clush: add support for run modes (clush --mode) (#492)

Add support for configuration-based run modes for clush. Run modes are
disabled by default because they rely on external tools that we don't
want to depend on. They can easily be enabled if needed by installing
the corresponding .conf files in clush.conf.d (clush.conf's confdir).

sudo support is provided via an example run mode, by defining two
variables command_prefix and password_prompt:

  [mode:sudo]
  password_prompt: yes
  command_prefix: /usr/bin/sudo -S -p "''"

Then, the sudo mode is activated with --mode or -m:

  $ clush -w nodes -m sudo command

Also added an example of run mode for password-auth based auth with
sshpass.

Main changes:

  clush.conf:
  - add confdir to define paths to config files for run modes
  - add command_prefix
  - add password_prompt
  - removed sudo_command

  clush.conf.d:
  - add sshpass.conf.example
  - add sudo.conf.example

  clush:
  - added --mode
  - removed --sudo

Closes #198.
Closes #423.
Fixes #234.

Author: thiell

MANIFEST.in

@@ -3,6 +3,8 @@ include README.md
 include COPYING.LGPLv2.1
 include conf/*.conf
 include conf/*.example
+include conf/clush.conf.d/README
+include conf/clush.conf.d/*.example
 include conf/groups.d/README
 include conf/groups.d/*.cfg
 include conf/groups.d/*.example

clustershell.spec.in

@@ -218,12 +218,15 @@ rm -rf %{buildroot}
 %{_mandir}/man5/clush.conf.5*
 %{_mandir}/man5/groups.conf.5*
 %dir %{_sysconfdir}/clustershell
+%dir %{_sysconfdir}/clustershell/clush.conf.d
 %dir %{_sysconfdir}/clustershell/groups.d
 %dir %{_sysconfdir}/clustershell/groups.conf.d
 %config(noreplace) %{_sysconfdir}/clustershell/clush.conf
 %config(noreplace) %{_sysconfdir}/clustershell/groups.conf
 %ghost %{_sysconfdir}/clustershell/groups
 %config(noreplace) %{_sysconfdir}/clustershell/groups.d/local.cfg
+%doc %{_sysconfdir}/clustershell/clush.conf.d/README
+%doc %{_sysconfdir}/clustershell/clush.conf.d/*.conf.example
 %doc %{_sysconfdir}/clustershell/groups.conf.d/README
 %doc %{_sysconfdir}/clustershell/groups.conf.d/*.conf.example
 %doc %{_sysconfdir}/clustershell/groups.d/README

conf/clush.conf

@@ -13,18 +13,9 @@ history_size: 100
 maxrc: no
 node_count: yes
 verbosity: 1
+confdir: /etc/clustershell/clush.conf.d $CFGDIR/clush.conf.d
 
 # Add always all remote hosts to known_hosts without confirmation
 #ssh_user: root
 #ssh_path: /usr/bin/ssh
 #ssh_options: -oStrictHostKeyChecking=no
-
-# Non-interactively performing password authentication with SSH's so called
-# "interactive keyboard password authentication".
-#ssh_user: root
-#ssh_path: /usr/bin/sshpass -f /root/remotepasswordfile /usr/bin/ssh
-#scp_path: /usr/bin/sshpass -f /root/remotepasswordfile /usr/bin/scp
-#ssh_options: -oBatchMode=no -oStrictHostKeyChecking=no
-
-# sudo command used for --sudo
-#sudo_command: /usr/bin/sudo -S -p "''" -k

conf/clush.conf.d/README

@@ -0,0 +1,5 @@
+clush.conf.d/README
+
+Default directory for additional clush configuration files.
+clush scans the directory set by the confdir variable, defined
+in /etc/clustershell/clush.conf, loading all files of the form *.conf.

conf/clush.conf.d/sshpass.conf.example

@@ -0,0 +1,19 @@
+# Example configuration file for ssh password auth support with sshpass.
+#
+# Copy as sshpass.conf to enable and edit the paths below as needed.
+# sshpass needs to be installed on your operating system.
+#
+# To activate sshpass mode, use clush -m sshpath ...
+
+[mode:sshpass]
+password_prompt: yes
+ssh_path: /usr/bin/sshpass /usr/bin/ssh
+scp_path: /usr/bin/sshpass /usr/bin/scp
+ssh_options: -oBatchMode=no -oStrictHostKeyChecking=no
+
+# Another mode that reads the password from a local file instead
+[mode:sshpass-file]
+password_prompt: no
+ssh_path: /usr/bin/sshpass -f /root/remotepasswordfile /usr/bin/ssh
+scp_path: /usr/bin/sshpass -f /root/remotepasswordfile /usr/bin/scp
+ssh_options: -oBatchMode=no -oStrictHostKeyChecking=no

