Changeset 1547


Ignore:
Timestamp:
May 18, 2012, 3:25:55 AM (7 years ago)
Author:
bruno
Message:
  • Add the shorewall plugin
  • cbusterize now uses only Net::SSH2 and supports getting files owned by root with sudo called remotely (no passwd asked)
Location:
projects/casparbuster/devel
Files:
1 edited
1 copied

Legend:

Unmodified
Added
Removed
  • projects/casparbuster/devel/bin/cbusterize

    r1510 r1547  
    77=head1 SYNOPSIS
    88
    9 cbusterize [options] --source /path/to/file/to/CasparBusterize
     9cbusterize [options] [--source /path/to/file/to/CasparBusterize | --plugin PluginName]
    1010
    1111 Options:
     
    116116use Data::Dumper;
    117117use Net::SSH2;
     118use Cwd;
     119use Archive::Tar;
     120use Carp;
    118121use ProjectBuilder::Base;
    119122use ProjectBuilder::Conf;
     
    131134my $log = undef;
    132135my $LOG = undef;
     136my $ssh2 = undef;
     137my $chan = undef;
    133138
    134139my ($cbver,$cbrev) = cb_version_init();
     
    242247}
    243248
     249$ssh2->disconnect() if (defined $machine);
     250
    244251sub cb_busterize {
    245252
     
    252259my $srcfile = undef;
    253260my $cmd = undef;
    254 my $ssh2;
    255261my $sftp;
    256262
     
    263269    }
    264270} else {
    265     $ssh2 = Net::SSH2->new();
    266     $ssh2->connect($machine);
    267     my $hdir = (getpwnam(getpwuid($<)))[7];
    268     if ($ssh2->auth_publickey($remote,"$hdir/.ssh/id_dsa.pub","$hdir/.ssh/id_dsa")) {
    269         $sftp = $ssh2->sftp;
    270         my %dirs = $sftp->stat("$source/.");
    271         my $res = 0;
    272         $res = -1 if (not defined $dirs{'mode'});
    273         pb_log(2,"DEBUG: Found res = $res\n");
    274         if ($res == 0) {
    275             $srcdir = $source;
    276             pb_log(1,"DEBUG: Found remote dir = $source\n");
    277         } else {
    278             $srcdir = dirname($source);
    279             $srcfile = basename($source);
    280             pb_log(1,"DEBUG: Found remote file = $source\n");
    281         }
     271    if (not defined $ssh2) {
     272        pb_log(1,"DEBUG: First time so we need to create the SSH::Net2 object\n");
     273        $ssh2 = Net::SSH2->new();
     274        if ($debug >= 3) {
     275            $ssh2->debug(1);
     276        }
     277        $ssh2->connect($machine) || confess "Unable to connect to $remote\@$machine: $!";
     278        my $hdir = (getpwnam(getpwuid($<)))[7];
     279        confess "Unable to connect to $remote\@$machine: $!" if (not $ssh2->auth_publickey($remote,"$hdir/.ssh/id_dsa.pub","$hdir/.ssh/id_dsa"));
     280        $chan = $ssh2->channel();
     281        die "Unable to create channel for $remote\@$machine: $!" if (not defined $chan);
     282        my ($code, $error_name, $error_string) = $ssh2->error();
     283        if ($code ne 0) {
     284            pb_log(0,"code = $code");
     285            pb_log(0,"error_name = $error_name");
     286            pb_log(0,"error_string = $error_string");
     287        }
     288        #$ssh2->blocking(0);
     289        if ($debug) {
     290            pb_log(1,"DEBUG: launching a shell via Net:SSH2 ($remote\@$machine)");
     291        }
     292        confess "Unable to launch remote shell through Net:SSH2 ($remote\@$machine)" if (not $chan->shell());
     293    }
     294    $sftp = $ssh2->sftp;
     295    die "Unable to create sftp channel for $remote\@$machine: $!" if (not defined $sftp);
     296    my %dirs = $sftp->stat("$source/.");
     297    my $res = 0;
     298    $res = -1 if (not defined $dirs{'mode'});
     299    pb_log(2,"DEBUG: Found res = $res\n");
     300    if ($res == 0) {
     301        $srcdir = $source;
     302        pb_log(1,"DEBUG: Found remote dir = $source\n");
     303    } else {
     304        $srcdir = dirname($source);
     305        $srcfile = basename($source);
     306        pb_log(1,"DEBUG: Found remote file = $source\n");
    282307    }
    283308}
     
