elecksee 1.0.0

data/lib/elecksee/vendor/lxc/providers/container.rb

@@ -0,0 +1,318 @@
+def load_current_resource
+  @lxc = ::Lxc.new(
+    new_resource.name,
+    :base_dir => node[:lxc][:container_directory],
+    :dnsmasq_lease_file => node[:lxc][:dnsmasq_lease_file]
+  )
+  new_resource.subresources.map! do |s_r|
+    s_r.first.run_context = run_context
+    s_r.first.instance_eval(&s_r.last)
+    s_r.first
+  end
+  
+  # TODO: Use some actual logic here, sheesh
+  if(new_resource.static_ip && new_resource.static_gateway.nil?)
+    raise "Static gateway must be defined when static IP is provided (Container: #{new_resource.name})"
+  end
+  new_resource.default_bridge node[:lxc][:bridge] unless new_resource.default_bridge
+  node.run_state[:lxc] ||= Mash.new
+  node.run_state[:lxc][:meta] ||= Mash.new
+  node.run_state[:lxc][:meta][new_resource.name] = Mash.new(
+    :new_container => !@lxc.exists?,
+    :lxc => @lxc
+  )
+end
+
+action :create do
+  _lxc = @lxc # for use inside resources
+  stopped_end_state = _lxc.stopped?
+
+  #### Add custom key for host based interactions
+  directory '/opt/hw-lxc-config' do
+    recursive true
+  end
+
+  execute 'lxc host_ssh_key' do
+    command "ssh-keygen -P '' -f /opt/hw-lxc-config/id_rsa"
+    creates '/opt/hw-lxc-config/id_rsa'
+  end
+
+  #### Create container
+  lxc new_resource.name do
+    if(new_resource.clone)
+      action :clone
+      base_container new_resource.clone
+    else
+      action :create
+      template new_resource.template
+      template_opts new_resource.template_opts
+    end
+  end
+
+  #### Create container configuration bits
+  if(new_resource.default_config)
+    lxc_config new_resource.name do
+      action :create
+      default_bridge new_resource.default_bridge
+    end
+  end
+
+  if(new_resource.default_fstab)
+    lxc_fstab "proc[#{new_resource.name}]" do
+      container new_resource.name
+      file_system 'proc'
+      mount_point 'proc'
+      type 'proc'
+      options %w(nodev noexec nosuid)
+    end
+
+    lxc_fstab "sysfs[#{new_resource.name}]" do
+      container new_resource.name
+      file_system 'sysfs'
+      mount_point 'sys'
+      type 'sysfs'
+      options 'default'
+    end
+  end
+
+  if(new_resource.static_ip)
+    lxc_interface "eth0[#{new_resource.name}]" do
+      container new_resource.name
+      device 'eth0'
+      address new_resource.static_ip
+      netmask new_resource.static_netmask
+      gateway new_resource.static_gateway
+    end
+  end
+
+  ruby_block "LXC #{new_resource.name} - Run subresources" do
+    block do
+      new_resource.subresources.each do |s_r|
+        s_r.run_action(:create)
+      end
+    end
+    not_if do
+      new_resource.subresources.empty?
+    end
+  end
+
+  template @lxc.path.join('fstab').to_path do
+    source 'fstab.erb'
+    cookbook 'lxc'
+    variables :container => new_resource.name
+    only_if do
+      node.run_state[:lxc][:fstabs] &&
+        node.run_state[:lxc][:fstabs][new_resource.name]
+    end
+    mode 0644
+  end
+
+  template @lxc.rootfs.join('etc/network/interfaces').to_path do
+    source 'interface.erb'
+    cookbook 'lxc'
+    variables :container => new_resource.name
+    mode 0644
+    only_if do
+      node.run_state[:lxc][:interfaces] &&
+        node.run_state[:lxc][:interfaces][new_resource.name]
+    end
+  end
+
+  #### Ensure host has ssh access into container
+  directory @lxc.rootfs.join('root/.ssh').to_path
+
+  template @lxc.rootfs.join('root/.ssh/authorized_keys').to_path do
+    source 'file_content.erb'
+    cookbook 'lxc'
+    mode 0600
+    variables(:path => '/opt/hw-lxc-config/id_rsa.pub')
+  end
+
+  #### Use cached chef package from host if available
+  if(%w(debian ubuntu).include?(new_resource.template) && system('ls /opt/chef*.deb 2>1 > /dev/null'))
+    if(::File.directory?('/opt'))
+      file_name = Dir.new('/opt').detect do |item| 
+        item.start_with?('chef') && item.end_with?('.deb')
+      end
+    end
+    
+    execute "lxc copy_chef_full[#{new_resource.name}]" do
+      command "cp /opt/#{file_name} #{_lxc.rootfs.join('opt')}"
+      not_if do
+        file_name.nil? || !new_resource.chef_enabled || _lxc.rootfs.join('opt', file_name).exist?
+      end
+    end
+        
+    execute "lxc install_chef_full[#{new_resource.name}]" do
+      action :nothing
+      command "chroot #{_lxc.rootfs} dpkg -i #{::File.join('/opt', file_name)}"
+      subscribes :run, "execute[lxc copy_chef_full[#{new_resource.name}]]", :immediately
+    end
+  elsif(new_resource.chef_enabled)
+    pkg_coms = ['update -y -q', 'upgrade -y -q','install curl -y -q']
+    if(!new_resource.template.to_s.scan(%r{debian|ubuntu}).empty?)
+      pkg_man = 'apt-get'
+    elsif(!new_resource.template.to_s.scan(%r{fedora|centos}).empty?)
+      pkg_man = 'yum'
+    end
+    if(pkg_man)
+      new_resource.initialize_commands(
+        pkg_coms.map do |c|
+          "#{pkg_man} #{c}"
+        end + new_resource.initialize_commands
+      )
