cheftacular 2.0.0

data/lib/cheftacular/actions/deploy.rb

@@ -0,0 +1,40 @@
+class Cheftacular
+  class ActionDocumentation
+    def deploy
+      @config['documentation']['action'] <<  [
+        "`cft deploy` will do a simple chef-client run on the servers for a role. " + 
+        "Logs of the run itself will be sent to the local log directory in the application (or chef-repo) where the run was conducted.",
+        
+        [
+          "    1.  This command also restarts services on the server and updates the code. Changes behavior slightly with the `-z|-Z` args."
+        ]
+      ]
+    end
+  end
+
+  class Action
+    def deploy
+      nodes = @config['getter'].get_true_node_objects false, true #when this is run in scaling we'll need to make sure we deploy to new nodes
+
+      nodes = @config['parser'].exclude_nodes( nodes, [{ if: "role[#{ @options['negative_role'] }]" }]) if @options['negative_role']
+      
+      #this must always precede on () calls so they have the instance variables they need
+      options, locs, ridley, logs_bag_hash, pass_bag_hash, bundle_command, cheftacular, passwords = @config['helper'].set_local_instance_vars
+
+      #on is namespaced to SSHKit::Backend::Netssh.on 
+      on ( nodes.map { |n| "deploy@" + n.public_ipaddress } ), in: :groups, limit: 10, wait: 5 do |host|
+        n = get_node_from_address(nodes, host.hostname)
+
+        puts("Beginning chef client run for #{ n.name } (#{ n.public_ipaddress }) on role #{ options['role'] }") unless options['quiet']
+
+        log_data, timestamp = start_deploy( n.name, n.public_ipaddress, options, locs, passwords)
+
+        logs_bag_hash["#{ n.name }-deploy"] = { text: log_data.scrub_pretty_text, timestamp: timestamp }
+      end
+      
+      @config['ChefDataBag'].save_logs_bag unless @options['debug'] #the debug chef-client runs are literally too large to POST
+
+      migrate(nodes) if @config['getter'].get_current_repo_config['database'] != 'none' && !@options['run_migration_already']
+    end
+  end
+end

data/lib/cheftacular/actions/log.rb

@@ -0,0 +1,47 @@
+class Cheftacular
+  class ActionDocumentation
+    def log
+      @config['documentation']['action'] <<  [
+        "`cft log` this command will output the last 500 lines of logs " +
+        "from every server set for CODEBASE (can be given additional args to specify) to the log directory",
+
+        [
+          "    1.  `--nginx` will fetch the nginx logs as well as the application logs",
+
+          "    2.  `--full` will fetch the entirety of the logs (will fetch the entire nginx log too if `--nginx` is specified)",
+
+          "    3. `--num INTEGER` will fetch the last INTEGER lines of logs",
+
+          "        1. `-l|--lines INTEGER` does the exact same thing as `--num INTEGER`.",
+
+          "    4. `--fetch-backup` If doing a pg_data log, this will fetch the latest logs from the pg_data log directory for each database."
+        ]
+      ]
+    end
+  end
+
+  class Action
+    def log
+      nodes = @config['getter'].get_true_node_objects
+
+      nodes = @config['parser'].exclude_nodes( nodes, [{ unless: "role[#{ @options['role'] }]" }] )
+
+      #this must always precede on () calls so they have the instance variables they need
+      options, locs, ridley, logs_bag_hash, pass_bag_hash, bundle_command, cheftacular, passwords = @config['helper'].set_local_instance_vars
+
+      getter = @config['getter']
+
+      on ( nodes.map { |n| "deploy@" + n.public_ipaddress } ), in: :parallel do |host|
+        n = get_node_from_address(nodes, host.hostname)
+
+        puts("Beginning log fetch run for #{ n.name } (#{ n.public_ipaddress }) on role #{ options['role'] }") unless options['quiet']
+
+        if getter.get_current_stack.nil?
+          start_log_role_map( name, n.public_ipaddress, getter.get_current_role_map['log_location'], options, locs, cheftacular, passwords)
+        else
+          self.send("start_log_fetch_#{ getter.get_current_stack }", n.name, n.public_ipaddress, n.run_list, options, locs, cheftacular, passwords)
+        end
+      end
+    end
+  end
+end

