knife-server 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +21 -0
- data/.rspec +1 -0
- data/.travis.yml +6 -0
- data/CHANGELOG.md +9 -0
- data/Gemfile +8 -0
- data/LICENSE +201 -0
- data/README.md +267 -0
- data/Rakefile +16 -0
- data/knife-server.gemspec +25 -0
- data/lib/chef/knife/bootstrap/chef-server-debian.erb +127 -0
- data/lib/chef/knife/server_bootstrap_ec2.rb +235 -0
- data/lib/knife-server.rb +6 -0
- data/lib/knife/server/credentials.rb +64 -0
- data/lib/knife/server/ec2_security_group.rb +89 -0
- data/lib/knife/server/ssh.rb +34 -0
- data/lib/knife/server/version.rb +5 -0
- data/spec/chef/knife/server_bootstrap_ec2_spec.rb +259 -0
- data/spec/knife/server/credientials_spec.rb +104 -0
- data/spec/knife/server/ec2_security_group_spec.rb +164 -0
- data/spec/knife/server/ssh_spec.rb +62 -0
- metadata +135 -0
@@ -0,0 +1,164 @@
|
|
1
|
+
require 'knife/server/ec2_security_group'
|
2
|
+
|
3
|
+
describe Knife::Server::Ec2SecurityGroup do
|
4
|
+
let(:connection) { stub }
|
5
|
+
let(:ui) { stub.as_null_object }
|
6
|
+
let(:group) { stub(:name => "mygroup") }
|
7
|
+
|
8
|
+
subject do
|
9
|
+
Knife::Server::Ec2SecurityGroup.new(connection, ui)
|
10
|
+
end
|
11
|
+
|
12
|
+
def stub_groups!
|
13
|
+
connection.stub(:security_groups) { [group] }
|
14
|
+
end
|
15
|
+
|
16
|
+
describe "#find_or_create" do
|
17
|
+
context "when the group exists" do
|
18
|
+
before do
|
19
|
+
stub_groups!
|
20
|
+
end
|
21
|
+
|
22
|
+
it "returns the group" do
|
23
|
+
subject.find_or_create("mygroup").should eq(group)
|
24
|
+
end
|
25
|
+
|
26
|
+
it "sends a message to the ui" do
|
27
|
+
ui.should_receive(:msg).with("EC2 security group 'mygroup' exists")
|
28
|
+
|
29
|
+
subject.find_or_create("mygroup")
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
context "when the group does not exist" do
|
34
|
+
before do
|
35
|
+
connection.stub(:security_groups) { [stub(:name => "nope")] }
|
36
|
+
connection.stub(:create_security_group).
|
37
|
+
with("mygroup", "the best") { stub_groups! ; true }
|
38
|
+
end
|
39
|
+
|
40
|
+
it "returns a new group" do
|
41
|
+
subject.find_or_create("mygroup", :description => "the best").
|
42
|
+
should eq(group)
|
43
|
+
end
|
44
|
+
|
45
|
+
it "sends a message to the ui" do
|
46
|
+
ui.should_receive(:msg).with("Creating EC2 security group 'mygroup'")
|
47
|
+
|
48
|
+
subject.find_or_create("mygroup", :description => "the best")
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
describe "#configure_chef_server_group" do
|
54
|
+
context "with no permissions set" do
|
55
|
+
before do
|
56
|
+
stub_groups!
|
57
|
+
group.stub(:ip_permissions) { [] }
|
58
|
+
group.stub(:owner_id) { '123' }
|
59
|
+
connection.stub(:authorize_security_group_ingress)
|
60
|
+
end
|
61
|
+
|
62
|
+
it "adds an icmp wildcard rule for the security group" do
|
63
|
+
connection.should_receive(:authorize_security_group_ingress).
|
64
|
+
with("mygroup", {
|
65
|
+
'IpPermissions' => [
|
66
|
+
{ 'FromPort' => -1, 'ToPort' => -1, 'IpProtocol' => 'icmp',
|
67
|
+
'Groups' => [{ 'GroupName' => 'mygroup', 'UserId' => '123' }]
|
68
|
+
}
|
69
|
+
]
|
70
|
+
})
|
71
|
+
|
72
|
+
subject.configure_chef_server_group('mygroup')
|
73
|
+
end
|
74
|
+
|
75
|
+
it "send a message for the icmp wildcard rule" do
|
76
|
+
ui.should_receive(:msg).
|
77
|
+
with("Creating inbound security group rule for icmp(-1 -> -1)")
|
78
|
+
|
79
|
+
subject.configure_chef_server_group('mygroup')
|
80
|
+
end
|
81
|
+
|
82
|
+
%w{tcp udp}.each do |proto|
|
83
|
+
it "adds a #{proto} rule for the security group" do
|
84
|
+
connection.should_receive(:authorize_security_group_ingress).
|
85
|
+
with("mygroup", {
|
86
|
+
'IpPermissions' => [
|
87
|
+
{ 'IpProtocol' => proto,
|
88
|
+
'FromPort' => 0, 'ToPort' => 65535,
|
89
|
+
'Groups' => [{ 'GroupName' => 'mygroup', 'UserId' => '123' }]
|
90
|
+
}
|
91
|
+
]
|
92
|
+
})
|
93
|
+
|
94
|
+
subject.configure_chef_server_group('mygroup')
|
95
|
+
end
|
96
|
+
|
97
|
+
it "send a message for the #{proto} security group rule" do
|
98
|
+
ui.should_receive(:msg).with("Creating inbound security group " +
|
99
|
+
"rule for #{proto}(0 -> 65535)")
|
100
|
+
|
101
|
+
subject.configure_chef_server_group('mygroup')
|
102
|
+
end
|
103
|
+
end
|
104
|
+
|
105
|
+
[22, 443, 444].each do |tcp_port|
|
106
|
+
it "adds a tcp rule to port #{tcp_port} from anywhere" do
|
107
|
+
connection.should_receive(:authorize_security_group_ingress).
|
108
|
+
with("mygroup", {
|
109
|
+
'IpPermissions' => [
|
110
|
+
{ 'IpProtocol' => 'tcp',
|
111
|
+
'FromPort' => tcp_port, 'ToPort' => tcp_port,
|
112
|
+
'IpRanges' => [{ 'CidrIp' => '0.0.0.0/0' }]
|
113
|
+
}
|
114
|
+
]
|
115
|
+
})
|
116
|
+
|
117
|
+
subject.configure_chef_server_group('mygroup')
|
118
|
+
end
|
119
|
+
|
120
|
+
it "send a message for the tcp/#{tcp_port} rule" do
|
121
|
+
ui.should_receive(:msg).with("Creating inbound security group " +
|
122
|
+
"rule for tcp(#{tcp_port} -> #{tcp_port})")
|
123
|
+
|
124
|
+
subject.configure_chef_server_group('mygroup')
|
125
|
+
end
|
126
|
+
end
|
127
|
+
end
|
128
|
+
|
129
|
+
describe "with all permissions set" do
|
130
|
+
def stub_perm!(proto, from, to)
|
131
|
+
{ 'ipProtocol' => proto, 'fromPort' => from, 'toPort' => to }
|
132
|
+
end
|
133
|
+
|
134
|
+
before do
|
135
|
+
stub_groups!
|
136
|
+
group.stub(:ip_permissions) do
|
137
|
+
[ stub_perm!('icmp', -1, -1), stub_perm!('tcp', 0, 65535),
|
138
|
+
stub_perm!('udp', 0, 65535), stub_perm!('tcp', 22, 22),
|
139
|
+
stub_perm!('tcp', 443, 443), stub_perm!('tcp', 444, 444)
|
140
|
+
]
|
141
|
+
end
|
142
|
+
group.stub(:owner_id) { '123' }
|
143
|
+
connection.stub(:authorize_security_group_ingress)
|
144
|
+
end
|
145
|
+
|
146
|
+
it "does not add permissions" do
|
147
|
+
connection.should_not_receive(:authorize_security_group_ingress)
|
148
|
+
|
149
|
+
subject.configure_chef_server_group('mygroup')
|
150
|
+
end
|
151
|
+
|
152
|
+
it "sends messages for the rules" do
|
153
|
+
ui.should_receive(:msg).with("Inbound security group rule " +
|
154
|
+
"icmp(-1 -> -1) exists")
|
155
|
+
ui.should_receive(:msg).with("Inbound security group rule " +
|
156
|
+
"tcp(0 -> 65535) exists")
|
157
|
+
ui.should_receive(:msg).with("Inbound security group rule " +
|
158
|
+
"tcp(22 -> 22) exists")
|
159
|
+
|
160
|
+
subject.configure_chef_server_group('mygroup')
|
161
|
+
end
|
162
|
+
end
|
163
|
+
end
|
164
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
require 'knife/server/ssh'
|
2
|
+
|
3
|
+
describe Knife::Server::SSH do
|
4
|
+
let(:ssh_options) do
|
5
|
+
{ :host => "wadup.example.com", :user => "bob",
|
6
|
+
:keys => "/tmp/whoomp.key", :port => "2222" }
|
7
|
+
end
|
8
|
+
|
9
|
+
let(:ssh_connection) do
|
10
|
+
stub("SSH connection").as_null_object
|
11
|
+
end
|
12
|
+
|
13
|
+
subject { Knife::Server::SSH.new(ssh_options) }
|
14
|
+
|
15
|
+
before do
|
16
|
+
Net::SSH.stub(:start).and_yield(ssh_connection)
|
17
|
+
end
|
18
|
+
|
19
|
+
it "passes ssh options to ssh sessions" do
|
20
|
+
Net::SSH.should_receive(:start).with("wadup.example.com", "bob",
|
21
|
+
{ :keys => "/tmp/whoomp.key", :port => "2222" })
|
22
|
+
|
23
|
+
subject.exec! "wat"
|
24
|
+
end
|
25
|
+
|
26
|
+
it "sets default user to root" do
|
27
|
+
ssh_options.delete(:user)
|
28
|
+
Net::SSH.should_receive(:start).with(anything, "root", anything)
|
29
|
+
|
30
|
+
Knife::Server::SSH.new(ssh_options).exec!("wat")
|
31
|
+
end
|
32
|
+
|
33
|
+
it "sets default port to 22" do
|
34
|
+
ssh_options.delete(:port)
|
35
|
+
Net::SSH.should_receive(:start).
|
36
|
+
with(anything, anything, hash_including(:port => "22"))
|
37
|
+
|
38
|
+
Knife::Server::SSH.new(ssh_options).exec!("wat")
|
39
|
+
end
|
40
|
+
|
41
|
+
it "does not add sudo to the command if user is root" do
|
42
|
+
ssh_options[:user] = "root"
|
43
|
+
ssh_connection.should_receive(:exec!).with("zappa")
|
44
|
+
|
45
|
+
Knife::Server::SSH.new(ssh_options).exec!("zappa")
|
46
|
+
end
|
47
|
+
|
48
|
+
it "adds sudo to the command if user is not root" do
|
49
|
+
ssh_connection.should_receive(:exec!).
|
50
|
+
with([%{sudo USER=root HOME="$(getent passwd root | cut -d : -f 6)"},
|
51
|
+
%{bash -c 'zappa'}].join(" "))
|
52
|
+
|
53
|
+
Knife::Server::SSH.new(ssh_options).exec!("zappa")
|
54
|
+
end
|
55
|
+
|
56
|
+
it "returns the output of ssh command" do
|
57
|
+
ssh_options[:user] = "root"
|
58
|
+
ssh_connection.stub(:exec!).with("youdoitnow") { "okthen" }
|
59
|
+
|
60
|
+
subject.exec!("youdoitnow").should eq("okthen")
|
61
|
+
end
|
62
|
+
end
|
metadata
ADDED
@@ -0,0 +1,135 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: knife-server
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Fletcher Nichol
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2012-06-24 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: fog
|
16
|
+
requirement: &70204688690820 !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ~>
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '1.3'
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: *70204688690820
|
25
|
+
- !ruby/object:Gem::Dependency
|
26
|
+
name: net-ssh
|
27
|
+
requirement: &70204688690400 !ruby/object:Gem::Requirement
|
28
|
+
none: false
|
29
|
+
requirements:
|
30
|
+
- - ! '>='
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: '0'
|
33
|
+
type: :runtime
|
34
|
+
prerelease: false
|
35
|
+
version_requirements: *70204688690400
|
36
|
+
- !ruby/object:Gem::Dependency
|
37
|
+
name: chef
|
38
|
+
requirement: &70204688689840 !ruby/object:Gem::Requirement
|
39
|
+
none: false
|
40
|
+
requirements:
|
41
|
+
- - ! '>='
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
version: 0.10.10
|
44
|
+
type: :runtime
|
45
|
+
prerelease: false
|
46
|
+
version_requirements: *70204688689840
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
name: knife-ec2
|
49
|
+
requirement: &70204688688960 !ruby/object:Gem::Requirement
|
50
|
+
none: false
|
51
|
+
requirements:
|
52
|
+
- - ~>
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 0.5.12
|
55
|
+
type: :runtime
|
56
|
+
prerelease: false
|
57
|
+
version_requirements: *70204688688960
|
58
|
+
- !ruby/object:Gem::Dependency
|
59
|
+
name: rspec
|
60
|
+
requirement: &70204688688400 !ruby/object:Gem::Requirement
|
61
|
+
none: false
|
62
|
+
requirements:
|
63
|
+
- - ~>
|
64
|
+
- !ruby/object:Gem::Version
|
65
|
+
version: '2.10'
|
66
|
+
type: :development
|
67
|
+
prerelease: false
|
68
|
+
version_requirements: *70204688688400
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: fakefs
|
71
|
+
requirement: &70204688687760 !ruby/object:Gem::Requirement
|
72
|
+
none: false
|
73
|
+
requirements:
|
74
|
+
- - ~>
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: 0.4.0
|
77
|
+
type: :development
|
78
|
+
prerelease: false
|
79
|
+
version_requirements: *70204688687760
|
80
|
+
description: Chef Knife plugin to bootstrap Chef Servers
|
81
|
+
email:
|
82
|
+
- fnichol@nichol.ca
|
83
|
+
executables: []
|
84
|
+
extensions: []
|
85
|
+
extra_rdoc_files: []
|
86
|
+
files:
|
87
|
+
- .gitignore
|
88
|
+
- .rspec
|
89
|
+
- .travis.yml
|
90
|
+
- CHANGELOG.md
|
91
|
+
- Gemfile
|
92
|
+
- LICENSE
|
93
|
+
- README.md
|
94
|
+
- Rakefile
|
95
|
+
- knife-server.gemspec
|
96
|
+
- lib/chef/knife/bootstrap/chef-server-debian.erb
|
97
|
+
- lib/chef/knife/server_bootstrap_ec2.rb
|
98
|
+
- lib/knife-server.rb
|
99
|
+
- lib/knife/server/credentials.rb
|
100
|
+
- lib/knife/server/ec2_security_group.rb
|
101
|
+
- lib/knife/server/ssh.rb
|
102
|
+
- lib/knife/server/version.rb
|
103
|
+
- spec/chef/knife/server_bootstrap_ec2_spec.rb
|
104
|
+
- spec/knife/server/credientials_spec.rb
|
105
|
+
- spec/knife/server/ec2_security_group_spec.rb
|
106
|
+
- spec/knife/server/ssh_spec.rb
|
107
|
+
homepage: http://fnichol.github.com/knife-server
|
108
|
+
licenses: []
|
109
|
+
post_install_message:
|
110
|
+
rdoc_options: []
|
111
|
+
require_paths:
|
112
|
+
- lib
|
113
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
114
|
+
none: false
|
115
|
+
requirements:
|
116
|
+
- - ! '>='
|
117
|
+
- !ruby/object:Gem::Version
|
118
|
+
version: '0'
|
119
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
120
|
+
none: false
|
121
|
+
requirements:
|
122
|
+
- - ! '>='
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
125
|
+
requirements: []
|
126
|
+
rubyforge_project:
|
127
|
+
rubygems_version: 1.8.17
|
128
|
+
signing_key:
|
129
|
+
specification_version: 3
|
130
|
+
summary: Chef Knife plugin to bootstrap Chef Servers
|
131
|
+
test_files:
|
132
|
+
- spec/chef/knife/server_bootstrap_ec2_spec.rb
|
133
|
+
- spec/knife/server/credientials_spec.rb
|
134
|
+
- spec/knife/server/ec2_security_group_spec.rb
|
135
|
+
- spec/knife/server/ssh_spec.rb
|