    305330        pb_log(1,"DEBUG: Creating recursively directory $target\n");
    306331    } else {
    307         pb_mkdir_p($target) || die "Unable to recursively create $target: $!";
     332        pb_mkdir_p($target) || confess "Unable to recursively create $target: $!";
    308333    }
    309334    # Add all the dirs in it to VCS (in reverse order)
     
    322347}
    323348
    324 # We need to know where to get the content from
     349# For local handling
    325350my $cmdopt = "";
    326 
    327351# Recursive if we copy dirs
    328352$cmdopt = "-r" if (not defined $srcfile);
    329 
    330 if (defined $machine) {
    331     # TODO replace by $chan->exec + sudo + cat to avoid root access issues
    332     $cmd = "scp -p -q $cmdopt $remote\@$machine:\'$source\' $target";
    333 } else {
    334     $cmd = "cp -p $cmdopt $source $target";
    335 }
    336 
    337 # Now add content if not already there
     353$cmd = "cp -p $cmdopt $source $target";
     354
    338355if (defined $srcfile) {
    339356    # File case
    340357    if ((! -f "$target/$srcfile") || (defined $force)) {
     358        # doesn't exist locally
     359        if (defined $machine) {
     360            # Remote
     361            cb_ssh_do($remote,$source,$target,$debug);
     362        } else {
     363            # Local
     364            if ($debug) {
     365                pb_log(1,"DEBUG: launching $cmd\n");
     366            } else {
     367                pb_system($cmd);
     368            }
     369        }
    341370        if ($debug) {
    342             pb_log(1,"DEBUG: launching $cmd\n");
     371            pb_log(1,"DEBUG: Adding $target/$srcfile to your $scheme system\n");
    343372        } else {
    344             pb_system($cmd);
    345373            pb_vcs_add($scheme,"$target/$srcfile");
    346374            pb_log(0,"INFO: Created $target/$srcfile and added it to your $scheme system\n");
     
    351379} else {
    352380    # Directory case
     381    if ($recur eq "true") {
     382        # with files in it
     383        if ((! -d "$target") || (defined $force)) {
     384            # doesn't exist locally
     385            if (defined $machine) {
     386                # Remote
     387                cb_ssh_do($remote,$source,$target,$debug);
     388            } else {
     389                # Local
     390                if ($debug) {
     391                    pb_log(1,"DEBUG: launching $cmd\n");
     392                } else {
     393                    pb_system($cmd);
     394                }
     395            }
     396        } else {
     397            pb_log(0,"INFO: Directory $target already there\n");
     398        }
     399    } else {
     400        # Only deal with that dir, nothing below, so just created locally
     401        if ($debug) {
     402            pb_log(1,"DEBUG: mkdir -p $target\n");
     403        } else {
     404            pb_mkdir_p("$target");
     405        }
     406    }
    353407    if ($debug) {
    354         if ($recur eq "true") {
    355             pb_log(1,"DEBUG: launching $cmd\n");
    356         } else {
    357             pb_log(1,"DEBUG: mkdir -p $target\n");
    358         }
    359     } else {
    360         if ($recur eq "true") {
    361             pb_system($cmd);
    362         }
     408        pb_log(1,"DEBUG: Adding $target to your $scheme system\n");
     409    } else {
    363410        pb_vcs_add($scheme,"$target");
    364411        pb_log(0,"INFO: Created $target and added it to your $scheme system\n");
    365412    }
    366413}
    367 $ssh2->disconnect() if (defined $machine);
     414
    368415pb_log(2,"Exiting cb_busterize\n");
    369416}
     417
     418sub cb_ssh_do {
     419
     420my $remote = shift;
     421my $source = shift;
     422my $target = shift;
     423my $debug = shift;
     424
     425# TODO: if sudo asks a passwd it won't work.
     426my $cmd = "sudo tar cvhf /tmp/cb.$$.tar $source\n";
     427if ($debug) {
     428    pb_log(1,"DEBUG: launching through Net:SSH2 ($remote\@$machine) $cmd");
     429}
     430print $chan "$cmd";
     431pb_log(1,"DEBUG: LINE : $_") while <$chan>;
     432$cmd = "sudo chmod 600 /tmp/cb.$$.tar\n";
     433if ($debug) {
     434    pb_log(1,"DEBUG: launching through Net:SSH2 ($remote\@$machine) $cmd");
     435}
     436print $chan "$cmd";
     437pb_log(1,"DEBUG: LINE : $_") while <$chan>;
     438$cmd = "sudo chown $remote /tmp/cb.$$.tar\n";
     439if ($debug) {
     440    pb_log(1,"DEBUG: launching through Net:SSH2 ($remote\@$machine) $cmd");
     441}
     442print $chan "$cmd";
     443pb_log(1,"DEBUG: LINE : $_") while <$chan>;
     444if ($debug) {
     445    pb_log(1,"DEBUG: gettting through Net:SSH2 ($remote\@$machine) /tmp/cb.$$.tar\n");
     446}
     447$ssh2->scp_get("/tmp/cb.$$.tar","/tmp/cb.$$.tar");
     448if ($debug) {
     449    pb_log(1,"DEBUG: erasing through Net:SSH2 ($remote\@$machine) /tmp/cb.$$.tar\n");
     450} else {
     451    print $chan "sudo rm -f /tmp/cb.$$.tar\n";
     452}
     453my $tar = Archive::Tar->new("/tmp/cb.$$.tar");
     454$tar->setcwd($target);
     455if ($debug) {
     456    pb_log(1,"DEBUG: Extracting /tmp/cb.$$.tar\n");
     457    foreach my $f ($tar->list_files()) {
     458        pb_log(1,"DEBUG: $f\n");
     459    }
     460} else {
     461    $tar->extract();
     462}
     463if ($debug) {
     464    pb_log(1,"DEBUG: cleanup\n");
     465} else {
     466    $tar->clear;
     467    unlink("/tmp/cb.$$.tar");
     468}
     469}
  • projects/casparbuster/devel/etc/cb/plugins/shorewall.conf

