10 # This script does the actual gitolite config management on disk.
12 # Ward Vandewege <ward@curoverse.com>
14 # Default is development
15 production = ARGV[0] == "production"
17 ENV["RAILS_ENV"] = "development"
18 ENV["RAILS_ENV"] = "production" if production
22 # load and merge in the environment-specific application config info
23 # if present, overriding base config parameters as specified
24 path = File.absolute_path('../../config/arvados-clients.yml', __FILE__)
25 if File.exists?(path) then
26 cp_config = YAML.load_file(path)[ENV['RAILS_ENV']]
28 puts "Please create a\n #{path}\n file"
32 gitolite_url = cp_config['gitolite_url']
33 gitolite_arvados_git_user_key = cp_config['gitolite_arvados_git_user_key']
35 gitolite_tmpdir = cp_config['gitolite_tmp']
36 gitolite_admin = File.join(gitolite_tmpdir, 'gitolite-admin')
37 gitolite_admin_keydir = File.join(gitolite_admin, 'keydir')
38 gitolite_keydir = File.join(gitolite_admin, 'keydir', 'arvados')
40 ENV['ARVADOS_API_HOST'] = cp_config['arvados_api_host']
41 ENV['ARVADOS_API_TOKEN'] = cp_config['arvados_api_token']
42 if cp_config['arvados_api_host_insecure']
43 ENV['ARVADOS_API_HOST_INSECURE'] = 'true'
45 ENV.delete('ARVADOS_API_HOST_INSECURE')
48 def ensure_directory(path, mode)
55 def replace_file(path, contents)
57 dirname, basename = File.split(path)
58 FileUtils.mkpath(dirname)
59 new_file = Tempfile.new([basename, ".tmp"], dirname)
61 new_file.write(contents)
63 File.rename(new_file, path)
66 new_file.close(unlink_now)
70 def file_has_contents?(path, contents)
72 IO.read(path) == contents
78 module TrackCommitState
80 # Note that all classes that include TrackCommitState will have
81 # @@need_commit = true if any of them set it. Since this flag reports
82 # a boolean state of the underlying git repository, that's OK in the
83 # current implementation.
90 def ensure_in_git(path, contents)
91 unless file_has_contents?(path, contents)
92 replace_file(path, contents)
93 system("git", "add", path)
99 def ensure_in_git(path, contents)
100 self.class.ensure_in_git(path, contents)
103 def self.included(base)
104 base.extend(ClassMethods)
109 include TrackCommitState
111 def initialize(user_keys_map, key_dir)
112 @user_keys_map = user_keys_map
117 def install(filename, pubkey)
119 key_path = File.join(@key_dir, filename)
120 ensure_in_git(key_path, pubkey)
122 @installed[filename] = true
125 def ensure_keys_for_user(user_uuid)
126 return unless key_list = @user_keys_map.delete(user_uuid)
127 key_list.map { |k| k[:public_key] }.compact.each_with_index do |pubkey, ii|
128 # Handle putty-style ssh public keys
129 pubkey.sub!(/^(Comment: "r[^\n]*\n)(.*)$/m,'ssh-rsa \2 \1')
130 pubkey.sub!(/^(Comment: "d[^\n]*\n)(.*)$/m,'ssh-dss \2 \1')
131 pubkey.gsub!(/\n/,'')
133 install("#{user_uuid}@#{ii}.pub", pubkey)
137 def installed?(filename)
143 include TrackCommitState
147 def initialize(arv_repo, user_keys)
149 @user_keys = user_keys
152 def self.ensure_system_config(conf_root)
153 ensure_in_git(File.join(conf_root, "conf", "gitolite.conf"),
154 %Q{include "auto/*.conf"\ninclude "admin/*.conf"\n})
155 ensure_in_git(File.join(conf_root, "arvadosaliases.pl"), alias_config)
157 conf_path = File.join(conf_root, "conf", "admin", "arvados.conf")
159 @arvados_git_user = arvados_git_user
162 RW = @arvados_git_user
165 ensure_directory(File.dirname(conf_path), 0755)
166 ensure_in_git(conf_path, conf_file)
169 def ensure_config(conf_root)
170 if name and (File.exist?(auto_conf_path(conf_root, name)))
171 # This gitolite installation knows the repository by name, rather than
172 # UUID. Leave it configured that way until a separate migration is run.
176 @@aliases[name] = uuid unless name.nil?
178 conf_file = "\nrepo #{basename}\n"
179 @arv_repo[:user_permissions].sort.each do |user_uuid, perm|
180 conf_file += "\t#{perm[:gitolite_permissions]}\t= #{user_uuid}\n"
181 @user_keys.ensure_keys_for_user(user_uuid)
183 ensure_in_git(auto_conf_path(conf_root, basename), conf_file)
188 def auto_conf_path(conf_root, basename)
189 File.join(conf_root, "conf", "auto", "#{basename}.conf")
197 if @arv_repo[:name].nil?
201 @arv_repo[:name].sub(/^[^A-Za-z]+/, "").gsub(/[^\w\.\/]/, "")
205 def self.alias_config
207 @@aliases.sort.each do |(repo_name, repo_uuid)|
208 conf_s += "\t'#{repo_name}' \t=> '#{repo_uuid}',\n"
216 # Get our local gitolite-admin repo up to snuff
217 if not File.exists?(gitolite_admin) then
218 ensure_directory(gitolite_tmpdir, 0700)
219 Dir.chdir(gitolite_tmpdir)
220 `git clone #{gitolite_url}`
221 Dir.chdir(gitolite_admin)
223 Dir.chdir(gitolite_admin)
228 permissions = arv.repository.get_all_permissions
230 ensure_directory(gitolite_keydir, 0700)
231 admin_user_ssh_keys = UserSSHKeys.new(permissions[:user_keys], gitolite_admin_keydir)
232 # Make sure the arvados_git_user key is installed; put it in gitolite_admin_keydir
233 # because that is where gitolite will try to put it if we do not.
234 admin_user_ssh_keys.install('arvados_git_user.pub', gitolite_arvados_git_user_key)
236 user_ssh_keys = UserSSHKeys.new(permissions[:user_keys], gitolite_keydir)
237 permissions[:repositories].each do |repo_record|
238 repo = Repository.new(repo_record, user_ssh_keys)
239 repo.ensure_config(gitolite_admin)
241 Repository.ensure_system_config(gitolite_admin)
243 # Clean up public key files that should not be present
244 Dir.chdir(gitolite_keydir)
245 stale_keys = Dir.glob('*.pub').reject do |key_file|
246 user_ssh_keys.installed?(key_file)
249 stale_keys.each { |key_file| puts "Extra file #{key_file}" }
250 system("git", "rm", "--quiet", *stale_keys)
253 if UserSSHKeys.changed? or Repository.changed? or stale_keys.any?
254 message = "#{Time.now().to_s}: update from API"
255 Dir.chdir(gitolite_admin)
257 `git commit -m '#{message}'`
262 puts "Error: " + bang.to_s
263 puts bang.backtrace.join("\n")