amoeba_deploy_tools 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4a65c50aee5219d621d7c8b828cfb969e3f28983
-  data.tar.gz: eb296c2a985c9e907ce16c9579363b21dbb12607
+  metadata.gz: 34b12c26a76d623203a1e6ec7b139d49c3296f9f
+  data.tar.gz: 9e27589f78df53ab436c5282a9e4660eca3acf9f
 SHA512:
-  metadata.gz: 85f437f9e3c7b0f6e4de987fe7ba8f9910453c769fd23448059989463afa22685c2b042c02964660da88f8f58c627fef3b0fb7ffcddca79eb444b948cf497f5d
-  data.tar.gz: ca7f024bebd8cbc71fc1dfd15242743ce56f6381aeb58496f402d3c2451b11d36a40be3412f8a95a6ab367e6cbd21f7e31ff5e019e362df6e8e6e2e3ed02c889
+  metadata.gz: 8065541a517c22f166f98f752d2f87af8629f2f9722da2b1f885be41a943607f38cb039d5bd7aae35ffb3a8125b37647cf712be5eecdb0443cbe5b2d5e7c7951
+  data.tar.gz: 02b8bed43ff7194127257da289b2b292130e6d2fee4d4636d6e9b35ae75038f1ae4e4d2cf9a58bc4ff4aeb9177d868bc3b3392642e4780b1756bc4209b4faae2

data/.gitignore

@@ -0,0 +1,34 @@
+*.gem
+*.rbc
+.bundle
+.config
+coverage
+InstalledFiles
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+
+# YARD artifacts
+.yardoc
+_yardoc
+doc/
+
+# Project files
+.idea
+
+# For librarian
+/cookbooks
+/tmp
+*.swp
+
+# RVM stuff we'll ignore for this gem for max flexibility
+.ruby-version
+.ruby-gemset
+.rvmrc
+
+# Ignore Gemfile.lock in this since it's a gem
+Gemfile.lock