+    end
+  end
+
+  ruby_block "lxc start[#{new_resource.name}]" do
+    block do
+      _lxc.start
+    end
+    only_if do
+      _lxc.rootfs.join('etc/chef/first_run.json').exist? ||
+        !new_resource.container_commands.empty? ||
+        (node.run_state[:lxc][:meta][new_resource.name][:new_container] && new_resource.initialize_commands)
+    end
+  end
+    
+  #### Have initialize commands for the container? Run them now
+  ruby_block "lxc initialize_commands[#{new_resource.name}]" do
+    block do
+      new_resource.initialize_commands.each do |cmd|
+        Chef::Log.info "Running command on #{new_resource.name}: #{cmd}"
+        _lxc.container_command(cmd, 2)
+      end
+    end
+    only_if do
+      node.run_state[:lxc][:meta][new_resource.name][:new_container] &&
+        !new_resource.initialize_commands.empty?
+    end
+  end
+
+  # Make sure we have chef in the container
+  remote_file "lxc chef_install_script[#{new_resource.name}]" do
+    source "http://opscode.com/chef/install.sh"
+    path _lxc.rootfs.join('opt/chef-install.sh').to_path
+    action :create_if_missing
+    only_if do
+      new_resource.chef_enabled && !_lxc.rootfs.join('usr/bin/chef-client').exist?
+    end
+  end
+
+  ruby_block "lxc install_chef[#{new_resource.name}]" do
+    block do
+      _lxc.container_command('bash /opt/chef-install.sh')
+    end
+    action :create
+    only_if do
+      new_resource.chef_enabled &&
+        !_lxc.rootfs.join('usr/bin/chef-client').exist? &&
+        _lxc.rootfs.join('opt/chef-install.sh').exist?
+    end
+  end
+
+  #### Setup chef related bits within container
+  directory @lxc.rootfs.join('etc/chef').to_path do
+    action :create
+    mode 0755
+    only_if{ new_resource.chef_enabled }
+  end
+
+  template "lxc chef-config[#{new_resource.name}]" do
+    source 'client.rb.erb'
+    cookbook 'lxc'
+    path _lxc.rootfs.join('etc/chef/client.rb').to_path
+    variables(
+      :validation_client => new_resource.validation_client || Chef::Config[:validation_client_name],
+      :node_name => new_resource.node_name || "#{node.name}-#{new_resource.name}",
+      :server_uri => new_resource.server_uri || Chef::Config[:chef_server_url],
+      :chef_environment => new_resource.chef_environment || '_default'
+    )
+    mode 0644
+    only_if{ new_resource.chef_enabled }
+  end
+
+  file "lxc chef-validator[#{new_resource.name}]" do
+    path _lxc.rootfs.join('etc/chef/validator.pem').to_path
+    content new_resource.validator_pem || node[:lxc][:validator_pem]
+    mode 0600
+    only_if{ new_resource.chef_enabled && !_lxc.rootfs.join('etc/chef/client.pem').exist? }
+  end
+
+  file "lxc chef-runlist[#{new_resource.name}]" do
+    path _lxc.rootfs.join('etc/chef/first_run.json').to_path
+    content({:run_list => new_resource.run_list}.to_json)
+    only_if do
+      new_resource.chef_enabled && !_lxc.rootfs.join('etc/chef/client.pem').exist?
+    end
+    mode 0644
+  end
+
+  file "lxc chef-data-bag-secret[#{new_resource.name}]" do
+    path _lxc.rootfs.join('etc/chef/encrypted_data_bag_secret').to_path
+    content(
+      ::File.exists?(new_resource.data_bag_secret_file) ? ::File.open(new_resource.data_bag_secret_file, "rb").read : ''
+    )
+    mode 0600
+    only_if do
+      new_resource.chef_enabled &&
+      new_resource.copy_data_bag_secret_file &&
+        ::File.exists?(new_resource.copy_data_bag_secret_file)
+    end
+  end
+  
+  #### Let chef configure the container
+  # NOTE: We run chef-client if the validator.pem exists and the
+  # client.pem file does not exist.
+  ruby_block "lxc run_chef[#{new_resource.name}]" do
+    block do
+      cmd = 'chef-client -K /etc/chef/validator.pem -c /etc/chef/client.rb -j /etc/chef/first_run.json'
+      Chef::Log.info "Running command on #{new_resource.name}: #{cmd}"      
+      _lxc.container_command(cmd, new_resource.chef_retries)
+    end
+    only_if do
+      new_resource.chef_enabled &&
+        _lxc.rootfs.join('etc/chef/validator.pem').exist? &&
+        !_lxc.rootfs.join('etc/chef/client.pem').exist?
+    end
+  end
+
+  #### Have commands for the container? Run them now
+  ruby_block "lxc container_commands[#{new_resource.name}]" do
+    block do
+      new_resource.container_commands.each do |cmd|
+        _lxc.container_command(cmd, 2)
+      end
+    end
+    not_if do
+      new_resource.container_commands.empty?
+    end
+  end
+
+  # NOTE: If the container was not running before we started, make
+  # sure we leave it in a stopped state
+  ruby_block "lxc shutdown[#{new_resource.name}]" do
+    block do
+      _lxc.shutdown
+    end
+    only_if do
+      stopped_end_state && _lxc.running?
+    end
+  end
+  
+  #### Clean up after chef if it's enabled
+  file @lxc.rootfs.join('etc/chef/first_run.json').to_path do
+    action :delete
+  end
+
+  file @lxc.rootfs.join('etc/chef/validator.pem').to_path do
+    action :delete
+  end
+    
+end
+
+action :delete do
+  lxc new_resource.name do
+    action :delete
+  end
+end

