knife-server 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +21 -0
- data/.rspec +1 -0
- data/.travis.yml +6 -0
- data/CHANGELOG.md +9 -0
- data/Gemfile +8 -0
- data/LICENSE +201 -0
- data/README.md +267 -0
- data/Rakefile +16 -0
- data/knife-server.gemspec +25 -0
- data/lib/chef/knife/bootstrap/chef-server-debian.erb +127 -0
- data/lib/chef/knife/server_bootstrap_ec2.rb +235 -0
- data/lib/knife-server.rb +6 -0
- data/lib/knife/server/credentials.rb +64 -0
- data/lib/knife/server/ec2_security_group.rb +89 -0
- data/lib/knife/server/ssh.rb +34 -0
- data/lib/knife/server/version.rb +5 -0
- data/spec/chef/knife/server_bootstrap_ec2_spec.rb +259 -0
- data/spec/knife/server/credientials_spec.rb +104 -0
- data/spec/knife/server/ec2_security_group_spec.rb +164 -0
- data/spec/knife/server/ssh_spec.rb +62 -0
- metadata +135 -0
@@ -0,0 +1,164 @@
|
|
1
|
+
require 'knife/server/ec2_security_group'
|
2
|
+
|
3
|
+
describe Knife::Server::Ec2SecurityGroup do
|
4
|
+
let(:connection) { stub }
|
5
|
+
let(:ui) { stub.as_null_object }
|
6
|
+
let(:group) { stub(:name => "mygroup") }
|
7
|
+
|
8
|
+
subject do
|
9
|
+
Knife::Server::Ec2SecurityGroup.new(connection, ui)
|
10
|
+
end
|
11
|
+
|
12
|
+
def stub_groups!
|
13
|
+
connection.stub(:security_groups) { [group] }
|
14
|
+
end
|
15
|
+
|
16
|
+
describe "#find_or_create" do
|
17
|
+
context "when the group exists" do
|
18
|
+
before do
|
19
|
+
stub_groups!
|
20
|
+
end
|
21
|
+
|
22
|
+
it "returns the group" do
|
23
|
+
subject.find_or_create("mygroup").should eq(group)
|
24
|
+
end
|
25
|
+
|
26
|
+
it "sends a message to the ui" do
|
27
|
+
ui.should_receive(:msg).with("EC2 security group 'mygroup' exists")
|
28
|
+
|
29
|
+
subject.find_or_create("mygroup")
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
context "when the group does not exist" do
|
34
|
+
before do
|
35
|
+
connection.stub(:security_groups) { [stub(:name => "nope")] }
|
36
|
+
connection.stub(:create_security_group).
|
37
|
+
with("mygroup", "the best") { stub_groups! ; true }
|
38
|
+
end
|
39
|
+
|
40
|
+
it "returns a new group" do
|
41
|
+
subject.find_or_create("mygroup", :description => "the best").
|
42
|
+
should eq(group)
|
43
|
+
end
|
44
|
+
|
45
|
+
it "sends a message to the ui" do
|
46
|
+
ui.should_receive(:msg).with("Creating EC2 security group 'mygroup'")
|
47
|
+
|
48
|
+
subject.find_or_create("mygroup", :description => "the best")
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
describe "#configure_chef_server_group" do
|
54
|
+
context "with no permissions set" do
|
55
|
+
before do
|
56
|
+
stub_groups!
|
57
|
+
group.stub(:ip_permissions) { [] }
|
58
|
+
group.stub(:owner_id) { '123' }
|
59
|
+
connection.stub(:authorize_security_group_ingress)
|
60
|
+
end
|
61
|
+
|
62
|
+
it "adds an icmp wildcard rule for the security group" do
|
63
|
+
connection.should_receive(:authorize_security_group_ingress).
|
64
|
+
with("mygroup", {
|
65
|
+
'IpPermissions' => [
|
66
|
+
{ 'FromPort' => -1, 'ToPort' => -1, 'IpProtocol' => 'icmp',
|
67
|
+
'Groups' => [{ 'GroupName' => 'mygroup', 'UserId' => '123' }]
|
68
|
+
}
|
69
|
+
]
|
70
|
+
})
|
71
|
+
|
72
|
+
subject.configure_chef_server_group('mygroup')
|
73
|
+
end
|
74
|
+
|
75
|
+
it "send a message for the icmp wildcard rule" do
|
76
|
+
ui.should_receive(:msg).
|
77
|
+
with("Creating inbound security group rule for icmp(-1 -> -1)")
|
78
|
+
|
79
|
+
subject.configure_chef_server_group('mygroup')
|
80
|
+
end
|
81
|
+
|
82
|
+
%w{tcp udp}.each do |proto|
|
83
|
+
it "adds a #{proto} rule for the security group" do
|
84
|
+
connection.should_receive(:authorize_security_group_ingress).
|
85
|
+
with("mygroup", {
|
86
|
+
'IpPermissions' => [
|
87
|
+
{ 'IpProtocol' => proto,
|
88
|
+
'FromPort' => 0, 'ToPort' => 65535,
|
89
|
+
'Groups' => [{ 'GroupName' => 'mygroup', 'UserId' => '123' }]
|
90
|
+
}
|
91
|
+
]
|
92
|
+
})
|
93
|
+
|
94
|
+
subject.configure_chef_server_group('mygroup')
|
95
|
+
end
|
96
|
+
|
97
|
+
it "send a message for the #{proto} security group rule" do
|
98
|
+
ui.should_receive(:msg).with("Creating inbound security group " +
|
99
|
+
"rule for #{proto}(0 -> 65535)")
|
100
|
+
|
101
|
+
subject.configure_chef_server_group('mygroup')
|
102
|
+
end
|
103
|
+
end
|
104
|
+
|
105
|
+
[22, 443, 444].each do |tcp_port|
|
106
|
+
it "adds a tcp rule to port #{tcp_port} from anywhere" do
|
107
|
+
connection.should_receive(:authorize_security_group_ingress).
|
108
|
+
with("mygroup", {
|
109
|
+
'IpPermissions' => [
|
110
|
+
{ 'IpProtocol' => 'tcp',
|
111
|
+
'FromPort' => tcp_port, 'ToPort' => tcp_port,
|
112
|
+
'IpRanges' => [{ 'CidrIp' => '0.0.0.0/0' }]
|
113
|
+
}
|
114
|
+
]
|
115
|
+
})
|
116
|
+
|
117
|
+
subject.configure_chef_server_group('mygroup')
|
118
|
+
end
|
119
|
+
|
120
|
+
it "send a message for the tcp/#{tcp_port} rule" do
|
121
|
+
ui.should_receive(:msg).with("Creating inbound security group " +
|
122
|
+
"rule for tcp(#{tcp_port} -> #{tcp_port})")
|
123
|
+
|
124
|
+
subject.configure_chef_server_group('mygroup')
|
125
|
+
end
|
126
|
+
end
|
127
|
+
end
|
128
|
+
|
129
|
+
describe "with all permissions set" do
|
130
|
+
def stub_perm!(proto, from, to)
|
131
|
+
{ 'ipProtocol' => proto, 'fromPort' => from, 'toPort' => to }
|
132
|
+
end
|
133
|
+
|
134
|
+
before do
|
135
|
+
stub_groups!
|
136
|
+
group.stub(:ip_permissions) do
|
137
|
+
[ stub_perm!('icmp', -1, -1), stub_perm!('tcp', 0, 65535),
|
138
|
+
stub_perm!('udp', 0, 65535), stub_perm!('tcp', 22, 22),
|
139
|
+
stub_perm!('tcp', 443, 443), stub_perm!('tcp', 444, 444)
|
140
|
+
]
|
141
|
+
end
|
142
|
+
group.stub(:owner_id) { '123' }
|
143
|
+
connection.stub(:authorize_security_group_ingress)
|
144
|
+
end
|
145
|
+
|
146
|
+
it "does not add permissions" do
|
147
|
+
connection.should_not_receive(:authorize_security_group_ingress)
|
148
|
+
|
149
|
+
subject.configure_chef_server_group('mygroup')
|
150
|
+
end
|
151
|
+
|
152
|
+
it "sends messages for the rules" do
|
153
|
+
ui.should_receive(:msg).with("Inbound security group rule " +
|
154
|
+
"icmp(-1 -> -1) exists")
|
155
|
+
ui.should_receive(:msg).with("Inbound security group rule " +
|
156
|
+
"tcp(0 -> 65535) exists")
|
157
|
+
ui.should_receive(:msg).with("Inbound security group rule " +
|
158
|
+
"tcp(22 -> 22) exists")
|
159
|
+
|
160
|
+
subject.configure_chef_server_group('mygroup')
|
161
|
+
end
|
162
|
+
end
|
163
|
+
end
|
164
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
require 'knife/server/ssh'
|
2
|
+
|
3
|
+
describe Knife::Server::SSH do
|
4
|
+
let(:ssh_options) do
|
5
|
+
{ :host => "wadup.example.com", :user => "bob",
|
6
|
+
:keys => "/tmp/whoomp.key", :port => "2222" }
|
7
|
+
end
|
8
|
+
|
9
|
+
let(:ssh_connection) do
|
10
|
+
stub("SSH connection").as_null_object
|
11
|
+
end
|
12
|
+
|
13
|
+
subject { Knife::Server::SSH.new(ssh_options) }
|
14
|
+
|
15
|
+
before do
|
16
|
+
Net::SSH.stub(:start).and_yield(ssh_connection)
|
17
|
+
end
|
18
|
+
|
19
|
+
it "passes ssh options to ssh sessions" do
|
20
|
+
Net::SSH.should_receive(:start).with("wadup.example.com", "bob",
|
21
|
+
{ :keys => "/tmp/whoomp.key", :port => "2222" })
|
22
|
+
|
23
|
+
subject.exec! "wat"
|
24
|
+
end
|
25
|
+
|
26
|
+
it "sets default user to root" do
|
27
|
+
ssh_options.delete(:user)
|
28
|
+
Net::SSH.should_receive(:start).with(anything, "root", anything)
|
29
|
+
|
30
|
+
Knife::Server::SSH.new(ssh_options).exec!("wat")
|
31
|
+
end
|
32
|
+
|
33
|
+
it "sets default port to 22" do
|
34
|
+
ssh_options.delete(:port)
|
35
|
+
Net::SSH.should_receive(:start).
|
36
|
+
with(anything, anything, hash_including(:port => "22"))
|
37
|
+
|
38
|
+
Knife::Server::SSH.new(ssh_options).exec!("wat")
|
39
|
+
end
|
40
|
+
|
41
|
+
it "does not add sudo to the command if user is root" do
|
42
|
+
ssh_options[:user] = "root"
|
43
|
+
ssh_connection.should_receive(:exec!).with("zappa")
|
44
|
+
|
45
|
+
Knife::Server::SSH.new(ssh_options).exec!("zappa")
|
46
|
+
end
|
47
|
+
|
48
|
+
it "adds sudo to the command if user is not root" do
|
49
|
+
ssh_connection.should_receive(:exec!).
|
50
|
+
with([%{sudo USER=root HOME="$(getent passwd root | cut -d : -f 6)"},
|
51
|
+
%{bash -c 'zappa'}].join(" "))
|
52
|
+
|
53
|
+
Knife::Server::SSH.new(ssh_options).exec!("zappa")
|
54
|
+
end
|
55
|
+
|
56
|
+
it "returns the output of ssh command" do
|
57
|
+
ssh_options[:user] = "root"
|
58
|
+
ssh_connection.stub(:exec!).with("youdoitnow") { "okthen" }
|
59
|
+
|
60
|
+
subject.exec!("youdoitnow").should eq("okthen")
|
61
|
+
end
|
62
|
+
end
|
metadata
ADDED
@@ -0,0 +1,135 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: knife-server
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Fletcher Nichol
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2012-06-24 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: fog
|
16
|
+
requirement: &70204688690820 !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ~>
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '1.3'
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: *70204688690820
|
25
|
+
- !ruby/object:Gem::Dependency
|
26
|
+
name: net-ssh
|
27
|
+
requirement: &70204688690400 !ruby/object:Gem::Requirement
|
28
|
+
none: false
|
29
|
+
requirements:
|
30
|
+
- - ! '>='
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: '0'
|
33
|
+
type: :runtime
|
34
|
+
prerelease: false
|
35
|
+
version_requirements: *70204688690400
|
36
|
+
- !ruby/object:Gem::Dependency
|
37
|
+
name: chef
|
38
|
+
requirement: &70204688689840 !ruby/object:Gem::Requirement
|
39
|
+
none: false
|
40
|
+
requirements:
|
41
|
+
- - ! '>='
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
version: 0.10.10
|
44
|
+
type: :runtime
|
45
|
+
prerelease: false
|
46
|
+
version_requirements: *70204688689840
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
name: knife-ec2
|
49
|
+
requirement: &70204688688960 !ruby/object:Gem::Requirement
|
50
|
+
none: false
|
51
|
+
requirements:
|
52
|
+
- - ~>
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 0.5.12
|
55
|
+
type: :runtime
|
56
|
+
prerelease: false
|
57
|
+
version_requirements: *70204688688960
|
58
|
+
- !ruby/object:Gem::Dependency
|
59
|
+
name: rspec
|
60
|
+
requirement: &70204688688400 !ruby/object:Gem::Requirement
|
61
|
+
none: false
|
62
|
+
requirements:
|
63
|
+
- - ~>
|
64
|
+
- !ruby/object:Gem::Version
|
65
|
+
version: '2.10'
|
66
|
+
type: :development
|
67
|
+
prerelease: false
|
68
|
+
version_requirements: *70204688688400
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: fakefs
|
71
|
+
requirement: &70204688687760 !ruby/object:Gem::Requirement
|
72
|
+
none: false
|
73
|
+
requirements:
|
74
|
+
- - ~>
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: 0.4.0
|
77
|
+
type: :development
|
78
|
+
prerelease: false
|
79
|
+
version_requirements: *70204688687760
|
80
|
+
description: Chef Knife plugin to bootstrap Chef Servers
|
81
|
+
email:
|
82
|
+
- fnichol@nichol.ca
|
83
|
+
executables: []
|
84
|
+
extensions: []
|
85
|
+
extra_rdoc_files: []
|
86
|
+
files:
|
87
|
+
- .gitignore
|
88
|
+
- .rspec
|
89
|
+
- .travis.yml
|
90
|
+
- CHANGELOG.md
|
91
|
+
- Gemfile
|
92
|
+
- LICENSE
|
93
|
+
- README.md
|
94
|
+
- Rakefile
|
95
|
+
- knife-server.gemspec
|
96
|
+
- lib/chef/knife/bootstrap/chef-server-debian.erb
|
97
|
+
- lib/chef/knife/server_bootstrap_ec2.rb
|
98
|
+
- lib/knife-server.rb
|
99
|
+
- lib/knife/server/credentials.rb
|
100
|
+
- lib/knife/server/ec2_security_group.rb
|
101
|
+
- lib/knife/server/ssh.rb
|
102
|
+
- lib/knife/server/version.rb
|
103
|
+
- spec/chef/knife/server_bootstrap_ec2_spec.rb
|
104
|
+
- spec/knife/server/credientials_spec.rb
|
105
|
+
- spec/knife/server/ec2_security_group_spec.rb
|
106
|
+
- spec/knife/server/ssh_spec.rb
|
107
|
+
homepage: http://fnichol.github.com/knife-server
|
108
|
+
licenses: []
|
109
|
+
post_install_message:
|
110
|
+
rdoc_options: []
|
111
|
+
require_paths:
|
112
|
+
- lib
|
113
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
114
|
+
none: false
|
115
|
+
requirements:
|
116
|
+
- - ! '>='
|
117
|
+
- !ruby/object:Gem::Version
|
118
|
+
version: '0'
|
119
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
120
|
+
none: false
|
121
|
+
requirements:
|
122
|
+
- - ! '>='
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
125
|
+
requirements: []
|
126
|
+
rubyforge_project:
|
127
|
+
rubygems_version: 1.8.17
|
128
|
+
signing_key:
|
129
|
+
specification_version: 3
|
130
|
+
summary: Chef Knife plugin to bootstrap Chef Servers
|
131
|
+
test_files:
|
132
|
+
- spec/chef/knife/server_bootstrap_ec2_spec.rb
|
133
|
+
- spec/knife/server/credientials_spec.rb
|
134
|
+
- spec/knife/server/ec2_security_group_spec.rb
|
135
|
+
- spec/knife/server/ssh_spec.rb
|