knife-ec-backup 2.5.3 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +15 -40
- data/lib/chef/knife/ec_backup.rb +3 -16
- data/lib/chef/knife/ec_base.rb +4 -4
- data/lib/chef/knife/ec_key_base.rb +4 -4
- data/lib/chef/knife/ec_key_export.rb +2 -2
- data/lib/chef/knife/ec_restore.rb +3 -3
- data/lib/knife_ec_backup/version.rb +1 -1
- data/spec/chef/knife/ec_backup_spec.rb +2 -2
- data/spec/chef/server_spec.rb +7 -7
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 29f71b880bfbb21dba4529c4a03f9966d208a7f39c478613d3e38d1130ca5c06
|
4
|
+
data.tar.gz: 6196ae8cc2a56309310c5c25d7392dd3a1dfd7367a9d0994639998aa42f48422
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: edb3a2500bb5c15b5a9c2b786152e2677f495e1996492411584a7fd3d91bf4d60b89e834a0fccf58388f7013f94a73c8ebf8c52df52c884530a2f62782aa9a6e
|
7
|
+
data.tar.gz: 43b2cb7433041e8f1d7654147205c5d769f582de6e40b3f5f482cda0a7b3b4b712c19ed7f05e1bcf55f6de184297e150f833f9621cd0f82d050a3b1bea049687
|
data/README.md
CHANGED
@@ -12,12 +12,12 @@
|
|
12
12
|
|
13
13
|
## Description
|
14
14
|
|
15
|
-
knife-ec-backup can backup and restore the data in
|
15
|
+
knife-ec-backup can backup and restore the data in a Chef Infra
|
16
16
|
Server installation, preserving the data in an intermediate, editable
|
17
17
|
text format. It is similar to the `knife download` and `knife upload`
|
18
18
|
commands and uses the same underlying libraries, but also includes
|
19
19
|
workarounds for objects not yet supported by those tools and various
|
20
|
-
Server API deficiencies. The long-run goal is to improve `knife
|
20
|
+
Infra Server API deficiencies. The long-run goal is to improve `knife
|
21
21
|
download`, `knife upload` and the Chef Infra Server API and deprecate this
|
22
22
|
tool.
|
23
23
|
|
@@ -27,7 +27,7 @@ This knife plugin requires Chef Infra Client 11.8+.
|
|
27
27
|
|
28
28
|
### Server Support
|
29
29
|
|
30
|
-
This plugin currently supports
|
30
|
+
This plugin currently supports Chef Infra Server 12+.
|
31
31
|
Support for the beta key rotation features is provided via the
|
32
32
|
`--with-keys-sql` flag, but users of this feature should note that
|
33
33
|
this may change once the Chef Infra Server supports an API-based export of
|
@@ -37,28 +37,17 @@ the key data.
|
|
37
37
|
|
38
38
|
### Chef Infra Server Install (Recommended)
|
39
39
|
|
40
|
-
This gem is installed with
|
41
|
-
|
42
|
-
For Private Chef 11 (or Enterprise Chef 11) you'll need to download and build
|
43
|
-
locally to get the correct dependencies, either with `git clone` or by
|
44
|
-
downloading the .zip file. Once unpacked, run:
|
40
|
+
This gem is installed with Chef Infra Server 12 and later and the sub-commands are available with embedded copy of `knife`, e.g.:
|
45
41
|
|
46
42
|
```
|
47
|
-
/opt/opscode/
|
48
|
-
/opt/opscode/embedded/bin/gem install knife-ec-backup*gem --no-ri --no-rdoc -V
|
43
|
+
sudo /opt/opscode/bin/knife ec backup ~/chef-server-backup-directory
|
49
44
|
```
|
50
45
|
|
51
|
-
|
52
|
-
|
53
|
-
The latest versions of knife-ec-backup require gems with native
|
54
|
-
extensions, thus you must install a standard build toolchain. To
|
55
|
-
install knife-ec-backup without installing libpq development headers
|
56
|
-
on your system, try the following:
|
46
|
+
If you need a newer version of `knife-ec-backup` than is on the server you wish to back up, you can install it using the embedded `gem` command.
|
57
47
|
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
package installed in `/opt/opscode`.