data/lib/elecksee/vendor/lxc/providers/default.rb

@@ -0,0 +1,57 @@
+def load_current_resource
+  @lxc = ::Lxc.new(
+    new_resource.name,
+    :base_dir => node[:lxc][:container_directory],
+    :dnsmasq_lease_file => node[:lxc][:dnsmasq_lease_file]
+  )
+end
+
+action :create do
+  _lxc = @lxc
+  execute "LXC Create: #{new_resource.name}" do
+    command "lxc-create -n #{new_resource.name} -t #{new_resource.template} -- #{new_resource.template_opts.to_a.flatten.join(' ')}"
+    only_if do
+      !_lxc.exists? && new_resource.updated_by_last_action(true)
+    end
+  end
+end
+
+action :clone do
+  _lxc = @lxc
+  _base_lxc = ::Lxc.new(
+    new_resource.base_container,
+    :base_dir => node[:lxc][:container_directory],
+    :dnsmasq_lease_file => node[:lxc][:dnsmasq_lease_file]
+  )
+
+  unless(_base_lxc.exists?)
+    raise "LXC clone failed! Base container #{new_resource.base_container} does not exist. Cannot create #{new_resource.name}"
+  end
+  
+  execute "LXC Clone: #{new_resource.base_container} -> #{new_resource.name}" do
+    command "lxc-clone -o #{new_resource.base_container} -n #{new_resource.name}"
+    only_if do
+      !_lxc.exists? && new_resource.updated_by_last_action(true)
+    end
+  end
+
+end
+
+action :delete do
+  _lxc = @lxc
+  ruby_block "Stop container #{new_resource.name}" do
+    block do
+      _lxc.shutdown
+    end
+    only_if do
+      _lxc.exists? && _lxc.running?
+    end
+  end
+
+  execute "Destroy container #{new_resource.name}" do
+    command "lxc-destroy #{new_resource.name}"
+    only_if do
+      _lxc.exists?
+    end
+  end
+end

