vagabond 0.2.0 → 0.2.2

data/lib/vagabond/cookbooks/lxc/metadata.rb

@@ -1,9 +1,10 @@
-maintainer       "Chris Roberts"
-maintainer_email "chrisroberts.code@gmail.com"
-license          "Apache 2.0"
-description      "Chef driven Linux Containers"
+name             'lxc'
+maintainer       'Chris Roberts'
+maintainer_email 'chrisroberts.code@gmail.com'
+license          'Apache 2.0'
+description      'Chef driven Linux Containers'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          "0.1.1"
+version          '1.0.1'
 
 supports 'ubuntu'
 

data/lib/vagabond/cookbooks/lxc/providers/config.rb

@@ -1,16 +1,16 @@
 require 'securerandom'
 
 def load_current_resource
-  new_resource._lxc Lxc.new(
+  @lxc = ::Lxc.new(
     new_resource.name,
     :base_dir => node[:lxc][:container_directory],
     :dnsmasq_lease_file => node[:lxc][:dnsmasq_lease_file]
   )
   new_resource.utsname new_resource.name unless new_resource.utsname
-  new_resource.rootfs new_resource._lxc.rootfs unless new_resource.rootfs
+  new_resource.rootfs @lxc.rootfs.to_path unless new_resource.rootfs
   new_resource.default_bridge node[:lxc][:bridge] unless new_resource.default_bridge
-  new_resource.mount ::File.join(new_resource._lxc.path, 'fstab') unless new_resource.mount
-  config = LxcFileConfig.new(new_resource._lxc.container_config)
+  new_resource.mount @lxc.path.join('fstab').to_path unless new_resource.mount
+  config = LxcFileConfig.new(@lxc.container_config)
   if((new_resource.network.nil? || new_resource.network.empty?))
     if(config.network.empty?)
       default_net = {
@@ -19,11 +19,10 @@ def load_current_resource
         :flags => :up,
         :hwaddr => "00:16:3e#{SecureRandom.hex(3).gsub(/(..)/, ':\1')}"
       }
-      default_net.merge!(:ipv4 => new_resource.static_ip) if new_resource.static_ip
     else
       default_net = config.network.first
+      default_net.delete(:ipv4) if default_net.has_key?(:ipv4)
       default_net.merge!(:link => new_resource.default_bridge)
-      default_net.merge!(:ipv4 => new_resource.static_ip) if new_resource.static_ip
     end
     new_resource.network(default_net)
   else
@@ -62,21 +61,15 @@ def load_current_resource
 end
 
 action :create do
-  ruby_block "lxc config_updater[#{new_resource.utsname}]" do
-    block do
-      new_resource.updated_by_last_action(true)
-    end
-    action :nothing
-  end
-
-  directory new_resource._lxc.container_path do
+  _lxc = @lxc
+  
+  directory @lxc.path.to_path do
     action :create
   end
 
   file "lxc update_config[#{new_resource.utsname}]" do
-    path new_resource._lxc.container_config
+    path _lxc.container_config.to_path
     content LxcFileConfig.generate_config(new_resource)
     mode 0644
-    notifies :create, resources(:ruby_block => "lxc config_updater[#{new_resource.utsname}]"), :immediately
   end
 end

data/lib/vagabond/cookbooks/lxc/providers/container.rb

@@ -1,38 +1,51 @@
 def load_current_resource
-  new_resource._lxc Lxc.new(
+  @lxc = ::Lxc.new(
     new_resource.name,
     :base_dir => node[:lxc][:container_directory],
     :dnsmasq_lease_file => node[:lxc][:dnsmasq_lease_file]
   )
+  new_resource.subresources.map! do |s_r|
+    s_r.first.run_context = run_context
+    s_r.first.instance_eval(&s_r.last)
+    s_r.first
+  end
+  
   # TODO: Use some actual logic here, sheesh
   if(new_resource.static_ip && new_resource.static_gateway.nil?)
-    new_resource.static_gateway new_resource.static_ip.sub(/\d+$/, '1')
+    raise "Static gateway must be defined when static IP is provided (Container: #{new_resource.name})"
   end
   new_resource.default_bridge node[:lxc][:bridge] unless new_resource.default_bridge
-  new_resource.new_container !new_resource._lxc.exists?
+  node.run_state[:lxc] ||= Mash.new
+  node.run_state[:lxc][:meta] ||= Mash.new
+  node.run_state[:lxc][:meta][new_resource.name] = Mash.new(
+    :new_container => !@lxc.exists?,
+    :lxc => @lxc
+  )
 end
 
 action :create do
+  _lxc = @lxc # for use inside resources
+  stopped_end_state = _lxc.stopped?
 
