runa-chef 0.8.0.1

data/lib/chef/application/server.rb

@@ -0,0 +1,19 @@
+#
+# Author:: AJ Christensen (<aj@opscode.com>)
+# Copyright:: Copyright (c) 2008 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'chef/application'
+

data/lib/chef/application/solo.rb

@@ -0,0 +1,214 @@
+#
+# Author:: AJ Christensen (<aj@opscode.com>)
+# Copyright:: Copyright (c) 2008 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'chef/application'
+require 'chef/client'
+require 'chef/config'
+require 'chef/daemon'
+require 'chef/log'
+require 'net/http'
+require 'open-uri'
+require 'fileutils'
+
+class Chef::Application::Solo < Chef::Application
+  
+  option :config_file, 
+    :short => "-c CONFIG",
+    :long  => "--config CONFIG",
+    :default => "/etc/chef/solo.rb",
+    :description => "The configuration file to use"
+
+  option :log_level, 
+    :short        => "-l LEVEL",
+    :long         => "--log_level LEVEL",
+    :description  => "Set the log level (debug, info, warn, error, fatal)",
+    :proc         => lambda { |l| l.to_sym }
+
+  option :log_location,
+    :short        => "-L LOGLOCATION",
+    :long         => "--logfile LOGLOCATION",
+    :description  => "Set the log file location, defaults to STDOUT",
+    :proc         => nil
+
+  option :help,
+    :short        => "-h",
+    :long         => "--help",
+    :description  => "Show this message",
+    :on           => :tail,
+    :boolean      => true,
+    :show_options => true,
+    :exit         => 0
+
+  option :user,
+    :short => "-u USER",
+    :long => "--user USER",
+    :description => "User to set privilege to",
+    :proc => nil
+
+  option :group,
+    :short => "-g GROUP",
+    :long => "--group GROUP",
+    :description => "Group to set privilege to",
+    :proc => nil
+
+  option :daemonize,
+    :short => "-d",
+    :long => "--daemonize",
+    :description => "Daemonize the process",
+    :proc => lambda { |p| true }
+
+  option :interval,
+    :short => "-i SECONDS",
+    :long => "--interval SECONDS",
+    :description => "Run chef-client periodically, in seconds",
+    :proc => lambda { |s| s.to_i }
+
+  option :json_attribs,
+    :short => "-j JSON_ATTRIBS",
+    :long => "--json-attributes JSON_ATTRIBS",
+    :description => "Load attributes from a JSON file or URL",
+    :proc => nil
+
+  option :node_name,
+    :short => "-N NODE_NAME",
+    :long => "--node-name NODE_NAME",
+    :description => "The node name for this client",
+    :proc => nil
+
+  option :splay,
+    :short => "-s SECONDS",
+    :long => "--splay SECONDS",
+    :description => "The splay time for running at intervals, in seconds",
+    :proc => lambda { |s| s.to_i }
+
+  option :json_attribs,
+    :short => "-j JSON_ATTRIBS",
+    :long => "--json-attributes JSON_ATTRIBS",
+    :description => "Load attributes from a JSON file or URL",
+    :proc => nil
+  
+  option :recipe_url,
+      :short => "-r RECIPE_URL",
+      :long => "--recipe-url RECIPE_URL",
+      :description => "Pull down a remote gzipped tarball of recipes and untar it to the cookbook cache.",
+      :proc => nil
+  
+  option :version,
+    :short        => "-v",
+    :long         => "--version",
+    :description  => "Show chef version",
