chef-metal-fog 0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 3ab481529a81ba71c5d9abb6432a399c4d6f1bb7
+  data.tar.gz: 727b503c48bd6064d37f9c512347ec6d16aa0111
+SHA512:
+  metadata.gz: a1b422d9526c41aee107ffc58e6ebaecb471f2c3b69d21210473e9ca603fc62a5b6ac0476a632feca41d3b2ef5c55fd9138b5ab7364354c6c858077e0e83addf
+  data.tar.gz: 30195a484d57766d08ba97b31eff98437b7bc49cd016a50d4515cebdcce549c10fec2b7b199a7473c634fbb22bc1fafe0f006f9120b399df04a8e05486cb0bd8

data/LICENSE

@@ -0,0 +1,201 @@
+                              Apache License
+                        Version 2.0, January 2004
+                     http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+   To apply the Apache License to your work, attach the following
+   boilerplate notice, with the fields enclosed by brackets "[]"
+   replaced with your own identifying information. (Don't include
+   the brackets!)  The text should be enclosed in the appropriate
+   comment syntax for the file format. We also recommend that a
+   file or class name and description of purpose be included on the
+   same "printed page" as the copyright notice for easier
+   identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md

@@ -0,0 +1,3 @@
+# chef-metal-fog
+
+This is the Fog provisioner for chef-metal.  It provides EC2, DigitalOcean and Openstack functionality.

data/Rakefile

@@ -0,0 +1,6 @@
+require 'bundler'
+require 'bundler/gem_tasks'
+
+task :spec do
+  require File.expand_path('spec/run')
+end