    r1517 r1547  
    11#=head1 NAME
    22#
    3 # Configuration file for CasparBuster for the named plugin
     3# Configuration file for CasparBuster for the shorewall plugin
    44#
    55#=head1 SYNOPSIS
    66#
    7 # Define the main parameters for the Named plugin for CasparBuster
     7# Define the main parameters for the ShoreWall plugin for CasparBuster
    88#
    99#=head1 CONFIGURATION ITEMS
     
    2020#=cut
    2121#
    22 cbpluginfiles named = /var/lib/named/etc/named.conf|root,root,0644;/var/lib/named/etc/bind.keys|root,named,0644;/var/lib/named/etc/bogon_acl.conf|root,root,0644;/var/lib/named/etc/rndc.conf|root,named,0640;/var/lib/named/etc/rndc.key|root,named,0640;/var/lib/named/etc/trusted_networks_acl.conf|root,named,0644;/var/lib/named/etc/named.conf.flecha|root,named,0644;/var/lib/named/etc/db.*|root,named,0640
     22cbpluginfiles shorewall = /etc/shorewall/*|root,root,0600
    2323#
    2424#=item B<cbplugindirs>
    2525#
    26 # Define the list of directories to recursively copy remotely on the target machine.
     26# Define the list of directories to create remotely on the target machine.
    2727# Parameters are ';' separated.
    2828# A parameter is then '|' separated, the first part being the full path name of the file
     
    3030#
    3131#=cut
    32 cbplugindirs named = /var/lib/named/etc|root,named,0755;/var/lib/named/dev|root,root,0755;/var/lib/named/proc|root,root,0755;/var/lib/named/var/tmp|named,named,0755;/var/lib/named/var/log|named,named,0755;/var/lib/named/var/run|named,named,0755;
     32cbplugindirs shorewall = /etc/shorewall|root,root,0750
    3333#
    3434#=item B<cbplugindirsandfiles>
     
    3636# Define the list of directories to recursively copy remotely on the target machine.
    3737# Parameters are ';' separated.
    38 # A parameter is then '|' separated, the first part being the full path name of the file
     38# A parameter is then '|' separated, the first part being the full path name of the dir
    3939# and the second part being the uid, gid and mode to set on the target machine, ',' separated
    4040#
    4141#=cut
    42 cbplugindirsandfiles named =
     42cbplugindirsandfiles shorewall =
    4343#
    4444#=item B<cbpluginreload>
     
    4747#
    4848#=cut
    49 cbpluginreload named = sudo /etc/init.d/named restart
     49cbpluginreload shorewall = sudo /etc/init.d/shorewall restart
Note: See TracChangeset for help on using the changeset viewer.