   #### Add custom key for host based interactions
-  lxc_dir = directory '/opt/hw-lxc-config' do
-    action :nothing
+  directory '/opt/hw-lxc-config' do
+    recursive true
   end
-  lxc_dir.run_action(:create)
 
-  lxc_key = execute "lxc host_ssh_key" do
+  execute 'lxc host_ssh_key' do
     command "ssh-keygen -P '' -f /opt/hw-lxc-config/id_rsa"
-    creates "/opt/hw-lxc-config/id_rsa"
-    action :nothing
+    creates '/opt/hw-lxc-config/id_rsa'
   end
-  lxc_key.run_action(:run)
 
   #### Create container
-  execute "lxc create[#{new_resource.name}]" do
-    command "lxc-create -n #{new_resource.name} -t #{new_resource.template} -- #{new_resource.template_opts.to_a.flatten.join(' ')}"
-    environment new_resource.create_environment
-    only_if do
-      !new_resource._lxc.exists? && new_resource.updated_by_last_action(true)
+  lxc new_resource.name do
+    if(new_resource.clone)
+      action :clone
+      base_container new_resource.clone
+    else
+      action :create
+      template new_resource.template
+      template_opts new_resource.template_opts
     end
   end
 
@@ -41,7 +54,6 @@ action :create do
     lxc_config new_resource.name do
       action :create
       default_bridge new_resource.default_bridge
-      static_ip new_resource.static_ip
     end
   end
 
@@ -71,272 +83,272 @@ action :create do
       netmask new_resource.static_netmask
       gateway new_resource.static_gateway
     end
+  end
 
-    ruby_block "force container gateway[#{new_resource.name}]" do
-      block do
-        file = Chef::Util::FileEdit.new(
-          ::File.join(
-            new_resource._lxc.rootfs, 'etc', 'rc.local'
-          )
-        )
-        file.search_file_delete_line(%r{route add default gw})
-        file.search_file_replace(
-          %r{exit 0$},
-          "route add default gw #{new_resource.static_gateway}\nexit 0"
-        )
-        file.write_file
+  ruby_block "LXC #{new_resource.name} - Run subresources" do
+    block do
+      new_resource.subresources.each do |s_r|
+        s_r.run_action(:create)
       end
-      not_if "grep \"route add default gw #{new_resource.static_gateway}\" #{::File.join(new_resource._lxc.rootfs, 'etc', 'rc.local')}"
+    end
+    not_if do
+      new_resource.subresources.empty?
     end
   end
 
-  #### Ensure host has ssh access into container
-  directory ::File.join(new_resource._lxc.rootfs, 'root', '.ssh')
-
-  file ::File.join(new_resource._lxc.rootfs, 'root', '.ssh', 'authorized_keys') do
-    content "# Chef generated key file\n#{::File.read('/opt/hw-lxc-config/id_rsa.pub')}\n"
+  template @lxc.path.join('fstab').to_path do
+    source 'fstab.erb'
+    cookbook 'lxc'
+    variables :container => new_resource.name
+    only_if do
+      node.run_state[:lxc][:fstabs] &&
+        node.run_state[:lxc][:fstabs][new_resource.name]
+    end
+    mode 0644
   end
 
