hybrid_platforms_conductor 32.13.0 → 32.14.0

data/examples/tutorial/05_extend_with_plugins/my_hpc_plugins/lib/my_hpc_plugins/hpc_plugins/platform_handler/json_bash.rb

@@ -0,0 +1,115 @@
+require 'json'
+require 'hybrid_platforms_conductor/platform_handler'
+
+module MyHpcPlugins
+
+  module HpcPlugins
+
+    module PlatformHandler
+
+      # A nice platform handler to handle platforms of our team, using json inventory and bash scripts.
+      class JsonBash < HybridPlatformsConductor::PlatformHandler
+
+        # Get the list of known nodes.
+        # [API] - This method is mandatory.
+        #
+        # Result::
+        # * Array<String>: List of node names
+        def known_nodes
+          # This method is used to get the list of nodes that are handled by the platform
+          # In our case we read our json file to get this information, and use just the first part of the hostname as the node's name.
+          JSON.parse(File.read("#{repository_path}/hosts.json")).keys.map { |hostname| hostname.split('.').first }
+        end
+
+        # Get the metadata of a given node.
+        # [API] - This method is mandatory.
+        #
+        # Parameters::
+        # * *node* (String): Node to read metadata from
+        # Result::
+        # * Hash<Symbol,Object>: The corresponding metadata
+        def metadata_for(node)
+          # All nodes handled by this platform are running a debian buster image and we derive their name from their hostname.
+          {
+            hostname: "#{node}.hpc_tutorial.org",
+            image: 'debian_10'
+          }
+        end
+
+        # Return the services for a given node
+        # [API] - This method is mandatory.
+        #
+        # Parameters::
+        # * *node* (String): node to read configuration from
+        # Result::
+        # * Array<String>: The corresponding services
+        def services_for(node)
+          # This info is taken from our JSON inventory file
+          [JSON.parse(File.read("#{repository_path}/hosts.json"))["#{node}.hpc_tutorial.org"]]
+        end
+
+        # Get the list of services we can deploy
+        # [API] - This method is mandatory.
+        #
+        # Result::
+        # * Array<String>: The corresponding services
+        def deployable_services
+          # This info is taken by listing existing bash scripts
+          Dir.glob("#{repository_path}/install-*.bash").map { |file| File.basename(file).match(/install-(.*)\.bash/)[1] }
+        end
+
+        # Get the list of actions to perform to deploy on a given node.
+        # Those actions can be executed in parallel with other deployments on other nodes. They must be thread safe.
+        # [API] - This method is mandatory.
+        # [API] - @cmd_runner is accessible.
+        # [API] - @actions_executor is accessible.
+        #
+        # Parameters::
+        # * *node* (String): Node to deploy on
+        # * *service* (String): Service to be deployed
+        # * *use_why_run* (Boolean): Do we use a why-run mode? [default = true]
+        # Result::
+        # * Array< Hash<Symbol,Object> >: List of actions to be done
+        def actions_to_deploy_on(node, service, use_why_run: true)
+          # This method returns all the actions to execute to deploy on a node.
+          # The use_why_run switch is on if the deployment should just be simulated.
+          # Those actions (bash commands, scp of files, ruby code...) should be thread safe as they can be executed in parallel with other deployment actions for other nodes in case of a concurrent deployment on several nodes.
+          # In our case it's very simple: we just call our bash script on the node's hostname.
+          [{ bash: "#{repository_path}/install-#{service}.bash #{@nodes_handler.get_hostname_of(node)} #{use_why_run ? 'check' : ''}" }]
+        end
+
+        # Parse stdout and stderr of a given deploy run and get the list of tasks with their status
+        # [API] - This method is mandatory.
+        #
+        # Parameters::
+        # * *stdout* (String): stdout to be parsed
+        # * *stderr* (String): stderr to be parsed
+        # Result::
+        # * Array< Hash<Symbol,Object> >: List of task properties. The following properties should be returned, among free ones:
+        #   * *name* (String): Task name
+        #   * *status* (Symbol): Task status. Should be one of:
+        #     * *:changed*: The task has been changed
+        #     * *:identical*: The task has not been changed
+        #   * *diffs* (String): Differences, if any
+        def parse_deploy_output(stdout, stderr)
+          # In our case our bash scripts return the last line as a status, so use it.
+          [{
+            name: 'Install tool',
+            status:
+              case stdout.split("\n").last
+              when 'OK'
+                :identical
+              else
+                :changed
+              end,
+            diffs: stdout
+          }]
+        end
+
+      end
+
+    end
+
+  end
+
+end

data/examples/tutorial/05_extend_with_plugins/my_hpc_plugins/lib/my_hpc_plugins/hpc_plugins/report/web_report.rb

