chef-metal 0.14.2 → 0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -1
- data/README.md +2 -257
- data/Rakefile +0 -4
- data/lib/chef_metal.rb +1 -87
- data/lib/chef_metal/action_handler.rb +1 -66
- data/lib/chef_metal/add_prefix_action_handler.rb +1 -29
- data/lib/chef_metal/chef_image_spec.rb +1 -106
- data/lib/chef_metal/chef_machine_spec.rb +1 -82
- data/lib/chef_metal/chef_provider_action_handler.rb +1 -72
- data/lib/chef_metal/chef_run_data.rb +1 -125
- data/lib/chef_metal/convergence_strategy.rb +1 -26
- data/lib/chef_metal/convergence_strategy/install_cached.rb +1 -157
- data/lib/chef_metal/convergence_strategy/install_msi.rb +1 -56
- data/lib/chef_metal/convergence_strategy/install_sh.rb +1 -53
- data/lib/chef_metal/convergence_strategy/no_converge.rb +1 -37
- data/lib/chef_metal/convergence_strategy/precreate_chef_objects.rb +1 -181
- data/lib/chef_metal/driver.rb +1 -288
- data/lib/chef_metal/image_spec.rb +1 -70
- data/lib/chef_metal/machine.rb +1 -110
- data/lib/chef_metal/machine/basic_machine.rb +1 -82
- data/lib/chef_metal/machine/unix_machine.rb +1 -276
- data/lib/chef_metal/machine/windows_machine.rb +1 -102
- data/lib/chef_metal/machine_spec.rb +1 -78
- data/lib/chef_metal/recipe_dsl.rb +1 -94
- data/lib/chef_metal/transport.rb +1 -87
- data/lib/chef_metal/transport/ssh.rb +1 -288
- data/lib/chef_metal/transport/winrm.rb +1 -134
- data/lib/chef_metal/version.rb +1 -3
- metadata +19 -145
- data/bin/metal +0 -275
- data/lib/chef/provider/machine.rb +0 -171
- data/lib/chef/provider/machine_batch.rb +0 -186
- data/lib/chef/provider/machine_execute.rb +0 -30
- data/lib/chef/provider/machine_file.rb +0 -49
- data/lib/chef/provider/machine_image.rb +0 -54
- data/lib/chef/resource/machine.rb +0 -116
- data/lib/chef/resource/machine_batch.rb +0 -72
- data/lib/chef/resource/machine_execute.rb +0 -22
- data/lib/chef/resource/machine_file.rb +0 -28
- data/lib/chef/resource/machine_image.rb +0 -29
@@ -1,157 +1 @@
|
|
1
|
-
require
|
2
|
-
require 'pathname'
|
3
|
-
require 'fileutils'
|
4
|
-
require 'digest/md5'
|
5
|
-
require 'thread'
|
6
|
-
|
7
|
-
module ChefMetal
|
8
|
-
class ConvergenceStrategy
|
9
|
-
class InstallCached < PrecreateChefObjects
|
10
|
-
# convergence_options is a hash of setup convergence_options, including:
|
11
|
-
# - :chef_server
|
12
|
-
# - :allow_overwrite_keys
|
13
|
-
# - :source_key, :source_key_path, :source_key_pass_phrase
|
14
|
-
# - :private_key_options
|
15
|
-
# - :ohai_hints
|
16
|
-
# - :public_key_path, :public_key_format
|
17
|
-
# - :admin, :validator
|
18
|
-
# - :chef_client_timeout
|
19
|
-
# - :client_rb_path, :client_pem_path
|
20
|
-
# - :chef_version, :prerelease, :package_cache_path
|
21
|
-
def initialize(convergence_options, config)
|
22
|
-
convergence_options = Cheffish::MergedConfig.new(convergence_options, {
|
23
|
-
:client_rb_path => '/etc/chef/client.rb',
|
24
|
-
:client_pem_path => '/etc/chef/client.pem'
|
25
|
-
})
|
26
|
-
super(convergence_options, config)
|
27
|
-
@chef_version ||= convergence_options[:chef_version]
|
28
|
-
@prerelease ||= convergence_options[:prerelease]
|
29
|
-
@package_cache_path ||= convergence_options[:package_cache_path] || "#{ENV['HOME']}/.chef/package_cache"
