chef-apply 0.1.2

data/lib/chef_apply.rb

@@ -0,0 +1,20 @@
+#
+# Copyright:: Copyright (c) 2018 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module ChefApply
+
+end

data/lib/chef_apply/action/base.rb

@@ -0,0 +1,158 @@
+#
+# Copyright:: Copyright (c) 2017 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef_apply/telemeter"
+require "chef_apply/error"
+
+module ChefApply
+  module Action
+    # Derive new Actions from Action::Base
+    # "target_host" is a TargetHost that the action is being applied to. May be nil
+    #               if the action does not require a target.
+    # "config" is hash containing any options that your command may need
+    #
+    # Implement perform_action to perform whatever action your class is intended to do.
+    # Run time will be captured via telemetry and categorized under ":action" with the
+    # unqualified class name of your Action.
+    class Base
+      attr_reader :target_host, :config
+
+      def initialize(config = {})
+        c = config.dup
+        @target_host = c.delete :target_host
+        # Remaining options are for child classes to make use of.
+        @config = c
+      end
+
+      run_report = "$env:APPDATA/chef-workstation/cache/run-report.json"
+      PATH_MAPPING = {
+        chef_client: {
+          windows: "cmd /c C:/opscode/chef/bin/chef-client",
+          other: "/opt/chef/bin/chef-client",
+        },
+        cache_path: {
+          windows: '#{ENV[\'APPDATA\']}/chef-workstation',
+          other: "/var/chef-workstation",
+        },
+        read_chef_report: {
+          windows: "type #{run_report}",
+          other: "cat /var/chef-workstation/cache/run-report.json",
+        },
+        delete_chef_report: {
+          windows: "If (Test-Path #{run_report}){ Remove-Item -Force -Path #{run_report} }",
+          other: "rm -f /var/chef-workstation/cache/run-report.json",
+        },
+        tempdir: {
+          windows: "%TEMP%",
+          other: "$TMPDIR",
+        },
+        mkdir: {
+          windows: "New-Item -ItemType Directory -Force -Path ",
+          other: "mkdir -p ",
+        },
+        # TODO this is duplicating some stuff in the install_chef folder
+        # TODO maybe we start to break these out into actual functions, so
+        # we don't have to try and make really long one-liners
+        mktemp: {
+          windows: "$parent = [System.IO.Path]::GetTempPath(); [string] $name = [System.Guid]::NewGuid(); $tmp = New-Item -ItemType Directory -Path (Join-Path $parent $name); $tmp.FullName",
+          other: "bash -c 'd=$(mktemp -d -p${TMPDIR:-/tmp} chef_XXXXXX); chmod 777 $d; echo $d'"
+        },
+        delete_folder: {
+          windows: "Remove-Item -Recurse -Force –Path",
+          other: "rm -rf",
+        }
+      }
+
+      PATH_MAPPING.keys.each do |m|
+        define_method(m) { PATH_MAPPING[m][family] }
+      end
+
+      # Chef will try 'downloading' the policy from the internet unless we pass it a valid, local file
+      # in the working directory. By pointing it at a local file it will just copy it instead of trying
+      # to download it.
+      def run_chef(working_dir, config, policy)
+        case family
+        when :windows
+          "Set-Location -Path #{working_dir}; " +
+            # We must 'wait' for chef-client to finish before changing directories and Out-Null does that
+            "chef-client -z --config #{config} --recipe-url #{policy} | Out-Null; " +
+            # We have to leave working dir so we don't hold a lock on it, which allows us to delete this tempdir later
+            "Set-Location C:/; " +
+            "exit $LASTEXITCODE"
+        else
+          # cd is shell a builtin, so much call bash. This also means all commands are executed
+          # with sudo (as long as we are hardcoding our sudo use)
+          "bash -c 'cd #{working_dir}; chef-client -z --config #{config} --recipe-url #{policy}'"
+        end
+      end
+
+      # Trying to perform File or Pathname operations on a Windows path with '\'
+      # characters in it fails. So lets convert them to '/' which these libraries
+      # handle better.
+      def escape_windows_path(p)
+        if family == :windows
+          p = p.tr("\\", "/")
+        end
+        p
+      end
+
+      def run(&block)
+        @notification_handler = block
+        Telemeter.timed_action_capture(self) do
+          begin
+            perform_action
+          rescue StandardError => e
+            # Give the caller a chance to clean up - if an exception is
+            # raised it'll otherwise get routed through the executing thread,
+            # providing no means of feedback for the caller's current task.
+            notify(:error, e)
+            @error = e
+          end
+        end
+        # Raise outside the block to ensure that the telemetry cpature completes
+        raise @error unless @error.nil?
+      end
+
+      def name
+        self.class.name.split("::").last
+      end
+
+      def perform_action
+        raise NotImplemented
+      end
+
+      def notify(action, *args)
+        return if @notification_handler.nil?
+        ChefApply::Log.debug("[#{self.class.name}] Action: #{action}, Action Data: #{args}")
+        @notification_handler.call(action, args) if @notification_handler
+      end
+
+      private
+
+      def family
+        @family ||= begin
+          f = target_host.platform.family
+          if f == "windows"
+            :windows
+          else
+            :other
+          end
+        end
+      end
+    end
+  end
+end

