runa-chef 0.8.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/LICENSE +201 -0
- data/README.rdoc +136 -0
- data/bin/chef-client +26 -0
- data/bin/chef-solo +26 -0
- data/bin/knife +27 -0
- data/bin/shef +45 -0
- data/distro/README +2 -0
- data/distro/common/man/man1/chef-indexer.1 +42 -0
- data/distro/common/man/man1/chef-server.1 +108 -0
- data/distro/common/man/man8/chef-client.8 +61 -0
- data/distro/common/man/man8/chef-solo.8 +58 -0
- data/distro/common/man/man8/knife.8 +359 -0
- data/distro/debian/etc/init.d/chef-client +175 -0
- data/distro/debian/etc/init.d/chef-indexer +175 -0
- data/distro/debian/etc/init.d/chef-server +120 -0
- data/distro/redhat/etc/init.d/chef-client +78 -0
- data/distro/redhat/etc/init.d/chef-indexer +76 -0
- data/distro/redhat/etc/init.d/chef-server +78 -0
- data/distro/redhat/etc/sysconfig/chef-client +10 -0
- data/distro/redhat/etc/sysconfig/chef-indexer +8 -0
- data/distro/redhat/etc/sysconfig/chef-server +10 -0
- data/distro/suse/etc/init.d/chef-client +121 -0
- data/lib/chef.rb +49 -0
- data/lib/chef/api_client.rb +269 -0
- data/lib/chef/application.rb +98 -0
- data/lib/chef/application/agent.rb +18 -0
- data/lib/chef/application/client.rb +214 -0
- data/lib/chef/application/knife.rb +138 -0
- data/lib/chef/application/server.rb +19 -0
- data/lib/chef/application/solo.rb +214 -0
- data/lib/chef/cache.rb +61 -0
- data/lib/chef/cache/checksum.rb +70 -0
- data/lib/chef/certificate.rb +154 -0
- data/lib/chef/client.rb +323 -0
- data/lib/chef/compile.rb +158 -0
- data/lib/chef/config.rb +195 -0
- data/lib/chef/cookbook.rb +198 -0
- data/lib/chef/cookbook/metadata.rb +487 -0
- data/lib/chef/cookbook/metadata/version.rb +87 -0
- data/lib/chef/cookbook_loader.rb +180 -0
- data/lib/chef/couchdb.rb +273 -0
- data/lib/chef/daemon.rb +170 -0
- data/lib/chef/data_bag.rb +216 -0
- data/lib/chef/data_bag_item.rb +227 -0
- data/lib/chef/exceptions.rb +39 -0
- data/lib/chef/file_cache.rb +205 -0
- data/lib/chef/knife.rb +300 -0
- data/lib/chef/knife/client_bulk_delete.rb +41 -0
- data/lib/chef/knife/client_create.rb +55 -0
- data/lib/chef/knife/client_delete.rb +37 -0
- data/lib/chef/knife/client_edit.rb +37 -0
- data/lib/chef/knife/client_list.rb +40 -0
- data/lib/chef/knife/client_reregister.rb +48 -0
- data/lib/chef/knife/client_show.rb +42 -0
- data/lib/chef/knife/configure.rb +84 -0
- data/lib/chef/knife/cookbook_bulk_delete.rb +47 -0
- data/lib/chef/knife/cookbook_delete.rb +41 -0
- data/lib/chef/knife/cookbook_download.rb +57 -0
- data/lib/chef/knife/cookbook_list.rb +41 -0
- data/lib/chef/knife/cookbook_metadata.rb +87 -0
- data/lib/chef/knife/cookbook_show.rb +75 -0
- data/lib/chef/knife/cookbook_upload.rb +173 -0
- data/lib/chef/knife/data_bag_create.rb +43 -0
- data/lib/chef/knife/data_bag_delete.rb +43 -0
- data/lib/chef/knife/data_bag_edit.rb +49 -0
- data/lib/chef/knife/data_bag_list.rb +42 -0
- data/lib/chef/knife/data_bag_show.rb +40 -0
- data/lib/chef/knife/ec2_instance_data.rb +46 -0
- data/lib/chef/knife/node_bulk_delete.rb +44 -0
- data/lib/chef/knife/node_create.rb +39 -0
- data/lib/chef/knife/node_delete.rb +36 -0
- data/lib/chef/knife/node_edit.rb +36 -0
- data/lib/chef/knife/node_from_file.rb +42 -0
- data/lib/chef/knife/node_list.rb +41 -0
- data/lib/chef/knife/node_run_list_add.rb +64 -0
- data/lib/chef/knife/node_run_list_remove.rb +45 -0
- data/lib/chef/knife/node_show.rb +46 -0