|
30
|
-
@package_cache = {}
|
31
|
-
@tmp_dir = '/tmp'
|
32
|
-
@chef_client_timeout = convergence_options.has_key?(:chef_client_timeout) ? convergence_options[:chef_client_timeout] : 120*60 # Default: 2 hours
|
33
|
-
FileUtils.mkdir_p(@package_cache_path)
|
34
|
-
@package_cache_lock = Mutex.new
|
35
|
-
end
|
36
|
-
|
37
|
-
attr_reader :client_rb_path
|
38
|
-
attr_reader :client_pem_path
|
39
|
-
|
40
|
-
def setup_convergence(action_handler, machine)
|
41
|
-
super
|
42
|
-
|
43
|
-
# Install chef-client. TODO check and update version if not latest / not desired
|
44
|
-
if machine.execute_always('chef-client -v').exitstatus != 0
|
45
|
-
platform, platform_version, machine_architecture = machine.detect_os(action_handler)
|
46
|
-
package_file = download_package_for_platform(action_handler, machine, platform, platform_version, machine_architecture)
|
47
|
-
remote_package_file = "#{@tmp_dir}/#{File.basename(package_file)}"
|
48
|
-
machine.upload_file(action_handler, package_file, remote_package_file)
|
49
|
-
install_package(action_handler, machine, remote_package_file)
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
def converge(action_handler, machine)
|
54
|
-
super
|
55
|
-
|
56
|
-
action_handler.open_stream(machine.node['name']) do |stdout|
|
57
|
-
action_handler.open_stream(machine.node['name']) do |stderr|
|
58
|
-
command_line = "chef-client"
|
59
|
-
command_line << " -l #{config[:log_level].to_s}" if config[:log_level]
|
60
|
-
machine.execute(action_handler, command_line,
|
61
|
-
:stream_stdout => stdout,
|
62
|
-
:stream_stderr => stderr,
|
63
|
-
:timeout => @chef_client_timeout)
|
64
|
-
end
|
65
|
-
end
|
66
|
-
end
|
67
|
-
|
68
|
-
private
|
69
|
-
|
70
|
-
def download_package_for_platform(action_handler, machine, platform, platform_version, machine_architecture)
|
71
|
-
@package_cache_lock.synchronize do
|
72
|
-
@package_cache ||= {}
|
73
|
-
@package_cache[platform] ||= {}
|
74
|
-
@package_cache[platform][platform_version] ||= {}
|
75
|
-
@package_cache[platform][platform_version][machine_architecture] ||= { :lock => Mutex.new }
|
76
|
-
end
|
77
|
-
@package_cache[platform][platform_version][machine_architecture][:lock].synchronize do
|
78
|
-
if !@package_cache[platform][platform_version][machine_architecture][:file]
|
79
|
-
#
|
80
|
-
# Grab metadata
|
81
|
-
#
|
82
|
-
metadata = download_metadata_for_platform(machine, platform, platform_version, machine_architecture)
|
83
|
-
|
84
|
-
# Download actual package desired by metadata
|
85
|
-
package_file = "#{@package_cache_path}/#{URI(metadata['url']).path.split('/')[-1]}"
|
86
|
-
|
87
|
-
ChefMetal.inline_resource(action_handler) do
|
88
|
-
remote_file package_file do
|
89
|
-
source metadata['url']
|
90
|
-
checksum metadata['sha256']
|
91
|
-
end
|
92
|
-
end
|
93
|
-
|
94
|
-
@package_cache[platform][platform_version][machine_architecture][:file] = package_file
|
95
|
-
end
|
96
|
-
end
|
97
|
-
@package_cache[platform][platform_version][machine_architecture][:file]
|
98
|
-
end
|
99
|
-
|
100
|
-
def download_metadata_for_platform(machine, platform, platform_version, machine_architecture)