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format doc

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your dependencies in gemspec file
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Amoeba Consulting
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,83 @@
+Amoeba Deploy Tools
+===================
+
+Amoeba Deploy Tools (ADT) is a ruby gem that enables rapid creation of servers using the Chef config
+management system. Using Chef today there are many tools and best practices, and we have found that
+often setting up a chef "kitchen" can be tedious. Additionally, we believe in supporting server-less
+deploys. That is, we don't like to maintain and run a separate chef server just to manage our boxes.
+
+ADT integrates a number of other tools (`chef-solo`, and `librarian`, and others) and we provide a
+[skeleton Kitchen](http://github.com/AmoebaConsulting/amoeba-kitchen-skel), so you can fork our
+kitchen, install this gem, and deploy a node in minutes.
+
+## Short introduction
+
+First, you need ruby installed. Next, add `amoeba-deploy-tools` to your project Gemfile, or install
+via the `gem` command:
+
+    > gem install amoeba-deploy-tools
+
+If you are preparing a server to install an application, change to that project's directory.
+Otherwise, switch to a dir where you plan on running ADT from. And run:
+
+    > amoeba init
+
+The command will walk you through the process of initializing your kitchen. Now you've got a
+kitchen all ready to go. We recommend you add it to version control (git). We do not recommend you
+add the .amoeba.yml configuration file to git.
+
+Next you must create a node definition, and run a deploy. A node definition sits in the kitchen's
+`nodes/` directory. See this directory for a sample node you can copy / rename to make your own.
+
+Once you have a node defined, just run:
+
+    > amoeba node bootstrap --node <node-name>
+
+... and the node will be provisioned. After provisioning, the node's metadata will be stored in the
+`data_bags` folder. Our skeleton kitchen includes a basenode recipe that creates a deployment user
+on the destination box, and disables root access. This user's name will be cached in the node's
+databag and used for subsequent operations to the box. Now, as you make changes to the node, or any
+cookbooks you create in `site-cookbooks`, you can push those changes by running:
+
+    > amoeba node push --node <node-name>
+
+Finally to setup Capistrano, you need only add the following to your existing Capfile:
+
+    require 'amoeba_deploy_tools/capistrano'
+
+For a full list of commends, run `amoeba help` or see below.
+
+## Detailed Information
+
+In essence, ADT is controlled by a configuration file, `.amoeba.yml`, specifying where your kitchen
+will be located, and a copy of the kitchen itself. In the future, we will support specifying
+deployment-related configuration in this file (such as SSH information). So we recommend you keep it
+gitignored if it contains sensitive information. The kitchen should be kept under version control,
+and you can either fork it prior to running `amoeba init` or you can let `amoeba init` make a copy
+of our skeleton which you can add to version control later.
+
+## Vagrant Testing
+
+Using Vagrant to test your nodes is easy! Just install Vagrant, run `amoeba init` and modify the
+kitchen's `Vagrantfile`, as necessary. Run `vagrant up` and watch as your VM comes alive.
+
+Then, you can ensure the provider is setup correctly (see `data_bags/providers/vagrant.json`). You
+must ensure the SSH port matches that in `Vagrantfile` (by default 2222), and you must point the
+provider to the SSH key Vagrant uses (if you just installed Vagrant, this is by default correct,
+`~/.vagrant.d/insecure_private_key`). You can, however, change the private key (for security
+reasons if you plan on distributing the VM or using it in production) by specifying an alternative
+one in the `Vagrantfile` configuration key `config.ssh.private_key_path` (see
+[the following documentation](http://docs-v1.vagrantup.com/v1/docs/config/ssh/private_key_path.html)
+on Vagrant for more information).
+
+## Commands
+
+### amoeba init [url] [--skeleton]
+
+The URL is optional, but if specified will be used as the library's git repo. You can also specify
+`--skeleton`, which will use the specified URL as a skeleton, and make a copy of it (useful if you
+do not already have a Kitchen you wish to use in git, but want to start a new one based on the URL
+specified).
+
+The default URL is [Amoeba's skeleton](https://github.com/AmoebaConsulting/amoeba-kitchen-skel),
+which will be copied (as if `--skeleton` was specified).

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/amoeba-deploy-tools.gemspec

@@ -0,0 +1,36 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'amoeba_deploy_tools/version'
+
+Gem::Specification.new do |s|
+  s.name          = 'amoeba_deploy_tools'
+  s.version       = AmoebaDeployTools::VERSION
+  s.authors       = ['Daniel Jabbour', 'Hike Danakian']
+  s.email         = 'sayhi@amoe.ba'
+  s.summary       = 'Easy Chef Solo / Knife operation with Amoeba Deploy Tools.'
+  s.description   = 'Easy Chef Solo / Knife operation with Amoeba Deploy Tools.'
+  s.homepage      = 'https://github.com/AmoebaConsulting/amoeba-deploy-tools'
+  s.license       = 'MIT'
+
+  s.files         = `git ls-files`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.test_files    = `git ls-files -- spec/*`.split("\n")
+  s.require_paths = ['lib']
+
+  s.required_ruby_version = '>= 1.9.2'
+
+  s.add_development_dependency 'bundler', '~> 1.3'
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'rspec',   '~> 2.14.1'
+  s.add_development_dependency 'pry',     '~> 0.9.12.4'
+
+  s.add_dependency 'hashie',              '~> 2.0.5'
+  s.add_dependency 'thor',                '~> 0.18.1'
+  s.add_dependency 'cocaine',             '~> 0.5.3'
+
+  s.add_dependency 'chef',                '~> 11.8.0'
+  s.add_dependency 'librarian-chef',      '~> 0.0.2'
+  s.add_dependency 'knife-solo',          '~> 0.4.0'
+  s.add_dependency 'knife-solo_data_bag', '~> 0.4.0'
+end

data/lib/amoeba_deploy_tools/capistrano/common.rb

@@ -0,0 +1,5 @@
+def _cset(name, *args, &block)
+  unless exists?(name)
+    set(name, *args, &block)
+  end
+end

