chef 10.34.6 → 11.0.0.beta.0

data/distro/common/markdown/man1/knife-exec.mkd

@@ -9,13 +9,15 @@ __knife__ __exec__ _(options)_
     Provide a snippet of code to evaluate on the command line
 
 ## DESCRIPTION
-`knife exec` runs arbitrary ruby scripts in a context similar to that of
-the shef(1) DSL. See the shef documentation for a description of the
-commands available.
+
+`knife exec` runs arbitrary ruby scripts in a context similar to that
+of the chef-shell(1) DSL. See the chef-shell documentation for a
+description of the commands available.
 
 ## EXAMPLES
+
   * Make an API call against an arbitrary endpoint:
-    knife exec -E 'api.get("nodes/fluke.localdomain/cookbooks")'  
+    knife exec -E 'api.get("nodes/fluke.localdomain/cookbooks")'
     => list of cookbooks for the node _fluke.localdomain_
   * Remove the role _obsolete_ from all nodes:
     knife exec -E 'nodes.transform(:all){|n| n.run\_list.delete("role[obsolete]")}'
@@ -23,15 +25,18 @@ commands available.
     knife exec -E 'nodes.find(:roles => "webserver") {|n| n.expand!; n[:recipes]}'
 
 ## SEE ALSO
-   __shef(1)__
+
+   __chef-shell(1)__
 
 ## AUTHOR
+
    Chef was written by Adam Jacob <adam@opscode.com> with many contributions from the community.
 
 ## DOCUMENTATION
+
    This manual page was written by Joshua Timberman <joshua@opscode.com>.
    Permission is granted to copy, distribute and / or modify this document under the terms of the Apache 2.0 License.
 
 ## CHEF
-   Knife is distributed with Chef. <http://wiki.opscode.com/display/chef/Home>
 
+   Knife is distributed with Chef. <http://wiki.opscode.com/display/chef/Home>

data/distro/common/markdown/man1/knife.mkd

@@ -98,14 +98,9 @@ If the config file exists, knife uses these settings for __GENERAL OPTIONS__ def
   * `chef_server_url`:
     URL of the Chef server. Corresponds to the `-s` or `--server-url`
     option. This is requested from the user when running this sub-command.
-  * `cache_type`:
-    The type of cache to use. Default is BasicFile. This can be any type of
-    Cache that moneta supports: BasicFile, Berkeley, Couch, DataMapper,
-    File, LMC, Memcache, Memory, MongoDB, Redis, Rufus, S3, SDBM, Tyrant,
-    Xattr, YAML.
-  * `cache_options`:
-    Specifies various options to use for caching. These options are
-    dependent on the `cache_type`.
+  * `syntax_check_cache_path`:
+    Specifies the path to a directory where knife caches information
+    about files that it has syntax checked.
   * `validation_client_name`:
     Specifies the name of the client used to validate new clients.
   * `validation_key`:
@@ -183,7 +178,7 @@ recommended though, and git fits with a lot of the workflow paradigms.
     data editing entirely.
 
 ## SEE ALSO
-  __chef-client(8)__ __chef-server(8)__ __shef(1)__
+  __chef-client(8)__ __chef-server(8)__ __chef-shell(1)__
 
   __knife-bootstrap(1)__ __knife-client(1)__ __knife-configure(1)__
   __knife-cookbook-site(1)__ __knife-cookbook(1)__ __knife-data-bag(1)__

data/distro/debian/etc/default/chef-client

@@ -2,4 +2,3 @@ LOGFILE=/var/log/chef/client.log
 CONFIG=/etc/chef/client.rb
 INTERVAL=1800
 SPLAY=20
-STARTTIME=1

data/distro/debian/etc/init.d/chef-client

@@ -41,7 +41,7 @@ running_pid() {
   name=$2
   [ -z "$pid" ] && return 1
   [ ! -d /proc/$pid ] &&  return 1
-  cmd=`cat /proc/$pid/cmdline | tr '\000' '\n' | awk 'NR==2'`
+  cmd=`awk '/Name:/ {print $2}' /proc/$pid/status`
   [ "$cmd" != "$name" ] &&  return 1
   return 0
 }
@@ -49,7 +49,7 @@ running_pid() {
 running() {
   [ ! -f "$PIDFILE" ] && return 1
   pid=`cat $PIDFILE`
-  running_pid $pid $DAEMON || return 1
+  running_pid $pid $NAME || return 1
   return 0
 }
 

