chef-metal 0.3.1 → 0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b55bda561c7c8ea4e4ee5634ad368dfb2c42f6ef
-  data.tar.gz: 03c66248dee33dc38e0c314fef3ea97ec6842212
+  metadata.gz: 93940616771e3e091f441bce2587a1383f7859ef
+  data.tar.gz: 8e49d7a64afdc1fe06c82b99056accc1b4ae587c
 SHA512:
-  metadata.gz: b235456d07ee75d0c30ee8f0b1686d54113d7c936ac057af916238ffc6c9abd4d137dababe6d394a4b017934ad46ceb8d2575f73bf8622ea2a977c7e0304041c
-  data.tar.gz: 509f41552724c0cdaeb3e8213fa2ae4ac6a7a6b07e308ebe5bf535f4a02ca0003683ec3236d6d98d43fed4243e9c4df7b135a9c5179776f5ef56a77857a4368e
+  metadata.gz: 1815d8c7b09c9fdb5fa68bcea2282abe2253bb71e4d3345c12b75774e545dea7532ddb45772f428b4c65b4361fb9006b45e633d12c80cdd780860f89b9b06886
+  data.tar.gz: 5bf3f00b97b72d98a9fcbf962c99bcb201afc696ae7ed25f9ef023234442e16cfab6e1a5e0d4256554a4ad3769f881b986be6593ebfb637624361708c2cd77e8

data/README.md

@@ -92,7 +92,16 @@ end
 
 `vagrant_box` makes sure a particular vagrant box exists, and lets you specify `provisioner_options` for things like port forwarding, OS definitions, and any other vagrant-isms.  A more complicated vagrant box, with provisioner options, can be found in [myapp::windows](https://github.com/opscode/chef-metal/blob/master/cookbooks/myapp/recipes/windows.rb).
 
-`with_chef_local_server` is a generic directive that creates a chef-zero server pointed at the given repository.  nodes, clients, data bags, and all data will be stored here on your provisioner machine if you do this.  You can use `with_chef_server` instead if you want to point at OSS, Hosted or Enterprise Chef, and if you don't specify a Chef server at all, it will use the one you are running chef-client against.
+`with_chef_local_server` is a generic directive that creates a chef-zero server pointed at the given repository.  nodes, clients, data bags, and all data will be stored here on your provisioner machine if you do this.  You can use `with_chef_server` instead if you want to point at OSS, Hosted or Enterprise Chef, and if you don't specify a Chef server at all, it will use the one you are running chef-client against. Keep in mind when using `with_chef_server` and running `chef-client -z` on your workstation that you will also need to set the client name and signing key for the chef server. If you've already got knife.rb set up, then something like this will correctly create a client for the chef server on instance using your knife.rb configuration:
+
+```ruby
+require 'chef/config'
+
+with_chef_server "https://chef-server.example.org", {
+  :client_name => Chef::Config[:node_name],
+  :signing_key_filename => Chef::Config[:client_key]
+}
+```
 
 Typically, you declare these in separate files from your machine resources.  Chef Metal picks up the provisioners you have declared, and uses them to instantiate the machines you request.  The actual machine definitions, in this case, are in `myapp::small`, and are generic--you could use them against EC2 as well:
 
@@ -150,6 +159,18 @@ To pass options like ami, you can say something like this:
 with_provisioner_options :image_id => 'ami-5ee70037'
 ```
 
+If you need to pass bootstrapping options on a per-machine basis, you can do that as well by doing something like the following:
+
+```ruby
+machine "Ubuntu_64bit" do
+  action :create
+  provisioner_options 'bootstrap_options' => {
+    'image_id' => 'ami-59a4a230',
+    'flavor_id' => 't1.micro'
+  }
+end
+```
+
 You will notice that we are still using `myapp::small` here.  Machine definitions are generally provisioner-independent.  This is an important feature that allows you to spin up your clusters in different places to create staging, test or miniature dev environments.
 
 Bugs and The Plan

data/lib/chef/provider/fog_key_pair.rb

@@ -18,6 +18,8 @@ class Chef::Provider::FogKeyPair < Chef::Provider::LWRPBase
         case new_resource.provisioner.compute_options[:provider]
         when 'DigitalOcean'
           compute.destroy_key_pair(@current_id)
+        when 'OpenStack'
+          compute.key_pairs.destroy(@current_id)
         else
           compute.key_pairs.delete(new_resource.name)
         end
@@ -45,6 +47,8 @@ class Chef::Provider::FogKeyPair < Chef::Provider::LWRPBase
       new_fingerprint = case new_resource.provisioner.compute_options[:provider]
       when 'DigitalOcean'
         Cheffish::KeyFormatter.encode(desired_key, :format => :openssh)
+      when 'OpenStack'
+        Cheffish::KeyFormatter.encode(desired_key, :format => :openssh)
       else
         Cheffish::KeyFormatter.encode(desired_key, :format => :fingerprint)
       end
@@ -55,6 +59,8 @@ class Chef::Provider::FogKeyPair < Chef::Provider::LWRPBase
             case new_resource.provisioner.compute_options[:provider]
             when 'DigitalOcean'
               compute.create_ssh_key(new_resource.name, Cheffish::KeyFormatter.encode(desired_key, :format => :openssh))
+            when 'OpenStack'
+              compute.create_key_pair(new_resource.name, Cheffish::KeyFormatter.encode(desired_key, :format => :openssh))
             else
               compute.import_key_pair(new_resource.name, Cheffish::KeyFormatter.encode(desired_key, :format => :openssh))
             end
@@ -72,6 +78,8 @@ class Chef::Provider::FogKeyPair < Chef::Provider::LWRPBase
         case new_resource.provisioner.compute_options[:provider]
         when 'DigitalOcean'
           compute.create_ssh_key(new_resource.name, Cheffish::KeyFormatter.encode(desired_key, :format => :openssh))
+        when 'OpenStack'
+          compute.create_key_pair(new_resource.name, Cheffish::KeyFormatter.encode(desired_key, :format => :openssh))
         else
           compute.import_key_pair(new_resource.name, Cheffish::KeyFormatter.encode(desired_key, :format => :openssh))
         end
@@ -131,6 +139,14 @@ class Chef::Provider::FogKeyPair < Chef::Provider::LWRPBase
       else
         current_resource.action :delete
       end
+    when 'OpenStack'
+      current_key_pair = compute.key_pairs.get(new_resource.name)
+      if current_key_pair
+        @current_id = current_key_pair.name
+        @current_fingerprint = current_key_pair ? compute.key_pairs.get(@current_id).public_key : nil
+      else
+        current_resource.action :delete  
+      end
     else
       current_key_pair = compute.key_pairs.get(new_resource.name)
       if current_key_pair

data/lib/chef_metal/aws_credentials.rb

@@ -21,11 +21,14 @@ module ChefMetal
       require 'inifile'
       inifile = IniFile.load(File.expand_path(credentials_ini_file))
       inifile.each_section do |section|
-        @credentials[section] = {
-          :access_key_id => inifile[section]['aws_access_key_id'],
-          :secret_access_key => inifile[section]['aws_secret_access_key'],
-          :region => inifile[section]['region']
-        }
+        if section =~ /^\s*profile\s+(.+)$/ || section =~ /^\s*(default)\s*/
+          profile = $1.strip
+          @credentials[profile] = {
+            :access_key_id => inifile[section]['aws_access_key_id'],
+            :secret_access_key => inifile[section]['aws_secret_access_key'],
+            :region => inifile[section]['region']
+          }
+        end
       end
     end
 

data/lib/chef_metal/fog.rb

@@ -6,11 +6,15 @@ require 'chef_metal/provisioner/fog_provisioner'
 class Chef
   class Recipe
     def with_fog_provisioner(options = {}, &block)
-      ChefMetal.with_provisioner(ChefMetal::Provisioner::FogProvisioner.new(options, &block))
+      ChefMetal.with_provisioner(ChefMetal::Provisioner::FogProvisioner.new(options), &block)
     end
 
     def with_fog_ec2_provisioner(options = {}, &block)
       with_fog_provisioner({ :provider => 'AWS' }.merge(options), &block)
     end
+
+    def with_fog_openstack_provisioner(options = {}, &block)
+      with_fog_provisioner({ :provider => 'OpenStack' }.merge(options), &block)
+    end
   end
 end

data/lib/chef_metal/machine/unix_machine.rb

@@ -162,8 +162,8 @@ elif test -f "/etc/debian_version"; then
 platform="debian"
 platform_version=`cat /etc/debian_version`
 elif test -f "/etc/redhat-release"; then
-platform=`sed 's/^\(.\+\) release.*/\1/' /etc/redhat-release | tr '[A-Z]' '[a-z]'`
-platform_version=`sed 's/^.\+ release \([.0-9]\+\).*/\1/' /etc/redhat-release`
+platform=`sed 's/^\\(.\\+\\) release.*/\\1/' /etc/redhat-release | tr '[A-Z]' '[a-z]'`
+platform_version=`sed 's/^.\\+ release \\([.0-9]\\+\\).*/\\1/' /etc/redhat-release`
 
 # If /etc/redhat-release exists, we act like RHEL by default
 if test "$platform" = "fedora"; then
@@ -172,8 +172,8 @@ platform_version="6.0"
 fi
 platform="el"
 elif test -f "/etc/system-release"; then