- data/lib/chef/knife/role_bulk_delete.rb +45 -0
- data/lib/chef/knife/role_create.rb +44 -0
- data/lib/chef/knife/role_delete.rb +36 -0
- data/lib/chef/knife/role_edit.rb +37 -0
- data/lib/chef/knife/role_from_file.rb +46 -0
- data/lib/chef/knife/role_list.rb +40 -0
- data/lib/chef/knife/role_show.rb +43 -0
- data/lib/chef/knife/search.rb +94 -0
- data/lib/chef/log.rb +39 -0
- data/lib/chef/mixin/check_helper.rb +31 -0
- data/lib/chef/mixin/checksum.rb +32 -0
- data/lib/chef/mixin/command.rb +390 -0
- data/lib/chef/mixin/convert_to_class_name.rb +57 -0
- data/lib/chef/mixin/create_path.rb +56 -0
- data/lib/chef/mixin/deep_merge.rb +33 -0
- data/lib/chef/mixin/find_preferred_file.rb +92 -0
- data/lib/chef/mixin/from_file.rb +50 -0
- data/lib/chef/mixin/generate_url.rb +58 -0
- data/lib/chef/mixin/language.rb +107 -0
- data/lib/chef/mixin/language_include_attribute.rb +56 -0
- data/lib/chef/mixin/language_include_recipe.rb +53 -0
- data/lib/chef/mixin/params_validate.rb +197 -0
- data/lib/chef/mixin/recipe_definition_dsl_core.rb +79 -0
- data/lib/chef/mixin/template.rb +94 -0
- data/lib/chef/nanite.rb +100 -0
- data/lib/chef/node.rb +463 -0
- data/lib/chef/node/attribute.rb +412 -0
- data/lib/chef/openid_registration.rb +181 -0
- data/lib/chef/platform.rb +268 -0
- data/lib/chef/provider.rb +101 -0
- data/lib/chef/provider/breakpoint.rb +36 -0
- data/lib/chef/provider/cron.rb +184 -0
- data/lib/chef/provider/deploy.rb +314 -0
- data/lib/chef/provider/deploy/revision.rb +70 -0
- data/lib/chef/provider/deploy/timestamped.rb +33 -0
- data/lib/chef/provider/directory.rb +72 -0
- data/lib/chef/provider/erl_call.rb +72 -0
- data/lib/chef/provider/execute.rb +58 -0
- data/lib/chef/provider/file.rb +195 -0
- data/lib/chef/provider/git.rb +203 -0
- data/lib/chef/provider/group.rb +120 -0
- data/lib/chef/provider/group/dscl.rb +128 -0
- data/lib/chef/provider/group/gpasswd.rb +50 -0
- data/lib/chef/provider/group/groupadd.rb +78 -0
- data/lib/chef/provider/group/pw.rb +88 -0
- data/lib/chef/provider/group/usermod.rb +57 -0
- data/lib/chef/provider/http_request.rb +106 -0
- data/lib/chef/provider/ifconfig.rb +131 -0
- data/lib/chef/provider/link.rb +157 -0
- data/lib/chef/provider/mdadm.rb +88 -0
- data/lib/chef/provider/mount.rb +117 -0
- data/lib/chef/provider/mount/mount.rb +208 -0
- data/lib/chef/provider/package.rb +160 -0
- data/lib/chef/provider/package/apt.rb +110 -0
- data/lib/chef/provider/package/dpkg.rb +109 -0
- data/lib/chef/provider/package/easy_install.rb +106 -0
- data/lib/chef/provider/package/freebsd.rb +153 -0
- data/lib/chef/provider/package/macports.rb +105 -0
- data/lib/chef/provider/package/portage.rb +124 -0
- data/lib/chef/provider/package/rpm.rb +99 -0
- data/lib/chef/provider/package/rubygems.rb +136 -0
- data/lib/chef/provider/package/yum-dump.py +125 -0
- data/lib/chef/provider/package/yum.rb +175 -0
- data/lib/chef/provider/package/zypper.rb +132 -0
- data/lib/chef/provider/remote_directory.rb +126 -0
- data/lib/chef/provider/remote_file.rb +141 -0
- data/lib/chef/provider/route.rb +118 -0
- data/lib/chef/provider/ruby_block.rb +33 -0
- data/lib/chef/provider/script.rb +42 -0
- data/lib/chef/provider/service.rb +135 -0
- data/lib/chef/provider/service/debian.rb +64 -0
- data/lib/chef/provider/service/freebsd.rb +156 -0
- data/lib/chef/provider/service/gentoo.rb +54 -0
- data/lib/chef/provider/service/init.rb +71 -0
- data/lib/chef/provider/service/redhat.rb +62 -0
- data/lib/chef/provider/service/simple.rb +114 -0
- data/lib/chef/provider/subversion.rb +156 -0
- data/lib/chef/provider/template.rb +175 -0
- data/lib/chef/provider/user.rb +170 -0
- data/lib/chef/provider/user/dscl.rb +280 -0
- data/lib/chef/provider/user/pw.rb +113 -0
- data/lib/chef/provider/user/useradd.rb +108 -0
- data/lib/chef/recipe.rb +105 -0
- data/lib/chef/resource.rb +380 -0
- data/lib/chef/resource/apt_package.rb +34 -0
- data/lib/chef/resource/bash.rb +33 -0
- data/lib/chef/resource/breakpoint.rb +35 -0
- data/lib/chef/resource/cron.rb +179 -0
- data/lib/chef/resource/csh.rb +33 -0
- data/lib/chef/resource/deploy.rb +359 -0
- data/lib/chef/resource/deploy_revision.rb +35 -0
- data/lib/chef/resource/directory.rb +76 -0
- data/lib/chef/resource/dpkg_package.rb +34 -0
- data/lib/chef/resource/easy_install_package.rb +41 -0
- data/lib/chef/resource/erl_call.rb +83 -0
- data/lib/chef/resource/execute.rb +127 -0
- data/lib/chef/resource/file.rb +84 -0
- data/lib/chef/resource/gem_package.rb +41 -0
- data/lib/chef/resource/git.rb +36 -0
- data/lib/chef/resource/group.rb +70 -0
- data/lib/chef/resource/http_request.rb +52 -0
- data/lib/chef/resource/ifconfig.rb +134 -0
- data/lib/chef/resource/link.rb +78 -0
- data/lib/chef/resource/macports_package.rb +29 -0
- data/lib/chef/resource/mdadm.rb +82 -0
- data/lib/chef/resource/mount.rb +135 -0
- data/lib/chef/resource/package.rb +80 -0
- data/lib/chef/resource/perl.rb +33 -0
- data/lib/chef/resource/portage_package.rb +33 -0
- data/lib/chef/resource/python.rb +33 -0
- data/lib/chef/resource/remote_directory.rb +91 -0
- data/lib/chef/resource/remote_file.rb +60 -0
- data/lib/chef/resource/route.rb +135 -0
- data/lib/chef/resource/ruby.rb +33 -0
- data/lib/chef/resource/ruby_block.rb +39 -0
- data/lib/chef/resource/scm.rb +137 -0
- data/lib/chef/resource/script.rb +51 -0
- data/lib/chef/resource/service.rb +134 -0
- data/lib/chef/resource/subversion.rb +34 -0
- data/lib/chef/resource/template.rb +60 -0
- data/lib/chef/resource/timestamped_deploy.rb +31 -0
- data/lib/chef/resource/user.rb +101 -0
- data/lib/chef/resource_collection.rb +212 -0
- data/lib/chef/resource_collection/stepable_iterator.rb +124 -0
- data/lib/chef/resource_definition.rb +67 -0
- data/lib/chef/rest.rb +298 -0
- data/lib/chef/role.rb +301 -0
- data/lib/chef/run_list.rb +164 -0
- data/lib/chef/runner.rb +130 -0
- data/lib/chef/search/query.rb +71 -0
- data/lib/chef/shef.rb +220 -0
- data/lib/chef/shef/ext.rb +297 -0
- data/lib/chef/shef/shef_session.rb +175 -0
- data/lib/chef/streaming_cookbook_uploader.rb +185 -0
- data/lib/chef/tasks/chef_repo.rake +245 -0
- data/lib/chef/util/file_edit.rb +125 -0
- data/lib/chef/util/fileedit.rb +121 -0
- data/lib/chef/webui_user.rb +231 -0
- metadata +398 -0
@@ -0,0 +1,19 @@
|
|
1
|
+
#
|
2
|
+
# Author:: AJ Christensen (<aj@opscode.com>)
|
3
|
+
# Copyright:: Copyright (c) 2008 Opscode, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
18
|
+
require 'chef/application'
|
19
|
+
|
@@ -0,0 +1,214 @@
|
|
1
|
+
#
|
2
|
+
# Author:: AJ Christensen (<aj@opscode.com>)
|
3
|
+
# Copyright:: Copyright (c) 2008 Opscode, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
18
|
+
require 'chef/application'
|
19
|
+
require 'chef/client'
|
20
|
+
require 'chef/config'
|
21
|
+
require 'chef/daemon'
|
22
|
+
require 'chef/log'
|
23
|
+
require 'net/http'
|
24
|
+
require 'open-uri'
|
25
|
+
require 'fileutils'
|
26
|
+
|
27
|
+
class Chef::Application::Solo < Chef::Application
|
28
|
+
|
29
|
+
option :config_file,
|
30
|
+
:short => "-c CONFIG",
|
31
|
+
:long => "--config CONFIG",
|
32
|
+
:default => "/etc/chef/solo.rb",
|
33
|
+
:description => "The configuration file to use"
|
34
|
+
|
35
|
+
option :log_level,
|
36
|
+
:short => "-l LEVEL",
|
37
|
+
:long => "--log_level LEVEL",
|
38
|
+
:description => "Set the log level (debug, info, warn, error, fatal)",
|
39
|
+
:proc => lambda { |l| l.to_sym }
|
40
|
+
|
41
|
+
option :log_location,
|
42
|
+
:short => "-L LOGLOCATION",
|
43
|
+
:long => "--logfile LOGLOCATION",
|
44
|
+
:description => "Set the log file location, defaults to STDOUT",
|
45
|
+
:proc => nil
|
46
|
+
|
47
|
+
option :help,
|
48
|
+
:short => "-h",
|
49
|
+
:long => "--help",
|
50
|
+
:description => "Show this message",
|
51
|
+
:on => :tail,
|
52
|
+
:boolean => true,
|
53
|
+
:show_options => true,
|
54
|
+
:exit => 0
|
55
|
+
|
56
|
+
option :user,
|
57
|
+
:short => "-u USER",
|
58
|
+
:long => "--user USER",
|
59
|
+
:description => "User to set privilege to",
|
60
|
+
:proc => nil
|
61
|
+
|
62
|
+
option :group,
|
63
|
+
:short => "-g GROUP",
|
64
|
+
:long => "--group GROUP",
|
65
|
+
:description => "Group to set privilege to",
|
66
|
+
:proc => nil
|
67
|
+
|
68
|
+
option :daemonize,
|
69
|
+
:short => "-d",
|
70
|
+
:long => "--daemonize",
|
71
|
+
:description => "Daemonize the process",
|
72
|
+
:proc => lambda { |p| true }
|
73
|
+
|
74
|
+
option :interval,
|
75
|
+
:short => "-i SECONDS",
|
76
|
+
:long => "--interval SECONDS",
|
77
|
+
:description => "Run chef-client periodically, in seconds",
|
78
|
+
:proc => lambda { |s| s.to_i }
|
79
|
+
|
80
|
+
option :json_attribs,
|
81
|
+
:short => "-j JSON_ATTRIBS",
|
82
|
+
:long => "--json-attributes JSON_ATTRIBS",
|
83
|
+
:description => "Load attributes from a JSON file or URL",
|
84
|
+
:proc => nil
|
85
|
+
|
86
|
+
option :node_name,
|
87
|
+
:short => "-N NODE_NAME",
|
88
|
+
:long => "--node-name NODE_NAME",
|
89
|
+
:description => "The node name for this client",
|
90
|
+
:proc => nil
|
91
|
+
|
92
|
+
option :splay,
|
93
|
+
:short => "-s SECONDS",
|
94
|
+
:long => "--splay SECONDS",
|
95
|
+
:description => "The splay time for running at intervals, in seconds",
|
96
|
+
:proc => lambda { |s| s.to_i }
|
97
|
+
|
98
|
+
option :json_attribs,
|
99
|
+
:short => "-j JSON_ATTRIBS",
|
100
|
+
:long => "--json-attributes JSON_ATTRIBS",
|
101
|
+
:description => "Load attributes from a JSON file or URL",
|
102
|
+
:proc => nil
|
103
|
+
|
104
|
+
option :recipe_url,
|
105
|
+
:short => "-r RECIPE_URL",
|
106
|
+
:long => "--recipe-url RECIPE_URL",
|
107
|
+
:description => "Pull down a remote gzipped tarball of recipes and untar it to the cookbook cache.",
|
108
|
+
:proc => nil
|
109
|
+
|
110
|
+
option :version,
|
111
|
+
:short => "-v",
|
112
|
+
:long => "--version",
|
113
|
+
:description => "Show chef version",
|
114
|
+
:boolean => true,
|
115
|
+
:proc => lambda {|v| puts "Chef: #{::Chef::VERSION}"},
|
116
|
+
:exit => 0
|
117
|
+
|
118
|
+
def initialize
|
119
|
+
super
|
120
|
+
@chef_solo = nil
|
121
|
+
@chef_solo_json = nil
|
122
|
+
end
|
123
|
+
|
124
|
+
def reconfigure
|
125
|
+
super
|
126
|
+
|
127
|
+
Chef::Config.solo true
|
128
|
+
|
129
|
+
if Chef::Config[:daemonize]
|
130
|
+
Chef::Config[:interval] ||= 1800
|
131
|
+
end
|
132
|
+
|
133
|
+
if Chef::Config[:json_attribs]
|
134
|
+
begin
|
135
|
+
json_io = open(Chef::Config[:json_attribs])
|
136
|
+
rescue SocketError => error
|
137
|
+
Chef::Application.fatal!("I cannot connect to #{Chef::Config[:json_attribs]}", 2)
|
138
|
+
rescue Errno::ENOENT => error
|
139
|
+
Chef::Application.fatal!("I cannot find #{Chef::Config[:json_attribs]}", 2)
|
140
|
+
rescue Errno::EACCES => error
|
141
|
+
Chef::Application.fatal!("Permissions are incorrect on #{Chef::Config[:json_attribs]}. Please chmod a+r #{Chef::Config[:json_attribs]}", 2)
|
142
|
+
rescue Exception => error
|
143
|
+
Chef::Application.fatal!("Got an unexpected error reading #{Chef::Config[:json_attribs]}: #{error.message}", 2)
|
144
|
+
end
|
145
|
+
|
146
|
+
begin
|
147
|
+
@chef_solo_json = JSON.parse(json_io.read)
|
148
|
+
rescue JSON::ParserError => error
|
149
|
+
Chef::Application.fatal!("Could not parse the provided JSON file (#{Chef::Config[:json_attribs]})!: " + error.message, 2)
|
150
|
+
end
|
151
|
+
end
|
152
|
+
|
153
|
+
if Chef::Config[:recipe_url]
|
154
|
+
cookbooks_path = Chef::Config[:cookbook_path].detect{|e| e =~ /\/cookbooks\/*$/ }
|
155
|
+
recipes_path = File.expand_path(File.join(cookbooks_path, '..'))
|
156
|
+
target_file = File.join(recipes_path, 'recipes.tgz')
|
157
|
+
|
158
|
+
Chef::Log.debug "Creating path #{recipes_path} to extract recipes into"
|
159
|
+
FileUtils.mkdir_p recipes_path
|
160
|
+
path = File.join(recipes_path, 'recipes.tgz')
|
161
|
+
File.open(path, 'wb') do |f|
|
162
|
+
open(Chef::Config[:recipe_url]) do |r|
|
163
|
+
f.write(r.read)
|
164
|
+
end
|
165
|
+
end
|
166
|
+
Chef::Mixin::Command.run_command(:command => "tar zxvfC #{path} #{recipes_path}")
|
167
|
+
end
|
168
|
+
end
|
169
|
+
|
170
|
+
def setup_application
|
171
|
+
Chef::Daemon.change_privilege
|
172
|
+
|
173
|
+
@chef_solo = Chef::Client.new
|
174
|
+
@chef_solo.json_attribs = @chef_solo_json
|
175
|
+
@chef_solo.node_name = Chef::Config[:node_name]
|
176
|
+
end
|
177
|
+
|
178
|
+
def run_application
|
179
|
+
if Chef::Config[:daemonize]
|
180
|
+
Chef::Daemon.daemonize("chef-client")
|
181
|
+
end
|
182
|
+
|
183
|
+
loop do
|
184
|
+
begin
|
185
|
+
if Chef::Config[:splay]
|
186
|
+
splay = rand Chef::Config[:splay]
|
187
|
+
Chef::Log.debug("Splay sleep #{splay} seconds")
|
188
|
+
sleep splay
|
189
|
+
end
|
190
|
+
|
191
|
+
@chef_solo.run_solo
|
192
|
+
|
193
|
+
if Chef::Config[:interval]
|
194
|
+
Chef::Log.debug("Sleeping for #{Chef::Config[:interval]} seconds")
|
195
|
+
sleep Chef::Config[:interval]
|
196
|
+
else
|
197
|
+
Chef::Application.exit! "Exiting", 0
|
198
|
+
end
|
199
|
+
rescue SystemExit => e
|
200
|
+
raise
|
201
|
+
rescue Exception => e
|
202
|
+
if Chef::Config[:interval]
|
203
|
+
Chef::Log.error("#{e.class}")
|
204
|
+
Chef::Log.fatal("#{e}\n#{e.backtrace.join("\n")}")
|
205
|
+
Chef::Log.fatal("Sleeping for #{Chef::Config[:interval]} seconds before trying again")
|
206
|
+
sleep Chef::Config[:interval]
|
207
|
+
retry
|
208
|
+
else
|
209
|
+
raise
|
210
|
+
end
|
211
|
+
end
|
212
|
+
end
|
213
|
+
end
|
214
|
+
end
|
data/lib/chef/cache.rb
ADDED
@@ -0,0 +1,61 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Adam Jacob (<adam@opscode.com>)
|
3
|
+
# Author:: Daniel DeLeo (<dan@kallistec.com>)
|
4
|
+
# Copyright:: Copyright (c) 2009 Opscode, Inc.
|
5
|
+
# Copyright:: Copyright (c) 2009 Daniel DeLeo
|
6
|
+
# License:: Apache License, Version 2.0
|
7
|
+
#
|
8
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
9
|
+
# you may not use this file except in compliance with the License.
|
10
|
+
# You may obtain a copy of the License at
|
11
|
+
#
|
12
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
13
|
+
#
|
14
|
+
# Unless required by applicable law or agreed to in writing, software
|
15
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
16
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
17
|
+
# See the License for the specific language governing permissions and
|
18
|
+
# limitations under the License.
|
19
|
+
#
|
20
|
+
|
21
|
+
require 'chef/log'
|
22
|
+
require 'chef/config'
|
23
|
+
require 'chef/mixin/convert_to_class_name'
|
24
|
+
require 'singleton'
|
25
|
+
require 'moneta'
|
26
|
+
|
27
|
+
class Chef
|
28
|
+
class Cache
|
29
|
+
include Chef::Mixin::ConvertToClassName
|
30
|
+
include ::Singleton
|
31
|
+
|
32
|
+
attr_reader :moneta
|
33
|
+
|
34
|
+
def initialize(*args)
|
35
|
+
self.reset!(*args)
|
36
|
+
end
|
37
|
+
|
38
|
+
def reset!(backend=nil, options=nil)
|
39
|
+
backend ||= Chef::Config[:cache_type]
|
40
|
+
options ||= Chef::Config[:cache_options]
|
41
|
+
|
42
|
+
begin
|
43
|
+
require "moneta/#{convert_to_snake_case(backend, 'Moneta')}"
|
44
|
+
rescue LoadError => e
|
45
|
+
Chef::Log.fatal("Could not load Moneta back end #{backend.inspect}")
|
46
|
+
raise e
|
47
|
+
end
|
48
|
+
|
49
|
+
@moneta = Moneta.const_get(backend).new(options)
|
50
|
+
end
|
51
|
+
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
module Moneta
|
56
|
+
module Defaults
|
57
|
+
def default
|
58
|
+
nil
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
@@ -0,0 +1,70 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Adam Jacob (<adam@opscode.com>)
|
3
|
+
# Author:: Daniel DeLeo (<dan@kallistec.com>)
|
4
|
+
# Copyright:: Copyright (c) 2009 Opscode, Inc.
|
5
|
+
# Copyright:: Copyright (c) 2009 Daniel DeLeo
|
6
|
+
# License:: Apache License, Version 2.0
|
7
|
+
#
|
8
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
9
|
+
# you may not use this file except in compliance with the License.
|
10
|
+
# You may obtain a copy of the License at
|
11
|
+
#
|
12
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
13
|
+
#
|
14
|
+
# Unless required by applicable law or agreed to in writing, software
|
15
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
16
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
17
|
+
# See the License for the specific language governing permissions and
|
18
|
+
# limitations under the License.
|
19
|
+
#
|
20
|
+
|
21
|
+
require 'chef/cache'
|
22
|
+
|
23
|
+
class Chef
|
24
|
+
class Cache
|
25
|
+
class Checksum < Chef::Cache
|
26
|
+
|
27
|
+
def self.checksum_for_file(*args)
|
28
|
+
instance.checksum_for_file(*args)
|
29
|
+
end
|
30
|
+
|
31
|
+
def checksum_for_file(file)
|
32
|
+
key, fstat = filename_to_key(file), File.stat(file)
|
33
|
+
lookup_checksum(key, fstat) || generate_checksum(key, file, fstat)
|
34
|
+
end
|
35
|
+
|
36
|
+
def lookup_checksum(key, fstat)
|
37
|
+
cached = @moneta.fetch(key)
|
38
|
+
if cached && file_unchanged?(cached, fstat)
|
39
|
+
cached["checksum"]
|
40
|
+
else
|
41
|
+
nil
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
def generate_checksum(key, file, fstat)
|
46
|
+
checksum = checksum_file(file)
|
47
|
+
moneta.store(key, {"mtime" => fstat.mtime.to_f, "checksum" => checksum})
|
48
|
+
checksum
|
49
|
+
end
|
50
|
+
|
51
|
+
private
|
52
|
+
|
53
|
+
def file_unchanged?(cached, fstat)
|
54
|
+
cached["mtime"].to_f == fstat.mtime.to_f
|
55
|
+
end
|
56
|
+
|
57
|
+
def checksum_file(file)
|
58
|
+
digest = Digest::SHA256.new
|
59
|
+
IO.foreach(file) {|line| digest.update(line) }
|
60
|
+
digest.hexdigest
|
61
|
+
end
|
62
|
+
|
63
|
+
def filename_to_key(file)
|
64
|
+
"chef-file-#{file.gsub(/(#{File::SEPARATOR}|\.)/, '-')}"
|
65
|
+
end
|
66
|
+
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
@@ -0,0 +1,154 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Adam Jacob (<adam@opscode.com>)
|
3
|
+
# Author:: Christopher Brown (<cb@opscode.com>)
|
4
|
+
# Copyright:: Copyright (c) 2009 Opscode, Inc.
|
5
|
+
# License:: Apache License, Version 2.0
|
6
|
+
#
|
7
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
8
|
+
# you may not use this file except in compliance with the License.
|
9
|
+
# You may obtain a copy of the License at
|
10
|
+
#
|
11
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
12
|
+
#
|
13
|
+
# Unless required by applicable law or agreed to in writing, software
|
14
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
15
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
16
|
+
# See the License for the specific language governing permissions and
|
17
|
+
# limitations under the License.
|
18
|
+
#
|
19
|
+
|
20
|
+
require 'chef/log'
|
21
|
+
require 'chef/config'
|
22
|
+
require 'chef/api_client'
|
23
|
+
require 'openssl'
|
24
|
+
require 'fileutils'
|
25
|
+
|
26
|
+
class Chef
|
27
|
+
class Certificate
|
28
|
+
class << self
|
29
|
+
|
30
|
+
# Generates a new CA Certificate and Key, and writes them out to
|
31
|
+
# Chef::Config[:signing_ca_cert] and Chef::Config[:signing_ca_key].
|
32
|
+
def generate_signing_ca
|
33
|
+
ca_cert_file = Chef::Config[:signing_ca_cert]
|
34
|
+
ca_keypair_file = Chef::Config[:signing_ca_key]
|
35
|
+
|
36
|
+
unless File.exists?(ca_cert_file) && File.exists?(ca_keypair_file)
|
37
|
+
Chef::Log.info("Creating new signing certificate")
|
38
|
+
|
39
|
+
[ ca_cert_file, ca_keypair_file ].each do |f|
|
40
|
+
ca_basedir = File.dirname(f)
|
41
|
+
FileUtils.mkdir_p ca_basedir
|
42
|
+
end
|
43
|
+
|
44
|
+
keypair = OpenSSL::PKey::RSA.generate(1024)
|
45
|
+
|
46
|
+
ca_cert = OpenSSL::X509::Certificate.new
|
47
|
+
ca_cert.version = 3
|
48
|
+
ca_cert.serial = 1
|
49
|
+
info = [
|
50
|
+
["C", Chef::Config[:signing_ca_country]],
|
51
|
+
["ST", Chef::Config[:signing_ca_state]],
|
52
|
+
["L", Chef::Config[:signing_ca_location]],
|
53
|
+
["O", Chef::Config[:signing_ca_org]],
|
54
|
+
["OU", "Certificate Service"],
|
55
|
+
["CN", "#{Chef::Config[:signing_ca_domain]}/emailAddress=#{Chef::Config[:signing_ca_email]}"]
|
56
|
+
]
|
57
|
+
ca_cert.subject = ca_cert.issuer = OpenSSL::X509::Name.new(info)
|
58
|
+
ca_cert.not_before = Time.now
|
59
|
+
ca_cert.not_after = Time.now + 10 * 365 * 24 * 60 * 60 # 10 years
|
60
|
+
ca_cert.public_key = keypair.public_key
|
61
|
+
|
62
|
+
ef = OpenSSL::X509::ExtensionFactory.new
|
63
|
+
ef.subject_certificate = ca_cert
|
64
|
+
ef.issuer_certificate = ca_cert
|
65
|
+
ca_cert.extensions = [
|
66
|
+
ef.create_extension("basicConstraints", "CA:TRUE", true),
|
67
|
+
ef.create_extension("subjectKeyIdentifier", "hash"),
|
68
|
+
ef.create_extension("keyUsage", "cRLSign,keyCertSign", true),
|
69
|
+
]
|
70
|
+
ca_cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
|
71
|
+
ca_cert.sign keypair, OpenSSL::Digest::SHA1.new
|
72
|
+
|
73
|
+
File.open(ca_cert_file, "w") { |f| f.write ca_cert.to_pem }
|
74
|
+
File.open(ca_keypair_file, "w") { |f| f.write keypair.to_pem }
|
75
|
+
end
|
76
|
+
self
|
77
|
+
end
|
78
|
+
|
79
|
+
# Creates a new key pair, and signs them with the signing certificate
|
80
|
+
# and key generated from generate_signing_ca above.
|
81
|
+
#
|
82
|
+
# @param [String] The common name for the key pair.
|
83
|
+
# @param [Optional String] The subject alternative name.
|
84
|
+
# @return [Object, Object] The public and private key objects.
|
85
|
+
def gen_keypair(common_name, subject_alternative_name = nil)
|
86
|
+
|
87
|
+
Chef::Log.info("Creating new key pair for #{common_name}")
|
88
|
+
|
89
|
+
# generate client keypair
|
90
|
+
client_keypair = OpenSSL::PKey::RSA.generate(2048)
|
91
|
+
|
92
|
+
client_cert = OpenSSL::X509::Certificate.new
|
93
|
+
|
94
|
+
ca_cert = OpenSSL::X509::Certificate.new(File.read(Chef::Config[:signing_ca_cert]))
|
95
|
+
|
96
|
+
info = [
|
97
|
+
["C", Chef::Config[:signing_ca_country]],
|
98
|
+
["ST", Chef::Config[:signing_ca_state]],
|
99
|
+
["L", Chef::Config[:signing_ca_location]],
|
100
|
+
["O", Chef::Config[:signing_ca_org]],
|
101
|
+
["OU", "Certificate Service"],
|
102
|
+
["CN", common_name ]
|
103
|
+
]
|
104
|
+
|
105
|
+
client_cert.subject = OpenSSL::X509::Name.new(info)
|
106
|
+
client_cert.issuer = ca_cert.subject
|
107
|
+
client_cert.not_before = Time.now
|
108
|
+
client_cert.not_after = Time.now + 10 * 365 * 24 * 60 * 60 # 10 years
|
109
|
+
client_cert.public_key = client_keypair.public_key
|
110
|
+
client_cert.serial = 1
|
111
|
+
client_cert.version = 3
|
112
|
+
|
113
|
+
ef = OpenSSL::X509::ExtensionFactory.new
|
114
|
+
ef.subject_certificate = client_cert
|
115
|
+
ef.issuer_certificate = ca_cert
|
116
|
+
|
117
|
+
client_cert.extensions = [
|
118
|
+
ef.create_extension("basicConstraints", "CA:FALSE", true),
|
119
|
+
ef.create_extension("subjectKeyIdentifier", "hash")
|
120
|
+
]
|
121
|
+
client_cert.add_extension ef.create_extension("subjectAltName", subject_alternative_name) if subject_alternative_name
|
122
|
+
|
123
|
+
client_cert.sign(OpenSSL::PKey::RSA.new(File.read(Chef::Config[:signing_ca_key])), OpenSSL::Digest::SHA1.new)
|
124
|
+
|
125
|
+
return client_cert.public_key, client_keypair
|
126
|
+
end
|
127
|
+
|
128
|
+
def gen_validation_key(name=Chef::Config[:validation_client_name], key_file=Chef::Config[:validation_key])
|
129
|
+
# Create the validation key
|
130
|
+
create_key = false
|
131
|
+
begin
|
132
|
+
c = Chef::ApiClient.cdb_load(name)
|
133
|
+
rescue Chef::Exceptions::CouchDBNotFound
|
134
|
+
create_key = true
|
135
|
+
end
|
136
|
+
|
137
|
+
if create_key
|
138
|
+
Chef::Log.info("Creating validation key...")
|
139
|
+
api_client = Chef::ApiClient.new
|
140
|
+
api_client.name(name)
|
141
|
+
api_client.admin(true)
|
142
|
+
api_client.create_keys
|
143
|
+
api_client.cdb_save
|
144
|
+
key_dir = File.dirname(key_file)
|
145
|
+
FileUtils.mkdir_p(key_dir) unless File.directory?(key_dir)
|
146
|
+
File.open(key_file, "w") do |f|
|
147
|
+
f.print(api_client.private_key)
|
148
|
+
end
|
149
|
+
end
|
150
|
+
end
|
151
|
+
|
152
|
+
end
|
153
|
+
end
|
154
|
+
end
|