-  if(new_resource.chef_enabled || !new_resource.container_commands.empty? || !new_resource.initialize_commands.empty?)
-    if(new_resource.chef_enabled && new_resource.new_container)
-
-      #### Use cached chef package from host if available
-      if(%w(debian ubuntu).include?(new_resource.template) && system('ls /opt/chef*.deb 2>1 > /dev/null'))
-        file_name = Dir.new('/opt').detect do |item| 
-          item.start_with?('chef') && item.end_with?('.deb')
-        end
-        if(file_name)
-          execute "lxc copy_chef_full[#{new_resource.name}]" do
-            command "cp /opt/#{file_name} #{::File.join(new_resource._lxc.rootfs, 'opt')}"
-            not_if do
-              ::File.exists?(
-                ::File.join(new_resource._lxc.rootfs, 'opt', file_name)
-              )
-            end
-          end
-
-          execute "lxc install_chef_full[#{new_resource.name}]" do
-            action :nothing
-            command "chroot #{new_resource._lxc.rootfs} dpkg -i #{::File.join('/opt', file_name)}"
-            subscribes :run, resources(:execute => "lxc copy_chef_full[#{new_resource.name}]"), :immediately
-          end
-          @chef_installed = true
-        end
-      end
-
-      # TODO: Add resources for RPM install
-
-      #### Setup chef related bits within container
-      directory ::File.join(new_resource._lxc.rootfs, 'etc', 'chef') do
-        action :create
-        mode 0755
-      end
-
-      template "lxc chef-config[#{new_resource.name}]" do
-        source 'client.rb.erb'
-        cookbook 'lxc'
-        path ::File.join(new_resource._lxc.rootfs, 'etc', 'chef', 'client.rb')
-        variables(
-          :validation_client => new_resource.validation_client,
-          :node_name => new_resource.node_name || "#{node.name}-#{new_resource.name}",
-          :server_uri => new_resource.server_uri,
-          :chef_environment => new_resource.chef_environment || '_default'
-        )
-        mode 0644
-      end
+  template @lxc.rootfs.join('etc/network/interfaces').to_path do
+    source 'interface.erb'
+    cookbook 'lxc'
+    variables :container => new_resource.name
+    mode 0644
+    only_if do
+      node.run_state[:lxc][:interfaces] &&
+        node.run_state[:lxc][:interfaces][new_resource.name]
+    end
+  end
 
-      file "lxc chef-validator[#{new_resource.name}]" do
-        path ::File.join(new_resource._lxc.rootfs, 'etc', 'chef', 'validator.pem')
-        content new_resource.validator_pem || node[:lxc][:validator_pem]
-        mode 0600
-      end
+  #### Ensure host has ssh access into container
+  directory @lxc.rootfs.join('root/.ssh').to_path
 
-      file "lxc chef-runlist[#{new_resource.name}]" do
-        path ::File.join(new_resource._lxc.rootfs, 'etc', 'chef', 'first_run.json')
-        content({:run_list => new_resource.run_list}.to_json)
-        not_if do
-          ::File.exists?(
-            ::File.join(new_resource._lxc.rootfs, 'etc', 'chef', 'client.pem')
-          )
-        end
-        mode 0644
-      end
+  template @lxc.rootfs.join('root/.ssh/authorized_keys').to_path do
+    source 'file_content.erb'
+    cookbook 'lxc'
+    mode 0600
+    variables(:path => '/opt/hw-lxc-config/id_rsa.pub')
+  end
 
-      #### Provide data bag secret file if required
-      if(new_resource.copy_data_bag_secret_file)
-        if ::File.readable?(new_resource.data_bag_secret_file)
-          file "lxc chef-data-bag-secret[#{new_resource.name}]" do
-            path ::File.join(new_resource._lxc.rootfs, 'etc', 'chef', 'encrypted_data_bag_secret')
-            content ::File.open(new_resource.data_bag_secret_file, "rb").read
-            mode 0600
-          end
-        else
-          Chef::Log.warn "Could not read #{new_resource.data_bag_secret_file}"
-        end
+  #### Use cached chef package from host if available
+  if(%w(debian ubuntu).include?(new_resource.template) && system('ls /opt/chef*.deb 2>1 > /dev/null'))
+    if(::File.directory?('/opt'))
+      file_name = Dir.new('/opt').detect do |item| 
+        item.start_with?('chef') && item.end_with?('.deb')
       end
     end
-
-    ruby_block "lxc start[#{new_resource.name}]" do
-      block do
-        new_resource._lxc.start
-      end
-      only_if do
-        ::File.exists?(
-          ::File.join(new_resource._lxc.rootfs, 'etc', 'chef', 'first_run.json')
-        ) || (new_resource.new_container && new_resource.initialize_commands)
+    
+    execute "lxc copy_chef_full[#{new_resource.name}]" do
+      command "cp /opt/#{file_name} #{_lxc.rootfs.join('opt')}"
+      not_if do
+        file_name.nil? || !new_resource.chef_enabled || _lxc.rootfs.join('opt', file_name).exist?
       end
     end
+        
+    execute "lxc install_chef_full[#{new_resource.name}]" do
+      action :nothing
+      command "chroot #{_lxc.rootfs} dpkg -i #{::File.join('/opt', file_name)}"
+      subscribes :run, "execute[lxc copy_chef_full[#{new_resource.name}]]", :immediately
+    end
+  elsif(new_resource.chef_enabled)
+    pkg_coms = ['update -y -q', 'upgrade -y -q','install curl -y -q']
+    if(!new_resource.template.to_s.scan(%r{debian|ubuntu}).empty?)
+      pkg_man = 'apt-get'
+    elsif(!new_resource.template.to_s.scan(%r{fedora|centos}).empty?)
+      pkg_man = 'yum'
+    end
+    if(pkg_man)
+      new_resource.initialize_commands(
+        pkg_coms.map do |c|
+          "#{pkg_man} #{c}"
+        end + new_resource.initialize_commands
+      )
+    end
+  end
 