data/lib/amoeba_deploy_tools/capistrano/recipes.rb

@@ -0,0 +1,14 @@
+require 'amoeba_deploy_tools/capistrano/common'
+
+Capistrano::Configuration.instance(:must_exist).load do
+  _cset(:database_yml_path){ "#{shared_path}/config/database.yml" }
+
+  namespace :amoeba_deploy_tools do
+    desc 'Link the shared/config files into the current/config dir.'
+    task :symlink_configs, :roles => :app do
+      run [ "cd #{latest_release}",
+            "ln -nfs #{database_yml_path} config/"
+          ].join(' && ')
+    end
+  end
+end

data/lib/amoeba_deploy_tools/capistrano.rb

@@ -0,0 +1,11 @@
+require 'capistrano/version'
+
+if defined?(Capistrano::VERSION) && Capistrano::VERSION >= '3.0'
+  raise 'We do not yet support Capistrano v3.0. Please downgrade, send us a pull request, or symlink database.yml yourself.'
+else
+  require 'amoeba_deploy_tools/capistrano/recipes'
+
+  Capistrano::Configuration.instance(:must_exist).load do
+    after   'deploy:finalize_update',  'amoeba_deploy_tools:symlink_configs'
+  end
+end

data/lib/amoeba_deploy_tools/command.rb

@@ -0,0 +1,105 @@
+require 'thor'
+require 'hashie/mash'
+
+module AmoebaDeployTools
+  class Command < Thor
+
+    include AmoebaDeployTools::Concerns::Hooks
+
+    option :node, desc: 'name of the node you wish to operate on (set default in .amoeba.yml)'
+    option :'log-level', desc: 'log level to output (DEBUG, INFO, WARN (default), or ERROR)'
+    option :dry, type: :boolean, default: false, desc: 'Don\'t actually execute any chef commands (just show what would be run)'
+
+    # Note that all subcommands will inherit this class. This means any setup done in here
+    # will be duplicated if it runs at initialization (since the main command and subcommand are
+    # both evaluated at runtime). Thus, it's important not to put anything in the constructor.
+    # If you wish to setup any global state, do so in the Amoeba class initializer.
+    def initialize(args=[], options={}, config={})
+      super
+    end
+
+    no_commands do
+      def config
+        return @amoebaConfig if @amoebaConfig
+
+        @amoebaConfig = Config.load('.amoeba.yml')
+      end
+
+      def kitchen_path
+        return @kitchen if @kitchen
+
+        if config.kitchen_.path
+          @kitchen = config.kitchen.path
+        else
+          @kitchen = '.'
+          logger.warn 'Using local dir as kitchen path, no `.amoeba.yml` config found. Consider running `amoeba init`'
+        end
+
+        say_fatal "ERROR: Could not find amoeba kitchen: #{@kitchen}" unless Dir.exists? @kitchen
+
+        @kitchen
+      end
+
+      def inside_kitchen(&block)
+        Bundler.with_clean_env do
+          Dir.chdir(kitchen_path) { block.call }
+        end
+      end
+
+      # The node must be specified unless you set a default one. You can specify it with the
+      # `--node [name]` option, or by setting `[:node][:default]` in your `.amoeba.yml``
+      def node
+        return @node if @node
+
+        node_name = options[:node] || config.node_.default_
+        say_fatal 'ERROR: must specify --node or have a default node in your config file' unless node_name
+
+        inside_kitchen do
+          node_filename = File.expand_path(File.join('nodes', "#{node_name}.json"))
+          if node_name.nil? || !File.exists?(node_filename)
+            say_fatal "ERROR: Could not find node JSON file: #{node_filename}"
+          end
+
+          @node = Config.load(node_filename, format: :json)
+          @node.tap {|n| n.filename = node_filename } if @node
+        end
+      end
+
+      def remote_node
+        data_bag(:nodes)[node.name]
+      end
+
+      def data_bag(name)
+        DataBag.new(name, kitchen_path)
+      end
+
+      def deployment
+        return @deployment if @deployment
+
+        @deployment = Hashie::Mash.new
+        @deployment.deep_merge!(node.deployment) if node.deployment
+
+        provider = data_bag(:providers)[node.deployment.provider] if node.deployment_.provider
+
+        @deployment.deep_merge!(provider) if provider
+        @deployment.deep_merge!(remote_node.deployment) if remote_node.deployment
+        @deployment.deep_merge!(node.deployment)
+
+        return @deployment
+      end
+
+      def logger
+        Logger.instance
+      end
+
+      def validate_chef_id!(name)
+        say_fatal "You must specify a key name for your data bag id." unless name
+        unless name =~ /^[a-zA-Z0-9\_\-]+$/
+          say_fatal "Your data bag name must only contain alphanums, dashes, and underscores. `#{name}` is invalid!"
+        end
+        return true
+      end
+
+    end
+  end
+end

