taste_tester 0.0.12 → 0.0.17

data/lib/taste_tester/state.rb

@@ -17,6 +17,7 @@
 require 'fileutils'
 require 'socket'
 require 'timeout'
+require 'chef/mash'
 
 require 'between_meals/util'
 require 'taste_tester/config'
@@ -29,13 +30,11 @@ module TasteTester
     include ::BetweenMeals::Util
 
     def initialize
-      ref_dir = File.dirname(File.expand_path(
-                               TasteTester::Config.ref_file,
-      ))
+      ref_dir = File.dirname(File.expand_path(TasteTester::Config.ref_file))
       unless File.directory?(ref_dir)
         begin
           FileUtils.mkpath(ref_dir)
-        rescue => e
+        rescue StandardError => e
           logger.error("Chef temp dir #{ref_dir} missing and can't be created")
           logger.error(e)
           exit(1)
@@ -83,6 +82,25 @@ module TasteTester
       write(:ref, ref)
     end
 
+    def last_upload_time
+      TasteTester::State.read(:last_upload_time)
+    end
+
+    def last_upload_time=(time)
+      write(:last_upload_time, time)
+    end
+
+    def bundle
+      val = TasteTester::State.read(:bundle)
+      # promote value to symbol to match config value.
+      return :compatible if val == 'compatible'
+      val
+    end
+
+    def bundle=(bundle)
+      write(:bundle, bundle)
+    end
+
     def update(vals)
       merge(vals)
     end
@@ -101,14 +119,14 @@ module TasteTester
 
     def real_wipe
       if TasteTester::Config.ref_file &&
-         File.exists?(TasteTester::Config.ref_file)
+         File.exist?(TasteTester::Config.ref_file)
         File.delete(TasteTester::Config.ref_file)
       end
     end
 
     def self.read(key)
       JSON.parse(File.read(TasteTester::Config.ref_file))[key.to_s]
-    rescue => e
+    rescue StandardError => e
       logger.debug(e)
       nil
     end
@@ -120,9 +138,13 @@ module TasteTester
     end
 
     def merge(vals)
+      # we generally use symbols for the keys, but to/from JSON will
+      # give us strings, and thus duplicate keys, which is bad. So
+      # use a Mash
+      state = Mash.new
       begin
         state = JSON.parse(File.read(TasteTester::Config.ref_file))
-      rescue
+      rescue StandardError
         state = {}
       end
       state.merge!(vals)
@@ -132,7 +154,7 @@ module TasteTester
       )
       ff.write(state.to_json)
       ff.close
-    rescue => e
+    rescue StandardError => e
       logger.error('Unable to write the reffile')
       logger.debug(e)
       exit 0

data/lib/taste_tester/tunnel.rb

@@ -14,64 +14,49 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require 'taste_tester/logging'
+require 'between_meals/util'
+require 'taste_tester/ssh_util'
+
 module TasteTester
   # Thin ssh tunnel wrapper
   class Tunnel
     include TasteTester::Logging
     include BetweenMeals::Util
+    include TasteTester::SSH::Util
 
     attr_reader :port
 
-    def initialize(host, server, timeout = 5)
+    def initialize(host, server)
       @host = host
       @server = server
-      @timeout = timeout
-      if TasteTester::Config.testing_until
-        @delta_secs = TasteTester::Config.testing_until.strftime('%s').to_i -
-                      Time.now.strftime('%s').to_i
-      else
-        @delta_secs = TasteTester::Config.testing_time
-      end
     end
 
     def run
       @port = TasteTester::Config.tunnel_port
       logger.info("Setting up tunnel on port #{@port}")
-      @status, @output = exec!(cmd, logger)
-    rescue
-      logger.error 'Failed bringing up ssh tunnel'
-      exit(1)
+      exec!(cmd, logger)
+    rescue StandardError => e
+      logger.error "Failed bringing up ssh tunnel: #{e}"
+      error!
     end
 