+    :boolean      => true,
+    :proc         => lambda {|v| puts "Chef: #{::Chef::VERSION}"},
+    :exit         => 0
+
+  def initialize
+    super
+    @chef_solo = nil
+    @chef_solo_json = nil
+  end
+  
+  def reconfigure
+    super
+    
+    Chef::Config.solo true
+
+    if Chef::Config[:daemonize]
+      Chef::Config[:interval] ||= 1800
+    end
+    
+    if Chef::Config[:json_attribs]
+      begin
+          json_io = open(Chef::Config[:json_attribs])
+      rescue SocketError => error
+        Chef::Application.fatal!("I cannot connect to #{Chef::Config[:json_attribs]}", 2)
+      rescue Errno::ENOENT => error
+        Chef::Application.fatal!("I cannot find #{Chef::Config[:json_attribs]}", 2)
+      rescue Errno::EACCES => error
+        Chef::Application.fatal!("Permissions are incorrect on #{Chef::Config[:json_attribs]}. Please chmod a+r #{Chef::Config[:json_attribs]}", 2)
+      rescue Exception => error
+        Chef::Application.fatal!("Got an unexpected error reading #{Chef::Config[:json_attribs]}: #{error.message}", 2)
+      end
+
+      begin
+        @chef_solo_json = JSON.parse(json_io.read)
+      rescue JSON::ParserError => error
+        Chef::Application.fatal!("Could not parse the provided JSON file (#{Chef::Config[:json_attribs]})!: " + error.message, 2)
+      end
+    end
+    
+    if Chef::Config[:recipe_url]
+      cookbooks_path = Chef::Config[:cookbook_path].detect{|e| e =~ /\/cookbooks\/*$/ }
+      recipes_path = File.expand_path(File.join(cookbooks_path, '..'))
+      target_file = File.join(recipes_path, 'recipes.tgz')
+
+      Chef::Log.debug "Creating path #{recipes_path} to extract recipes into"
+      FileUtils.mkdir_p recipes_path
+      path = File.join(recipes_path, 'recipes.tgz')
+      File.open(path, 'wb') do |f|
+        open(Chef::Config[:recipe_url]) do |r|
+          f.write(r.read)
+        end
+      end
+      Chef::Mixin::Command.run_command(:command => "tar zxvfC #{path} #{recipes_path}")
+    end
+  end
+  
+  def setup_application
+    Chef::Daemon.change_privilege
+    
+    @chef_solo = Chef::Client.new
+    @chef_solo.json_attribs = @chef_solo_json
+    @chef_solo.node_name = Chef::Config[:node_name]
+  end
+  
+  def run_application
+    if Chef::Config[:daemonize]
+      Chef::Daemon.daemonize("chef-client")
+    end
+
+    loop do
+      begin
+        if Chef::Config[:splay]
+          splay = rand Chef::Config[:splay]
+          Chef::Log.debug("Splay sleep #{splay} seconds")
+          sleep splay
+        end
+
+        @chef_solo.run_solo
+        
+        if Chef::Config[:interval]
+          Chef::Log.debug("Sleeping for #{Chef::Config[:interval]} seconds")
+          sleep Chef::Config[:interval]
+        else
+          Chef::Application.exit! "Exiting", 0
+        end
+      rescue SystemExit => e
+        raise
+      rescue Exception => e
+        if Chef::Config[:interval]
+          Chef::Log.error("#{e.class}")
+          Chef::Log.fatal("#{e}\n#{e.backtrace.join("\n")}")
+          Chef::Log.fatal("Sleeping for #{Chef::Config[:interval]} seconds before trying again")
+          sleep Chef::Config[:interval]
+          retry
+        else
+          raise
+        end
+      end
+    end
+  end
+end