|
101
|
-
#
|
102
|
-
# Figure out the URL to the metadata
|
103
|
-
#
|
104
|
-
metadata_url="https://www.opscode.com/chef/metadata"
|
105
|
-
metadata_url << "?v=#{@chef_version}"
|
106
|
-
metadata_url << "&prerelease=#{@prerelease ? 'true' : 'false'}"
|
107
|
-
metadata_url << "&p=#{platform.strip}"
|
108
|
-
metadata_url << "&pv=#{platform_version.strip}"
|
109
|
-
metadata_url << "&m=#{machine_architecture.strip}"
|
110
|
-
use_ssl = true
|
111
|
-
|
112
|
-
# solaris 9 lacks openssl, solaris 10 lacks recent enough credentials - your base O/S is completely insecure, please upgrade
|
113
|
-
if platform == 'solaris2' && (platform_version == '5.9' || platform_version == '5.10')
|
114
|
-
metadata_url.sub(/^https/, 'http')
|
115
|
-
use_ssl = false
|
116
|
-
end
|
117
|
-
|
118
|
-
# Download and parse the metadata
|
119
|
-
Chef::Log.debug("Getting metadata for machine #{machine.node['name']}: #{metadata_url}")
|
120
|
-
uri = URI(metadata_url)
|
121
|
-
http = Net::HTTP.new(uri.host, uri.port)
|
122
|
-
http.use_ssl = use_ssl
|
123
|
-
request = Net::HTTP::Get.new(uri.request_uri)
|
124
|
-
response = http.request(request)
|
125
|
-
metadata_str = response.body
|
126
|
-
metadata = {}
|
127
|
-
metadata_str.each_line do |line|
|
128
|
-
key, value = line.split("\t", 2)
|
129
|
-
metadata[key] = value
|
130
|
-
end
|
131
|
-
metadata
|
132
|
-
end
|
133
|
-
|
134
|
-
def install_package(action_handler, machine, remote_package_file)
|
135
|
-
extension = File.extname(remote_package_file)
|
136
|
-
result = case extension
|
137
|
-
when '.rpm'
|
138
|
-
machine.execute(action_handler, "rpm -Uvh --oldpackage --replacepkgs \"#{remote_package_file}\"")
|
139
|
-
when '.deb'
|
140
|
-
machine.execute(action_handler, "dpkg -i \"#{remote_package_file}\"")
|
141
|
-
when '.solaris'
|
142
|
-
machine.write_file(action_handler, "#{@tmp_dir}/nocheck", <<EOM)
|
143
|
-
conflict=nocheck
|
144
|
-
action=nocheck
|
145
|
-
mail=
|
146
|
-
EOM
|
147
|
-
machine.execute(action_handler, "pkgrm -a \"#{@tmp_dir}/nocheck\" -n chef")
|
148
|
-
machine.execute(action_handler, "pkgadd -n -d \"#{remote_package_file}\" -a \"#{@tmp_dir}/nocheck\" chef")
|
149
|
-
when '.sh'
|
150
|
-
machine.execute(action_handler, "sh \"#{remote_package_file}\"")
|
151
|
-
else
|
152
|
-
raise "Unknown package extension '#{extension}' for file #{remote_package_file}"
|
153
|
-
end
|
154
|
-
end
|
155
|
-
end
|
156
|
-
end
|
157
|
-
end
|
1
|
+
require "chef/provisioning/convergence_strategy/install_cached"
|
@@ -1,56 +1 @@
|
|
1
|
-
require
|
2
|
-
require 'pathname'
|
3
|
-
|
4
|
-
module ChefMetal
|
5
|
-
class ConvergenceStrategy
|
6
|
-
class InstallMsi < PrecreateChefObjects
|
7
|
-
@@install_msi_cache = {}
|
8
|
-
|
9
|
-
def initialize(convergence_options, config)
|
10
|
-
super
|
11
|
-
@install_msi_url = convergence_options[:install_msi_url] || 'http://www.opscode.com/chef/install.msi'
|
12
|
-
@install_msi_path = convergence_options[:install_msi_path] || "$env:TEMP\\#{File.basename(@install_msi_url)}"
|
13
|
-
@chef_client_timeout = convergence_options.has_key?(:chef_client_timeout) ? convergence_options[:chef_client_timeout] : 120*60 # Default: 2 hours
|
14
|
-
end
|
15
|
-
|
16
|
-
attr_reader :install_msi_url
|
17
|
-
attr_reader :install_msi_path
|
18
|
-
|
19
|
-
def setup_convergence(action_handler, machine)
|
20
|
-
if !convergence_options.has_key?(:client_rb_path) || !convergence_options.has_key?(:client_pem_path)
|
21
|
-
system_drive = machine.execute_always('$env:SystemDrive').stdout.strip
|
22
|
-
@convergence_options = Cheffish::MergedConfig.new(convergence_options, {
|
23
|
-
:client_rb_path => "#{system_drive}\\chef\\client.rb",
|
24
|
-
:client_pem_path => "#{system_drive}\\chef\\client.pem"
|
25
|
-
})
|
26
|
-
end
|
27
|
-
|
28
|
-
super
|
29
|
-
|
30
|
-
# Install chef-client. TODO check and update version if not latest / not desired
|
31
|
-
if machine.execute_always('chef-client -v').exitstatus != 0
|
32
|
-
# TODO ssh verification of install.msi before running arbtrary code would be nice?
|
33
|
-
# TODO find a way to cache this on the host like with the Unix stuff.
|
34
|
-
# Limiter is we don't know how to efficiently upload large files to
|
35
|
-
# the remote machine with WMI.
|
36
|
-
machine.execute(action_handler, "(New-Object System.Net.WebClient).DownloadFile(#{machine.escape(install_msi_url)}, #{machine.escape(install_msi_path)})")
|
37
|
-
machine.execute(action_handler, "msiexec /qn /i #{machine.escape(install_msi_path)}")
|
38
|
-
end
|
39
|
-
end
|
40
|
-
|
41
|
-
def converge(action_handler, machine)
|
42
|
-
super
|
43
|
-
|
44
|
-
# TODO For some reason I get a 500 back if I don't do -l debug
|
45
|
-
action_handler.open_stream(machine.node['name']) do |stdout|
|
46
|
-
action_handler.open_stream(machine.node['name']) do |stderr|
|
47
|
-
machine.execute(action_handler, "chef-client -l debug",
|
48
|
-
:stream_stdout => stdout,
|
49
|
-
:stream_stderr => stderr,
|
50
|
-
:timeout => @chef_client_timeout)
|
51
|
-
end
|
52
|
-
end
|
53
|
-
end
|
54
|
-
end
|
55
|
-
end
|
56
|
-
end
|
1
|
+
require "chef/provisioning/convergence_strategy/install_msi"
|
@@ -1,53 +1 @@
|
|
1
|
-
require
|
2
|
-
require 'pathname'
|
3
|
-
|
4
|
-
module ChefMetal
|
5
|
-
class ConvergenceStrategy
|
6
|
-
class InstallSh < PrecreateChefObjects
|
7
|
-
@@install_sh_cache = {}
|
8
|
-
|
9
|
-
def initialize(convergence_options, config)
|
10
|
-
convergence_options = Cheffish::MergedConfig.new(convergence_options, {
|
11
|
-
:client_rb_path => '/etc/chef/client.rb',
|
12
|
-
:client_pem_path => '/etc/chef/client.pem'
|
13
|
-
})
|
14
|
-
super(convergence_options, config)
|
15
|
-
@install_sh_url = convergence_options[:install_sh_url] || 'http://www.opscode.com/chef/install.sh'
|
16
|
-
@install_sh_path = convergence_options[:install_sh_path] || '/tmp/chef-install.sh'
|
17
|
-
@bootstrap_env = convergence_options[:bootstrap_proxy] ? "http_proxy=#{convergence_options[:bootstrap_proxy]}" : ""
|
18
|
-
@chef_client_timeout = convergence_options.has_key?(:chef_client_timeout) ? convergence_options[:chef_client_timeout] : 120*60 # Default: 2 hours
|
19
|
-
end
|
20
|
-
|
21
|
-
attr_reader :install_sh_url
|
22
|
-
attr_reader :install_sh_path
|
23
|
-
attr_reader :bootstrap_env
|
24
|
-
|
25
|
-
def setup_convergence(action_handler, machine)