data/lib/cheftacular/actions/migrate.rb

@@ -0,0 +1,57 @@
+class Cheftacular
+  class ActionDocumentation
+    def migrate
+      @config['documentation']['action'] <<  [
+        "`cft migrate` this command will grab the first alphabetical node for a repository " +
+        "and run a migration that will hit the database primary server."
+      ]
+    end
+  end
+
+  class Action
+    def migrate nodes=[]
+      self.send("migrate_#{ @config['getter'].get_current_stack }", nodes)
+    end
+
+    def migrate_ruby_on_rails nodes=[]
+      nodes = @config['getter'].get_true_node_objects if nodes.empty?
+
+      #must have rails stack to run migrations, only want ONE node
+      nodes = @config['parser'].exclude_nodes(nodes, [{ unless: "role[#{ @options['role'] }]" }, { unless: 'role[rails]' }], true)
+
+      log_data = ""
+
+      #this must always precede on () calls so they have the instance variables they need
+      options, locs, ridley, logs_bag_hash, pass_bag_hash, bundle_command, cheftacular, passwords = @config['helper'].set_local_instance_vars
+
+      on ( nodes.map { |n| "deploy@" + n.public_ipaddress } ) do |host|
+        n = get_node_from_address(nodes, host.hostname)
+
+        puts("Beginning migration run for #{ n.name } (#{ n.public_ipaddress }) on role #{ options['role'] }") unless options['quiet']
+
+        log_data, timestamp = start_task( n.name, n.public_ipaddress, n.run_list, "#{ bundle_command } exec rake db:migrate", options, locs, cheftacular)
+
+        logs_bag_hash["#{ n.name }-migrate"] = { text: log_data.scrub_pretty_text, timestamp: timestamp }
+      end
+
+      @config['ChefDataBag'].save_logs_bag
+
+      @options['run_migration_already'] = true
+
+      #restart the servers again after a deploy with a migration just in case
+      deploy if !log_data.empty? && log_data != @config['cheftacular']['repositories'][@options['role']]['not_a_migration_message']
+    end
+
+    def migrate_wordpress nodes=[]
+      raise "Not yet implemented"
+    end
+
+    def migrate_nodejs nodes=[]
+      raise "Not yet implemented"
+    end
+
+    def migrate_all nodes=[]
+      raise "You attempted to migrate the all role, this is not possible."
+    end
+  end
+end

