chef-metal-docker 0.1

data/lib/chef_metal_docker/docker_provisioner.rb

@@ -0,0 +1,215 @@
+require 'chef_metal/provisioner'
+require 'chef_metal/convergence_strategy/no_converge'
+require 'chef_metal/convergence_strategy/install_cached'
+require 'chef_metal_docker/helpers/container'
+require 'chef_metal_docker/docker_transport'
+require 'chef_metal_docker/docker_convergence_strategy'
+require 'chef_metal_docker/docker_unix_machine'
+require 'docker'
+
+module ChefMetalDocker
+  class DockerProvisioner < ChefMetal::Provisioner
+
+    include ChefMetalDocker::Helpers::Container
+
+    def initialize(credentials = nil, connection = Docker.connection)
+      @credentials = credentials
+      @connection = connection
+    end
+
+    attr_reader :credentials
+    attr_reader :connection
+
+    # Inflate a provisioner from node information; we don't want to force the
+    # driver to figure out what the provisioner really needs, since it varies
+    # from provisioner to provisioner.
+    #
+    # ## Parameters
+    # node - node to inflate the provisioner for
+    #
+    # returns a DockerProvisioner
+    def self.inflate(node)
+      self.new
+    end
+
+    #
+    # Acquire a machine, generally by provisioning it.  Returns a Machine
+    # object pointing at the machine, allowing useful actions like setup,
+    # converge, execute, file and directory.  The Machine object will have a
+    # "node" property which must be saved to the server (if it is any
+    # different from the original node object).
+    #
+    # ## Parameters
+    # action_handler - the action_handler object that plugs into the host.
+    # node - node object (deserialized json) representing this machine.  If
+    #        the node has a provisioner_options hash in it, these will be used
+    #        instead of options provided by the provisioner.  TODO compare and
+    #        fail if different?
+    #        node will have node['normal']['provisioner_options'] in it with any options.
+    #        It is a hash with this format:
+    #
+    #           -- provisioner_url: docker:<URL of Docker API endpoint>
+    #           -- base_image: Base image name to use, or repository_name:tag_name to use a specific tagged revision of that image
+    #           -- command: command to run (if unspecified or nil, will spin up the container.  If false, will not run anything and will just leave the image alone.)
+    #           -- container_options: options for container create (see http://docs.docker.io/en/latest/reference/api/docker_remote_api_v1.10/#create-a-container)
+    #           -- host_options: options for container start (see http://docs.docker.io/en/latest/reference/api/docker_remote_api_v1.10/#start-a-container)
+    #           -- convergence_strategy: :no_converge or :install_cached (former will not converge, latter will set up chef-client and converge)
+    #
+    #        node['normal']['provisioner_output'] will be populated with information
+    #        about the created machine.  For lxc, it is a hash with this
+    #        format:
+    #
+    #           -- provisioner_url: docker:<URL of Docker API endpoint>
+    #           -- container_name: docker container name
+    #           -- repository_name: docker image repository name from which container was inflated
+    #
+    def acquire_machine(action_handler, node)
+      # Set up the modified node data
+      provisioner_options = node['normal']['provisioner_options']
+      provisioner_output = node['normal']['provisioner_output'] || {
+        'provisioner_url' => "docker:", # TODO put in the Docker API endpoint
+        'repository_name' => "#{node['name']}_image", # TODO disambiguate with chef_server_url/path!
+        'container_name' => node['name'] # TODO disambiguate with chef_server_url/path!
+      }
+
+      repository_name = provisioner_output['repository_name']
+      container_name = provisioner_output['container_name']
+      base_image_name = provisioner_options['base_image']
+      raise "base_image not specified in provisioner options!" if !base_image_name
+
+      # Tag the initial image.  We aren't going to actually DO anything yet.
+      # We will start up after we converge!
+      base_image = Docker::Image.get(base_image_name)
+      begin
+        repository_image = Docker::Image.get("#{repository_name}:latest")
+        # If the current image does NOT have the base_image as an ancestor,
+        # we are going to have to re-tag it and rebuild.