|
26
|
-
super
|
27
|
-
|
28
|
-
# Install chef-client. TODO check and update version if not latest / not desired
|
29
|
-
if machine.execute_always('chef-client -v').exitstatus != 0
|
30
|
-
# TODO ssh verification of install.sh before running arbtrary code would be nice?
|
31
|
-
@@install_sh_cache[install_sh_url] ||= Net::HTTP.get(URI(install_sh_url))
|
32
|
-
machine.write_file(action_handler, install_sh_path, @@install_sh_cache[install_sh_url], :ensure_dir => true)
|
33
|
-
machine.execute(action_handler, "bash -c '#{bootstrap_env} bash #{install_sh_path}'")
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
def converge(action_handler, machine)
|
38
|
-
super
|
39
|
-
|
40
|
-
action_handler.open_stream(machine.node['name']) do |stdout|
|
41
|
-
action_handler.open_stream(machine.node['name']) do |stderr|
|
42
|
-
command_line = "chef-client"
|
43
|
-
command_line << " -l #{config[:log_level].to_s}" if config[:log_level]
|
44
|
-
machine.execute(action_handler, command_line,
|
45
|
-
:stream_stdout => stdout,
|
46
|
-
:stream_stderr => stderr,
|
47
|
-
:timeout => @chef_client_timeout)
|
48
|
-
end
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
52
|
-
end
|
53
|
-
end
|
1
|
+
require "chef/provisioning/convergence_strategy/install_sh"
|
@@ -1,37 +1 @@
|
|
1
|
-
require
|
2
|
-
require 'pathname'
|
3
|
-
require 'cheffish'
|
4
|
-
|
5
|
-
module ChefMetal
|
6
|
-
class ConvergenceStrategy
|
7
|
-
class NoConverge < ConvergenceStrategy
|
8
|
-
def initialize(convergence_options, config)
|
9
|
-
super
|
10
|
-
end
|
11
|
-
|
12
|
-
def chef_server
|
13
|
-
@chef_server ||= convergence_options[:chef_server] || Cheffish.default_chef_server(config)
|
14
|
-
end
|
15
|
-
|
16
|
-
def setup_convergence(action_handler, machine)
|
17
|
-
end
|
18
|
-
|
19
|
-
def converge(action_handler, machine)
|
20
|
-
end
|
21
|
-
|
22
|
-
def cleanup_convergence(action_handler, machine_spec)
|
23
|
-
_self = self
|
24
|
-
ChefMetal.inline_resource(action_handler) do
|
25
|
-
chef_node machine_spec.name do
|
26
|
-
chef_server _self.chef_server
|
27
|
-
action :delete
|
28
|
-
end
|
29
|
-
chef_client machine_spec.name do
|
30
|
-
chef_server _self.chef_server
|
31
|
-
action :delete
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|
1
|
+
require "chef/provisioning/convergence_strategy/no_converge"
|
@@ -1,181 +1 @@
|
|
1
|
-
require
|
2
|
-
require 'pathname'
|
3
|
-
require 'cheffish'
|
4
|
-
|
5
|
-
module ChefMetal
|
6
|
-
class ConvergenceStrategy
|
7
|
-
class PrecreateChefObjects < ConvergenceStrategy
|
8
|
-
def initialize(convergence_options, config)
|
9
|
-
super
|
10
|
-
end
|
11
|
-
|
12
|
-
def chef_server
|
13
|
-
@chef_server ||= convergence_options[:chef_server] || Cheffish.default_chef_server(config)
|
14
|
-
end
|
15
|
-
|
16
|
-
def setup_convergence(action_handler, machine)
|
17
|
-
# Create keys on machine
|
18
|
-
public_key = create_keys(action_handler, machine)
|
19
|
-
# Create node and client on chef server
|
20
|
-
create_chef_objects(action_handler, machine, public_key)
|
21
|
-
|
22
|
-
# If the chef server lives on localhost, tunnel the port through to the guest
|
23
|
-
# (we need to know what got tunneled!)
|
24
|
-
chef_server_url = chef_server[:chef_server_url]
|
25
|
-
chef_server_url = machine.make_url_available_to_remote(chef_server_url)
|
26
|
-
|
27
|
-
# Support for multiple ohai hints, required on some platforms
|
28
|
-
create_ohai_files(action_handler, machine)
|
29
|
-
|
30
|
-
# Create client.rb and client.pem on machine
|
31
|
-
content = client_rb_content(chef_server_url, machine.node['name'])
|
32
|
-
machine.write_file(action_handler, convergence_options[:client_rb_path], content, :ensure_dir => true)
|
33
|
-
end
|
34
|
-
|
35
|
-
def converge(action_handler, machine)
|
36
|
-
machine.make_url_available_to_remote(chef_server[:chef_server_url])
|
37
|
-
end
|
38
|
-
|
39
|
-
def cleanup_convergence(action_handler, machine_spec)
|
40
|
-
_self = self
|
41
|
-
ChefMetal.inline_resource(action_handler) do
|
42
|
-
chef_node machine_spec.name do
|
43
|
-
chef_server _self.chef_server
|
44
|
-
action :delete
|
45
|
-
end
|
46
|
-
chef_client machine_spec.name do
|
47
|
-
chef_server _self.chef_server
|
48
|
-
action :delete
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
protected
|
54
|
-
|
55
|
-
def create_keys(action_handler, machine)
|
56
|
-
server_private_key = machine.read_file(convergence_options[:client_pem_path])
|
57
|
-
if server_private_key
|
58
|
-
begin
|
59
|
-
server_private_key, format = Cheffish::KeyFormatter.decode(server_private_key)
|
60
|
-
rescue
|
61
|
-
server_private_key = nil
|
62
|
-
end
|
63
|
-
end
|
64
|
-
|
65
|
-
if server_private_key
|
66
|
-
if source_key && server_private_key.to_pem != source_key.to_pem
|
67
|
-
# If the server private key does not match our source key, overwrite it
|
68
|
-
server_private_key = source_key
|
69
|
-
if convergence_options[:allow_overwrite_keys]
|
70
|
-
machine.write_file(action_handler, convergence_options[:client_pem_path], server_private_key.to_pem, :ensure_dir => true)
|
71
|
-
else
|
72
|
-
raise "Private key on machine #{machine.name} does not match desired input key."
|
73
|
-
end
|
74
|
-
end
|
75
|
-
|
76
|
-
else
|
77
|
-
|
78
|
-
# If the server does not already have keys, create them and upload
|
79
|
-
_convergence_options = convergence_options
|
80
|
-
ChefMetal.inline_resource(action_handler) do
|
81
|
-
private_key 'in_memory' do
|
82
|
-
path :none
|
83
|
-
if _convergence_options[:private_key_options]
|
84
|
-
_convergence_options[:private_key_options].each_pair do |key,value|
|
85
|
-
send(key, value)
|
86
|
-
end
|
87
|
-
end
|
88
|
-
after { |resource, private_key| server_private_key = private_key }
|
89
|
-
end
|
90
|
-
end
|
91
|
-
|
92
|
-
machine.write_file(action_handler, convergence_options[:client_pem_path], server_private_key.to_pem, :ensure_dir => true)
|
93
|
-
end
|
94
|
-
|
95
|
-
server_private_key.public_key
|
96
|
-
end
|
97
|
-
|
98
|
-
def is_localhost(host)
|
99
|
-
host == '127.0.0.1' || host == 'localhost' || host == '[::1]'
|
100
|
-
end
|
101
|
-
|
102
|
-
def source_key
|
103
|
-
if convergence_options[:source_key].is_a?(String)
|
104
|
-
key, format = Cheffish::KeyFormatter.decode(convergence_options[:source_key], convergence_options[:source_key_pass_phrase])