-    if(new_resource.chef_enabled && new_resource.new_container)
-      # Make sure we have chef in the container
-      unless(@chef_installed)
-        # Use remote file to remove curl dep
-        remote_file "lxc chef_install_script[#{new_resource.name}]" do
-          source "http://opscode.com/chef/install.sh"
-          path ::File.join(new_resource._lxc.rootfs, 'opt', 'chef-install.sh')
-          action :create_if_missing
-        end
-
-        ruby_block "lxc install_chef[#{new_resource.name}]" do
-          block do
-            new_resource._lxc.container_command(
-              "bash /opt/chef-install.sh"
-            )
-          end
-          not_if do
-            ::File.exists?(
-                ::File.join(new_resource._lxc.rootfs, 'usr', 'bin', 'chef-client')
-            )
+  ruby_block "lxc lock_default_users" do
+    block do
+      contents = ::File.readlines(_lxc.rootfs.join('etc/shadow').to_path)
+      ::File.open(_lxc.rootfs.join('etc/shadow').to_path, 'w') do |file|
+        contents.each do |line|
+          parts = line.split(':')
+          if(node[:lxc][:user_locks].include?(parts.first) && !parts[1].start_with?('!'))
+            parts[1] = "!#{parts[1]}"
           end
-        end
-      end
-
-      #### Let chef configure the container
-      ruby_block "lxc run_chef[#{new_resource.name}]" do
-        block do
-          new_resource._lxc.container_command(
-            "chef-client -K /etc/chef/validator.pem -c /etc/chef/client.rb -j /etc/chef/first_run.json",
-            new_resource.chef_retries
-          )
-        end
-        not_if do
-          ::File.exists?(
-            ::File.join(new_resource._lxc.rootfs, 'etc', 'chef', 'client.pem')
-          )
+          file.write parts.join(':')
         end
       end
     end
-
-    #### Have initialize commands for the container? Run them now
-    if(new_resource.new_container && !new_resource.initialize_commands.empty?)
-      ruby_block "lxc initialize_commands[#{new_resource.name}]" do
-        block do
-          new_resource.initialize_commands.each do |cmd|
-            new_resource._lxc.container_command(cmd, 2)
-          end
-        end
+    only_if do
+      ::File.readlines(_lxc.rootfs.join('etc/shadow').to_path).detect do |line|
+        parts = line.split(':')
+        node[:lxc][:user_locks].include?(parts.first) && !parts[1].start_with?('!')
       end
     end
+  end
 
-    #### Have commands for the container? Run them now
-    unless(new_resource.container_commands.empty?)
-      ruby_block "lxc container_commands[#{new_resource.name}]" do
-        block do
-          new_resource.container_commands.each do |cmd|
-            new_resource._lxc.container_command(cmd, 2)
+  ruby_block "lxc default_password_scrub" do
+    block do
+      contents = ::File.readlines(_lxc.rootfs.join('etc/shadow').to_path)
+      ::File.open(_lxc.rootfs.join('etc/shadow'), 'w') do |file|
+        contents.each do |line|
+          if(line.start_with?('root:'))
+            line.sub!(%r{root:.+?:}, 'root:*')
           end
+          file.write line
         end
       end
     end
+    not_if "grep 'root:*' #{_lxc.rootfs.join('etc/shadow').to_path}"
+  end
 
