chef-provisioning 0.18 → 0.19

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5c4cefaa41a622f8b28242c0d77384e123f88562
-  data.tar.gz: 354056ddabbf9c6010af17895a069c4ece6240f9
+  metadata.gz: 35d07c9ee156834b006ec670fa2ad4f9fdaa467d
+  data.tar.gz: 746b88dd6944cdf449513dee69ef5c8bbfdb91a8
 SHA512:
-  metadata.gz: c447345478be4935d4e55de75f197bb4f182d1cb153ddf6142eee50679bd99922438a63789c5c6cefe46261a7e6bda8d2929e9dc3d2bbec413d72b7b1532e81f
-  data.tar.gz: c2ebf41170f13d2d8537327393410b2f91756955c3d4b3c2bc59d1ab0a86e82cdf55694a0b2fa3bfa7025ced2bbf7be2df5832992c254d5dde8464a99537e6c0
+  metadata.gz: bf65fd08788dcb554a21f2cf75d7284bbe4e030abb2ea96d13b108e2f9be7a5f88927d2eafcc430746c5092888438eb2e4dfea32f2767242e99c1462c7744bac
+  data.tar.gz: aa704ae71a32b3fd590d16e848a62d01d048c10570f5b60780da65da590aa54901fa5464572d3784f7451646e5901758b99eff47db14d7de59e479b3cef16fe3

data/CHANGELOG.md

@@ -1,5 +1,22 @@
 # Chef Provisioning Changelog
 
+## 0.19 (2/25/2015)
+
+- Support for different versions of Chef with the :chef_version and :prerelease arguments (`machine_options convergence_options: { chef_version: '12.0.1' }` or `prerelease: true`)
+- Support HTTPS proxy (@causton1)
+- Automatically configure HTTPS proxy when specifying `machine_options convergence_options: { http_proxy: '...' }`
+- Support for arbitrary configuration using `machine_options convergence_options: { chef_config: "anything you want dumped in /etc/chef/client.rb (will be appended to the standard options already placed in the file)" }`
+
+- Make load_balancer :destroy work (@lynchc)
+- Default to SSL for Chef install download (@xeon22)
+- Fix Chef overwriting attributes on first converge in `machine_batch` (#209)
+- Fix node permissions on Hosted / Enterprise Chef: no more adding your clients to the `admins` group (ewww).  (#59)
+- Always pass an array (never nil) to the driver, even when there are no machines to add to it (partial fix for chef/chef-provisioning-aws#81)
+-
+
+
+915eac3 (origin/jk/install-sh-version, jk/install-sh-version) Add chef_version, prerelease and install_sh_arguments to InstallSh
+
 ## 0.18 (1/27/2015)
 
 - Allow `ssl_verify_mode` to be overridden (@mivok)

data/README.md

@@ -86,9 +86,10 @@ Chef Provisioning has two major abstractions: the machine resource, and drivers.
 
 You declare what your machines do (recipes, tags, etc.) with the `machine` resource, the fundamental unit of Chef Provisioning.  You will typically declare `machine` resources in a separate, OS/provisioning-independent file that declares the *topology* of your app--your machines and the recipes that will run on them.
 
