knife-ec-backup 1.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 80ef809cf9b6913773b6359560563034d86afed2
-  data.tar.gz: e2daaccc75106518a75e027c87d37df7c4e0ca55
+  metadata.gz: bfb061efc0e39818119aa5e0d6d2fc1b4e30c67f
+  data.tar.gz: a7bd9fc29f6f2bfbe5d3f880bdc6fc6b1eb5fbcb
 SHA512:
-  metadata.gz: 55efc9670ec8899eb1940fbaa88b92becbed3c4fd1c0377385873892740da213389ceca8d82f60f8b36b83d662ee6518bc66c15a71951cc01596013c4a23e9b2
-  data.tar.gz: 65dc9db1074a0c2997e7390224abae16c9264c72bf61ff0c3379ce05f2012ee60907708a6f03bb32f09f8bcc6de0efdfb6098a7ff20fca4d37a79dfb51f43542
+  metadata.gz: 4675c0ab2bcb626aa2b5203c0ebfaab596d430b882ea086f0fb82c41e5f29e4e4f833b7c34b3e98b60638c85f56e3a4ee135b603e5b50f54e12b083eddb47b4e
+  data.tar.gz: 720765653920c29a05ab32a522a2e0796292af9dfe26fcbe55d6d1573054a43d4943d192a93c765668852a7072785f4bbbd2ad8c2bc6fa7a2677793e52a4d9aa

data/README.md

@@ -4,37 +4,37 @@
 
 This is an UNOFFICIAL and EXPERIMENTAL knife plugin intended to back up and restore an entire Enterprise Chef / Private Chef server, preserving the data in an intermediate, editable text format.
 
+# Requirements
+
+This knife plugin currently requires the Knife-Essentials gem to be installed in the same gemset. This requirement is currently hosted here:
+
+    https://github.com/jkeiser/knife-essentials
+
 # Installation
 
 This knife plugin is packaged as a gem.  To install it, clone the
 git repository and run the following:
 
     gem build knife-ec-backup.gemspec
-    gem install knife-ec-backup-0.9.6.gem
+    gem install knife-ec-backup-1.0.0.gem
 
 # Configuration
 
-## knife.rb
-Unlike other knife subcommands the subcommands in the knife-ec-backup plugin make API calls against the root of your EC installations API endpoint.
-
-Typically the chef_server_url for your OPC installation may look like this:
-
-    chef_server_url https://chef.yourdomain.com/organizations/ORGNAME
-
-To configure knife-ec-backup, set the `chef_server_root` option to the root of your OPC installation:
-
-    chef_server_root https://chef.yourdomain.com/
-
-Note that most users in an EC installation lack the permissions to pull most of the data from all organizations and other users.
+## Permissions
+Note that most users in an EC installation lack the permissions to pull all of the data from all organizations and other users.
+This plugin **REQUIRES THE PIVOTAL KEY AND WEBUI KEY** from the Chef Server.
+It is recommended that you run this from a frontend Enterprise Chef Server, you can use --user and --key to pass the pivotal information along.
 
 # Subcommands
 
-## knife ec backup DEST_DIR WEBUI_KEY \[USER_ACL_REST\] (options)
+## knife ec backup DEST_DIR (options)
 
 *Options*
 
   * `--concurrency`:
     Maximum number of simultaneous requests to send (default: 10)
+  * `--webui-key`:
+    Used to set the path to the WebUI Key (default: /etc/opscode/webui_priv.pem)
   * `--skip-useracl`:
     Whether to skip downloading User ACLs.  This is required for EC 11.0.0 and lower (default: false)
 
@@ -90,12 +90,14 @@ This compares very closely with the "knife download /" from an OSC server:
     users
       <name>.json>
 
-## knife ec restore DEST_DIR WEBUI_KEY \[USER_ACL_REST\] (options)
+## knife ec restore DEST_DIR (options)
 
 *Options*
 
   * `--concurrency`:
     Maximum number of simultaneous requests to send (default: 10)
+  * `--webui-key`:
+    Used to set the path to the WebUI Key (default: /etc/opscode/webui_priv.pem)
   * `--overwrite-pivotal`:
     Whether to overwrite pivotal's key.  Once this is done, future requests will fail until you fix the private key (default: false)
   * `--skip-useracl`:
@@ -105,4 +107,6 @@ Restores all data from a repository to an Enterprise Chef / Private Chef server.
 