data/lib/chef_apply/action/converge_target.rb

@@ -0,0 +1,173 @@
+#
+# Copyright:: Copyright (c) 2017 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef_apply/action/base"
+require "chef_apply/text"
+require "pathname"
+require "tempfile"
+require "chef/util/path_helper"
+
+module ChefApply::Action
+  class ConvergeTarget < Base
+
+    def perform_action
+      local_policy_path = config.delete :local_policy_path
+      remote_tmp = target_host.run_command!(mktemp, true)
+      remote_dir_path = escape_windows_path(remote_tmp.stdout.strip)
+      remote_policy_path = create_remote_policy(local_policy_path, remote_dir_path)
+      remote_config_path = create_remote_config(remote_dir_path)
+      create_remote_handler(remote_dir_path)
+      upload_trusted_certs(remote_dir_path)
+
+      notify(:running_chef)
+      cmd_str = run_chef(remote_dir_path,
+                         File.basename(remote_config_path),
+                         File.basename(remote_policy_path))
+      c = target_host.run_command(cmd_str)
+      target_host.run_command!("#{delete_folder} #{remote_dir_path}")
+      if c.exit_status == 0
+        ChefApply::Log.debug(c.stdout)
+        notify(:success)
+      elsif c.exit_status == 35
+        notify(:reboot)
+      else
+        notify(:converge_error)
+        ChefApply::Log.error("Error running command [#{cmd_str}]")
+        ChefApply::Log.error("stdout: #{c.stdout}")
+        ChefApply::Log.error("stderr: #{c.stderr}")
+        handle_ccr_error()
+      end
+    end
+
+    def create_remote_policy(local_policy_path, remote_dir_path)
+      remote_policy_path = File.join(remote_dir_path, File.basename(local_policy_path))
+      notify(:creating_remote_policy)
+      begin
+        target_host.upload_file(local_policy_path, remote_policy_path)
+      rescue RuntimeError => e
+        ChefApply::Log.error(e)
+        raise PolicyUploadFailed.new()
+      end
+      remote_policy_path
+    end
+
+    def create_remote_config(dir)
+      remote_config_path = File.join(dir, "workstation.rb")
+
+      workstation_rb = <<~EOM
+        local_mode true
+        color false
+        cache_path "#{cache_path}"
+        chef_repo_path "#{cache_path}"
+        require_relative "reporter"
+        reporter = ChefApply::Reporter.new
+        report_handlers << reporter
+        exception_handlers << reporter
+      EOM
+
+      # Maybe add data collector endpoint.
+      dc = ChefApply::Config.data_collector
+      if !dc.url.nil? && !dc.token.nil?
+        workstation_rb << <<~EOM
+          data_collector.server_url "#{dc.url}"
+          data_collector.token "#{dc.token}"
+          data_collector.mode :solo
+          data_collector.organization "Chef Workstation"
+        EOM
+      end
+
+      begin
+        config_file = Tempfile.new
+        config_file.write(workstation_rb)
+        config_file.close
+        target_host.upload_file(config_file.path, remote_config_path)
+      rescue RuntimeError
+        raise ConfigUploadFailed.new()
+      ensure
+        config_file.unlink
+      end
+      remote_config_path
+    end
+
+    def create_remote_handler(dir)
+      remote_handler_path = File.join(dir, "reporter.rb")
