toft 0.0.2 → 0.0.3

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    toft (0.0.1)
+    toft (0.0.2)
       net-ssh
 
 GEM

data/Rakefile

@@ -1 +1,14 @@
 require "bundler/gem_tasks"
+
+desc "clean artifacts"
+task :clean do
+  `rm -rf pkg`
+end
+
+desc "build gem and scripts package"
+task :package => [:build, :package_scripts]
+
+task :package_scripts do
+  mkdir_p "pkg"
+  `tar zcf pkg/toft_ubuntu_scripts-#{Toft::VERSION}.tar.gz scripts/ubuntu`
+end

data/features/checker.feature

@@ -8,7 +8,7 @@ Scenario: Dir checker
 	
 Scenario: File checker
 	Given I have a clean running node "n1" with ip "192.168.20.2"
-	When Running ssh command "if getent passwd n1; then userdel n1; fi; useradd -m n1" on "n1" should succeed
+	When Running ssh command "if getent passwd n1; then userdel -fr n1; fi; useradd -m n1" on "n1" should succeed
 	And Running ssh command "sudo -u n1 touch /tmp/a" on "n1" should succeed
 	Then Node "n1" should have file or directory "/tmp/a"
 	And Node "n1" should have "regular empty file" "/tmp/a" owned by user "n1" and group "n1" with permission "644"	

data/features/step_definitions/node.rb

@@ -1,11 +1,11 @@
 Given /^I have a clean running node "([^"]*)" with ip "([^"]*)"$/ do |node, ip|
-  create_node node, ip
+  create_node node, ip, "centos-6"
   @n1.start
   @n1.rm "/tmp/stub"
 end
 
 When /^I add another node "([^"]*)" with ip "([^"]*)"$/ do |node, ip|
-  create_node node, ip  
+  create_node node, ip, "centos-6"
 end
 
 When /^I destroy node "([^"]*)"$/ do |node|

data/features/support/env.rb

@@ -8,7 +8,7 @@ Toft.role_path = File.dirname(__FILE__) + '/../../fixtures/chef/roles'
 World(Toft)
 
 include Toft
-n1 = create_node "n1", "192.168.20.2"
+n1 = create_node "n1", "192.168.20.2", "centos-6"
 
 Before do
   @n1 = n1

data/lib/toft/node.rb

@@ -37,12 +37,12 @@ CQWv13UgQjiHgQILXSb7xdzpWK1wpDoqIEWQugRyPQDeZhPWVbB4Lg==
     
     include Observable
 
-    def initialize(hostname, ip)
+    def initialize(hostname, ip, type)
       @hostname = hostname
       @ip = ip
       unless exists?
         conf_file = generate_lxc_config
-        system "lxc-create -n #{hostname} -f #{conf_file} -t lucid-chef" 
+        system "lxc-create -n #{hostname} -f #{conf_file} -t #{type.to_s}" 
       end
       @chef_runner = Toft::Chef::ChefRunner.new("#{rootfs}") do |chef_command|
         run_ssh chef_command
@@ -78,17 +78,18 @@ CQWv13UgQjiHgQILXSb7xdzpWK1wpDoqIEWQugRyPQDeZhPWVbB4Lg==
     def run_ssh(command)
       raise ArgumentError, "Trying to run empty command on node #{@hostname}", caller if command.blank?
       output = ""
+      error = false
       Net::SSH.start(@ip, "root", :key_data => [PRIVATE_KEY]) do |ssh|
         ssh.exec! command do |ch, stream, data|
           if stream == :stderr
-            raise RuntimeError, data, caller
-          else
-            output += data
+            error = true
           end
+          output += data
         end
       end
+      raise RuntimeError, output, caller if error
       puts output
-      yield output if block_given?
+      return yield output if block_given?
       return true
     end
 

data/lib/toft/node_controller.rb

@@ -8,8 +8,8 @@ module Toft
       @nodes = {}
     end
     
-    def create_node(hostname, ip)
-      node = Node.new(hostname, ip)
+    def create_node(hostname, ip, type)
+      node = Node.new(hostname, ip, type)
       node.add_observer self
       @nodes[hostname] = node
     end

data/lib/toft/version.rb

@@ -1,3 +1,3 @@
 module Toft
-  VERSION = "0.0.2"
+  VERSION = "0.0.3"
 end

data/lib/toft.rb

@@ -8,8 +8,8 @@ module Toft
     attr_accessor :cookbook_path, :role_path
   end
   
-  def create_node(hostname, ip)
-    NodeController.instance.create_node(hostname, ip)
+  def create_node(hostname, ip, type)
+    NodeController.instance.create_node(hostname, ip, type)
   end
   
