty"] == "true"
    overwrite = !(file.attributes["Overwrite"] == "false")
    backup = file.attributes["Backup"] == "true"
    ensure_file(path, owner, group, mode, source, empty, overwrite, backup)
  }
  @spec.elements.each("/Specification/Files/Link") { |link|
    path = link.text().strip()
    owner = link.attributes["Owner"] || link.parent.attributes["Owner"] || DEFAULT_FILE_OWNER
    group = link.attributes["Group"] || link.parent.attributes["Group"] || DEFAULT_FILE_GROUP
    mode =  link.attributes["Mode"]  || link.parent.attributes["Mode"]  || DEFAULT_FILE_MODE
    mode = mode.oct()
    target = link.attributes["Target"] || link.parent.attributes["Source"] || DEFAULT_FILE_SOURCE
    ensure_link(path, owner, group, mode, target)
  }
  @spec.elements.each("/Specification/Allfiles") { |file|
    path = file.text().strip()
    owner = file.attributes["Owner"] || file.parent.attributes["Owner"] || DEFAULT_FILE_OWNER
    group = file.attributes["Group"] || file.parent.attributes["Group"] || DEFAULT_FILE_GROUP
    mode =  file.attributes["Mode"]  || file.parent.attributes["Mode"]  || DEFAULT_FILE_MODE
    mode = mode.oct()
    source = file.attributes["Source"] || file.parent.attributes["Source"] || DEFAULT_FILE_SOURCE
    ensure_allfiles(path, owner, group, mode, source)
  }
  @spec.elements.each("/Specification/Subversion") { |svn|
    folder = svn.elements["Folder"].text
    url = svn.elements["Url"].text
    svn_check_out(url, folder)
  }
  @spec.elements.each("/Specification/Zipfile") { |zipfile|
    build_zip_file(zipfile)
  }
end

#svn_check_out(url, folder) ⇒ Object

Check out a repository path to the specified folder or update it if it is already installed

# File 'lib/promotion/enforcer.rb', line 298

def svn_check_out(url, folder)
  begin
    if system("#{::Files::Svn} info #{folder}")   # already exists
       system("#{::Files::Svn} up --force #{folder}")  
    else
      system("#{::Files::Svn} co --force #{url} #{folder}")
    end
   rescue => e
     $log.error("Unable to deploy #{url} into #{folder}\n#{e.message}\n#{e.backtrace}")
     exit 1
   end
end

#user_exist?(uid, name) ⇒ Boolean

Detects if a user account exists with the given uid and name

# File 'lib/promotion/enforcer.rb', line 129

def user_exist?(uid, name)
  begin
    user1 = Etc.getpwuid(uid)
    user2 = Etc.getpwnam(name)
    raise unless user1 == user2
    $log.info("User #{name}(#{uid}) already exists.")
    # FIXME: can we enforce group memberships, and other details /etc/passwd
  rescue
    return(false)
  end
  return(true)
end