-platform=`sed 's/^\(.\+\) release.\+/\1/' /etc/system-release | tr '[A-Z]' '[a-z]'`
-platform_version=`sed 's/^.\+ release \([.0-9]\+\).*/\1/' /etc/system-release | tr '[A-Z]' '[a-z]'`
+platform=`sed 's/^\\(.\\+\\) release.\\+/\\1/' /etc/system-release | tr '[A-Z]' '[a-z]'`
+platform_version=`sed 's/^.\\+ release \\([.0-9]\\+\\).*/\\1/' /etc/system-release | tr '[A-Z]' '[a-z]'`
 # amazon is built off of fedora, so act like RHEL
 if test "$platform" = "amazon linux ami"; then
 platform="el"

data/lib/chef_metal/openstack_credentials.rb

@@ -0,0 +1,44 @@
+module ChefMetal
+  # Reads in a credentials file
+  class OpenstackCredentials
+    def initialize
+      @credentials = {}
+    end
+
+    def default
+      @credentials['default'] || @credentials.first[1]
+    end
+
+    def keys
+      @credentials.keys
+    end
+
+    def [](name)
+      @credentials[name]
+    end
+
+    def load_yaml(credentials_yaml_file)
+      creds_file = YAML.load_file(File.expand_path(credentials_yaml_file))
+      creds_file.each do |section, creds|
+        @credentials[section] = {
+          :openstack_username => creds_file[section]['openstack_username'],
+          :openstack_api_key => creds_file[section]['openstack_api_key'],
+          :openstack_tenant => creds_file[section]['openstack_tenant'],
+          :openstack_auth_url => creds_file[section]['openstack_auth_url']
+        }
+      end
+    end
+
+    def load_default
+      load_yaml('~/.fog')
+    end
+
+    def self.method_missing(name, *args, &block)
+      singleton.send(name, *args, &block)
+    end
+
+    def self.singleton
+      @openstack_credentials ||= OpenstackCredentials.new
+    end
+  end
+end

data/lib/chef_metal/provisioner/fog_provisioner.rb

@@ -1,5 +1,7 @@
 require 'chef_metal/provisioner'
 require 'chef_metal/aws_credentials'
+require 'chef_metal/openstack_credentials'
+require 'chef_metal/version'
 
 module ChefMetal
   class Provisioner
@@ -32,7 +34,9 @@ module ChefMetal
       #   - :ssh_timeout - the time to wait for ssh to be available if the instance is detected as up (defaults to 20)
       def initialize(compute_options)
         @base_bootstrap_options = compute_options.delete(:base_bootstrap_options) || {}
-        if compute_options[:provider] == 'AWS'
+
+        case compute_options[:provider]
+        when 'AWS'
           aws_credentials = compute_options.delete(:aws_credentials)
           if aws_credentials
             @aws_credentials = aws_credentials
@@ -42,6 +46,19 @@ module ChefMetal
           end
           compute_options[:aws_access_key_id] ||= @aws_credentials.default[:access_key_id]
           compute_options[:aws_secret_access_key] ||= @aws_credentials.default[:secret_access_key]
+        when 'OpenStack'
+          openstack_credentials = compute_options.delete(:openstack_credentials)
+          if openstack_credentials
+            @openstack_credentials = openstack_credentials
+          else
+            @openstack_credentials = ChefMetal::OpenstackCredentials.new
+            @openstack_credentials.load_default
+          end
+
+          compute_options[:openstack_username] ||= @openstack_credentials.default[:openstack_username]
+          compute_options[:openstack_api_key] ||= @openstack_credentials.default[:openstack_api_key]
+          compute_options[:openstack_auth_url] ||= @openstack_credentials.default[:openstack_auth_url]
+          compute_options[:openstack_tenant] ||= @openstack_credentials.default[:openstack_tenant]
         end
         @key_pairs = {}
         @compute_options = compute_options
@@ -50,6 +67,7 @@ module ChefMetal
 
       attr_reader :compute_options
       attr_reader :aws_credentials
+      attr_reader :openstack_credentials
       attr_reader :key_pairs
 
       def current_base_bootstrap_options
@@ -89,7 +107,7 @@ module ChefMetal
       #        Example bootstrap_options for ec2:
       #           :image_id =>'ami-311f2b45',
       #           :flavor_id =>'t1.micro',
-      #           :key_name => 'pey-pair-name'
+      #           :key_name => 'key-pair-name'
       #
       #        node['normal']['provisioner_output'] will be populated with information
       #        about the created machine.  For vagrant, it is a hash with this
@@ -100,13 +118,21 @@ module ChefMetal
       #
       def acquire_machine(provider, node)
         # Set up the modified node data
-        provisioner_options = node['normal']['provisioner_options'] || {}
         provisioner_output = node['normal']['provisioner_output'] || {
-          'provisioner_url' => provisioner_url
+          'provisioner_url' => provisioner_url,
+          'provisioner_version' => ChefMetal::VERSION,
+          'creator' => aws_login_info[1]
         }
 
         if provisioner_output['provisioner_url'] != provisioner_url
-          raise "Switching providers for a machine is not currently supported!  Use machine :destroy and then re-create the machine on the new provider."