data/lib/cheftacular/actions/run.rb

@@ -0,0 +1,64 @@
+class Cheftacular
+  class ActionDocumentation
+    def run
+      @config['documentation']['action'] <<  [
+        "`cft run COMMAND [--all]` will trigger the command on the first server in the role. " + 
+        "Can be used to run rake commands or anything else.",
+
+        [
+          "    1. `--all` will make the command run against all servers in a role rather than the first server it comes across. " +
+          "Don't do this if you're modifying the database with the command.",
+
+          "    2. EX: `cft run rake routes`",
+
+          "    3. EX: `cft run ruby lib/one_time_fix.rb staging 20140214` This command can be used to run anything, not just rake tasks. " +
+          "It prepends bundle exec to your command for rails stack repositories",
+
+          "    4. IMPORTANT NOTE: You cannot run `cft run rake -T` as is, you have to enclose any command that uses command line dash " +
+          'arguments in quotes like `cft run "rake -T"`'
+        ]
+      ]
+    end
+  end
+
+  class Action
+    def run
+      self.send("run_#{ @config['getter'].get_current_stack }")
+    end
+
+    def run_ruby_on_rails
+      nodes   = @config['getter'].get_true_node_objects
+      command = @config['parser'].parse_runtime_arguments 0, 'range'
+
+      #must have rails stack to run migrations and not be a db, only want ONE node
+      nodes = @config['parser'].exclude_nodes( nodes, [{ unless: "role[#{ @options['role'] }]" }], !@options['run_on_all'] )
+
+      #this must always precede on () calls so they have the instance variables they need
+      options, locs, ridley, logs_bag_hash, pass_bag_hash, bundle_command, cheftacular, passwords = @config['helper'].set_local_instance_vars
+
+      on ( nodes.map { |n| "deploy@" + n.public_ipaddress } ) do |host|
+        n = get_node_from_address(nodes, host.hostname)
+
+        puts("Beginning task run for #{ n.name } (#{ n.public_ipaddress }) on role #{ options['role'] }") unless options['quiet']
+
+        log_data, timestamp = start_task( n.name, n.public_ipaddress, n.run_list, "#{ bundle_command } exec #{ command }", options, locs, cheftacular)
+
+        logs_bag_hash["#{ n.name }-run"] = { text: log_data.scrub_pretty_text, timestamp: timestamp }
+      end
+
+      @config['ChefDataBag'].save_logs_bag
+    end
+
+    def run_nodejs
+      raise "Not yet implemented"
+    end
+
+    def run_wordpress
+      raise "Not yet implemented"
+    end
+
+    def run_all
+      raise "You attempted to run a command for the all role, this is not possible."
+    end
+  end
+end

data/lib/cheftacular/actions/scale.rb

@@ -0,0 +1,94 @@
+
+# all in one method that will interact with cloud interactor to bring up the server and obtain its initial root pass then run ubuntu bootstrap and chef_bootstrap
+class Cheftacular
+  class ActionDocumentation
+    def scale
+      @config['documentation']['action'] <<  [
+        "`cft scale up|down [NUM_TO_SCALE]` will add (or remove) NUM_TO_SCALE servers from the server array. " +
+        "This command will not let you scale down below 1 server.",
+
+        [
+          "    1. In the case of server creation, this command takes a great deal of time to execute. " +
+          "It will output what stage it is currently on to the terminal but <b>you must not kill this command while it is executing</b>." +
+          "A failed build may require the server to be destroyed / examined by a DevOps engineer."
+        ]
+      ]
+    end
+  end
+
+  class Action
+    def scale type="up", num_to_scale=1
+      type         = ARGV[1] if ARGV[1]
+      num_to_scale = ARGV[2] if ARGV[2]
+
+      raise "Unknown type for scaling: #{ type }" unless (type =~ /up|down/) == 0
+      raise "Unknown scaling: #{ num_to_scale }"  unless num_to_scale.is_a?(Fixnum) && num_to_scale >= 1
+
+      nodes = @config['getter'].get_true_node_objects
+
+      base_node_names = {}
+
+      nodes = @config['parser'].exclude_nodes( nodes, [{ unless: 'role[scalable]' }] )
+
+      nodes.each do |n|
+        #names are stored alphabetically so this will always put the result hash in the form of {base_name => highest N}
+        base_node_names[n.name.gsub(/\d/,'')] ||= {}
+        base_node_names[n.name.gsub(/\d/,'')][n.name]        = n.name.gsub(/[^\d]/,'')
+
+        if base_node_names[n.name.gsub(/\d/,'')][n.name] > base_node_names[n.name.gsub(/\d/,'')]['highest_val'] || base_node_names[n.name.gsub(/\d/,'')]['highest_val'].nil?
+          base_node_names[n.name.gsub(/\d/,'')]['highest_val'] = n.name.gsub(/[^\d]/,'').to_i 
+        end
+      end
+
+      base_node_names.each_pair do |base_name, nodes_under_name_hash|
+        raise "Cannot scale lower than 1" if (nodes_under_name_hash.keys-1).count <= num_to_scale && type == 'down'
+      end
+
+      if base_node_names.empty?
+        puts("There are no nodes for #{ @options['role'] } in env #{ @options['env'] } that have scaling enabled.") unless options['quiet']
+      end
+
+      @options['force_yes']  = true
+      @options['in_scaling'] = true
+
+      scaling_node_defaults = @config['cheftacular']['scaling_nodes']
+
+      (1..num_to_scale).each do |i|
+        case type
+        when 'up'
+          base_node_names.each_pair do |base_name, nodes_under_name_hash|
+            @options['node_name']   = base_name + ( node_under_name_hash['highest_val'] + i ).to_s.rjust(2, '0')
+
+            if scaling_node_defaults.has_key?(base_name)
+              @options['flavor_name'] = scaling_node_defaults[base_name].has_key?('flavor') ? scaling_node_defaults[base_name]['flavor'] : @config['cheftacular']['default_flavor_name']
+              @options['descriptor']  = scaling_node_defaults[base_name].has_key?('descriptor') ? scaling_node_defaults[base_name]['descriptor'] : @options['node_name']
+            else
+              @options['flavor_name'] = @config['cheftacular']['default_flavor_name']
+              @options['descriptor']  = @options['node_name']
+            end
+
+            puts("Preparing to scale #{ type } server #{ @options['node_name'] } on role #{ @options['role'] }!") unless @options['quiet']
+
+            @config['stateless_action'].cloud_bootstrap
+          end
+        when 'down'
+          base_node_names.each_pair do |base_name, nodes_under_name_hash|
+            @options['node_name']   = base_name + ( node_under_name_hash['highest_val'] + i ).to_s.rjust(2, '0')
+
+            puts("Preparing to scale #{ type } server #{ @options['node_name'] } on role #{ @options['role'] }!") unless @options['quiet']
+
+            remove_client true
+          end
+        end
+
+        sleep 15 if num_to_scale > 1
+      end
+
+      @config['ChefDataBag'].save_server_passwords_bag #we must save the auth bag here and not in the individual rax_bootstrap runs so they don't corrupt the bags
+
+      @options['node_name'] = nil #if this is not nil deploy_role will try to deploy to a single server instead of the group
+
+      @config['action'].deploy
+    end
+  end
+end

