knife-server 0.3.3 → 1.0.0

data/lib/chef/knife/bootstrap/chef10/rhel.erb

@@ -0,0 +1,185 @@
+bash -c '
+<%= %{export http_proxy="#{knife_config[:bootstrap_proxy]}"} if knife_config[:bootstrap_proxy] -%>
+
+export hostname="<%= @config[:chef_node_name] %>"
+export webui_password="<%= ENV['WEBUI_PASSWORD'] %>"
+export amqp_password="<%= ENV['AMQP_PASSWORD'] %>"
+export chef_version="<%= Chef::VERSION %>"
+
+set -e
+
+setup() {
+  if grep -qi "Red Hat" /etc/redhat-release
+  then
+    platform="redhat"
+  else
+    platform=$(cat /etc/redhat-release | cut -d" " -f1 | tr [[:upper:]] [[:lower:]])
+  fi
+
+  # throttle selinux, people can set it back up themselves if they want.
+  (setenforce Permissive || exit 0)
+  if [ -f /etc/selinux/config ]
+  then
+    cd /etc/selinux
+    sed -i.bak 's/SELINUX=enforcing/SELINUX=permissive/g' config
+    cd $OLDPWD
+  fi
+
+  yum install ruby rubygems ruby-devel -y
+  yum install readline-devel zlib-devel libyaml-devel openssl-devel \
+    make autoconf automake gcc tar libstdc++-devel gcc-c++ -y
+
+  /usr/bin/gem install rubygems-update -v 1.8.25
+  /usr/bin/update_rubygems
+}
+
+set_hostname_for_centos() {
+  if hostname | grep -q "$hostname" > /dev/null ; then
+    printf -- "-----> Hostname is correct, so skipping...\n"
+    return
+  fi
+
+  local host_first="$(echo $hostname | cut -d . -f 1)"
+  local hostnames="${hostname} ${host_first}"
+
+  sed -i "s/HOSTNAME=.*/HOSTNAME=${hostname}/" /etc/sysconfig/network
+
+  if egrep -q "^127.0.1.1[[:space:]]" /etc/hosts >/dev/null ; then
+    sed -i "s/^\(127[.]0[.]1[.]1[[:space:]]\+\)/\1${hostnames} /" /etc/hosts
+  else
+    sed -i "s/^\(127[.]0[.]0[.]1[[:space:]]\+.*\)$/\1\n127.0.1.1 ${hostnames} /" /etc/hosts
+  fi
+  /bin/hostname ${hostname}
+}
+
+set_hostname_for_redhat() {
+  if hostname | grep -q "$hostname" > /dev/null ; then
+    printf -- "-----> Hostname is correct, so skipping...\n"
+    return
+  fi
+
+  local host_first="$(echo $hostname | cut -d . -f 1)"
+  local hostnames="${hostname} ${host_first}"
+
+  sed -i "s/HOSTNAME=.*/HOSTNAME=${hostname}/" /etc/sysconfig/network
+
+  if egrep -q "^127.0.1.1[[:space:]]" /etc/hosts >/dev/null ; then
+    sed -i "s/^\(127[.]0[.]1[.]1[[:space:]]\+\)/\1${hostnames} /" /etc/hosts
+  else
+    sed -i "s/^\(127[.]0[.]0[.]1[[:space:]]\+.*\)$/\1\n127.0.1.1 ${hostnames} /" /etc/hosts
+  fi
+  /bin/hostname ${hostname}
+}
+
+set_hostname_for_amazon() {
+  if hostname | grep -q "$hostname" > /dev/null ; then
+    printf -- "-----> Hostname is correct, so skipping...\n"
+    return
+  fi
+
+  local host_first="$(echo $hostname | cut -d . -f 1)"
+  local hostnames="${hostname} ${host_first}"
+
+  sed -i "s/HOSTNAME=.*/HOSTNAME=${hostname}/" /etc/sysconfig/network
+
+  if egrep -q "^127.0.1.1[[:space:]]" /etc/hosts >/dev/null ; then
+    sed -i "s/^\(127[.]0[.]1[.]1[[:space:]]\+\)/\1${hostnames} /" /etc/hosts
+  else
+    sed -i "s/^\(127[.]0[.]0[.]1[[:space:]]\+.*\)$/\1\n127.0.1.1 ${hostnames} /" /etc/hosts
+  fi
+  /bin/hostname ${hostname}
+}
+
+set_hostname_for_scientific() {
+  if hostname | grep -q "$hostname" > /dev/null ; then
+    printf -- "-----> Hostname is correct, so skipping...\n"
+    return
+  fi
+
+  local host_first="$(echo $hostname | cut -d . -f 1)"
+  local hostnames="${hostname} ${host_first}"
+
+  sed -i "s/HOSTNAME=.*/HOSTNAME=${hostname}/" /etc/sysconfig/network
+
+  if egrep -q "^127.0.1.1[[:space:]]" /etc/hosts >/dev/null ; then
+    sed -i "s/^\(127[.]0[.]1[.]1[[:space:]]\+\)/\1${hostnames} /" /etc/hosts
+  else
+    sed -i "s/^\(127[.]0[.]0[.]1[[:space:]]\+.*\)$/\1\n127.0.1.1 ${hostnames} /" /etc/hosts
+  fi
+  /bin/hostname ${hostname}
+}
+
+set_hostname_for_enterpriseenterprise() {
+  if hostname | grep -q "$hostname" > /dev/null ; then
+    printf -- "-----> Hostname is correct, so skipping...\n"
+    return
+  fi
+
+  local host_first="$(echo $hostname | cut -d . -f 1)"
+  local hostnames="${hostname} ${host_first}"
+
+  sed -i "s/HOSTNAME=.*/HOSTNAME=${hostname}/" /etc/sysconfig/network
+
+  if egrep -q "^127.0.1.1[[:space:]]" /etc/hosts >/dev/null ; then
+    sed -i "s/^\(127[.]0[.]1[.]1[[:space:]]\+\)/\1${hostnames} /" /etc/hosts
+  else
+    sed -i "s/^\(127[.]0[.]0[.]1[[:space:]]\+.*\)$/\1\n127.0.1.1 ${hostnames} /" /etc/hosts
+  fi
+  /bin/hostname ${hostname}
+}
+
+config_chef_solo() {
+  local tmp_solo="$1"
+
+  mkdir -p $tmp_solo
+  cat <<SOLO_RB > $tmp_solo/solo.rb
+file_cache_path "$tmp_solo"
+cookbook_path   "$tmp_solo/cookbooks"
+SOLO_RB
+
+  cat<<BOOTSTRAP_JSON > $tmp_solo/bootstrap.json
+{
+  "chef_server": {
+    "webui_enabled" : true,
+    "ssl_req" : "/C=CA/ST=Several/L=Locality/O=Example/OU=Operations/CN=${hostname}/emailAddress=root@${hostname}"
+  },
+  "run_list": [ "recipe[chef-server::rubygems-install]", "recipe[chef-server::apache-proxy]" ]
+}
+BOOTSTRAP_JSON
+}
+
+install_chef_server() {
+  # hack, ensure net-ssh 2.2.2 and net-ssh-multi 1.1.0 is installed before
+  # installing chef, otherwise rubygems will explode trying to run chef
+
+  gem install net-ssh -v 2.2.2 --no-ri --no-rdoc
+  gem install net-ssh-gateway -v 1.1.0 --no-ri --no-rdoc
+  gem install net-ssh-multi -v 1.1.0 --no-ri --no-rdoc
+  gem install chef -v $chef_version --no-ri --no-rdoc 
+
+  local tmp_solo=/tmp/chef-solo
+
+  config_chef_solo $tmp_solo
+
+  chef-solo -c $tmp_solo/solo.rb -j $tmp_solo/bootstrap.json \
+     -r http://s3.amazonaws.com/chef-solo/bootstrap-latest.tar.gz
+
+  rm -rf $tmp_solo
+}
+
+configure_firewall() {
+  # chef-server-api
+  /usr/sbin/lokkit -p 4000:tcp
+  # chef-server-webui
+  /usr/sbin/lokkit -p 4040:tcp 
+  # ssl proxy to chef-server-api
+  /usr/sbin/lokkit -p 443:tcp  
+}
+
+setup
+set_hostname_for_${platform}
+install_chef_server
+configure_firewall
+
+printf -- "-----> Bootstraping Chef Server on ${hostname} is complete.\n"
+'

data/lib/chef/knife/bootstrap/chef11/omnibus.erb

@@ -0,0 +1,64 @@
+bash -c '
+<%
+  require 'erb'
+
+  def render(partial)
+    partial_path = Gem.find_files(File.join(
+      %W{chef knife bootstrap _#{partial}}
+    )).first
+    raise ArgumentError, "Partial _#{partial} not found" if partial_path.nil?
+
+    ERB.new(IO.read(partial_path)).result(binding)
+  end
+-%>
+set -e
+<%= %{set -x} if @chef_config[:knife][:log_level] == :debug -%>
+
+<%=
+  if knife_config[:bootstrap_proxy]
+    %{export http_proxy="#{knife_config[:bootstrap_proxy]}"}
+  end
+-%>
+export hostname="<%= @config[:chef_node_name] %>"
+export version="<%= @config[:bootstrap_version] %>"
+export prerelease="<%= @config[:prerelease] == true %>"
+export webui_enable="<%= @chef_config[:knife][:webui_enable] == true %>"
+export webui_password="<%= ENV['WEBUI_PASSWORD'] %>"
+export amqp_password="<%= ENV['AMQP_PASSWORD'] %>"
+
+<%= render "common.sh" %>
+
+<%= render "platform_and_version.sh" %>
+
+<%= render "set_hostname.sh" %>
+
+<%= render "omnibus.sh" %>
+
+#
+# Chef Server Omnibus installation
+#
+
+# Set filename
+case $platform in
+  "ubuntu") deb_filename ;;
+  "debian") deb_filename ;;
+  "el") rpm_filename ;;
+  "suse") rpm_filename ;;
+  "sles") rpm_filename ;;
+  "fedora") rpm_filename ;;
+esac
+
+# Set tmp_dir
+tmp_dir=$(mktemp -d -t tmp.XXXXXXXX || echo "/tmp")
+
+set_hostname_for_${platform}
+download_package
+install_package
+prepare_chef_server_rb
+symlink_binaries
+reconfigure_chef_server
+test_chef_server
+configure_firewall
+
+banner "Bootstraping Chef Server on ${hostname} is complete."
+'

data/lib/chef/knife/bootstrap/chef11/rhel.erb

@@ -0,0 +1,142 @@
+bash -c '
+<%= %{export http_proxy="#{knife_config[:bootstrap_proxy]}"} if knife_config[:bootstrap_proxy] -%>
+
+export hostname="<%= @config[:chef_node_name] %>"
+export webui_password="<%= ENV['WEBUI_PASSWORD'] %>"
+export amqp_password="<%= ENV['AMQP_PASSWORD'] %>"
+export chef_version="<%= Chef::VERSION %>"
+
+set -e
+
+setup() {  
+  if grep -qi "Red Hat" /etc/redhat-release
+  then
+    platform="redhat"
+  else
+    platform=$(cat /etc/redhat-release | cut -d" " -f1 | tr [[:upper:]] [[:lower:]])
+  fi
+
+  # throttle selinux, people can set it back up themselves if they want.
+  (setenforce Permissive || exit 0)
+  if [ -f /etc/selinux/config ]
+  then
+    cd /etc/selinux
+    sed -i.bak 's/SELINUX=enforcing/SELINUX=permissive/g' config
+    cd $OLDPWD
+  fi
+}
+
+set_hostname_for_platform() {
+  if hostname | grep -q "$hostname" > /dev/null ; then
+    printf -- "-----> Hostname is correct, so skipping...\n"
+    return
+  fi
+
+  local host_first="$(echo $hostname | cut -d . -f 1)"
+  local hostnames="${hostname} ${host_first}"
+
+  sed -i "s/HOSTNAME=.*/HOSTNAME=${hostname}/" /etc/sysconfig/network
+
+  if egrep -q "^127.0.1.1[[:space:]]" /etc/hosts >/dev/null ; then
+    sed -i "s/^\(127[.]0[.]1[.]1[[:space:]]\+\)/\1${hostnames} /" /etc/hosts
+  else
+    sed -i "s/^\(127[.]0[.]0[.]1[[:space:]]\+.*\)$/\1\n127.0.1.1 ${hostnames} /" /etc/hosts
+  fi
+  /bin/hostname ${hostname}
+}
+
+set_hostname_for_centos() {
+  set_hostname_for_platform
+}
+
+set_hostname_for_redhat() {
+  set_hostname_for_platform
+}
+
+set_hostname_for_amazon() {
+  set_hostname_for_platform
+}
+
+set_hostname_for_scientific() {
+  set_hostname_for_platform
+}
+
+set_hostname_for_enterpriseenterprise() {
+  set_hostname_for_platform
+}
+
+install_omnibus_chef() {
+  yum install -y curl bash
+  curl -L https://www.opscode.com/chef/install.sh | bash -s -- -v "${chef_version}"
+}
+
+download_cookbook() {
+  local server_ckbk_dir="$1/chef-server"
+  local url="https://github.com/opscode-cookbooks/chef-server/archive/master.tar.gz"
+
+  mkdir -p "$server_ckbk_dir"
+  (cd "$server_ckbk_dir" && \
+    curl -sL "$url" | gunzip -c - | tar xf - --strip-components=1)
+}
+
+config_chef_solo() {
+  local tmp_solo="$1"
+
+  mkdir -p $tmp_solo/cookbooks
+  cat > $tmp_solo/solo.rb <<SOLO_RB
+file_cache_path "$tmp_solo"
+cookbook_path   "$tmp_solo/cookbooks"
+SOLO_RB
+
+cat <<BOOTSTRAP_JSON > $tmp_solo/bootstrap.json
+{
+  "chef-server" : {
+    "prereleases" : true,
+    "chef-server-webui" : {
+      "web_ui_admin_default_password" : "$webui_password"
+    },
+    "rabbitmq" : {
+      "password" : "$amqp_password"
+    }
+  },
+  "run_list" : [ "recipe[chef-server]" ]
+}
+BOOTSTRAP_JSON
+  
+  download_cookbook $tmp_solo/cookbooks
+}
+
+run_chef_solo() {
+  local tmp_solo=/tmp/chef-solo
+
+  config_chef_solo $tmp_solo
+  chef-solo -c $tmp_solo/solo.rb -j $tmp_solo/bootstrap.json
+  rm -rf $tmp_solo
+}
+
+cleanup() {
+  for bin in chef-client chef-solo chef-shell knife ohai shef ; do
+    ln -snf /opt/chef-server/bin/$bin /usr/bin/$bin
+  done ; unset bin
+
+  rm -rf /opt/chef
+}
+
+configure_firewall() {
+  # chef-server-api
+  /usr/sbin/lokkit -p 4000:tcp
+  # chef-server-webui
+  /usr/sbin/lokkit -p 4040:tcp 
+  # ssl proxy to chef-server-api
+  /usr/sbin/lokkit -p 443:tcp  
+}
+
+setup
+set_hostname_for_${platform}
+install_omnibus_chef
+run_chef_solo
+configure_firewall
+cleanup
+
+echo "-----> Bootstraping Chef Server on ${hostname} is complete."
+'

data/lib/chef/knife/server_bootstrap_base.rb

@@ -30,54 +30,32 @@ class Chef
             require 'net/ssh'
           end
 
-          option :chef_node_name,
-            :short => "-N NAME",
-            :long => "--node-name NAME",
-            :description => "The name of your new Chef Server"
-
           option :platform,
             :short => "-P PLATFORM",
             :long => "--platform PLATFORM",
-            :description => "The platform type that will be bootstrapped (debian)",
-            :default => "debian"
-
-          option :ssh_user,
-            :short => "-x USERNAME",
-            :long => "--ssh-user USERNAME",
-            :description => "The ssh username",
-            :default => "root"
-
-          option :ssh_port,
-            :short => "-p PORT",
-            :long => "--ssh-port PORT",
-            :description => "The ssh port",
-            :default => "22",
-            :proc => Proc.new { |key| Chef::Config[:knife][:ssh_port] = key }
-
-          option :identity_file,
-            :short => "-i IDENTITY_FILE",
-            :long => "--identity-file IDENTITY_FILE",
-            :description => "The SSH identity file used for authentication"
+            :description => "The platform type that will be bootstrapped (omnibus)",
+            :default => "omnibus"
 
-          option :prerelease,
-            :long => "--prerelease",
-            :description => "Install the pre-release chef gem"
+          option :distro,
+            :short => "-d DISTRO",
+            :long => "--distro DISTRO",
+            :description => "Bootstrap a distro using a template; default is 'chef11/omnibus'"
 
           option :bootstrap_version,
             :long => "--bootstrap-version VERSION",
-            :description => "The version of Chef to install",
-            :proc => Proc.new { |v| Chef::Config[:knife][:bootstrap_version] = v }
+            :description => "The version of Chef Server to install, default is latest release",
+            :proc => Proc.new { |v| Chef::Config[:knife][:bootstrap_version] = v },
+            :default => nil
 
-          option :template_file,
-            :long => "--template-file TEMPLATE",
-            :description => "Full path to location of template to use",
-            :proc => Proc.new { |t| Chef::Config[:knife][:template_file] = t },
-            :default => false
+          option :prerelease,
+            :long => "--prerelease",
+            :description => "Install a pre-release version of Chef Server"
 
-          option :distro,
-            :short => "-d DISTRO",
-            :long => "--distro DISTRO",
-            :description => "Bootstrap a distro using a template; default is 'chef-server-<platform>'"
+          option :webui_enable,
+            :long => "--[no-]webui-enable",
+            :description => "Whether or not to enable the webui, default is false",
+            :proc => Proc.new { |v| Chef::Config[:knife][:webui_enable] = v },
+            :default => false
 
           option :webui_password,
             :long => "--webui-password SECRET",
@@ -88,6 +66,13 @@ class Chef
             :long => "--amqp-password SECRET",
             :description => "Initial password for AMQP, default is 'chefchef'",
             :default => "chefchef"
+
+          option :log_level,
+            :short => "-l LEVEL",
+            :long => "--log-level LEVEL",
+            :description  => "Set the log level (debug, info, warn, error, fatal)",
+            :proc => Proc.new { |v| Chef::Config[:knife][:log_level] = v.to_sym },
+            :default => :error
         end
       end
 
@@ -106,13 +91,76 @@ class Chef
         ui.msg(credentials_client.create_root_client)
       end
 
+      def bootstrap_auto?
+        config_val(:platform) == "auto"
+      end
+
+      def distro_auto_map(platform, platform_version)
+        # NOTE this logic is shared with chef/knife/bootstrap/auto.sh, which is
+        #      run on the server side.
+        # XXX we don't actually use the platform_version stuff, just included
+        #     because we get it for free in the script and it might prove
+        #     useful later.
+        # XXX might be better to have chef/ohai's platform_family? do this for
+        #     us in the long term.
+
+        normal = case platform
+                 when "debian", "ubuntu"
+                   "debian"
+                 when "el", "redhat"
+                   "rhel"
+                 when /^solaris/
+                   "solaris"
+                 when "sles", "suse"
+                   "suse"
+                 end
+
+        return construct_distro(normal)
+      end
+
+      def construct_distro(platform)
+        "chef#{chef_server_major_version}/#{platform}"
+      end
+
+      def chef_server_major_version
+        version = config_val(:bootstrap_version)
+
+        version.nil? ? 11 : version.split(".").first.to_i
+      end
+
       def bootstrap_distro
-        config[:distro] || "chef-server-#{config[:platform]}"
+        return config_val(:distro) if config_val(:distro)
+        return determine_platform if config_val(:platform) == "auto"
+        return construct_distro(config_val(:platform))
       end
 
       def credentials_client
+        opts = {}
+        opts[:omnibus] = true if chef_server_major_version > 10
         @credentials_client ||= ::Knife::Server::Credentials.new(
-          ssh_connection, Chef::Config[:validation_key])
+          ssh_connection, Chef::Config[:validation_key], opts)
+      end
+
+      def determine_platform
+        return nil unless bootstrap_auto?
+
+        script = File.binread(File.expand_path("bootstrap/auto.sh", File.dirname(__FILE__)))
+
+        # result is expected to be two lines, first being the platform name,
+        # second being the platform version.
+        result, exit_status = ssh_connection.run_script(script)
+
+        if exit_status != 0 or !result or result.strip.empty?
+          raise "Could not determine the OS running the target for the chef server. Please specify --platform."
+        end
+
+        return distro_auto_map(*result.split(/\n/).compact[0..1])
+      end
+
+      def config_val(key)
+        key = key.to_sym
+        default_value = options[key] && options[key][:default]
+        config.fetch(key, Chef::Config[:knife].fetch(key, default_value))
       end
     end
   end