chef-metal 0.1

data/lib/chef_metal/convergence_strategy.rb

@@ -0,0 +1,15 @@
+module ChefMetal
+  class ConvergenceStrategy
+    def setup_convergence(provider, machine, machine_resource)
+      raise "setup_convergence not overridden on #{self.class}"
+    end
+
+    def converge(provider, machine)
+      raise "converge not overridden on #{self.class}"
+    end
+
+    def delete_chef_objects(provider, node)
+      raise "delete_chef_objects not overridden on #{self.class}"
+    end
+  end
+end

data/lib/chef_metal/convergence_strategy/install_msi.rb

@@ -0,0 +1,41 @@
+require 'chef_metal/convergence_strategy/precreate_chef_objects'
+require 'pathname'
+
+module ChefMetal
+  class ConvergenceStrategy
+    class InstallMsi < PrecreateChefObjects
+      @@install_msi_cache = {}
+
+      def initialize(options = {})
+        @install_msi_url = options[:install_msi_url] || 'http://www.opscode.com/chef/install.msi'
+        @install_msi_path = options[:install_msi_path] || "%TEMP%\\#{File.basename(@install_msi_url)}"
+      end
+
+      attr_reader :install_msi_url
+      attr_reader :install_msi_path
+
+      def setup_convergence(provider, machine, machine_resource)
+        system_drive = machine.execute_always('$env:SystemDrive').stdout.strip
+        @client_rb_path ||= "#{system_drive}\\chef\\client.rb"
+        @client_pem_path ||= "#{system_drive}\\chef\\client.pem"
+
+        super
+
+        # Install chef-client.  TODO check and update version if not latest / not desired
+        if machine.execute_always('chef-client -v').exitstatus != 0
+          # TODO ssh verification of install.sh before running arbtrary code would be nice?
+          # TODO find a way to cache this on the host like with the Unix stuff.
+          # Limiter is we don't know how to efficiently upload large files to
+          # the remote machine with WMI.
+          machine.execute(provider, "(New-Object System.Net.WebClient).DownloadFile(#{machine.escape(install_msi_url)}, #{machine.escape(install_msi_path)})")
+          machine.execute(provider, "msiexec /qn /i #{machine.escape(install_msi_path)}")
+        end
+      end
+
+      def converge(provider, machine)
+        # TODO For some reason I get a 500 back if I don't do -l debug
+        machine.transport.execute("chef-client -l debug")
+      end
+    end
+  end
+end

data/lib/chef_metal/convergence_strategy/install_sh.rb

@@ -0,0 +1,36 @@
+require 'chef_metal/convergence_strategy/precreate_chef_objects'
+require 'pathname'
+
+module ChefMetal
+  class ConvergenceStrategy
+    class InstallSh < PrecreateChefObjects
+      @@install_sh_cache = {}
+
+      def initialize(options = {})
+        @install_sh_url = options[:install_sh_url] || 'http://www.opscode.com/chef/install.sh'
+        @install_sh_path = options[:install_sh_path] || '/tmp/chef-install.sh'
+        @client_rb_path ||= '/etc/chef/client.rb'
+        @client_pem_path ||= '/etc/chef/client.pem'
+      end
+
+      attr_reader :install_sh_url
+      attr_reader :install_sh_path
+
+      def setup_convergence(provider, machine, machine_resource)
+        super
+
+        # Install chef-client.  TODO check and update version if not latest / not desired
+        if machine.execute_always('chef-client -v').exitstatus != 0
+          # TODO ssh verification of install.sh before running arbtrary code would be nice?
+          @@install_sh_cache[install_sh_url] ||= Net::HTTP.get(URI(install_sh_url))
+          machine.write_file(provider, install_sh_path, @@install_sh_cache[install_sh_url], :ensure_dir => true)
+          machine.execute(provider, "bash #{install_sh_path}")
+        end
+      end
+
+      def converge(provider, machine)
+        machine.execute(provider, 'chef-client')
+      end
+    end
+  end
+end

