rmm-chef 0.10.0.rc.0

data/lib/chef/application/knife.rb

@@ -0,0 +1,188 @@
+#
+# Author:: Adam Jacob (<adam@opscode.com)
+# Copyright:: Copyright (c) 2009 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'chef/knife'
+require 'chef/application'
+require 'mixlib/log'
+require 'ohai/config'
+
+class Chef::Application::Knife < Chef::Application
+
+  NO_COMMAND_GIVEN = "You need to pass a sub-command (e.g., knife SUB-COMMAND)\n"
+
+  banner "Usage: knife sub-command (options)"
+
+  option :config_file,
+    :short => "-c CONFIG",
+    :long  => "--config CONFIG",
+    :description => "The configuration file to use",
+    :proc => lambda { |path| File.expand_path(path, Dir.pwd) }
+
+  verbosity_level = 0
+  option :verbosity,
+    :short => '-V',
+    :long  => '--verbose',
+    :description => "More verbose output. Use twice for max verbosity",
+    :proc  => Proc.new { verbosity_level += 1},
+    :default => 0
+
+  option :color,
+    :long         => '--color',
+    :boolean      => true,
+    :default      => true,
+    :description  => "Use colored output"
+
+  option :no_color,
+    :long         => '--no-color',
+    :boolean      => true,
+    :default      => false,
+    :description  => "Don't use colors in the output"
+
+  option :environment,
+    :short        => "-E ENVIRONMENT",
+    :long         => "--environment ENVIRONMENT",
+    :description  => "Set the Chef environment"
+
+  option :editor,
+    :short        => "-e EDITOR",
+    :long         => "--editor EDITOR",
+    :description  => "Set the editor to use for interactive commands",
+    :default      => ENV['EDITOR']
+
+  option :no_editor,
+    :short        => "-n",
+    :long         => "--no-editor",
+    :description  => "Do not open EDITOR, just accept the data as is",
+    :boolean      => true
+
+  option :help,
+    :short        => "-h",
+    :long         => "--help",
+    :description  => "Show this message",
+    :on           => :tail,
+    :boolean      => true
+
+  option :node_name,
+    :short => "-u USER",
+    :long => "--user USER",
+    :description => "API Client Username"
+
+  option :client_key,
+    :short => "-k KEY",
+    :long => "--key KEY",
+    :description => "API Client Key",
+    :proc => lambda { |path| File.expand_path(path, Dir.pwd) }
+
+  option :chef_server_url,
+    :short => "-s URL",
+    :long => "--server-url URL",
+    :description => "Chef Server URL"
+
+  option :yes,
+    :short => "-y",
+    :long => "--yes",
+    :description => "Say yes to all prompts for confirmation"
+
+  option :defaults,
+    :long => "--defaults",
+    :description => "Accept default values for all questions"
+
+  option :print_after,
+    :long => "--print-after",
+    :description => "Show the data after a destructive operation"
+
+  option :format,
+    :short => "-F FORMAT",
+    :long => "--format FORMAT",
+    :description => "Which format to use for output",
+    :default => "summary"
+
+  option :version,
+    :short        => "-v",
+    :long         => "--version",
+    :description  => "Show chef version",
+    :boolean      => true,
+    :proc         => lambda {|v| puts "Chef: #{::Chef::VERSION}"},
+    :exit         => 0
+
+
+  # Run knife
+  def run
+    Mixlib::Log::Formatter.show_time = false
+    validate_and_parse_options
+    quiet_traps
+    Chef::Knife.run(ARGV, options)
+    exit 0
+  end
+
+  private
+
+  def quiet_traps
+    trap("TERM") do
+      exit 1
+    end
+
+    trap("INT") do
+      exit 2
+    end
+  end
+
+  def validate_and_parse_options
+    # Checking ARGV validity *before* parse_options because parse_options
+    # mangles ARGV in some situations
+    if no_command_given?
+      print_help_and_exit(1, NO_COMMAND_GIVEN)
+    elsif no_subcommand_given?
+      if (want_help? || want_version?)
+        print_help_and_exit
+      else
+        print_help_and_exit(2, NO_COMMAND_GIVEN)
+      end
+    end
+  end
+
+  def no_subcommand_given?
+    ARGV[0] =~ /^-/
+  end
+
+  def no_command_given?
+    ARGV.empty?
+  end
+
+  def want_help?
+    ARGV[0] =~ /^(--help|-h)$/
+  end
+
+  def want_version?
+    ARGV[0] =~ /^(--version|-v)$/
+  end
+
+  def print_help_and_exit(exitcode=1, fatal_message=nil)
+    Chef::Log.error(fatal_message) if fatal_message
+
+    begin
+      self.parse_options
+    rescue OptionParser::InvalidOption => e
+      puts "#{e}\n"
+    end
+    puts self.opt_parser
+    puts
+    Chef::Knife.list_commands
+    exit exitcode
+  end
+
+end

data/lib/chef/application/solo.rb

@@ -0,0 +1,218 @@
+#
+# Author:: AJ Christensen (<aj@opscode.com>)
+# Copyright:: Copyright (c) 2008 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'chef'
+require 'chef/application'
+require 'chef/client'
+require 'chef/config'
+require 'chef/daemon'
+require 'chef/log'
+require 'chef/rest'
+require 'open-uri'
+require 'fileutils'
+
+class Chef::Application::Solo < Chef::Application
+
+  option :config_file,
+    :short => "-c CONFIG",
+    :long  => "--config CONFIG",
+    :default => "/etc/chef/solo.rb",
+    :description => "The configuration file to use"
+
+  option :log_level,
+    :short        => "-l LEVEL",
+    :long         => "--log_level LEVEL",
+    :description  => "Set the log level (debug, info, warn, error, fatal)",
+    :proc         => lambda { |l| l.to_sym }
+
+  option :log_location,
+    :short        => "-L LOGLOCATION",
+    :long         => "--logfile LOGLOCATION",
+    :description  => "Set the log file location, defaults to STDOUT",
+    :proc         => nil
+
+  option :help,
+    :short        => "-h",
+    :long         => "--help",
+    :description  => "Show this message",
+    :on           => :tail,
+    :boolean      => true,
+    :show_options => true,
+    :exit         => 0
+
+  option :user,
+    :short => "-u USER",
+    :long => "--user USER",
+    :description => "User to set privilege to",
+    :proc => nil
+
+  option :group,
+    :short => "-g GROUP",
+    :long => "--group GROUP",
+    :description => "Group to set privilege to",
+    :proc => nil
+
+  option :daemonize,
+    :short => "-d",
+    :long => "--daemonize",
+    :description => "Daemonize the process",
+    :proc => lambda { |p| true }
+
+  option :interval,
+    :short => "-i SECONDS",
+    :long => "--interval SECONDS",
+    :description => "Run chef-client periodically, in seconds",
+    :proc => lambda { |s| s.to_i }
+
+  option :json_attribs,
+    :short => "-j JSON_ATTRIBS",
+    :long => "--json-attributes JSON_ATTRIBS",
+    :description => "Load attributes from a JSON file or URL",
+    :proc => nil
+
+  option :node_name,
+    :short => "-N NODE_NAME",
+    :long => "--node-name NODE_NAME",
+    :description => "The node name for this client",
+    :proc => nil
+
+  option :splay,
+    :short => "-s SECONDS",
+    :long => "--splay SECONDS",
+    :description => "The splay time for running at intervals, in seconds",
+    :proc => lambda { |s| s.to_i }
+
+  option :recipe_url,
+      :short => "-r RECIPE_URL",
+      :long => "--recipe-url RECIPE_URL",
+      :description => "Pull down a remote gzipped tarball of recipes and untar it to the cookbook cache.",
+      :proc => nil
+
+  option :version,
+    :short        => "-v",
+    :long         => "--version",
+    :description  => "Show chef version",
+    :boolean      => true,
+    :proc         => lambda {|v| puts "Chef: #{::Chef::VERSION}"},
+    :exit         => 0
+
+  attr_reader :chef_solo_json
+
+  def initialize
+    super
+    @chef_solo = nil
+    @chef_solo_json = nil
+  end
+
+  def reconfigure
+    super
+
+    Chef::Config[:solo] = true
+
+    if Chef::Config[:daemonize]
+      Chef::Config[:interval] ||= 1800
+    end
+
+    if Chef::Config[:json_attribs]
+      begin
+        json_io = case Chef::Config[:json_attribs]
+                  when /^(http|https):\/\//
+                    @rest = Chef::REST.new(Chef::Config[:json_attribs], nil, nil)
+                    @rest.get_rest(Chef::Config[:json_attribs], true).open
+                  else
+                    open(Chef::Config[:json_attribs])
+                  end
+      rescue SocketError => error
+        Chef::Application.fatal!("I cannot connect to #{Chef::Config[:json_attribs]}", 2)
+      rescue Errno::ENOENT => error
+        Chef::Application.fatal!("I cannot find #{Chef::Config[:json_attribs]}", 2)
+      rescue Errno::EACCES => error
+        Chef::Application.fatal!("Permissions are incorrect on #{Chef::Config[:json_attribs]}. Please chmod a+r #{Chef::Config[:json_attribs]}", 2)
+      rescue Exception => error
+        Chef::Application.fatal!("Got an unexpected error reading #{Chef::Config[:json_attribs]}: #{error.message}", 2)
+      end
+
+      begin
+        @chef_solo_json = Chef::JSONCompat.from_json(json_io.read)
+        json_io.close unless json_io.closed?
+      rescue JSON::ParserError => error
+        Chef::Application.fatal!("Could not parse the provided JSON file (#{Chef::Config[:json_attribs]})!: " + error.message, 2)
+      end
+    end
+
+    if Chef::Config[:recipe_url]
+      cookbooks_path = Array(Chef::Config[:cookbook_path]).detect{|e| e =~ /\/cookbooks\/*$/ }
+      recipes_path = File.expand_path(File.join(cookbooks_path, '..'))
+      target_file = File.join(recipes_path, 'recipes.tgz')
+
+      Chef::Log.debug "Creating path #{recipes_path} to extract recipes into"
+      FileUtils.mkdir_p recipes_path
+      path = File.join(recipes_path, 'recipes.tgz')
+      File.open(path, 'wb') do |f|
+        open(Chef::Config[:recipe_url]) do |r|
+          f.write(r.read)
+        end
+      end
+      Chef::Mixin::Command.run_command(:command => "tar zxvfC #{path} #{recipes_path}")
+    end
+  end
+
+  def setup_application
+    Chef::Daemon.change_privilege
+  end
+
+  def run_application
+    if Chef::Config[:daemonize]
+      Chef::Daemon.daemonize("chef-client")
+    end
+
+    loop do
+      begin
+        if Chef::Config[:splay]
+          splay = rand Chef::Config[:splay]
+          Chef::Log.debug("Splay sleep #{splay} seconds")
+          sleep splay
+        end
+
+        @chef_solo = Chef::Client.new(@chef_solo_json)
+        @chef_solo.run
+        @chef_solo = nil
+        if Chef::Config[:interval]
+          Chef::Log.debug("Sleeping for #{Chef::Config[:interval]} seconds")
+          sleep Chef::Config[:interval]
+        else
+          Chef::Application.exit! "Exiting", 0
+        end
+      rescue SystemExit => e
+        raise
+      rescue Exception => e
+        if Chef::Config[:interval]
+          Chef::Log.error("#{e.class}: #{e}")
+          Chef::Log.debug("#{e.class}: #{e}\n#{e.backtrace.join("\n")}")
+          Chef::Log.fatal("Sleeping for #{Chef::Config[:interval]} seconds before trying again")
+          sleep Chef::Config[:interval]
+          retry
+        else
+          Chef::Application.debug_stacktrace(e)
+          Chef::Application.fatal!("#{e.class}: #{e.message}", 1)
+        end
+      ensure
+        GC.start
+      end
+    end
+  end
+end

data/lib/chef/applications.rb

@@ -0,0 +1,4 @@
+require 'chef/application/agent'
+require 'chef/application/client'
+require 'chef/application/knife'
+require 'chef/application/solo'

data/lib/chef/certificate.rb

@@ -0,0 +1,194 @@
+#
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Author:: Christopher Brown (<cb@opscode.com>)
+# Copyright:: Copyright (c) 2009 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/log'
+require 'chef/config'
+require 'chef/api_client'
+require 'openssl'
+require 'fileutils'
+
+class Chef
+  class Certificate
+    class << self
+  
+      # Generates a new CA Certificate and Key, and writes them out to
+      # Chef::Config[:signing_ca_cert] and Chef::Config[:signing_ca_key].
+      def generate_signing_ca
+        ca_cert_file = Chef::Config[:signing_ca_cert]
+        ca_keypair_file = Chef::Config[:signing_ca_key] 
+
+        unless File.exists?(ca_cert_file) && File.exists?(ca_keypair_file)
+          Chef::Log.info("Creating new signing certificate")
+        
+          [ ca_cert_file, ca_keypair_file ].each do |f|
+            ca_basedir = File.dirname(f)
+            FileUtils.mkdir_p ca_basedir
+          end
+
+          keypair = OpenSSL::PKey::RSA.generate(1024)
+
+          ca_cert = OpenSSL::X509::Certificate.new
+          ca_cert.version = 3
+          ca_cert.serial = 1
+          info = [
+            ["C", Chef::Config[:signing_ca_country]], 
+            ["ST", Chef::Config[:signing_ca_state]], 
+            ["L", Chef::Config[:signing_ca_location]], 
+            ["O", Chef::Config[:signing_ca_org]],
+            ["OU", "Certificate Service"], 
+            ["CN", "#{Chef::Config[:signing_ca_domain]}/emailAddress=#{Chef::Config[:signing_ca_email]}"]
+          ]
+          ca_cert.subject = ca_cert.issuer = OpenSSL::X509::Name.new(info)
+          ca_cert.not_before = Time.now
+          ca_cert.not_after = Time.now + 10 * 365 * 24 * 60 * 60 # 10 years
+          ca_cert.public_key = keypair.public_key
+
+          ef = OpenSSL::X509::ExtensionFactory.new
+          ef.subject_certificate = ca_cert
+          ef.issuer_certificate = ca_cert
+          ca_cert.extensions = [
+                  ef.create_extension("basicConstraints", "CA:TRUE", true),
+                  ef.create_extension("subjectKeyIdentifier", "hash"),
+                  ef.create_extension("keyUsage", "cRLSign,keyCertSign", true),
+          ]
+          ca_cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
+          ca_cert.sign keypair, OpenSSL::Digest::SHA1.new
+
+          File.open(ca_cert_file, "w") { |f| f.write ca_cert.to_pem }
+          File.open(ca_keypair_file, File::WRONLY|File::EXCL|File::CREAT, 0600) { |f| f.write keypair.to_pem }
+          if (Chef::Config[:signing_ca_user] && Chef::Config[:signing_ca_group])
+            FileUtils.chown(Chef::Config[:signing_ca_user], Chef::Config[:signing_ca_group], ca_keypair_file)
+          end
+        end
+        self
+      end
+
+      # Creates a new key pair, and signs them with the signing certificate
+      # and key generated from generate_signing_ca above.  
+      #
+      # @param [String] The common name for the key pair.
+      # @param [Optional String] The subject alternative name.
+      # @return [Object, Object] The public and private key objects.
+      def gen_keypair(common_name, subject_alternative_name = nil)
+
+        Chef::Log.info("Creating new key pair for #{common_name}")
+
+        # generate client keypair
+        client_keypair = OpenSSL::PKey::RSA.generate(2048)
+
+        client_cert = OpenSSL::X509::Certificate.new
+
+        ca_cert = OpenSSL::X509::Certificate.new(File.read(Chef::Config[:signing_ca_cert]))
+
+        info = [
+          ["C", Chef::Config[:signing_ca_country]], 
+          ["ST", Chef::Config[:signing_ca_state]], 
+          ["L", Chef::Config[:signing_ca_location]], 
+          ["O", Chef::Config[:signing_ca_org]],
+          ["OU", "Certificate Service"], 
+          ["CN", common_name ]
+        ]
+
+        client_cert.subject = OpenSSL::X509::Name.new(info)
+        client_cert.issuer = ca_cert.subject
+        client_cert.not_before = Time.now
+        client_cert.not_after = Time.now + 10 * 365 * 24 * 60 * 60 # 10 years
+        client_cert.public_key = client_keypair.public_key
+        client_cert.serial = 1
+        client_cert.version = 3
+
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = client_cert
+        ef.issuer_certificate = ca_cert
+
+        client_cert.extensions = [
+                ef.create_extension("basicConstraints", "CA:FALSE", true),
+                ef.create_extension("subjectKeyIdentifier", "hash")
+        ]
+        client_cert.add_extension ef.create_extension("subjectAltName", subject_alternative_name) if subject_alternative_name
+
+        client_cert.sign(OpenSSL::PKey::RSA.new(File.read(Chef::Config[:signing_ca_key])), OpenSSL::Digest::SHA1.new)
+
+        return client_cert.public_key, client_keypair
+      end
+
+      def gen_validation_key(name=Chef::Config[:validation_client_name], key_file=Chef::Config[:validation_key], admin=false)
+        # Create the validation key
+        api_client = Chef::ApiClient.new
+        api_client.name(name)
+        api_client.admin(admin)
+        
+        begin
+          # If both the couch record and file exist, don't do anything. Otherwise,
+          # re-generate the validation key.
+          Chef::ApiClient.cdb_load(name)
+          
+          # The couch document was loaded successfully if we got to here; if we
+          # can't also load the file on the filesystem, we'll regenerate it all.
+          File.open(key_file, "r") do |file|
+          end
+        rescue Chef::Exceptions::CouchDBNotFound
+          create_validation_key(api_client, key_file)
+        rescue
+          if $!.class.name =~ /Errno::/
+            Chef::Log.error("Error opening validation key: #{$!} -- destroying and regenerating")
+            begin
+              api_client.cdb_destroy
+            rescue Bunny::ServerDownError => e
+              # create_validation_key is gonna fail anyway, so let's just bail out.
+              Chef::Log.fatal("Could not de-index (to rabbitmq) previous validation key - rabbitmq is down! Start rabbitmq then restart chef-server to re-generate it")
+              raise
+            end
+            
+            create_validation_key(api_client, key_file)
+          else
+            raise
+          end
+        end
+      end
+      
+      private
+      def create_validation_key(api_client, key_file)
+        Chef::Log.info("Creating validation key...")
+
+        api_client.create_keys
+        begin
+          api_client.cdb_save
+        rescue Bunny::ServerDownError => e
+          # If rabbitmq is down, the client will have been saved in CouchDB,
+          # but not in the index.
+          Chef::Log.fatal("Could not index (to rabbitmq) validation key - rabbitmq is down! Start rabbitmq then restart chef-server to re-generate it")
+
+          # re-raise so the error bubbles out and nukes chef-server
+          raise e
+        end
+        
+        key_dir = File.dirname(key_file)
+        FileUtils.mkdir_p(key_dir) unless File.directory?(key_dir)
+        File.open(key_file, File::WRONLY|File::CREAT, 0600) do |f|
+          f.print(api_client.private_key)
+        end
+        if (Chef::Config[:signing_ca_user] && Chef::Config[:signing_ca_group])
+          FileUtils.chown(Chef::Config[:signing_ca_user], Chef::Config[:signing_ca_group], key_file)
+        end
+      end
+
+    end
+  end
+end