data/lib/cheftacular/actions/tail.rb

@@ -0,0 +1,55 @@
+class Cheftacular
+  class ActionDocumentation
+    def tail
+      @config['documentation']['action'] <<  [
+        "`cft tail` will tail the logs (return continuous output) of the first node if finds " + 
+        "that has an application matching the repository running on it. Currently only supports rails stacks",
+
+        [
+          "    1. pass `-n NODE_NAME` to grab the output of a node other than the first.",
+
+          "    2. Workers and job servers change the output of this command heavily. " +
+          "Worker and job servers should tail their log to the master log (/var/log/syslog) where <b>all</b> of the major processes on the server output to. " +
+          "While the vast majority of this syslog will be relevant to application developers, some will not (usually firewall blocks and the like)."
+        ]
+      ]
+    end
+  end
+
+  class Action
+    #TODO ARG FOR TAILING ANY LOG FILE
+    def tail
+      nodes = @config['getter'].get_true_node_objects
+
+      nodes = @config['parser'].exclude_nodes( nodes, [{ unless: "role[#{ @options['role'] }]" }], true )
+
+      nodes.each do |n|
+        puts("Beginning tail run for #{ n.name } (#{ n.public_ipaddress }) on role #{ @options['role'] }") unless @options['quiet']
+
+
+        if @config['getter'].get_current_stack.nil?
+          start_tail_role_map( n.public_ipaddress )
+        else
+          self.send("start_tail_#{ @config['getter'].get_current_stack }", n.public_ipaddress, n.run_list )
+        end
+      end
+    end
+
+    private
+
+    def start_tail_role_map ip_address
+      log_loc = @config['getter'].get_current_role_map['log_location'].split(',').first
+
+      `ssh -oStrictHostKeyChecking=no -tt deploy@#{ ip_address } "#{ @config['helper'].sudo(ip_address) } tail -f #{ log_loc }" > /dev/tty`
+    end
+
+    def start_tail_ruby_on_rails ip_address, run_list
+      true_env = @config['dummy_sshkit'].get_true_environment run_list, @config['cheftacular']['run_list_environments'], @options['env']
+
+      #special servers should be listed first as most of them will have web role
+      log_loc = "#{ @config['cheftacular']['base_file_path'] }/#{ @options['repository'] }/current/log/#{ true_env }.log"
+      
+      `ssh -oStrictHostKeyChecking=no -tt deploy@#{ ip_address } "#{ @config['helper'].sudo(ip_address) } tail -f #{ log_loc }" > /dev/tty`
+    end
+  end
+end