data/lib/chef.rb

@@ -6,9 +6,9 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -27,8 +27,6 @@ require 'chef/resources'
 require 'chef/shell_out'
 
 require 'chef/daemon'
-require 'chef/webui_user'
-require 'chef/openid_registration'
 
 require 'chef/run_status'
 require 'chef/handler'
@@ -39,4 +37,3 @@ require 'chef/monkey_patches/dir'
 require 'chef/monkey_patches/string'
 require 'chef/monkey_patches/numeric'
 require 'chef/monkey_patches/object'
-require 'chef/monkey_patches/uri'

data/lib/chef/api_client.rb

@@ -20,9 +20,6 @@
 require 'chef/config'
 require 'chef/mixin/params_validate'
 require 'chef/mixin/from_file'
-require 'chef/couchdb'
-require 'chef/certificate'
-require 'chef/index_queue'
 require 'chef/mash'
 require 'chef/json_compat'
 require 'chef/search/query'
@@ -32,51 +29,13 @@ class Chef
 
     include Chef::Mixin::FromFile
     include Chef::Mixin::ParamsValidate
-    include Chef::IndexQueue::Indexable
-
-
-    DESIGN_DOCUMENT = {
-      "version" => 1,
-      "language" => "javascript",
-      "views" => {
-        "all" => {
-          "map" => <<-EOJS
-          function(doc) {
-            if (doc.chef_type == "client") {
-              emit(doc.name, doc);
-            }
-          }
-          EOJS
-        },
-        "all_id" => {
-          "map" => <<-EOJS
-          function(doc) {
-            if (doc.chef_type == "client") {
-              emit(doc.name, doc.name);
-            }
-          }
-          EOJS
-        }
-      }
-    }
-
-    INDEX_OBJECT_TYPE = 'client'.freeze
-
-    def self.index_object_type
-      INDEX_OBJECT_TYPE
-    end
-
-    attr_accessor :couchdb_rev, :couchdb_id, :couchdb
 
     # Create a new Chef::ApiClient object.
-    def initialize(couchdb=nil)
+    def initialize
       @name = ''
       @public_key = nil
       @private_key = nil
-      @couchdb_rev = nil
-      @couchdb_id = nil
       @admin = false
-      @couchdb = (couchdb || Chef::CouchDB.new)
     end
 
     # Gets or sets the client name.
@@ -127,19 +86,8 @@ class Chef
       )
     end
 
-    # Creates a new public/private key pair, and populates the public_key and
-    # private_key attributes.
-    #
-    # @return [True]
-    def create_keys
-      results = Chef::Certificate.gen_keypair(self.name)
-      self.public_key(results[0].to_s)
-      self.private_key(results[1].to_s)
-      true
-    end
-
-    # The hash representation of the object.  Includes the name and public_key,
-    # but never the private key.
+    # The hash representation of the object. Includes the name and public_key.
+    # Private key is included if available.
     #
     # @return [Hash]
     def to_hash
@@ -150,7 +98,7 @@ class Chef
         'json_class' => self.class.name,
         "chef_type" => "client"
       }
-      result["_rev"] = @couchdb_rev if @couchdb_rev
+      result["private_key"] = @private_key if @private_key
       result
     end
 
@@ -164,21 +112,14 @@ class Chef
     def self.json_create(o)
       client = Chef::ApiClient.new
       client.name(o["name"] || o["clientname"])
-      client.private_key(o["private_key"]) if o["private_key"]
+      client.private_key(o["private_key"]) if o.key?("private_key")
       client.public_key(o["public_key"])
       client.admin(o["admin"])
-      client.couchdb_rev = o["_rev"]
-      client.couchdb_id = o["_id"]
-      client.index_id = client.couchdb_id
       client
     end
 