-The machine resources from the example [myapp::small](https://github.com/chef/chef-provisioning/blob/master/cookbooks/myapp/recipes/small.rb) are pretty straightforward.  Here's a copy/paste:
+The machine resources from the [cluster.rb example](https://github.com/chef/chef-provisioning/blob/master/docs/examples/cluster.rb) are pretty straightforward.  Here's a copy/paste:
 
 ```ruby
+# Database!
 machine 'mario' do
   recipe 'postgresql'
   recipe 'mydb'
@@ -97,6 +98,7 @@ end
 
 num_webservers = 1
 
+# Web servers!
 1.upto(num_webservers) do |i|
   machine "luigi#{i}" do
     recipe 'apache'

data/lib/chef/provider/load_balancer.rb

@@ -25,7 +25,7 @@ class Chef
                   Chef::Provisioning::ChefLoadBalancerSpec.empty(new_resource.name)
 
         Chef::Log.debug "Creating load balancer: #{new_resource.name}; loaded #{lb_spec.inspect}"
-        machine_specs = new_resource.machines ? new_resource.machines.map { |machine| get_machine_spec(machine) } : nil
+        machine_specs = new_resource.machines ? new_resource.machines.map { |machine| get_machine_spec(machine) } : []
 
         new_driver.allocate_load_balancer(action_handler, lb_spec, lb_options, machine_specs)
         lb_spec.save(action_handler)

data/lib/chef/provider/machine.rb

@@ -19,12 +19,12 @@ class Machine < Chef::Provider::LWRPBase
   end
 
   action :allocate do
-    if current_driver && current_driver.driver_url != new_driver.driver_url
-      raise "Cannot move '#{machine_spec.name}' from #{current_driver.driver_url} to #{new_driver.driver_url}: machine moving is not supported.  Destroy and recreate."
-    end
     if !new_driver
       raise "Driver not specified for machine #{machine_spec.name}"
     end
+    if current_driver && current_driver.driver_url != new_driver.driver_url
+      raise "Cannot move '#{machine_spec.name}' from #{current_driver.driver_url} to #{new_driver.driver_url}: machine moving is not supported.  Destroy and recreate."
+    end
     new_driver.allocate_machine(action_handler, machine_spec, new_machine_options)
     machine_spec.save(action_handler)
   end
@@ -137,7 +137,8 @@ class Machine < Chef::Provider::LWRPBase
           :private_key_options,
           :ohai_hints,
           :public_key_path, :public_key_format,
-          :admin, :validator
+          :admin, :validator,
+          :chef_config
         ].inject({}) do |result, key|
           result[key] = new_resource.send(key)
           result

data/lib/chef/provider/machine_batch.rb

@@ -54,15 +54,12 @@ class MachineBatch < Chef::Provider::LWRPBase
       if m[:resource] && m[:resource].converge
         Chef::Log.info("Converging #{m[:spec].name} because 'converge true' is set ...")
         m[:machine].converge(m[:action_handler])
-        m[:spec].save(m[:action_handler])
       elsif (!m[:resource] || m[:resource].converge.nil?) && m[:action_handler].locally_updated
         Chef::Log.info("Converging #{m[:spec].name} because the resource was updated ...")
         m[:machine].converge(m[:action_handler])
-        m[:spec].save(m[:action_handler])
       elsif !m[:spec].node['automatic'] || m[:spec].node['automatic'].size == 0
         Chef::Log.info("Converging #{m[:spec].name} because it has never been converged (automatic attributes are empty) ...")
         m[:machine].converge(m[:action_handler])
-        m[:spec].save(m[:action_handler])
       elsif m[:resource] && m[:resource].converge == false
         Chef::Log.debug("Not converging #{m[:spec].name} because 'converge false' is set.")
       end

data/lib/chef/provisioning/chef_load_balancer_spec.rb

@@ -76,7 +76,7 @@ module Provisioning
         chef_data_bag_item _self.name do
           data_bag 'loadbalancers'
           chef_server _chef_server
-          action :destroy
+          action :delete
         end
       end
     end

data/lib/chef/provisioning/convergence_strategy/install_msi.rb

@@ -9,7 +9,7 @@ module Provisioning
 
       def initialize(convergence_options, config)
         super
-        @install_msi_url = convergence_options[:install_msi_url] || 'http://www.chef.io/chef/install.msi'
+        @install_msi_url = convergence_options[:install_msi_url] || 'https://www.chef.io/chef/install.msi'
         @install_msi_path = convergence_options[:install_msi_path] || "$env:TEMP\\#{File.basename(@install_msi_url)}"
         @chef_client_timeout = convergence_options.has_key?(:chef_client_timeout) ? convergence_options[:chef_client_timeout] : 120*60 # Default: 2 hours
       end

data/lib/chef/provisioning/convergence_strategy/install_sh.rb