data/lib/chef_metal/convergence_strategy/precreate_chef_objects.rb

@@ -0,0 +1,140 @@
+require 'chef_metal/convergence_strategy'
+require 'pathname'
+
+module ChefMetal
+  class ConvergenceStrategy
+    class PrecreateChefObjects < ConvergenceStrategy
+      def initialize(options = {})
+        super
+        @client_rb_path = options[:client_rb_path]
+        @client_pem_path = options[:client_pem_path]
+      end
+
+      attr_reader :client_rb_path
+      attr_reader :client_pem_path
+
+      def setup_convergence(provider, machine, machine_resource)
+        # Create keys on machine
+        public_key = create_keys(provider, machine, machine_resource)
+        # Create node and client on chef server
+        create_chef_objects(provider, machine, machine_resource, public_key)
+
+        # If the chef server lives on localhost, tunnel the port through to the guest
+        chef_server_url = machine_resource.chef_server[:chef_server_url]
+        url = URI(chef_server_url)
+        # TODO IPv6
+        if is_localhost(url.host)
+          machine.forward_remote_port_to_local(url.port, url.port)
+        end
+
+        # Create client.rb and client.pem on machine
+        content = client_rb_content(chef_server_url, machine.node['name'])
+        machine.write_file(provider, client_rb_path, content, :ensure_dir => true)
+      end
+
+      def delete_chef_objects(provider, node)
+        ChefMetal.inline_resource(provider) do
+          chef_node node['name'] do
+            action :delete
+          end
+          chef_client node['name'] do
+            action :delete
+          end
+        end
+      end
+
+      protected
+
+      def create_keys(provider, machine, machine_resource)
+        server_private_key = machine.read_file(client_pem_path)
+        if server_private_key
+          begin
+            server_private_key, format = Cheffish::KeyFormatter.decode(server_private_key)
+          rescue
+            server_private_key = nil
+          end
+        end
+
+        if server_private_key
+          source_key = source_key_for(machine_resource)
+          if source_key && server_private_key.to_pem != source_key.to_pem
+            # If the server private key does not match our source key, overwrite it
+            server_private_key = source_key
+            if machine_resource.allow_overwrite_keys
+              machine.write_file(provider, client_pem_path, server_private_key.to_pem, :ensure_dir => true)
+            else
+              raise "Private key on machine #{machine_resource.name} does not match desired input key."
+            end
+          end
+
+        else
+  
+          # If the server does not already have keys, create them and upload
+          Cheffish.inline_resource(provider) do
+            private_key 'in_memory' do
+              path :none
+              if machine_resource.private_key_options
+                machine_resource.private_key_options.each_pair do |key,value|
+                  send(key, value)
+                end
+              end
+              after { |resource, private_key| server_private_key = private_key }
+            end
+          end
+
+          machine.write_file(provider, client_pem_path, server_private_key.to_pem, :ensure_dir => true)
+        end
+
+        server_private_key.public_key
+      end
+
+      def is_localhost(host)
+        host == '127.0.0.1' || host == 'localhost' || host == '[::1]'
+      end
+
+      def source_key_for(machine_resource)
+        if machine_resource.source_key.is_a?(String)
+          key, format = Cheffish::KeyFormatter.decode(machine_resource.source_key, machine_resource.source_key_pass_phrase)
+          key
+        elsif machine_resource.source_key
+          machine_resource.source_key
+        elsif machine_resource.source_key_path
+          key, format = Cheffish::KeyFormatter.decode(IO.read(machine_resource.source_key_path), machine_resource.source_key_pass_phrase, machine_resource.source_key_path)
+          key
+        else
+          nil
+        end
+      end
+
+      def create_chef_objects(provider, machine, machine_resource, public_key)
+        # Save the node and create the client keys and client.
+        ChefMetal.inline_resource(provider) do
+          # Create node
+          # TODO strip automatic attributes first so we don't race with "current state"
+          chef_node machine.node['name'] do
+            chef_server machine_resource.chef_server
+            raw_json machine.node
+          end
+
+          # Create client
+          chef_client machine.node['name'] do
+            chef_server machine_resource.chef_server
+            source_key public_key
+            output_key_path machine_resource.public_key_path
+            output_key_format machine_resource.public_key_format
+            admin machine_resource.admin
+            validator machine_resource.validator
+          end
+        end
+      end
+
+      def client_rb_content(chef_server_url, node_name)
+        <<EOM
+chef_server_url #{chef_server_url.inspect}
+node_name #{node_name.inspect}
+client_key #{client_pem_path.inspect}
+EOM
+      end
+    end
+  end
+end