 # TODO
 
-* Prevent 403 error for Billing Admins ACL as it is downloaded in another method.
+* Ensure easy installation into embedded ruby gemset on Chef Server.
+* Remove requirement for Knife Essentials gem to be installed.
+* This plugin does **NOT** currently backup user passwords.  **They will have to be reset after a restore.**

data/lib/chef/knife/ec_backup.rb

@@ -9,6 +9,10 @@ class Chef
         :long => '--concurrency THREADS',
         :description => 'Maximum number of simultaneous requests to send (default: 10)'
 
+      option :webui_key,
+        :long => '--webui-key KEYPATH',
+        :description => 'Used to set the path to the WebUI Key (default: /etc/opscode/webui_priv.pem)'
+
       option :skip_useracl,
         :long => '--skip-useracl',
         :boolean => true,
@@ -29,22 +33,79 @@ class Chef
       end
 
       def run
-        if name_args.length == 0
-          ui.error("Must specify backup directory as argument.")
+        #Check for destination directory argument
+        if name_args.length <= 0
+          ui.error("Must specify backup directory as an argument.")
           exit 1
         end
-
         dest_dir = name_args[0]
-        webui_key = name_args[1]
+
+
+        #Check for pivotal user and key
+        node_name = Chef::Config.node_name
+        client_key = Chef::Config.client_key
+        if node_name != "pivotal"
+          if !File.exist?("/etc/opscode/pivotal.pem")
+            ui.error("Username not configured as pivotal and /etc/opscode/pivotal.pem does not exist.  It is recommended that you run this plugin from your Chef server.")
+            exit 1
+          end
+          Chef::Config.node_name = 'pivotal'
+          Chef::Config.client_key = '/etc/opscode/pivotal.pem'
+        end
+
+        #Check for WebUI Key
+        if config[:webui_key] == nil
+          if !File.exist?("/etc/opscode/webui_priv.pem")
+            ui.error("WebUI not specified and /etc/opscode/webui_priv.pem does not exist.  It is recommended that you run this plugin from your Chef server.")
+            exit 1
+          end
+          ui.warn("WebUI not specified. Using /etc/opscode/webui_priv.pem")
+          webui_key = '/etc/opscode/webui_priv.pem'
+        else
+          webui_key = config[:webui_key]
+        end
+
+        #Set the server root
+        server_root = Chef::Config.chef_server_root
+        if server_root == nil
+          server_root = Chef::Config.chef_server_url.gsub(/\/organizations\/+[^\/]+\/*$/, '')
+          ui.warn("chef_server_root not found in knife configuration. Setting root to: #{server_root}")
+          Chef::Config.chef_server_root = server_root
+        end
+
         rest = Chef::REST.new(Chef::Config.chef_server_root)
-        if name_args.length >= 3
-          user_acl_rest = Chef::REST.new(name_args[2])
+        user_acl_rest = Chef::REST.new("http://127.0.0.1:9465")
+
+        # Grab Chef Server version number so that we can auto set options
+        uri = URI.parse("#{Chef::Config.chef_server_root}/version")
+        version_manifest = open(uri, {ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE})
+        server_version = version_manifest.grep(/private-chef /).first.split(' ').last
+
+        server_version_parts = server_version.split('.')
+
+        if server_version_parts.count == 3
+          puts "Detected Enterprise Chef Server version: #{server_version}"
+
+          # All versions of Chef Server below 11.0.1 are missing the GET User ACL helper in nginx
+          if server_version_parts[0] < 11 || (server_version_parts[0] == 11 && server_version_parts[1] == 0 && server_version_parts[0] < 1)
+            #Check to see if Opscode-Account can be directly from the local machine  
+            begin
+              user_acl_rest.get('users')
+              ui.warn("Your version of Enterprise Chef Server does not support the downloading of User ACLs.  Using local connection to backup")
+            rescue
+              ui.warn("Your version of Enterprise Chef Server does not support the downloading of User ACLs.  Setting skip-useracl to TRUE")
+              config[:skip_useracl] = true
+              user_acl_rest = nil
+            end
+          end
+
         else
-          user_acl_rest = rest
+          ui.warn("Unable to detect Chef Server version.")
         end
 