data/lib/cheftacular/actions.rb

@@ -0,0 +1,14 @@
+
+class Cheftacular
+  class ActionDocumentation
+    def initialize options, config
+      @options, @config = options, config
+    end
+  end
+
+  class Action
+    def initialize options, config
+      @options, @config = options, config
+    end
+  end
+end

data/lib/cheftacular/auditor.rb

@@ -0,0 +1,46 @@
+
+class Cheftacular
+  class Auditor
+    def initialize options, config
+      @options, @config = options, config
+    end
+
+    def audit_run
+      current_day  = Time.now.strftime('%Y%m%d')
+      current_time = Time.now.strftime('%H:%M')
+
+      @config[@options['env']]['audit_bag_hash']['audit_log'][current_day] ||= {}
+      @config[@options['env']]['audit_bag_hash']['audit_log'][current_day][current_time] ||= []
+      @config[@options['env']]['audit_bag_hash']['audit_log'][current_day][current_time] << read_audit_cache_file_to_hash
+
+      @config['ChefDataBag'].save_audit_bag
+    end
+
+    def write_audit_cache_file
+      File.open( @config['helper'].current_audit_file_path, "w") { |f| f.write( fetch_audit_data_hash ) }
+    end
+
+    def read_audit_cache_file_to_hash ret_hash={}
+      ret_hash = Hash.class_eval( File.read( @config['helper'].current_audit_file_path ))
+      ret_hash['command']   = @options['command']
+      ret_hash['options']   = @options.except(:preferred_cloud, :preferred_cloud_region, :preferred_cloud_image) #TODO load preferred_X options if they are not the default?
+      ret_hash['arguments'] = ARGV[1..ARGV.length]
+
+      ret_hash
+    end
+
+    def fetch_audit_data_hash ret_hash={}, ip=""
+      Timeout::timeout(10) do
+        response = Net::HTTP.get URI.parse('http://checkip.dyndns.org')
+        ip = response.match( /(?:Address: )([\d\.]+)/ )[1]
+      end
+
+      ret_hash['hostname']  = Socket.gethostname
+      ret_hash['true_ip']   = ip
+
+      ret_hash
+    rescue StandardError => exception
+      @config['helper'].exception_output "Unable to finish parsing auditing hash", exception
+    end
+  end
+end

