Eliminated a couple of dependencies.

[deployable.git] / deploy

#!/usr/bin/env perl
use strict;
use warnings;
use Carp;
use Pod::Usage qw( pod2usage );
use Getopt::Long qw( :config gnu_getopt );
use version; my $VERSION = qv('0.0.1');
use English qw( -no_match_vars );
use Net::SSH::Perl;
use Net::SFTP;
use IO::Prompt;
use Net::SSH::Perl::Auth;
use Net::SSH::Perl::Constants qw(
  SSH2_MSG_USERAUTH_REQUEST
  SSH2_MSG_USERAUTH_FAILURE
  SSH2_MSG_USERAUTH_INFO_REQUEST
  SSH2_MSG_USERAUTH_INFO_RESPONSE );
use Net::SSH::Perl::Auth::KeyboardInt;
use Data::Dumper;
use Net::SFTP::Attributes;
use File::Basename qw( basename );
use File::Spec::Functions qw( catfile );

# Integrated logging facility
use Log::Log4perl qw( :easy );
Log::Log4perl->easy_init($INFO);

my %config = (
   username => 'root',
   debug    => 0,
   dir      => '/tmp/our-deploy',
   prompt   => 1,
);
GetOptions(
   \%config,            'usage',
   'help',              'man',
   'version',           'username|user|u=s',
   'password|pass|p=s', 'debug|D!',
   'dir|directory|d=s', 'script|s=s',
   'prompt|P!',
);
pod2usage(message => "$0 $VERSION", -verbose => 99, -sections => '')
  if $config{version};
pod2usage(-verbose => 99, -sections => 'USAGE') if $config{usage};
pod2usage(-verbose => 99, -sections => 'USAGE|EXAMPLES|OPTIONS')
  if $config{help};
pod2usage(-verbose => 2) if $config{man};

# Script implementation here
my @hostnames = @ARGV;
@ARGV = ();

$config{password} = prompt 'password: ', -e => '*'
  unless defined($config{password}) && length($config{password});

($config{remote} = $config{script}) =~ s{[^\w.-]}{}mxsg;
$config{remote} = catfile($config{dir}, $config{remote});

for my $hostname (@hostnames) {
   eval { operate_on_host($hostname) };
   carp $EVAL_ERROR if $EVAL_ERROR;
}

sub operate_on_host {
   my ($hostname) = @_;
   my $remote = $config{remote};

   print "*** OPERATING ON $hostname ***\n";
   if ($config{prompt}) {
      my $choice = lc(prompt "$hostname - continue? (Yes | Skip | No) ",
         -while => qr/\A[nsy]\z/mxs);
      return if $choice eq 's';
      exit 0 if $choice eq 'n';
   } ## end if ($config{prompt})

   # Transfer file into $remote
   my $sftp = get_sftp(get_ssh($hostname));
   make_path($sftp, $config{dir});
   $sftp->put($config{script}, $remote);
   croak "no $remote, sorry. Stopped" unless $sftp->do_stat($remote);

   # Execute file
   my $ssh = get_ssh($hostname);
   $|++;
   print "$remote ";
   my ($out, $err, $exit) = $ssh->cmd($remote);
   print "exit = $exit\n";
   for ([STDOUT => $out], [STDERR => $err]) {
      my ($type, $val) = @$_;
      next unless defined $val;
      $val =~ s{\s+\z}{}mxs;
      $val =~ s{^}{|  }gmxs;
      print "+ $type\n|\n$val\n|\n+ end of $type\n\n";
   } ## end for ([STDOUT => $out], ...

} ## end sub operate_on_host

sub make_path {
   my ($sftp, $fullpath) = @_;

   my $path = '';
   for my $chunk (split m{/}mxs, $fullpath) {
      $path .= $chunk . '/';    # works fine with the root
      next if $sftp->do_stat($path);
      $sftp->do_mkdir($path, Net::SFTP::Attributes->new());
   }
   croak "no $path, sorry. Stopped" unless $sftp->do_stat($path);

   return;
} ## end sub make_path

sub get_ssh {
   my ($hostname) = @_;
   my $ssh = Net::SSH::Perl->new(
      $hostname,
      protocol => 2,
      debug    => $config{debug}
   );
   $ssh->config->set(interactive    => 1);     # false!!!
   $ssh->config->set(identity_files => []);    # avoid 'em
   $ssh->login($config{username}, $config{password}, 'suppress_shell');

   return $ssh;
} ## end sub get_ssh

sub get_sftp {
   return Net::SFTP::Mine->new(
      $config{hostname},
      ssh  => shift,
      warn => sub { }
   );
} ## end sub get_sftp