data/lib/chef/provider/fog_key_pair.rb

@@ -0,0 +1,170 @@
+require 'chef/provider/lwrp_base'
+require 'chef_metal/provider_action_handler'
+require 'chef_metal_fog/fog_provisioner'
+
+class Chef::Provider::FogKeyPair < Chef::Provider::LWRPBase
+
+  include ChefMetal::ProviderActionHandler
+
+  use_inline_resources
+
+  def whyrun_supported?
+    true
+  end
+
+  action :create do
+    create_key
+  end
+
+  action :delete do
+    if current_resource_exists?
+      converge_by "delete #{key_description}" do
+        case new_resource.provisioner.compute_options[:provider]
+        when 'DigitalOcean'
+          compute.destroy_key_pair(@current_id)
+        when 'OpenStack'
+          compute.key_pairs.destroy(@current_id)
+        else
+          compute.key_pairs.delete(new_resource.name)
+        end
+      end
+    end
+  end
+
+  def key_description
+    "#{new_resource.name} on #{new_resource.provisioner.provisioner_url}"
+  end
+
+  def create_key
+    if current_resource_exists?
+      # If the public keys are different, update the server public key
+      if !current_resource.private_key_path
+        if new_resource.allow_overwrite
+          ensure_keys
+        else
+          raise "#{key_description} already exists on the server, but the private key #{new_resource.private_key_path} does not exist!"
+        end
+      else
+        ensure_keys
+      end
+
+      new_fingerprint = case new_resource.provisioner.compute_options[:provider]
+      when 'DigitalOcean'
+        Cheffish::KeyFormatter.encode(desired_key, :format => :openssh)
+      when 'OpenStack'
+        Cheffish::KeyFormatter.encode(desired_key, :format => :openssh)
+      else
+        Cheffish::KeyFormatter.encode(desired_key, :format => :fingerprint)
+      end
+
+      if new_fingerprint != @current_fingerprint
+        if new_resource.allow_overwrite
+          converge_by "update #{key_description} to match local key at #{new_resource.private_key_path}" do
+            case new_resource.provisioner.compute_options[:provider]
+            when 'DigitalOcean'
+              compute.create_ssh_key(new_resource.name, Cheffish::KeyFormatter.encode(desired_key, :format => :openssh))
+            when 'OpenStack'
+              compute.create_key_pair(new_resource.name, Cheffish::KeyFormatter.encode(desired_key, :format => :openssh))
+            else
+              compute.import_key_pair(new_resource.name, Cheffish::KeyFormatter.encode(desired_key, :format => :openssh))
+            end
+          end
+        else
+          raise "#{key_description} does not match local private key, and allow_overwrite is false!"
+        end
+      end
+    else
+      # Generate the private and/or public keys if they do not exist
+      ensure_keys
+
+      # Create key
+      converge_by "create #{key_description} from local key at #{new_resource.private_key_path}" do
+        case new_resource.provisioner.compute_options[:provider]
+        when 'DigitalOcean'
+          compute.create_ssh_key(new_resource.name, Cheffish::KeyFormatter.encode(desired_key, :format => :openssh))
+        when 'OpenStack'
+          compute.create_key_pair(new_resource.name, Cheffish::KeyFormatter.encode(desired_key, :format => :openssh))
+        else
+          compute.import_key_pair(new_resource.name, Cheffish::KeyFormatter.encode(desired_key, :format => :openssh))
+        end
+      end
+    end
+  end
+
+  def ensure_keys
+    resource = new_resource
+    Cheffish.inline_resource(self) do
+      private_key resource.private_key_path do
+        public_key_path resource.public_key_path
+        if resource.private_key_options
+          resource.private_key_options.each_pair do |key,value|
+            send(key, value)
+          end
+        end
+      end
+    end
+  end
+
+  def desired_key
+    @desired_key ||= begin
+      if new_resource.public_key_path
+        public_key, format = Cheffish::KeyFormatter.decode(IO.read(new_resource.public_key_path))
+        public_key
+      else
+        private_key, format = Cheffish::KeyFormatter.decode(IO.read(new_resource.private_key_path))
+        private_key.public_key
+      end
+    end
+  end
+
+  def current_resource_exists?
+    @current_resource.action != [ :delete ]
+  end
+
+  def compute
+    new_resource.provisioner.compute
+  end
+
+  def current_public_key
+    current_resource.source_key
+  end
+
+  def load_current_resource
+    if !new_resource.provisioner.kind_of?(ChefMetalFog::FogProvisioner)
+      raise 'ec2_key_pair only works with fog_provisioner'
+    end
+    @current_resource = Chef::Resource::FogKeyPair.new(new_resource.name)
+    case new_resource.provisioner.compute_options[:provider]
+    when 'DigitalOcean'
+      current_key_pair = compute.ssh_keys.select { |key| key.name == new_resource.name }.first
+      if current_key_pair
+        @current_id = current_key_pair.id
+        @current_fingerprint = current_key_pair ? compute.ssh_keys.get(@current_id).ssh_pub_key : nil
+      else
+        current_resource.action :delete
+      end
+    when 'OpenStack'
+      current_key_pair = compute.key_pairs.get(new_resource.name)
+      if current_key_pair
+        @current_id = current_key_pair.name
+        @current_fingerprint = current_key_pair ? compute.key_pairs.get(@current_id).public_key : nil
+      else
+        current_resource.action :delete
+      end
+    else
+      current_key_pair = compute.key_pairs.get(new_resource.name)
+      if current_key_pair
+        @current_fingerprint = current_key_pair ? current_key_pair.fingerprint : nil
+      else
+        current_resource.action :delete
+      end
+    end
+
+    if new_resource.private_key_path && ::File.exist?(new_resource.private_key_path)
+      current_resource.private_key_path new_resource.private_key_path
+    end
+    if new_resource.public_key_path && ::File.exist?(new_resource.public_key_path)
+      current_resource.public_key_path new_resource.public_key_path
+    end
+  end
+end

data/lib/chef/resource/fog_key_pair.rb

@@ -0,0 +1,34 @@
+require 'chef_metal'
+
+class Chef::Resource::FogKeyPair < Chef::Resource::LWRPBase
+  self.resource_name = 'fog_key_pair'
+
+  def initialize(*args)
+    super
+    @provisioner = ChefMetal.enclosing_provisioner
+  end
+
+  def after_created
+    # Make the credentials usable
+    provisioner.key_pairs[name] = self
+  end
+
+  actions :create, :delete, :nothing
+  default_action :create
+
+  attribute :provisioner
+  # Private key to use as input (will be generated if it does not exist)
+  attribute :private_key_path, :kind_of => String
+  # Public key to use as input (will be generated if it does not exist)
+  attribute :public_key_path, :kind_of => String
+  # List of parameters to the private_key resource used for generation of the key
+  attribute :private_key_options, :kind_of => Hash
+
+  # TODO what is the right default for this?
+  attribute :allow_overwrite, :kind_of => [TrueClass, FalseClass], :default => false
+
+  # Proc that runs after the resource completes.  Called with (resource, private_key, public_key)
+  def after(&block)
+    block ? @after = block : @after
+  end
+end