@@ -0,0 +1,52 @@
+require 'hybrid_platforms_conductor/report'
+
+module MyHpcPlugins
+
+  module HpcPlugins
+
+    module Report
+
+      # Publish reports to our web reporting tool
+      class WebReport < HybridPlatformsConductor::Report
+
+        # Give the list of supported locales by this report generator
+        # [API] - This method is mandatory.
+        #
+        # Result::
+        # * Array<Symbol>: List of supported locales
+        def self.supported_locales
+          # This method has to publish the list of translations it accepts.
+          [:en]
+        end
+
+        # Create a report for a list of nodes, in a given locale
+        # [API] - This method is mandatory.
+        #
+        # Parameters::
+        # * *nodes* (Array<String>): List of nodes
+        # * *locale_code* (Symbol): The locale code
+        def report_for(nodes, locale_code)
+          # This method simply provides a report for a given list of nodes in the desired locale.
+          # The locale will be one of the supported ones.
+          # Generate the report in a file to be uploaded on web10.
+          File.write(
+            '/tmp/web_report.txt',
+            @platforms_handler.known_platforms.map do |platform|
+              "= Inventory for platform #{platform.repository_path} of type #{platform.platform_type}:\n" +
+                platform.known_nodes.map do |node|
+                  "* Node #{node} (IP: #{@nodes_handler.get_host_ip_of(node)}, Hostname: #{@nodes_handler.get_hostname_of(node)})."
+                end.join("\n")
+            end.join("\n")
+          )
+          # Upload the file on our web10 instance
+          system 'scp -o StrictHostKeyChecking=no /tmp/web_report.txt root@web10.hpc_tutorial.org:/root/hello_world.txt'
+          out 'Upload successful'
+        end
+
+      end
+
+    end
+
+  end
+
+end

data/examples/tutorial/05_extend_with_plugins/my_hpc_plugins/lib/my_hpc_plugins/hpc_plugins/test/root_space.rb

@@ -0,0 +1,44 @@
+module MyHpcPlugins
+
+  module HpcPlugins
+
+    module Test
+
+      # Check root space
+      class RootSpace < HybridPlatformsConductor::Test
+
+        # Run test using SSH commands on the node.
+        # Instead of executing the SSH commands directly on each node for each test, this method returns the list of commands to run and the test framework then groups them in 1 SSH connection.
+        # [API] - @node can be used to adapt the command with the node.
+        #
+        # Result::
+        # * Hash<String,Object>: For each command to execute, information regarding the assertion.
+        #   * Values can be:
+        #     * Proc: The code block making the test given the stdout of the command. Here is the Proc description:
+        #       * Parameters::
+        #         * *stdout* (Array<String>): List of lines of the stdout of the command.
+        #         * *stderr* (Array<String>): List of lines of the stderr of the command.
+        #         * *return_code* (Integer): The return code of the command.
+        #     * Hash<Symbol,Object>: More complete information, that can contain the following keys:
+        #       * *validator* (Proc): The proc containing the assertions to perform (as described above). This key is mandatory.
+        #       * *timeout* (Integer): Timeout to wait for this command to execute.
+        def test_on_node
+          # If this method is defined, it will be used to execute SSH commands on each node that is being tested.
+          # For each SSH command, a validator code block will be called with the stdout of the command run remotely on the node.
+          # In place of a simple validator code block, a more complex structure can be used to give more info (for example timeout).
+          {
+            'du -sk /root' => proc do |stdout|
+              # stdout contains the output of our du command
+              used_kb = stdout.first.split.first.to_i
+              error "Root space used is #{used_kb}KB - too much!" if used_kb > 1024
+            end
+          }
+        end
+
+      end
+
+    end
+
+  end
+
+end

data/examples/tutorial/05_extend_with_plugins/my_hpc_plugins/my_hpc_plugins.gemspec

@@ -0,0 +1,15 @@
+Gem::Specification.new do |s|
+  s.name = 'my_hpc_plugins'
+  s.version = '0.0.1'
+  s.date = '2021-04-29'
+  s.authors = ['Me myself!']
+  s.email = ['me-myself@my-domain.com']
+  s.summary = 'My awesome plugins for Hybrid Platforms Conductor'
+  s.files = Dir['{bin,lib,spec}/**/*']
+  Dir['bin/**/*'].each do |exec_name|
+    s.executables << File.basename(exec_name)
+  end
+  # Dependencies
+  # Make sure we use a compatible version of hybrid_platforms_conductor
+  s.add_dependency 'hybrid_platforms_conductor', '~> 32.12'
+end