{
   no warnings;

   sub Net::SSH::Perl::Auth::KeyboardInt::authenticate {
      my $auth = shift;
      my $ssh  = $auth->{ssh};
      my ($packet);

      $packet = $ssh->packet_start(SSH2_MSG_USERAUTH_REQUEST);
      $packet->put_str($ssh->config->get('user'));
      $packet->put_str("ssh-connection");
      $packet->put_str("keyboard-interactive");
      $packet->put_str("");    ## language
      $packet->put_str("");    ## devices
      $packet->send;

      $auth->mgr->register_handler(SSH2_MSG_USERAUTH_INFO_REQUEST,
         sub {
            my $amgr         = shift;
            my ($packet)     = @_;
            my $name         = $packet->get_str;
            my $instructions = $packet->get_str;
            $packet->get_str;    ## language

            my $prompts = $packet->get_int32;
            my $pres = $ssh->packet_start(SSH2_MSG_USERAUTH_INFO_RESPONSE);
            $pres->put_int32($prompts);
            $pres->put_str($ssh->config->get('pass')) if $prompts;
            $pres->send;
         }
      );

      return 1;
   } ## end sub Net::SSH::Perl::Auth::KeyboardInt::authenticate
}

package Net::SFTP::Mine;
use base qw( Net::SFTP );
use Net::SSH::Perl::Constants qw( :msg2 );
use Net::SFTP::Constants
  qw( :fxp :flags :status :att SSH2_FILEXFER_VERSION );
use Carp;

sub init {
   my $sftp  = shift;
   my %param = @_;
   $sftp->{debug}  = delete $param{debug};
   $sftp->{status} = SSH2_FX_OK;

   $param{warn} = 1 if not defined $param{warn};    # default
   $sftp->{warn_h} = delete $param{warn} || sub { };    # false => ignore
   $sftp->{warn_h} = sub { carp $_[1] }    # true  => emit warning
     if $sftp->{warn_h} and not ref $sftp->{warn_h};

   $sftp->{_msg_id} = 0;

   $sftp->{ssh} = delete $param{ssh};

   my $channel = $sftp->_open_channel;
   $sftp->{channel} = $channel;

   $sftp->do_init;

   $sftp;
} ## end sub init

__END__

=head1 NAME

deploy - deploy a script on one or more remote hosts, via ssh


=head1 VERSION

See version at beginning of script, variable $VERSION, or call

   shell$ deploy --version


=head1 USAGE

   deploy [--usage] [--help] [--man] [--version]

   deploy [--debug|-D] [--dir|--directory|-d <dirname>]
          [--password|--pass|-p] [--prompt|-P]
          [--script|-s <scriptname>] [--username|--user|-u]

=head1 EXAMPLES

   shell$ deploy

   # Upload deploy-script.pl and execute it on each server listed
   # in file "targets"
   shell$ deploy -s deploy-script.pl `cat targets`
  
=head1 DESCRIPTION

This utility allows you to I<deploy> a script to one or more remote 
hosts. Thus, you can provide a script that will be uploaded (via 
B<sftp>) to the remote host and executed (via B<ssh>).

Before operations start for each host you will be prompted for
continuation: you can choose to go, skip or quit. You can disable
this by specifying C<--no-prompt>.

By default, directory C</tmp/our-deploy> on the target system will be
used. You can provide your own working directory path on the target system
via the C<--dir|--directory|-d> option. The directory will be created
if it does not exist.

For logging in, you can provide your own username/password pair directly
on the command line. Note that this utility explicitly avoids public
key authentication in favour of username/password authentication. Don't
ask me why, this may change in the future. Anyway, you're not obliged
to provide either on the command line: the username defaults to C<root>,
and you'll be prompted to provide a password if you don't put any
on the command line. The prompt does not show the password on the terminal.

=head1 OPTIONS

=over

=item --debug | -D

turns on debug mode, which should print out more stuff during operations.
You should not need it as a user.

=item --dir | --directory | -d <dirname>

specify the working directory on the target system. This is the
directory into which the deploy script will be uploaded. It will
be created if it does not exist.

Defaults to C</tmp/our-deploy>.

=item --help

print a somewhat more verbose help, showing usage, this description of
the options and some examples from the synopsis.

=item --man

print out the full documentation for the script.

=item --password | --pass | -p <password>

you can specify the password on the command line, even if it's probably
best B<NOT> to do so and wait for the program to prompt you one.

By default, you'll be prompted a password and this will not be written
on the terminal.