data/lib/chef_metal/provisioner_init/fog_init.rb

@@ -0,0 +1,4 @@
+require 'chef_metal/provisioner/fog_provisioner'
+
+ChefMetal.add_registered_provisioner_class("fog",
+  ChefMetal::Provisioner::FogProvisioner)

data/lib/chef_metal_fog.rb

@@ -0,0 +1,20 @@
+require 'chef_metal'
+require 'chef/resource/fog_key_pair'
+require 'chef/provider/fog_key_pair'
+require 'chef_metal_fog/fog_provisioner'
+
+class Chef
+  class Recipe
+    def with_fog_provisioner(options = {}, &block)
+      ChefMetal.with_provisioner(ChefMetalFog::FogProvisioner.new(options), &block)
+    end
+
+    def with_fog_ec2_provisioner(options = {}, &block)
+      with_fog_provisioner({ :provider => 'AWS' }.merge(options), &block)
+    end
+
+    def with_fog_openstack_provisioner(options = {}, &block)
+      with_fog_provisioner({ :provider => 'OpenStack' }.merge(options), &block)
+    end
+  end
+end

data/lib/chef_metal_fog/fog_provisioner.rb

@@ -0,0 +1,546 @@
+require 'chef_metal/provisioner'
+require 'chef_metal/aws_credentials'
+require 'chef_metal/openstack_credentials'
+require 'chef_metal/version'
+require 'chef_metal/machine/windows_machine'
+require 'chef_metal/machine/unix_machine'
+require 'chef_metal/convergence_strategy/install_msi'
+require 'chef_metal/convergence_strategy/install_cached'
+require 'chef_metal/transport/ssh'
+require 'fog'
+require 'fog/compute'
+
+module ChefMetalFog
+  # Provisions machines in vagrant.
+  class FogProvisioner < ChefMetal::Provisioner
+
+    include Chef::Mixin::ShellOut
+
+    DEFAULT_OPTIONS = {
+      :create_timeout => 600,
+      :start_timeout => 600,
+      :ssh_timeout => 20
+    }
+
+    def self.inflate(node)
+      url = node['normal']['provisioner_output']['provisioner_url']
+      scheme, provider, id = url.split(':', 3)
+      FogProvisioner.new({ :provider => provider }, id)
+    end
+
+    # Create a new fog provisioner.
+    #
+    # ## Parameters
+    # compute_options - hash of options to be passed to Fog::Compute.new
+    # Special options:
+    #   - :base_bootstrap_options is merged with bootstrap_options in acquire_machine
+    #     to present the full set of bootstrap options.  Write down any bootstrap_options
+    #     you intend to apply universally here.
+    #   - :aws_credentials is an AWS CSV file (created with Download Credentials)
+    #     containing your aws key information.  If you do not specify aws_access_key_id
+    #     and aws_secret_access_key explicitly, the first line from this file
+    #     will be used.  You may pass a Cheffish::AWSCredentials object.
+    #   - :create_timeout - the time to wait for the instance to boot to ssh (defaults to 600)
+    #   - :start_timeout - the time to wait for the instance to start (defaults to 600)
+    #   - :ssh_timeout - the time to wait for ssh to be available if the instance is detected as up (defaults to 20)
+    # id - the ID in the provisioner_url (fog:PROVIDER:ID)
+    def initialize(compute_options, id=nil)
+      @compute_options = compute_options
+      @base_bootstrap_options = compute_options.delete(:base_bootstrap_options) || {}
+
+      case compute_options[:provider]
+      when 'AWS'
+        aws_credentials = compute_options.delete(:aws_credentials)
+        if aws_credentials
+          @aws_credentials = aws_credentials
+        else
+          @aws_credentials = ChefMetal::AWSCredentials.new
+          @aws_credentials.load_default
+        end
+        compute_options[:aws_access_key_id] ||= @aws_credentials.default[:access_key_id]
+        compute_options[:aws_secret_access_key] ||= @aws_credentials.default[:secret_access_key]
+        # TODO actually find a key with the proper id
+        # TODO let the user specify credentials and provider profiles that we can use
+        if id && aws_login_info[0] != id
+          raise "Default AWS credentials point at AWS account #{aws_login_info[0]}, but inflating from URL #{id}"
+        end
+      when 'OpenStack'
+        openstack_credentials = compute_options.delete(:openstack_credentials)
+        if openstack_credentials
+          @openstack_credentials = openstack_credentials
+        else
+          @openstack_credentials = ChefMetal::OpenstackCredentials.new
+          @openstack_credentials.load_default
+        end
+