data/lib/elecksee/vendor/lxc/providers/ephemeral.rb

@@ -0,0 +1,40 @@
+use_inline_resources if self.respond_to?(:use_inline_resources)
+
+def load_current_resource
+  @lxc = ::Lxc.new(
+    new_resource.base_container,
+    :base_dir => node[:lxc][:container_directory],
+    :dnsmasq_lease_file => node[:lxc][:dnsmasq_lease_file]
+  )
+  unless(@lxc.exists?)
+    raise "Requested base contianer: #{new_resource.base_container} does not exist"
+  end
+  @start_script = node[:lxc][:awesome_ephemerals] ? '/usr/local/bin/lxc-awesome-ephemeral' : 'lxc-ephemeral-start'
+  unless(node[:lxc][:awesome_ephemerals])
+    %w(host_rootfs virtual_device).each do |key|
+      if(resource.send(key))
+        raise "#{key} lxc ephemeral attribute only valid when awesome_ephemerals is true!"
+      end
+    end
+  end
+end
+
+action :run do
+  com = [@start_script]
+  com << "-o #{new_resource.base_container}"
+  com << "-b #{new_resource.bind_directory}" if new_resource.bind_directory
+  com << "-U #{new_resource.union_type}"
+  com << "-u #{new_resource.user}"
+  com << "-S #{new_resource.key}"
+  com << "-z #{new_resource.host_rootfs}" if new_resource.host_rootfs
+  com << "-D #{new_resource.virtual_device}" if new_resource.virtual_device 
+  if(new_resource.background)
+    Chef::Log.warn("Ephemeral container will be backgrounded: #{new_resource.name}")
+    com << '-d'
+  end
+  com << "\"#{new_resource.command}\"" # TODO: fix this to be proper
+  execute "LXC ephemeral: #{new_resource.name}" do
+    command com.join(' ')
+    stream_output new_resource.stream_output
+  end
+end

data/lib/elecksee/vendor/lxc/providers/fstab.rb

@@ -0,0 +1,30 @@
+def load_current_resource
+  if(new_resource.auto_join_rootfs_mount)
+    new_resource.mount_point(
+      ::Lxc.new(new_resource.container).rootfs.join(
+        new_resource.mount_point
+      ).to_path
+    )
+  end
+  node.run_state[:lxc] ||= Mash.new
+  node.run_state[:lxc][:fstabs] ||= Mash.new
+  node.run_state[:lxc][:fstabs][new_resource.container] ||= []
+end
+
+action :create do
+
+  line = "#{new_resource.file_system}\t#{new_resource.mount_point}\t" <<
+    "#{new_resource.type}\t#{Array(new_resource.options).join(',')}\t" <<
+    "#{new_resource.dump}\t#{new_resource.pass}"
+
+  if(new_resource.create_mount_point)
+    directory new_resource.mount_point do
+      recursive true
+    end
+  end
+  
+  unless(node.run_state[:lxc][:fstabs][new_resource.container].include?(line))
+    node.run_state[:lxc][:fstabs][new_resource.container] << line
+  end
+
+end