         # Grab users
         puts "Grabbing users ..."
+
         ensure_dir("#{dest_dir}/users")
         ensure_dir("#{dest_dir}/user_acls")
 
@@ -54,7 +115,7 @@ class Chef
           end
 
           if config[:skip_useracl]
-            ui.warn("Skipping user ACL download for #{name}. To download this ACL, remove --skip-useracl.")
+            ui.warn("Skipping user ACL download for #{name}. To download this ACL, remove --skip-useracl or upgrade your Enterprise Chef Server.")
             next
           end
 
@@ -129,12 +190,15 @@ class Chef
           Chef::Config.client_key = webui_key
           Chef::Config.custom_http_headers = (Chef::Config.custom_http_headers || {}).merge({'x-ops-request-source' => 'web'})
 
-          # Do the download
+          # Download the entire org skipping the billing admins group ACL
           chef_fs_config = ::ChefFS::Config.new
-          root_pattern = ::ChefFS::FilePattern.new('/')
-          if ::ChefFS::FileSystem.copy_to(root_pattern, chef_fs_config.chef_fs, chef_fs_config.local_fs, nil, config, ui, proc { |entry| chef_fs_config.format_path(entry) })
-            @error = true
+          top_level_paths = chef_fs_config.chef_fs.children.select { |entry| entry.name != 'acls' }.map { |entry| entry.path }
+          acl_paths = ::ChefFS::FileSystem.list(chef_fs_config.chef_fs, ::ChefFS::FilePattern.new('/acls/*')).select { |entry| entry.name != 'groups' }.map { |entry| entry.path }
+          group_acl_paths = ::ChefFS::FileSystem.list(chef_fs_config.chef_fs, ::ChefFS::FilePattern.new('/acls/groups/*')).select { |entry| entry.name != 'billing-admins.json' }.map { |entry| entry.path }
+          (top_level_paths + group_acl_paths + acl_paths).each do |path|
+            ::ChefFS::FileSystem.copy_to(::ChefFS::FilePattern.new(path), chef_fs_config.chef_fs, chef_fs_config.local_fs, nil, config, ui, proc { |entry| chef_fs_config.format_path(entry) })
           end
+
         ensure
           CONFIG_VARS.each do |key|
             Chef::Config[key.to_sym] = old_config[key]

data/lib/chef/knife/ec_restore.rb

@@ -9,6 +9,10 @@ class Chef
         :long => '--concurrency THREADS',
         :description => 'Maximum number of simultaneous requests to send (default: 10)'
 
+      option :webui_key,
+        :long => '--webui-key KEYPATH',
+        :description => 'Used to set the path to the WebUI Key (default: /etc/opscode/webui_priv.pem)'
+
       option :overwrite_pivotal,
         :long => '--overwrite-pivotal',
         :boolean => true,
@@ -40,22 +44,69 @@ class Chef
       end
 