data/lib/amoeba_deploy_tools/commands/amoeba.rb

@@ -0,0 +1,118 @@
+module AmoebaDeployTools
+
+  DEFAULT_SKELETON_REPO = 'https://github.com/AmoebaConsulting/amoeba-kitchen-skel.git'
+
+  class Amoeba < Command
+
+    # Any "global" setup can be done here, as the "amoeba" command will always be initialized
+    def initialize(args=[], options={}, config={})
+      super
+      setup_logger
+      setup_cocaine
+
+      # Fix JSON so it doesn't try to dereference json_class in JSON responses
+      # See http://blog.defunct.ca/2013/02/01/query-chef-server-api-from-ruby-script/
+      JSON.create_id = ''
+    end
+
+    desc 'init (url optional)', 'Setup Amoeba Deploy Tools (either by creating a new kitchen or locating an existing one)'
+    method_options :skeleton => :boolean
+    def init(url=nil)
+      # Store the user-specified URL if it exists
+      user_url = url if url
+
+      # Check if we're in a git repo
+      if system('git rev-parse > /dev/null 2>&1')
+        project_dir = %x{git rev-parse --show-toplevel}
+
+        default_kitchen_dir = File.expand_path("#{File.basename(project_dir).chop}-kitchen",
+                                       File.expand_path('..', project_dir))
+      else
+        default_kitchen_dir = File.expand_path('.', 'kitchen')
+      end
+
+      kitchen_dir = ask "Where should the new kitchen be located? (default: #{default_kitchen_dir})"
+      kitchen_dir = default_kitchen_dir if kitchen_dir.empty?
+
+      if File.exist?(kitchen_dir)
+        say 'Existing kitchen found! Will not overwrite.', :yellow
+      else
+        # Copy (not clone) the repo if the URL isn't specified. If it is, obey the --skeleton param
+        copy = url ? options[:skeleton] : true
+
+        # If there was no specified URL, use default one
+        url ||= DEFAULT_SKELETON_REPO
+
+        git_opts = copy ?  '--depth 1' : ''
+        if system("git clone #{git_opts} #{url} #{kitchen_dir}")
+          if copy
+            git_dir = File.expand_path('.git', kitchen_dir)
+            if File.directory?(git_dir)
+              FileUtils.rm_rf(git_dir)
+            end
+            say_bold "New kitchen created at: #{kitchen_dir}. Please add it to version control"
+          else
+            say_bold "Kitchen from #{url} has been 'git clone'-ed into your kitchen directory"
+          end
+        else
+          say_fatal "ERROR: Kitchen directory cannot be cloned from URL #{url}"
+        end
+      end
+
+      # Okay, the kitchen exists (one way or another)
+
+      config.kitchen!.url  = user_url if user_url && !options[:skeleton]
+      config.kitchen!.path = kitchen_dir.to_s
+      config.save
+
+      say_bold 'Saving ./amoeba.yml config file. We suggest you `git ignore` this (contains local settings).'
+    end
+
+    desc 'sync OPTS', 'Not yet implemented.'
+    def sync
+    end
+
+    desc 'update OPTS', 'Not yet implemented.'
+    def update
+    end
+
+    desc 'app [COMMAND]', 'Manage the deployed application (see `amoeba app help`)'
+    subcommand 'app', AmoebaDeployTools::App
+
+    desc 'node [COMMAND]', 'Deploy and configure nodes (see `amoeba node help`)'
+    subcommand 'node', AmoebaDeployTools::Node
+
+    desc 'key [COMMAND]', 'Manage private keys (see `amoeba key help`)'
+    subcommand 'key', AmoebaDeployTools::Key
+
+    desc 'ssl [COMMAND]', 'Manage SSL certificates (see `amoeba ssl help`)'
+    subcommand 'ssl', AmoebaDeployTools::Ssl
+
+    no_commands do
+      def setup_logger
+        # Default logging level is warn. You can change this in your .amoeba.yml config
+        # by setting `logLevel` or by passing --logLevel option
+        level = 'WARN'
+        level = config.log_level if config.log_level
+        level = options[:'log-level'] if options[:'log-level']
+        begin
+          level = AmoebaDeployTools::Logger.const_get level.upcase
+        rescue NameError
+          say "WARNING: Invalid log level: #{level}. Defaulting to WARN.", :red
+          level = AmoebaDeployTools::Logger::WARN
+        end
+        AmoebaDeployTools::Logger.instance.level = level
+      end
+
+      def setup_cocaine
+        if options[:dry]
+          Cocaine::CommandLine.runner = Cocaine::CommandLine::FakeRunner.new
+        else
+          Cocaine::CommandLine.runner = AmoebaDeployTools::NoiseyCocaineRunner.new
+        end
+
+        Cocaine::CommandLine.logger = AmoebaDeployTools::Logger.instance
+      end
+    end
+  end
+end

data/lib/amoeba_deploy_tools/commands/app.rb

@@ -0,0 +1,27 @@
+module AmoebaDeployTools
+  class App < Command
+    desc 'deploy', 'Deploy the application (using capistrano)'
+    def deploy
+      cap :deploy
+    end
+
+    desc 'capfile', 'Generate Capfile for application'
+    def capfile
+      app = node.application
+      sudo(node.name, "cat ~#{app.name}/shared/config/Capfile")
+    end
+
+    desc 'exec CMD', "executes CMD on remote server in app's env"
+    def exec
+    end
+
+    desc 'ssh', 'SSHs to the application node, as the application user'
+    def ssh
+    end
+
+    no_commands do
+      def cap(cmd)
+      end
+    end
+  end
+end

data/lib/amoeba_deploy_tools/commands/concerns/hooks.rb

@@ -0,0 +1,45 @@
+module AmoebaDeployTools
+  module Concerns
+    module Hooks
+      def self.included(base)
+        base.extend(ClassMethods)
+      end
+
+      module ClassMethods
+        ### Class methods
+        def before_hooks
+          @before_hooks ||= []
+        end
+
+        def after_hooks
+          @after_hooks ||= []
+        end
+
+        def before(&blk)
+          @before_hooks ||= []
+          @before_hooks << blk
+        end
+
+        def after(&blk)
+          @after_hooks ||= []
+          @after_hooks << blk
+        end
+      end
+
+      #### Instance methods
+
+      def invoke_command(command, *args)
+        # Ignore hooks on help commands
+        if command.name == 'help'
+          return super
+        end
+
+        self.class.before_hooks.each {|h| instance_eval &h }
+        retVal = super
+        self.class.after_hooks.each {|h| instance_eval &h }
+        return retVal
+      end
+
+    end
+  end
+end

data/lib/amoeba_deploy_tools/commands/concerns/ssh.rb

@@ -0,0 +1,109 @@
+module AmoebaDeployTools
+  module Concerns
+    module SSH
+      def self.included(base)
+        base.extend(ClassMethods)
+      end
+
+      module ClassMethods
+        ### Class methods
+      end
+
+      ### Instance methods
+
+      # Outputs SSH options for connecting to this node (provide a map of deploy key to command
+      # line arg name).
+      def node_host_args(flag_map)
+        say_fatal 'ERROR: Missing deployment info for node.' unless deployment && deployment.host
+
+        host_arg = deployment.host
+        host_arg = "#{deployment.user}@#{host_arg}" if deployment.user
+
+        # Iterate through all the specified flags and check if they're defined in the deployment
+        # config, appending them to the output if they are.
+        flag_map.each do |field, argument_name|
+          host_arg << " #{argument_name} #{deployment[field]}" if deployment[field]
+        end
+
+        host_arg
+      end
+
+      # Run knife solo command on server
+      def knife_solo(cmd, options={})
+        say_fatal 'ERROR: Node must have a name defined' unless node.name
+
+        # Ensure json is a hashie
+        json = options.delete(:json) || Hashie::Mash.new
+
+        # If a block is specified, it means we have json in it, so let's resolve it
+        yield(json) if block_given?
+
+        # Ensure JSON for the node is set. It is either provided by the calling party, or we use the
+        # node file's definitions.
+        if json.empty?
+          json.deep_merge!(node)
+        end
+
+        exec = "bundle exec knife solo #{cmd.to_s} "
+
+        if options.delete(:ssh)
+          exec << node_host_args(port: '--ssh-port',
+                                 config: '--ssh-config-file',
+                                 ident: '--identity-file') << ' '
+          exec << "--no-host-key-verify --node-name #{node.name}"
+        end
+
+        if options.delete(:include_private_key)
+          private_key = node.private_key || 'default'
+          private_key = config.private_keys_[private_key]
+
+          # Stick the private key into a our custom JSON (to be appended to the node)
+          json.private_key_raw = private_key if private_key
+        end
+
+        opts = {}
+        opts[:runner] = AmoebaDeployTools::InteractiveCocaineRunner.new if options.delete(:interactive)
+
+        # Now go through all the options specified and append them to args
+        args = ''
+        options.each do |argument, value|
+          args << " --#{argument} #{value}"
+        end
+
+        inside_kitchen do
+          # JSON will be written to a temp file and used in place of the node JSON file
+          with_tmpfile(JSON.dump(json), name: ['node', '.json']) do |file_name|
+            knife_solo_cmd = Cocaine::CommandLine.new(exec, "#{args} #{file_name}", opts)
+            knife_solo_cmd.run
+          end
+        end
+      end
+
+      def ssh_run(cmd, options)
+        options = {
+          silent: false,
+          interactive: false
+        }.merge!(options)
+
+        opts = {}
+        opts[:runner] = Cocaine::CommandLine::BackticksRunner.new if options[:silent]
+        opts[:runner] = AmoebaDeployTools::InteractiveCocaineRunner.new if options[:interactive]
+
+        ssh_cmd = node_host_args(port: '-p', ident: '-i')
+
+        [ 'Compression=yes',
+          'DSAAuthentication=yes',
+          'LogLevel=FATAL',
+          'StrictHostKeyChecking=no',
+          'UserKnownHostsFile=/dev/null'
+        ].each do |opt|
+          ssh_cmd << " -o #{opt}"
+        end
+
+        ssh_cmd << " '#{cmd}'" if cmd && !cmd.empty?
+
+        Cocaine::CommandLine.new('ssh', ssh_cmd, opts).run
+      end
+    end
+  end
+end

data/lib/amoeba_deploy_tools/commands/key.rb

@@ -0,0 +1,22 @@
+module AmoebaDeployTools
+  class Key < Command
+
+    desc 'create', 'Create a private_key (used to encrypt secret data_bags like SSL certs)'
+    def create(name=nil)
+      validate_chef_id!(name)
+
+      key = Cocaine::CommandLine.new('openssl', "rand -base64 512 | tr -d '\\r\\n'",
+                                     runner: Cocaine::CommandLine::BackticksRunner.new).run
+      config.private_keys![name] = key
+
+      logger.debug "Saving key to `.amoeba.yml` config"
+
+      if config.new_file?
+        say_fatal "Cannot create new key, no .amoeba.yml file found! Please run `amoeba init`"
+      end
+
+      config.save
+    end
+
+  end
+end