+        if repository_image.history.any? { |entry| entry['Id'] == base_image.id }
+          tag_base_image = false
+        else
+          tag_base_image = true
+        end
+      rescue Docker::Error::NotFoundError
+        tag_base_image = true
+      end
+      if tag_base_image
+        action_handler.perform_action "Tag base image #{base_image_name} as #{repository_name}" do
+          base_image.tag('repo' => repository_name, 'force' => true)
+        end
+      end
+
+      node['normal']['provisioner_output'] = provisioner_output
+
+      # Nothing else needs to happen until converge.  We already have the image we need!
+      machine_for(node)
+    end
+
+    def connect_to_machine(node)
+      machine_for(node)
+    end
+
+    def delete_machine(action_handler, node)
+      if node['normal'] && node['normal']['provisioner_output']
+        container_name = node['normal']['provisioner_output']['container_name']
+        ChefMetal.inline_resource(action_handler) do
+          docker_container container_name do
+            action [:kill, :remove]
+          end
+        end
+      end
+      convergence_strategy_for(node).cleanup_convergence(action_handler, node)
+    end
+
+    def stop_machine(action_handler, node)
+      if node['normal'] && node['normal']['provisioner_output']
+        container_name = node['normal']['provisioner_output']['container_name']
+        ChefMetal.inline_resource(action_handler) do
+          docker_container container_name do
+            action [:stop]
+          end
+        end
+      end
+    end
+
+    # This is docker-only, not Metal, at the moment.
+    # TODO this should be metal.  Find a nice interface.
+    def snapshot(action_handler, node, name=nil)
+      container_name = node['normal']['provisioner_output']['container_name']
+      ChefMetal.inline_resource(action_handler) do
+        docker_container container_name do
+          action [:commit]
+        end
+      end
+    end
+
+    # Output Docker tar format image
+    # TODO this should be metal.  Find a nice interface.
+    def save_repository(action_handler, node, path)
+      container_name = node['normal']['provisioner_output']['container_name']
+      ChefMetal.inline_resource(action_handler) do
+        docker_container container_name do
+          action [:export]
+        end
+      end
+    end
+
+    # Load Docker tar format image into Docker repository
+    def load_repository(path)
+    end
+
+    # Push an image back to Docker
+    def push_image(name)
+    end
+
+    # Pull an image from Docker
+    def pull_image(name)
+    end
+
+    private
+
+    def machine_for(node)
+      ChefMetalDocker::DockerUnixMachine.new(node, transport_for(node), convergence_strategy_for(node))
+    end
+
+    def convergence_strategy_for(node)
+      provisioner_output = node['normal']['provisioner_output']
+      provisioner_options = node['normal']['provisioner_options']
+      strategy = case provisioner_options['convergence_strategy']
+        when 'no_converge'
+          ChefMetal::ConvergenceStrategy::NoConverge.new
+        else
+          options = {}
+          provisioner_options = node['normal']['provisioner_options'] || {}
+          options[:chef_client_timeout] = provisioner_options['chef_client_timeout'] if provisioner_options.has_key?('chef_client_timeout')
+          ChefMetal::ConvergenceStrategy::InstallCached.new(options)
+        end
+      container_configuration = provisioner_options['container_configuration'] || {}
+      if provisioner_options['command']
+        command = provisioner_options['command']
+        command = command.split(/\s+/) if command.is_a?(String)
+        container_configuration['Cmd'] = command
+      elsif provisioner_options['command'] == false
+        container_configuration = nil
+      else
+        # TODO how do we get things started?  runit?  cron?  wassup here.