-    # List all the Chef::ApiClient objects in the CouchDB.  If inflate is set
-    # to true, you will get the full list of all ApiClients, fully inflated.
-    def self.cdb_list(inflate=false, couchdb=nil)
-      rs = (couchdb || Chef::CouchDB.new).list("clients", inflate)
-      lookup = (inflate ? "value" : "key")
-      rs["rows"].collect { |r| r[lookup] }
+    def self.http_api
+      Chef::REST.new(Chef::Config[:chef_server_url])
     end
 
     def self.reregister(name)
@@ -195,21 +136,13 @@ class Chef
         end
         response
       else
-        Chef::REST.new(Chef::Config[:chef_server_url]).get_rest("clients")
+        http_api.get("clients")
       end
     end
 
-    # Load a client by name from CouchDB
-    #
-    # @params [String] The name of the client to load
-    # @return [Chef::ApiClient] The resulting Chef::ApiClient object
-    def self.cdb_load(name, couchdb=nil)
-      (couchdb || Chef::CouchDB.new).load("client", name)
-    end
-
     # Load a client by name via the API
     def self.load(name)
-      response = Chef::REST.new(Chef::Config[:chef_server_url]).get_rest("clients/#{name}")
+      response = http_api.get("clients/#{name}")
       if response.kind_of?(Chef::ApiClient)
         response
       else
@@ -219,69 +152,27 @@ class Chef
       end
     end
 
-    # Remove this client from the CouchDB
-    #
-    # @params [String] The name of the client to delete
-    # @return [Chef::ApiClient] The last version of the object
-    def cdb_destroy
-      @couchdb.delete("client", @name, @couchdb_rev)
-    end
-
     # Remove this client via the REST API
     def destroy
-      Chef::REST.new(Chef::Config[:chef_server_url]).delete_rest("clients/#{@name}")
-    end
-
-    # Save this client to the CouchDB
-    def cdb_save
-      @couchdb_rev = @couchdb.store("client", @name, self)["rev"]
+      http_api.delete("clients/#{@name}")
     end
 
     # Save this client via the REST API, returns a hash including the private key
-    def save(new_key=false, validation=false)
-      # Implement CHEF-4373 with minimal churn to existing code:
-      return register_with_self_generated_key if new_key && validation && Chef::Config.local_key_generation
-
-      if validation
-        r = Chef::REST.new(Chef::Config[:chef_server_url], Chef::Config[:validation_client_name], Chef::Config[:validation_key])
-      else
-        r = Chef::REST.new(Chef::Config[:chef_server_url])
-      end
-      # First, try and create a new registration
+    def save
       begin
-        r.post_rest("clients", {:name => self.name, :admin => self.admin })
+        http_api.put("clients/#{name}", { :name => self.name, :admin => self.admin})
       rescue Net::HTTPServerException => e
         # If that fails, go ahead and try and update it
-        if e.response.code == "409"
-          r.put_rest("clients/#{name}", { :name => self.name, :admin => self.admin, :private_key => new_key })
+        if e.response.code == "404"
+          http_api.post("clients", {:name => self.name, :admin => self.admin })
         else
           raise e
         end
       end
     end
 
-    def register_with_self_generated_key
-      r = Chef::REST.new(Chef::Config[:chef_server_url], Chef::Config[:validation_client_name], Chef::Config[:validation_key])
-      pkey = OpenSSL::PKey::RSA.generate(2048)
-      client_data = {:name => name, :admin => false , :public_key => pkey.public_key.to_pem}
-      # First, try and create a new registration
-      r = begin
-        r.post_rest("clients", client_data)
-      rescue Net::HTTPServerException => e
-        # If that fails, go ahead and try and update it
-        if e.response.code == "409"
-          r.put_rest("clients/#{name}", client_data)
-        else
-          raise e
-        end
-      end
-      private_key(pkey.to_pem)
-      self
-    end
-
     def reregister
-      r = Chef::REST.new(Chef::Config[:chef_server_url])
-      reregistered_self = r.put_rest("clients/#{name}", { :name => name, :admin => admin, :private_key => true })
+      reregistered_self = http_api.put("clients/#{name}", { :name => name, :admin => admin, :private_key => true })
       if reregistered_self.respond_to?(:[])
         private_key(reregistered_self["private_key"])
       else
@@ -292,12 +183,7 @@ class Chef
 