+        compute_options[:openstack_username] ||= @openstack_credentials.default[:openstack_username]
+        compute_options[:openstack_api_key] ||= @openstack_credentials.default[:openstack_api_key]
+        compute_options[:openstack_auth_url] ||= @openstack_credentials.default[:openstack_auth_url]
+        compute_options[:openstack_tenant] ||= @openstack_credentials.default[:openstack_tenant]
+      end
+      @key_pairs = {}
+      @base_bootstrap_options_for = {}
+    end
+
+    attr_reader :compute_options
+    attr_reader :aws_credentials
+    attr_reader :openstack_credentials
+    attr_reader :key_pairs
+
+    def current_base_bootstrap_options
+      result = @base_bootstrap_options.dup
+      if key_pairs.size > 0
+        last_pair_name = key_pairs.keys.last
+        last_pair = key_pairs[last_pair_name]
+        result[:key_name] ||= last_pair_name
+        result[:private_key_path] ||= last_pair.private_key_path
+        result[:public_key_path] ||= last_pair.public_key_path
+      end
+      result
+    end
+
+    # Inflate a provisioner from node information; we don't want to force the
+    # driver to figure out what the provisioner really needs, since it varies
+    # from provisioner to provisioner.
+    #
+    # ## Parameters
+    # node - node to inflate the provisioner for
+    #
+    # returns a FogProvisioner
+    # TODO: def self.inflate(node)
+    # right now, not implemented, will raise error from base class until overridden
+
+    # Acquire a machine, generally by provisioning it.  Returns a Machine
+    # object pointing at the machine, allowing useful actions like setup,
+    # converge, execute, file and directory.  The Machine object will have a
+    # "node" property which must be saved to the server (if it is any
+    # different from the original node object).
+    #
+    # ## Parameters
+    # action_handler - the action_handler object that is calling this method; this
+    #        is generally a action_handler, but could be anything that can support the
+    #        ChefMetal::ActionHandler interface (i.e., in the case of the test
+    #        kitchen metal driver for acquiring and destroying VMs; see the base
+    #        class for what needs providing).
+    # node - node object (deserialized json) representing this machine.  If
+    #        the node has a provisioner_options hash in it, these will be used
+    #        instead of options provided by the provisioner.  TODO compare and
+    #        fail if different?
+    #        node will have node['normal']['provisioner_options'] in it with any options.
+    #        It is a hash with this format:
+    #
+    #           -- provisioner_url: fog:<relevant_fog_options>
+    #           -- bootstrap_options: hash of options to pass to compute.servers.create
+    #           -- is_windows: true if windows.  TODO detect this from ami?
+    #           -- create_timeout - the time to wait for the instance to boot to ssh (defaults to 600)
+    #           -- start_timeout - the time to wait for the instance to start (defaults to 600)
+    #           -- ssh_timeout - the time to wait for ssh to be available if the instance is detected as up (defaults to 20)
+    #
+    #        Example bootstrap_options for ec2:
+    #           :image_id =>'ami-311f2b45',
+    #           :flavor_id =>'t1.micro',
+    #           :key_name => 'key-pair-name'
+    #
+    #        node['normal']['provisioner_output'] will be populated with information
+    #        about the created machine.  For vagrant, it is a hash with this
+    #        format:
+    #
+    #           -- provisioner_url: fog:<relevant_fog_options>
+    #           -- server_id: the ID of the server so it can be found again
+    #
+    def acquire_machine(action_handler, node)
+      # Set up the modified node data
+      provisioner_output = node['normal']['provisioner_output'] || {
+        'provisioner_url' => provisioner_url,
+        'provisioner_version' => ChefMetal::VERSION,
+        'creator' => aws_login_info[1]
+      }
+
+      if provisioner_output['provisioner_url'] != provisioner_url
+        if (provisioner_output['provisioner_version'].to_f <= 0.3) && provisioner_output['provisioner_url'].start_with?('fog:AWS:') && compute_options[:provider] == 'AWS'
+          Chef::Log.warn "The upgrade from chef-metal 0.3 to 0.4 changed the provisioner URL format!  Metal will assume you are in fact using the same AWS account, and modify the provisioner URL to match."
+          provisioner_output['provisioner_url'] = provisioner_url
+          provisioner_output['provisioner_version'] ||= ChefMetal::VERSION
+          provisioner_output['creator'] ||= aws_login_info[1]
+        else
+          raise "Switching providers for a machine is not currently supported!  Use machine :destroy and then re-create the machine on the new action_handler."
+        end
+      end
+
+      node['normal']['provisioner_output'] = provisioner_output
+
+      if provisioner_output['server_id']
+
+        # If the server already exists, make sure it is up
+
+        # TODO verify that the server info matches the specification (ami, etc.)\
+        server = server_for(node)
+        if !server
+          Chef::Log.warn "Machine #{node['name']} (#{provisioner_output['server_id']} on #{provisioner_url}) is not associated with the ec2 account.  Recreating ..."
+          need_to_create = true
+        elsif %w(terminated archive).include?(server.state) # Can't come back from that
+          Chef::Log.warn "Machine #{node['name']} (#{server.id} on #{provisioner_url}) is terminated.  Recreating ..."
+          need_to_create = true
+        else
+          need_to_create = false
+          if !server.ready?
+            action_handler.perform_action "start machine #{node['name']} (#{server.id} on #{provisioner_url})" do
+              server.start
+            end
+            action_handler.perform_action "wait for machine #{node['name']} (#{server.id} on #{provisioner_url}) to be ready" do
+              wait_until_ready(server, option_for(node, :start_timeout))
+            end
+          else
+            wait_until_ready(server, option_for(node, :ssh_timeout))
+          end
+        end
+      else
+        need_to_create = true
+      end
+
+      if need_to_create
+        # If the server does not exist, create it
+        bootstrap_options = bootstrap_options_for(action_handler.new_resource, node)
+        bootstrap_options.merge(:name => action_handler.new_resource.name)
+
+        start_time = Time.now
+        timeout = option_for(node, :create_timeout)
+
+        description = [ "create machine #{node['name']} on #{provisioner_url}" ]
+        bootstrap_options.each_pair { |key,value| description << "    #{key}: #{value.inspect}" }
+        server = nil
+        action_handler.perform_action description do
+          server = compute.servers.create(bootstrap_options)
+          provisioner_output['server_id'] = server.id
+          # Save quickly in case something goes wrong
+          save_node(action_handler, node, action_handler.new_resource.chef_server)
+        end
+
+        if server
+          @@ip_pool_lock = Mutex.new
+          # Re-retrieve the server in a more malleable form and wait for it to be ready
+          server = compute.servers.get(server.id)
+          if bootstrap_options[:floating_ip_pool]
+            Chef::Log.info 'Attaching IP from pool'
+            server.wait_for { ready? }
+            action_handler.perform_action "attach floating IP from #{bootstrap_options[:floating_ip_pool]} pool" do
+              attach_ip_from_pool(server, bootstrap_options[:floating_ip_pool])
+            end
+          elsif bootstrap_options[:floating_ip]
+            Chef::Log.info 'Attaching given IP'
+            server.wait_for { ready? }
+            action_handler.perform_action "attach floating IP #{bootstrap_options[:floating_ip]}" do
+              attach_ip(server, bootstrap_options[:floating_ip])
+            end
+          end
+          action_handler.perform_action "machine #{node['name']} created as #{server.id} on #{provisioner_url}" do
+          end
+          # Wait for the machine to come up and for ssh to start listening
+          transport = nil
+          _self = self
+          action_handler.perform_action "wait for machine #{node['name']} to boot" do
+            server.wait_for(timeout - (Time.now - start_time)) do
+              if ready?
+                transport ||= _self.transport_for(server)
+                begin
+                  transport.execute('pwd')
+                  true
+                rescue Errno::ECONNREFUSED, Net::SSH::Disconnect