-    #### NOTE: Creation always leaves the container in a stopped state
-    ruby_block "lxc shutdown[#{new_resource.name}]" do
-      block do
-        new_resource._lxc.shutdown
-      end
-      only_if do
-        new_resource.new_container
-      end
+  ruby_block "lxc start[#{new_resource.name}]" do
+    block do
+      _lxc.start
     end
-
-    #### Clean up after chef if it's enabled
-    if(new_resource.chef_enabled)
-      file ::File.join(new_resource._lxc.rootfs, 'etc', 'chef', 'first_run.json') do
-        action :delete
-      end
-      
-      file ::File.join(new_resource._lxc.rootfs, 'etc', 'chef', 'validator.pem') do
-        action :delete
+    only_if do
+      _lxc.rootfs.join('etc/chef/first_run.json').exist? ||
+        !new_resource.container_commands.empty? ||
+        (node.run_state[:lxc][:meta][new_resource.name][:new_container] && new_resource.initialize_commands)
+    end
+  end
+    
+  #### Have initialize commands for the container? Run them now
+  ruby_block "lxc initialize_commands[#{new_resource.name}]" do
+    block do
+      new_resource.initialize_commands.each do |cmd|
+        Chef::Log.info "Running command on #{new_resource.name}: #{cmd}"
+        _lxc.container_command(cmd, 2)
       end
     end
+    only_if do
+      node.run_state[:lxc][:meta][new_resource.name][:new_container] &&
+        !new_resource.initialize_commands.empty?
+    end
   end
 
-end
+  # Make sure we have chef in the container
+  remote_file "lxc chef_install_script[#{new_resource.name}]" do
+    source "http://opscode.com/chef/install.sh"
+    path _lxc.rootfs.join('opt/chef-install.sh').to_path
+    action :create_if_missing
+    only_if do
+      new_resource.chef_enabled && !_lxc.rootfs.join('usr/bin/chef-client').exist?
+    end
+  end
 
-action :delete do
-  ruby_block "lxc stop[#{new_resource.name}]" do
+  ruby_block "lxc install_chef[#{new_resource.name}]" do
     block do
-      new_resource._lxc.stop
+      _lxc.container_command('bash /opt/chef-install.sh')
     end
+    action :create
     only_if do
-      new_resource._lxc.running?
+      new_resource.chef_enabled &&
+        !_lxc.rootfs.join('usr/bin/chef-client').exist? &&
+        _lxc.rootfs.join('opt/chef-install.sh').exist?
     end
   end
-  
-  execute "lxc delete[#{new_resource.name}]" do
-    command "lxc-destroy -n #{new_resource.name}"
-    only_if do
-      new_resource._lxc.exists? && new_resource.updated_by_last_action(true)
-    end
+
+  #### Setup chef related bits within container
+  directory @lxc.rootfs.join('etc/chef').to_path do
+    action :create
+    mode 0755
+    only_if{ new_resource.chef_enabled }
+  end
+
+  template "lxc chef-config[#{new_resource.name}]" do
+    source 'client.rb.erb'
+    cookbook 'lxc'
+    path _lxc.rootfs.join('etc/chef/client.rb').to_path
+    variables(
+      :validation_client => new_resource.validation_client || Chef::Config[:validation_client_name],
+      :node_name => new_resource.node_name || "#{node.name}-#{new_resource.name}",
+      :server_uri => new_resource.server_uri || Chef::Config[:chef_server_url],
+      :chef_environment => new_resource.chef_environment || '_default'
+    )
+    mode 0644
+    only_if{ new_resource.chef_enabled }
   end
-end
 
