cluster_chef 3.0.5

data/Rakefile

@@ -0,0 +1,92 @@
+#
+# Rakefile for Cluster Chef Knife plugins
+#
+# Author::    Adam Jacob (<adam@opscode.com>)
+# Copyright:: Copyright (c) 2008 Opscode, Inc.
+# License::   Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'rubygems' unless defined?(Gem)
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'json'
+require 'jeweler'
+require 'rspec/core/rake_task'
+require 'yard'
+
+# Load constants from rake config file.
+Dir[File.join(File.dirname(__FILE__), 'tasks', '*.rb')].sort.each{|f| p f ; require f }
+
+$jeweler_push_from_branch = 'version_3'
+
+# ---------------------------------------------------------------------------
+#
+# Jeweler -- release cluster_chef as a gem
+#
+Jeweler::Tasks.new do |gem|
+  gem.name        = ENV['CLUSTER_CHEF_NAME'] || "cluster_chef-knife"
+  gem.homepage    = "http://infochimps.com/labs"
+  gem.license     = NEW_COOKBOOK_LICENSE.to_s
+  gem.summary     = %Q{cluster_chef allows you to orchestrate not just systems but clusters of machines. It includes a powerful layer on top of knife and a collection of cloud cookbooks.}
+  gem.description = %Q{cluster_chef allows you to orchestrate not just systems but clusters of machines. It includes a powerful layer on top of knife and a collection of cloud cookbooks.}
+  gem.email       = SSL_EMAIL_ADDRESS
+  gem.authors     = ["Infochimps"]
+
+  ignores = File.readlines(".gitignore").grep(/^[^#]\S+/).map{|s| s.chomp }
+  dotfiles = [".gemtest", ".gitignore", ".rspec", ".yardopts"]
+  gem.files = dotfiles + Dir["**/*"].
+    reject{|f| f =~ %r{^cookbooks/} }.
+    reject{|f| File.directory?(f) }.
+    reject{|f| ignores.any?{|i| File.fnmatch(i, f) || File.fnmatch(i+'/*', f) || File.fnmatch(i+'/**/*', f) } }
+  gem.test_files = gem.files.grep(/^spec\//)
+  gem.require_paths = ['lib']
+
+  if gem.name == 'cluster_chef'
+    gem.files.reject!{|f| f =~ %r{^(cluster_chef-knife.gemspec|lib/chef/knife/)} }
+  else
+    gem.files.reject!{|f| f =~ %r{^(cluster_chef.gemspec|lib/cluster_chef)} }
+  end
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+# ---------------------------------------------------------------------------
+#
+# RSpec -- testing
+#
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList['spec/**/*_spec.rb']
+end
+
+RSpec::Core::RakeTask.new(:rcov) do |spec|
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+  spec.rcov_opts = %w[ --exclude .rvm --no-comments --text-summary]
+end
+
+# ---------------------------------------------------------------------------
+#
+# Yard -- documentation
+#
+YARD::Rake::YardocTask.new
+
+# ---------------------------------------------------------------------------
+
+task :default => :spec

data/TODO.md

@@ -0,0 +1,8 @@
+### From Nathan
+- syntactic sugar for ```server(0).fullname('blah')```
+
+### Knife commands
+
+* knife cluster kick fails if service isn't running
+* make clear directions for installing `cluster_chef` and its initial use.
+* knife cluster launch should fail differently if you give it a facet that doesn't exist

data/VERSION

@@ -0,0 +1 @@
+3.0.5

data/chefignore

@@ -0,0 +1,41 @@
+# Put files/directories that should be ignored in this file.
+# Lines that start with '# ' are comments.
+
+## OS
+.DS_Store
+Icon?
+nohup.out
+
+## EDITORS
+\#*
+.#*
+*~
+*.sw[a-z]
+*.bak
+REVISION
+TAGS*
+tmtags
+*_flymake.*
+*_flymake
+*.tmproj
+.project
+.settings
+mkmf.log
+
+## COMPILED
+a.out
+*.o
+*.pyc
+*.so
+
+## OTHER SCM
+*/.bzr/*
+*/.hg/*
+*/.svn/*
+
+## Don't send rspecs up in cookbook
+.watchr
+.rspec
+spec/*
+spec/fixtures/*
+

