From 747c972f0eeefc9f11ad64ecfeecfc57f11d1a71 Mon Sep 17 00:00:00 2001 From: zpatten Date: Thu, 3 Jan 2013 01:25:28 -0800 Subject: [PATCH 01/10] major refactor to chef recipes --- .../tasks/chef_client/client.rb.erb | 2 + lib/cap_recipes/tasks/chef_client/hooks.rb | 15 +-- lib/cap_recipes/tasks/chef_client/install.rb | 46 +++++++- lib/cap_recipes/tasks/chef_client/manage.rb | 105 ++++++++++++------ .../tasks/chef_server/client.rb.erb | 10 ++ lib/cap_recipes/tasks/chef_server/hooks.rb | 4 +- lib/cap_recipes/tasks/chef_server/install.rb | 87 ++++++++++++++- 7 files changed, 217 insertions(+), 52 deletions(-) create mode 100644 lib/cap_recipes/tasks/chef_server/client.rb.erb diff --git a/lib/cap_recipes/tasks/chef_client/client.rb.erb b/lib/cap_recipes/tasks/chef_client/client.rb.erb index 8c326b2..938ec82 100644 --- a/lib/cap_recipes/tasks/chef_client/client.rb.erb +++ b/lib/cap_recipes/tasks/chef_client/client.rb.erb @@ -4,5 +4,7 @@ chef_server_url "<%= chef_client_config_chef_server_url %>" ssl_verify_mode <%= chef_client_config_ssl_verify_mode %> validation_client_name "<%= chef_client_config_validation_client_name %>" environment "<%= chef_client_config_environment %>" +file_backup_path "<%= chef_client_config_file_backup_path %>" +file_cache_path "<%= chef_client_config_file_cache_path %>" Mixlib::Log::Formatter.show_time = true diff --git a/lib/cap_recipes/tasks/chef_client/hooks.rb b/lib/cap_recipes/tasks/chef_client/hooks.rb index ff5e125..837b83e 100644 --- a/lib/cap_recipes/tasks/chef_client/hooks.rb +++ b/lib/cap_recipes/tasks/chef_client/hooks.rb @@ -4,14 +4,15 @@ Capistrano::Configuration.instance(true).load do # DEPLOY - after "deploy:stop", "chef:client:stop" - after "deploy:start", "chef:client:start" - after "deploy:restart", "chef:client:restart" - after "deploy:provision", "chef:client:install" - after "deploy:update", "chef:client:update" + # after "deploy:stop", "chef:client:stop" + # after "deploy:start", "chef:client:start" + # after "deploy:restart", "chef:client:restart" + # after "deploy:provision", "chef:client:install" + # after "deploy:update", "chef:client:update" # CHEF-CLIENT - after "chef:client:install", "chef:client:update" - # after "chef:client:update", "chef:client:logrotate" + # after "chef:client:install", "chef:client:configure" + # after "chef:client:configure", "chef:client:bootstrap" + # after "chef:client:bootstrap", "chef:client:status" end diff --git a/lib/cap_recipes/tasks/chef_client/install.rb b/lib/cap_recipes/tasks/chef_client/install.rb index a1e8ba6..872741f 100644 --- a/lib/cap_recipes/tasks/chef_client/install.rb +++ b/lib/cap_recipes/tasks/chef_client/install.rb @@ -18,20 +18,30 @@ set(:chef_client_dc3_machine_arch) { "x86_64" } set(:chef_client_config_template) { File.join(File.dirname(__FILE__), 'client.rb.erb') } - set(:chef_client_config_log_level) { ":debug" } + set(:chef_client_config_log_level) { ":info" } set(:chef_client_config_log_location) { "STDOUT" } set(:chef_client_config_chef_server_url) { nil } set(:chef_client_config_ssl_verify_mode) { ":verify_none" } set(:chef_client_config_validation_client_name) { "chef-validator" } set(:chef_client_config_environment) { rails_env.to_s } + set(:chef_client_config_file_backup_path) { "/var/chef/backup" } + set(:chef_client_config_file_cache_path) { "/var/chef/cache" } set(:chef_client_install_method) { :ec2 } set(:chef_server_validation_pem_path) { nil } + set(:chef_client_config_encrypted_data_bag_secret_path) { nil } desc "install chef-client" task :install, :roles => [:chef_client], :on_no_matching_servers => :continue do + logger.info("#" * 80) + logger.info("# CHEF-CLIENT INSTALL") + logger.info("#" * 80) case chef_client_install_method.to_sym when :ec2 then run("curl -L http://www.opscode.com/chef/install.sh | #{sudo} bash") + sudo("sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/ssh/sshd_config") + sudo("/etc/init.d/ssh stop") + sudo("/etc/init.d/ssh start") + sudo("rm -rfv /var/chef/cache/* /var/chef/backup/*") when :dc3 then chef_client_url_params = [ "v=#{chef_client_dc3_version}", @@ -46,14 +56,40 @@ sudo("dpkg -i /var/tmp/chef-client.deb") sudo("ln -svf /opt/chef/bin/* /usr/bin/") end + end + + desc "configure chef-client" + task :configure, :roles => [:chef_client], :on_no_matching_servers => :continue do + logger.info("#" * 80) + logger.info("# CHEF-CLIENT CONFIGURE") + logger.info("#" * 80) + sudo("mkdir -p /etc/chef/") + chef_server_validation_pem = File.expand_path(File.join(chef_server_validation_pem_path, "chef-#{chef_client_install_method}-validation.pem")) - utilities.sudo_upload(chef_server_validation_pem, "/etc/chef/validation.pem", :owner => "root:root") - end + utilities.sudo_upload(chef_server_validation_pem, "/etc/chef/validation.pem", :owner => "root:root", :mode => "0400") + + chef_client_config_encrypted_data_bag_secret = File.expand_path(File.join(chef_client_config_encrypted_data_bag_secret_path, "chef-#{chef_client_install_method}-data-bag-secret")) + utilities.sudo_upload(chef_client_config_encrypted_data_bag_secret, "/etc/chef/encrypted_data_bag_secret", :owner => "root:root", :mode => "0400") - desc "update chef-client" - task :update, :roles => [:chef_client], :on_no_matching_servers => :continue do utilities.sudo_upload_template(chef_client_config_template, "/etc/chef/client.rb", :owner => "root:root") + + sudo("chown -Rv root:root /etc/chef") + end + + desc "chef-client bootstrap; runs chef-client once via command line" + task :bootstrap, :roles => [:chef_client], :on_no_matching_servers => :continue do + chef.client.stop + find_servers_for_task(current_task).each do |server| + logger.info("#" * 80) + logger.info("# CHEF-CLIENT BOOTSTRAP: #{server}") + logger.info("#" * 80) + + sudo("bash -c '([[ -f /opt/chef/bin/chef-client ]] && /opt/chef/bin/chef-client) || echo \"NOOP\"'", :hosts => server) + sudo("bash -c '([[ -f /etc/chef/client.pem ]] && chmod -v 0400 /etc/chef/client.pem) || echo \"NOOP\"'", :hosts => server) + sudo("chown -Rv root:root /etc/chef", :hosts => server) + end + chef.client.start end end diff --git a/lib/cap_recipes/tasks/chef_client/manage.rb b/lib/cap_recipes/tasks/chef_client/manage.rb index 1c3591f..3c38356 100644 --- a/lib/cap_recipes/tasks/chef_client/manage.rb +++ b/lib/cap_recipes/tasks/chef_client/manage.rb @@ -1,65 +1,102 @@ ############################################################################### # CHEF-CLIENT MANAGE ################################################################################ +require 'ostruct' + Capistrano::Configuration.instance(true).load do namespace :chef do namespace :client do + def with_report(servers, headers, &block) + raise "You must supply a block to 'with_report'!" if !block_given? + + results = Array.new + max_lengths = OpenStruct.new + servers.each do |server| + results << block.call(server) + end + + headers.each do |header| + maximum = [headers.collect{ |header| header.to_s }, results.collect{ |result| result.send(header.to_sym).to_s }].flatten.map(&:length).max + max_lengths.send("#{header}=", maximum) + end + + puts("-" * (max_lengths.send(:table).values.reduce(:+) + (max_lengths.send(:table).keys.count * 2))) + headers.each do |header| + print(" %#{max_lengths.send(header)}s" % [header.to_s.upcase]) + end + print("\n") + puts("-" * (max_lengths.send(:table).values.reduce(:+) + (max_lengths.send(:table).keys.count * 2))) + + results.each do |result| + headers.each do |header| + print(" %#{max_lengths.send(header)}s" % [result.send(header)]) + end + print("\n") + end + puts("-" * (max_lengths.send(:table).values.reduce(:+) + (max_lengths.send(:table).keys.count * 2))) + end + desc "start chef-client" task :start, :roles => [:chef_client] do - logger.info("################################################################################") + logger.info("#" * 80) logger.info("# CHEF-CLIENT START") - logger.info("################################################################################") - sudo("bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client start) || ([[ -f /sbin/service ]] && /sbin/service chef-client start)'") + logger.info("#" * 80) + sudo("bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client start) || echo \"NOT INSTALLED!\"'") end desc "stop chef-client" task :stop, :roles => [:chef_client] do - logger.info("################################################################################") + logger.info("#" * 80) logger.info("# CHEF-CLIENT STOP") - logger.info("################################################################################") - sudo("bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client stop) || ([[ -f /sbin/service ]] && /sbin/service chef-client stop)'") + logger.info("#" * 80) + sudo("bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client stop) || echo \"NOT INSTALLED!\"'") end desc "restart chef-client" task :restart, :roles => [:chef_client] do - logger.info("################################################################################") + logger.info("#" * 80) logger.info("# CHEF-CLIENT RESTART") - logger.info("################################################################################") - sudo("bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client restart) || ([[ -f /sbin/service ]] && /sbin/service chef-client restart)'") - end - - desc "reload chef-client" - task :reload, :roles => [:chef_client] do - logger.info("################################################################################") - logger.info("# CHEF-CLIENT RELOAD") - logger.info("################################################################################") - sudo("bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client reload) || ([[ -f /sbin/service ]] && /sbin/service chef-client reload)'") + logger.info("#" * 80) + sudo("bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client restart) || echo \"NOT INSTALLED!\"'") end desc "chef-client status" task :status, :roles => [:chef_client] do - logger.info("################################################################################") - logger.info("# CHEF-CLIENT STATUS") - logger.info("################################################################################") - sudo("bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client status) || ([[ -f /sbin/service ]] && /sbin/service chef-client status)'") - end + with_report(find_servers_for_task(current_task), [:hostname, :ip, :chef_client_version, :chef_client_status]) do |server| + logger.info("#" * 80) + logger.info("# CHEF-CLIENT STATUS: #{server}") + logger.info("#" * 80) - desc "chef-client status" - task :version, :roles => [:chef_client] do - logger.info("################################################################################") - logger.info("# CHEF-CLIENT VERSION") - logger.info("################################################################################") - sudo("bash -c '([[ -f /usr/bin/chef-client ]] && /usr/bin/chef-client -v) || echo \"Failed to find the chef-client executable!\"'") + server_hostname = capture("hostname -f", :hosts => server).strip + chef_client_status = capture("#{sudo} bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client status) || echo \"NOT INSTALLED!\"'", :hosts => server).strip + chef_client_version = capture("#{sudo} bash -c '([[ -f /etc/init.d/chef-client ]] && /usr/bin/chef-client -v) || echo \"NOT INSTALLED!\"'", :hosts => server).strip + + OpenStruct.new(:hostname => server_hostname, :ip => server.to_s, :chef_client_status => chef_client_status, :chef_client_version => chef_client_version) + end end - desc "chef-client bootstrap; runs chef-client once via command line" - task :bootstrap, :roles => [:chef_client] do - logger.info("################################################################################") - logger.info("# CHEF-CLIENT BOOTSTRAP") - logger.info("################################################################################") - sudo("bash -c '([[ -f /usr/bin/chef-client ]] && /usr/bin/chef-client) || echo \"Failed to find the chef-client executable!\"'") + desc "chef-client key backup" + task :backup, :roles => [:chef_client] do + raise "You must specify a CHEF_ENV for this command!" if (ENV['CHEF_ENV'].nil? || ENV['CHEF_ENV'].blank?) + with_report(find_servers_for_task(current_task), [:hostname, :ip, :chef_client_version, :chef_client_status, :key_backup_result]) do |server| + logger.info("#" * 80) + logger.info("# CHEF-CLIENT KEY BACKUP: #{server}") + logger.info("#" * 80) + + server_hostname = capture("hostname -f", :hosts => server).strip + chef_client_status = capture("#{sudo} bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client status) || echo \"NOT INSTALLED!\"'", :hosts => server).strip + chef_client_version = capture("#{sudo} bash -c '([[ -f /etc/init.d/chef-client ]] && /usr/bin/chef-client -v) || echo \"NOT INSTALLED!\"'", :hosts => server).strip + + to_filepath = File.expand_path(File.join(Dir.pwd, ".chef", "chef-#{ENV['CHEF_ENV'].downcase}-client-#{server_hostname}.pem")) + sudo("cp -v /etc/chef/client.pem /var/tmp/client.pem && chown -v dev:dev /var/tmp/client.pem", :hosts => server) + (top.download("/var/tmp/client.pem", to_filepath, :hosts => server) rescue nil) + sudo("rm -fv /var/tmp/client.pem", :hosts => server) + key_backup_result = ((File.exists?(to_filepath) && (File.mtime(to_filepath).utc > (Time.now.utc - 15.seconds))) ? "SUCCESS" : "X") + + OpenStruct.new(:hostname => server_hostname, :ip => server.to_s, :chef_client_status => chef_client_status, :chef_client_version => chef_client_version, :key_backup_result => key_backup_result) + end end end diff --git a/lib/cap_recipes/tasks/chef_server/client.rb.erb b/lib/cap_recipes/tasks/chef_server/client.rb.erb new file mode 100644 index 0000000..53c38b7 --- /dev/null +++ b/lib/cap_recipes/tasks/chef_server/client.rb.erb @@ -0,0 +1,10 @@ +log_level <%= chef_server_config_log_level %> +log_location <%= chef_server_config_log_location %> +chef_server_url "<%= chef_server_config_chef_server_url %>" +ssl_verify_mode <%= chef_server_config_ssl_verify_mode %> +validation_client_name "<%= chef_server_config_validation_client_name %>" +environment "<%= chef_server_config_environment %>" +file_backup_path "<%= chef_server_config_file_backup_path %>" +file_cache_path "<%= chef_server_config_file_cache_path %>" + +Mixlib::Log::Formatter.show_time = true diff --git a/lib/cap_recipes/tasks/chef_server/hooks.rb b/lib/cap_recipes/tasks/chef_server/hooks.rb index e77f092..d3cfc7a 100644 --- a/lib/cap_recipes/tasks/chef_server/hooks.rb +++ b/lib/cap_recipes/tasks/chef_server/hooks.rb @@ -4,10 +4,10 @@ Capistrano::Configuration.instance(true).load do # DEPLOY - after "deploy:provision", "chef:server:install" + # after "deploy:provision", "chef:server:install" # CHEF-SERVER - after "chef:server:install", "chef:server:update" + # after "chef:server:install", "chef:server:update" # after "chef:server:update", "chef_server:logrotate" end diff --git a/lib/cap_recipes/tasks/chef_server/install.rb b/lib/cap_recipes/tasks/chef_server/install.rb index 23b723a..4380dd2 100644 --- a/lib/cap_recipes/tasks/chef_server/install.rb +++ b/lib/cap_recipes/tasks/chef_server/install.rb @@ -1,6 +1,8 @@ ############################################################################### # CHEF-SERVER INSTALL ################################################################################ +require 'tempfile' + Capistrano::Configuration.instance(true).load do namespace :chef do @@ -12,14 +14,91 @@ set(:chef_server_admin_password) { "p@ssw0rd" } set(:chef_server_install_script) { File.join(File.dirname(__FILE__), 'install.sh.erb') } + # http://www.opscode.com/chef/download?v=&p=ubuntu&pv=10.04&m=x86_64 + set(:chef_server_omnibus_url) { "http://www.opscode.com/chef/install.sh" } + + set(:chef_server_dc3_version) { nil } + set(:chef_server_dc3_platform) { "ubuntu" } + set(:chef_server_dc3_platform_version) { "10.04" } + set(:chef_server_dc3_machine_arch) { "x86_64" } + + set(:chef_server_config_template) { File.join(File.dirname(__FILE__), 'client.rb.erb') } + set(:chef_server_config_log_level) { ":info" } + set(:chef_server_config_log_location) { "STDOUT" } + set(:chef_server_config_chef_server_url) { "http://127.0.0.1:4000" } + set(:chef_server_config_ssl_verify_mode) { ":verify_none" } + set(:chef_server_config_environment) { nil } + set(:chef_server_config_validation_client_name) { "chef-validator" } + set(:chef_server_config_file_backup_path) { "/var/chef/backup" } + set(:chef_server_config_file_cache_path) { "/var/chef/cache" } + set(:chef_server_install_method) { :ec2 } + set(:chef_server_validation_pem_path) { nil } + set(:chef_server_config_encrypted_data_bag_secret_path) { nil } + desc "install chef-server" task :install, :roles => [:chef_server], :on_no_matching_servers => :continue do - utilities.sudo_upload_template(chef_server_install_script, "/root/chef-server-install.sh", :mode => "554", :owner => "root:root") - sudo("/root/chef-server-install.sh") + logger.info("#" * 80) + logger.info("# CHEF-SERVER INSTALL") + logger.info("#" * 80) + + # utilities.sudo_upload_template(chef_server_install_script, "/root/chef-server-install.sh", :mode => "554", :owner => "root:root") + # sudo("/root/chef-server-install.sh") + + case chef_server_install_method.to_sym + when :ec2 then + run("curl -L http://www.opscode.com/chef/install.sh | #{sudo} bash") + sudo("sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/ssh/sshd_config") + sudo("/etc/init.d/ssh stop") + sudo("/etc/init.d/ssh start") + sudo("rm -rfv /var/chef/cache/* /var/chef/backup/*") + when :dc3 then + chef_client_url_params = [ + "v=#{chef_client_dc3_version}", + "p=#{chef_client_dc3_platform}", + "pv=#{chef_client_dc3_platform_version}", + "m=#{chef_client_dc3_machine_arch}" + ] + chef_client_url = "http://www.opscode.com/chef/download?" + chef_client_url_params.join('&') + chef_client_tempfile = Tempfile.new("chef-server") + utilities.stream_locally("wget \"#{chef_client_url}\" -O #{chef_client_tempfile.path}") + utilities.sudo_upload(chef_client_tempfile.path, "/var/tmp/chef-client.deb") + sudo("dpkg -i /var/tmp/chef-server.deb") + sudo("ln -svf /opt/chef/bin/* /usr/bin/") + end + end + + desc "configure chef-server" + task :configure, :roles => [:chef_server], :on_no_matching_servers => :continue do + logger.info("#" * 80) + logger.info("# CHEF-SERVER CONFIGURE") + logger.info("#" * 80) + + sudo("mkdir -p /etc/chef/") + + chef_server_validation_pem = File.expand_path(File.join(chef_server_validation_pem_path, "chef-#{chef_server_install_method}-validation.pem")) + utilities.sudo_upload(chef_server_validation_pem, "/etc/chef/validation.pem", :owner => "chef:chef", :mode => "0400") + + chef_client_config_encrypted_data_bag_secret = File.expand_path(File.join(chef_server_config_encrypted_data_bag_secret_path, "chef-#{chef_server_install_method}-data-bag-secret")) + utilities.sudo_upload(chef_client_config_encrypted_data_bag_secret, "/etc/chef/encrypted_data_bag_secret", :owner => "chef:chef", :mode => "0400") + + utilities.sudo_upload_template(chef_server_config_template, "/etc/chef/client.rb", :owner => "chef:chef") + + sudo("chown -Rv chef:chef /etc/chef") end - desc "update chef-server" - task :update, :roles => [:chef_server], :on_no_matching_servers => :continue do + desc "chef-server bootstrap; runs chef-server once via command line" + task :bootstrap, :roles => [:chef_server], :on_no_matching_servers => :continue do + chef.client.stop + find_servers_for_task(current_task).each do |server| + logger.info("#" * 80) + logger.info("# CHEF-SERVER BOOTSTRAP: #{server}") + logger.info("#" * 80) + + sudo("bash -c '([[ -f /opt/chef/bin/chef-client ]] && /opt/chef/bin/chef-client) || echo \"NOOP\"'", :hosts => server) + sudo("bash -c '([[ -f /etc/chef/client.pem ]] && chmod -v 0400 /etc/chef/client.pem) || echo \"NOOP\"'", :hosts => server) + sudo("chown -Rv chef:chef /etc/chef", :hosts => server) + end + chef.client.start end end From cbbbb6329cdd0ece59cf7a7b648768e89bad3986 Mon Sep 17 00:00:00 2001 From: zpatten Date: Thu, 3 Jan 2013 17:55:39 -0800 Subject: [PATCH 02/10] refactored chef config variable log_level in chef-client and chef-server recipes --- lib/cap_recipes/tasks/chef_client/client.rb.erb | 2 +- lib/cap_recipes/tasks/chef_client/install.rb | 4 ++-- lib/cap_recipes/tasks/chef_server/client.rb.erb | 2 +- lib/cap_recipes/tasks/chef_server/install.rb | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/cap_recipes/tasks/chef_client/client.rb.erb b/lib/cap_recipes/tasks/chef_client/client.rb.erb index 938ec82..2051103 100644 --- a/lib/cap_recipes/tasks/chef_client/client.rb.erb +++ b/lib/cap_recipes/tasks/chef_client/client.rb.erb @@ -1,4 +1,4 @@ -log_level <%= chef_client_config_log_level %> +log_level :<%= chef_client_config_log_level.to_s %> log_location <%= chef_client_config_log_location %> chef_server_url "<%= chef_client_config_chef_server_url %>" ssl_verify_mode <%= chef_client_config_ssl_verify_mode %> diff --git a/lib/cap_recipes/tasks/chef_client/install.rb b/lib/cap_recipes/tasks/chef_client/install.rb index 872741f..44caf01 100644 --- a/lib/cap_recipes/tasks/chef_client/install.rb +++ b/lib/cap_recipes/tasks/chef_client/install.rb @@ -18,12 +18,12 @@ set(:chef_client_dc3_machine_arch) { "x86_64" } set(:chef_client_config_template) { File.join(File.dirname(__FILE__), 'client.rb.erb') } - set(:chef_client_config_log_level) { ":info" } + set(:chef_client_config_log_level) { :info } set(:chef_client_config_log_location) { "STDOUT" } set(:chef_client_config_chef_server_url) { nil } set(:chef_client_config_ssl_verify_mode) { ":verify_none" } set(:chef_client_config_validation_client_name) { "chef-validator" } - set(:chef_client_config_environment) { rails_env.to_s } + set(:chef_client_config_environment) { nil } set(:chef_client_config_file_backup_path) { "/var/chef/backup" } set(:chef_client_config_file_cache_path) { "/var/chef/cache" } set(:chef_client_install_method) { :ec2 } diff --git a/lib/cap_recipes/tasks/chef_server/client.rb.erb b/lib/cap_recipes/tasks/chef_server/client.rb.erb index 53c38b7..2fcd2b7 100644 --- a/lib/cap_recipes/tasks/chef_server/client.rb.erb +++ b/lib/cap_recipes/tasks/chef_server/client.rb.erb @@ -1,4 +1,4 @@ -log_level <%= chef_server_config_log_level %> +log_level :<%= chef_server_config_log_level.to_s %> log_location <%= chef_server_config_log_location %> chef_server_url "<%= chef_server_config_chef_server_url %>" ssl_verify_mode <%= chef_server_config_ssl_verify_mode %> diff --git a/lib/cap_recipes/tasks/chef_server/install.rb b/lib/cap_recipes/tasks/chef_server/install.rb index 4380dd2..25b73b2 100644 --- a/lib/cap_recipes/tasks/chef_server/install.rb +++ b/lib/cap_recipes/tasks/chef_server/install.rb @@ -23,7 +23,7 @@ set(:chef_server_dc3_machine_arch) { "x86_64" } set(:chef_server_config_template) { File.join(File.dirname(__FILE__), 'client.rb.erb') } - set(:chef_server_config_log_level) { ":info" } + set(:chef_server_config_log_level) { :info } set(:chef_server_config_log_location) { "STDOUT" } set(:chef_server_config_chef_server_url) { "http://127.0.0.1:4000" } set(:chef_server_config_ssl_verify_mode) { ":verify_none" } From f7b17e747645b6af5c40f4c664bc5d90fc2f17a1 Mon Sep 17 00:00:00 2001 From: zpatten Date: Fri, 4 Jan 2013 12:02:57 -0800 Subject: [PATCH 03/10] speedup chef:client:status --- lib/cap_recipes/tasks/chef_client/manage.rb | 26 ++++++++++++++------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/lib/cap_recipes/tasks/chef_client/manage.rb b/lib/cap_recipes/tasks/chef_client/manage.rb index 3c38356..c30cb4c 100644 --- a/lib/cap_recipes/tasks/chef_client/manage.rb +++ b/lib/cap_recipes/tasks/chef_client/manage.rb @@ -64,16 +64,26 @@ def with_report(servers, headers, &block) desc "chef-client status" task :status, :roles => [:chef_client] do - with_report(find_servers_for_task(current_task), [:hostname, :ip, :chef_client_version, :chef_client_status]) do |server| - logger.info("#" * 80) - logger.info("# CHEF-CLIENT STATUS: #{server}") - logger.info("#" * 80) + results = Hash.new - server_hostname = capture("hostname -f", :hosts => server).strip - chef_client_status = capture("#{sudo} bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client status) || echo \"NOT INSTALLED!\"'", :hosts => server).strip - chef_client_version = capture("#{sudo} bash -c '([[ -f /etc/init.d/chef-client ]] && /usr/bin/chef-client -v) || echo \"NOT INSTALLED!\"'", :hosts => server).strip + run %Q{hostname -f} do |channel, stream, data| + result = (results[channel.connection.host] ||= OpenStruct.new) + result.hostname = data.strip + result.ip = channel.connection.host.strip + end + + run %Q{(([ -f /etc/init.d/chef-client ] && /etc/init.d/chef-client status) || echo "NOT INSTALLED!")} do |channel, stream, data| + result = (results[channel.connection.host] ||= OpenStruct.new) + result.chef_client_status = data.split("\n").first.strip + end + + run %Q{(([ -f /usr/bin/chef-client ] && /usr/bin/chef-client -v) || echo "NOT INSTALLED!")} do |channel, stream, data| + result = (results[channel.connection.host] ||= OpenStruct.new) + result.chef_client_version = data.split("\n").first.strip + end - OpenStruct.new(:hostname => server_hostname, :ip => server.to_s, :chef_client_status => chef_client_status, :chef_client_version => chef_client_version) + with_report(results.values, [:hostname, :ip, :chef_client_version, :chef_client_status]) do |result| + result end end From 2a154c7ec6a3f0572060d46ee8cbda7cc0a0af1e Mon Sep 17 00:00:00 2001 From: zpatten Date: Fri, 4 Jan 2013 12:44:50 -0800 Subject: [PATCH 04/10] do not overwrite results with empty data if we receive empty output lines from capistrano --- lib/cap_recipes/tasks/chef_client/manage.rb | 27 ++++++++++++++------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/lib/cap_recipes/tasks/chef_client/manage.rb b/lib/cap_recipes/tasks/chef_client/manage.rb index c30cb4c..dee68e6 100644 --- a/lib/cap_recipes/tasks/chef_client/manage.rb +++ b/lib/cap_recipes/tasks/chef_client/manage.rb @@ -43,7 +43,7 @@ def with_report(servers, headers, &block) logger.info("#" * 80) logger.info("# CHEF-CLIENT START") logger.info("#" * 80) - sudo("bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client start) || echo \"NOT INSTALLED!\"'") + sudo("bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client start) || echo \"NOT INSTALLED\"'") end desc "stop chef-client" @@ -51,7 +51,7 @@ def with_report(servers, headers, &block) logger.info("#" * 80) logger.info("# CHEF-CLIENT STOP") logger.info("#" * 80) - sudo("bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client stop) || echo \"NOT INSTALLED!\"'") + sudo("bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client stop) || echo \"NOT INSTALLED\"'") end desc "restart chef-client" @@ -59,7 +59,7 @@ def with_report(servers, headers, &block) logger.info("#" * 80) logger.info("# CHEF-CLIENT RESTART") logger.info("#" * 80) - sudo("bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client restart) || echo \"NOT INSTALLED!\"'") + sudo("bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client restart) || echo \"NOT INSTALLED\"'") end desc "chef-client status" @@ -67,19 +67,28 @@ def with_report(servers, headers, &block) results = Hash.new run %Q{hostname -f} do |channel, stream, data| + break if data.strip.empty? + logger.info("#{channel.connection.host}: #{data.strip}") + result = (results[channel.connection.host] ||= OpenStruct.new) result.hostname = data.strip result.ip = channel.connection.host.strip end - run %Q{(([ -f /etc/init.d/chef-client ] && /etc/init.d/chef-client status) || echo "NOT INSTALLED!")} do |channel, stream, data| + sudo %Q{bash -c '(([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client status) || echo "NOT INSTALLED")'} do |channel, stream, data| + break if data.strip.empty? + logger.info("#{channel.connection.host}: #{data.strip}") + result = (results[channel.connection.host] ||= OpenStruct.new) - result.chef_client_status = data.split("\n").first.strip + result.chef_client_status = data.strip #split("\n").first.strip end - run %Q{(([ -f /usr/bin/chef-client ] && /usr/bin/chef-client -v) || echo "NOT INSTALLED!")} do |channel, stream, data| + sudo %Q{bash -c '(([[ -f /usr/bin/chef-client ]] && /usr/bin/chef-client -v) || echo "NOT INSTALLED")'} do |channel, stream, data| + break if data.strip.empty? + logger.info("#{channel.connection.host}: #{data.strip}") + result = (results[channel.connection.host] ||= OpenStruct.new) - result.chef_client_version = data.split("\n").first.strip + result.chef_client_version = data.strip #split("\n").first.strip end with_report(results.values, [:hostname, :ip, :chef_client_version, :chef_client_status]) do |result| @@ -96,8 +105,8 @@ def with_report(servers, headers, &block) logger.info("#" * 80) server_hostname = capture("hostname -f", :hosts => server).strip - chef_client_status = capture("#{sudo} bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client status) || echo \"NOT INSTALLED!\"'", :hosts => server).strip - chef_client_version = capture("#{sudo} bash -c '([[ -f /etc/init.d/chef-client ]] && /usr/bin/chef-client -v) || echo \"NOT INSTALLED!\"'", :hosts => server).strip + chef_client_status = capture("#{sudo} bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client status) || echo \"NOT INSTALLED\"'", :hosts => server).strip + chef_client_version = capture("#{sudo} bash -c '([[ -f /etc/init.d/chef-client ]] && /usr/bin/chef-client -v) || echo \"NOT INSTALLED\"'", :hosts => server).strip to_filepath = File.expand_path(File.join(Dir.pwd, ".chef", "chef-#{ENV['CHEF_ENV'].downcase}-client-#{server_hostname}.pem")) sudo("cp -v /etc/chef/client.pem /var/tmp/client.pem && chown -v dev:dev /var/tmp/client.pem", :hosts => server) From f20eb635200454fdea861baad1cffc0ad96ccd04 Mon Sep 17 00:00:00 2001 From: zpatten Date: Tue, 8 Jan 2013 13:53:29 -0800 Subject: [PATCH 05/10] do not muck with sshd; purge the chef-client cache on bootstrap, not installation --- lib/cap_recipes/tasks/chef_client/install.rb | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lib/cap_recipes/tasks/chef_client/install.rb b/lib/cap_recipes/tasks/chef_client/install.rb index 44caf01..0d69731 100644 --- a/lib/cap_recipes/tasks/chef_client/install.rb +++ b/lib/cap_recipes/tasks/chef_client/install.rb @@ -38,10 +38,6 @@ case chef_client_install_method.to_sym when :ec2 then run("curl -L http://www.opscode.com/chef/install.sh | #{sudo} bash") - sudo("sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/ssh/sshd_config") - sudo("/etc/init.d/ssh stop") - sudo("/etc/init.d/ssh start") - sudo("rm -rfv /var/chef/cache/* /var/chef/backup/*") when :dc3 then chef_client_url_params = [ "v=#{chef_client_dc3_version}", @@ -85,6 +81,7 @@ logger.info("# CHEF-CLIENT BOOTSTRAP: #{server}") logger.info("#" * 80) + sudo("rm -rfv /var/chef/cache/* /var/chef/backup/*", :hosts => server) sudo("bash -c '([[ -f /opt/chef/bin/chef-client ]] && /opt/chef/bin/chef-client) || echo \"NOOP\"'", :hosts => server) sudo("bash -c '([[ -f /etc/chef/client.pem ]] && chmod -v 0400 /etc/chef/client.pem) || echo \"NOOP\"'", :hosts => server) sudo("chown -Rv root:root /etc/chef", :hosts => server) From 621e58ae329fefbe8611eaf00f1d018be13e6f55 Mon Sep 17 00:00:00 2001 From: zpatten Date: Tue, 8 Jan 2013 13:53:59 -0800 Subject: [PATCH 06/10] fix typo left from refactor rename --- lib/cap_recipes/tasks/chef_server/install.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/cap_recipes/tasks/chef_server/install.rb b/lib/cap_recipes/tasks/chef_server/install.rb index 25b73b2..a78b32a 100644 --- a/lib/cap_recipes/tasks/chef_server/install.rb +++ b/lib/cap_recipes/tasks/chef_server/install.rb @@ -62,7 +62,7 @@ chef_client_tempfile = Tempfile.new("chef-server") utilities.stream_locally("wget \"#{chef_client_url}\" -O #{chef_client_tempfile.path}") utilities.sudo_upload(chef_client_tempfile.path, "/var/tmp/chef-client.deb") - sudo("dpkg -i /var/tmp/chef-server.deb") + sudo("dpkg -i /var/tmp/chef-client.deb") sudo("ln -svf /opt/chef/bin/* /usr/bin/") end end From 67aeadda0db3b97a184549410924ea59864e7680 Mon Sep 17 00:00:00 2001 From: zpatten Date: Wed, 9 Jan 2013 13:12:35 -0800 Subject: [PATCH 07/10] run the status command following a stop, start or restart --- lib/cap_recipes/tasks/chef_client/hooks.