-action :clone do
-  execute "lxc clone[#{new_resource.base_container} -> #{new_resource.name}]" do
-    command "lxc-clone -o #{new_resource.base_container} -n #{new_resource.name}"
+  file "lxc chef-validator[#{new_resource.name}]" do
+    path _lxc.rootfs.join('etc/chef/validator.pem').to_path
+    content new_resource.validator_pem || node[:lxc][:validator_pem]
+    mode 0600
+    only_if{ new_resource.chef_enabled && !_lxc.rootfs.join('etc/chef/client.pem').exist? }
+  end
+
+  file "lxc chef-runlist[#{new_resource.name}]" do
+    path _lxc.rootfs.join('etc/chef/first_run.json').to_path
+    content({:run_list => new_resource.run_list}.to_json)
     only_if do
-      !new_resource._lxc.exists? && new_resource.updated_by_last_action(true)
+      new_resource.chef_enabled && !_lxc.rootfs.join('etc/chef/client.pem').exist?
     end
+    mode 0644
   end
 
-  lxc_service "lxc config_restart[#{new_resource.name}]" do
-    service_name new_resource.name
-    action :nothing
+  file "lxc chef-data-bag-secret[#{new_resource.name}]" do
+    path _lxc.rootfs.join('etc/chef/encrypted_data_bag_secret').to_path
+    content(
+      ::File.exists?(new_resource.data_bag_secret_file) ? ::File.open(new_resource.data_bag_secret_file, "rb").read : ''
+    )
+    mode 0600
     only_if do
-      new_resource._lxc.running?
+      new_resource.chef_enabled &&
+      new_resource.copy_data_bag_secret_file &&
+        ::File.exists?(new_resource.copy_data_bag_secret_file)
     end
   end
   
-  lxc_config new_resource.name do
-    action :create
-    notifies :restart, resources(:lxc_service => "lxc config_restart[#{new_resource.name}]"), :immediately
+  #### Let chef configure the container
+  # NOTE: We run chef-client if the validator.pem exists and the
+  # client.pem file does not exist.
+  ruby_block "lxc run_chef[#{new_resource.name}]" do
+    block do
+      cmd = 'chef-client -K /etc/chef/validator.pem -c /etc/chef/client.rb -j /etc/chef/first_run.json'
+      Chef::Log.info "Running command on #{new_resource.name}: #{cmd}"      
+      _lxc.container_command(cmd, new_resource.chef_retries)
+    end
+    only_if do
+      new_resource.chef_enabled &&
+        _lxc.rootfs.join('etc/chef/validator.pem').exist? &&
+        !_lxc.rootfs.join('etc/chef/client.pem').exist?
+    end
   end
-  
-  if(new_resource.chef_enabled)
-    ruby_block "lxc start[#{new_resource.name}]" do
-      block do
-        new_resource._lxc.start
+
+  #### Have commands for the container? Run them now
+  ruby_block "lxc container_commands[#{new_resource.name}]" do
+    block do
+      new_resource.container_commands.each do |cmd|
+        _lxc.container_command(cmd, 2)
       end
-      action :nothing
-      subscribes :create, resources(:execute => "lxc clone[#{new_resource.base_container} -> #{new_resource.name}]"), :immediately
     end
+    not_if do
+      new_resource.container_commands.empty?
+    end
+  end
 
-    ruby_block "lxc run_chef[#{new_resource.name}]" do
-      block do
-        new_resource._lxc.container_command(
-          "chef-client -K /etc/chef/validator.pem -c /etc/chef/client.rb -j /etc/chef/first_run.json", 3
-        )
-      end
-      action :nothing
-      subscribes :create, resources(:execute => "lxc clone[#{new_resource.base_container} -> #{new_resource.name}]"), :immediately
+  # NOTE: If the container was not running before we started, make
+  # sure we leave it in a stopped state
+  ruby_block "lxc shutdown[#{new_resource.name}]" do
+    block do
+      _lxc.shutdown
     end
- 
-    ruby_block "lxc shutdown[#{new_resource.name}]" do
-      block do
-        new_resource._lxc.shutdown
-      end
-      action :nothing
-      subscribes :create, resources(:execute => "lxc clone[#{new_resource.base_container} -> #{new_resource.name}]"), :immediately
+    only_if do
+      stopped_end_state && _lxc.running?
     end
   end
+  
+  #### Clean up after chef if it's enabled
+  file @lxc.rootfs.join('etc/chef/first_run.json').to_path do
+    action :delete
+  end
+
+  file @lxc.rootfs.join('etc/chef/validator.pem').to_path do
+    action :delete
+  end
+    
+end
+
+action :delete do
+  lxc new_resource.name do
+    action :delete
+  end
 end