data/cluster_chef.gemspec

@@ -0,0 +1,115 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = "cluster_chef"
+  s.version = "3.0.5"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Infochimps"]
+  s.date = "2011-12-11"
+  s.description = "cluster_chef allows you to orchestrate not just systems but clusters of machines. It includes a powerful layer on top of knife and a collection of cloud cookbooks."
+  s.email = "coders@infochimps.com"
+  s.extra_rdoc_files = [
+    "LICENSE",
+    "README.md"
+  ]
+  s.files = [
+    ".gitignore",
+    ".rspec",
+    "CHANGELOG.md",
+    "Gemfile",
+    "LICENSE",
+    "README.md",
+    "Rakefile",
+    "TODO.md",
+    "VERSION",
+    "chefignore",
+    "cluster_chef.gemspec",
+    "clusters/website_demo.rb",
+    "config/client.rb",
+    "lib/cluster_chef.rb",
+    "lib/cluster_chef/chef_layer.rb",
+    "lib/cluster_chef/cloud.rb",
+    "lib/cluster_chef/cluster.rb",
+    "lib/cluster_chef/compute.rb",
+    "lib/cluster_chef/cookbook_munger.rb",
+    "lib/cluster_chef/cookbook_munger/README.md.erb",
+    "lib/cluster_chef/cookbook_munger/licenses.yaml",
+    "lib/cluster_chef/cookbook_munger/metadata.rb.erb",
+    "lib/cluster_chef/deprecated.rb",
+    "lib/cluster_chef/discovery.rb",
+    "lib/cluster_chef/dsl_object.rb",
+    "lib/cluster_chef/facet.rb",
+    "lib/cluster_chef/fog_layer.rb",
+    "lib/cluster_chef/private_key.rb",
+    "lib/cluster_chef/role_implications.rb",
+    "lib/cluster_chef/security_group.rb",
+    "lib/cluster_chef/server.rb",
+    "lib/cluster_chef/server_slice.rb",
+    "lib/cluster_chef/volume.rb",
+    "notes/aws_console_screenshot.jpg",
+    "rspec.watchr",
+    "spec/cluster_chef/cluster_spec.rb",
+    "spec/cluster_chef/facet_spec.rb",
+    "spec/cluster_chef/server_slice_spec.rb",
+    "spec/cluster_chef/server_spec.rb",
+    "spec/cluster_chef_spec.rb",
+    "spec/spec_helper.rb",
+    "spec/spec_helper/dummy_chef.rb",
+    "spec/test_config.rb",
+    "tasks/chef_config.rb",
+    "tasks/jeweler_use_alt_branch.rb"
+  ]
+  s.homepage = "http://infochimps.com/labs"
+  s.licenses = ["apachev2"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = "1.8.11"
+  s.summary = "cluster_chef allows you to orchestrate not just systems but clusters of machines. It includes a powerful layer on top of knife and a collection of cloud cookbooks."
+  s.test_files = ["spec/cluster_chef/cluster_spec.rb", "spec/cluster_chef/facet_spec.rb", "spec/cluster_chef/server_slice_spec.rb", "spec/cluster_chef/server_spec.rb", "spec/cluster_chef_spec.rb", "spec/spec_helper/dummy_chef.rb", "spec/spec_helper.rb", "spec/test_config.rb"]
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<chef>, ["~> 0.10.4"])
+      s.add_runtime_dependency(%q<fog>, ["~> 1.1.1"])
+      s.add_runtime_dependency(%q<formatador>, ["~> 0.2.1"])
+      s.add_runtime_dependency(%q<gorillib>, ["~> 0.1.7"])
+      s.add_development_dependency(%q<bundler>, ["~> 1"])
+      s.add_development_dependency(%q<yard>, ["~> 0.6.7"])
+      s.add_development_dependency(%q<jeweler>, ["~> 1.6.4"])
+      s.add_development_dependency(%q<rspec>, ["~> 2.7.0"])
+      s.add_development_dependency(%q<configliere>, ["~> 0.4.8"])
+      s.add_development_dependency(%q<spork>, ["~> 0.9.0.rc5"])
+      s.add_development_dependency(%q<watchr>, ["~> 0.7"])
+    else
+      s.add_dependency(%q<chef>, ["~> 0.10.4"])
+      s.add_dependency(%q<fog>, ["~> 1.1.1"])
+      s.add_dependency(%q<formatador>, ["~> 0.2.1"])
+      s.add_dependency(%q<gorillib>, ["~> 0.1.7"])
+      s.add_dependency(%q<bundler>, ["~> 1"])
+      s.add_dependency(%q<yard>, ["~> 0.6.7"])
+      s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
+      s.add_dependency(%q<rspec>, ["~> 2.7.0"])
+      s.add_dependency(%q<configliere>, ["~> 0.4.8"])
+      s.add_dependency(%q<spork>, ["~> 0.9.0.rc5"])
+      s.add_dependency(%q<watchr>, ["~> 0.7"])
+    end
+  else
+    s.add_dependency(%q<chef>, ["~> 0.10.4"])
+    s.add_dependency(%q<fog>, ["~> 1.1.1"])
+    s.add_dependency(%q<formatador>, ["~> 0.2.1"])
+    s.add_dependency(%q<gorillib>, ["~> 0.1.7"])
+    s.add_dependency(%q<bundler>, ["~> 1"])
+    s.add_dependency(%q<yard>, ["~> 0.6.7"])
+    s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
+    s.add_dependency(%q<rspec>, ["~> 2.7.0"])
+    s.add_dependency(%q<configliere>, ["~> 0.4.8"])
+    s.add_dependency(%q<spork>, ["~> 0.9.0.rc5"])
+    s.add_dependency(%q<watchr>, ["~> 0.7"])
+  end
+end
+