|
48
|
+
```
|
49
|
+
/opt/opscode/embedded/bin/gem install knife-ec-backup --no-doc
|
50
|
+
```
|
62
51
|
|
63
52
|
### Chef Workstation Install (Unsupported)
|
64
53
|
|
@@ -101,9 +90,9 @@ Clone the git repository and run the following from inside:
|
|
101
90
|
|
102
91
|
### Permissions
|
103
92
|
|
104
|
-
Note that most users in
|
93
|
+
Note that most users in a Chef Infra Server installation lack the permissions to pull all of the data from all organizations and other users.
|
105
94
|
This plugin **REQUIRES THE PIVOTAL KEY AND WEBUI KEY** from the Chef Infra Server.
|
106
|
-
It is recommended that you run this from a frontend
|
95
|
+
It is recommended that you run this from a frontend Chef Infra Server. You can use `--user pivotal --key /path/to/pivotal.pem` to provide a path to the `pivotal` key.
|
107
96
|
|
108
97
|
## Subcommands
|
109
98
|
|
@@ -137,7 +126,7 @@ The following options are supported across all subcommands:
|
|
137
126
|
|
138
127
|
### knife ec backup DEST_DIR (options)
|
139
128
|
|
140
|
-
*Path*: If you have
|
129
|
+
*Path*: If you have Chef Infra Client installed on this server, you may need to invoke this as `/opt/opscode/bin/knife ec backup BACKUP_DIRECTORY`
|
141
130
|
|
142
131
|
*Options*
|
143
132
|
|
@@ -175,7 +164,7 @@ The following options are supported across all subcommands:
|
|
175
164
|
Only donwload/restore objects in the named organization. Global
|
176
165
|
objects such as users will still be downloaded/restored.
|
177
166
|
|
178
|
-
Creates a repository of an entire
|
167
|
+
Creates a repository of an entire Chef Infra Server
|
179
168
|
|
180
169
|
The format of the repository is based on the `knife-essentials` (`knife download`) format and looks like this:
|
181
170
|
|
@@ -229,8 +218,7 @@ This compares very closely with the "knife download /" from an OSC server:
|
|
229
218
|
|
230
219
|
### knife ec restore DEST_DIR (options)
|
231
220
|
|
232
|
-
Restores all data from the specified DEST_DIR to
|
233
|
-
Private Chef server. DEST_DIR should be a backup directory created by
|
221
|
+
Restores all data from the specified DEST_DIR to a Chef Infra Server. DEST_DIR should be a backup directory created by
|
234
222
|
`knife ec backup`
|
235
223
|
|
236
224
|
*Options*
|
@@ -299,26 +287,13 @@ Import a json representation of the users table from FILENAME to the
|
|
299
287
|
the Chef Infra Server database. If no argument is given, the filename is
|
300
288
|
assumed to be `key_dump.json`.
|
301
289
|
|
302
|
-
Please note, most
|
290
|
+
Please note, most users should use `knife ec restore` with the
|
303
291
|
`--with-user-sql` option rather than this command.
|
304
292
|
|
305
293
|
## Known Bugs
|
306
294
|
|
307
|
-
- knife-ec-backup cannot be installed in the embedded gemset of Chef
|
308
|
-
Server 12. This will be resolved in a future Chef Infra Server release.
|
309
|
-
|
310
295
|
- `knife ec restore` can fail to restore cookbooks, failing with an
|
311
296
|
internal server error. A common cause of this problem is a
|
312
297
|
concurrency bug in Chef Infra Server. Setting `--concurrency 1` can often
|
313
298
|
work around the issue.
|
314
299
|
|
315
|
-
- `knife ec restore` can fail if the pool of pre-created organizations
|
316
|
-
can not keep up with the newly created organizations. This can
|
317
|
-
typically be resolved simply be restarting the restore. To avoid
|
318
|
-
this error for backups with large number of organizations, try
|
319
|
-
setting (in /etc/opscode/private-chef.rb):
|
320
|
-
|
321
|
-
opscode_org_creator['ready_org_depth']
|
322
|
-
|
323
|
-
to the number of organizations in your backup and waiting for the
|
324
|
-
pool to fill before running `knife ec restore`
|
data/lib/chef/knife/ec_backup.rb
CHANGED
@@ -34,7 +34,7 @@ class Chef
|
|
34
34
|
for_each_user do |username, url|
|
35
35
|
download_user(username, url)
|
36
36
|
if config[:skip_useracl]
|
37
|
-
ui.warn("Skipping user ACL download for #{username}. To download this ACL, remove --skip-useracl
|
37
|
+
ui.warn("Skipping user ACL download for #{username}. To download this ACL, remove --skip-useracl.")