     def cmd
-      if TasteTester::Config.user != 'root'
-        pid = '$$'
+      if TasteTester::Config.windows_target
+        cmds = windows_tunnel_cmd
       else
-        pid = '\\$\\$'
+        cmds = sane_os_tunnel_cmd
       end
-      cmds = "ps -p #{pid} -o pgid | grep -v PGID" +
-             " > #{TasteTester::Config.timestamp_file} &&" +
-             " touch -t #{TasteTester::Config.testing_end_time}" +
-             " #{TasteTester::Config.timestamp_file} && sleep #{@delta_secs}"
+
       # As great as it would be to have ExitOnForwardFailure=yes,
       # we had multiple cases of tunnels dying
       # if -f and ExitOnForwardFailure are used together.
       # In most cases the first request from chef was "breaking" the tunnel,
       # in a way that port was still open, but subsequent requests were hanging.
       # This is reproducible and should be looked into.
-      cmd = "#{TasteTester::Config.ssh_command} " +
-            "-T -o BatchMode=yes -o ConnectTimeout=#{@timeout} " +
-            '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ' +
-            '-o ServerAliveInterval=10 -o ServerAliveCountMax=6 ' +
-            "-f -R #{@port}:localhost:#{@server.port} "
-      if TasteTester::Config.user != 'root'
-        cc = Base64.encode64(cmds).delete("\n")
-        cmd += "#{TasteTester::Config.user}@#{@host} \"echo '#{cc}' | base64" +
-               ' --decode | sudo bash -x"'
-      else
-        cmd += "root@#{@host} \"#{cmds}\""
-      end
-      cmd
+      cmd = "#{ssh_base_cmd} -o ServerAliveInterval=10 " +
+        "-o ServerAliveCountMax=6 -f -R #{@port}:localhost:#{@server.port} "
+      build_ssh_cmd(cmd, [cmds])
     end
 