data/lib/cheftacular/chef/data_bag.rb

@@ -0,0 +1,104 @@
+
+class Cheftacular
+  class ChefDataBag
+    def initialize options={}, config={}
+      @options, @config = options, config
+    end
+
+    #this will only intialize bags (and their hashes) if they don't exist. Use ridley data bag methods to reload the data etc
+    def init_bag bag_env, bag_name, encrypted=true
+      self.instance_eval("@config['ridley'].data_bag.create(name: '#{ bag_env }')") if self.instance_eval("@config['ridley'].data_bag.find('#{ bag_env }').nil?")
+
+      if self.instance_eval("@config['ridley'].data_bag.find('#{ bag_env }').item.find('#{ bag_name }').nil?")
+        self.instance_eval("@config['ridley'].data_bag.find('#{ bag_env }').item.create(id: '#{ bag_name }')")
+      end
+
+      @config[bag_env] ||= {}
+
+      if !@config[bag_env].has_key?("#{ bag_name }_bag") || !@config[bag_env].has_key?("#{ bag_name }_bag_hash")
+        self.instance_eval "@config['#{ bag_env }']['#{ bag_name }_bag'] ||= @config['ridley'].data_bag.find('#{ bag_env }').item.find('#{ bag_name }')"
+
+        self.instance_eval "@config['#{ bag_env }']['#{ bag_name }_bag_hash'] ||= @config['#{ bag_env }']['#{ bag_name }_bag']#{ encrypted ? '.decrypt' : '' }.to_hash"
+      end
+    end
+
+    def save_logs_bag bag_env="options"
+      env = bag_env == 'options' ? @options['env'] : bag_env
+
+      item = @config[env]['logs_bag'].reload
+
+      #TODO use zlib gem to store and display logs https://stackoverflow.com/questions/17882463/compressing-large-string-in-ruby
+      item.attributes = item.attributes.deep_merge(@config[env]['logs_bag_hash'].dup)
+
+      begin
+        item.save
+      rescue Ridley::Errors::HTTPRequestEntityTooLarge => e
+        puts "WARNING! #{ e }! The logs from this run will not be saved on the chef server. Wiping the bag so future runs can be saved."
+
+        item.update(id: 'logs')
+
+        @config[env]['logs_bag_hash'] = @config[env]['logs_bag'].to_hash
+      end
+    end
+
+    #TODO special save for bag that will compile the data into a different bag for storage (the data will be stored as an audit log and zlib'd)
+    def save_audit_bag bag_env="options"
+      env = bag_env == 'options' ? @options['env'] : bag_env
+
+      save_bag 'audit', bag_env, @config[env]['audit_bag'], @config[env]['audit_bag_hash']
+    end
+
+    def save_authentication_bag bag_env="default"
+      save_bag 'authentication', bag_env, @config['default']['authentication_bag'], @config['default']['authentication_bag_hash']
+    end
+
+    def save_chef_passwords_bag bag_env="options"
+      env = bag_env == 'options' ? @options['env'] : bag_env
+
+      save_bag 'chef_passwords', bag_env, @config[env]['chef_passwords_bag'], @config[env]['chef_passwords_bag_hash'], true
+    end
+
+    def save_server_passwords_bag bag_env="options"
+      env = bag_env == 'options' ? @options['env'] : bag_env
+
+      save_bag 'server_passwords', bag_env, @config[env]['server_passwords_bag'], @config[env]['server_passwords_bag_hash'], true
+    end
+
+    def save_addresses_bag bag_env="options"
+      env = bag_env == 'options' ? @options['env'] : bag_env
+
+      save_bag 'addresses', bag_env, @config[env]['addresses_bag'], @config[env]['addresses_bag_hash']
+    end
+
+    def save_config_bag bag_env="options"
+      env = bag_env == 'options' ? @options['env'] : bag_env
+
+      save_bag 'config', bag_env, @config[env]['config_bag'], @config[env]['config_bag_hash']
+    end
+
+    def save_node_roles_bag bag_env="options"
+      env = bag_env == 'options' ? @options['env'] : bag_env
+
+      save_bag 'node_roles', bag_env, @config[env]['node_roles_bag'], @config[env]['node_roles_bag_hash']
+    end
+
+    private
+    def save_bag bag_name, bag_env, bag, bag_hash, encrypted=false
+      return true if @config['helper'].running_on_chef_node?
+
+      new_bag_hash =  bag_hash.deep_dup
+
+      item = bag.reload
+
+      load_hash = encrypted ? item.decrypt.to_hash.deep_merge(new_bag_hash) : item.attributes.deep_merge(new_bag_hash)
+
+      item.attributes = encrypted ? @config['encryptor'].return_encrypted_hash(load_hash) : load_hash
+
+      item.save
+    rescue Ridley::Errors::HTTPRequestEntityTooLarge => e
+      msg = "FATAL! Bag #{ bag_name } in environment bag #{ bag_env } was not able to be saved because it has grown too large! This bag must cleaned up ASAP!"
+      
+      @config['helper'].exception_output msg, e
+    end
+  end
+end

data/lib/cheftacular/cheftacular.rb

@@ -0,0 +1,55 @@
+require 'ridley' #chef tools outside of chef!
+require 'highline/import'
+require 'optparse'
+require 'base64'
+require 'openssl'
+require 'ffi_yajl'
+require 'sshkit'
+require 'sshkit/dsl' #yes you have to do it this way
+require 'awesome_print'
+require 'rest-client'
+require 'active_support'
+require 'active_support/inflector'
+require 'active_support/core_ext'
+require 'public_suffix'
+require 'yaml'
+require 'json'
+require 'rbconfig'
+require 'fog'
+require 'socket'
+require 'net/http'
+require 'timeout'
+
+Dir["#{File.dirname(__FILE__)}/../**/*.rb"].each { |f| require f }
+
+class Cheftacular
+  def initialize options={'env'=>'staging'}, config={}
+    @options, @config = options, config
+
+    @config['start_time']  = Time.now
+
+    @config['helper']      = Helper.new(@options, @config)
+
+    @config['initializer'] = Initializer.new(@options, @config)
+
+    @config['stateless_action'].initialize_data_bag_contents @options['env'] #ensure basic structure are always maintained before each run
+
+    @config['parser'].parse_application_context if @config['cheftacular']['mode'] == 'application'
+
+    @config['parser'].parse_context
+
+    puts("Preparing to run command \"#{ @options['command'] }\"...") if @options['verbose']
+
+    @config['auditor'].audit_run if @config['cheftacular']['auditing'] == 'true'
+
+    @config['action'].send(@options['command']) if @config['helper'].is_command?(@options['command'])
+
+    @config['stateless_action'].send(@options['command']) if @config['helper'].is_stateless_command?(@options['command'])
+
+    @config['stateless_action'].send('help') if @config['helper'].is_not_command_or_stateless_command?(@options['command'])
+
+    @config['helper'].output_run_stats
+
+    exit #explicitly call this in case some celluoid workers are still hanging around
+  end
+end

data/lib/cheftacular/decryptors.rb

@@ -0,0 +1,45 @@
+
+class Cheftacular
+  class Decryptor
+    ALGORITHM = 'aes-256-cbc'
+
+    def initialize data_bag_secret
+      @data_bag_secret = data_bag_secret
+    end
+
+    def return_decrypted_hash input_hash, return_hash={}
+      input_hash.each_pair do |key, value_hash|
+        next if key =~ /id/
+        next if value_hash['iv'].nil? || value_hash['iv'].empty?
+
+        return_hash[key] = JSON.parse(decrypt_hash(value_hash)).to_hash["json_wrapper"]
+      end
+
+      return_hash['id'] = input_hash['id']
+
+      return_hash
+    end
+
+    def openssl_decryptor
+      openssl_decryptor = begin
+        decryptor = OpenSSL::Cipher::Cipher.new(ALGORITHM)
+        decryptor.decrypt
+        decryptor.key = Digest::SHA256.digest(@data_bag_secret)
+        decryptor.iv = @iv
+        decryptor
+      end
+    end
+
+    def decrypt_hash hash
+      @iv = Base64.decode64(hash["iv"])
+
+      decryptor = openssl_decryptor
+
+      decrypted_data = decryptor.update(Base64.decode64(hash["encrypted_data"]))
+
+      decrypted_data << decryptor.final
+
+      decrypted_data
+    end
+  end
+end