conf/clush.conf.d/sudo.conf.example

@@ -0,0 +1,10 @@
+# Example configuration file for sudo support.
+#
+# Copy as sudo.conf to enable and edit sudo's path as needed
+# (sudo needs to be installed on your operating system).
+#
+# To activate sudo mode, use clush -m sudo ...
+
+[mode:sudo]
+password_prompt: yes
+command_prefix: /usr/bin/sudo -S -p "''"

doc/extras/vim/ftdetect/clustershell.vim

@@ -2,5 +2,6 @@
 " Installed As: vim/ftdetect/clustershell.vim
 "
 au BufNewFile,BufRead *clush.conf setlocal filetype=clushconf
+au BufNewFile,BufRead *clush.conf.d/*.conf setlocal filetype=clushconf
 au BufNewFile,BufRead *groups.conf setlocal filetype=groupsconf
 au BufNewFile,BufRead *groups.conf.d/*.conf setlocal filetype=groupsconf

doc/extras/vim/syntax/clushconf.vim

@@ -12,15 +12,19 @@ endif
 " shut case off
 syn case ignore
 
-syn match  clushComment	    "#.*$"
-syn match  clushComment	    ";.*$"
-syn match  clushHeader	    "\[\w\+\]"
+syn match  clushComment     "#.*$"
+syn match  clushComment     ";.*$"
+syn match  clushHeader      "\[\w\+\]$"
+syn match  clushHeaderMode  "\[mode:\S\+\]$"
+syn match  confDirGroup     "^confdir\(:\|=\).*$" contains=confDirKeys,confDirVars
+syn match  confDirVars      "$CFGDIR" contained
+syn match  confDirKeys      "^\w\+\(:\|=\)"me=e-1 contained
 
 syn keyword clushKeys       fanout command_timeout connect_timeout color fd_max history_size node_count maxrc verbosity
 syn keyword clushKeys       ssh_user ssh_path ssh_options
 syn keyword clushKeys       scp_user scp_path scp_options
 syn keyword clushKeys       rsh_path rcp_path rcp_options
-syn keyword clushKeys       sudo_command
+syn keyword clushKeys       command_prefix password_prompt
 
 " Define the default highlighting.
 " For version 5.7 and earlier: only when not done already
@@ -33,10 +37,13 @@ if version >= 508 || !exists("did_clushconf_syntax_inits")
     command -nargs=+ HiLink hi def link <args>
   endif
 
-  HiLink clushHeader	Special
-  HiLink clushComment	Comment
-  HiLink clushLabel	Type
-  HiLink clushKeys      Identifier
+  HiLink clushHeader        Special
+  HiLink clushHeaderMode    Constant
+  HiLink clushComment       Comment
+  HiLink clushLabel         Type
+  HiLink clushKeys          Identifier
+  HiLink confDirKeys        Identifier
+  HiLink confDirVars        Keyword
 
   delcommand HiLink
 endif

doc/man/man1/clush.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH CLUSH 1 "2022-06-29" "1.8.4" "ClusterShell User Manual"
+.TH CLUSH 1 "2022-11-18" "1.8.4" "ClusterShell User Manual"
 .SH NAME
 clush \- execute shell commands on a cluster
 .
@@ -289,6 +289,9 @@ limit time to connect to a node
 .BI \-u \ COMMAND_TIMEOUT\fP,\fB \ \-\-command_timeout\fB= COMMAND_TIMEOUT
 limit time for command to run on the node
 .TP
+.BI \-m \ MODE\fP,\fB \ \-\-mode\fB= MODE
+run mode; define MODEs in \fB<confdir>/*.conf\fP
+.TP
 .BI \-R \ WORKER\fP,\fB \ \-\-worker\fB= WORKER
 worker name to use for connection (\fBexec\fP, \fBssh\fP, \fBrsh\fP, \fBpdsh\fP, or the name of a Python worker module), default is \fBssh\fP
 .TP
@@ -384,8 +387,9 @@ Copy \fI/etc/motd\fP from remote nodes node[3\-5,62] to local \fI/tmp\fP directo
 .SH FILES
 .INDENT 0.0
 .TP
-.B \fI/etc/clustershell/clush.conf\fP
-System\-wide clush configuration file.
+.B \fI$CLUSTERSHELL_CFGDIR/clush.conf\fP
+Global clush configuration file. If $CLUSTERSHELL_CFGDIR is not defined,
+\fI/etc/clustershell/clush.conf\fP is used instead.
 .TP
 .B \fI$XDG_CONFIG_HOME/clustershell/clush.conf\fP
 User configuration file for clush. If $XDG_CONFIG_HOME is not defined,