@@ -13,16 +13,29 @@ module Provisioning
           :client_pem_path => '/etc/chef/client.pem'
         })
         super(convergence_options, config)
-        @install_sh_url = convergence_options[:install_sh_url] || 'http://www.chef.io/chef/install.sh'
+        @install_sh_url = convergence_options[:install_sh_url] || 'https://www.chef.io/chef/install.sh'
         @install_sh_path = convergence_options[:install_sh_path] || '/tmp/chef-install.sh'
-        @bootstrap_env = convergence_options[:bootstrap_proxy] ? "http_proxy=#{convergence_options[:bootstrap_proxy]}" : ""
+        @chef_version = convergence_options[:chef_version]
+        @prerelease = convergence_options[:prerelease]
+        @install_sh_arguments = convergence_options[:install_sh_arguments]
+        @bootstrap_env = convergence_options[:bootstrap_proxy] ? "http_proxy=#{convergence_options[:bootstrap_proxy]} https_proxy=$http_proxy " : ""
         @chef_client_timeout = convergence_options.has_key?(:chef_client_timeout) ? convergence_options[:chef_client_timeout] : 120*60 # Default: 2 hours
       end
 
+      attr_reader :chef_version
+      attr_reader :prerelease
       attr_reader :install_sh_url
       attr_reader :install_sh_path
+      attr_reader :install_sh_arguments
       attr_reader :bootstrap_env
 
+      def install_sh_command_line
+        arguments = install_sh_arguments ? " #{install_sh_arguments}" : ""
+        arguments << " -v #{chef_version}" if chef_version
+        arguments << " -p" if prerelease
+        "bash -c '#{bootstrap_env} bash #{install_sh_path}#{arguments}'"
+      end
+
       def setup_convergence(action_handler, machine)
         super
 
@@ -31,7 +44,7 @@ module Provisioning
           # TODO ssh verification of install.sh before running arbtrary code would be nice?
           @@install_sh_cache[install_sh_url] ||= Net::HTTP.get(URI(install_sh_url))
           machine.write_file(action_handler, install_sh_path, @@install_sh_cache[install_sh_url], :ensure_dir => true)
-          machine.execute(action_handler, "bash -c '#{bootstrap_env} bash #{install_sh_path}'")
+          machine.execute(action_handler, install_sh_command_line)
         end
       end
 

data/lib/chef/provisioning/convergence_strategy/no_converge.rb

@@ -6,10 +6,6 @@ class Chef
 module Provisioning
   class ConvergenceStrategy
     class NoConverge < ConvergenceStrategy
-      def initialize(convergence_options, config)
-        super
-      end
-
       def chef_server
         @chef_server ||= convergence_options[:chef_server] || Cheffish.default_chef_server(config)
       end

data/lib/chef/provisioning/convergence_strategy/precreate_chef_objects.rb

@@ -6,19 +6,15 @@ class Chef
 module Provisioning
   class ConvergenceStrategy
     class PrecreateChefObjects < ConvergenceStrategy
-      def initialize(convergence_options, config)
-        super
-      end
-
       def chef_server
         @chef_server ||= convergence_options[:chef_server] || Cheffish.default_chef_server(config)
       end
 
       def setup_convergence(action_handler, machine)
         # Create keys on machine
-        public_key = create_keys(action_handler, machine)
+        private_key, public_key = create_keys(action_handler, machine)
         # Create node and client on chef server
-        create_chef_objects(action_handler, machine, public_key)
+        create_chef_objects(action_handler, machine, private_key, public_key)
 
         # If the chef server lives on localhost, tunnel the port through to the guest
         # (we need to know what got tunneled!)
@@ -93,7 +89,8 @@ module Provisioning
           machine.write_file(action_handler, convergence_options[:client_pem_path], server_private_key.to_pem, :ensure_dir => true)
         end
 
-        server_private_key.public_key
+        # We shouldn't be returning this: see https://github.com/chef/chef-provisioning/issues/292
+        [ server_private_key, server_private_key.public_key ]
       end
 
       def is_localhost(host)
@@ -125,7 +122,7 @@ module Provisioning
         end
       end
 
-      def create_chef_objects(action_handler, machine, public_key)
+      def create_chef_objects(action_handler, machine, private_key, public_key)
         _convergence_options = convergence_options
         _chef_server = chef_server
         # Save the node and create the client keys and client.
@@ -150,21 +147,41 @@ module Provisioning
 
         # If using enterprise/hosted chef, fix acls
         if chef_server[:chef_server_url] =~ /\/+organizations\/.+/
-          grant_client_node_permissions(action_handler, chef_server, machine.name, ["read", "update"])