   def find(hostname)

data/scripts/centos/bin/lxc-prepare-host

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+username=`id -nu`	
+if [ ! "$username" = "root" ]; then
+	echo "This command has to be run as root!"
+	exit 1
+fi
+
+# intsall lxc
+if [[ ! -f /usr/bin/lxc-ls ]]; then
+	(cd /tmp && \
+	wget http://lxc.sourceforge.net/download/lxc/lxc-0.7.4.tar.gz && \
+	tar zxf lxc-0.7.4.tar.gz && \
+	cd lxc-0.7.4 && \
+	./configure --prefix=/usr && \
+	make && \
+	make install)
+fi
+
+yum install bridge-utils
+
+if [[ ! `ip link ls dev br0` ]]; then
+	brctl addbr br0
+	ifconfig br0 192.168.20.1 netmask 255.255.255.0 up
+	iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+	sysctl -w net.ipv4.ip_forward=1
+fi
+
+if [[ ! -d /cgroup ]]; then
+	mkdir -p /cgroup
+fi
+
+if [[ ! `mount | grep cgroup` ]]; then
+	mount none -t cgroup /cgroup
+fi
+
+# allow people to ping this machine
+iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
+iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited

data/scripts/cookbooks/lxc/files/default/lxc-create-ubuntu-image

@@ -1,7 +1,18 @@
 #!/bin/bash
 
+if [ $# -eq 0 ]; then
+	echo "Usage: `basename $0` <ubuntu-suite>"
+	exit 1
+fi
+
+username=`id -nu`	
+if [ ! "$username" = "root" ]; then
+	echo "This command has to be run as root!"
+	exit 1
+fi
+
 cache="/var/cache/lxc/ubuntu"
-suite=lucid
+suite=$1
 
 arch=$(arch)
 if [ "$arch" == "x86_64" ]; then
@@ -17,29 +28,31 @@ if [ -e "$cache/$suite-$arch.tar.gz" ]; then
 	exit 0
 fi
 
-chef_packages=ruby,rubygems1.8,ruby-dev,libopenssl-ruby,build-essential,wget,ssl-cert
-packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,dhcp3-client,ssh,lsb-release,wget,gpgv,gnupg,sudo,$chef_packages
-
+lucid_packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,dhcp3-client,ssh,lsb-release,wget,gpgv,gnupg,sudo,ruby,rubygems1.8,ruby-dev,libopenssl-ruby,build-essential,wget,ssl-cert
+natty_packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,isc-dhcp-client,isc-dhcp-common,ssh,lsb-release,gnupg,netbase,lxcguest,sudo,ruby,rubygems1.8,ruby-dev,libruby,build-essential,wget,ssl-cert
 # check the mini ubuntu was not already downloaded
-mkdir -p "$cache/partial-$arch"
+rm -rf "$cache/$suite-$arch"
+mkdir -p "$cache/$suite-$arch"
 if [ $? -ne 0 ]; then
-	echo "Failed to create '$cache/partial-$arch' directory"
+	echo "Failed to create '$cache/$suite-$arch' directory"
 	exit 1
 fi
 
 # download a mini ubuntu into a cache
 echo "Downloading ubuntu minimal ..."
-debootstrap --verbose --variant=minbase --components=main,universe --arch=$arch --include=$packages $suite $cache/partial-$arch
+eval "packages=\$${suite}_packages"
+cmd="debootstrap --verbose --variant=minbase --components=main,universe --arch=$arch --include=$packages $suite $cache/$suite-$arch"
+echo $cmd
+eval $cmd
 if [ $? -ne 0 ]; then
 	echo "Failed to download the rootfs, aborting."
 	exit 1
 fi
 
-mv "$cache/partial-$arch" "$cache/rootfs-$arch"
 echo "Download complete."
 
 # install chef
-cat <<EOF > "$cache/rootfs-$arch/tmp/install-chef-ubuntu.sh"
+cat <<EOF > "$cache/$suite-$arch/tmp/install-chef-ubuntu.sh"
 echo "deb http://apt.opscode.com/ $suite-0.10 main" | tee /etc/apt/sources.list.d/opscode.list
 
 mkdir -p /etc/apt/trusted.gpg.d
@@ -52,10 +65,11 @@ yes | apt-get install opscode-keyring --force-yes -y # permanent upgradeable key
 export DEBIAN_FRONTEND=noninteractive
 apt-get install chef --force-yes -qy
 EOF
-chroot "$cache/rootfs-$arch" bash /tmp/install-chef-ubuntu.sh
+chroot "$cache/$suite-$arch" bash /tmp/install-chef-ubuntu.sh
 