data/lib/elecksee/vendor/lxc/providers/interface.rb

@@ -0,0 +1,45 @@
+def load_current_resource
+  @lxc = ::Lxc.new(
+    new_resource.container,
+    :base_dir => node[:lxc][:container_directory],
+    :dnsmasq_lease_file => node[:lxc][:dnsmasq_lease_file]
+  )
+  @loaded ||= {}
+  # value checks
+  unless(new_resource.dynamic)
+    %w(address netmask).each do |key|
+      raise "#{key} is required for static interfaces" if new_resource.send(key).nil?
+    end
+  end
+  node.run_state[:lxc] ||= Mash.new
+  node.run_state[:lxc][:interfaces] ||= Mash.new
+  node.run_state[:lxc][:interfaces][new_resource.container] ||= []
+end
+
+action :create do
+  raise 'Device is required for creating an LXC interface!' unless new_resource.device
+  
+  unless(@loaded[new_resource.container])
+    @loaded[new_resource.container] = true
+  end
+
+  net_set = Mash.new(:device => new_resource.device)
+  if(new_resource.dynamic)
+    net_set[:dynamic] = true
+  else
+    net_set[:auto] = new_resource.auto
+    net_set[:address] = new_resource.address
+    net_set[:gateway] = new_resource.gateway
+    net_set[:netmask] = new_resource.netmask
+    net_set[:up] = new_resource.up if new_resource.up
+    net_set[:down] = new_resource.down if new_resource.down
+    net_set[:ipv6] = new_resource.ipv6
+  end
+
+  node.run_state[:lxc][:interfaces][new_resource.container] << net_set
+end
+
+action :delete do
+  # do nothing, simply not provided to run_state, and thus implicitly
+  # deleted
+end

data/lib/elecksee/vendor/lxc/providers/service.rb

@@ -0,0 +1,53 @@
+def load_current_resource
+  @lxc = ::Lxc.new(
+    new_resource.name,
+    :base_dir => node[:lxc][:container_directory],
+    :dnsmasq_lease_file => node[:lxc][:dnsmasq_lease_file]
+  )
+  if(new_resource.service_name.to_s.empty?)
+    new_resource.service_name new_resource.name
+  end
+end
+
+action :start do
+  if(@lxc.stopped?)
+    @lxc.start
+    new_resource.updated_by_last_action(true)
+  end
+end
+
+action :halt do
+  if(@lxc.running?)
+    @lxc.stop
+    new_resource.updated_by_last_action(true)
+  end
+end
+
+action :restart do
+  if(@lxc.running?)
+    @lxc.shutdown
+  end
+  @lxc.start
+  new_resource.updated_by_last_action(true)
+end
+
+action :stop do
+  if(@lxc.running?)
+    @lxc.stop
+    new_resource.updated_by_last_action(true)
+  end
+end
+
+action :freeze do
+  if(@lxc.running?)
+    @lxc.freeze
+    new_resource.updated_by_last_action(true)
+  end
+end
+
+action :unfreeze do
+  if(@lxc.frozen?)
+    @lxc.unfreeze
+    new_resource.updated_by_last_action(true)
+  end
+end

data/lib/elecksee/vendor/lxc/recipes/containers.rb

@@ -0,0 +1,13 @@
+# create the containers defined in the ['lxc']['containers'] hash
+
+include_recipe "lxc"
+
+node['lxc']['containers'].each do | name, container |
+  Chef::Log.info "Creating LXC container name:#{name}"
+  lxc_container name do
+    container.each do |meth, param|
+      self.send(meth, param)
+    end
+    action :create unless container.has_key?(:action)
+  end
+end

data/lib/elecksee/vendor/lxc/recipes/default.rb

@@ -0,0 +1,58 @@
+# install the server dependencies to run lxc
+node[:lxc][:packages].each do |lxcpkg|
+  package lxcpkg
+end
+
+include_recipe 'lxc::install_dependencies'
+
+directory '/usr/local/bin' do
+  recursive true
+end
+
+cookbook_file '/usr/local/bin/lxc-awesome-ephemeral' do
+  source 'lxc-awesome-ephemeral'
+  mode 0755
+end
+
+#if the server uses the apt::cacher-client recipe, re-use it
+unless Chef::Config[:solo]
+  if File.exists?('/etc/apt/apt.conf.d/01proxy')
+    query = 'recipes:apt\:\:cacher-ng'
+    query += " AND chef_environment:#{node.chef_environment}" if node['apt']['cacher-client']['restrict_environment']
+    Chef::Log.debug("apt::cacher-client searching for '#{query}'")
+    servers = search(:node, query)
+    if servers.length > 0
+      Chef::Log.info("apt-cacher-ng server found on #{servers[0]}.")
+      node.default[:lxc][:mirror] = "http://#{servers[0]['ipaddress']}:3142/archive.ubuntu.com/ubuntu"
+    end
+  end
+end
+
+template '/etc/default/lxc' do
+  source 'default-lxc.erb'
+  mode 0644
+  variables(
+    :config => {
+      :lxc_auto => node[:lxc][:auto_start],
+      :use_lxc_bridge => node[:lxc][:use_bridge],
+      :lxc_bridge => node[:lxc][:bridge],
+      :lxc_addr => node[:lxc][:addr],
+      :lxc_netmask => node[:lxc][:netmask],
+      :lxc_network => node[:lxc][:network],
+      :lxc_dhcp_range => node[:lxc][:dhcp_range],
+      :lxc_dhcp_max => node[:lxc][:dhcp_max],
+      :lxc_shutdown_timeout => node[:lxc][:shutdown_timeout],
+      :mirror => node[:lxc][:mirror]
+    }
+  )
+end
+
+# this just reloads the dnsmasq rules when the template is adjusted
+service 'lxc-net' do
+  action [:enable]
+  subscribes :restart, resources("template[/etc/default/lxc]"), :immediately
+end
+
+service 'lxc' do
+  action [:enable, :start]
+end

data/lib/elecksee/vendor/lxc/recipes/install_dependencies.rb

@@ -0,0 +1,15 @@
+# Fedora allowed? Needs yum and curl to download packages
+if node[:lxc][:allowed_types].include?('fedora')
+  ['yum', 'curl'].each do |pkg|
+    package pkg
+  end
+end
+
+# OpenSuse allowed? Needs zypper (no package available yet!)
+# package 'zypper' if node[:lxc][:allowed_types].include?('opensuse')
+raise 'OpenSuse not currently supported' if node[:lxc][:allowed_types].include?('opensuse')
+
+#store a copy of the Omnibus installer for use by the lxc containers
+if(node[:omnibus_updater] && node[:omnibus_updater][:cache_omnibus_installer])
+  include_recipe 'omnibus_updater::deb_downloader'
+end

data/lib/elecksee/vendor/lxc/recipes/knife.rb

@@ -0,0 +1,37 @@
+include_recipe 'lxc'
+
+# This shuts down the default lxcbr0
+node[:lxc][:use_bridge] = false
+service 'lxc' do
+  action :stop
+end
+
+directory '/etc/knife-lxc' do
+  action :create
+  mode 0755
+end
+
+file '/etc/knife-lxc/config.json' do
+  mode 0644
+  content(
+    JSON.pretty_generate(
+      :addresses => {
+        :static => node[:lxc][:knife][:static_ips],
+        :range => node[:lxc][:knife][:static_range]
+      }
+    )
+  )
+end
+
+cookbook_file '/usr/local/bin/knife_lxc' do
+  source 'knife_lxc'
+  mode 0755
+end
+
+node[:lxc][:allowed_types].each do |type|
+  lxc_container "#{type}_base" do
+    template type
+    chef_enabled false
+    action :create
+  end
+end

data/lib/elecksee/vendor/lxc/resources/config.rb

@@ -0,0 +1,19 @@
+actions :create, :delete
+default_action :create
+
+attribute :utsname, :kind_of => String, :default => nil # defaults to resource name
+attribute :aa_profile, :kind_of => String, :default => nil # platform specific?
+attribute :network, :kind_of => [Array, Hash]
+attribute :default_bridge, :kind_of => String
+attribute :static_ip, :kind_of => String
+attribute :pts, :kind_of => Numeric, :default => 1024
+attribute :tty, :kind_of => Numeric, :default => 4
+attribute :arch, :kind_of => String, :default => 'amd64'
+attribute :devttydir, :kind_of => String, :default => 'lxc'
+attribute :cgroup, :kind_of => Hash, :default => Mash.new
+attribute :cap_drop, :kind_of => [String, Array], :default => %w(sys_module mac_admin)
+attribute :mount, :kind_of => String
+attribute :mount_entry, :kind_of => String
+attribute :rootfs, :kind_of => [String,Pathname]
+attribute :rootfs_mount, :kind_of => String
+attribute :pivotdir, :kind_of => String