data/lib/chef/cache.rb

@@ -0,0 +1,61 @@
+#
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Author:: Daniel DeLeo (<dan@kallistec.com>)
+# Copyright:: Copyright (c) 2009 Opscode, Inc.
+# Copyright:: Copyright (c) 2009 Daniel DeLeo
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/log'
+require 'chef/config'
+require 'chef/mixin/convert_to_class_name'
+require 'singleton'
+require 'moneta'
+
+class Chef 
+  class Cache
+    include Chef::Mixin::ConvertToClassName
+    include ::Singleton
+    
+    attr_reader :moneta
+    
+    def initialize(*args)
+      self.reset!(*args)
+    end
+    
+    def reset!(backend=nil, options=nil)
+      backend ||= Chef::Config[:cache_type]
+      options ||= Chef::Config[:cache_options]
+      
+      begin
+        require "moneta/#{convert_to_snake_case(backend, 'Moneta')}"
+      rescue LoadError => e
+        Chef::Log.fatal("Could not load Moneta back end #{backend.inspect}")
+        raise e
+      end
+     
+      @moneta = Moneta.const_get(backend).new(options)
+    end
+
+  end
+end
+
+module Moneta
+  module Defaults
+    def default
+      nil
+    end
+  end
+end

data/lib/chef/cache/checksum.rb

@@ -0,0 +1,70 @@
+#
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Author:: Daniel DeLeo (<dan@kallistec.com>)
+# Copyright:: Copyright (c) 2009 Opscode, Inc.
+# Copyright:: Copyright (c) 2009 Daniel DeLeo
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/cache'
+
+class Chef
+  class Cache
+    class Checksum < Chef::Cache
+    
+      def self.checksum_for_file(*args)
+        instance.checksum_for_file(*args)
+      end
+      
+      def checksum_for_file(file)
+        key, fstat = filename_to_key(file), File.stat(file)
+        lookup_checksum(key, fstat) || generate_checksum(key, file, fstat)
+      end
+      
+      def lookup_checksum(key, fstat)
+        cached = @moneta.fetch(key)
+        if cached && file_unchanged?(cached, fstat)
+          cached["checksum"]
+        else
+          nil
+        end
+      end
+      
+      def generate_checksum(key, file, fstat)
+        checksum = checksum_file(file)
+        moneta.store(key, {"mtime" => fstat.mtime.to_f, "checksum" => checksum})
+        checksum
+      end
+      
+      private
+      
+      def file_unchanged?(cached, fstat)
+        cached["mtime"].to_f == fstat.mtime.to_f
+      end
+      
+      def checksum_file(file)
+        digest = Digest::SHA256.new
+        IO.foreach(file) {|line| digest.update(line) }
+        digest.hexdigest
+      end
+      
+      def filename_to_key(file)
+        "chef-file-#{file.gsub(/(#{File::SEPARATOR}|\.)/, '-')}"
+      end
+
+    end
+  end
+end
+