+          grant_client_node_permissions(action_handler, chef_server, machine, ["read", "update"], private_key)
         end
       end
 
       # Grant the client permissions to the node
       # This procedure assumes that the client name and node name are the same
-      def grant_client_node_permissions(action_handler, chef_server, node_name, perms)
+      def grant_client_node_permissions(action_handler, chef_server, machine, perms, private_key)
+        node_name = machine.name
         api = Cheffish.chef_server_api(chef_server)
         node_perms = api.get("/nodes/#{node_name}/_acl")
-        perms.each do |p|
-          if !node_perms[p]['actors'].include?(node_name)
-            action_handler.perform_action "Add #{node_name} to client #{p} ACLs" do
-              node_perms[p]['actors'] << node_name
-              api.put("/nodes/#{node_name}/_acl/#{p}", p => node_perms[p])
+
+        begin
+          perms.each do |p|
+            if !node_perms[p]['actors'].include?(node_name)
+              action_handler.perform_action "Add #{node_name} to client #{p} ACLs" do
+                node_perms[p]['actors'] << node_name
+                api.put("/nodes/#{node_name}/_acl/#{p}", p => node_perms[p])
+              end
+            end
+          end
+        rescue Net::HTTPServerException => e
+          if e.response.code == "400"
+            action_handler.perform_action "Delete #{node_name} and recreate as client #{node_name}" do
+              api.delete("/nodes/#{node_name}")
+              as_user = chef_server.dup
+              as_user[:options] = as_user[:options].merge(
+                client_name: node_name,
+                signing_key_filename: nil,
+                raw_key: private_key.to_pem
+              )
+              as_user_api = Cheffish.chef_server_api(as_user)
+              as_user_api.post("/nodes", machine.node)
             end
+          else
+            raise
           end
         end
       end
@@ -177,18 +194,20 @@ module Provisioning
                               :verify_none
                             end
 
-        content = <<EOM
-chef_server_url #{chef_server_url.inspect}
-node_name #{node_name.inspect}
-client_key #{convergence_options[:client_pem_path].inspect}
-ssl_verify_mode #{ssl_verify_mode.to_sym.inspect}
-EOM
-        unless convergence_options[:bootstrap_proxy].nil?
-          content << <<EOM
-http_proxy #{convergence_options[:bootstrap_proxy].inspect}
-https_proxy #{convergence_options[:bootstrap_proxy].inspect}
-EOM
+        content = <<-EOM
+          chef_server_url #{chef_server_url.inspect}
+          node_name #{node_name.inspect}
+          client_key #{convergence_options[:client_pem_path].inspect}
+          ssl_verify_mode #{ssl_verify_mode.to_sym.inspect}
+        EOM
+        if convergence_options[:bootstrap_proxy]
+          content << <<-EOM
+            http_proxy #{convergence_options[:bootstrap_proxy].inspect}
+            https_proxy #{convergence_options[:bootstrap_proxy].inspect}
+          EOM
         end
+        content.gsub!(/^\s+/, "")
+        content << convergence_options[:chef_config] if convergence_options[:chef_config]
         content
       end
     end

data/lib/chef/provisioning/machine/unix_machine.rb

@@ -144,7 +144,7 @@ prerelease="false"
 project="chef"
 
 report_bug() {
-echo "Please file a bug report at http://tickets.opscode.com"
+echo "Please file a bug report at https://github.com/chef/chef-provisioning/issues"
 echo "Project: Chef"
 echo "Component: Packages"
 echo "Label: Omnibus"

data/lib/chef/provisioning/version.rb

@@ -1,5 +1,5 @@
 class Chef
 module Provisioning
-  VERSION = '0.18'
+  VERSION = '0.19'
 end
 end

data/lib/chef/resource/machine.rb

@@ -51,6 +51,9 @@ class Machine < Chef::Resource::LWRPBase
   # e.g. ohai_hint 'ec2' => { 'a' => 'b' } creates file ec2.json with json contents { 'a': 'b' }
   attribute :ohai_hints, :kind_of => Hash
 
+  # A string containing extra configuration for the machine
+  attribute :chef_config, :kind_of => String
+
   # Allows you to turn convergence off in the :create action by writing "converge false"
   # or force it with "true"
   attribute :converge, :kind_of => [TrueClass, FalseClass]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-provisioning
 version: !ruby/object:Gem::Version
-  version: '0.18'
+  version: '0.19'
 platform: ruby
 authors:
 - John Keiser
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-27 00:00:00.000000000 Z
+date: 2015-02-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-ssh