+          if (provisioner_output['provisioner_version'].to_f <= 0.3) && provisioner_output['provisioner_url'].start_with?('fog:AWS:') && compute_options[:provider] == 'AWS'
+            Chef::Log.warn "The upgrade from chef-metal 0.3 to 0.4 changed the provisioner URL format!  Metal will assume you are in fact using the same AWS account, and modify the provisioner URL to match."
+            provisioner_output['provisioner_url'] = provisioner_url
+            provisioner_output['provisioner_version'] ||= ChefMetal::VERSION
+            provisioner_output['creator'] ||= aws_login_info[1]
+          else
+            raise "Switching providers for a machine is not currently supported!  Use machine :destroy and then re-create the machine on the new provider."
+          end
         end
 
         node['normal']['provisioner_output'] = provisioner_output
@@ -143,6 +169,7 @@ module ChefMetal
         if need_to_create
           # If the server does not exist, create it
           bootstrap_options = bootstrap_options_for(provider.new_resource, node)
+          bootstrap_options.merge(:name => provider.new_resource.name)
 
           start_time = Time.now
           timeout = option_for(node, :create_timeout)
@@ -158,8 +185,22 @@ module ChefMetal
           end
 
           if server
+            @@ip_pool_lock = Mutex.new
             # Re-retrieve the server in a more malleable form and wait for it to be ready
             server = compute.servers.get(server.id)
+            if bootstrap_options[:floating_ip_pool]
+              Chef::Log.info 'Attaching IP from pool'
+              server.wait_for { ready? }
+              provider.converge_by "attach floating IP from #{bootstrap_options[:floating_ip_pool]} pool" do
+                attach_ip_from_pool(server, bootstrap_options[:floating_ip_pool])
+              end
+            elsif bootstrap_options[:floating_ip]
+              Chef::Log.info 'Attaching given IP'
+              server.wait_for { ready? }
+              provider.converge_by "attach floating IP #{bootstrap_options[:floating_ip]}" do
+                attach_ip(server, bootstrap_options[:floating_ip])
+              end
+            end
             provider.converge_by "machine #{node['name']} created as #{server.id} on #{provisioner_url}" do
             end
             # Wait for the machine to come up and for ssh to start listening
@@ -205,6 +246,31 @@ module ChefMetal
         machine_for(node, server)
       end
 
+      # Attach IP to machine from IP pool
+      # Code taken from kitchen-openstack driver
+      #    https://github.com/test-kitchen/kitchen-openstack/blob/master/lib/kitchen/driver/openstack.rb#L196-L207
+      def attach_ip_from_pool(server, pool)
+        @@ip_pool_lock.synchronize do
+          Chef::Log.info "Attaching floating IP from <#{pool}> pool"
+          free_addrs = compute.addresses.collect do |i|
+            i.ip if i.fixed_ip.nil? and i.instance_id.nil? and i.pool == pool
+          end.compact
+          if free_addrs.empty?
+            raise ActionFailed, "No available IPs in pool <#{pool}>"
+          end
+          attach_ip(server, free_addrs[0])
+        end
+      end
+
+      # Attach given IP to machine
+      # Code taken from kitchen-openstack driver
+      #    https://github.com/test-kitchen/kitchen-openstack/blob/master/lib/kitchen/driver/openstack.rb#L209-L213
+      def attach_ip(server, ip)
+        Chef::Log.info "Attaching floating IP <#{ip}>"
+        server.associate_address ip
+        (server.addresses['public'] ||= []) << { 'version' => 4, 'addr' => ip }
+      end
+
       # Connect to machine without acquiring it
       def connect_to_machine(node)
         machine_for(node)
@@ -224,7 +290,7 @@ module ChefMetal
         # If the machine doesn't exist, we silently do nothing
         if node['normal']['provisioner_output'] && node['normal']['provisioner_output']['server_id']
           server = compute.servers.get(node['normal']['provisioner_output']['server_id'])
-          provider.converge_by "stop machine #{node['name']} (#{server.id} at #{provisioner_url}" do
+          provider.converge_by "stop machine #{node['name']} (#{server.id} at #{provisioner_url})" do
             server.stop
           end
         end
@@ -246,9 +312,11 @@ module ChefMetal
       def provisioner_url
         provider_identifier = case compute_options[:provider]
           when 'AWS'
-            compute_options[:aws_access_key_id]
+            aws_login_info[0]
           when 'DigitalOcean'
             compute_options[:digitalocean_client_id]
+          when 'OpenStack'
+            compute_options[:openstack_auth_url]
           else
             '???'
         end
@@ -273,6 +341,32 @@ module ChefMetal
         end
       end
 
+      # Returns [ Account ID, User ]
+      # Account ID is the 12 digit identifier on your Manage Account page in AWS Console.  It is used as part of all ARNs identifying resources.
+      # User is an identifier like "root" or "user/username" or "federated-user/username"
+      def aws_login_info
+        @aws_login_info ||= begin
+          iam = Fog::AWS::IAM.new(:aws_access_key_id => compute_options[:aws_access_key_id], :aws_secret_access_key => compute_options[:aws_secret_access_key])
+          arn = begin
+            # TODO it would be nice if Fog let you do this normally ...
+            iam.send(:request, {
+              'Action'    => 'GetUser',
+              :parser     => Fog::Parsers::AWS::IAM::GetUser.new
+            }).body['User']['Arn']
+          rescue Fog::AWS::IAM::Error
+            # TODO Someone tell me there is a better way to find out your current
+            # user ID than this!  This is what happens when you use an IAM user
+            # with default privileges.
+            if $!.message =~ /AccessDenied.+(arn:aws:iam::\d+:\S+)/
+              arn = $1
+            else
+              raise
+            end
+          end
+          arn.split(':')[4..5]
+        end
+      end
+
       def symbolize_keys(options)
         options.inject({}) { |result,(key,value)| result[key.to_sym] = value; result }
       end
@@ -392,7 +486,20 @@ module ChefMetal
         if compute_options[:sudo] || (!compute_options.has_key?(:sudo) && username != 'root')
           options[:prefix] = 'sudo '
         end
-        ChefMetal::Transport::SSH.new(server.public_ip_address, username, ssh_options, options)
+
+        remote_host = nil
+        if compute_options[:use_private_ip_for_ssh]
+          remote_host = server.private_ip_address
+        elsif !server.public_ip_address
+          Chef::Log.warn("Server has no public ip address.  Using private ip '#{server.private_ip_address}'.  Set provisioner option 'use_private_ip_for_ssh' => true if this will always be the case ...")
+          remote_host = server.private_ip_address
+        elsif server.public_ip_address
+          remote_host = server.public_ip_address
+        else
+          raise "Server #{server.id} has no private or public IP address!"
+        end
+
+        ChefMetal::Transport::SSH.new(remote_host, username, ssh_options, options)
       end
 
       def wait_until_ready(server, timeout)

data/lib/chef_metal/recipe_dsl.rb

@@ -10,4 +10,4 @@ class Chef
       ChefMetal.with_provisioner_options(provisioner_options, &block)
     end
   end
-end
+end

data/lib/chef_metal/version.rb

@@ -1,3 +1,3 @@
 module ChefMetal
-  VERSION = '0.3.1'
+  VERSION = '0.4'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-metal
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: '0.4'
 platform: ruby
 authors:
 - John Keiser
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-03-18 00:00:00.000000000 Z
+date: 2014-03-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef
@@ -141,6 +141,7 @@ files:
 - lib/chef_metal/machine/unix_machine.rb
 - lib/chef_metal/machine/windows_machine.rb
 - lib/chef_metal/machine.rb
+- lib/chef_metal/openstack_credentials.rb
 - lib/chef_metal/provisioner/fog_provisioner.rb
 - lib/chef_metal/provisioner/vagrant_provisioner.rb
 - lib/chef_metal/provisioner.rb