=item --prompt | -P

this option enables prompting before operations are started on each
host. When the prompt is enabled, you're presented with three choices:

=over

=item -

B<Yes> continue deployment on the given host;

=item -

B<Skip> skip this host;

=item -

B<No> stop deployment and exit.

=back

One letter suffices. By default, C<Yes> is assumed.

By default this option is I<always> active, so you're probably
interested in C<--no-prompt> to disable it.

=item --script | -s <scriptname>

set the script/program to upload and execute. This script will be uploaded
to the target system (see C<--directory|-d> above), but the name of the
script will be sanitised (only alphanumeric, C<_>, C<.> and C<-> will
be retained), so be careful if you have to look for the uploaded
script later.

=item --usage

print a concise usage line and exit.

=item --username | --user | -u <username>

specify the user name to use for logging into the remote host(s).

Defaults to C<root>.

=item --version

print the version of the script.

=back

=head1 DIAGNOSTICS

=over

=item C<< no %s, sorry. Stopped at... >>

The given element is not available on the target system.

In case of the directory, this means that the automatic creation
process did not work for any reason. In case of the script, this
means that the file upload did not work.

=back


=head1 CONFIGURATION AND ENVIRONMENT

deploy requires no configuration files or environment variables.


=head1 DEPENDENCIES

=over

=item -

L<IO::Prompt>

=item -

L<Log::Log4perl>

=item -

L<Net::SFTP>

=item -

L<Net::SSH::Perl>

=item -

L<version>, but you should find it if you're using version 5.10

=back


=head1 BUGS AND LIMITATIONS

No bugs have been reported.

Please report any bugs or feature requests through http://rt.cpan.org/


=head1 AUTHOR

Flavio Poletti C<flavio@polettix.it>


=head1 LICENCE AND COPYRIGHT

Copyright (c) 2007-2008, Flavio Poletti C<flavio@polettix.it>.
All rights reserved.

This script is free software; you can redistribute it and/or
modify it under the same terms as Perl itself. See L<perlartistic>
and L<perlgpl>.

Questo script è software libero: potete ridistribuirlo e/o
modificarlo negli stessi termini di Perl stesso. Vedete anche
L<perlartistic> e L<perlgpl>.


=head1 DISCLAIMER OF WARRANTY

BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH
YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL
NECESSARY SERVICING, REPAIR, OR CORRECTION.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE
LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL,
OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE
THE SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.

=head1 NEGAZIONE DELLA GARANZIA

Poiché questo software viene dato con una licenza gratuita, non
c'è alcuna garanzia associata ad esso, ai fini e per quanto permesso
dalle leggi applicabili. A meno di quanto possa essere specificato
altrove, il proprietario e detentore del copyright fornisce questo
software "così com'è" senza garanzia di alcun tipo, sia essa espressa
o implicita, includendo fra l'altro (senza però limitarsi a questo)
eventuali garanzie implicite di commerciabilità e adeguatezza per
uno scopo particolare. L'intero rischio riguardo alla qualità ed
alle prestazioni di questo software rimane a voi. Se il software
dovesse dimostrarsi difettoso, vi assumete tutte le responsabilità
ed i costi per tutti i necessari servizi, riparazioni o correzioni.

In nessun caso, a meno che ciò non sia richiesto dalle leggi vigenti
o sia regolato da un accordo scritto, alcuno dei detentori del diritto
di copyright, o qualunque altra parte che possa modificare, o redistribuire
questo software così come consentito dalla licenza di cui sopra, potrà
essere considerato responsabile nei vostri confronti per danni, ivi
inclusi danni generali, speciali, incidentali o conseguenziali, derivanti
dall'utilizzo o dall'incapacità di utilizzo di questo software. Ciò
include, a puro titolo di esempio e senza limitarsi ad essi, la perdita
di dati, l'alterazione involontaria o indesiderata di dati, le perdite
sostenute da voi o da terze parti o un fallimento del software ad
operare con un qualsivoglia altro software. Tale negazione di garanzia
rimane in essere anche se i dententori del copyright, o qualsiasi altra
parte, è stata avvisata della possibilità di tali danneggiamenti.

Se decidete di utilizzare questo software, lo fate a vostro rischio
e pericolo. Se pensate che i termini di questa negazione di garanzia
non si confacciano alle vostre esigenze, o al vostro modo di
considerare un software, o ancora al modo in cui avete sempre trattato
software di terze parti, non usatelo. Se lo usate, accettate espressamente
questa negazione di garanzia e la piena responsabilità per qualsiasi
tipo di danno, di qualsiasi natura, possa derivarne.

=cut