       def run
-        if name_args.length == 0
-          ui.error("Must specify backup directory as argument.")
+        #Check for destination directory argument
+        if name_args.length <= 0
+          ui.error("Must specify backup directory as an argument.")
           exit 1
         end
-
         dest_dir = name_args[0]
-        webui_key = name_args[1]
-        rest = Chef::REST.new(Chef::Config.chef_server_root)
-        if name_args.length >= 3
-          user_acl_rest = Chef::REST.new(name_args[2])
+
+        #Check for pivotal user and key
+        node_name = Chef::Config.node_name
+        client_key = Chef::Config.client_key
+        if node_name != "pivotal"
+          if !File.exist?("/etc/opscode/pivotal.pem")
+            ui.error("Username not configured as pivotal and /etc/opscode/pivotal.pem does not exist.  It is recommended that you run this plugin from your Chef server.")
+            exit 1
+          end
+          the_node_name = 'pivotal'
+          the_client_key = '/etc/opscode/pivotal.pem'
+        end
+
+        #Check for WebUI Key
+        if config[:webui_key] == nil
+          if !File.exist?("/etc/opscode/webui_priv.pem")
+            ui.error("WebUI not specified and /etc/opscode/webui_priv.pem does not exist.  It is recommended that you run this plugin from your Chef server.")
+            exit 1
+          end
+          ui.warn("WebUI not specified. Using /etc/opscode/webui_priv.pem")
+          webui_key = '/etc/opscode/webui_priv.pem'
+        else
+          webui_key = config[:webui_key]
+        end
+
+        #Set the server root
+        server_root = Chef::Config.chef_server_root
+        if server_root == nil
+          server_root = Chef::Config.chef_server_url.gsub(/\/organizations\/+[^\/]+\/*$/, '')
+          ui.warn("chef_server_root not found in knife configuration. Setting root to: #{server_root}")
+          Chef::Config.chef_server_root = server_root
+        end
+
+        # Grab Chef Server version number so that we can auto set options
+        uri = URI.parse("#{Chef::Config.chef_server_root}/version")
+        version_manifest = open(uri, {ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE})
+        server_version = version_manifest.grep(/private-chef /).first.split(' ').last
+
+        server_version_parts = server_version.split('.')
+
+        if server_version_parts.count == 3
+          puts "Detected Enterprise Chef Server version: #{server_version}"
+
+          # All versions of Chef Server below 11.0.X are unable to update user acls
+          if server_version_parts[0] < 11 || (server_version_parts[0] == 11 && server_version_parts[1] == 0)
+            ui.warn("Your version of Enterprise Chef Server does not support the updating of User ACLs.  Setting skip-useracl to TRUE")
+            config[:skip_useracl] = true
+          end
         else
-          user_acl_rest = rest
+          ui.warn("Unable to detect Chef Server version.")
         end
 
         # Restore users
         puts "Restoring users ..."
+
+        rest = Chef::REST.new(Chef::Config.chef_server_root)
+
         Dir.foreach("#{dest_dir}/users") do |filename|
           next if filename !~ /(.+)\.json/
           name = $1
@@ -135,7 +186,7 @@ class Chef
           next if filename !~ /(.+)\.json/
           name = $1
           if config[:skip_useracl]
-            ui.warn("Skipping user ACL update for #{name}. To update this ACL, remove --skip-useracl.")
+            ui.warn("Skipping user ACL update for #{name}. To update this ACL, remove --skip-useracl or upgrade your Enterprise Chef Server.")
             next
           end
           if name == 'pivotal' && !config[:overwrite_pivotal]
@@ -145,7 +196,7 @@ class Chef
 
           # Update user acl
           user_acl = JSONCompat.from_json(IO.read("#{dest_dir}/user_acls/#{name}.json"))
-          put_acl(user_acl_rest, "users/#{name}/_acl", user_acl)          
+          put_acl(rest, "users/#{name}/_acl", user_acl)          
         end
 
 

data/lib/knife_ec_backup/version.rb

@@ -1,3 +1,3 @@
 module KnifeECBackup
-  VERSION = '1.0'
+  VERSION = '1.1.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: knife-ec-backup
 version: !ruby/object:Gem::Version
-  version: '1.0'
+  version: 1.1.0
 platform: ruby
 authors:
 - John Keiser
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-12-10 00:00:00.000000000 Z
+date: 2013-12-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -72,9 +72,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.3
+rubygems_version: 2.1.5
 signing_key: 
 specification_version: 4
 summary: Backup and Restore of Enterprise Chef
 test_files: []
-has_rdoc: