knife-server 0.1.0

data/Rakefile

@@ -0,0 +1,16 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+
+begin
+  require 'rspec/core/rake_task'
+
+  task :default => :spec
+
+  desc "Run all specs in spec directory"
+  RSpec::Core::RakeTask.new(:spec) do |t|
+    t.pattern = 'spec/**/*_spec.rb'
+  end
+
+rescue LoadError
+  STDERR.puts "\n*** RSpec not available. (sudo) gem install rspec to run unit tests. ***\n\n"
+end

data/knife-server.gemspec

@@ -0,0 +1,25 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/knife/server/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Fletcher Nichol"]
+  gem.email         = ["fnichol@nichol.ca"]
+  gem.summary       = %q{Chef Knife plugin to bootstrap Chef Servers}
+  gem.description   = gem.summary
+  gem.homepage      = "http://fnichol.github.com/knife-server"
+
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "knife-server"
+  gem.require_paths = ["lib"]
+  gem.version       = Knife::Server::VERSION
+
+  gem.add_dependency "fog",       "~> 1.3"
+  gem.add_dependency "net-ssh"
+  gem.add_dependency "chef",      ">= 0.10.10"
+  gem.add_dependency "knife-ec2", "~> 0.5.12"
+
+  gem.add_development_dependency "rspec", "~> 2.10"
+  gem.add_development_dependency "fakefs", "~> 0.4.0"
+end

data/lib/chef/knife/bootstrap/chef-server-debian.erb

@@ -0,0 +1,127 @@
+bash -c '
+<%=
+  if knife_config[:bootstrap_proxy]
+    %{export http_proxy="#{knife_config[:bootstrap_proxy]}"}
+  end
+-%>
+
+export hostname="<%= @config[:chef_node_name] %>"
+export webui_password="<%= ENV['WEBUI_PASSWORD'] %>"
+export amqp_password="<%= ENV['AMQP_PASSWORD'] %>"
+export DEBIAN_FRONTEND=noninteractive
+
+set -x
+
+setup() {
+  apt-get update
+  apt-get install -y lsb-release
+
+  platform="$(lsb_release -is | tr [[:upper:]] [[:lower:]])"
+  platform_version="$(lsb_release -rs)"
+}
+
+set_hostname_for_ubuntu() {
+  if hostname | grep -q "$hostname" >/dev/null ; then
+    printf "Hostname is correct, so skipping...\n"
+    return
+  fi
+
+  local host_first="$(echo $hostname | cut -d . -f 1)"
+  local hostnames="${hostname} ${host_first}"
+
+  sed -i "s/^.*$/$hostname/" /etc/hostname
+  if egrep -q "^127.0.1.1[[:space:]]" /etc/hosts >/dev/null ; then
+    sed -i "s/^\(127[.]0[.]1[.]1[[:space:]]\+\)/\1${hostnames} /" \
+      /etc/hosts
+  else
+    sed -i "s/^\(127[.]0[.]0[.]1[[:space:]]\+.*\)$/\1\n127.0.1.1 ${hostnames} /" \
+      /etc/hosts
+  fi
+  service hostname start
+}
+
+set_hostname_for_debian() {
+  if hostname --fqdn | grep -q "^${hostname}$" || hostname --short | grep -q "^${hostname}$" ; then
+    printf "Hostname is correct, so skipping...\n"
+    return
+  fi
+
+  local host_first="$(echo $hostname | cut -d . -f 1)"
+
+  sed -r -i "s/^(127[.]0[.]1[.]1[[:space:]]+).*$/\\1${hostname} ${host_first}/" \
+    /etc/hosts
+  echo $host_first > /etc/hostname
+  hostname -F /etc/hostname
+}
+
+add_opscode_apt_repo() {
+  echo "deb http://apt.opscode.com/ $(lsb_release -cs)-0.10 main" > \
+    /etc/apt/sources.list.d/opscode.list
+
+  # add the GPG Key and Update Index
+  mkdir -p /etc/apt/trusted.gpg.d
+  apt-get update
+  # permanent upgradeable keyring
+  apt-get install -y --force-yes opscode-keyring
+  apt-get upgrade -y
+}
+
+preseed_chef_pkg() {
+  local preseed=/var/cache/local/preseeding/chef-server.seed
+
+  mkdir -p $(dirname $preseed)
+  cat <<PRESEED > $preseed
+chef	chef/chef_server_url	string	http://127.0.0.1:4000
+chef-server-webui	chef-server-webui/admin_password	password	$webui_password
+chef-solr	chef-solr/amqp_password	password	$amqp_password
+PRESEED
+
+  debconf-set-selections $preseed
+}
+
+install_chef_server() {
+  preseed_chef_pkg
+
+  apt-get install -y --force-yes chef chef-server libshadow-ruby1.8
+}
+
+config_chef_solo() {
+  ## Configure Apache2 to proxy SSL traffic, using chef-solo
+  local tmp_solo="$1"
+
+  mkdir -p $tmp_solo
+  cat > $tmp_solo/solo.rb <<SOLO_RB
+file_cache_path "$tmp_solo"
+cookbook_path   "$tmp_solo/cookbooks"
+SOLO_RB
+
+  cat <<BOOTSTRAP_JSON > $tmp_solo/bootstrap.json
+{
+  "chef_server" : {
+    "webui_enabled" : true,
+    "ssl_req" : "/C=CA/ST=Several/L=Locality/O=Example/OU=Operations/CN=${hostname}/emailAddress=root@${hostname}"
+  },
+  "run_list" : [ "recipe[chef-server::apache-proxy]" ]
+}
+BOOTSTRAP_JSON
+}
+
+enable_ssl_proxy() {
+  local tmp_solo=/tmp/chef-solo
+
+  config_chef_solo $tmp_solo
+
+  chef-solo -c $tmp_solo/solo.rb -j $tmp_solo/bootstrap.json \
+     -r http://s3.amazonaws.com/chef-solo/bootstrap-latest.tar.gz
+
+  rm -rf $tmp_solo
+}
+
+setup
+set_hostname_for_${platform}
+add_opscode_apt_repo
+install_chef_server
+enable_ssl_proxy
+
+printf -- "-----> Bootstraping Chef Server on ${hostname} is complete.\n"
+'

data/lib/chef/knife/server_bootstrap_ec2.rb

@@ -0,0 +1,235 @@
+require 'chef/knife'
+require 'knife/server/ec2_security_group'
+require 'knife/server/ssh'
+require 'knife/server/credentials'
+
+class Chef
+  class Knife
+    class ServerBootstrapEc2 < Knife
+
+      deps do
+        require 'chef/knife/ec2_server_create'
+        require 'fog'
+        require 'net/ssh'
+        Chef::Knife::Ec2ServerCreate.load_deps
+      end
+
+      banner "knife server bootstrap ec2 (options)"
+
+      option :chef_node_name,
+        :short => "-N NAME",
+        :long => "--node-name NAME",
+        :description => "The name of your new Chef Server"
+
+      option :platform,
+        :short => "-P PLATFORM",
+        :long => "--platform PLATFORM",
+        :description => "The platform type that will be bootstrapped (debian)",
+        :default => "debian"
+
+      option :ssh_user,
+        :short => "-x USERNAME",
+        :long => "--ssh-user USERNAME",
+        :description => "The ssh username",
+        :default => "root"
+
+      option :ssh_port,
+        :short => "-p PORT",
+        :long => "--ssh-port PORT",
+        :description => "The ssh port",
+        :default => "22",
+        :proc => Proc.new { |key| Chef::Config[:knife][:ssh_port] = key }
+
+      option :identity_file,
+        :short => "-i IDENTITY_FILE",
+        :long => "--identity-file IDENTITY_FILE",
+        :description => "The SSH identity file used for authentication"
+
+      option :prerelease,
+        :long => "--prerelease",
+        :description => "Install the pre-release chef gem"
+
+      option :bootstrap_version,
+        :long => "--bootstrap-version VERSION",
+        :description => "The version of Chef to install",
+        :proc => Proc.new { |v| Chef::Config[:knife][:bootstrap_version] = v }
+
+      option :template_file,
+        :long => "--template-file TEMPLATE",
+        :description => "Full path to location of template to use",
+        :proc => Proc.new { |t| Chef::Config[:knife][:template_file] = t },
+        :default => false
+
+      option :distro,
+        :short => "-d DISTRO",
+        :long => "--distro DISTRO",
+        :description => "Bootstrap a distro using a template; default is 'chef-server-<platform>'"
+
+      option :webui_password,
+        :long => "--webui-password SECRET",
+        :description => "Initial password for WebUI admin account, default is 'chefchef'",
+        :default => "chefchef"
+
+      option :amqp_password,
+        :long => "--amqp-password SECRET",
+        :description => "Initial password for AMQP, default is 'chefchef'",
+        :default => "chefchef"
+
+      # aws/ec2 options
+
+      option :aws_access_key_id,
+        :short => "-A ID",
+        :long => "--aws-access-key-id KEY",
+        :description => "Your AWS Access Key ID",
+        :proc => Proc.new { |key| Chef::Config[:knife][:aws_access_key_id] = key }
+
+      option :aws_secret_access_key,
+        :short => "-K SECRET",
+        :long => "--aws-secret-access-key SECRET",
+        :description => "Your AWS API Secret Access Key",
+        :proc => Proc.new { |key| Chef::Config[:knife][:aws_secret_access_key] = key }
+
+      option :region,
+        :long => "--region REGION",
+        :description => "Your AWS region",
+        :default => "us-east-1",
+        :proc => Proc.new { |key| Chef::Config[:knife][:region] = key }
+
+      option :ssh_key_name,
+        :short => "-S KEY",
+        :long => "--ssh-key KEY",
+        :description => "The AWS SSH key id",
+        :proc => Proc.new { |key| Chef::Config[:knife][:aws_ssh_key_id] = key }
+
+      option :flavor,
+        :short => "-f FLAVOR",
+        :long => "--flavor FLAVOR",
+        :description => "The flavor of server (m1.small, m1.medium, etc)",
+        :proc => Proc.new { |f| Chef::Config[:knife][:flavor] = f },
+        :default => "m1.small"
+
+      option :image,
+        :short => "-I IMAGE",
+        :long => "--image IMAGE",
+        :description => "The AMI for the server",
+        :proc => Proc.new { |i| Chef::Config[:knife][:image] = i }
+
+      option :availability_zone,
+        :short => "-Z ZONE",
+        :long => "--availability-zone ZONE",
+        :description => "The Availability Zone",
+        :default => "us-east-1b",
+        :proc => Proc.new { |key| Chef::Config[:knife][:availability_zone] = key }
+
+      option :security_groups,
+        :short => "-G X,Y,Z",
+        :long => "--groups X,Y,Z",
+        :description => "The security groups for this server",
+        :default => ["infrastructure"],
+        :proc => Proc.new { |groups| groups.split(',') }
+
+      option :tags,
+        :short => "-T T=V[,T=V,...]",
+        :long => "--tags Tag=Value[,Tag=Value...]",
+        :description => "The tags for this server",
+        :proc => Proc.new { |tags| tags.split(',') }
+
+      option :ebs_size,
+        :long => "--ebs-size SIZE",
+        :description => "The size of the EBS volume in GB, for EBS-backed instances"
+
+      option :ebs_no_delete_on_term,
+        :long => "--ebs-no-delete-on-term",
+        :description => "Do not delete EBS volumn on instance termination"
+
+      def run
+        validate!
+        config_security_group
+        ec2_bootstrap.run
+        fetch_validation_key
+        create_root_client
+        install_client_key
+      end
+
+      def ec2_bootstrap
+        ENV['WEBUI_PASSWORD'] = config[:webui_password]
+        ENV['AMQP_PASSWORD'] = config[:amqp_password]
+        bootstrap = Chef::Knife::Ec2ServerCreate.new
+        [ :chef_node_name, :ssh_user, :ssh_port, :identity_file,
+          :security_groups, :ebs_size, :webui_password, :amqp_password
+        ].each { |attr| bootstrap.config[attr] = config[attr] }
+        bootstrap.config[:tags] = bootstrap_tags
+        bootstrap.config[:distro] = bootstrap_distro
+        bootstrap
+      end
+
+      def ec2_connection
+        @ec2_connection ||= Fog::Compute.new(
+          :provider => 'AWS',
+          :aws_access_key_id => Chef::Config[:knife][:aws_access_key_id],
+          :aws_secret_access_key => Chef::Config[:knife][:aws_secret_access_key],
+          :region => Chef::Config[:knife][:region]
+        )
+      end
+
+      def server_dns_name
+        server = ec2_connection.servers.find do |s|
+          s.state == "running" &&
+            s.tags['Name'] == config[:chef_node_name] &&
+            s.tags['Role'] == 'chef_server'
+        end
+
+        server && server.dns_name
+      end
+
+      private
+
+      def validate!
+        if config[:chef_node_name].nil?
+          ui.error "You did not provide a valid --node-name value."
+          exit 1
+        end
+      end
+
+      def config_security_group(name = config[:security_groups].first)
+        ::Knife::Server::Ec2SecurityGroup.new(ec2_connection, ui).
+          configure_chef_server_group(name, :description => "#{name} group")
+      end
+
+      def bootstrap_tags
+        Hash[Array(config[:tags]).map { |t| t.split('=') }].
+          merge({"Role" => "chef_server"}).map { |k,v| "#{k}=#{v}" }
+      end
+
+      def bootstrap_distro
+        config[:distro] || "chef-server-#{config[:platform]}"
+      end
+
+      def credentials_client
+        @credentials_client ||= ::Knife::Server::Credentials.new(
+          ssh_connection, Chef::Config[:validation_key])
+      end
+
+      def fetch_validation_key
+        credentials_client.install_validation_key
+      end
+
+      def install_client_key
+        credentials_client.install_client_key(
+          Chef::Config[:node_name], Chef::Config[:client_key])
+      end
+
+      def create_root_client
+        ui.msg(credentials_client.create_root_client)
+      end
+
+      def ssh_connection
+        ::Knife::Server::SSH.new(
+          :host => server_dns_name,
+          :user => config[:ssh_user],
+          :port => config[:ssh_port]
+        )
+      end
+    end
+  end
+end