data/lib/chef_metal/inline_resource.rb

@@ -0,0 +1,88 @@
+module ChefMetal
+  class InlineResource
+    def initialize(provider)
+      @provider = provider
+    end
+
+    attr_reader :provider
+
+    def run_context
+      provider.run_context
+    end
+
+    def method_missing(method_symbol, *args, &block)
+      # Stolen ruthlessly from Chef's chef/dsl/recipe.rb
+
+      # Checks the new platform => short_name => resource mapping initially
+      # then fall back to the older approach (Chef::Resource.const_get) for
+      # backward compatibility
+      resource_class = Chef::Resource.resource_for_node(method_symbol, provider.run_context.node)
+
+      super unless resource_class
+      raise ArgumentError, "You must supply a name when declaring a #{method_symbol} resource" unless args.size > 0
+
+      # If we have a resource like this one, we want to steal its state
+      args << run_context
+      resource = resource_class.new(*args)
+      resource.source_line = caller[0]
+      resource.load_prior_resource
+      resource.cookbook_name = provider.cookbook_name
+      resource.recipe_name = @recipe_name
+      resource.params = @params
+      # Determine whether this resource is being created in the context of an enclosing Provider
+      resource.enclosing_provider = provider.is_a?(Chef::Provider) ? provider : nil
+      # Evaluate resource attribute DSL
+      resource.instance_eval(&block) if block
+
+      # Run optional resource hook
+      resource.after_created
+
+      # Do NOT put this in the resource collection.
+      #run_context.resource_collection.insert(resource)
+
+      # Instead, run the action directly.
+      Array(resource.action).each do |action|
+        resource.updated_by_last_action(false)
+        run_provider_action(resource.provider_for_action(action))
+        provider.new_resource.updated_by_last_action(true) if resource.updated_by_last_action?
+      end
+      resource
+    end
+
+    # Do Chef::Provider.run_action, but without events
+    def run_provider_action(inline_provider)
+      if !inline_provider.whyrun_supported?
+        raise "#{inline_provider} is not why-run-safe.  Only why-run-safe resources are supported in inline_resource."
+      end
+
+      # Blatantly ripped off from chef/provider run_action
+
+      # TODO: it would be preferable to get the action to be executed in the
+      # constructor...
+
+      # user-defined LWRPs may include unsafe load_current_resource methods that cannot be run in whyrun mode
+      inline_provider.load_current_resource
+      inline_provider.define_resource_requirements
+      inline_provider.process_resource_requirements
+
+      # user-defined providers including LWRPs may
+      # not include whyrun support - if they don't support it
+      # we can't execute any actions while we're running in
+      # whyrun mode. Instead we 'fake' whyrun by documenting that
+      # we can't execute the action.
+      # in non-whyrun mode, this will still cause the action to be
+      # executed normally.
+      if inline_provider.whyrun_supported? && !inline_provider.requirements.action_blocked?(@action)
+        inline_provider.send("action_#{inline_provider.action}")
+      elsif !inline_provider.whyrun_mode?
+        inline_provider.send("action_#{inline_provider.action}")
+      end
+
+      if inline_provider.resource_updated?
+        inline_provider.new_resource.updated_by_last_action(true)
+      end
+
+      inline_provider.cleanup_after_converge
+    end
+  end
+end