|
38
38
|
else
|
39
39
|
download_user_acl(username)
|
40
40
|
end
|
@@ -196,13 +196,6 @@ class Chef
|
|
196
196
|
# Download the billing-admins, public_key_read_access ACL and group as pivotal
|
197
197
|
chef_fs_config = Chef::ChefFS::Config.new
|
198
198
|
|
199
|
-
paths = ['/acls/groups/billing-admins.json', '/groups/billing-admins.json', '/groups/admins.json']
|
200
|
-
paths.push('/acls/groups/public_key_read_access.json', '/groups/public_key_read_access.json') if server.supports_public_key_read_access?
|
201
|
-
|
202
|
-
paths.each do |path|
|
203
|
-
chef_fs_copy_pattern(path, chef_fs_config)
|
204
|
-
end
|
205
|
-
|
206
199
|
Chef::Config.node_name = if config[:skip_version]
|
207
200
|
org_admin
|
208
201
|
else
|
@@ -210,7 +203,7 @@ class Chef
|
|
210
203
|
end
|
211
204
|
|
212
205
|
chef_fs_config = Chef::ChefFS::Config.new
|
213
|
-
top_level_paths = chef_fs_config.chef_fs.children.
|
206
|
+
top_level_paths = chef_fs_config.chef_fs.children.map { |entry| entry.path }
|
214
207
|
|
215
208
|
# The top level acl object names end with .json extension
|
216
209
|
# Therefore we can use Chef::ChefFS::FilePattern matching for items
|
@@ -220,13 +213,7 @@ class Chef
|
|
220
213
|
# therefore we use normalize_path_name to add the .json extension
|
221
214
|
# for example: /acls/environments/_default
|
222
215
|
|
223
|
-
|
224
|
-
exclude_list = ['billing-admins', 'public_key_read_access']
|
225
|
-
|
226
|
-
top_level_acls = chef_fs_paths('/acls/*.json', chef_fs_config, [])
|
227
|
-
acl_paths = chef_fs_paths('/acls/*/*', chef_fs_config, exclude_list)
|
228
|
-
group_paths = chef_fs_paths('/groups/*', chef_fs_config, exclude_list)
|
229
|
-
(top_level_paths + top_level_acls + acl_paths + group_paths).each do |path|
|
216
|
+
top_level_paths.each do |path|
|
230
217
|
chef_fs_copy_pattern(path, chef_fs_config)
|
231
218
|
end
|
232
219
|
ensure
|
data/lib/chef/knife/ec_base.rb
CHANGED
@@ -59,7 +59,7 @@ class Chef
|
|
59
59
|
:long => '--skip-version-check',
|
60
60
|
:boolean => true,
|
61
61
|
:default => false,
|
62
|
-
:description => "Skip Chef Server version check. This will also skip any auto-configured options"
|
62
|
+
:description => "Skip Chef Infra Server version check. This will also skip any auto-configured options"
|
63
63
|
|
64
64
|
option :org,
|
65
65
|
:long => "--only-org ORG",
|
@@ -67,17 +67,17 @@ class Chef
|
|
67
67
|
|
68
68
|
option :sql_host,
|
69
69
|
:long => '--sql-host HOSTNAME',
|
70
|
-
:description => '
|
70
|
+
:description => 'PostgreSQL database hostname (default: localhost)',
|
71
71
|
:default => "localhost"
|
72
72
|
|
73
73
|
option :sql_port,
|
74
74
|
:long => '--sql-port PORT',
|
75
|
-
:description => '
|
75
|
+
:description => 'PostgreSQL database port (default: 5432)',
|
76
76
|
:default => 5432
|
77
77
|
|
78
78
|
option :sql_db,
|
79
79
|
:long => '--sql-db DBNAME',
|
80
|
-
:description => '
|
80
|
+
:description => 'PostgreSQL Chef Infra Server database name (default: opscode_chef or automate-cs-oc-erchef)'
|
81
81
|
|
82
82
|
option :sql_user,
|
83
83
|
:long => "--sql-user USERNAME",
|
@@ -34,17 +34,17 @@ class Chef
|
|
34
34
|
|
35
35
|
option :sql_host,
|
36
36
|
:long => '--sql-host HOSTNAME',
|
37
|
-
:description => '
|
37
|
+
:description => 'PostgreSQL database hostname (default: localhost)',
|
38
38
|
:default => "localhost"
|
39
39
|
|
40
40
|
option :sql_port,
|
41
41
|
:long => '--sql-port PORT',
|
42
|
-
:description => '
|
42
|
+
:description => 'PostgreSQL database port (default: 5432)',
|
43
43
|
:default => 5432
|
44
44
|
|
45
45
|
option :sql_db,
|
46
46
|
:long => '--sql-db DBNAME',
|
47
|
-
:description => '
|
47
|
+
:description => 'PostgreSQL Chef Infra Server database name (default: opscode_chef or automate-cs-oc-erchef)'
|
48
48
|
|
49
49
|
option :sql_user,
|
50
50
|
:long => "--sql-user USERNAME",
|
@@ -114,7 +114,7 @@ class Chef
|
|
114
114
|
exit 1
|
115
115
|
else
|
116
116
|
running_config ||= JSON.parse(File.read("/etc/opscode/chef-server-running.json"))
|
117
|
-
# Latest versions of
|
117
|
+
# Latest versions of Chef Infra Server put the database info under opscode-erchef.sql_user
|
118
118
|
hash_key = if running_config['private_chef']['opscode-erchef'].has_key? 'sql_user'
|
119
119
|
'opscode-erchef'
|
120
120
|
else
|
@@ -43,8 +43,8 @@ class Chef
|
|
43
43
|
export_keys(key_data_path) unless config[:skip_keys_table]
|
44
44
|
rescue Sequel::DatabaseError => e
|
45
45
|
if e.message =~ /^PG::UndefinedTable/
|
46
|
-
ui.error "Keys table not found. The keys table only exists on Chef Server 12."
|
47
|
-
ui.error "Chef Server 11 users should use the --skip-keys-table option to avoid this error."
|
46
|
+
ui.error "Keys table not found. The keys table only exists on Chef Infra Server 12."
|
47
|
+
ui.error "Chef Infra Server 11 users should use the --skip-keys-table option to avoid this error."
|
48
48
|
exit 1
|
49
49
|
else
|
50
50
|
raise
|
@@ -65,7 +65,7 @@ class Chef
|
|
65
65
|
restore_key_sql if config[:with_key_sql]
|
66
66
|
|
67
67
|
if config[:skip_useracl]
|
68
|
-
ui.warn("Skipping user ACL update. To update user ACLs, remove --skip-useracl
|
68
|
+
ui.warn("Skipping user ACL update. To update user ACLs, remove --skip-useracl.")
|
69
69
|
else
|
70
70
|
restore_user_acls
|
71
71
|
end
|
@@ -292,7 +292,7 @@ class Chef
|
|
292
292
|
# Store organization data in a particular order:
|
293
293
|
# - clients must be uploaded before groups (in top_level_paths)
|
294
294
|
# - groups must be uploaded before any acl's
|
295
|
-
# - groups must be uploaded twice to account for Chef Server versions that don't
|
295
|
+
# - groups must be uploaded twice to account for Chef Infra Server versions that don't
|
296
296
|
# accept group members on POST
|
297
297
|
(top_level_paths + group_paths*2 + group_acl_paths + acl_paths).each do |path|
|
298
298
|
chef_fs_copy_pattern(path, chef_fs_config)
|
@@ -309,7 +309,7 @@ class Chef
|
|
309
309
|
end
|
310
310
|
|
311
311
|
# ChefFS copy pattern inside the EcRestore class will
|
312
|
-
# copy from the local_fs to the Chef Server.
|
312
|
+
# copy from the local_fs to the Chef Infra Server.
|
313
313
|
#
|
314
314
|
# NOTE: Do not get confused, this is the other way around
|
315
315
|
# from how we implemented in EcBackup. Therefor we can't
|
@@ -72,7 +72,7 @@ describe Chef::Knife::EcBackup do
|
|
72
72
|
expect{ |b| @knife.for_each_organization(&b) }.to yield_successive_args(org_response("bar"), org_response("foo"))
|
73
73
|
end
|
74
74
|
|
75
|
-
it "skips unassigned (precreated) organizations on Chef Server 11" do
|
75
|
+
it "skips unassigned (precreated) organizations on Chef Infra Server 11" do
|
76
76
|
server = double('Chef::Server')
|
77
77
|
allow(Chef::Server).to receive(:new).and_return(server)
|
78
78
|
allow(server).to receive(:version).and_return(Gem::Version.new("11.12.3"))
|
@@ -81,7 +81,7 @@ describe Chef::Knife::EcBackup do
|
|
81
81
|
expect{ |b| @knife.for_each_organization(&b) }.to yield_successive_args(org_response("bar"))
|
82
82
|
end
|
83
83
|
|
84
|
-
it "includes *all* organizations on Chef Server 12" do
|
84
|
+
it "includes *all* organizations on Chef Infra Server 12" do
|
85
85
|
server = double('Chef::Server')
|
86
86
|
allow(Chef::Server).to receive(:new).and_return(server)
|
87
87
|
allow(server).to receive(:version).and_return(Gem::Version.new("12.0.0"))
|
data/spec/chef/server_spec.rb
CHANGED
@@ -9,7 +9,7 @@ describe Chef::Server do
|
|
9
9
|
allow(Chef::ServerAPI).to receive(:new).and_return(@rest)
|
10
10
|
end
|
11
11
|
|
12
|
-
it "infers root url from a Chef Server url" do
|
12
|
+
it "infers root url from a Chef Infra Server url" do
|
13
13
|
s = Chef::Server.from_chef_server_url("http://api.example.com/organizations/foobar")
|
14
14
|
expect(s.root_url).to eq("http://api.example.com")
|
15
15
|
end
|
@@ -28,22 +28,22 @@ describe Chef::Server do
|
|
28
28
|
|
29
29
|
it "determines the running omnibus server version" do
|
30
30
|
s = Chef::Server.new('http://api.example.com')
|
31
|
-
allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Server 1.8.1\nother stuff\nother stuff"))
|
31
|
+
allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Infra Server 1.8.1\nother stuff\nother stuff"))
|
32
32
|
expect(s.version.to_s).to eq('1.8.1')
|
33
33
|
end
|
34
34
|
|
35
35
|
it "ignores git tags when determining the version" do
|
36
36
|
s = Chef::Server.new("http://api.example.com")
|
37
|
-
allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Server 1.8.1+20141024080718.git.16.08098a5\nother stuff\nother stuff"))
|
37
|
+
allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Infra Server 1.8.1+20141024080718.git.16.08098a5\nother stuff\nother stuff"))
|
38
38
|
expect(s.version.to_s).to eq("1.8.1")
|
39
39
|
end
|
40
40
|
|
41
41
|
it "knows whether the server supports user ACLs via nginx" do
|
42
42
|
s1 = Chef::Server.new("http://api.example.com")
|
43
|
-
allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Server 11.0.0\nother stuff\nother stuff"))
|
43
|
+
allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Infra Server 11.0.0\nother stuff\nother stuff"))
|
44
44
|
expect(s1.supports_user_acls?).to eq(false)
|
45
45
|
s2 = Chef::Server.new("http://api.example.com")
|
46
|
-
allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Server 11.0.2\nother stuff\nother stuff"))
|
46
|
+
allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Infra Server 11.0.2\nother stuff\nother stuff"))
|
47
47
|
expect(s2.supports_user_acls?).to eq(true)
|
48
48
|
end
|
49
49
|
|
@@ -61,10 +61,10 @@ describe Chef::Server do
|
|
61
61
|
|
62
62
|
it "knows that public_key_read_access was implemented in 12.5.0" do
|
63
63
|
before = Chef::Server.new("http://api.example.com")
|
64
|
-
allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Server 12.4.1\nother stuff\nother stuff"))
|
64
|
+
allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Infra Server 12.4.1\nother stuff\nother stuff"))
|
65
65
|
expect(before.supports_public_key_read_access?).to eq(false)
|
66
66
|
after = Chef::Server.new("http://api.example.com")
|
67
|
-
allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Server 12.6.0\nother stuff\nother stuff"))
|
67
|
+
allow(@rest).to receive(:get).with("version").and_return(StringIO.new("Chef Infra Server 12.6.0\nother stuff\nother stuff"))
|
68
68
|
expect(after.supports_public_key_read_access?).to eq(true)
|
69
69
|
end
|
70
70
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: knife-ec-backup
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 3.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- John Keiser
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-01-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: sequel
|