data/lib/knife-server.rb

@@ -0,0 +1,6 @@
+require "knife/server/version"
+
+module Knife
+  module Server
+  end
+end

data/lib/knife/server/credentials.rb

@@ -0,0 +1,64 @@
+require 'fileutils'
+
+module Knife
+  module Server
+    class Credentials
+      def initialize(ssh, validation_key_path)
+        @ssh = ssh
+        @validation_key_path = validation_key_path
+      end
+
+      def install_validation_key(suffix = Time.now.to_i)
+        if File.exists?(@validation_key_path)
+          FileUtils.cp(@validation_key_path,
+                       backup_file_path(@validation_key_path, suffix))
+        end
+
+        File.open(@validation_key_path, "wb") do |f|
+          f.write(@ssh.exec!("cat /etc/chef/validation.pem"))
+        end
+      end
+
+      def create_root_client
+        @ssh.exec!([
+          "knife configure",
+          "--initial",
+          "--server-url http://127.0.0.1:4000",
+          "--user root",
+          '--repository ""',
+          "--defaults --yes"
+        ].join(" "))
+      end
+
+      def install_client_key(user, client_key_path, suffix = Time.now.to_i)
+        create_user_client(user)
+
+        if File.exists?(client_key_path)
+          FileUtils.cp(client_key_path,
+                       backup_file_path(client_key_path, suffix))
+        end
+
+        File.open(client_key_path, "wb") do |f|
+          f.write(@ssh.exec!("cat /tmp/chef-client-#{user}.pem"))
+        end
+
+        @ssh.exec!("rm -f /tmp/chef-client-#{user}.pem")
+      end
+
+      private
+
+      def backup_file_path(file_path, suffix)
+        parts = file_path.rpartition(".")
+        "#{parts[0]}.#{suffix}.#{parts[2]}"
+      end
+
+      def create_user_client(user)
+        @ssh.exec!([
+          "knife client create",
+          user,
+          "--admin --file /tmp/chef-client-#{user}.pem --disable-editing"
+        ].join(" "))
+      end
+    end
+  end
+end