data/clusters/website_demo.rb

@@ -0,0 +1,65 @@
+ClusterChef.cluster 'webserver_demo' do
+  cloud :ec2 do
+    defaults
+    availability_zones ['us-east-1d']
+    flavor              't1.micro'  # change to something larger for serious use
+    backing             'ebs'
+    image_name          'natty'
+    bootstrap_distro    'ubuntu10.04-cluster_chef'
+    chef_client_script  'client.rb'
+    mount_ephemerals(:tags => { :scratch_dirs => true })
+  end
+
+  role                  "nfs_client"
+  recipe                "package_set"
+
+  facet :webnode do
+    instances           6
+    role                "nginx"
+    role                "redis_client"
+    role                "mysql_client"
+    role                "elasticsearch_client"
+    role                "awesome_website"
+    role                "web_server"      # this triggers opening appropriate ports
+    # Rotate nodes among availability zones
+    azs = ['us-east-1d', 'us-east-1b', 'us-east-1c']
+    (0...instances).each do |idx|
+      server(idx).cloud.availability_zones [azs[ idx % azs.length ]]
+    end
+    # Rote nodes among A/B testing groups
+    (0..instances).each do |idx|
+      server(idx).chef_node.normal[:split_testing] = ( (idx % 2 == 0) ? 'A' : 'B' )
+    end
+  end
+
+  facet :dbnode do
+    instances           2
+    role                "mysql_server"
+    role                "redis_client"
+    # burly master, wussier slaves
+    cloud.flavor        "m1.large"
+    server(0) do
+      cloud.flavor      "c1.xlarge"
+    end
+
+    volume(:data) do
+      size          50
+      keep          true
+      device        '/dev/sdi'
+      mount_point   '/data/db'
+      mount_options 'defaults,nouuid,noatime'
+      fstype       'xfs'
+      snapshot_id   'snap-d9c1edb1'
+    end
+  end
+
+  facet :esnode do
+    instances           1
+    role                "nginx"
+    role                "redis_server"
+    role                "elasticsearch_data_esnode"
+    role                "elasticsearch_http_esnode"
+    #
+    cloud.flavor        "m1.large"
+  end
+end