+                  false
+                rescue
+                  true
+                end
+              else
+                false
+              end
+            end
+          end
+
+          # If there is some other error, we just wait patiently for SSH
+          begin
+            server.wait_for(option_for(node, :ssh_timeout)) { transport.available? }
+          rescue Fog::Errors::TimeoutError
+            # Sometimes (on EC2) the machine comes up but gets stuck or has
+            # some other problem.  If this is the case, we restart the server
+            # to unstick it.  Reboot covers a multitude of sins.
+            Chef::Log.warn "Machine #{node['name']} (#{server.id} on #{provisioner_url}) was started but SSH did not come up.  Rebooting machine in an attempt to unstick it ..."
+            action_handler.perform_action "reboot machine #{node['name']} to try to unstick it" do
+              server.reboot
+            end
+            action_handler.perform_action "wait for machine #{node['name']} to be ready after reboot" do
+              wait_until_ready(server, option_for(node, :start_timeout))
+            end
+          end
+        end
+      end
+
+      # Create machine object for callers to use
+      machine_for(node, server)
+    end
+
+    # Attach IP to machine from IP pool
+    # Code taken from kitchen-openstack driver
+    #    https://github.com/test-kitchen/kitchen-openstack/blob/master/lib/kitchen/driver/openstack.rb#L196-L207
+    def attach_ip_from_pool(server, pool)
+      @@ip_pool_lock.synchronize do
+        Chef::Log.info "Attaching floating IP from <#{pool}> pool"
+        free_addrs = compute.addresses.collect do |i|
+          i.ip if i.fixed_ip.nil? and i.instance_id.nil? and i.pool == pool
+        end.compact
+        if free_addrs.empty?
+          raise ActionFailed, "No available IPs in pool <#{pool}>"
+        end
+        attach_ip(server, free_addrs[0])
+      end
+    end
+
+    # Attach given IP to machine
+    # Code taken from kitchen-openstack driver
+    #    https://github.com/test-kitchen/kitchen-openstack/blob/master/lib/kitchen/driver/openstack.rb#L209-L213
+    def attach_ip(server, ip)
+      Chef::Log.info "Attaching floating IP <#{ip}>"
+      server.associate_address ip
+      (server.addresses['public'] ||= []) << { 'version' => 4, 'addr' => ip }
+    end
+
+    # Connect to machine without acquiring it
+    def connect_to_machine(node)
+      machine_for(node)
+    end
+
+    def delete_machine(action_handler, node)
+      if node['normal']['provisioner_output'] && node['normal']['provisioner_output']['server_id']
+        server = compute.servers.get(node['normal']['provisioner_output']['server_id'])
+        action_handler.perform_action "destroy machine #{node['name']} (#{node['normal']['provisioner_output']['server_id']} at #{provisioner_url})" do
+          server.destroy
+        end
+        convergence_strategy_for(node).cleanup_convergence(action_handler, node)
+      end
+    end
+
+    def stop_machine(action_handler, node)
+      # If the machine doesn't exist, we silently do nothing
+      if node['normal']['provisioner_output'] && node['normal']['provisioner_output']['server_id']
+        server = compute.servers.get(node['normal']['provisioner_output']['server_id'])
+        action_handler.perform_action "stop machine #{node['name']} (#{server.id} at #{provisioner_url})" do
+          server.stop
+        end
+      end
+    end
+
+    def resource_created(machine)
+      @base_bootstrap_options_for[machine] = current_base_bootstrap_options
+    end
+
+
+    def compute
+      @compute ||= Fog::Compute.new(compute_options)
+    end
+
+    def provisioner_url
+      provider_identifier = case compute_options[:provider]
+        when 'AWS'
+          aws_login_info[0]
+        when 'DigitalOcean'
+          compute_options[:digitalocean_client_id]
+        when 'OpenStack'
+          compute_options[:openstack_auth_url]
+        else
+          '???'
+      end
+      "fog:#{compute_options[:provider]}:#{provider_identifier}"
+    end
+
+    # Not meant to be part of public interface
+    def transport_for(server)
+      # TODO winrm
+      create_ssh_transport(server)
+    end
+
+    protected
+
+    def option_for(node, key)
