knife-server 1.1.0 → 1.2.0

data/lib/chef/knife/server_bootstrap_openstack.rb

@@ -0,0 +1,128 @@
+# -*- encoding: utf-8 -*-
+#
+# Author:: John Bellone (<jbellone@bloomberg.net>)
+# Copyright:: Copyright (c) 2014 Bloomberg Finance L.P.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef/knife/server_bootstrap_base"
+
+class Chef
+  class Knife
+    # Provisions an OpenStack instance and sets up an Open Source Chef Server.
+    class ServerBootstrapOpenstack < Knife
+
+      banner "knife server bootstrap openstack (options)"
+
+      include Knife::ServerBootstrapBase
+
+      deps do
+        require "knife/server/ssh"
+        require "knife/server/credentials"
+
+        begin
+          require "chef/knife/openstack_server_create"
+          require "fog"
+          Chef::Knife::OpenstackServerCreate.load_deps
+
+          current_options = options
+          self.options = Chef::Knife::OpenstackServerCreate.options.dup
+          options.merge!(current_options)
+        rescue LoadError => ex
+          ui.error [
+            "Knife plugin knife-openstack could not be loaded.",
+            "Please add the knife-openstack gem to your Gemfile or",
+            "install the gem manually with `gem install knife-openstack'.",
+            "(#{ex.message})"
+          ].join(" ")
+          exit 1
+        end
+      end
+
+      def run
+        super
+        openstack_bootstrap.run
+        fetch_validation_key
+        create_root_client
+        install_client_key
+      end
+
+      def openstack_bootstrap
+        ENV["WEBUI_PASSWORD"] = config_val(:webui_password)
+        ENV["AMQP_PASSWORD"] = config_val(:amqp_password)
+        ENV["NO_TEST"] = "1" if config[:no_test]
+        bootstrap = Chef::Knife::OpenstackServerCreate.new
+        Chef::Knife::OpenstackServerCreate.options.keys.each do |attr|
+          val = config_val(attr)
+          next if val.nil?
+
+          bootstrap.config[attr] = val
+        end
+        bootstrap.config[:distro] = bootstrap_distro
+        bootstrap
+      end
+
+      def openstack_connection
+        @openstack_connection ||= Fog::Compute.new(
+          :provider => :openstack,
+          :openstack_username => config_val(:openstack_username),
+          :openstack_password => config_val(:openstack_password),
+          :openstack_auth_url => config_val(:openstack_auth_url),
+          :openstack_tenant => config_val(:openstack_tenant),
+          :openstack_region => config_val(:openstack_region)
+        )
+      end
+
+      def server_ip_address
+        server = openstack_connection.servers.find do |s|
+          s.status == 1 && s.name == config_val(:openstack_node_name)
+        end
+
+        server && server.public_ip_address
+      end
+
+      private
+
+      def validate!
+        super
+
+        if config[:chef_node_name].nil?
+          ui.error "You did not provide a valid --node-name value."
+          exit 1
+        end
+        if config_val(:platform) == "auto"
+          ui.error "Auto platform cannot be used with knife-openstack plugin"
+          exit 1
+        end
+      end
+
+      def ssh_connection
+        opts = {
+          :host     => server_ip_address,
+          :user     => config_val(:ssh_user),
+          :port     => config_val(:ssh_port),
+          :keys     => [config_val(:identity_file)].compact,
+          :password => config_val(:ssh_password)
+        }
+        if config_val(:host_key_verify) == false
+          opts[:user_known_hosts_file] = "/dev/null"
+          opts[:paranoid] = false
+        end
+
+        ::Knife::Server::SSH.new(opts)
+      end
+    end
+  end
+end

data/lib/chef/knife/server_bootstrap_standalone.rb

@@ -1,3 +1,4 @@
+# -*- encoding: utf-8 -*-
 #
 # Author:: Fletcher Nichol (<fnichol@nichol.ca>)
 # Copyright:: Copyright (c) 2012 Fletcher Nichol
@@ -16,10 +17,12 @@
 # limitations under the License.
 #
 
-require 'chef/knife/server_bootstrap_base'
+require "chef/knife/server_bootstrap_base"
 
 class Chef
   class Knife
+    # Provisions a standalone server that is reachable on the network and
+    # sets up an Open Source Chef Server.
     class ServerBootstrapStandalone < Knife
 
       banner "knife server bootstrap standalone (options)"
@@ -27,14 +30,14 @@ class Chef
       include Knife::ServerBootstrapBase
 
       deps do
-        require 'knife/server/ssh'
-        require 'knife/server/credentials'
-        require 'chef/knife/bootstrap'
+        require "knife/server/ssh"
+        require "knife/server/credentials"
+        require "chef/knife/bootstrap"
         Chef::Knife::Bootstrap.load_deps
 
-        current_options = self.options
+        current_options = options
         self.options = Chef::Knife::Bootstrap.options.dup
-        self.options.merge!(current_options)
+        options.merge!(current_options)
       end
 
       option :host,
@@ -43,7 +46,7 @@ class Chef
         :description => "Hostname or IP address of host to bootstrap"
 
       def run
-        validate!
+        super
         check_ssh_connection
         standalone_bootstrap.run
         fetch_validation_key
@@ -52,23 +55,26 @@ class Chef
       end
 
       def standalone_bootstrap
-        ENV['WEBUI_PASSWORD'] = config_val(:webui_password)
-        ENV['AMQP_PASSWORD'] = config_val(:amqp_password)
-        ENV['NO_TEST'] = "1" if config[:no_test]
+        setup_environment
         bootstrap = Chef::Knife::Bootstrap.new
-        bootstrap.name_args = [ config[:host] ]
+        bootstrap.name_args = [config[:host]]
         Chef::Knife::Bootstrap.options.keys.each do |attr|
-          bootstrap.config[attr] = config_val(attr)
+          val = config_val(attr)
+          next if val.nil?
+
+          bootstrap.config[attr] = val
         end
-        bootstrap.ui = self.ui
+        bootstrap.ui = ui
         bootstrap.config[:distro] = bootstrap_distro
-        bootstrap.config[:use_sudo] = true unless config_val(:ssh_user) == "root"
+        bootstrap.config[:use_sudo] = true if config_val(:ssh_user) != "root"
         bootstrap
       end
 
       private
 
       def validate!
+        super
+
         if config[:chef_node_name].nil?
           ui.error "You did not provide a valid --node-name value."
           exit 1
@@ -79,11 +85,17 @@ class Chef
         end
       end
 
+      def setup_environment
+        ENV["WEBUI_PASSWORD"] = config_val(:webui_password)
+        ENV["AMQP_PASSWORD"] = config_val(:amqp_password)
+        ENV["NO_TEST"] = "1" if config[:no_test]
+      end
+
       def check_ssh_connection
         ssh_connection.exec! "hostname -f"
       rescue Net::SSH::AuthenticationFailed
-        ui.warn("Failed to authenticate #{config_val(:ssh_user)} - " +
-                "trying password auth")
+        ui.warn("Failed to authenticate #{config_val(:ssh_user)} - " \
+          "trying password auth")
         config[:ssh_password] = ui.ask(
           "Enter password for #{config_val(:ssh_user)}@#{config_val(:host)}: "
         ) { |q| q.echo = false }

data/lib/chef/knife/server_restore.rb

@@ -1,3 +1,4 @@
+# -*- encoding: utf-8 -*-
 #
 # Author:: Fletcher Nichol (<fnichol@nichol.ca>)
 # Copyright:: Copyright (c) 2012 Fletcher Nichol
@@ -16,14 +17,15 @@
 # limitations under the License.
 #
 
-require 'chef/knife'
+require "chef/knife"
 
 class Chef
   class Knife
+    # Restores Chef data primitives from JSON backups to a Chef Server.
     class ServerRestore < Knife
 
       deps do
-        require 'chef/json_compat'
+        require "chef/json_compat"
       end
 
       banner "knife server restore COMPONENT[ COMPONENT ...] (options)"
@@ -43,11 +45,23 @@ class Chef
       private
 
       COMPONENTS = {
-        "nodes" => { :singular => "node", :klass => Chef::Node },
-        "roles" => { :singular => "role", :klass => Chef::Role },
-        "environments" => { :singular => "environment", :klass => Chef::Environment },
-        "data_bags" => { :singular => "data_bag", :klass => Chef::DataBag },
-      }
+        "nodes" => {
+          :singular => "node",
+          :klass => Chef::Node
+        },
+        "roles" => {
+          :singular => "role",
+          :klass => Chef::Role
+        },
+        "environments" => {
+          :singular => "environment",
+          :klass => Chef::Environment
+        },
+        "data_bags" => {
+          :singular => "data_bag",
+          :klass => Chef::DataBag
+        }
+      }.freeze
 
       def validate!
         bad_names = name_args.reject { |c| COMPONENTS.keys.include?(c) }
@@ -77,7 +91,7 @@ class Chef
 
         if c[:klass] == Chef::DataBag
           create_data_bag(::File.basename(::File.dirname(json_file)))
-          msg = "Restoring #{c[:singular]}" +
+          msg = "Restoring #{c[:singular]}" \
             "[#{obj.data_bag}][#{obj.raw_data[:id]}]"
         else
           msg = "Restoring #{c[:singular]}[#{obj.name}]"
@@ -92,7 +106,7 @@ class Chef
 
         unless @created_data_bags.include?(name)
           ui.msg "Restoring data_bag[#{name}]"
-          rest.post_rest("data", { "name" => name })
+          rest.post_rest("data", "name" => name)
           @created_data_bags << name
         end
       end

data/lib/knife-server.rb

@@ -1,3 +1,4 @@
+# -*- encoding: utf-8 -*-
 #
 # Author:: Fletcher Nichol (<fnichol@nichol.ca>)
 # Copyright:: Copyright (c) 2012 Fletcher Nichol

data/lib/knife/server/credentials.rb

@@ -1,3 +1,4 @@
+# -*- encoding: utf-8 -*-
 #
 # Author:: Fletcher Nichol (<fnichol@nichol.ca>)
 # Copyright:: Copyright (c) 2012 Fletcher Nichol
@@ -16,68 +17,47 @@
 # limitations under the License.
 #
 
-require 'fileutils'
+require "fileutils"
+require "openssl"
 
 module Knife
   module Server
+    # Creates credentials for a Chef server.
     class Credentials
       def initialize(ssh, validation_key_path, options = {})
         @ssh = ssh
         @validation_key_path = validation_key_path
         @omnibus = options[:omnibus]
+        @io = options.delete(:io) || $stdout
       end
 
       def install_validation_key(suffix = Time.now.to_i)
-        if File.exists?(@validation_key_path)
-          FileUtils.cp(@validation_key_path,
-                       backup_file_path(@validation_key_path, suffix))
+        dest = @validation_key_path
+        backup = backup_file_path(@validation_key_path, suffix)
+
+        if File.exist?(dest)
+          info "Creating backup of #{dest} locally at #{backup}"
+          FileUtils.cp(dest, backup)
         end
 
         chef10_key = "/etc/chef/validation.pem"
         omnibus_key = "/etc/chef-server/chef-validator.pem"
 
-        File.open(@validation_key_path, "wb") do |f|
+        info "Installing validation private key locally at #{dest}"
+        File.open(dest, "wb") do |f|
           f.write(@ssh.exec!("cat #{omnibus? ? omnibus_key : chef10_key}"))
         end
       end
 
       def create_root_client
-        chef10_cmd = [
-          "knife configure",
-          "--initial",
-          "--server-url http://127.0.0.1:4000",
-          "--user root",
-          '--repository ""',
-          "--defaults --yes"
-        ].join(" ")
-
-        omnibus_cmd = [
-          "echo '#{ENV['WEBUI_PASSWORD']}' |",
-          "knife configure",
-          "--initial",
-          "--server-url http://127.0.0.1:8000",
-          "--user root",
-          '--repository ""',
-          "--admin-client-name chef-webui",
-          "--admin-client-key /etc/chef-server/chef-webui.pem",
-          "--validation-client-name chef-validator",
-          "--validation-key /etc/chef-server/chef-validator.pem",
-          "--defaults --yes"
-        ].join(" ")
-
-        @ssh.exec!(omnibus? ? omnibus_cmd : chef10_cmd)
+        @ssh.exec!(omnibus? ? client_omnibus_cmd : client_chef10_cmd)
       end
 
       def install_client_key(user, client_key_path, suffix = Time.now.to_i)
-        create_user_client(user)
-
-        if File.exists?(client_key_path)
-          FileUtils.cp(client_key_path,
-                       backup_file_path(client_key_path, suffix))
-        end
-
-        File.open(client_key_path, "wb") do |f|
-          f.write(@ssh.exec!("cat /tmp/chef-client-#{user}.pem"))
+        if omnibus? && File.exist?(client_key_path)
+          use_current_client_key(user, client_key_path)
+        else
+          create_new_client_key(user, client_key_path, suffix)
         end
 
         @ssh.exec!("rm -f /tmp/chef-client-#{user}.pem")
@@ -85,8 +65,12 @@ module Knife
 
       private
 
+      def info(msg)
+        @io.puts "-----> #{msg}"
+      end
+
       def omnibus?
-        @omnibus
+        @omnibus ? true : false
       end
 
       def backup_file_path(file_path, suffix)
@@ -94,7 +78,7 @@ module Knife
         "#{parts[0]}.#{suffix}.#{parts[2]}"
       end
 
-      def create_user_client(user)
+      def create_user_client(user, is_private = false)
         chef10_cmd = [
           "knife client create",
           user,
@@ -107,13 +91,65 @@ module Knife
           "knife user create",
           user,
           "--admin",
-          "--file /tmp/chef-client-#{user}.pem",
+          "--#{is_private ? "user-key" : "file"} /tmp/chef-client-#{user}.pem",
           "--disable-editing",
-          "--password #{ENV['WEBUI_PASSWORD']}"
+          "--password #{ENV["WEBUI_PASSWORD"]}"
         ].join(" ")
 
         @ssh.exec!(omnibus? ? omnibus_cmd : chef10_cmd)
       end
+
+      def client_chef10_cmd
+        [
+          "knife configure",
+          "--initial",
+          "--server-url http://127.0.0.1:4000",
+          "--user root",
+          '--repository ""',
+          "--defaults --yes"
+        ].join(" ")
+      end
+
+      def client_omnibus_cmd
+        [
+          "echo '#{ENV["WEBUI_PASSWORD"]}' |",
+          "knife configure",
+          "--initial",
+          "--server-url http://127.0.0.1:8000",
+          "--user root",
+          '--repository ""',
+          "--admin-client-name chef-webui",
+          "--admin-client-key /etc/chef-server/chef-webui.pem",
+          "--validation-client-name chef-validator",
+          "--validation-key /etc/chef-server/chef-validator.pem",
+          "--defaults --yes 2>> /tmp/chef-server-install-errors.txt"
+        ].join(" ")
+      end
+
+      def use_current_client_key(user, private_key)
+        public_key = OpenSSL::PKey::RSA.new(
+          File.open(private_key, "rb") { |file| file.read }
+        ).public_key.to_s
+
+        info "Uploading public key for pre-existing #{user} key"
+        @ssh.exec!(%{echo "#{public_key}" > /tmp/chef-client-#{user}.pem})
+        create_user_client(user, true)
+      end
+
+      def create_new_client_key(user, private_key, suffix)
+        create_user_client(user)
+
+        if File.exist?(private_key)
+          backup = backup_file_path(private_key, suffix)
+          info "Creating backup of #{private_key} locally at #{backup}"
+          FileUtils.cp(private_key, backup)
+        end
+
+        info "Installing #{user} private key locally at #{private_key}"
+        File.open(private_key, "wb") do |f|
+          f.write(@ssh.exec!("cat /tmp/chef-client-#{user}.pem"))
+        end
+      end
     end
   end
 end