doc/man/man5/clush.conf.5

@@ -44,7 +44,8 @@ user configuration file (\fI$XDG_CONFIG_HOME/clustershell/clush.conf\fP)
 .IP 3. 3
 local pip user installation (\fI$HOME/.local/etc/clustershell/clush.conf\fP)
 .IP 4. 3
-system\-wide configuration file (\fI/etc/clustershell/clush.conf\fP)
+global configuration file (\fI$CLUSTERSHELL_CFGDIR/clush.conf\fP, defaults to
+\fI/etc/clustershell/clush.conf\fP)
 .UNINDENT
 .UNINDENT
 .UNINDENT
@@ -71,10 +72,26 @@ used on the head node and on each gateway (the \fIfanout\fP value is propagated)
 That is, if the \fIfanout\fP is \fB16\fP on the head node, each gateway will
 initate up to \fB16\fP connections to their target nodes at the same time.
 .TP
+.B confdir
+Optional list of directory paths where clush should look for \fI\&.conf\fP files
+which define run modes that can then be activated with \fB\-\-mode\fP\&. All other
+clush config file settings defined here might be overriden in a run mode.
+Each mode section should have a name prefixed by "mode:" to clearly identify
+a section defining a mode. Duplicate modes are not allowed in those files.
+Configuration files that are not readable by the current user are ignored.
+The variable \fI$CFGDIR\fP is replaced by the path of the highest priority
+configuration directory found (where clush.conf resides). The default confdir
+value enables both system\-wide and any installed user configuration (thanks
+to \fI$CFGDIR\fP). Duplicate directory paths are ignored.
+.TP
 .B connect_timeout
 Timeout in seconds to allow a connection to establish. This parameter is
 passed to ssh. If set to \fI0\fP, no timeout occurs.
 .TP
+.B command_prefix
+Command prefix. Generally used for specific run modes, for example to
+implement \fBsudo\fP(8) support.
+.TP
 .B command_timeout
 Timeout in seconds to allow a command to complete since the connection has
 been established. This parameter is passed to ssh.  In addition, the
@@ -110,6 +127,11 @@ header? (\fIyes\fP/\fIno\fP)
 .B maxrc
 Should \fBclush\fP return the largest of command return codes? (yes/no)
 .TP
+.B password_prompt
+Enable password prompt and password forwarding to stdin? (yes/no) Generally
+used for specific run modes, for example to implement interactive
+\fBsudo\fP(8) support.
+.TP
 .B verbosity
 Set the verbosity level: \fI0\fP (quiet), \fI1\fP (default), \fI2\fP (verbose) or more
 (debug).
@@ -139,10 +161,21 @@ Same a rsh_path for rcp command. (Default is \fIrcp\fP)
 .TP
 .B rsh_options
 Set additional options to pass to the underlying rsh/rcp command.
-.TP
-.B sudo_command
-sudo command for use with \fI\-\-sudo\fP
 .UNINDENT
+.SS Run modes
+.sp
+Since version 1.9, clush has support for run modes, which are special
+\fBclush.conf\fP(5) settings with a given name. Two run modes are provided in
+example configuration files that can be copied and modified. They implement
+password\-based authentication with \fBsshpass\fP(1) and support of interactive
+\fBsudo\fP(8) with password.
+.sp
+To use a run mode with \fBclush \-\-mode\fP, install a configuration file in one of
+\fBclush.conf\fP(5)\(aqs \fIconfdir\fP (usually \fBclush.conf.d\fP). Only configuration
+files ending in \fI\&.conf\fP are scanned. If the user running \fBclush\fP(1) doesn\(aqt
+have read access to a configuration file, is it ignored. When \fB\-\-mode\fP is
+specified, you can display all available run modes for the current user by
+enabling debug mode (\fB\-d\fP).
 .SH EXAMPLES
 .sp
 Simple configuration file.
@@ -157,14 +190,16 @@ color: auto
 fd_max: 10240
 maxrc: no
 node_count: yes
+confdir: /etc/clustershell/clush.conf.d
 
 .fi
 .sp
 .SH FILES
 .INDENT 0.0
 .TP
-.B \fI/etc/clustershell/clush.conf\fP
-System\-wide clush configuration file.
+.B \fI$CLUSTERSHELL_CFGDIR/clush.conf\fP
+Global clush configuration file. If $CLUSTERSHELL_CFGDIR is not defined,
+\fI/etc/clustershell/clush.conf\fP is used instead.
 .TP
 .B \fI$XDG_CONFIG_HOME/clustershell/clush.conf\fP
 User configuration file for clush. If $XDG_CONFIG_HOME is not defined,
@@ -184,7 +219,7 @@ from \fIclush.conf\fP\&.  External commands whose outputs were used by \fBclush\
 \fBgroups.conf\fP(5).
 .SH SEE ALSO
 .sp
-\fBclush\fP(1), \fBgroups.conf\fP(5).
+\fBclush\fP(1), \fBgroups.conf\fP(5), \fBsshpass\fP(1), \fBsudo\fP(8).
 .sp
 \fI\%http://clustershell.readthedocs.org/\fP
 .SH AUTHOR