+        container_configuration['Cmd'] = %w(while 1; sleep 1000; end)
+      end
+      ChefMetalDocker::DockerConvergenceStrategy.new(strategy,
+        provisioner_output['repository_name'],
+        provisioner_output['container_name'],
+        container_configuration,
+        provisioner_options['host_configuration'] || {},
+        credentials,
+        connection)
+    end
+
+    def transport_for(node)
+      provisioner_output = node['normal']['provisioner_output']
+      ChefMetalDocker::DockerTransport.new(
+        provisioner_output['repository_name'],
+        provisioner_output['container_name'],
+        credentials,
+        connection)
+    end
+  end
+end

data/lib/chef_metal_docker/docker_transport.rb

@@ -0,0 +1,244 @@
+require 'chef_metal/transport'
+require 'docker'
+require 'archive/tar/minitar'
+require 'shellwords'
+require 'uri'
+require 'socket'
+
+module ChefMetalDocker
+  class DockerTransport < ChefMetal::Transport
+    def initialize(repository_name, container_name, credentials, connection)
+      @repository_name = repository_name
+      @container_name = container_name
+      @image = Docker::Image.get("#{repository_name}:latest", connection)
+      @credentials = credentials
+      @connection = connection
+    end
+
+    attr_reader :container_name
+    attr_reader :repository_name
+    attr_reader :image
+    attr_reader :credentials
+    attr_reader :connection
+
+    def execute(command, options={})
+      Chef::Log.debug("execute '#{command}' with options #{options}")
+      begin
+        connection.post("/containers/#{container_name}/stop?t=0", '')
+        Chef::Log.debug("stopped /containers/#{container_name}")
+      rescue Docker::Error::NotFoundError
+      end
+      begin
+        # Delete the container if it exists and is dormant
+        connection.delete("/containers/#{container_name}?v=true&force=true")
+        Chef::Log.debug("deleted /containers/#{container_name}")
+      rescue Docker::Error::NotFoundError
+      end
+      Chef::Log.debug("Creating #{container_name} from #{repository_name}:latest")
+      @container = Docker::Container.create({
+        'name' => container_name,
+        'Image' => "#{repository_name}:latest",
+        'Cmd' => (command.is_a?(String) ? Shellwords.shellsplit(command) : command),
+        'AttachStdout' => true,
+        'AttachStderr' => true,
+        'TTY' => false
+      }, connection)
+
+      read_timeout = execute_timeout(options)
+      read_timeout = nil if read_timeout == 0
+      Docker.options[:read_timeout] = read_timeout
+      begin
+        stdout = ''
+        stderr = ''
+
+        attach_thread = Thread.new do
+          Chef::Log.debug("Setting timeout to 15 minutes")
+          Docker.options[:read_timeout] = (15 * 60)
+
+          Chef::Log.debug("Attaching to #{container_name}")
+          # Capture stdout / stderr
+          @container.attach do |type, str|
+            case type
+            when :stdout
+              stdout << str
+              stream_chunk(options, stdout, nil)
+            when :stderr
+              stderr << str
+              stream_chunk(options, nil, stderr)
+            else
+              raise "unexpected message type #{type}"
+            end
+          end
+
+          Chef::Log.debug("Removing temporary read timeout")
+          Docker.options.delete(:read_timeout)
+        end
+
+        begin
+          Chef::Log.debug("Starting #{container_name}")
+          # Start the container
+          @container.start
+
+          Chef::Log.debug("Grabbing exit status from #{container_name}")
+          # Capture exit code
+          exit_status = @container.wait(read_timeout)
+          attach_thread.join
+
+          unless options[:read_only]
+            Chef::Log.debug("Committing #{container_name} as #{repository_name}")
+            @image = @container.commit('repo' => repository_name)
+          end
+
+          Chef::Log.debug("Execute complete: status #{exit_status['StatusCode']}")
+          DockerResult.new(command, options, stdout, stderr, exit_status['StatusCode'])
+        ensure
+          Thread.kill(attach_thread) if attach_thread.alive?