|
105
|
-
key
|
106
|
-
elsif convergence_options[:source_key]
|
107
|
-
convergence_options[:source_key]
|
108
|
-
elsif convergence_options[:source_key_path]
|
109
|
-
key, format = Cheffish::KeyFormatter.decode(IO.read(convergence_options[:source_key_path]), convergence_options[:source_key_pass_phrase], convergence_options[:source_key_path])
|
110
|
-
key
|
111
|
-
else
|
112
|
-
nil
|
113
|
-
end
|
114
|
-
end
|
115
|
-
|
116
|
-
# Create the ohai file(s)
|
117
|
-
def create_ohai_files(action_handler, machine)
|
118
|
-
if convergence_options[:ohai_hints]
|
119
|
-
convergence_options[:ohai_hints].each_pair do |hint, data|
|
120
|
-
# The location of the ohai hint
|
121
|
-
ohai_hint = "/etc/chef/ohai/hints/#{hint}.json"
|
122
|
-
machine.write_file(action_handler, ohai_hint, data.to_json, :ensure_dir => true)
|
123
|
-
end
|
124
|
-
end
|
125
|
-
end
|
126
|
-
|
127
|
-
def create_chef_objects(action_handler, machine, public_key)
|
128
|
-
_convergence_options = convergence_options
|
129
|
-
_chef_server = chef_server
|
130
|
-
# Save the node and create the client keys and client.
|
131
|
-
ChefMetal.inline_resource(action_handler) do
|
132
|
-
# Create client
|
133
|
-
chef_client machine.name do
|
134
|
-
chef_server _chef_server
|
135
|
-
source_key public_key
|
136
|
-
output_key_path _convergence_options[:public_key_path]
|
137
|
-
output_key_format _convergence_options[:public_key_format]
|
138
|
-
admin _convergence_options[:admin]
|
139
|
-
validator _convergence_options[:validator]
|
140
|
-
end
|
141
|
-
|
142
|
-
# Create node
|
143
|
-
# TODO strip automatic attributes first so we don't race with "current state"
|
144
|
-
chef_node machine.name do
|
145
|
-
chef_server _chef_server
|
146
|
-
raw_json machine.node
|
147
|
-
end
|
148
|
-
end
|
149
|
-
|
150
|
-
# If using enterprise/hosted chef, fix acls
|
151
|
-
if chef_server[:chef_server_url] =~ /\/+organizations\/.+/
|
152
|
-
grant_client_node_permissions(action_handler, chef_server, machine.name, ["read", "update"])
|
153
|
-
end
|
154
|
-
end
|
155
|
-
|
156
|
-
# Grant the client permissions to the node
|
157
|
-
# This procedure assumes that the client name and node name are the same
|
158
|
-
def grant_client_node_permissions(action_handler, chef_server, node_name, perms)
|
159
|
-
api = Cheffish.chef_server_api(chef_server)
|
160
|
-
node_perms = api.get("/nodes/#{node_name}/_acl")
|
161
|
-
perms.each do |p|
|
162
|
-
if !node_perms[p]['actors'].include?(node_name)
|
163
|
-
action_handler.perform_action "Add #{node_name} to client #{p} ACLs" do
|
164
|
-
node_perms[p]['actors'] << node_name
|
165
|
-
api.put("/nodes/#{node_name}/_acl/#{p}", p => node_perms[p])
|
166
|
-
end
|
167
|
-
end
|
168
|
-
end
|
169
|
-
end
|
170
|
-
|
171
|
-
def client_rb_content(chef_server_url, node_name)
|
172
|
-
<<EOM
|
173
|
-
chef_server_url #{chef_server_url.inspect}
|
174
|
-
node_name #{node_name.inspect}
|
175
|
-
client_key #{convergence_options[:client_pem_path].inspect}
|
176
|
-
ssl_verify_mode :verify_none
|
177
|
-
EOM
|
178
|
-
end
|
179
|
-
end
|
180
|
-
end
|
181
|
-
end
|
1
|
+
require "chef/provisioning/convergence_strategy/precreate_chef_objects"
|