+      if node['normal']['provisioner_options'] && node['normal']['provisioner_options'][key.to_s]
+        node['normal']['provisioner_options'][key.to_s]
+      elsif compute_options[key]
+        compute_options[key]
+      else
+        DEFAULT_OPTIONS[key]
+      end
+    end
+
+    # Returns [ Account ID, User ]
+    # Account ID is the 12 digit identifier on your Manage Account page in AWS Console.  It is used as part of all ARNs identifying resources.
+    # User is an identifier like "root" or "user/username" or "federated-user/username"
+    def aws_login_info
+      @aws_login_info ||= begin
+        iam = Fog::AWS::IAM.new(:aws_access_key_id => compute_options[:aws_access_key_id], :aws_secret_access_key => compute_options[:aws_secret_access_key])
+        arn = begin
+          # TODO it would be nice if Fog let you do this normally ...
+          iam.send(:request, {
+            'Action'    => 'GetUser',
+            :parser     => Fog::Parsers::AWS::IAM::GetUser.new
+          }).body['User']['Arn']
+        rescue Fog::AWS::IAM::Error
+          # TODO Someone tell me there is a better way to find out your current
+          # user ID than this!  This is what happens when you use an IAM user
+          # with default privileges.
+          if $!.message =~ /AccessDenied.+(arn:aws:iam::\d+:\S+)/
+            arn = $1
+          else
+            raise
+          end
+        end
+        arn.split(':')[4..5]
+      end
+    end
+
+    def symbolize_keys(options)
+      options.inject({}) { |result,(key,value)| result[key.to_sym] = value; result }
+    end
+
+    def server_for(node)
+      if node['normal']['provisioner_output'] && node['normal']['provisioner_output']['server_id']
+        compute.servers.get(node['normal']['provisioner_output']['server_id'])
+      else
+        nil
+      end
+    end
+
+    def bootstrap_options_for(machine, node)
+      provisioner_options = node['normal']['provisioner_options'] || {}
+      bootstrap_options = @base_bootstrap_options_for[machine] || current_base_bootstrap_options
+      bootstrap_options = bootstrap_options.merge(symbolize_keys(provisioner_options['bootstrap_options'] || {}))
+      require 'socket'
+      require 'etc'
+      tags = {
+          'Name' => node['name'],
+          'BootstrapChefServer' => machine.chef_server[:chef_server_url],
+          'BootstrapHost' => Socket.gethostname,
+          'BootstrapUser' => Etc.getlogin,
+          'BootstrapNodeName' => node['name']
+      }
+      if machine.chef_server[:options] && machine.chef_server[:options][:data_store]
+        tags['ChefLocalRepository'] = machine.chef_server[:options][:data_store].chef_fs.fs_description
+      end
+      # User-defined tags override the ones we set
+      tags.merge!(bootstrap_options[:tags]) if bootstrap_options[:tags]
+      bootstrap_options.merge!({ :tags => tags })
+
+      # Provide reasonable defaults for DigitalOcean
+      if compute_options[:provider] == 'DigitalOcean'
+        if !bootstrap_options[:image_id]
+          bootstrap_options[:image_name] ||= 'CentOS 6.4 x32'
+          bootstrap_options[:image_id] = compute.images.select { |image| image.name == bootstrap_options[:image_name] }.first.id
+        end
+        if !bootstrap_options[:flavor_id]
+          bootstrap_options[:flavor_name] ||= '512MB'
+          bootstrap_options[:flavor_id] = compute.flavors.select { |flavor| flavor.name == bootstrap_options[:flavor_name] }.first.id
+        end
+        if !bootstrap_options[:region_id]
+          bootstrap_options[:region_name] ||= 'San Francisco 1'
+          bootstrap_options[:region_id] = compute.regions.select { |region| region.name == bootstrap_options[:region_name] }.first.id
+        end
+        bootstrap_options[:ssh_key_ids] ||= [ compute.ssh_keys.select { |k| k.name == bootstrap_options[:key_name] }.first.id ]
+
+        # You don't get to specify name yourself
+        bootstrap_options[:name] = node['name']
+      end
+
+      bootstrap_options
+    end
+
+    def machine_for(node, server = nil)
+      server ||= server_for(node)
+      if !server
+        raise "Server for node #{node['name']} has not been created!"
+      end
+
+      if node['normal']['provisioner_options'] && node['normal']['provisioner_options']['is_windows']