data/config/client.rb

@@ -0,0 +1,59 @@
+require "ohai"
+require "json"
+
+#
+# Load configuration
+#
+
+def merge_safely hsh
+  hsh.merge!( yield ) rescue Mash.new
+end
+
+def create_file_if_empty(filename, str)
+  unless File.exists?(filename)
+    puts "Populating #{filename}" ;
+    File.open(filename, "w", 0600){|f| f.puts(str) }
+  end
+end
+
+def present?(config, key)
+  not config[key].to_s.empty?
+end
+
+# Start with a set of defaults
+chef_config = Mash.new
+
+# Extract client configuration from EC2 user-data
+OHAI_INFO = Ohai::System.new
+OHAI_INFO.all_plugins
+merge_safely(chef_config){ JSON.parse(OHAI_INFO[:ec2][:userdata]) }
+
+#
+# Configure chef run
+#
+
+log_level              :info
+log_location           STDOUT
+node_name              chef_config["node_name"]              if chef_config["node_name"]
+chef_server_url        chef_config["chef_server"]            if chef_config["chef_server"]
+validation_client_name chef_config["validation_client_name"] if chef_config["validation_client_name"]
+validation_key         "/etc/chef/validation.pem"
+client_key             "/etc/chef/client.pem"
+node_attrs_file        "/etc/chef/first-boot.json"
+
+# If the client file is missing, write the validation key out so chef-client can register
+unless File.exists?(client_key)
+  if    present?(chef_config, "client_key")     then create_file_if_empty(client_key,     chef_config["client_key"])
+  elsif present?(chef_config, "validation_key") then create_file_if_empty(validation_key, chef_config["validation_key"])
+  else  warn "Yikes -- I have no client key or validation key!!"
+  end
+end
+
+reduced_chef_config = chef_config.reject{|k,v| k.to_s =~ /(_key|run_list)$/ }
+unless File.exists?(node_attrs_file)
+  create_file_if_empty(node_attrs_file, JSON.pretty_generate(reduced_chef_config))
+end
+json_attribs node_attrs_file
+
+Chef::Log.debug(JSON.generate(chef_config))
+Chef::Log.info("=> chef client #{node_name} on #{chef_server_url} in cluster +#{chef_config["cluster_name"]}+")

data/lib/cluster_chef/chef_layer.rb

@@ -0,0 +1,297 @@
+#
+# OK so things get a little fishy here, and it's all Opscode's fault ;-)
+#
+# There's currently no API for setting ACLs. However, if the *client the
+# node will run as* is the *client that creates the node*, it is granted the
+# correct permissions.
+#
+# * client exists, node exists: don't need to do anything. We trust that permissions are correct.
+# * client absent, node exists: client created, node is fine. We trust that permissions are correct.
+# * client absent, node absent: client created, so have key; client creates node, so it has write permissions.
+# * client exists, node absent: FAIL.
+#
+# The current implementation persists the client keys locally to your
+# Chef::Config[:client_key_dir].  This is insecure and unmanageable; and the
+# node will shortly re-register the key, making it invalide anyway.
+#
+# If the client's private_key is empty/wrong and the node is absent, it will
+# cause an error. in that case, you can:
+#
+# * create the node yourself in the management console, and
+#   grant access to its eponymous client; OR
+# * nuke the client key from orbit (it's the only way to be sure) and re-run,
+#   taking all responsibility for the catastrophic results of an errant nuke; OR
+# * wait for opscode to open API access for ACLs.
+#
+#
+
+module ClusterChef
+  module DryRunnable
+    # Run given block unless in dry_run mode (ClusterChef.chef_config[:dry_run]
+    # is true)
+    def unless_dry_run
+      if ClusterChef.chef_config[:dry_run]
+        ui.info("      ... but not really (#{ui.color("dry run", :bold, :yellow)} for server #{name})")
+      else
+        yield
+      end
+    end
+  end
+
+  ComputeBuilder.class_eval do
+    def new_chef_role(role_name, cluster, facet=nil)
+      chef_role = Chef::Role.new
+      chef_role.name        role_name
+      chef_role.description "ClusterChef generated role for #{[cluster_name, facet_name].compact.join('-')}" unless chef_role.description
+      chef_role.instance_eval{ @cluster = cluster; @facet = facet; }
+      @chef_roles << chef_role
+      chef_role
+    end
+  end
+
+  ServerSlice.class_eval do
+    include DryRunnable
+    def sync_roles
+      step("  syncing cluster and facet roles")
+      unless_dry_run do
+        chef_roles.each(&:save)
+      end
+    end
+  end
+
+  #
+  # ClusterChef::Server methods that handle chef actions
+  #
+  Server.class_eval do
+    include DryRunnable
+
+    # The chef client, if it already exists in the server.
+    # Use the 'ensure' method to create/update it.
+    def chef_client
+      return @chef_client unless @chef_client.nil?
+      @chef_client = cluster.find_client(fullname) || false
+    end
+
+    # The chef node, if it already exists in the server.
+    # Use the 'ensure' method to create/update it.
+    def chef_node
+      return @chef_node unless @chef_node.nil?
+      @chef_node   = cluster.find_node(fullname) || false
+    end
+
+    # true if chef client is created and discovered
+    def chef_client?
+      chef_client.present?
+    end
+
+    # true if chef node is created and discovered
+    def chef_node?
+      chef_node.present?
+    end
+
+    def delete_chef
+      if chef_node   then
+        step("  deleting chef node", :red)
+        unless_dry_run do
+          chef_node.destroy
+        end
+        @chef_node   = nil
+      end
+      if chef_client
+        step("  deleting chef client", :red)
+        unless_dry_run do
+          chef_client.destroy
+        end
+        @chef_client = nil
+      end
+    end
+
+    # creates or updates the chef node.
+    #
+    # FIXME: !! this currently doesn't do the right thing for modifications to the
+    #           chef node. !!
+    #
+    # See notes at top of file for why all this jiggery-fuckery
+    #
+    # * client exists, node exists: assume client can update, weep later when
+    #   the initial chef run fails. Not much we can do here -- holler at opscode.
+    # * client exists, node absent: see if client can create, fail otherwise
+    # * client absent, node absent: see if client can create both, fail otherwise
+    # * client absent, node exists: fail (we can't get permissions)
+    def sync_chef_node
+      step("  syncing chef node using the server's key")
+      # force-fetch the node so that we have its full attributes (the discovery
+      # does not pull all of it back)
+      @chef_node = handle_chef_response('404'){ Chef::Node.load( fullname ) }
+      # sets @chef_client if it exists
+      chef_client
+      #
+      case
+      when    @chef_client  &&    @chef_node  then _update_chef_node # this will fail later if the chef client is in a bad state but whaddayagonnado
+      when    @chef_client  && (! @chef_node) then _create_chef_node
+      when (! @chef_client) && (! @chef_node) then # create both
+        ensure_chef_client
+        _create_chef_node
+      when (! @chef_client) &&    @chef_node
+        raise("The #{fullname} node exists, but its client does not.\nDue to limitations in the Opscode API, if we create a client, it will lack write permissions to the node. Small sadness now avoids much sadness later\nYou must either create a client manually, fix its permissions in the Chef console, and drop its client key where we can find it; or (if you are aware of the consequences) do \nknife node delete #{fullname}")
+      end
+      @chef_node
+    end
+
+    def client_key
+      @client_key ||= ClusterChef::ChefClientKey.new("client-#{fullname}", chef_client) do |body|
+        chef_client.private_key(body) if chef_client.present? && body.present?
+        cloud.user_data(:client_key => body)
+      end
+    end
+
+    def chef_client_script_content
+      return @chef_client_script_content if @chef_client_script_content
+      return unless cloud.chef_client_script