data/lib/chef/certificate.rb

@@ -0,0 +1,154 @@
+#
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Author:: Christopher Brown (<cb@opscode.com>)
+# Copyright:: Copyright (c) 2009 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/log'
+require 'chef/config'
+require 'chef/api_client'
+require 'openssl'
+require 'fileutils'
+
+class Chef
+  class Certificate
+    class << self
+  
+      # Generates a new CA Certificate and Key, and writes them out to
+      # Chef::Config[:signing_ca_cert] and Chef::Config[:signing_ca_key].
+      def generate_signing_ca
+        ca_cert_file = Chef::Config[:signing_ca_cert]
+        ca_keypair_file = Chef::Config[:signing_ca_key] 
+
+        unless File.exists?(ca_cert_file) && File.exists?(ca_keypair_file)
+          Chef::Log.info("Creating new signing certificate")
+        
+          [ ca_cert_file, ca_keypair_file ].each do |f|
+            ca_basedir = File.dirname(f)
+            FileUtils.mkdir_p ca_basedir
+          end
+
+          keypair = OpenSSL::PKey::RSA.generate(1024)
+
+          ca_cert = OpenSSL::X509::Certificate.new
+          ca_cert.version = 3
+          ca_cert.serial = 1
+          info = [
+            ["C", Chef::Config[:signing_ca_country]], 
+            ["ST", Chef::Config[:signing_ca_state]], 
+            ["L", Chef::Config[:signing_ca_location]], 
+            ["O", Chef::Config[:signing_ca_org]],
+            ["OU", "Certificate Service"], 
+            ["CN", "#{Chef::Config[:signing_ca_domain]}/emailAddress=#{Chef::Config[:signing_ca_email]}"]
+          ]
+          ca_cert.subject = ca_cert.issuer = OpenSSL::X509::Name.new(info)
+          ca_cert.not_before = Time.now
+          ca_cert.not_after = Time.now + 10 * 365 * 24 * 60 * 60 # 10 years
+          ca_cert.public_key = keypair.public_key
+
+          ef = OpenSSL::X509::ExtensionFactory.new
+          ef.subject_certificate = ca_cert
+          ef.issuer_certificate = ca_cert
+          ca_cert.extensions = [
+                  ef.create_extension("basicConstraints", "CA:TRUE", true),
+                  ef.create_extension("subjectKeyIdentifier", "hash"),
+                  ef.create_extension("keyUsage", "cRLSign,keyCertSign", true),
+          ]
+          ca_cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
+          ca_cert.sign keypair, OpenSSL::Digest::SHA1.new
+
+          File.open(ca_cert_file, "w") { |f| f.write ca_cert.to_pem }
+          File.open(ca_keypair_file, "w") { |f| f.write keypair.to_pem }
+        end
+        self
+      end
+
+      # Creates a new key pair, and signs them with the signing certificate
+      # and key generated from generate_signing_ca above.  
+      #
+      # @param [String] The common name for the key pair.
+      # @param [Optional String] The subject alternative name.
+      # @return [Object, Object] The public and private key objects.
+      def gen_keypair(common_name, subject_alternative_name = nil)
+
+        Chef::Log.info("Creating new key pair for #{common_name}")
+
+        # generate client keypair
+        client_keypair = OpenSSL::PKey::RSA.generate(2048)
+
+        client_cert = OpenSSL::X509::Certificate.new
+
+        ca_cert = OpenSSL::X509::Certificate.new(File.read(Chef::Config[:signing_ca_cert]))
+
+        info = [
+          ["C", Chef::Config[:signing_ca_country]], 
+          ["ST", Chef::Config[:signing_ca_state]], 
+          ["L", Chef::Config[:signing_ca_location]], 
+          ["O", Chef::Config[:signing_ca_org]],
+          ["OU", "Certificate Service"], 
+          ["CN", common_name ]
+        ]
+
+        client_cert.subject = OpenSSL::X509::Name.new(info)
+        client_cert.issuer = ca_cert.subject
+        client_cert.not_before = Time.now
+        client_cert.not_after = Time.now + 10 * 365 * 24 * 60 * 60 # 10 years
+        client_cert.public_key = client_keypair.public_key
+        client_cert.serial = 1
+        client_cert.version = 3
+
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = client_cert
+        ef.issuer_certificate = ca_cert
+
+        client_cert.extensions = [
+                ef.create_extension("basicConstraints", "CA:FALSE", true),
+                ef.create_extension("subjectKeyIdentifier", "hash")
+        ]
+        client_cert.add_extension ef.create_extension("subjectAltName", subject_alternative_name) if subject_alternative_name
+
+        client_cert.sign(OpenSSL::PKey::RSA.new(File.read(Chef::Config[:signing_ca_key])), OpenSSL::Digest::SHA1.new)
+
+        return client_cert.public_key, client_keypair
+      end
+
+      def gen_validation_key(name=Chef::Config[:validation_client_name], key_file=Chef::Config[:validation_key])
+        # Create the validation key
+        create_key = false 
+        begin
+          c = Chef::ApiClient.cdb_load(name)
+        rescue Chef::Exceptions::CouchDBNotFound
+          create_key = true
+        end
+
+        if create_key
+          Chef::Log.info("Creating validation key...")
+          api_client = Chef::ApiClient.new
+          api_client.name(name)
+          api_client.admin(true)
+          api_client.create_keys
+          api_client.cdb_save
+          key_dir = File.dirname(key_file)
+          FileUtils.mkdir_p(key_dir) unless File.directory?(key_dir)
+          File.open(key_file, "w") do |f|
+            f.print(api_client.private_key)
+          end
+        end
+      end
+
+    end
+  end
+end