+        ChefMetal::Machine::WindowsMachine.new(node, transport_for(server), convergence_strategy_for(node))
+      else
+        ChefMetal::Machine::UnixMachine.new(node, transport_for(server), convergence_strategy_for(node))
+      end
+    end
+
+    def convergence_strategy_for(node)
+      if node['normal']['provisioner_options'] && node['normal']['provisioner_options']['is_windows']
+        @windows_convergence_strategy ||= begin
+          ChefMetal::ConvergenceStrategy::InstallMsi.new
+        end
+      else
+        @unix_convergence_strategy ||= begin
+          ChefMetal::ConvergenceStrategy::InstallCached.new
+        end
+      end
+    end
+
+    def ssh_options_for(server)
+      result = {
+# TODO create a user known hosts file
+#          :user_known_hosts_file => vagrant_ssh_config['UserKnownHostsFile'],
+#          :paranoid => true,
+        :auth_methods => [ 'publickey' ],
+        :keys_only => true,
+        :host_key_alias => "#{server.id}.#{compute_options[:provider]}"
+      }
+      if server.respond_to?(:private_key) && server.private_key
+        result[:keys] = [ server.private_key ]
+      elsif server.respond_to?(:key_name) && key_pairs[server.key_name]
+        # TODO generalize for others?
+        result[:keys] ||= [ key_pairs[server.key_name].private_key_path ]
+      else
+        # TODO need a way to know which key if there were multiple
+        result[:keys] = [ key_pairs.first[1].private_key_path ]
+      end
+      result
+    end
+
+    def create_ssh_transport(server)
+      ssh_options = ssh_options_for(server)
+      # If we're on AWS, the default is to use ubuntu, not root
+      if compute_options[:provider] == 'AWS'
+        username = compute_options[:ssh_username] || 'ubuntu'
+      else
+        username = compute_options[:ssh_username] || 'root'
+      end
+      options = {}
+      if compute_options[:sudo] || (!compute_options.has_key?(:sudo) && username != 'root')
+        options[:prefix] = 'sudo '
+      end
+
+      remote_host = nil
+      if compute_options[:use_private_ip_for_ssh]
+        remote_host = server.private_ip_address
+      elsif !server.public_ip_address
+        Chef::Log.warn("Server has no public ip address.  Using private ip '#{server.private_ip_address}'.  Set provisioner option 'use_private_ip_for_ssh' => true if this will always be the case ...")
+        remote_host = server.private_ip_address
+      elsif server.public_ip_address
+        remote_host = server.public_ip_address
+      else
+        raise "Server #{server.id} has no private or public IP address!"
+      end
+
+      #Enable pty by default
+      options[:ssh_pty_enable] = true
+
+      ChefMetal::Transport::SSH.new(remote_host, username, ssh_options, options)
+    end
+
+    def wait_until_ready(server, timeout)
+      transport = nil
+      _self = self
+      server.wait_for(timeout) do
+        if transport
+          transport.available?
+        elsif ready?
+          # Don't create the transport until the machine is ready (we won't have the host till then)
+          transport = _self.transport_for(server)
+          transport.available?
+        else
+          false
+        end
+      end
+    end
+  end
+end

data/lib/chef_metal_fog/version.rb

@@ -0,0 +1,3 @@
+module ChefMetalFog
+  VERSION = '0.1'
+end

metadata

@@ -0,0 +1,111 @@
+--- !ruby/object:Gem::Specification
+name: chef-metal-fog
+version: !ruby/object:Gem::Version
+  version: '0.1'
+platform: ruby
+authors:
+- John Keiser
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-04-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: chef
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: fog
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Provisioner for creating Fog instances in Chef Metal.
+email: jkeiser@getchef.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- README.md
+- LICENSE
+files:
+- Rakefile
+- LICENSE
+- README.md
+- lib/chef/provider/fog_key_pair.rb
+- lib/chef/resource/fog_key_pair.rb
+- lib/chef_metal/provisioner_init/fog_init.rb
+- lib/chef_metal_fog/fog_provisioner.rb
+- lib/chef_metal_fog/version.rb
+- lib/chef_metal_fog.rb
+- lib/fog.rb
+homepage: https://github.com/opscode/chef-metal-fog
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: Provisioner for creating Fog instances in Chef Metal.
+test_files: []
+has_rdoc: