wombat-cli 0.2.0 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6b93d81468007c7e0f2eacebc5b8d7a623f4ef2b
-  data.tar.gz: 22e16911954777a777d741f65e190a094479fb41
+  metadata.gz: ca6a1a2f8fb637c2d25dd3126f74592d8112e1e7
+  data.tar.gz: 957f61652039515b6f3a072f0846b02e8d195c2a
 SHA512:
-  metadata.gz: e4639618f0e1555f2d830840fd3b74b9c761759b50bbe23710fd37fd320e4367249137d4d2f1b40aee5c25c72591ac4426f10a4b89c2018d5678edd2118f5acd
-  data.tar.gz: 2bc93afb35e83966a233564c2b7b5b4704d629c7633bbe6d129ba7ca7bcfe4b00325bde9df3128417322e5a66e06cc165f18a291af5421af6553e2388c3638c2
+  metadata.gz: 81f88a7148288add492bf6026bfdc22a13d3f7b607d65ffc3fe30e606a4b451320a46fc27696c58fb769974ac7a8d462dd07795d3e85953dee48ab76f1bae722
+  data.tar.gz: 47b7e2ff045a4b939c4ab83f5251bfdbd24021278fe62fc7eb4178fa4d23310651f9566b14fbadea7727be5a0492c5171c4e5080feadc419646db4b9609f1de3

data/.gitignore

@@ -17,3 +17,4 @@ infranodes-info.json
 output
 bootstrap-aws.txt
 *.gem
+stacks/*

data/DESIGN.md

@@ -1,4 +1,4 @@
-## Anatomy of an Wombat
+## Anatomy of a Wombat
 
 ### tl;dr
 
@@ -11,6 +11,7 @@ as CloudFormation or Google Deployment Manager.
 * coordination without coordination
 * principle of least surprise
 * dynamic templates over static files
+* long build times, short deploy times
 
 ### A Stroll Down Architecture Lane
 

data/README.md

@@ -1,6 +1,8 @@
 [![Stories in Ready](https://badge.waffle.io/chef-cft/wombat.png?label=ready&title=Ready)](https://waffle.io/chef-cft/wombat)
 # `Project Wombat`
-A combination of packer templates and terraform plan to configure a demo environment which includes:
+`wombat` is a gem that builds and creates demo environments using cloud-specific deployment
+tools like CloudFormation. The demo environments are comprised of instances built
+from the included packer templates:
 
 * Chef Server
 * Chef Automate
@@ -9,7 +11,6 @@ A combination of packer templates and terraform plan to configure a demo environ
 * _N_ Infrastructure Nodes
 * _N_ Windows Workstation
 
-
 Usage
 ------------
 
@@ -23,7 +24,7 @@ directory.
 
 ##### Install and Configure ChefDK
 
-Follow the instructions at https://docs.chef.io/install_dk.html to install and configure ChefDK as your default version of ruby.
+Follow the instructions at https://docs.chef.io/install_dk.html to install and configure ChefDK as your default version of Ruby.
 
 ##### Install Packer
 
@@ -32,34 +33,6 @@ Downloads are here: https://www.packer.io/downloads.html . Place in your path fo
 ##### Create a wombat.yml
 
 Create a wombat.yml - there is an example `wombat.example.yml` for reference and easy copying
-```
----
-name: wombat
-# Uncomment domain_prefix if you wish to prepend your generated domain.
-# Ex: The below example would create foo-chef.animals.biz.
-# domain_prefix: foo-
-domain: animals.biz
-enterprise: mammals
-org: marsupials
-build-nodes: '1'
-workstations: '1'
-workstation-passwd: 'RL9@T40BTmXh'
-version: 0.2.0
-ttl: 8
-products:
-  chef: stable-12.13.37
-  chef-server: stable-12.8.0
-  chefdk: stable-0.16.28
-  compliance: stable-1.3.1
-  automate: stable-0.5.1
-aws:
-  region: ap-southeast-2
-  az: ap-southeast-2c
-  keypair: keypair-ap-southeast-2
-  source_ami:
-    ubuntu: ami-8c4cb0ec
-    windows: ami-87c037e7
-```
 
 *NOTE:* workstation-passwd must meet the minimum Microsoft [Complexity Requirements](https://technet.microsoft.com/en-us/library/hh994562(v=ws.11).aspx)
 
@@ -90,13 +63,18 @@ Upload the created template from the `cloudformation` directory.
 
 ```
 # Deploy CloudFormation template
-$ bin/wombat deploy --cloud aws STACK
+$ bin/wombat deploy --cloud aws STACK --update-lock --create-template
 ==> Updating wombat.lock
 ==> Generate CloudFormation JSON: STACK.json
 ==> Creating CloudFormation stack
 Created: arn:aws:cloudformation:us-east-1:862552916454:stack/STACK/2160c580-713e-11e6-b392-50a686e4bb82
 ```
 
+```
+# Deploy an already generated template (pre-existing template)
+bin/wombat deploy --cloud aws STACK
+```
+
 *NOTE:* If the cloud is not provided it defaults to `aws`
 
 ##### Login to Windows Workstation

data/Rakefile

@@ -1,52 +1 @@
-require 'erb'
-require 'json'
-require 'openssl'
-require 'net/ssh'
-require 'yaml'
-require 'parallel'
-require 'aws-sdk'
-
-namespace :build do
-  desc 'Build an image'
-  task :image, :template, :builder do |_t, args|
-    sh "bin/wombat build -o #{args[:builder]} #{args[:template]}"
-  end
-
-  desc 'Build all images'
-  task :images, :builder, :parallel do |_t, args|
-    if parallel == 'true'
-      sh "bin/wombat build -o #{args[:builder]} --parallel"
-    else
-      sh "bin/wombat build -o #{args[:builder]}"
-    end
-  end
-end
-
-namespace :deploy do
-  desc 'Deploy a stack from template'
-  task :create, :stack,:cloud do |_t, args|
-    case args[:cloud]
-    when "gce", "gcp", "google", "gdm"
-      # TODO
-    when "aws", "amazon", "jeffbezosband", "cfn"
-      sh "bin/wombat deploy --cloud aws #{args[:stack]}"
-    end
-  end
-
-  desc 'Delete a stack'
-  task :delete, :stack, :cloud do |task, args|
-    cloud = args[:cloud] == 'gcp' ? 'gcp' : 'aws'
-    sh "bin/wombat delete --cloud #{cloud} #{args[:stack]}"
-  end
-
-  desc 'List workstation IPs of a stack'
-  task :outputs, :stack, :cloud do |task, args|
-    cloud = args[:cloud] == 'gcp' ? 'gcp' : 'aws'
-    case cloud
-    when "gce", "gcp", "google", "gdm"
-      puts "do google shit"
-    when "aws", "amazon", "jeffbezosband", "cfn"
-      sh "bin/wombat outputs --cloud aws #{args[:stack]}"
-    end
-  end
-end
+require 'bundler/gem_tasks'

data/cookbooks/automate/.kitchen.ec2.yml

@@ -18,10 +18,17 @@ platforms:
       image_id: ami-8e0b9499
     transport:
       ssh_key: <%= ENV["EC2_SSH_KEY_PATH"] %>
+  - name: centos-7
+    driver:
+      image_id: ami-6d1c2007
+    transport:
+      username: centos
+      ssh_key: <%= ENV["EC2_SSH_KEY_PATH"] %>
 
 suites:
   - name: default
     run_list:
-      - recipe[apt]
       - recipe[mock_data]
       - recipe[automate]
+      - recipe[wombat::authorized-keys]
+      - recipe[wombat::etc-hosts]

data/cookbooks/automate/.kitchen.yml

@@ -17,7 +17,6 @@ platforms:
 suites:
   - name: default
     run_list:
-      - recipe[apt::default]
       - recipe[mock_data::default]
       - recipe[automate::default]
     attributes:

data/cookbooks/automate/metadata.rb

@@ -6,8 +6,6 @@ description 'Installs/Configures automate'
 long_description 'Installs/Configures automate'
 version '0.2.0'
 
-depends 'apt'
 depends 'chef-ingredient'
-depends 'hostsfile'
 depends 'line'
 depends 'wombat'

data/cookbooks/automate/recipes/default.rb

@@ -3,6 +3,10 @@
 # Recipe:: default
 #
 # Copyright (c) 2016 The Authors, All Rights Reserved.
+apt_update 'packages' do
+  action :update
+  only_if { node['platform_family'] == 'debian' }
+end
 
 append_if_no_line "Add temporary hostsfile entry: #{node['ipaddress']}" do
   path "/etc/hosts"
@@ -106,6 +110,3 @@ delete_lines "Remove temporary hostfile entry we added earlier" do
   path "/etc/hosts"
   pattern "^#{node['ipaddress']}.*#{node['demo']['automate_fqdn']}.*automate"
 end
-
-include_recipe 'wombat::authorized-keys'
-include_recipe 'wombat::etc-hosts'

data/cookbooks/automate/test/integration/default/automate_spec.rb

@@ -9,8 +9,9 @@ describe file('/usr/local/bin/jq') do
   it { should be_executable }
 end
 
-describe file('/home/vagrant/.ssh/authorized_keys') do
-  its('content') { file("/tmp/public.pub").content }
+describe file("/home/#{os.name}/.ssh/authorized_keys") do
+  its('content') { should include file("/tmp/public.pub").content }
+  it { should exist }
 end
 
 describe package('delivery') do

data/cookbooks/build_node/.kitchen.ec2.yml

@@ -18,13 +18,20 @@ platforms:
       image_id: ami-8e0b9499
     transport:
       ssh_key: <%= ENV["EC2_SSH_KEY_PATH"] %>
+  - name: centos-7
+    driver:
+      image_id: ami-6d1c2007
+    transport:
+      username: centos
+      ssh_key: <%= ENV["EC2_SSH_KEY_PATH"] %>
 
 suites:
   - name: default
     run_list:
-      - recipe[apt]
       - recipe[mock_data]
       - recipe[build_node]
+      - recipe[wombat::authorized-keys]
+      - recipe[wombat::etc-hosts]
     attributes:
       demo:
         node-number: '1'

data/cookbooks/build_node/metadata.rb

@@ -6,10 +6,7 @@ description 'Installs/Configures build-node'
 long_description 'Installs/Configures build-node'
 version '0.3.0'
 
-depends 'apt'
 depends 'chef-sugar'
 depends 'delivery-base'
 depends 'delivery_build'
-depends 'hostsfile'
-depends 'line'
 depends 'wombat'

data/cookbooks/build_node/recipes/default.rb

@@ -3,6 +3,10 @@
 # Recipe:: default
 #
 # Copyright (c) 2016 The Authors, All Rights Reserved.
+apt_update 'packages' do
+  action :update
+  only_if { node['platform_family'] == 'debian' }
+end
 
 directory '/etc/chef'
 directory '/etc/chef/trusted_certs'
@@ -30,6 +34,5 @@ end
 
 node.set['push_jobs']['chef']['chef_server_url'] = node['demo']['chef_server_url']
 node.set['push_jobs']['chef']['node_name'] = "build-node-#{node['demo']['node-number']}"
-include_recipe 'wombat::authorized-keys'
-include_recipe 'wombat::etc-hosts'
+
 include_recipe 'delivery_build::default'

data/cookbooks/build_node/test/integration/default/build-node_spec.rb

@@ -1,7 +1,8 @@
 # build-node tests
 
-describe file('/home/vagrant/.ssh/authorized_keys') do
-  its('content') { file("/tmp/private.pem").content }
+describe file("/home/#{os.name}/.ssh/authorized_keys") do
+  its('content') { should include file("/tmp/public.pub").content }
+  it { should exist }
 end
 
 %w(chef automate compliance).each do |hostname|

data/cookbooks/chef_server/.kitchen.ec2.yml

@@ -18,9 +18,17 @@ platforms:
       image_id: ami-8e0b9499
     transport:
       ssh_key: <%= ENV["EC2_SSH_KEY_PATH"] %>
+  - name: centos-7
+    driver:
+      image_id: ami-6d1c2007
+    transport:
+      username: centos
+      ssh_key: <%= ENV["EC2_SSH_KEY_PATH"] %>
 
 suites:
   - name: default
     run_list:
       - recipe[mock_data]
       - recipe[chef_server]
+      - recipe[wombat::authorized-keys]
+      - recipe[wombat::etc-hosts]

data/cookbooks/chef_server/.kitchen.yml

@@ -17,7 +17,6 @@ platforms:
 suites:
   - name: default
     run_list:
-      - recipe[apt]
       - recipe[mock_data]
       - recipe[chef_server]
     attributes:

data/cookbooks/chef_server/metadata.rb

@@ -6,8 +6,6 @@ description 'Installs/Configures chef-server'
 long_description 'Installs/Configures chef-server'
 version '0.3.0'
 
-depends 'apt'
 depends 'chef-ingredient', '>= 0.18.5'
-depends 'hostsfile'
 depends 'line'
 depends 'wombat'

data/cookbooks/chef_server/recipes/{cheffish.rb → bootstrap_users.rb}

@@ -1,6 +1,6 @@
 #
 # Cookbook Name:: chef-server
-# Recipe:: default
+# Recipe:: bootstrap_users
 #
 # Copyright (c) 2016 The Authors, All Rights Reserved.
 

data/cookbooks/chef_server/recipes/default.rb

@@ -4,6 +4,11 @@
 #
 # Copyright (c) 2016 The Authors, All Rights Reserved.
 
+apt_update 'packages' do
+  action :update
+  only_if { node['platform_family'] == 'debian' }
+end
+
 append_if_no_line "Add temporary hostsfile entry: #{node['ipaddress']}" do
   path "/etc/hosts"
   line "#{node['ipaddress']} #{node['demo']['domain_prefix']}chef.#{node['demo']['domain']} chef"
@@ -14,11 +19,6 @@ execute 'set hostname' do
   action :run
 end
 
-append_if_no_line "Add certificate to authorized_keys" do
-  path "/home/#{node['demo']['admin-user']}/.ssh/authorized_keys"
-  line lazy { IO.read('/tmp/public.pub') }
-end
-
 directory '/var/opt/opscode'
 directory '/var/opt/opscode/nginx'
 directory '/var/opt/opscode/nginx/ca'
@@ -44,10 +44,28 @@ chef_ingredient 'chef-server' do
   config "api_fqdn 'chef.#{node['demo']['domain']}'"
 end
 
-chef_ingredient 'push-jobs-server' do
-  channel :stable
-  version :latest
-  action  :install
+if node['platform'] == 'centos'
+  # hardcoding this one as other permutations are known broken
+  filename = 'opscode-push-jobs-server-1.1.6-1.x86_64.rpm'
+  rpm_path = File.join(Chef::Config[:file_cache_path], filename)
+
+  remote_file rpm_path do
+    source "https://packages.chef.io/stable/el/6/#{filename}"
+    action :create_if_missing
+    notifies :install, 'rpm_package[push-jobs-server]', :immediately
+  end
+
+  rpm_package 'push-jobs-server' do
+    action :install
+    source rpm_path
+    #not_if ""
+  end
+else
+  chef_ingredient 'push-jobs-server' do
+    channel node['demo']['versions']['push-jobs-server'].split('-')[0].to_sym
+    version node['demo']['versions']['push-jobs-server'].split('-')[1]
+    action  :install
+  end
 end
 
 chef_ingredient 'push-jobs-server' do
@@ -55,8 +73,8 @@ chef_ingredient 'push-jobs-server' do
 end
 
 chef_ingredient 'manage' do
-  channel :stable
-  version :latest
+  channel node['demo']['versions']['manage'].split('-')[0].to_sym
+  version node['demo']['versions']['manage'].split('-')[1]
   action  :install
 end
 
@@ -69,11 +87,9 @@ chef_ingredient 'manage' do
   action :reconfigure
 end
 
-include_recipe 'chef_server::cheffish'
+include_recipe 'chef_server::bootstrap_users'
 
 delete_lines "Remove temporary hostfile entry we added earlier" do
   path "/etc/hosts"
   pattern "^#{node['ipaddress']}.*#{node['demo']['domain_prefix']}chef\.#{node['demo']['domain']}.*chef"
 end
-
-include_recipe 'wombat::etc-hosts'

data/cookbooks/chef_server/test/integration/default/chef_server_spec.rb

@@ -4,8 +4,9 @@ describe command('hostname') do
   its('stdout') { should eq "chef\n" }
 end
 
-describe file('/home/vagrant/.ssh/authorized_keys') do
-  its('content') { file("/tmp/public.pub").content }
+describe file("/home/#{os.name}/.ssh/authorized_keys") do
+  its('content') { should include file("/tmp/public.pub").content }
+  it { should exist }
 end
 
 describe package('chef-server-core') do
@@ -15,12 +16,14 @@ end
 
 describe package('chef-manage') do
   it { should be_installed }
-  its('version') { should match '2.4.2' }
+  its('version') { should match '2.4.3' }
 end
 
+version = os.debian? ? '2.1.0' : '1.1.6'
+
 describe package('opscode-push-jobs-server') do
   it { should be_installed }
-  its('version') { should match '2.1.0' }
+  its('version') { should match version }
 end
 
 describe command('chef-server-ctl org-list') do

data/cookbooks/compliance/.kitchen.ec2.yml

@@ -18,9 +18,17 @@ platforms:
       image_id: ami-8e0b9499
     transport:
       ssh_key: <%= ENV["EC2_SSH_KEY_PATH"] %>
+  - name: centos-7
+    driver:
+      image_id: ami-6d1c2007
+    transport:
+      username: centos
+      ssh_key: <%= ENV["EC2_SSH_KEY_PATH"] %>
 
 suites:
   - name: default
     run_list:
       - recipe[mock_data]
       - recipe[compliance]
+      - recipe[wombat::authorized-keys]
+      - recipe[wombat::etc-hosts]

data/cookbooks/compliance/metadata.rb

@@ -6,7 +6,6 @@ description 'Installs/Configures compliance'
 long_description 'Installs/Configures compliance'
 version '0.2.0'
 
-depends 'apt'
 depends 'ccc'
 depends 'wombat'
 depends 'line'

data/cookbooks/compliance/recipes/default.rb

@@ -1,5 +1,10 @@
 # compliance
 
+apt_update 'packages' do
+  action :update
+  only_if { node['platform_family'] == 'debian' }
+end
+
 append_if_no_line "Add temporary hostsfile entry: #{node['ipaddress']}" do
   path "/etc/hosts"
   line "#{node['ipaddress']} #{node['demo']['domain_prefix']}compliance.#{node['demo']['domain']} compliance"
@@ -10,11 +15,6 @@ execute 'set hostname' do
   action :run
 end
 
-append_if_no_line "Add certificate to authorized_keys" do
-  path "/home/#{node['demo']['admin-user']}/.ssh/authorized_keys"
-  line lazy { IO.read('/tmp/public.pub') }
-end
-
 directory '/var/opt/chef-compliance'
 directory '/var/opt/chef-compliance/ssl'
 directory '/var/opt/chef-compliance/ssl/ca'
@@ -55,5 +55,3 @@ delete_lines "Remove temporary hostfile entry we added earlier" do
   path "/etc/hosts"
   pattern "^#{node['ipaddress']}.*#{node['demo']['domain_prefix']}compliance\.#{node['demo']['domain']}.*compliance"
 end
-
-include_recipe 'wombat::etc-hosts'

data/cookbooks/compliance/test/integration/default/compliance.rb

@@ -4,8 +4,9 @@ describe command('hostname') do
   its('stdout') { should eq "compliance\n" }
 end
 
-describe file('/home/vagrant/.ssh/authorized_keys') do
-  its('content') { file("/tmp/public.pub").content }
+describe file("/home/#{os.name}/.ssh/authorized_keys") do
+  its('content') { should include file("/tmp/public.pub").content }
+  it { should exist }
 end
 
 describe package('chef-compliance') do

data/cookbooks/infranodes/.kitchen.ec2.yml

@@ -4,7 +4,9 @@ driver:
   aws_ssh_key_id: <%= ENV["EC2_SSH_KEY_NAME"] %>
   region: us-east-1
   availability_zone: e
-  instance_type: m3.large
+  instance_type: m4.large
+  retryable_sleep: 10
+  retryable_tries: 60
 
 provisioner:
   name: chef_zero
@@ -13,15 +15,34 @@ verifier:
   name: inspec
 
 platforms:
+  - name: centos-7
+    driver:
+      image_id: ami-6d1c2007
+    transport:
+      username: centos
+      ssh_key: <%= ENV["EC2_SSH_KEY_PATH"] %>
+    attributes:
+      demo:
+        admin-user: 'centos'
   - name: ubuntu-1404
     driver:
       image_id: ami-8e0b9499
     transport:
       ssh_key: <%= ENV["EC2_SSH_KEY_PATH"] %>
+    attributes:
+      demo:
+        admin-user: 'ubuntu'
+  - name: windows-2012r2
+    driver:
+      security_group_ids: ['sg-13f69876']
+      image_id: ami-bd3ba0aa
+    transport:
+      ssh_key: <%= ENV["EC2_SSH_KEY_PATH"] %>
 
 suites:
   - name: default
     run_list:
-      - recipe[apt]
       - recipe[mock_data]
       - recipe[infranodes]
+      - recipe[wombat::authorized-keys]
+      - recipe[wombat::etc-hosts]

data/cookbooks/infranodes/recipes/default.rb

@@ -4,15 +4,31 @@
 #
 # Copyright (c) 2016 The Authors, All Rights Reserved.
 
+if node['platform'] == 'windows'
+  node.default['push_jobs']['package_url'] = "https://packages.chef.io/stable/windows/2008r2/push-jobs-client-2.1.1-1-x86.msi"
+  node.default['push_jobs']['package_checksum'] = "b8e76d54bb931949bcc94a6c764ccebda0e6957820b0c3fe62c96e6c3a184d9f"
+
+  conf_dir = "C:/chef"
+  tmp_dir = "C:/Windows/Temp"
+else
+  conf_dir = "/etc/chef"
+  tmp_dir = "/tmp"
+
+  apt_update 'packages' do
+    action :update
+    only_if { node['platform_family'] == 'debian' }
+  end
+end
+
 chef_ingredient 'chef' do
   channel node['demo']['versions']['chef'].split('-')[0].to_sym
   version node['demo']['versions']['chef'].split('-')[1]
   action :install
 end
 
-directory '/etc/chef'
+directory conf_dir
 
-template '/etc/chef/client.rb' do
+template File.join(conf_dir, 'client.rb') do
   source 'client.rb.erb'
   variables({
       :chef_server_url => node['demo']['chef_server_url'],
@@ -21,21 +37,21 @@ template '/etc/chef/client.rb' do
   })
 end
 
-file '/etc/chef/client.pem' do
-  content lazy { IO.read('/tmp/private.pem') }
+file File.join(conf_dir, 'client.pem') do
+  content lazy { IO.read(File.join(tmp_dir, 'private.pem')) }
 end
 
 ###todo: centralize this into the wombat cookbook
-directory '/etc/chef/trusted_certs'
+directory File.join(conf_dir, 'trusted_certs')
 
 %w(chef automate compliance).each do |f|
-  file "/etc/chef/trusted_certs/#{node['demo']['domain_prefix']}#{f}_#{node['demo']['domain'].tr('.','_')}.crt" do
-    content lazy { IO.read("/tmp/#{f}.crt") }
+  file File.join(conf_dir, "trusted_certs/#{node['demo']['domain_prefix']}#{f}_#{node['demo']['domain'].tr('.','_')}.crt") do
+    content lazy { IO.read(File.join(tmp_dir, "#{f}.crt")) }
   end
 end
 ###
 node.set['push_jobs']['chef']['chef_server_url'] = node['demo']['chef_server_url']
 node.set['push_jobs']['chef']['node_name'] = node['demo']['node-name']
-include_recipe 'wombat::authorized-keys'
-include_recipe 'wombat::etc-hosts'
+node.default['push_jobs']['allow_unencrypted'] = true
+
 include_recipe 'push-jobs'

data/cookbooks/infranodes/test/fixtures/cookbooks/mock_data/recipes/default.rb

@@ -1,18 +1,24 @@
 # copy files into tmp for cookbook
 
-cookbook_file '/tmp/public.pub' do
+if node['platform'] == 'windows'
+  tmp_dir = "C:/Windows/Temp"
+else
+  tmp_dir = "/tmp"
+end
+
+cookbook_file File.join(tmp_dir, 'public.pub') do
   content 'public.pub'
   action :create
 end
 
-cookbook_file '/tmp/private.pem' do
+cookbook_file File.join(tmp_dir, 'private.pem') do
   content 'private.pem'
   action :create
 end
 
 %w(chef automate compliance).each do |f|
   %w(crt key).each do |ext|
-    cookbook_file "/tmp/#{f}.#{ext}" do
+    cookbook_file File.join(tmp_dir, "#{f}.crt") do
       content "#{f}.#{ext}"
       action :create
       sensitive true