right_link 5.9.0 → 5.9.1

data/INSTALL.rdoc

@@ -0,0 +1,370 @@
+= DISCLAIMER & WARNING
+
+This guide demonstrates how to build the RightLink gem, install it into any
+Ruby interpreter, and integrate it with Linux. This is an advanced procedure
+that is intended for people who want to modify or contribute to the RightLink
+software itself.
+
+Due to the large number of variables between different OS distributions and
+Ruby versions, RightScale cannot support RightLink when it is installed in
+this fashion. If your goal is to use RightLink to deploy and manage cloud
+servers, then your goals are better accomplished by one of the following
+options:
+
+== Use a RightScale-Published Machine Image
+
+A RightImage™ is a base machine image, published by RightScale, that can be
+used to launch instances in cloud infrastructures.  RightImages are unique
+from other cloud-based machine images because they are specifically designed
+for optimum communication with the RightScale platform. RightImages are
+Each of RightScale's published ServerTemplates was tested and published with
+one or more RightImages.
+
+RightImages are available for several distributions/versions of Linux and
+for Windows. They are the best choice for someone who wants a known-good
+starting point to build their own ServerTemplates.
+
+Obtain a RightImage:
+http://support.rightscale.com/12-Guides/RightScale_101/06-Advanced_Concepts/RightImages
+
+== Create a RightScale-Enabled Image
+
+RightScale provides pre-built, supported RightLink packages in several
+formats (RPM, DEB, MSI) that are compatible with multiple Linux distributions
+and versions.
+
+Create a RightImage:
+http://support.rightscale.com/12-Guides/RightLink/02-RightLink_5.9
+
+== Install an Early-Access RightLink Package
+
+For the adventurous, RightScale provides access to nightly builds of RightLink
+that are produced from the master branch. These packages undergo automated
+regression, but we cannot provide support for nightly builds. 
+
+As of May 2013, we produce nightlies for the following distributions and
+releases:
+* RHEL 6 (also compatible with CentOS 6)
+* Ubuntu 12.04
+
+And the following cloud types:
+* azure
+* cloudstack
+* ec2
+* google
+* openstack
+* rackspace (Rackspace Classic)
+* rackspace-ng (Rackspace OpenCloud)
+* softlayer
+
+After installing the RightLink package, you can bundle an image and use
+it to create your own MultiCoudImage.
+
+Alternatively, if you install to an instance that was launched as a server
+via the RightScale dashboard, you can reboot the instance to proceed with
+running the boot scripts for the associated ServerTemplate.
+
+=== Nightly RPMs
+
+==== RedHat
+
+For RedHat-based systems, we publish nightly builds to a yum repository.
+The repository follows an EPEL-like layout and supports multiple distributions
+and releases.
+
+To install nightly RPMs, first create a yum source.
+
+  cat > /etc/yum.repos.d/RightLink-development.repo <<EOF
+  [rightlink]
+  name=RightLink
+  baseurl=https://rightlink-integration.s3.amazonaws.com/nightly/yum/1/el/$releasever/$basearch/
+  gpgcheck=0
+  EOF
+
+Next install RightLink cloud support package for
+the cloud type your instance is running on:
+
+  yum install -y rightlink-cloud-ec2
+
+==== SUSE
+
+For SUSE-based systems, we publish nightly builds to a yum repository.
+The repository follows an EPEL-like layout and supports multiple distributions
+and releases.
+
+To install nightly RPMs, first create a zypper source.
+
+  zypper ar -G -f https://rightlink-integration.s3.amazonaws.com/nightly/yum/1/suse/$releasever/$basearch/
+
+Next install RightLink cloud support package for
+the cloud type your instance is running on:
+
+  zypper --non-interactive install rightlink-cloud-ec2
+
+
+=== Nightly DEBs
+
+For Debian-derived systems, we publish nightly builds to an apt repository.
+The repository is automatic (supports multiple distributions and releases).
+
+To install nightly DEBs, first create an apt source, ensuring that you specify
+the right architecture and release code name. For instance, on an amd64
+system that is running Ubuntu 12.04 (precise):
+
+  cat > /etc/apt/sources.list.d/rightlink.sources.list <<EOF
+  deb [arch=amd64] https://rightlink-integration.s3.amazonaws.com/nightly/apt precise main
+  deb-src [arch=amd64] https://rightlink-integration.s3.amazonaws.com/nightly/apt precise main
+  EOF
+
+Next install RightLink cloud support package for the
+cloud type your instance is running on:
+
+  apt-get update
+  apt-get install rightlink-cloud-ec2
+
+=== Nightly MSIs
+
+TODO - provide install instructions for nightly MSIs once we begin producing them
+
+= PREREQUISITES
+
+RightLink is a Ruby application that runs as a daemon. It depends on the
+following system components/packages, which must be installed before you
+can proceed with RightLink installation.
+* Ruby >= 1.8.7 p371 or better -- older versions have GC issues!
+* RubyGems >= 1.8.25
+* C/C++ toolchain (needed to install various gems)
+
+Several auxiliary packages are recommended in order to obtain full RightLink
+functionality at runtime:
+* git and Subversion clients (facilitates Chef recipe development)
+* curl (for download of RightScript attachments)
+* dig, sed and perl (used by some cloud-specific config logic)
+
+== Supported Configurations
+
+RightLink is regularly tested on the following Linux distributions:
+* CentOS - 6.4
+* RedHat Enterprise Linux (RHEL) - 6.4
+* Ubuntu - 12.04
+
+It has been known to work on the following with little or no modification:
+* Debian
+* RedHat Enterprise Linux
+* SuSE Linux
+
+And on the following kinds of cloud:
+* Amazon Web Services (AWS)
+* Rackspace Cloud Servers
+* Eucalyptus
+* CloudStack
+
+Although RightLink is Windows-compatible and is regularly released for
+Windows variants, installation and configuration are not yet covered in this
+document. For information on the RightLink Windows MSI, see the documentation
+page on our {support wiki}[http://support.rightscale.com/12-Guides/Windows_User_Guide]
+
+== CentOS and RHEL Systems
+
+Install the C toolchain and related libraries, plus some additional libs
+required for RightLink,
+
+ yum install -y autoconf bison byacc flex gcc ncurses db4-devel glibc-devel libarchive-devel openssl-devel ncurses-devel
+
+Older releases of CentOS (before 6.x) ship with a Ruby VM that is too old. To run RightLink, you
+can build Ruby from source and install it under a different prefix such as /opt/rightscale/sandbox.
+
+== Ubuntu Systems
+
+Install the C toolchain and related libraries, plus some additional libs
+required for RightLink.
+
+ apt-get update
+ # may need libreadline5 (not 6), on older systems. Ditto with libreadline5-dev
+ apt-get install -y libssl-dev libarchive-dev libreadline-dev autoconf flex bison
+ # apt-get install -y build-essential gcc g++ bison openssl libreadline6 zlib1g vim autoconf libxml2 libffi
+ # apt-get install -y libssl-dev libreadline-dev zlib1g-dev libyaml-dev libffi-dev libxml2-dev
+ # apt-get install -y git-core perl sed curl dnsutils
+
+Newer releases of Ubuntu (11.04 and above) ship with a Ruby 1.9 VM that is too new. To run RightLink, you
+can build Ruby from source and install it under a different prefix such as /opt/rightscale/sandbox.
+
+= PRE-INSTALL CUSTOMIZATION
+
+== Feature Control Customization
+
+Before installing RightLink (either as a package or from sources), you can
+selectively disable certain features that may not be compatible with your
+deployment environment.
+
+Feature control is accomplished by creating a special YAML file prior to
+installing the package or running any RightLink init script or program
+logic. The YAML file contains some boolean flags that affect the behavior
+of the init scripts and the agent at runtime.
+
+The following features can all be disabled:
+ * Managed login (aka Server Login Control)
+ * Frozen OS package repositories
+ * Automatic MOTD update on state transitions
+
+To disable one or more of these features, create the following file:
+
+ /etc/rightscale.d/right_link/features.yml
+
+And populate the file thusly, supplying true/false for each feature
+as appropriate.
+
+ motd:
+   update: false
+ package_repositories:
+   freeze: false
+ managed_login:
+   enable: false
+
+All features are assumed to be enabled by default unless this file exists
+and the associated feature is marked as disabled. Therefore, you can omit
+sections for features that should remain enabled.
+
+= INSTALLATION
+
+== One-Time Setup
+
+If you are packaging RightLink, run these commands as a post-install step
+for your package. If you are bundling a cloud image, run these commands
+_before_ bundling.
+
+ git clone git://github.com/rightscale/right_link.git
+ cd right_link
+ bundle install
+ bundle exec rake gem
+ gem install pkg/right_link-5.9.0.gem
+ 
+The RubyGems installer will create a number of executable binaries in
+your RubyGems bindir. These binaries control the operation of RightLink
+and allow you and your scripts to interact with the management agent.
+
+On Unix systems, the CLI binaries are normally created in /usr/bin, but
+it depends on how your Ruby interpreter was installed and packaged. You
+can determine the location of your RubyGems bindir by running:
+
+ gem env
+
+By convention, most RightLink tools begin with the prefix "rs_" e.g.
+rs_tag or rs_run_recipe.
+
+= INTEGRATING WITH THE SYSTEM
+
+== Multi-Cloud Support
+
+ export RS_CLOUD=ec2 # or another cloud type, see below...
+ mkdir -p /etc/rightscale.d
+ echo "$RS_CLOUD" > /etc/rightscale.d/cloud
+
+RightLink supports many virtualization engines, cloud APIs and other facets
+of cloud technology. Due to lack of standardization, there is no reliable
+way for RightLink to auto-detect the cloud type in which it is running.
+
+We have taken the pragmatic approach and require the user to give RightLink a
+hint about its runtime environment. RightLink must know its cloud type in
+order to retrieve launch settings and runtime metadata that are crucial to
+successful operation.
+
+In the commands below, we refer to an environment variable RS_CLOUD. You
+should set RS_CLOUD to the cloud type under which RightLink is running, before
+running any of the commands below. RS_CLOUD is your "hint" to RightLink.
+
+RightLink knows about the following values of RS_CLOUD:
+* ec2
+* rackspace
+* rackspace-ng
+* eucalyptus
+* cloudstack
+* openstack
+* softlayer
+
+== On-Boot Commands
+
+Under Linux these are accomplished with init scripts. Under Windows, a system
+service spawns the agent process and monitors its health.
+
+CAUTION: if your instance is attached to the RightScale dashboard, running
+the commands below will cause it to begin running boot scripts! This is not
+harmful, but if your intent is to bundle a "pristine" image, you probably
+want to put the following commands into an init script and test by bundling
+and relaunching.
+
+ #The commands below use relative paths for readability
+ cd /opt/rightscale
+ 
+ # Fetch metadata from cloud and make it available in the shell environment
+ bin/cloud --name $RS_CLOUD --action bootstrap > /dev/null
+ . /var/spool/cloud/user-data.sh
+ 
+=== Determine Boot State
+
+ # TODO - check_for_rightscale
+
+ # TODO - rightboot init script (detect reboot & tweak state)
+
+ # TODO - check_boot_state, update_boot_state 
+
+=== Run Fix-It Tasks
+
+ # TODO - UNDOCUMENTED - bin/system --action ssh
+ # TODO - UNDOCUMENTED - bin/system --action hostname
+ # TODO - UNDOCUMENTED - bin/system --action proxy
+
+=== Configure RightLink Agent
+ 
+ bin/enroll --root-dir /var/lib/rightscale/right_link --url $RS_RN_URL --host $RS_RN_HOST --id $RS_RN_ID --token $RS_RN_AUTH
+ bin/deploy
+ 
+=== Launch RightLink Agent
+
+ # Start the RightLink agent
+ bin/rnac --start instance
+
+ # Start the agent watchdog process
+ bin/rchk --start
+
+At this point, your instance should be booting and sending audit entries back to the RightScale dashboard.
+Navigate to this server and verify that it's booting cleanly.
+
+== On-Shutdown Commands
+
+When the system is terminating, you should allow RightLink to run its decommission scripts.
+
+ #The commands below use relative paths for readability
+ cd /opt/rightscale
+ 
+ bin/rnac --decommission
+
+== Filesystem Locations
+
+=== Linux Systems
+
+ /etc/rightscale.d               | Static configuration, incl. "hints" for init scripts
+ /etc/rightscale.d/right_link    | Static files that customize RightLink behavior
+ /var/spool/cloud                | Cloud-provided metadata & user-data
+ /var/lib/rightscale/right_agent | Persistent config files generated at startup
+ /var/lib/rightscale/right_link  | Persistent RightLink agent state
+ /var/run                        | Transient agent state, e.g. pid files
+ /var/cache                      | Cookbooks, attachments, temp files
+ /usr/bin                        | Public CLI: rs_tag, rs_debug, ...
+ /opt/rightscale/bin             | Private CLI: rnac, rad, cook, ...
+ /opt/rightscale/sandbox         | Private sandbox (Ruby, RubyGems, ...)
+
+=== Windows Systems
+
+Data files -- paths are relative to %COMMON_APPDATA%\RightScale
+
+ rightscale.d            | Static "hints" for system services
+ spool\cloud             | Cloud-provided metadata & user-data (.sh, .rb, raw formats)
+ RightAgent              | Persistent config files generated at startup
+ right_link              | Persistent RightLink agent state
+ cache                   | Cookbooks, attachments, temp files
+
+Program logic -- paths are relative to %ProgramFiles(x86)%
+
+ RightScale\RightLink    | Application logic & support files
+ RightScale\sandbox      | Private sandbox (Ruby, RubyGems, ...)

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009-2012 RightScale, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,104 @@
+= RightLink
+
+= DESCRIPTION
+
+== Synopsis
+
+RightLink automates servers configuration and monitoring. It uses RabbitMQ as
+message bus and relies on Chef[2] for configuring. RightLink uses RightPopen[3]
+to monitor the stdout and stderr streams of scripted processes. Servers running
+the RightLink agent configures themselves on startup an register with the 
+mapper so that operational recipes and scripts can be run at a later time.
+
+Refer to the wiki (https://github.com/rightscale/right_link/wikis) for up-to-date
+documentation.
+
+Use the built-in issues tracker (https://github.com/rightscale/right_link/issues)
+to report issues.
+
+Maintained by the RightScale Teal Team
+
+== Interface
+
+The RightLink agent exposes actors and methods used to schedule the execution
+of Chef recipes and RightScripts (shell scripts) and perform other server
+management operations. You can find these actors in the 'actors' subdirectory
+of RightLink.
+
+RightLink retrieves <i>executable bundles</i> containing all the information
+required to run the Chef recipe or RightScript from other agents. An executable
+bundle consists of a sequence of Chef recipes and/or RightScripts together with
+any required data (Chef attributes, RightScript parameters, packages etc.). The
+exact definition can be found in RightAgent[3].
+
+Some of the other agent operations that RightLink relies on:
+
+* booter actor:
+  * booter/declare: Set the RightLink version number
+  * booter/get_repositories: Retrieve the repositories bundle used to configure the server
+  * booter/get_boot_bundle: Retrieve the boot execution bundle
+  * booter/get_decommission_bundle: Retrieve the decommission execution bundle
+
+* auditor actor:
+  * auditor/create_new_section: Create a new audit section
+  * auditor/update_status: Update the current audit summary
+  * auditor/append_info: Append information text to the audit
+  * auditor/append_error: Append error message to the audit
+  * auditor/append_output: Append script output to the audit
+  * auditor/append_raw_output: Same as above, but don't append newline character
+
+* forwarder actor:
+  * forwarder/schedule_recipe: Request a Chef recipe to be scheduled on this instance
+  * forwarder/schedule_right_script: Request a RightScript to be scheduled on this instance
+
+* state recorder actor:
+  * state_recorder/record: Record instance state transitions (e.g. <i>boot</i>-><i>operational</i>)
+
+Upon startup the instance agent will first request the boot execution bundle
+and run it. If the execution is successful it will then tell the state recorder
+actor to transition to the operational state. At that point the agent is ready
+to receive requests.
+
+RightLink comes with two command line tools <i>rs_run_recipe</i> and
+<i>rs_run_right_script</i> which allow triggering the execution of operational
+Chef recipes or RighScript respecively from within the instance itself. These
+two command line tools tell the RightLink agent to send a
+<i>forwarder/schedule_recipe</i> or <i>forwarder/schedule_right_script</i>
+request to the agents that provide these operations. These agents should in
+turn call the <i>instance_scheduler/schedule_bundle</i> operation of the
+RightLink agent with the right execution bundle.
+
+= INSTALLATION
+
+See INSTALL.rdoc for more information
+
+= ADDITIONAL RESOURCES
+
+* [1] Chef is http://wiki.opscode.com/display/chef/Home
+* [2] RightPopen is http://gemcutter.org/gems/right_popen
+* [3] RightAgent is http://gemcutter.org/gems/right_agent
+
+= LICENSE
+
+<b>RightLink</b>
+
+Copyright:: Copyright (c) 2009-2011 RightScale, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/RELEASES.rdoc

@@ -0,0 +1,143 @@
+= 5.9.1 (RightLink 5.9 beta 2)
+
+Released 2013-08-07.
+
+== New Features
+
+* Rebooting the machine with "rs_shutdown --reboot" will now use OS' facility for rebooting the
+  machine rather than invoking the cloud's API to reboot. This works around VM state loss when
+  the hypervisor/image isn't properly generating/handling ACPI restart events.
+
+== Changes to Existing Functionality
+
+* Add AMQP connection lifecycle callbacks to ensure that the instance recovers from from AMQP
+  connection failures much more rapidly.
+
+* Assign random password to users that are created during SSH login, ensuring that the RightLink
+  agent can reliably lock and unlock their accounts when role evolution occurs.
+
+== Bug Fixes
+
+* Repository freezing under CentOS 6 uses the proper public key file name, instead of hardcoding
+  "/RPM-GPG-KEY-CentOS-5"
+
+= 5.9.0 (RightLink 5.9 beta 1)
+
+Released 2013-07-13.
+
+== New Features
+
+* The RS_DECOM_REASON environment variable is set during decommission script/recipe execution to indicate the reason why decommission
+  is running. This variable will have one of the following values: 'reboot', 'stop', 'terminate' or 'unknown'
+  The value will be 'reboot', 'stop' or 'terminate' when decommissioning through the RightScale dashboard or when using the
+  rs_shutdown command. The 'unknown' value may be seen when the rightlink service is decommissioned (not stopped) from the console or
+  else the instance is shutdown or rebooted without using the rs_shutdown command.
+* RightLink is distributed as a modular "tree" of packages, making it easy to install just what you need
+* Improved package hygiene, e.g. clean uninstall and minimal post-install filesystem tampering
+* Ability to distinguish between sudo (server_login + server_superuser) and normal (server_login) users
+* Cookbook contents are cached on the instance, significantly improving reconverge speed
+
+== Changes to Existing Functionality
+
+* Disable users' accounts if they lose login privileges, in addition to removing trust in their key
+* Respect /etc/sudoers.d when configuring sudo
+* Minimize sudo privileges of rightscale user
+* Freeze RubyGems by editing the systemwide RubyGems config file (/etc/gemrc) rather than modifying
+  root's (~root/.gemrc). This helps ensure more consistent RubyGems behavior across multiple users and Ruby versions.
+* Support frozen repositories for Ubuntu 12.04-12.10 (precise, quantal)
+* Update sandbox Ruby to 1.8.7p371
+* Remove OpenSSL from the sandbox; link against system OpenSSL to inherit OS security patches
+* Remove monit from the sandbox (RightLink no longer relies on it)
+* PowerShell/Chef process spawning has been improved under Windows
+
+== Bug Fixes
+
+* pty ownership is assigned correct to enable screen/tmux sessions as "rightscale@<host>"
+* Chef "script" resource now honors the user, group and umask attributes
+* Chef "right_link_tag" resource no longer crashes on "load" action
+* Exit codes for rs_run_recipe and rs_run_right_script accurately reflect failure/success
+* rs_run_right_script can deal with parameters that contain "="
+* Network failures during cookbook/attachment download are handled gracefully
+* MOTD no longer refers to obsolete files
+* Output of "rs_tag --help" has been improved
+* AMQP broker reconnect reliability improved for certain corner cases
+* SuSE metadata query on CloudStack has been fixed
+
+= 5.8.13 (General Availability release in conjunction with ServerTemplates v13.4)
+
+== New Features
+
+=== Cloud Support
+
+== Bug Fixes
+
+* Hardened metadata retrieval for Windows on Openstack to overcome DHCP-lease race conditions
+
+= 5.8.12 (Limited-availability release)
+
+== New Features
+
+=== Cloud Support
+
+* Rackspace Open Cloud
+
+== Bug Fixes
+
+* Managed login always displays MOTD, works with older versions of sudo, 
+* Cookbook download is more reliable in fail-and-retry scenarios
+
+= 5.8.8 (General Availability release in conjunction with ServerTemplates v12.11 LTS)
+
+== New Features
+
+=== Cloud Support
+
+* Google Compute Engine
+* Windows Azure
+* SoftLayer
+
+=== Security and Compliance
+
+* Compliance with the Linux Filesystem Hierarchy Standard (FHS) helps RightLink coexist with host-based IDS
+  * See INSTALL.rdoc for more information on filesystem paths
+* Managed login requires users to login with to their own limited-privilege account, and to execute privileged commands using "sudo"
+* Some features of RightLink can be disabled prior to package install, to facilitate custom image builds for high-security deployment
+  environments
+  * For more information, refer to http://bit.ly/IftBeq or to RightLink's INSTALL.rdoc
+
+=== Automation
+
+* Concurrent recipe/script execution is supported; see the --thread option of rs_run_recipe and rs_run_right_script.
+* Non-error audit output can be suppressed for recipes/scripts that run very frequently; see the --policy and --audit-period
+  options of rs_run_recipe and rs_run_right_script
+* Tag queries accept a timeout option -- both via the rs_tag command-line tool, and the ServerCollection resource
+* The agent queries its own tags before running a sequence of scripts or recipes, helping to ensure that tag-based decisions
+  are made using fresh state. The result of the tag query is audited, to enhance transparency and facilitate debugging.
+
+=== Chef
+
+* Chef 0.10.10
+* An rs_ohai command is available to invoke Ohai from the command line with all of the RightScale plugins and enhancements.
+* RightLink features "development mode" for cookbooks, wherein the instance directly checks out cookbooks from their
+  associated Git/Subversion repository and converges using the contents of the repo. Users can edit recipes between runs,
+  and even commit and push their changes upstream after everything is working.
+  * Enable this for selected cookbooks by applying a tag to the server that lists comma-separated dev cookbook names
+  * e.g. rs_agent_dev:dev_cookbooks=cb_1,cb_2,cb_3,...
+  * For more information on cookbook development, refer to http://bit.ly/HHcVhs
+* Most commands invoked by Ohai/Chef are logged with DEBUG severity for easier debugging of troublesome providers/recipes. To change
+  the RightLink log, use the rs_log_level command.
+
+== Miscellaneous
+
+* The rs_agent_dev:log_level tag now allows you to specify any level (not just debug). Other agent-dev tags no longer force debug log level.
+  The log level can be changed by other utilities, e.g. the rs_log_level command, even if it has been initially set by the tag. The chef
+  process will re-query it's tags prior to convergence and the rs_log_level tag will take precedence in this case.
+
+== Bug Fixes
+
+* The command-line tools now report a meaningful version number (currently 0.3) and will continue to do so with future RightLink releases
+* Instances will strand if they fail to install any package required by boot scripts
+* HTTP metadata fetching is more tolerant of server errors; its output is far less verbose
+* The UI's ordering of cookbook repositories is preserved at runtime, for cookbooks that are defined in multiple repos
+* Extraneous Ohai debug output has been squelched from audits and logs
+* RightLink agent startup and shutdown is more reliable under Linux

data/actors/instance_services.rb

@@ -25,12 +25,13 @@ class InstanceServices
   include RightScale::Actor
   include RightScale::OperationResultHelper
 
-  expose :update_login_policy
+  expose :update_login_policy, :reboot
 
   def initialize(agent_identity)
     @agent_identity = agent_identity
   end
 
+  # Apply a new SSH login policy to the instance.
   # Always return success, used for troubleshooting
   #
   # == Parameters:
@@ -41,7 +42,7 @@ class InstanceServices
   #
   def update_login_policy(new_policy)
     status = nil
-    
+
     RightScale::AuditProxy.create(@agent_identity, 'Updating managed login policy') do |audit|
       begin
         RightScale::LoginManager.instance.update_policy(new_policy, @agent_identity) do |audit_content|
@@ -56,9 +57,19 @@ class InstanceServices
         audit.append_error("Error applying login policy: #{e.message}", :category => RightScale::EventCategories::CATEGORY_ERROR)
         RightScale::Log.error('Failed to update managed login policy', e, :trace)
         status = error_result("#{e.class.name}: #{e.message}")
-      end            
+      end
     end
 
     status
   end
+
+  # Reboot the instance using local (OS) facility.
+  #
+  # @return [RightScale::OperationResult] Always returns success
+  #
+  def reboot(_)
+    RightScale::Log.info('Initiate reboot using local (OS) facility')
+    RightScale::Platform.controller.reboot
+    success_result
+  end
 end

data/actors/instance_setup.rb

@@ -100,18 +100,27 @@ class InstanceSetup
     success_result(RightScale::InstanceState.value)
   end
 
-  # Handle disconnected notification from broker, enter offline mode
+  # Handle connection status notification from broker to adjust offline mode
+  # or to re-enroll if all connections have failed
   #
   # === Parameters
-  # status(Symbol):: Connection status, one of :connected or :disconnected
+  # status(Symbol):: Connection status, one of :connected, :disconnected, or :failed
   #
   # === Return
   # true:: Always return true
   def connection_status(status)
-    if status == :disconnected
+    case status
+    when :connected
+      RightScale::Sender.instance.disable_offline_mode
+    when :disconnected
       RightScale::Sender.instance.enable_offline_mode
+    when :failed
+      RightScale::Log.error("All broker connections have failed")
+      RightScale::ReenrollManager.vote
+      RightScale::ReenrollManager.vote
+      RightScale::ReenrollManager.vote
     else
-      RightScale::Sender.instance.disable_offline_mode
+      RightScale::Log.error("Unrecognized broker connection status: #{status}")
     end
     true
   end

data/lib/instance/cook/executable_sequence.rb

@@ -50,6 +50,7 @@ module RightScale
   # Runs in separate (runner) process.
   class ExecutableSequence
     include EM::Deferrable
+    include Chef::Mixin::PathSanity
 
     # Min number of seconds to wait before retrying Ohai to get the hostname
     OHAI_RETRY_MIN_DELAY  = 20
@@ -160,6 +161,12 @@ module RightScale
         download_cookbooks if @ok
         update_cookbook_path if @ok
         setup_powershell_providers if RightScale::Platform.windows?
+
+        # note that chef normally enforces path sanity before executing ohai in
+        # the client run method. we create ohai before client run and some ohai
+        # plugins behave badly when there is no ruby on the PATH. we need to do
+        # a pre-emptive path sanity here before we start ohai and chef.
+        enforce_path_sanity
         check_ohai { |o| converge(o) } if @ok
       end
       true
@@ -761,5 +768,6 @@ module RightScale
     ensure
       ENV.replace(original_env.to_hash)
     end
+
   end
 end

data/lib/instance/instance_state.rb

@@ -510,9 +510,9 @@ module RightScale
       return unless RightScale::Platform.linux?
 
       if SUCCESSFUL_STATES.include?(@value)
-        system('echo "RightScale installation complete. Details can be found in /var/log/messages" | wall') rescue nil
+        system('echo "RightScale installation complete. Details can be found in system logs." | wall') rescue nil
       elsif FAILED_STATES.include?(@value)
-        system('echo "RightScale installation failed. Please review /var/log/messages" | wall') rescue nil
+        system('echo "RightScale installation failed. Please review system logs." | wall') rescue nil
       end
 
       return nil

data/lib/instance/login_user_manager.rb

@@ -153,6 +153,13 @@ module RightScale
       Etc.getpwuid(uid).name
     end
 
+
+    def random_password
+      letters =  [('a'..'z'),('A'..'Z')].map{|i| i.to_a}.flatten
+      password = (0..32).map{ letters[rand(letters.length)] }.join
+      Shellwords.escape(password.crypt("rightscale"))
+    end
+
     # Create a Unix user with the "useradd" command.
     #
     # === Parameters
@@ -177,13 +184,15 @@ module RightScale
         dash_s = "-s #{Shellwords.escape(shell)}"
       end
 