data/examples/tutorial/05_extend_with_plugins/node/my-service.conf

@@ -0,0 +1,4 @@
+service-port: 1107
+service-timeout: 60
+service-logs: stdout
+

data/examples/tutorial/05_extend_with_plugins/web_docker_image/Dockerfile

@@ -0,0 +1,33 @@
+# syntax=docker/dockerfile:1
+# Pull the image containing Go
+FROM golang:1.16.3-buster
+
+# Install the web server
+# Create the message file to be displayed by the web server
+COPY hello_world.txt /root/hello_world.txt
+# Copy the code
+COPY main.go /codebase/src/main.go
+# Build the binary
+RUN cd /codebase && go build -v -o /codebase/bin/server ./src/main.go
+# Set the env which will be available at runtime
+ENV PORT=80
+EXPOSE 80
+
+# Install sshd
+RUN apt-get update && apt-get install -y openssh-server
+RUN mkdir /var/run/sshd
+# Activate root login
+RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
+# Speed-up considerably ssh performance and avoid huge lags and timeouts without DNS
+RUN sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
+EXPOSE 22
+
+# Upload our root key for key authentication of root
+COPY hpc_root.key.pub /root/.ssh/authorized_keys
+RUN chmod 700 /root/.ssh
+RUN chmod 400 /root/.ssh/authorized_keys
+
+# Startup script
+COPY start.sh /start.sh
+RUN chmod +x /start.sh
+CMD ["/start.sh"]

data/examples/tutorial/05_extend_with_plugins/web_docker_image/hello_world.txt

@@ -0,0 +1 @@
+Hello World!

data/examples/tutorial/05_extend_with_plugins/web_docker_image/hpc_root.key

@@ -0,0 +1,27 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAQEAu5oVFddWtHFKA8+PnRssWieXrnMUPM8+qTdQrxoMaNacFWN+pBv3
+Nj61GphCANoEPBvgcm7ltgZa1EumAZh4NJFi7AqM4Z2AFsqsvzRS1HNFRClEwr576iRkMc
+ECIr0JmxeOscVcDMx0/9uFSfON7DiuStOOpIJIiQfjtFBsLFpzdfsVfZ3zc18Hxugqsbq0
+t0bsTZdjRKnIYeKTSXKbF2n9b/dAf2tBtpywpun1WXQul7w1z20m9zv955k4kq3rAhSIPH
+aOSE+QCXlICYqwmP2KVKCG6XEqSWjF4ujzcE7PlKIK1gsXdfum6GL23X8k8njBIjRzq6a0
+Uabp65tvVQAAA8hgF2y/YBdsvwAAAAdzc2gtcnNhAAABAQC7mhUV11a0cUoDz4+dGyxaJ5
+eucxQ8zz6pN1CvGgxo1pwVY36kG/c2PrUamEIA2gQ8G+BybuW2BlrUS6YBmHg0kWLsCozh
+nYAWyqy/NFLUc0VEKUTCvnvqJGQxwQIivQmbF46xxVwMzHT/24VJ843sOK5K046kgkiJB+
+O0UGwsWnN1+xV9nfNzXwfG6CqxurS3RuxNl2NEqchh4pNJcpsXaf1v90B/a0G2nLCm6fVZ
+dC6XvDXPbSb3O/3nmTiSresCFIg8do5IT5AJeUgJirCY/YpUoIbpcSpJaMXi6PNwTs+Uog
+rWCxd1+6boYvbdfyTyeMEiNHOrprRRpunrm29VAAAAAwEAAQAAAQEAj5IE7vkkvuUweqgf
+RWGlWL2SJIyngT4tuzy8/7SUqKsNOoUxRxCr6ZSl7tt1L8eplALVi135aIuGeZAHVJNF8x
+0Mso4EcSmi/E5RU+cMONCawuY+XDeBB5igIT+PjdxT/KBTsRLUNmtGYwSyBf1hsNVT9ang
+MWAPeOdTyQv/LRUe+O/ZKQ/h/X51BEwSXqz32RmlmZdMnDacIJ0NWdbcbAEtB4JT83S20d
+bycQNOxGVmyevOGjyTXfUX6FhtYT7A7zzqNUL8UstSdajWeTZvVGd0C7Ob1kxaU3tnAwFr
+0sHTPHX7FQQFGhiU8gBZHOJ/PQzo+qqcCSsM3FcJlpVw5QAAAIAPYGXt7diWFYEhZVfj3n
+KA0lX7LjQms0en4CoSkN4BELQJnaaqlTkrqN7PNL/WbmeavzDqQMk1jb9Q2+gra826THX5
+GGtbFPFb9TSwBNi+zsyVURKEzqNYSw28ytKIdj98VW1qqQoolgTc5qoXG1JW5f5bEPbzUT
+LXPP5j+YvuCgAAAIEA8NVJc5vXzJxbdgBxOPPHaPCAZ28V15Ggy+Bj1K/9G6FHqa/SFhy0
+tCpBDNB/POX2UXCQDLteTIDodj9h2Yat6PJP9RKYCC9F5+/fU/0Y/tvD/p/uNhwEuqToex
+gBUoL+r7/G3qYK13n8AKwrvb2wiYgP3aUVW7AyOier1MKt4OsAAACBAMdqmcj+5fNSTuOg
+iPgGylUSIYnJ0w2jjZIaX96aat/w+SgciLhenbwpcf/9E8MDYKbXyhArdQvOgkEVogEI4s
+PrFG66ogawPuRUUsuZBhm/b535EEvNAlkC8fMPVuKfOIsHJs8Cwcy7QPZSZu5pyKznpnCT
+UlYGT6aB0GGoeeC/AAAAEWFkbWluQGV4YW1wbGUuY29tAQ==
+-----END OPENSSH PRIVATE KEY-----