 # compress root image
-(cd $cache/rootfs-$arch && tar zcf $suite-$arch.tar.gz .)
-mv $cache/rootfs-$arch/$suite-$arch.tar.gz $cache
+echo "Packaging rootfs ..."
+(cd $cache/$suite-$arch && tar zcf $suite-$arch.tar.gz .)
+mv $cache/$suite-$arch/$suite-$arch.tar.gz $cache
 
 

data/scripts/cookbooks/lxc/recipes/default.rb

@@ -29,6 +29,12 @@ template "/usr/lib/lxc/templates/lxc-lucid-chef" do
   action :create
 end
 
+template "/usr/lib/lxc/templates/lxc-natty-chef" do
+  source "lxc-natty-chef"
+  mode "0755"
+  action :create
+end
+
 cookbook_file "/usr/local/bin/lxc-create-ubuntu-image" do
   source "lxc-create-ubuntu-image"
   mode "0755"
@@ -36,7 +42,7 @@ end
 
 bash "create ubuntu rootfs image ... this will take a while" do
   code <<-EOH
-/usr/local/bin/lxc-create-ubuntu-image
+/usr/local/bin/lxc-create-ubuntu-image natty
 EOH
 end
  

data/scripts/cookbooks/lxc/templates/default/lxc-lucid-chef

@@ -1,10 +1,16 @@
 #!/bin/bash
 
+echo "Creating lucid node..."
+
 configure_ubuntu()
 {
     rootfs=$1
     hostname=$2
 
+	# disable selinux in ubuntu
+    mkdir -p $rootfs/selinux
+    echo 0 > $rootfs/selinux/enforce
+
 	# add host root ssh access
     mkdir $rootfs/root/.ssh
     chmod 0600 $rootfs/root/.ssh
@@ -104,15 +110,13 @@ none            /var/lock                 tmpfs           nodev,noexec,nosuid,sh
 none            /lib/init/rw              tmpfs           mode=0755,nosuid,optional         0 0
 EOF
 
-
-
     # reconfigure some services
     if [ -z "$LANG" ]; then
-	chroot $rootfs locale-gen en_US.UTF-8
-	chroot $rootfs update-locale LANG=en_US.UTF-8
+		chroot $rootfs locale-gen en_US.UTF-8
+		chroot $rootfs update-locale LANG=en_US.UTF-8
     else
-	chroot $rootfs locale-gen $LANG
-	chroot $rootfs update-locale LANG=$LANG
+		chroot $rootfs locale-gen $LANG
+		chroot $rootfs update-locale LANG=$LANG
     fi
 
     # remove pointless services in a container
@@ -137,7 +141,7 @@ copy_ubuntu()
     rootfs=$3
 
     # make a local copy of the miniubuntu
-    echo -n "Extracting rootfs image to $rootfs ..."
+    echo "Extracting rootfs image to $rootfs ..."
     mkdir $rootfs
     tar zxf $cache/lucid-$arch.tar.gz -C $rootfs || return 1
     return 0

data/scripts/cookbooks/lxc/templates/default/lxc-natty-chef

@@ -0,0 +1,253 @@
+#!/bin/bash
+
+echo "Creating natty node..."
+
+configure_ubuntu()
+{
+    rootfs=$1
+    hostname=$2
+
+	# disable selinux in ubuntu
+    mkdir -p $rootfs/selinux
+    echo 0 > $rootfs/selinux/enforce
+
+	# add host root ssh access
+    mkdir $rootfs/root/.ssh
+    chmod 0600 $rootfs/root/.ssh
+	cat <<-EOF > $rootfs/root/.ssh/authorized_keys
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCguB7XL3ARzLZYLsIMZe4UUO371m+H5C6V8MhtmSlgXtgHDo7eZhNSm5zCeoyGd32OKeLxuxCCEkXfDDF1aa2a6twcASE3pmWNdnBS7auiOH4P7g+eQ4Aw9v7DdESbIVgHF/NDiAEFFdmApYNM3oCX2FhEVNVKxkkIokUr4axYFJzmJ6Xoi5Sd8JtPC85FZVXqDucZDnHQlOcCkbSo0UOmsWQGwtu8eUHoDeUG0dB8ntb9xlBeLctdrAPhuFYCX8IfFkdcakkzv61ETPbKE6g9wdTDC/TEep7/AHGYmarziRnwKiVOL1jnE1coOJLqy8wOC3dKGmRZy9D4sTc+FRV root insecure public key
+	EOF
+
+	# copy host resolve 
+    rm $rootfs/etc/resolv.conf
+    cp /etc/resolv.conf $rootfs/etc/resolv.conf
+
+	# add default route to host
+	cat <<EOF > $rootfs/etc/rc.local
+#!/bin/sh -e
+route add default gw <%= node.network.gateway_ip %>
+exit 0
+EOF
+
+    # disable selinux in ubuntu
+    mkdir -p $rootfs/selinux
+    echo 0 > $rootfs/selinux/enforce
+
+    # set the hostname
+    cat <<EOF > $rootfs/etc/hostname
+$hostname
+EOF
+    # set minimal hosts
+    cat <<EOF > $rootfs/etc/hosts
+127.0.0.1 localhost $hostname
+EOF
+
+    # suppress log level output for udev
+	sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
+
+	# remove jobs for consoles 5 and 6 since we only create 4 consoles in
+	# this template
+	rm -f $rootfs/etc/init/tty{5,6}.conf
+
+    echo "Set root password to 'root'"
+    echo "root:root" | chroot $rootfs chpasswd
+
+    return 0
+}
+
+copy_ubuntu()
+{
+    cache=$1
+    arch=$2
+    rootfs=$3
+
+    # make a local copy of the miniubuntu
+    echo "Extracting rootfs image to $rootfs ..."
+    mkdir $rootfs
+    tar zxf $cache/natty-$arch.tar.gz -C $rootfs || return 1
+    return 0
+}
+
+install_ubuntu()
+{
+    cache="/var/cache/lxc/ubuntu"
+    rootfs=$1
+    mkdir -p /var/lock/subsys/
+    (
+	flock -n -x 200
+	if [ $? -ne 0 ]; then
+	    echo "Cache repository is busy."
+	    return 1
+	fi
+
+	arch=$(arch)
+	if [ "$arch" == "x86_64" ]; then
+	    arch=amd64
+	fi
+
+	if [ "$arch" == "i686" ]; then
+	    arch=i386
+	fi
+
+	echo "Checking image cache in $cache/rootfs-$arch ... "
+	if [ ! -e "$cache/rootfs-$arch" ]; then
+	    if [ $? -ne 0 ]; then
+		echo "Failed to download 'ubuntu base'"
+		return 1
+	    fi
+	fi
+
+	copy_ubuntu $cache $arch $rootfs
+	if [ $? -ne 0 ]; then
+	    echo "Failed to copy rootfs"
+	    return 1
+	fi
+
+	return 0
+
+	) 200>/var/lock/subsys/lxc
+
+    return $?
+}
+
+copy_configuration()
+{
+    path=$1
+    rootfs=$2
+    name=$3
+
+    cat <<EOF >> $path/config
+lxc.utsname = $name
+
+lxc.tty = 4
+lxc.pts = 1024
+lxc.rootfs = $rootfs
+lxc.mount  = $path/fstab
+
+lxc.cgroup.devices.deny = a
+# /dev/null and zero
+lxc.cgroup.devices.allow = c 1:3 rwm
+lxc.cgroup.devices.allow = c 1:5 rwm
+# consoles
+lxc.cgroup.devices.allow = c 5:1 rwm
+lxc.cgroup.devices.allow = c 5:0 rwm
+# lxc.cgroup.devices.allow = c 4:0 rwm
+# lxc.cgroup.devices.allow = c 4:1 rwm
+# /dev/{,u}random
+lxc.cgroup.devices.allow = c 1:9 rwm
+lxc.cgroup.devices.allow = c 1:8 rwm
+lxc.cgroup.devices.allow = c 136:* rwm
+lxc.cgroup.devices.allow = c 5:2 rwm
+# rtc
+lxc.cgroup.devices.allow = c 254:0 rwm
+EOF
+
+    cat <<EOF > $path/fstab
+proc            $rootfs/proc         proc    nodev,noexec,nosuid 0 0
+devpts          $rootfs/dev/pts      devpts defaults 0 0
+sysfs           $rootfs/sys          sysfs defaults  0 0
+EOF
+
+    if [ $? -ne 0 ]; then
+	echo "Failed to add configuration"
+	return 1
+    fi
+
+    return 0
+}
+
+clean()
+{
+    cache="/var/cache/lxc/ubuntu"
+
+    if [ ! -e $cache ]; then
+	exit 0
+    fi
+
+    # lock, so we won't purge while someone is creating a repository
+    (
+	flock -n -x 200
+	if [ $? != 0 ]; then
+	    echo "Cache repository is busy."
+	    exit 1
+	fi
+
+	echo -n "Purging the download cache..."
+	rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
+	exit 0
+
+    ) 200>/var/lock/subsys/lxc
+}
+
+usage()
+{
+    cat <<EOF
+$1 -h|--help -p|--path=<path> --clean
+EOF
+    return 0
+}
+
+options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@")
+if [ $? -ne 0 ]; then
+    usage $(basename $0)
+    exit 1
+fi
+eval set -- "$options"
+
+while true
+do
+    case "$1" in
+	-h|--help)      usage $0 && exit 0;;
+	-p|--path)      path=$2; shift 2;;
+	-n|--name)      name=$2; shift 2;;
+	-c|--clean)     clean=$2; shift 2;;
+	--)             shift 1; break ;;
+        *)              break ;;
+    esac
+done
+
+if [ ! -z "$clean" -a -z "$path" ]; then
+    clean || exit 1
+    exit 0
+fi
+
+type debootstrap
+if [ $? -ne 0 ]; then
+    echo "'debootstrap' command is missing"
+    exit 1
+fi
+
+if [ -z "$path" ]; then
+    echo "'path' parameter is required"
+    exit 1
+fi
+
+if [ "$(id -u)" != "0" ]; then
+    echo "This script should be run as 'root'"
+    exit 1
+fi
+
+rootfs=$path/rootfs
+
+install_ubuntu $rootfs
+if [ $? -ne 0 ]; then
+    echo "failed to install ubuntu"
+    exit 1
+fi
+
+configure_ubuntu $rootfs $name
+if [ $? -ne 0 ]; then
+    echo "failed to configure ubuntu for a container"
+    exit 1
+fi
+
+copy_configuration $path $rootfs $name
+if [ $? -ne 0 ]; then
+    echo "failed write configuration file"
+    exit 1
+fi
+
+if [ ! -z $clean ]; then
+    clean || exit 1
+    exit 0
+fi

data/scripts/{bash → ubuntu/bin}/install-chef-ubuntu.sh

@@ -1,3 +1,11 @@
+#!/bin/bash
+
+username=`id -nu`	
+if [ ! "$username" = "root" ]; then
+	echo "This command has to be run as root!"
+	exit 1
+fi
+
 echo "deb http://apt.opscode.com/ `lsb_release -cs`-0.10 main" | tee /etc/apt/sources.list.d/opscode.list
 
 mkdir -p /etc/apt/trusted.gpg.d

data/scripts/{bash → ubuntu/bin}/install-rvm.sh

@@ -1,3 +1,5 @@
+#!/bin/bash
+
 function load_rvm {
 	cat <<-EOF >> ~/.profile
 [[ -s ~/.rvm/scripts/rvm ]] && . ~/.rvm/scripts/rvm

data/scripts/ubuntu/bin/lxc-create-centos-image

@@ -0,0 +1,56 @@
+#!/bin/bash
+
+if [ $# -eq 0 ]; then
+	echo "Usage: `basename $0` <centos-6|centos-5|centos-4>"
+	exit 1
+fi
+
+username=`id -nu`	
+if [ ! "$username" = "root" ]; then
+	echo "This command has to be run as root!"
+	exit 1
+fi
+
+cache="/var/cache/lxc/centos"
+suite=$1
+
+arch=$(arch)
+if [ "$arch" == "i686" ]; then
+    arch=i386
+fi
+
+if [ -e "$cache/$suite-$arch.tar.gz" ]; then
+	echo "Cache rootfs already exists!"
+	exit 0
+fi
+
+# install latest rinse
+if [[ ! `type rinse` ]]; then
+	echo "Rinse does not exist. Installing..."
+	(cd /tmp && \
+	wget http://www.steve.org.uk/Software/rinse/rinse-1.9.1.tar.gz && \
+	tar zxf rinse-1.9.1.tar.gz && \
+	cd rinse-1.9.1 && \
+	make install)
+fi
+
+# install rpm
+apt-get install -y rpm
+
+# create centos image using rinse
+cat <<EOF > /tmp/after_post_install
+chroot $cache/$suite-$arch rpm -Uvh http://rbel.co/rbel6
+chroot $cache/$suite-$arch yum -y install man sudo openssh-server openssh-clients rubygem-chef
+EOF
+chmod +x /tmp/after_post_install
+
+echo "Creating $suite-$arch image"
+rinse --config /etc/rinse/rinse.conf \
+	--arch=$arch --distribution=$suite \
+	--directory=$cache/$suite-$arch \
+	--after-post-install=/tmp/after_post_install
+
+# compress root image
+echo "Packaging rootfs ..."
+(cd $cache/$suite-$arch && tar zcf $suite-$arch.tar.gz .)
+mv $cache/$suite-$arch/$suite-$arch.tar.gz $cache