diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2021-02-21 15:14:54 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2021-02-21 15:18:51 -0700 |
commit | 01ce41d093ce6e1120ee91e36ced7ed4d557632d (patch) | |
tree | 06a04194cdf48da5f036847b5acd05dafc83b99f | |
parent | ee839dcc62d30970f1d9850162e4479df8374c2e (diff) | |
download | consfigurator-01ce41d093ce6e1120ee91e36ced7ed4d557632d.tar.gz |
start figuring out :SUDO connection type
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
-rw-r--r-- | doc/data.rst | 12 | ||||
-rw-r--r-- | src/connection.lisp | 11 | ||||
-rw-r--r-- | src/connection/sudo.lisp | 63 | ||||
-rw-r--r-- | src/deployment.lisp | 3 | ||||
-rw-r--r-- | src/package.lisp | 4 |
5 files changed, 90 insertions, 3 deletions
diff --git a/doc/data.rst b/doc/data.rst index d30eab8..be2d98c 100644 --- a/doc/data.rst +++ b/doc/data.rst @@ -23,8 +23,16 @@ other purposes. - ``(HOSTNAME . PATH)`` means the data that should be uploaded to ``PATH`` on ``HOSTNAME`` (and nowhere else) -- ``("lisp-system" . SYSTEM)`` means the data is Lisp code which, when loaded, - defines the packages and symbols contained in the ASDF system ``SYSTEM``. +- ``("--lisp-system" . SYSTEM)`` means the data is Lisp code which, when + loaded, defines the packages and symbols contained in the ASDF system + ``SYSTEM`` + +- ``("--user-passwd--HOSTNAME" . USER)`` means the data is the password for + user ``USER`` on ``HOSTNAME``. + +(Proposed convention: Except for the first item above, these reserved names +should start with ``--`` and use ``--`` to separate parameter values within +the string. Hostnames cannot start with a hyphen.) Mechanics --------- diff --git a/src/connection.lisp b/src/connection.lisp index ce1bdda..00924a3 100644 --- a/src/connection.lisp +++ b/src/connection.lisp @@ -39,6 +39,17 @@ returns a object suitable to be the value of *CONNECTION*. Any implementation which hands over to a remote Lisp image will need to upload any prerequisite data required by the deployment.")) +(defgeneric preprocess-connection-args (type &key) + (:documentation + "Hook to allow connection types to do work in the root Lisp before +Consfigurator begins the attempt to establish the connection chain. The +return value is used as replacement keyword arguments to the connection. + +For an example of usage, see the :SUDO connection type.")) + +(defmethod preprocess-connection-args ((type symbol) &key) + (values)) + (defclass connection () ((parent :initform *connection* diff --git a/src/connection/sudo.lisp b/src/connection/sudo.lisp new file mode 100644 index 0000000..8a69a61 --- /dev/null +++ b/src/connection/sudo.lisp @@ -0,0 +1,63 @@ +;;; Consfigurator -- Lisp declarative configuration management system + +;;; Copyright (C) 2021 Sean Whitton <spwhitton@spwhitton.name> + +;;; This file is free software; you can redistribute it and/or modify +;;; it under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3, or (at your option) +;;; any later version. + +;;; This file is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. + +;;; You should have received a copy of the GNU General Public License +;;; along with this program. If not, see <http://www.gnu.org/licenses/>. + +(in-package :consfigurator.connection.sudo) + +;; Note that a password needed to sudo is technically not a piece of +;; prerequisite data required by a deployment, because it is not used in +;; deploying properties in the context of a connection chain which has already +;; been fully established. Nevertheless, we can query sources of prerequisite +;; data to obtain passwords by following the conventions for having +;; prerequisite data sources provide them. + +;; Passing :as implies using a password, not passing it means assume NOPASSWD. +;; We only support querying prerequisite data sources for passwords. + +;; Be aware that if any connection types which start up remote Lisp images +;; occur before a :sudo entry in your connection chain, ESTABLISH-CONNECTION +;; will need to inform the newly-started remote Lisp image of any sudo +;; passwords needed for establishing the remaining hops. Depending on how the +;; connection type feeds instructions to the remote Lisp image, this may +;; involve writing your sudo password to a file under ~/.cache on the machine +;; which runs the remote Lisp image. At least :debian-sbcl avoids this by +;; sending your password in on stdin. + +(defmethod preprocess-connection-args ((type (eql :sudo)) &key as to) + (list :sudo + :user to + :password (and + as + (destructuring-bind (user host) + (split-string as :separator "@") + (get-data-string (strcat "-user-passwd--" host) user))))) + +(defmethod establish-connection ((type (eql :sudo)) + remaining + &key + user + password) + (declare (ignore remaining)) + (make-instance 'sudo-connection :user user :password password)) + +(defclass sudo-connection (posix-connection) + ((user + :initarg :user) + (password + :initarg :password))) + +;; always wrap in sh -c so that we can be sure that a password will be +;; consistently asked for or not asked for. diff --git a/src/deployment.lisp b/src/deployment.lisp index b7bc68d..cf6d0ae 100644 --- a/src/deployment.lisp +++ b/src/deployment.lisp @@ -138,7 +138,8 @@ DEFHOST forms can override earlier entries (see DEFHOST's docstring)." (error "Cannot apply :lisp properties using :posix connection")) (eval-propspec propspec))) (connect (loop for connection in (ensure-cons connections) - collect (ensure-cons connection)))))) + collect (mapcar #'preprocess-connection-args + (ensure-cons connection))))))) (defprop deploys :posix (connection host &rest additional-properties) "Execute a Consfigurator deployment. diff --git a/src/package.lisp b/src/package.lisp index 8c0162b..7bc7135 100644 --- a/src/package.lisp +++ b/src/package.lisp @@ -57,6 +57,7 @@ ;; connection.lisp #:establish-connection + #:preprocess-connection-args #:connection #:lisp-connection #:posix-connection @@ -121,6 +122,9 @@ (defpackage :consfigurator.connection.ssh (:use #:cl #:consfigurator #:alexandria)) +(defpackage :consfigurator.connection.sudo + (:use #:cl #:consfigurator #:alexandria)) + (defpackage :consfigurator.connection.local (:use #:cl #:consfigurator #:alexandria) (:export #:local-connection)) |