data/examples/tutorial/05_extend_with_plugins/web_docker_image/hpc_root.key.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7mhUV11a0cUoDz4+dGyxaJ5eucxQ8zz6pN1CvGgxo1pwVY36kG/c2PrUamEIA2gQ8G+BybuW2BlrUS6YBmHg0kWLsCozhnYAWyqy/NFLUc0VEKUTCvnvqJGQxwQIivQmbF46xxVwMzHT/24VJ843sOK5K046kgkiJB+O0UGwsWnN1+xV9nfNzXwfG6CqxurS3RuxNl2NEqchh4pNJcpsXaf1v90B/a0G2nLCm6fVZdC6XvDXPbSb3O/3nmTiSresCFIg8do5IT5AJeUgJirCY/YpUoIbpcSpJaMXi6PNwTs+UogrWCxd1+6boYvbdfyTyeMEiNHOrprRRpunrm29V admin@example.com

data/examples/tutorial/05_extend_with_plugins/web_docker_image/main.go

@@ -0,0 +1,43 @@
+package main
+
+import (
+    "fmt"
+    "io/ioutil"
+    "log"
+    "net/http"
+    "os"
+)
+
+const homepageEndPoint = "/"
+
+// StartWebServer the webserver
+func StartWebServer() {
+    http.HandleFunc(homepageEndPoint, handleHomepage)
+    port := os.Getenv("PORT")
+    if len(port) == 0 {
+        panic("Environment variable PORT is not set")
+    }
+
+    log.Printf("Starting web server to listen on endpoints [%s] and port %s",
+        homepageEndPoint, port)
+    if err := http.ListenAndServe(":"+port, nil); err != nil {
+        panic(err)
+    }
+}
+
+func handleHomepage(w http.ResponseWriter, r *http.Request) {
+    urlPath := r.URL.Path
+    log.Printf("Web request received on url path %s", urlPath)
+    content, content_err := ioutil.ReadFile("/root/hello_world.txt")
+    if content_err != nil {
+        fmt.Printf("Failed to read message to display, err: %s", content_err)
+    }
+    _, write_err := w.Write(content)
+    if write_err != nil {
+        fmt.Printf("Failed to write response, err: %s", write_err)
+    }
+}
+
+func main() {
+    StartWebServer()
+}

data/examples/tutorial/05_extend_with_plugins/web_docker_image/start.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Start sshd as a daemon
+/usr/sbin/sshd
+
+# Start web server
+sh -c /codebase/bin/server

data/examples/tutorial/05_extend_with_plugins/web_docker_image/test.bash

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+for ((i=1;i<=10;i++));
+do 
+   echo "Container web$i: $(curl http://web$i.hpc_tutorial.org 2>/dev/null)"
+done

data/lib/hybrid_platforms_conductor/deployer.rb

@@ -318,8 +318,9 @@ module HybridPlatformsConductor
           actions_executor: @actions_executor
         )
         instance.with_running_instance(stop_on_exit: true, destroy_on_exit: !reuse_instance, port: 22) do
-          # Test-provisioned nodes have SSH Session Exec capabilities
+          # Test-provisioned nodes have SSH Session Exec capabilities and are not local
           sub_executable.nodes_handler.override_metadata_of node, :ssh_session_exec, 'true'
+          sub_executable.nodes_handler.override_metadata_of node, :local_node, false
           # Test-provisioned nodes use default sudo
           sub_executable.config.sudo_procs.replace(sub_executable.config.sudo_procs.map do |sudo_proc_info|
             {

data/lib/hybrid_platforms_conductor/hpc_plugins/platform_handler/serverless_chef.rb

@@ -0,0 +1,440 @@
+require 'fileutils'
+require 'json'
+require 'yaml'
+require 'hybrid_platforms_conductor/platform_handler'
+require 'hybrid_platforms_conductor/hpc_plugins/platform_handler/serverless_chef/dsl_parser'
+require 'hybrid_platforms_conductor/hpc_plugins/platform_handler/serverless_chef/recipes_tree_builder'
+
+module HybridPlatformsConductor
+
+  module HpcPlugins
+
+    module PlatformHandler
+
+      # Handle a Chef repository without using a Chef Infra Server.
+      # Inventory is read from nodes/*.json.
+      # Services are defined from policy files in policyfiles/*.rb.
+      # Roles are not supported as they are considered made obsolete with the usage of policies by the Chef community.
+      # Required Chef versions are taken from a chef_versions.yml file containing the following keys:
+      # * *workstation* (String): The Chef Workstation version to be installed during setup (can be specified as major.minor only)
+      # * *client* (String): The Chef Infra Client version to be installed during nodes deployment (can be specified as major.minor only)
+      class ServerlessChef < HybridPlatformsConductor::PlatformHandler
+
+        # Add a Mixin to the DSL parsing the platforms configuration file.
+        # This can be used by any plugin to add plugin-specific configuration getters and setters, accessible later from NodesHandler instances.
+        # An optional initializer can also be given.
+        # [API] - Those calls are optional
+        module MyDSLExtension
+
+          # The list of library helpers we know include some recipes.
+          # This is used when parsing some recipe code: if such a helper is encountered then we assume a dependency on a given recipe.
+          # Hash< Symbol, Array<String> >: List of recipes definitions per helper name.
+          attr_reader :known_helpers_including_recipes
+
+          # Initialize the DSL
+          def init_serverless_chef
+            @known_helpers_including_recipes = {}
+          end
+
+          # Define helpers including recipes
+          #
+          # Parameters::
+          # * *included_recipes* (Hash< Symbol, Array<String> >): List of recipes definitions per helper name.
+          def helpers_including_recipes(included_recipes)
+            @known_helpers_including_recipes.merge!(included_recipes)
+          end
+
+        end
+        self.extend_config_dsl_with MyDSLExtension, :init_serverless_chef
+
+        # Setup the platform, install dependencies...
+        # [API] - This method is optional.
+        # [API] - @cmd_runner is accessible.
+        def setup
+          required_version = YAML.load_file("#{@repository_path}/chef_versions.yml")['workstation']
+          Bundler.with_unbundled_env do
+            exit_status, stdout, _stderr = @cmd_runner.run_cmd '/opt/chef-workstation/bin/chef --version', expected_code: [0, 127]
+            existing_version =
+              if exit_status == 127
+                'not installed'
+              else
+                expected_match = stdout.match(/^Chef Workstation version: (.+)\.\d+$/)
+                expected_match.nil? ? 'unreadable' : expected_match[1]
+              end
+            log_debug "Current Chef version: #{existing_version}. Required version: #{required_version}"
+            @cmd_runner.run_cmd "curl -L https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef-workstation -v #{required_version}" unless existing_version == required_version
+          end
+        end
+
+        # Get the list of known nodes.
+        # [API] - This method is mandatory.
+        #
+        # Result::
+        # * Array<String>: List of node names
+        def known_nodes
+          Dir.glob("#{@repository_path}/nodes/*.json").map { |file| File.basename(file, '.json') }
+        end
+
+        # Get the metadata of a given node.
+        # [API] - This method is mandatory.
+        #
+        # Parameters::
+        # * *node* (String): Node to read metadata from
+        # Result::
+        # * Hash<Symbol,Object>: The corresponding metadata
+        def metadata_for(node)
+          (json_for(node)['normal'] || {}).transform_keys(&:to_sym)
+        end
+
+        # Return the services for a given node
+        # [API] - This method is mandatory.
+        #
+        # Parameters::
+        # * *node* (String): node to read configuration from
+        # Result::
+        # * Array<String>: The corresponding services
+        def services_for(node)
+          [json_for(node)['policy_name']]
+        end
+
+        # Get the list of services we can deploy
+        # [API] - This method is mandatory.
+        #
+        # Result::
+        # * Array<String>: The corresponding services
+        def deployable_services
+          Dir.glob("#{@repository_path}/policyfiles/*.rb").map { |file| File.basename(file, '.rb') }
+        end
+
+        # Package the repository, ready to be deployed on artefacts or directly to a node.
+        # [API] - This method is optional.
+        # [API] - @cmd_runner is accessible.
+        # [API] - @actions_executor is accessible.
+        #
+        # Parameters::
+        # * *services* (Hash< String, Array<String> >): Services to be deployed, per node
+        # * *secrets* (Hash): Secrets to be used for deployment
+        # * *local_environment* (Boolean): Are we deploying to a local environment?
+        def package(services:, secrets:, local_environment:)
+          # Make a stamp of the info that has been packaged, so that we don't package it again if useless
+          package_info = {
+            secrets: secrets,
+            commit: info[:commit].nil? ? Time.now.utc.strftime('%F %T') : info[:commit][:id],
+            other_files:
+              if info[:status].nil?
+                {}
+              else
+                Hash[
+                  (info[:status][:added_files] + info[:status][:changed_files] + info[:status][:untracked_files]).
+                    sort.
+                    map { |f| [f, File.mtime("#{@repository_path}/#{f}").strftime('%F %T')] }
+                ]
+              end,
+            deleted_files: info[:status].nil? ? [] : info[:status][:deleted_files].sort
+          }
+          # Each service is packaged individually.
+          services.values.flatten.sort.uniq.each do |service|
+            package_dir = "dist/#{local_environment ? 'local' : 'prod'}/#{service}"
+            package_info_file = "#{@repository_path}/#{package_dir}/hpc_package.info"
+            current_package_info = File.exist?(package_info_file) ? JSON.parse(File.read(package_info_file)).transform_keys(&:to_sym) : {}
+            unless current_package_info == package_info
+              Bundler.with_unbundled_env do
+                # If the policy lock file does not exist, generate it
+                @cmd_runner.run_cmd "cd #{@repository_path} && /opt/chef-workstation/bin/chef install policyfiles/#{service}.rb" unless File.exist?("#{@repository_path}/policyfiles/#{service}.lock.json")
+                extra_cp_data_bags = File.exist?("#{@repository_path}/data_bags") ? " && cp -ar data_bags/ #{package_dir}/" : ''
+                @cmd_runner.run_cmd "cd #{@repository_path} && \
+                  sudo rm -rf #{package_dir} && \
+                  /opt/chef-workstation/bin/chef export policyfiles/#{service}.rb #{package_dir}#{extra_cp_data_bags}"
+              end
+              unless @cmd_runner.dry_run
+                # Create secrets file
+                secrets_file = "#{@repository_path}/#{package_dir}/data_bags/hpc_secrets/hpc_secrets.json"
+                FileUtils.mkdir_p(File.dirname(secrets_file))
+                File.write(secrets_file, secrets.merge(id: 'hpc_secrets').to_json)
+                # Remember the package info
+                File.write(package_info_file, package_info.to_json)
+              end
+            end
+          end
+        end
+
+        # Prepare deployments.
+        # This method is called just before getting and executing the actions to be deployed.
+        # It is called once per platform.
+        # [API] - This method is optional.
+        # [API] - @cmd_runner is accessible.
+        # [API] - @actions_executor is accessible.
+        #
+        # Parameters::
+        # * *services* (Hash< String, Array<String> >): Services to be deployed, per node
+        # * *secrets* (Hash): Secrets to be used for deployment
+        # * *local_environment* (Boolean): Are we deploying to a local environment?
+        # * *why_run* (Boolean): Are we deploying in why-run mode?
+        def prepare_for_deploy(services:, secrets:, local_environment:, why_run:)
+          @local_env = local_environment
+        end
+
+        # Get the list of actions to perform to deploy on a given node.
+        # Those actions can be executed in parallel with other deployments on other nodes. They must be thread safe.
+        # [API] - This method is mandatory.
+        # [API] - @cmd_runner is accessible.
+        # [API] - @actions_executor is accessible.
+        #
+        # Parameters::
+        # * *node* (String): Node to deploy on
+        # * *service* (String): Service to be deployed
+        # * *use_why_run* (Boolean): Do we use a why-run mode? [default = true]
+        # Result::
+        # * Array< Hash<Symbol,Object> >: List of actions to be done
+        def actions_to_deploy_on(node, service, use_why_run: true)
+          package_dir = "#{@repository_path}/dist/#{@local_env ? 'local' : 'prod'}/#{service}"
+          # Generate the nodes attributes file
+          unless @cmd_runner.dry_run
+            FileUtils.mkdir_p "#{package_dir}/nodes"
+            File.write("#{package_dir}/nodes/#{node}.json", (known_nodes.include?(node) ? metadata_for(node) : {}).merge(@nodes_handler.metadata_of(node)).to_json)
+          end
+          if @nodes_handler.get_use_local_chef_of(node)
+            # Just run the chef-client directly from the packaged repository
+            [{ bash: "cd #{package_dir} && sudo SSL_CERT_DIR=/etc/ssl/certs /opt/chef-workstation/bin/chef-client --local-mode --json-attributes nodes/#{node}.json#{use_why_run ? ' --why-run' : ''}" }]
+          else
+            # Upload the package and run it from the node
+            package_name = File.basename(package_dir)
+            chef_versions_file = "#{@repository_path}/chef_versions.yml"
+            raise "Missing file #{chef_versions_file} specifying the Chef Infra Client version to be deployed" unless File.exist?(chef_versions_file)
+            required_chef_client_version = YAML.load_file(chef_versions_file)['client']
+            sudo = (@actions_executor.connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(node)} ")
+            [
+              {
+                # Install dependencies
+                remote_bash: [
+                  'set -e',
+                  'set -o pipefail',
+                  "if [ -n \"$(command -v apt)\" ]; then #{sudo}apt update && #{sudo}apt install -y curl build-essential ; else #{sudo}yum groupinstall 'Development Tools' && #{sudo}yum install -y curl ; fi",
+                  'mkdir -p ./hpc_deploy',
+                  "curl --location https://omnitruck.chef.io/install.sh | tac | tac | #{sudo}bash -s -- -d /opt/artefacts -v #{required_chef_client_version} -s once"
+                ]
+              },
+              {
+                scp: { package_dir => './hpc_deploy' },
+                remote_bash: [
+                  'set -e',
+                  "cd ./hpc_deploy/#{package_name}",
+                  "#{sudo}SSL_CERT_DIR=/etc/ssl/certs /opt/chef/bin/chef-client --local-mode --chef-license=accept --json-attributes nodes/#{node}.json#{use_why_run ? ' --why-run' : ''}",
+                  'cd ..',
+                  "#{sudo}rm -rf #{package_name}"
+                ]
+              }
+            ]
+          end
+        end
+
+        # Parse stdout and stderr of a given deploy run and get the list of tasks with their status
+        # [API] - This method is mandatory.
+        #
+        # Parameters::
+        # * *stdout* (String): stdout to be parsed
+        # * *stderr* (String): stderr to be parsed
+        # Result::
+        # * Array< Hash<Symbol,Object> >: List of task properties. The following properties should be returned, among free ones:
+        #   * *name* (String): Task name
+        #   * *status* (Symbol): Task status. Should be one of:
+        #     * *:changed*: The task has been changed
+        #     * *:identical*: The task has not been changed
+        #   * *diffs* (String): Differences, if any
+        def parse_deploy_output(stdout, stderr)
+          tasks = []
+          current_task = nil
+          stdout.split("\n").each do |line|
+            # Remove control chars and spaces around
+            case line.gsub(/\e\[[^\x40-\x7E]*[\x40-\x7E]/, '').strip
+            when /^\* (\w+\[[^\]]+\]) action (.+)$/
+              # New task
+              task_name = $1
+              task_action = $2
+              current_task = {
+                name: task_name,
+                action: task_action,
+                status: :identical
+              }
+              tasks << current_task
+            when /^- (.+)$/
+              # Diff on the current task
+              diff_description = $1
+              unless current_task.nil?
+                current_task[:diffs] = '' unless current_task.key?(:diffs)
+                current_task[:diffs] << "#{diff_description}\n"
+                current_task[:status] = :changed
+              end
+            end
+          end
+          tasks
+        end
+
+        # Get the list of impacted nodes and services from a files diff.
+        # [API] - This method is optional
+        #
+        # Parameters::
+        # * *files_diffs* (Hash< String, Hash< Symbol, Object > >): List of diffs info, per file name having a diff. Diffs info have the following properties:
+        #   * *moved_to* (String): The new file path, in case it has been moved [optional]
+        #   * *diff* (String): The diff content
+        # Result::
+        # * Array<String>: The list of nodes impacted by this diff
+        # * Array<String>: The list of services impacted by this diff
+        # * Boolean: Are there some files that have a global impact (meaning all nodes are potentially impacted by this diff)?
+        def impacts_from(files_diffs)
+          impacted_nodes = []
+          impacted_services = []
+          # List of impacted [cookbook, recipe]
+          # Array< [Symbol, Symbol] >
+          impacted_recipes = []
+          impacted_global = false
+          files_diffs.keys.sort.each do |impacted_file|
+            if impacted_file =~ /^policyfiles\/([^\/]+)\.rb$/
+              log_debug "[#{impacted_file}] - Impacted service: #{$1}"
+              impacted_services << $1
+            elsif impacted_file =~ /^policyfiles\/([^\/]+)\.lock.json$/
+              log_debug "[#{impacted_file}] - Impacted service: #{$1}"
+              impacted_services << $1
+            elsif impacted_file =~ /^nodes\/([^\/]+)\.json/
+              log_debug "[#{impacted_file}] - Impacted node: #{$1}"
+              impacted_nodes << $1
+            else
+              cookbook_path = known_cookbook_paths.find { |cookbooks_path| impacted_file =~ /^#{Regexp.escape(cookbooks_path)}\/.+$/ }
+              if cookbook_path.nil?
+                # Global file
+                log_debug "[#{impacted_file}] - Global file impacted"
+                impacted_global = true
+              else
+                # File belonging to a cookbook
+                cookbook_name, file_path = impacted_file.match(/^#{cookbook_path}\/(\w+)\/(.+)$/)[1..2]
+                cookbook = cookbook_name.to_sym
+                # Small helper to register a recipe
+                register = proc do |source, recipe_name, cookbook_name: cookbook|
+                  cookbook_name = cookbook_name.to_sym if cookbook_name.is_a?(String)
+                  log_debug "[#{impacted_file}] - Impacted recipe from #{source}: #{cookbook_name}::#{recipe_name}"
+                  impacted_recipes << [cookbook_name, recipe_name.to_sym]
+                end
+                case file_path
+                when /recipes\/(.+)\.rb/
+                  register.call('direct', $1)
+                when /attributes\/.+\.rb/, 'metadata.rb'
+                  # Consider all recipes are impacted
+                  Dir.glob("#{@repository_path}/#{cookbook_path}/#{cookbook}/recipes/*.rb") do |recipe_path|
+                    register.call('attributes', File.basename(recipe_path, '.rb'))
+                  end
+                when /(templates|files)\/(.+)/
+                  # Find recipes using this file name
+                  included_file = File.basename($2)
+                  template_regexp = /["']#{Regexp.escape(included_file)}["']/
+                  Dir.glob("#{@repository_path}/#{cookbook_path}/#{cookbook}/recipes/*.rb") do |recipe_path|
+                    register.call("included file #{included_file}", File.basename(recipe_path, '.rb')) if File.read(recipe_path) =~ template_regexp
+                  end
+                when /resources\/(.+)/
+                  # Find any recipe using this resource
+                  included_resource = "#{cookbook}_#{File.basename($1, '.rb')}"
+                  resource_regexp = /(\W|^)#{Regexp.escape(included_resource)}(\W|$)/
+                  known_cookbook_paths.each do |cookbooks_path|
+                    Dir.glob("#{@repository_path}/#{cookbooks_path}/**/recipes/*.rb") do |recipe_path|
+                      if File.read(recipe_path) =~ resource_regexp
+                        cookbook_name, recipe_name = recipe_path.match(/#{cookbooks_path}\/(\w+)\/recipes\/(\w+)\.rb/)[1..2]
+                        register.call("included resource #{included_resource}", recipe_name, cookbook_name: cookbook_name)
+                      end
+                    end
+                  end
+                when /libraries\/(.+)/
+                  # Find any recipe using methods from this library
+                  lib_methods_regexps = File.read("#{@repository_path}/#{impacted_file}").scan(/(\W|^)def\s+(\w+)(\W|$)/).map { |_grp1, method_name, _grp2| /(\W|^)#{Regexp.escape(method_name)}(\W|$)/ }
+                  known_cookbook_paths.each do |cookbooks_path|
+                    Dir.glob("#{@repository_path}/#{cookbooks_path}/**/recipes/*.rb") do |recipe_path|
+                      file_content = File.read(recipe_path)
+                      found_lib_regexp = lib_methods_regexps.find { |regexp| file_content =~ regexp }
+                      unless found_lib_regexp.nil?
+                        cookbook_name, recipe_name = recipe_path.match(/#{cookbooks_path}\/(\w+)\/recipes\/(\w+)\.rb/)[1..2]
+                        register.call("included library helper #{found_lib_regexp.source[6..-7]}", recipe_name, cookbook_name: cookbook_name)
+                      end
+                    end
+                  end
+                when 'README.md', 'README.rdoc', 'CHANGELOG.md', '.rubocop.yml'
+                  # Ignore them
+                else
+                  log_warn "[#{impacted_file}] - Unknown impact for cookbook file belonging to #{cookbook}"
+                  # Consider all recipes are impacted by default
+                  Dir.glob("#{@repository_path}/#{cookbook_path}/#{cookbook}/recipes/*.rb") do |recipe_path|
+                    register.call('attributes', File.basename(recipe_path, '.rb'))
+                  end
+                end
+              end
+            end
+          end
+
+          # Devise the impacted services from the impacted recipes we just found.
+          impacted_recipes.uniq!
+          log_debug "* #{impacted_recipes.size} impacted recipes:\n#{impacted_recipes.map { |(cookbook, recipe)| "#{cookbook}::#{recipe}" }.sort.join("\n")}"
+
+          recipes_tree = RecipesTreeBuilder.new(@config, self).full_recipes_tree
+          [
+            impacted_nodes,
+            (
+              impacted_services +
+                # Gather the list of services using the impacted recipes
+                impacted_recipes.map do |(cookbook, recipe)|
+                  recipe_info = recipes_tree.dig cookbook, recipe
+                  recipe_info.nil? ? [] : recipe_info[:used_by_policies]
+                end.flatten
+            ).sort.uniq,
+            impacted_global
+          ]
+        end
+
+        # Return the list of possible cookbook paths from this repository only.
+        # Returned paths are relative to the repository path.
+        #
+        # Result::
+        # * Array<String>: Known cookbook paths
+        def known_cookbook_paths
+          # Keep a cache of it for performance.
+          unless defined?(@cookbook_paths)
+            config_file = "#{@repository_path}/config.rb"
+            @cookbook_paths = (
+                ['cookbooks'] +
+                  if File.exist?(config_file)
+                    # Read the knife configuration to get cookbook paths
+                    dsl_parser = DslParser.new
+                    dsl_parser.parse(config_file)
+                    cookbook_path_call = dsl_parser.calls.find { |call_info| call_info[:method] == :cookbook_path }
+                    cookbook_path_call.nil? ? [] : cookbook_path_call[:args].first
+                  else
+                    []
+                  end
+              ).
+              map do |dir|
+                # Only keep dirs that actually exist and are part of our repository
+                full_path = dir.start_with?('/') ? dir : File.expand_path("#{@repository_path}/#{dir}")
+                full_path.start_with?(@repository_path) && File.exist?(full_path) ? full_path.gsub("#{@repository_path}/", '') : nil
+              end.
+              compact.
+              sort.
+              uniq
+          end
+          @cookbook_paths
+        end
+
+        private
+
+        # Return the JSON associated to a node
+        #
+        # Parameters::
+        # * *node* (String): The node to search for
+        # Result::
+        # * Hash: JSON object of this node
+        def json_for(node)
+          JSON.parse(File.read("#{@repository_path}/nodes/#{node}.json"))
+        end
+
+      end
+
+    end
+
+  end
+
+end