+        end
+      ensure
+        Chef::Log.debug("Removing temporary read timeout")
+        Docker.options.delete(:read_timeout)
+      end
+    end
+
+    def read_file(path)
+      container = Docker::Container.create({
+        'Image' => "#{repository_name}:latest",
+        'Cmd' => %w(echo true)
+      }, connection)
+      begin
+        tarfile = ''
+        # NOTE: this would be more efficient if we made it a stream and passed that to Minitar
+        container.copy(path) do |block|
+          tarfile << block
+        end
+      rescue Docker::Error::ServerError
+        if $!.message =~ /500/
+          return nil
+        else
+          raise
+        end
+      ensure
+        container.delete
+      end
+
+      output = ''
+      Archive::Tar::Minitar::Input.open(StringIO.new(tarfile)) do |inp|
+        inp.each do |entry|
+          while next_output = entry.read
+            output << next_output
+          end
+          entry.close
+        end
+      end
+
+      output
+    end
+
+    def write_file(path, content)
+      # TODO hate tempfiles.  Find an in memory way.
+      Tempfile.open('metal_docker_write_file') do |file|
+        file.write(content)
+        file.close
+        @image = @image.insert_local('localPath' => file.path, 'outputPath' => path, 't' => "#{repository_name}:latest")
+      end
+    end
+
+    def download_file(path, local_path)
+      # TODO stream
+      file = File.open(local_path, 'w')
+      begin
+        file.write(read_file(path))
+        file.close
+      rescue
+        File.delete(file)
+      end
+    end
+
+    def upload_file(local_path, path)
+      @image = @image.insert_local('localPath' => local_path, 'outputPath' => path, 't' => "#{repository_name}:latest")
+    end
+
+    def make_url_available_to_remote(url)
+      # The host is already open to the container.  Just find out its address and return it!
+      uri = URI(url)
+      host = Socket.getaddrinfo(uri.host, uri.scheme, nil, :STREAM)[0][3]
+      if host == '127.0.0.1'
+        result = execute('ip route ls', :read_only => true)
+        if result.stdout =~ /default via (\S+)/
+          uri.host = $1
+          return uri.to_s
+        else
+          raise "Cannot forward port: ip route ls did not show default in expected format.\nSTDOUT: #{result.stdout}"
+        end
+      end
+      url
+    end
+
+    def disconnect
+    end
+
+    def available?
+    end
+
+    private
+
+    # Copy of container.attach with timeout support
+    def attach_with_timeout(container, options = {}, read_timeout, &block)
+      opts = {
+        :stream => true, :stdout => true, :stderr => true
+      }.merge(options)
+      # Creates list to store stdout and stderr messages
+      msgs = Docker::Messages.new
+      connection.post(
+        "/containers/#{container.id}/attach",
+        opts,
+        :response_block => attach_for(block, msgs),
+        :read_timeout => read_timeout
+      )
+      [msgs.stdout_messages, msgs.stderr_messages]
+    end
+
+    # Method that takes chunks and calls the attached block for each mux'd message
+    def attach_for(block, msg_stack)
+      messages = Docker::Messages.new
+      lambda do |c,r,t|
+        messages = messages.decipher_messages(c)
+        msg_stack.append(messages)
+
+        unless block.nil?
+          messages.stdout_messages.each do |msg|
+            block.call(:stdout, msg)
+          end
+          messages.stderr_messages.each do |msg|
+            block.call(:stderr, msg)
+          end
+        end
+      end
+    end
+
+    class DockerResult
+      def initialize(command, options, stdout, stderr, exitstatus)
+        @command = command
+        @options = options
+        @stdout = stdout
+        @stderr = stderr
+        @exitstatus = exitstatus
+      end
+
+      attr_reader :command
+      attr_reader :options
+      attr_reader :stdout
+      attr_reader :stderr
+      attr_reader :exitstatus
+
+      def error!
+        if exitstatus != 0
+          msg = "Error: command '#{command}' exited with code #{exitstatus}.\n"
+          msg << "STDOUT: #{stdout}" if !options[:stream] && !options[:stream_stdout] && Chef::Config.log_level != :debug
+          msg << "STDERR: #{stderr}" if !options[:stream] && !options[:stream_stderr] && Chef::Config.log_level != :debug
+          raise msg
+        end
+      end
+    end
+  end
+end