+      begin
+        handler_file = Tempfile.new
+        handler_file.write(File.read(File.join(__dir__, "reporter.rb")))
+        handler_file.close
+        target_host.upload_file(handler_file.path, remote_handler_path)
+      rescue RuntimeError
+        raise HandlerUploadFailed.new()
+      ensure
+        handler_file.unlink
+      end
+      remote_handler_path
+    end
+
+    def upload_trusted_certs(dir)
+      local_tcd = Chef::Util::PathHelper.escape_glob_dir(ChefApply::Config.chef.trusted_certs_dir)
+      certs = Dir.glob(File.join(local_tcd, "*.{crt,pem}"))
+      return if certs.empty?
+      notify(:uploading_trusted_certs)
+      remote_tcd = "#{dir}/trusted_certs"
+      # We create the trusted_certs dir with the connection user (instead of the root
+      # user it would get as default since we run in sudo mode) because the `upload_file`
+      # uploads as the connection user. Without this upload_file would fail because
+      # it tries to write to a root-owned folder.
+      target_host.run_command("#{mkdir} #{remote_tcd}", true)
+      certs.each do |cert_file|
+        target_host.upload_file(cert_file, "#{remote_tcd}/#{File.basename(cert_file)}")
+      end
+    end
+
+    def handle_ccr_error
+      require "chef_apply/errors/ccr_failure_mapper"
+      mapper_opts = {}
+      c = target_host.run_command(read_chef_report)
+      if c.exit_status == 0
+        report = JSON.parse(c.stdout)
+        # We need to delete the stacktrace after copying it over. Otherwise if we get a
+        # remote failure that does not write a chef stacktrace its possible to get an old
+        # stale stacktrace.
+        target_host.run_command!(delete_chef_report)
+        ChefApply::Log.error("Remote chef-client error follows:")
+        ChefApply::Log.error(report["exception"])
+      else
+        report = {}
+        ChefApply::Log.error("Could not read remote report:")
+        ChefApply::Log.error("stdout: #{c.stdout}")
+        ChefApply::Log.error("stderr: #{c.stderr}")
+        mapper_opts[:stdout] = c.stdout
+        mapper_opts[:stderr] = c.stderr
+      end
+      mapper = ChefApply::Errors::CCRFailureMapper.new(report["exception"], mapper_opts)
+      mapper.raise_mapped_exception!
+    end
+
+    class ConfigUploadFailed < ChefApply::Error
+      def initialize(); super("CHEFUPL003"); end
+    end
+
+    class HandlerUploadFailed < ChefApply::Error
+      def initialize(); super("CHEFUPL004"); end
+    end
+
+    class PolicyUploadFailed < ChefApply::Error
+      def initialize(); super("CHEFUPL005"); end
+    end
+  end
+end

data/lib/chef_apply/action/install_chef.rb

@@ -0,0 +1,30 @@
+#
+# Copyright:: Copyright (c) 2017 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef_apply/action/install_chef/base"
+require "chef_apply/action/install_chef/windows"
+require "chef_apply/action/install_chef/linux"
+
+module ChefApply::Action::InstallChef
+  def self.instance_for_target(target_host, opts = { check_only: false })
+    opts[:target_host] = target_host
+    case target_host.base_os
+    when :windows then Windows.new(opts)
+    when :linux then Linux.new(opts)
+    end
+  end
+end

data/lib/chef_apply/action/install_chef/base.rb

@@ -0,0 +1,137 @@
+#
+# Copyright:: Copyright (c) 2017 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef_apply/action/base"
+require "fileutils"
+
+module ChefApply::Action::InstallChef
+  class Base < ChefApply::Action::Base
+    MIN_CHEF_VERSION = Gem::Version.new("13.0.0")
+
+    def perform_action
+      if target_host.installed_chef_version >= MIN_CHEF_VERSION
+        notify(:already_installed)
+        return
+      end
+      raise ClientOutdated.new(target_host.installed_chef_version, MIN_CHEF_VERSION)
+      # NOTE: 2018-05-10 below is an intentionally dead code path that
+      #       will get re-visited once we determine how we want automatic
+      #       upgrades to behave.
+      # @upgrading = true
+      # perform_local_install
+    rescue ChefApply::TargetHost::ChefNotInstalled
+      if config[:check_only]
+        raise ClientNotInstalled.new()
+      end
+      perform_local_install
+    end
+
+    def name
+      # We have subclasses - so this'll take the qualified name
+      # eg InstallChef::Windows, etc
+      self.class.name.split("::")[-2..-1].join("::")
+    end
+
+    def upgrading?
+      @upgrading
+    end
+
+    def perform_local_install
+      package = lookup_artifact()
+      notify(:downloading)
+      local_path = download_to_workstation(package.url)
+      notify(:uploading)
+      remote_path = upload_to_target(local_path)
+      notify(:installing)
+      install_chef_to_target(remote_path)
+      notify(:install_complete)
+    end
+
+    def perform_remote_install
+      raise NotImplementedError
+    end
+
+    def lookup_artifact
+      return @artifact_info if @artifact_info
+      require "mixlib/install"
+      c = train_to_mixlib(target_host.platform)
+      Mixlib::Install.new(c).artifact_info
+    end
+
+    def version_to_install
+      lookup_artifact.version
+    end
+
+    def train_to_mixlib(platform)
+      opts = {
+        platform_version: platform.release,
+        platform: platform.name,
+        architecture: platform.arch,
+        product_name: "chef",
+        product_version: :latest,
+        channel: :stable,
+        platform_version_compatibility_mode: true
+      }
+      case platform.name
+      when /windows/
+        opts[:platform] = "windows"
+      when "redhat", "centos"
+        opts[:platform] = "el"
+      when "suse"
+        opts[:platform] = "sles"
+      when "amazon"
+        opts[:platform] = "el"
+        if platform.release.to_i > 2010 # legacy Amazon version 1
+          opts[:platform_version] = "6"
+        else
+          opts[:platform_version] = "7"
+        end
+      end
+      opts
+    end
+
+    def download_to_workstation(url_path)
+      require "chef_apply/file_fetcher"
+      ChefApply::FileFetcher.fetch(url_path)
+    end
+
+    def upload_to_target(local_path)
+      installer_dir = setup_remote_temp_path()
+      remote_path = File.join(installer_dir, File.basename(local_path))
+      target_host.upload_file(local_path, remote_path)
+      remote_path
+    end
+
+    def setup_remote_temp_path
+      raise NotImplementedError
+    end
+
+    def install_chef_to_target(remote_path)
+      raise NotImplementedError
+    end
+  end
+
+  class ClientNotInstalled < ChefApply::ErrorNoLogs
+    def initialize(); super("CHEFINS002"); end
+  end
+
+  class ClientOutdated < ChefApply::ErrorNoLogs
+    def initialize(current_version, target_version)
+      super("CHEFINS003", current_version, target_version)
+    end
+  end
+end