-      result = sudo("#{useradd} #{dash_s} -u #{uid} -m #{Shellwords.escape(username)}")
+      result = sudo("#{useradd} #{dash_s} -u #{uid} -p #{random_password} -m #{Shellwords.escape(username)}")
 
       case result.exitstatus
       when 0
         home_dir = Shellwords.escape(Etc.getpwnam(username).dir)
 
         sudo("chmod 0771 #{Shellwords.escape(home_dir)}")
+        # Locking account to prevent warning os SUSE(it complains on unlocking non-locked account)
+        modify_user(username, true, shell)
 
         RightScale::Log.info "LoginUserManager created #{username} successfully"
       else

data/lib/repo_conf_generators/yum_conf_generators.rb

@@ -31,7 +31,7 @@ module Yum
   end
 
   module CentOS #########################################################################
-    RPM_GPG_KEY_CentOS5="file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5"
+    RPM_GPG_KEY_CentOS="file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-"
 
     # The different generate classes will always generate an exception ("string") if there's anything that went wrong. If no exception, things went well.
     class Base
@@ -111,16 +111,17 @@ module Yum
     ############## INTERNAL FUNCTIONS #######################################################
     def self.abstract_generate(params)
     return unless Yum::CentOS::is_this_centos?
-    opts = { :enabled => true, :gpgkey_file => RPM_GPG_KEY_CentOS5, :frozen_date => "latest"}
-    opts.merge!(params)
-    raise "missing parameters to generate file!" unless opts[:repo_filename] && opts[:repo_name] && opts[:repo_subpath] &&
-                                                        opts[:base_urls] && opts[:frozen_date] && opts[:enabled] && opts[:gpgkey_file]
+
     ver = Yum::execute("lsb_release  -rs").strip
     arch = Yum::execute("uname -i").strip
 
     major_ver = ver.strip.split(".").first
     repo_path = "#{major_ver}/#{opts[:repo_subpath]}/#{arch}"
 
+    opts = { :enabled => true, :gpgkey_file => RPM_GPG_KEY_CentOS + major_ver, :frozen_date => "latest"}
+    opts.merge!(params)
+    raise "missing parameters to generate file!" unless opts[:repo_filename] && opts[:repo_name] && opts[:repo_subpath] &&
+                                                        opts[:base_urls] && opts[:frozen_date] && opts[:enabled] && opts[:gpgkey_file]
     # Old CentOS versions 5.0 and 5.1 were not versioned...so we just point to the base of the repo instead.
     if !(ver =~ /5\.[01]/)
       repo_path = repo_path + "/archive/" + opts[:frozen_date]
@@ -154,7 +155,7 @@ END
   end # Module CentOS
 
   module Epel #####################################################################
-    RPM_GPG_KEY_EPEL="file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL"
+    RPM_GPG_KEY_EPEL="file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-"
     def self.generate(description, base_urls, frozen_date = "latest")
       opts = {:repo_filename => "Epel",
         :repo_name => "epel",
@@ -171,7 +172,7 @@ END
 
     epel_version = get_enterprise_linux_version
     puts "found EPEL version: #{epel_version}"
-    opts = { :enabled => true, :gpgkey_file => RPM_GPG_KEY_EPEL, :frozen_date => "latest"}
+    opts = { :enabled => true, :gpgkey_file => RPM_GPG_KEY_EPEL + epel_version.to_s, :frozen_date => "latest"}
     opts.merge!(params)
     raise "missing parameters to generate file!" unless opts[:repo_filename] && opts[:repo_name] &&
                                                         opts[:base_urls] && opts[:frozen_date] && opts[:enabled] && opts[:gpgkey_file]

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: right_link
 version: !ruby/object:Gem::Version 
-  hash: 19
+  hash: 17
   prerelease: false
   segments: 
   - 5
   - 9
-  - 0
-  version: 5.9.0
+  - 1
+  version: 5.9.1
 platform: ruby
 authors: 
 - RightScale
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2013-07-07 00:00:00 -07:00
+date: 2013-08-07 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -180,6 +180,10 @@ extensions:
 extra_rdoc_files: []
 
 files: 
+- RELEASES.rdoc
+- INSTALL.rdoc
+- LICENSE
+- README.rdoc
 - init/config.yml
 - init/init.rb
 - actors/agent_manager.rb