     def self.kill(name)
@@ -80,14 +65,159 @@ module TasteTester
       # surround this in paryns, and make sure as a whole it evaluates
       # to true so it doesn't mess up other things... even though this is
       # the only thing we're currently executing in this SSH.
-      if TasteTester::Config.user != 'root'
-        sudo = 'sudo '
+      if TasteTester::Config.windows_target
+        cmd = <<~EOPS
+          if (Test-Path "#{TasteTester::Config.timestamp_file}") {
+            $x = cat "#{TasteTester::Config.timestamp_file}"
+            if ($x -ne $null) {
+              kill -Force $x 2>$null
+            }
+          }
+          $LASTEXITCODE = 0
+        EOPS
+      else
+        cmd = "( [ -s #{TasteTester::Config.timestamp_file} ]" +
+              ' && kill -9 -- ' +
+              "-\$(cat #{TasteTester::Config.timestamp_file}) 2>/dev/null; " +
+              ' true )'
       end
-      cmd = "( [ -s #{TasteTester::Config.timestamp_file} ]" +
-            " && #{sudo}kill -9 -- " +
-            "-\$(cat #{TasteTester::Config.timestamp_file}); true )"
       ssh << cmd
       ssh.run!
     end
+
+    private
+
+    def windows_tunnel_cmd
+      # We are powershell. If you walk up you get:
+      #   ppid - ssh
+      #   pppid - ssh
+      #   ppppid - ssh
+      #   pppppid - services
+      #
+      # Unlike in Linux you don't need to walk up the tree, however. In fact,
+      # killing pppid or ppid didn't actually terminate the session. Only
+      # killing our actual powershell instance did.
+      #
+      # Moreover, it doesn't seem like re-parenting works the same way. So
+      # this is pretty simple.
+      #
+      # For the record, if you want to play with this, you do so with:
+      #   (gwmi win32_process | ? processid -eq $PID).parentprocessid
+      #
+      # Also note that backtick is a line-continuation marker in powershell.
+      <<~EOS
+      $ts = "#{TasteTester::Config.timestamp_file}"
+      echo $PID | Out-File -Encoding ASCII "$ts"
+      # TODO: pull this from Host.touchcmd
+      (Get-Item "$ts").LastWriteTime=("#{TasteTester::Config.testing_end_time}")
+
+      while (1 -eq 1) {
+        if (-Not (Test-Path $ts)) {
+          # if we are here, we know we've created our source
+          Write-EventLog -LogName "Application" -Source "taste-tester" `
+            -EventID 5 -EntryType Information `
+            -Message "Ending tunnel: timestamp file disappeared"
+        }
+        sleep 60
+      }
+      done
+      EOS
+    end
+
+    def sane_os_tunnel_cmd
+      @ts = TasteTester::Config.testing_end_time.strftime('%y%m%d%H%M.%S')
+      # Tie the life of our SSH tunnel with the life of timestamp file.
+      # taste-testing can be renewed, so we'll wait until:
+      # 1. the timestamp file is entirely gone
+      # 2. our parent sshd process dies
+      # 3. new taste-tester instance is running (file contains different PGID)
+      <<~EOS
+      log() {
+        [ -e /usr/bin/logger ] || return
+        logger -t taste-tester "$*"
+      }
+      # sets $current_pgid
+      # This is important, this should just be called ald let it set the
+      # variable. Do NOT call in a subshell like foo=$(get_current_pgid)
+      # as then you end up even further down the list of children
+      get_current_pgid() {
+
+        # if TT user is non-root, then it breaks down like this:
+        #   we are 'bash'
+        #   our parent is 'sudo'
+        #   our parent's parent is 'bash "echo ..." | sudo bash -x'
+        #   our parent's parent's parent is ssh
+        #   - we want the progress-group ID of *that*
+        #
+        # EXCEPT... sometimes sudo forks itself one more time so it's
+        #   we are 'bash'
+        #   our parent is 'sudo'
+        #   our parent's parent 'sudo'
+        #   our parent's parent's parent is 'bash "echo ..." | sudo bash -x'
+        #   our parent's parent's parent's parent is ssh
+        #   - we want the progress-group ID of *that*
+        #
+        # BUT if the TT user is root, no sudo at all...
+        #   we are 'bash'
+        #   our parent is 'bash "echo ..." | bash -c
+        #   our parent's parent is ssh
+        #   - we want the progress-group ID of *that*
+        #
+        # We can make all sorts of assumptions, but the most reliable way
+        # to do this that's always correct is to is simply to walk parents until
+        # we hit something with SSH in the name. Start with PPID and go from
+        # there.
+        #
+        # There's a few commented out 'log's here that are too verbose
+        # for operation (since this function runs every minute)  but are useful
+        # for debugging.
+
+        relevant_pid=''
+        current_pid=$PPID
+        while true; do
+          name=$(ps -o command= -p $current_pid)
+          if [[ "$name" =~ sshd ]]; then
+            # Uncomment the following for debugging...
+            #log "$current_pid is ssh, that's us!"
+            relevant_pid=$current_pid
+            break
+          fi
+          # Uncomment the following for debugging...
+          #log "$current_pid is $name, finding parent..."
+          current_pid=$(ps -o ppid= -p $current_pid)
+        done
+        if [ -z "$relevant_pid" ];then
+          log "Cannot determine relevant PGID"
+          exit 42
+        fi
+        current_pgid="$(ps -o pgid= -p $relevant_pid | sed "s| ||g")"
+        # Uncomment the following for debugging...
+        #log "PGID of ssh ($relevant_pid) is $current_pgid"
+      }
+      get_current_pgid
+      SSH_PGID=$current_pgid
+
+      echo $SSH_PGID > #{TasteTester::Config.timestamp_file} && \
+      # TODO: pull this from Host.touchcmd
+      touch -t #{@ts} #{TasteTester::Config.timestamp_file} && \
+      while true; do
+        if ! [ -f "#{TasteTester::Config.timestamp_file}" ]; then
+          log "Ending tunnel: timestamp file disappeared"
+          break
+        fi
+        current_pid="$(cat #{TasteTester::Config.timestamp_file})"
+        if ! [ "$current_pid" = "$SSH_PGID" ]; then
+          log "Ending tunnel: timestamp PGID changed"
+          break
+        fi
+        get_current_pgid
+        if ! [ "$current_pgid" = "$SSH_PGID" ]; then
+          log "Ending tunnel: timestamp PGID isn't ours"
+          break
+        fi
+        sleep 60
+      done
+      EOS
+    end
   end
 end

data/lib/taste_tester/windows.rb

@@ -40,6 +40,7 @@ module TasteTester
         cmd << " --log-file #{@log_file} --log-level debug"
       end
       cmd << ' --ssl' if TasteTester::Config.use_ssl
+      cmd << " --file-store #{@fsroot}" if TasteTester::Config.bundle
 
       # Mixlib::Shellout will always wait for a process to finish before
       # returning, so we use `spawn` instead.

data/scripts/taste-untester

@@ -14,11 +14,19 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# default configs
 CONFLINK='/etc/chef/client.rb'
 PRODCONF='/etc/chef/client-prod.rb'
 CERTLINK='/etc/chef/client.pem'
 PRODCERT='/etc/chef/client-prod.pem'
 STAMPFILE='/etc/chef/test_timestamp'
+
+# let the config file overwrite them
+CONFIG_FILE="${CONFIG_FILE:-/etc/taste-untester-config}"
+if [ -e "$CONFIG_FILE" ]; then
+  source "$CONFIG_FILE"
+fi
+
 MYSELF=$0
 DRYRUN=0
 DEBUG=0

data/scripts/taste-untester.ps1

@@ -0,0 +1,85 @@
+# Copyright 2020-present Facebook
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+[CmdletBinding()]
+param(
+  [switch]$dryrun
+)
+
+# keep these as *forward* slashes
+$CONFLINK = 'C:/chef/client.rb'
+$PRODCONF = 'C:/chef/client-prod.rb'
+$CERTLINK = 'C:/chef/client.pem'
+$PRODCERT = 'C:/chef/client-prod.pem'
+$STAMPFILE = 'C:/chef/test_timestamp'
+$MYSELF = $0
+
+function log($msg) {
+  Write-EventLog -LogName "Application" -Source "taste-tester" `
+    -EventID 2 -EntryType Warning -Message $msg
+}
+
+function set_server_to_prod {
+  if (Test-Path $STAMPFILE) {
+    $content = Get-Content $STAMPFILE
+    if ($content -ne $null) {
+      kill $content -Force 2>$null
+    }
+  }
+  rm -Force $CONFLINK
+  New-Item -ItemType symboliclink -Force -Value $PRODCONF $CONFLINK
+  if (Test-Path $STAMPFILE) {
+    rm -Force $STAMPFILE
+  }
+  log "Reverted to production Chef."
+}
+
+function check_server {
+  # this is the only way to check if something is a symlink, apparently
+  if (-Not ((get-item $CONFLINK).Attributes.ToString() -match "ReparsePoint")) {
+    Write-Verbose "$CONFLINK is not a link..."
+    return
+  }
+  $current_config = (Get-Item $CONFLINK).target
+  if ($current_config -eq $PRODCONF) {
+    if (Test-Path $STAMPFILE) {
+      rm -Force $STAMPFILE
+    }
+    return
+  }
+
+  $revert = $false
+  if (-Not (Test-Path $STAMPFILE)) {
+    $revert = $true
+  } else {
+    $now = [int][double]::Parse(
+      $(Get-Date -date (Get-Date).ToUniversalTime()-uformat %s)
+    )
+    $stamp_time = Get-Date -Date `
+      (Get-Item $STAMPFILE).LastWriteTime.ToUniversalTime() -UFormat %s
+    Write-Verbose "$now vs $stamp_time"
+    if ($now -gt $stamp_time) {
+      $revert = $true
+    }
+  }
+  if ($revert) {
+    if ($dryrun) {
+      echo "DRYRUN: Would return server to prod"
+    } else {
+      set_server_to_prod
+    }
+  }
+}
+
+check_server