     # Create the client via the REST API
     def create
-      Chef::REST.new(Chef::Config[:chef_server_url]).post_rest("clients", self)
-    end
-
-    # Set up our CouchDB design document
-    def self.create_design_document(couchdb=nil)
-      (couchdb ||= Chef::CouchDB.new).create_design_document("clients", DESIGN_DOCUMENT)
+      http_api.post("clients", self)
     end
 
     # As a string
@@ -310,6 +196,10 @@ class Chef
       "public_key:'#{public_key}' private_key:'#{private_key}'"
     end
 
+    def http_api
+      @http_api ||= Chef::REST.new(Chef::Config[:chef_server_url])
+    end
+
   end
 end
 

data/lib/chef/api_client/registration.rb

@@ -0,0 +1,126 @@
+#
+# Author:: Daniel DeLeo (<dan@opscode.com>)
+# Copyright:: Copyright (c) 2012 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/config'
+require 'chef/rest'
+require 'chef/exceptions'
+
+class Chef
+  class ApiClient
+
+    # ==Chef::ApiClient::Registration
+    # Manages the process of creating or updating a Chef::ApiClient on the
+    # server and writing the resulting private key to disk. Registration uses
+    # the validator credentials for its API calls. This allows it to bootstrap
+    # a new client/node identity by borrowing the validator client identity
+    # when creating a new client.
+    class Registration
+      attr_reader :private_key
+      attr_reader :destination
+      attr_reader :name
+
+      def initialize(name, destination)
+        @name = name
+        @destination = destination
+        @private_key = nil
+      end
+
+      # Runs the client registration process, including creating the client on
+      # the chef-server and writing its private key to disk.
+      #--
+      # If client creation fails with a 5xx, it is retried up to 5 times. These
+      # retries are on top of the retries with randomized exponential backoff
+      # built in to Chef::REST. The retries here are a workaround for failures
+      # caused by resource contention in Hosted Chef when creating a very large
+      # number of clients simultaneously, (e.g., spinning up 100s of ec2 nodes
+      # at once). Future improvements to the affected component should make
+      # these retries unnecessary.
+      def run
+        assert_destination_writable!
+        retries = Config[:client_registration_retries] || 5
+        begin
+          create_or_update
+        rescue Net::HTTPFatalError => e
+          # HTTPFatalError implies 5xx.
+          raise if retries <= 0
+          retries -= 1
+          Chef::Log.warn("Failed to register new client, #{retries} tries remaining")
+          Chef::Log.warn("Response: HTTP #{e.response.code} - #{e}")
+          retry
+        end
+        write_key
+      end
+
+      def assert_destination_writable!
+        if (File.exists?(destination) && !File.writable?(destination)) or !File.writable?(File.dirname(destination))
+          raise Chef::Exceptions::CannotWritePrivateKey, "I cannot write your private key to #{destination} - check permissions?"
+        end
+      end
+
+      def write_key
+        ::File.open(destination, file_flags, 0600) do |f|
+          f.print(private_key)
+        end
+      rescue IOError => e
+        raise Chef::Exceptions::CannotWritePrivateKey, "Error writing private key to #{destination}: #{e}"
+      end
+
+      def create_or_update
+        create
+      rescue Net::HTTPServerException => e
+        # If create fails because the client exists, attempt to update. This
+        # requires admin privileges.
+        raise unless e.response.code == "409"
+        update
+      end
+
+      def create
+        response = http_api.post("clients", :name => name, :admin => false)
+        @private_key = response["private_key"]
+        response
+      end
+
+      def update
+        response = http_api.put("clients/#{name}", :name => name,
+                                                     :admin => false,
+                                                     :private_key => true)
+        if response.respond_to?(:private_key) # Chef 11
+          @private_key = response.private_key
+        else # Chef 10
+          @private_key = response["private_key"]
+        end
+        response
+      end
+
+      def http_api
+        @http_api_as_validator ||= Chef::REST.new(Chef::Config[:chef_server_url],
+                                                  Chef::Config[:validation_client_name],
+                                                  Chef::Config[:validation_key])
+      end
+
+      def file_flags
+        base_flags = File::CREAT|File::TRUNC|File::RDWR
+        # Windows doesn't have symlinks, so it doesn't have NOFOLLOW
+        base_flags |= File::NOFOLLOW if defined?(File::NOFOLLOW)
+        base_flags
+      end
+    end
+  end
+end
+
+