+      script_filename = File.expand_path("../../config/#{cloud.chef_client_script}", File.dirname(__FILE__))
+      @chef_client_script_content = safely{ File.read(script_filename) }
+    end
+
+  protected
+
+    # Create the chef client on the server. Do not call this directly -- go
+    # through sync_chef_node.
+    #
+    # this is done as the eponymous client, ensuring that the client does in
+    # fact have permissions on the node
+    #
+    # preconditions: @chef_node is set
+    def _create_chef_node(&block)
+      step("  creating chef node", :green)
+      @chef_node = Chef::Node.new
+      @chef_node.name(fullname)
+      set_chef_node_attributes
+      set_chef_node_environment
+      sync_volume_attributes
+      unless_dry_run do
+        chef_api_server_as_client.post_rest('nodes', @chef_node)
+      end
+    end
+
+    # Update the chef client on the server. Do not call this directly -- go
+    # through create_or_update_chef_node.
+    #
+    # this is done as the eponymous client, ensuring that the client does in
+    # fact have permissions on the node.
+    #
+    # preconditions: @chef_node is set
+    def _update_chef_node
+      step("  updating chef node", :blue)
+      set_chef_node_attributes
+      set_chef_node_environment
+      sync_volume_attributes
+      unless_dry_run do
+        chef_api_server_as_admin.put_rest("nodes/#{@chef_node.name}", @chef_node)
+      end
+    end
+
+
+    def sync_volume_attributes
+      composite_volumes.each do |vol_name, vol|
+        chef_node.normal[:volumes] ||= Mash.new
+        chef_node.normal[:volumes][vol_name] = vol.to_mash.compact
+      end
+    end
+
+    def set_chef_node_attributes
+      step("  setting node runlist and essential attributes")
+      @chef_node.run_list = Chef::RunList.new(*@settings[:run_list])
+      @chef_node.override[:cluster_name] = cluster_name
+      @chef_node.override[:facet_name]   = facet_name
+      @chef_node.override[:facet_index]  = facet_index
+    end
+
+    def set_chef_node_environment
+      @chef_node.chef_environment(environment.to_s)
+    end
+
+    #
+    # Don't call this directly -- only through ensure_chef_node_and_client
+    #
+    def ensure_chef_client
+      step("  ensuring chef client exists")
+      return @chef_client if chef_client
+      step( "    creating chef client", :green)
+      @chef_client = Chef::ApiClient.new
+      @chef_client.name(fullname)
+      @chef_client.admin(false)
+      #
+      # ApiClient#create sends extra params that fail -- we'll do it ourselves
+      # purposefully *not* catching the 'but it already exists' error: if it
+      # didn't show up in the discovery process, we're in an inconsistent state
+      unless_dry_run do
+        response = chef_api_server_as_admin.post_rest("clients", { 'name' => fullname, 'admin' => false, 'private_key' => true })
+        client_key.body = response['private_key']
+      end
+      client_key.save
+      @chef_client
+    end
+
+    def chef_api_server_as_client
+      return @chef_api_server_as_client if @chef_api_server_as_client
+      unless File.exists?(client_key.filename)
+        raise("Cannot create chef node #{fullname} -- client #{@chef_client} exists but no client key found in #{client_key.filename}.")
+      end
+      @chef_api_server_as_client = Chef::REST.new(Chef::Config[:chef_server_url], fullname, client_key.filename)
+    end
+
+    def chef_api_server_as_admin
+      @chef_api_server_as_admin ||= Chef::REST.new(Chef::Config[:chef_server_url])
+    end
+
+    # Execute the given chef call, but don't explode if the given http status
+    # code comes back
+    #
+    # @return chef object, or false if the server returned a recoverable response
+    def handle_chef_response(recoverable_responses, &block)
+      begin
+        block.call
+      rescue Net::HTTPServerException => e
+        raise unless Array(recoverable_responses).include?(e.response.code)
+        Chef::Log.debug("Swallowing a #{e.response.code} response in #{self.fullname}: #{e}")
+        return false
+      end
+    end
+
+    #
+    # The below *was* present but was pulled from the API by opscode for some reason (2011/10/20)
+    #
+
+    # # The client is required to have these permissions on its eponymous node
+    # REQUIRED_PERMISSIONS = %w[read create update]
+    #
+    # #
+    # # Verify that the client has required _acl's on the node.
+    # #
+    # # We don't raise an error, just a very noisy warning.
+    # #
+    # def check_node_permissions
+    #   step("  ensuring chef node permissions are correct")
+    #   chef_server_rest = Chef::REST.new(Chef::Config[:chef_server_url])
+    #   handle_chef_response('404') do
+    #     perms = chef_server_rest.get_rest("nodes/#{fullname}/_acl")
+    #     perms_valid = {}
+    #     REQUIRED_PERMISSIONS.each{|perm| perms_valid[perm] = perms[perm] && perms[perm]['actors'].include?(fullname) }
+    #     Chef::Log.debug("Checking permissions: #{perms_valid.inspect} -- #{ perms_valid.values.all? ? 'correct' : 'BADNESS' }")
+    #     unless perms_valid.values.all?
+    #       ui.info(" ************************ ")
+    #       ui.info(" ")
+    #       ui.info(" INCONSISTENT PERMISSIONS for node #{fullname}:")
+    #       ui.info("   The client[#{fullname}] should have permissions for #{REQUIRED_PERMISSIONS.join(', ')}")
+    #       ui.info("   Instead, they are #{perms_valid.inspect}")
+    #       ui.info("   You should create the node #{fullname} as client[#{fullname}], not as yourself.")
+    #       ui.info(" ")
+    #       ui.info("   Please adjust the permissions on the Opscode console, at")
+    #       ui.info("     https://manage.opscode.com/nodes/#{fullname}/_acl")
+    #       ui.info(" ")
+    #       ui.info(" ************************ ")
+    #     end
+    #   end
+    # end
+  end
+end