knife-container 0.2.0

data/Rakefile

@@ -0,0 +1,16 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.rspec_opts = [].tap do |a|
+    a.push('--color')
+    a.push('--format progress')
+  end.join(' ')
+end
+
+desc 'Run all tests'
+task :test => [:spec]
+
+
+task :default => [:test]
+

data/knife-container.gemspec

@@ -0,0 +1,31 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'knife-container/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "knife-container"
+  spec.version       = Knife::Container::VERSION
+  spec.authors       = ["Tom Duffield"]
+  spec.email         = ["tom@getchef.com"]
+  spec.summary       = %q{Container support for Chef's Knife Command}
+  spec.description   = spec.summary
+  spec.homepage      = "http://github.com/opscode/knife-container"
+  spec.license       = "Apache 2.0"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "chef", "~> 11.0"
+  spec.add_dependency "mixlib-config", "~> 2.0"
+  spec.add_dependency "json", ">= 1.4.4", "<=  1.8.1"
+
+  spec.add_development_dependency 'rspec', '~> 2.14'
+  spec.add_development_dependency 'simplecov', '~> 0.7.1'
+  spec.add_development_dependency 'bundler', '~> 1.3'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'docker-api', '~> 1.11.1'
+end

data/lib/chef/knife/container_docker_build.rb

@@ -0,0 +1,243 @@
+#
+# Copyright:: Copyright (c) 2014 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+require 'chef/mixin/shell_out'
+
+class Chef
+  class Knife
+    class ContainerDockerBuild < Knife
+      include Chef::Mixin::ShellOut
+
+      deps do
+        # These two are needed for cleanup
+        require 'chef/node'
+        require 'chef/api_client'
+      end
+
+      banner "knife container docker build REPO/NAME [options]"
+
+      option :run_berks,
+        :long => "--[no-]berks",
+        :description => "Run Berkshelf",
+        :default => true,
+        :boolean => true
+
+      option :cleanup,
+        :long => "--[no-]cleanup",
+        :description => "Cleanup Chef and Docker artifacts",
+        :default => true,
+        :boolean => true
+
+      option :force_build,
+        :long => "--force",
+        :description => "Force the Docker image build",
+        :boolean => true
+
+      option :dockerfiles_path,
+        :short => "-d PATH",
+        :long => "--dockerfiles-path PATH",
+        :description => "Path to the directory where Docker contexts are kept",
+        :proc => Proc.new { |d| Chef::Config[:knife][:dockerfiles_path] = d }
+
+      #
+      # Run the plugin
+      #
+      def run
+        read_and_validate_params
+        setup_config_defaults
+        run_berks if config[:run_berks]
+        build_image
+        cleanup_artifacts if config[:cleanup]
+      end
+
+      #
+      # Reads the input parameters and validates them.
+      # Will exit if it encounters an error
+      #
+      def read_and_validate_params
+        if @name_args.length < 1
+          show_usage
+          ui.fatal("You must specify a Dockerfile name")
+          exit 1
+        end
+
+        # if berkshelf isn't installed, set run_berks to false
+        if config[:run_berks]
+          ver = shell_out("berks -v")
+          config[:run_berks] = ver.stdout.match(/\d+\.\d+\.\d+/) ? true : false
+        end
+      end
+
+      #
+      # Set defaults for configuration values
+      #
+      def setup_config_defaults
+        Chef::Config[:knife][:dockerfiles_path] ||= File.join(Chef::Config[:chef_repo_path], "dockerfiles")
+        config[:dockerfiles_path] = Chef::Config[:knife][:dockerfiles_path]
+
+        # Determine if we are running local or server mode
+        case
+        when File.exists?(File.join(config[:dockerfiles_path], @name_args[0], 'chef', 'zero.rb'))
+          config[:local_mode] = true
+        when File.exists?(File.join(config[:dockerfiles_path], @name_args[0], 'chef', 'client.rb'))
+          config[:local_mode] = false
+        else