data/lib/chef_metal/machine.rb

@@ -0,0 +1,79 @@
+module ChefMetal
+  class Machine
+    def initialize(node)
+      @node = node
+    end
+
+    attr_reader :node
+
+    # Sets up everything necessary for convergence to happen on the machine.
+    # The node MUST be saved as part of this procedure.  Other than that,
+    # nothing is guaranteed except that converge() will work when this is done.
+    def setup_convergence(provider)
+      raise "setup_convergence not overridden on #{self.class}"
+    end
+
+    def converge(provider)
+      raise "converge not overridden on #{self.class}"
+    end
+
+
+    def execute(provider, command)
+      raise "execute not overridden on #{self.class}"
+    end
+
+    def read_file(path)
+      raise "read_file not overridden on #{self.class}"
+    end
+
+    def download_file(provider, path, local_path)
+      raise "read_file not overridden on #{self.class}"
+    end
+
+    def write_file(provider, path, content)
+      raise "write_file not overridden on #{self.class}"
+    end
+
+    def upload_file(provider, local_path, path)
+      raise "write_file not overridden on #{self.class}"
+    end
+
+    def create_dir(provider, path)
+      raise "create_dir not overridden on #{self.class}"
+    end
+
+    # Delete file
+    def delete_file(provider, path)
+      raise "delete_file not overridden on #{self.class}"
+    end
+
+    # Return true or false depending on whether file exists
+    def file_exists?(path)
+      raise "file_exists? not overridden on #{self.class}"
+    end
+
+    # Return true or false depending on whether remote file differs from local path or content
+    def files_different?(path, local_path, content=nil)
+      raise "file_different? not overridden on #{self.class}"
+    end
+
+    # Set file attributes { mode, :owner, :group }
+    def set_attributes(provider, path, attributes)
+      raise "set_attributes not overridden on #{self.class}"
+    end
+
+    # Get file attributes { :mode, :owner, :group }
+    def get_attributes(path)
+      raise "get_attributes not overridden on #{self.class}"
+    end
+
+    # Forward a remote port to local for the duration of the current connection
+    def forward_remote_port_to_local(remote_port, local_port)
+      raise "forward_remote_port_to_local not overridden on #{self.class}"
+    end
+
+    def disconnect
+      raise "disconnect not overridden on #{self.class}"
+    end
+  end
+end

data/lib/chef_metal/machine/basic_machine.rb

@@ -0,0 +1,79 @@
+require 'chef_metal/machine'
+
+module ChefMetal
+  class Machine
+    class BasicMachine < Machine
+      def initialize(node, transport, convergence_strategy)
+        super(node)
+        @transport = transport
+        @convergence_strategy = convergence_strategy
+      end
+
+      attr_reader :transport
+      attr_reader :convergence_strategy
+
+      # Sets up everything necessary for convergence to happen on the machine.
+      # The node MUST be saved as part of this procedure.  Other than that,
+      # nothing is guaranteed except that converge() will work when this is done.
+      def setup_convergence(provider, machine_resource)
+        convergence_strategy.setup_convergence(provider, self, machine_resource)
+      end
+
+      def converge(provider)
+        convergence_strategy.converge(provider, self)
+      end
+
+      def execute(provider, command)
+        provider.converge_by "run '#{command}' on #{node['name']}" do
+          transport.execute(command).error!
+        end
+      end
+
+      def execute_always(command)
+        transport.execute(command)
+      end
+
+      def read_file(path)
+        transport.read_file(path)
+      end
+
+      def download_file(provider, path, local_path)
+        if files_different?(path, local_path)
+          provider.converge_by "download file #{path} on #{node['name']} to #{local_path}" do
+            transport.download_file(path, local_path)
+          end
+        end
+      end
+
+      def write_file(provider, path, content, options = {})
+        if files_different?(path, nil, content)
+          if options[:ensure_dir]
+            create_dir(provider, dirname_on_machine(path))
+          end
+          provider.converge_by "write file #{path} on #{node['name']}" do
+            transport.write_file(path, content)
+          end
+        end
+      end
+
+      def upload_file(provider, local_path, path, options = {})
+        if files_different?(path, local_path)
+          if options[:ensure_dir]
+            create_dir(provider, dirname_on_machine(path))
+          end
+          provider.converge_by "upload file #{local_path} to #{path} on #{node['name']}" do
+            transport.upload_file(local_path, path)
+          end
+        end
+      end
+
+      def forward_remote_port_to_local(remote_port, local_port)
+        transport.forward_remote_port_to_local(remote_port, local_port)
+      end
+
+      def disconnect
+        transport.disconnect
+      end
+    end
+  end
+end