thodg/cl-unix-cybernetics/README.md
-
Show log
Commit
-
Hash : b0ab5bb5
Author :
Thomas de Grivel
Date : 2022-12-04T18:50:53
cl-unix-cybernetics
cl-unix-cybernetics 0.3.3
UNIX cybernetics in Common Lisp.
You describe your systems (hosts) using resources having properties.
The properties are then probed and synchronized using only
/bin/sh on the remote host, and /usr/bin/ssh on the control host.
Current status
There is support for local shell and connection to remote hosts via ssh.
Using only /bin/sh commands makes ksh and bash suitable shells as
they are compatible with /bin/sh.
Supported resource types :
- Host (hostname)
- User (useradd, usermod, userdel)
- Group (groupadd, groupmod, groupdel)
- File (owner, group, permissions, content)
- Directory (owner, group, permissions)
- Package (Debian, OpenBSD)
Security design
You should only allow what you would allow your system operators :
- a shell accessible through SSH using a public key
- apropriate sudo permissions
All commands issued to the remote hosts can be logged.
Does not grant the hosts access to its workstation while it works. Does not grant access to data belonging to any host. Does not send any data that is not of direct concern to the host. In short, all UNIX permissions are respected.
Usage
1. Install repo.
2. Fetch sources.
$ sbcl --eval '(repo:install :cl-unix-cybernetics)'
3. Build and install the cl-unix-cybernetics binary
$ cd ~/common-lisp/thodg/cl-unix-cybernetics
$ make
$ sudo cp build/cl-unix-cybernetics /usr/local/bin/
4. Write some resources in a .lisp script
In the tutorial.lisp file :
#!/usr/local/bin/cl-unix-cybernetics --script
(resource 'host "example.kmx.io"
:user "sysadm"
(resource 'user "sysadm"
:shell "/bin/sh"
:ensure :present))
(with-host "example.kmx.io"
(sync *host*))6. Profit.
$ chmod 755 tutorial.lisp
$ ./tutorial.lisp
The tutorial.lisp script will synchronize the host “example.kmx.io”
according to the resource specifications given in the file.
7. DRY up your scripts using #.(include "file")
In the user/dx.lisp file :
;; Thomas de Grivel (kmx.io)
(resource 'group "dx"
:gid 19256
:ensure :present)
(resource 'user "dx"
:uid 19256
:gid 19256
:home "/home/dx"
:ensure :present)In your main script :
#!/usr/local/bin/cl-unix-cybernetics --script
(resource 'host "example.kmx.io"
:user "admin"
(resource 'user "admin"
:shell "/bin/sh"
:ensure :present)
#.(include "user/dx"))
(with-host "example.kmx.io"
(sync *host*))History
This project used to be named “Adams”. It was renamed in 2022 to “cl-unix-cybernetics”.
License
Authors
Thomas de Grivel thodg@kmx.io
Source
-
README.md
-
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140
cl-unix-cybernetics 0.3.3 ========================= UNIX cybernetics in Common Lisp. You describe your systems (hosts) using resources having properties. The properties are then probed and synchronized using only `/bin/sh` on the remote host, and `/usr/bin/ssh` on the control host. Current status -------------- There is support for local shell and connection to remote hosts via ssh. Using only `/bin/sh` commands makes `ksh` and `bash` suitable shells as they are compatible with `/bin/sh`. Supported resource types : - Host (hostname) - User (useradd, usermod, userdel) - Group (groupadd, groupmod, groupdel) - File (owner, group, permissions, content) - Directory (owner, group, permissions) - Package (Debian, OpenBSD) Security design --------------- You should only allow what you would allow your system operators : - a shell accessible through SSH using a public key - apropriate sudo permissions All commands issued to the remote hosts can be logged. Does not grant the hosts access to its workstation while it works. Does not grant access to data belonging to any host. Does not send any data that is not of direct concern to the host. In short, all UNIX permissions are respected. Usage ----- ### 1. Install [repo](https://github.com/common-lisp-repo/repo). ### 2. Fetch sources. ``` shell $ sbcl --eval '(repo:install :cl-unix-cybernetics)' ``` ### 3. Build and install the `cl-unix-cybernetics` binary ``` shell $ cd ~/common-lisp/thodg/cl-unix-cybernetics $ make $ sudo cp build/cl-unix-cybernetics /usr/local/bin/ ``` ### 4. Write some resources in a `.lisp` script In the `tutorial.lisp` file : ``` common-lisp #!/usr/local/bin/cl-unix-cybernetics --script (resource 'host "example.kmx.io" :user "sysadm" (resource 'user "sysadm" :shell "/bin/sh" :ensure :present)) (with-host "example.kmx.io" (sync *host*)) ``` ### 6. Profit. ``` shell $ chmod 755 tutorial.lisp $ ./tutorial.lisp ``` The `tutorial.lisp` script will synchronize the host "example.kmx.io" according to the resource specifications given in the file. ### 7. DRY up your scripts using `#.(include "file")` In the `user/dx.lisp` file : ``` common-lisp ;; Thomas de Grivel (kmx.io) (resource 'group "dx" :gid 19256 :ensure :present) (resource 'user "dx" :uid 19256 :gid 19256 :home "/home/dx" :ensure :present) ``` In your main script : ``` common-lisp #!/usr/local/bin/cl-unix-cybernetics --script (resource 'host "example.kmx.io" :user "admin" (resource 'user "admin" :shell "/bin/sh" :ensure :present) #.(include "user/dx")) (with-host "example.kmx.io" (sync *host*)) ``` History ------- This project used to be named "Adams". It was renamed in 2022 to "cl-unix-cybernetics". [License](LICENSE.md) --------------------- Authors ------- Thomas de Grivel <thodg@kmx.io>