+          show_usage
+          ui.fatal("Can not find a Chef configuration file in #{config[:dockerfiles_path]}/#{@name_args[0]}/chef")
+          exit 1
+        end
+      end
+
+      #
+      # Execute berkshelf locally
+      #
+      def run_berks
+        if File.exists?(File.join(docker_context, "Berksfile"))
+          if File.exists?(File.join(chef_repo, "zero.rb"))
+            run_berks_vendor
+          elsif File.exists?(File.join(chef_repo, "client.rb"))
+            run_berks_upload
+          end
+        end
+      end
+
+      #
+      # Determines whether a Berksfile exists in the Docker context
+      #
+      # @returns [TrueClass, FalseClass]
+      #
+      def berksfile_exists?
+        File.exists?(File.join(docker_context, "Berksfile"))
+      end
+
+      #
+      # Installs all the cookbooks via Berkshelf
+      #
+      def run_berks_install
+        run_command("berks install")
+      end
+
+      #
+      # Vendors all the cookbooks into a directory inside the Docker Context
+      #
+      def run_berks_vendor
+        if File.exists?(File.join(chef_repo, "cookbooks"))
+          if config[:force_build]
+            FileUtils.rm_rf(File.join(chef_repo, "cookbooks"))
+          else
+            show_usage
+            ui.fatal("A `cookbooks` directory already exists. You must either remove this directory from your dockerfile directory or use the `force` flag")
+            exit 1
+          end
+        end
+
+        run_berks_install
+        run_command("berks vendor #{chef_repo}/cookbooks")
+      end
+
+      #
+      # Upload the cookbooks to the Chef Server
+      #
+      def run_berks_upload
+        run_berks_install
+        if config[:force_build]
+          run_command("berks upload --force")
+        else
+          run_command("berks upload")
+        end
+      end
+
+      #
+      # Builds the Docker image
+      #
+      def build_image
+        run_command(docker_build_command)
+      end
+
+      #
+      # Cleanup build artifacts
+      #
+      def cleanup_artifacts
+        unless config[:local_mode]
+          destroy_item(Chef::Node, node_name, "node")
+          destroy_item(Chef::ApiClient, node_name, "client")
+        end
+      end
+
+      #
+      # The command to use to build the Docker image
+      #
+      def docker_build_command
+        "docker build -t #{@name_args[0]} #{docker_context}"
+      end
+
+      #
+      # Run a shell command from the Docker Context directory
+      #
+      def run_command(cmd)
+        Open3.popen2e(cmd, chdir: docker_context) do |stdin, stdout_err, wait_thr|
+          while line = stdout_err.gets
+            puts line
+          end
+          wait_thr.value.to_i
+        end
+      end
+
+      #
+      # Returns the path to the Docker Context
+      #
+      # @return [String]
+      #
+      def docker_context
+        File.join(config[:dockerfiles_path], @name_args[0])
+      end
+
+      #
+      # Returns the path to the chef-repo inside the Docker Context
+      #
+      # @return [String]
+      #
+      def chef_repo
+        File.join(docker_context, "chef")
+      end
+
+      #
+      # Generates a node name for the Docker container
+      #
+      # @return [String]
+      #
+      def node_name
+        "#{@name_args[0].gsub('/','-')}-build"
+      end
+
+      # Extracted from Chef::Knife.delete_object, because it has a
+      # confirmation step built in... By not specifying the '--no-cleanup'
+      # flag the user is already making their intent known.  It is not
+      # necessary to make them confirm two more times.
+      def destroy_item(klass, name, type_name)
+        begin
+          object = klass.load(name)
+          object.destroy
+          ui.warn("Deleted #{type_name} #{name}")
+        rescue Net::HTTPServerException
+          ui.warn("Could not find a #{type_name} named #{name} to delete!")
+        end
+      end
+    end
+  end
+end

data/lib/chef/knife/container_docker_init.rb

@@ -0,0 +1,262 @@
+#
+# Copyright:: Copyright (c) 2014 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'json'
+require 'chef/knife'
+require 'knife-container/command'
+require 'chef/mixin/shell_out'
+
+class Chef
+  class Knife
+    class ContainerDockerInit < Knife
+
+      include KnifeContainer::Command
+      include Chef::Mixin::ShellOut
+
+      banner "knife container docker init REPO/NAME [options]"
+
+      option :base_image,
+        :short => "-f [REPO/]IMAGE[:TAG]",
+        :long => "--from [REPO/]IMAGE[:TAG]",
+        :description => "The image to use for the FROM value in your Dockerfile",
+        :proc => Proc.new { |f| Chef::Config[:knife][:docker_image] = f }
+
+      option :run_list,
+        :short => "-r RunlistItem,RunlistItem...,",
+        :long => "--run-list RUN_LIST",
+        :description => "Comma seperated list of roles/recipes to apply to your Docker image",
+        :proc => Proc.new { |o| o.split(/[\s,]+/) }
+
+      option :local_mode,
+        :boolean => true,
+        :short => "-z",
+        :long => "--local-mode",
+        :description => "Include and use a local chef repository to build the Docker image"
+
+      option :generate_berksfile,
+        :short => "-b",
+        :long => "--berksfile",
+        :description => "Generate a Berksfile based on the run_list provided",
+        :boolean => true,
+        :default => false
+
+      option :include_credentials,
+        :long => "--include-credentials",
+        :description => "Include secure credentials in your Docker image",
+        :boolean => true,
+        :default => false
+
+      option :validation_key,
+        :long => "--validation-key PATH",
+        :description => "The path to the validation key used by the client, typically a file named validation.pem"
+
+      option :validation_client_name,
+        :long => "--validation-client-name NAME",
+        :description => "The name of the validation client, typically a client named chef-validator"
+
+      option :trusted_certs_dir,
+        :long => "--trusted-certs PATH",
+        :description => "The path to the directory containing trusted certs"
+
+      option :encrypted_data_bag_secret,
+        :long => "--secret-file SECRET_FILE",
+        :description => "A file containing the secret key to use to encrypt data bag item values"
+
+      option :chef_server_url,
+        :long => "--server-url URL",
+        :description => "Chef Server URL"
+
+      option :force,
+        :long => "--force",
+        :boolean => true,
+        :desription => "Will overwrite existing Docker Contexts"
+
+      option :cookbook_path,
+        :long => "--cookbook-path PATH[:PATH]",
+        :description => "A colon-seperated path to look for cookbooks",
+        :proc => Proc.new { |o| o.split(':') }
+
+      option :role_path,
+        :long => "--role-path PATH[:PATH]",
+        :description => "A colon-seperated path to look for roles",
+        :proc => Proc.new { |o| o.split(':') }
+
+      option :node_path,
+        :long => "--node-path PATH[:PATH]",
+        :description => "A colon-seperated path to look for node objects",
+        :proc => Proc.new { |o| o.split(':') }
+
+      option :environment_path,
+        :long => "--environment-path PATH[:PATH]",
+        :description => "A colon-seperated path to look for environments",
+        :proc => Proc.new { |o| o.split(':') }
+
+      option :dockerfiles_path,
+        :short => "-d PATH",
+        :long => "--dockerfiles-path PATH",
+        :description => "Path to the directory where Docker contexts are kept",
+        :proc => Proc.new { |d| Chef::Config[:knife][:dockerfiles_path] = d }
+
+      #
+      # Run the plugin
+      #
+      def run
+        read_and_validate_params
+        set_config_defaults
+        eval_current_system
+        setup_context
+        chef_runner.converge
+        download_and_tag_base_image
+        ui.info("\n#{ui.color("Context Created: #{config[:dockerfiles_path]}/#{@name_args[0]}", :magenta)}")
+      end
+
+      #
+      # Read and validate the parameters
+      #
+      def read_and_validate_params
+        if @name_args.length < 1
+          show_usage
+          ui.fatal("You must specify a Dockerfile name")
+          exit 1
+        end
+
+        if config[:generate_berksfile]
+          begin
+            require 'berkshelf'
+          rescue LoadError
+            show_usage
+            ui.fatal("You must have the Berkshelf gem installed to use the Berksfile flag.")
+            exit 1
+          end
+        end
+      end
+
+      #
+      # Set default configuration values
+      #   We do this here and not in the option syntax because the Chef::Config
+      #   is not available to us at that point. It also gives us a space to set
+      #   other defaults.
+      #
+      def set_config_defaults
+        %w(
+          chef_server_url
+          cookbook_path
+          node_path
+          role_path
+          environment_path
+          validation_key
+          validation_client_name
+          trusted_certs_dir
+          encrypted_data_bag_secret
+        ).each do |var|
+          config[:"#{var}"] ||= Chef::Config[:"#{var}"]
+        end
+
+        config[:base_image] ||= "chef/ubuntu-12.04:latest"
+
+        # if no tag is specified, use latest
+        unless config[:base_image] =~ /[a-zA-Z0-9\/]+:[a-zA-Z0-9.\-]+/
+          config[:base_image] = "#{config[:base_image]}:latest"
+        end
+
+        config[:run_list] ||= []
+
+        Chef::Config[:knife][:dockerfiles_path] ||= File.join(Chef::Config[:chef_repo_path], "dockerfiles")
+        config[:dockerfiles_path] = Chef::Config[:knife][:dockerfiles_path]
+      end
+
+      #
+      # Setup the generator context
+      #
+      def setup_context
+        generator_context.dockerfile_name = @name_args[0]
+        generator_context.dockerfiles_path = config[:dockerfiles_path]
+        generator_context.base_image = config[:base_image]
+        generator_context.chef_client_mode = chef_client_mode
+        generator_context.run_list = config[:run_list]
+        generator_context.cookbook_path = config[:cookbook_path]
+        generator_context.role_path = config[:role_path]
+        generator_context.node_path = config[:node_path]
+        generator_context.environment_path = config[:environment_path]
+        generator_context.chef_server_url = config[:chef_server_url]
+        generator_context.validation_key = config[:validation_key]
+        generator_context.validation_client_name = config[:validation_client_name]
+        generator_context.trusted_certs_dir = config[:trusted_certs_dir]
+        generator_context.encrypted_data_bag_secret = config[:encrypted_data_bag_secret]
+        generator_context.first_boot = first_boot_content
+        generator_context.generate_berksfile = config[:generate_berksfile]
+        generator_context.include_credentials = config[:include_credentials]
+      end
+
+      #
+      # The name of the recipe to use
+      #
+      # @return [String]
+      #
+      def recipe
+        "docker_init"
+      end
+
+      #
+      # Generate the JSON object for our first-boot.json
+      #
+      # @return [String]
+      #
+      def first_boot_content
+        first_boot = {}
+        first_boot['run_list'] = config[:run_list]
+        JSON.pretty_generate(first_boot)
+      end
+
+      #
+      # Return the mode in which to run: zero or client
+      #
+      # @return [String]
+      #
+      def chef_client_mode
+        config[:local_mode] ? "zero" : "client"
+      end
+
+      #
+      # Download the base Docker image and tag it with the image name
+      #
+      def download_and_tag_base_image
+        ui.info("Downloading base image: #{config[:base_image]}. This process may take awhile...")
+        shell_out("docker pull #{config[:base_image]}")
+        image_name = config[:base_image].split(':')[0]
+        ui.info("Tagging base image #{image_name} as #{@name_args[0]}")
+        shell_out("docker tag #{image_name} #{@name_args[0]}")
+      end
+
+      #
+      # Run some evaluations on the system to make sure it is in the state we need.
+      #
+      def eval_current_system
+        # Check to see if the Docker context already exists.
+        if File.exist?(File.join(config[:dockerfiles_path], @name_args[0]))
+          if config[:force]
+            FileUtils.rm_rf(File.join(config[:dockerfiles_path], @name_args[0]))
+          else
+            show_usage
+            ui.fatal("The Docker Context you are trying to create already exists. Please use the --force flag if you would like to re-create this context.")
+            exit 1
+          end
+        end
+      end
+    end
+  end
+end