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/cap_recipes/tasks/chef_client/hooks.rb b/lib/cap_recipes/tasks/chef_client/hooks.rb index 837b83e..d137634 100644 --- a/lib/cap_recipes/tasks/chef_client/hooks.rb +++ b/lib/cap_recipes/tasks/chef_client/hooks.rb @@ -15,4 +15,8 @@ # after "chef:client:configure", "chef:client:bootstrap" # after "chef:client:bootstrap", "chef:client:status" + after "chef:client:stop", "chef:client:status" + after "chef:client:start", "chef:client:status" + after "chef:client:restart", "chef:client:status" + end From efbd78fcdf435b45a539de36e1ad9ae1d3e18fe5 Mon Sep 17 00:00:00 2001 From: zpatten Date: Wed, 9 Jan 2013 13:13:24 -0800 Subject: [PATCH 08/10] namespace backup directory; add tail cap task to watch chef-client logs --- lib/cap_recipes/tasks/chef_client/manage.rb | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/lib/cap_recipes/tasks/chef_client/manage.rb b/lib/cap_recipes/tasks/chef_client/manage.rb index dee68e6..bcb8d76 100644 --- a/lib/cap_recipes/tasks/chef_client/manage.rb +++ b/lib/cap_recipes/tasks/chef_client/manage.rb @@ -80,7 +80,8 @@ def with_report(servers, headers, &block) logger.info("#{channel.connection.host}: #{data.strip}") result = (results[channel.connection.host] ||= OpenStruct.new) - result.chef_client_status = data.strip #split("\n").first.strip + data.strip! + !data.empty? and (result.chef_client_status = data) end sudo %Q{bash -c '(([[ -f /usr/bin/chef-client ]] && /usr/bin/chef-client -v) || echo "NOT INSTALLED")'} do |channel, stream, data| @@ -88,7 +89,8 @@ def with_report(servers, headers, &block) logger.info("#{channel.connection.host}: #{data.strip}") result = (results[channel.connection.host] ||= OpenStruct.new) - result.chef_client_version = data.strip #split("\n").first.strip + data.strip! + !data.empty? and (result.chef_client_version = data) end with_report(results.values, [:hostname, :ip, :chef_client_version, :chef_client_status]) do |result| @@ -96,6 +98,11 @@ def with_report(servers, headers, &block) end end + desc "watch chef-client logs" + task :tail, :roles => [:chef_client] do + stream("#{sudo} tail -f /var/log/chef/client.log") + end + desc "chef-client key backup" task :backup, :roles => [:chef_client] do raise "You must specify a CHEF_ENV for this command!" if (ENV['CHEF_ENV'].nil? || ENV['CHEF_ENV'].blank?) @@ -108,8 +115,10 @@ def with_report(servers, headers, &block) chef_client_status = capture("#{sudo} bash -c '([[ -f /etc/init.d/chef-client ]] && /etc/init.d/chef-client status) || echo \"NOT INSTALLED\"'", :hosts => server).strip chef_client_version = capture("#{sudo} bash -c '([[ -f /etc/init.d/chef-client ]] && /usr/bin/chef-client -v) || echo \"NOT INSTALLED\"'", :hosts => server).strip - to_filepath = File.expand_path(File.join(Dir.pwd, ".chef", "chef-#{ENV['CHEF_ENV'].downcase}-client-#{server_hostname}.pem")) - sudo("cp -v /etc/chef/client.pem /var/tmp/client.pem && chown -v dev:dev /var/tmp/client.pem", :hosts => server) + to_filepath = File.expand_path(File.join(Dir.pwd, ".chef", "backup", current_ecosystem.to_s, "chef-#{ENV['CHEF_ENV'].downcase}-#{server_hostname}.pem")) + FileUtils.mkdir_p(File.dirname(to_filepath)) + sudo("cp -v /etc/chef/client.pem /var/tmp/client.pem", :hosts => server) + sudo("chown -v dev:dev /var/tmp/client.pem", :hosts => server) (top.download("/var/tmp/client.pem", to_filepath, :hosts => server) rescue nil) sudo("rm -fv /var/tmp/client.pem", :hosts => server) key_backup_result = ((File.exists?(to_filepath) && (File.mtime(to_filepath).utc > (Time.now.utc - 15.seconds))) ? "SUCCESS" : "X") From 9399780b706d7791a4649fc32247242997b5f61b Mon Sep 17 00:00:00 2001 From: zpatten Date: Wed, 9 Jan 2013 19:01:11 -0800 Subject: [PATCH 09/10] added boot task --- lib/cap_recipes/tasks/chef_client/install.rb | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/lib/cap_recipes/tasks/chef_client/install.rb b/lib/cap_recipes/tasks/chef_client/install.rb index 0d69731..373f496 100644 --- a/lib/cap_recipes/tasks/chef_client/install.rb +++ b/lib/cap_recipes/tasks/chef_client/install.rb @@ -73,7 +73,7 @@ sudo("chown -Rv root:root /etc/chef") end - desc "chef-client bootstrap; runs chef-client once via command line" + desc "chef-client bootstrap; purges the chef-client cache then runs chef-client once via command line" task :bootstrap, :roles => [:chef_client], :on_no_matching_servers => :continue do chef.client.stop find_servers_for_task(current_task).each do |server| @@ -89,6 +89,21 @@ chef.client.start end + desc "chef-client boot; runs the chef-client once via command line" + task :boot, :roles => [:chef_client], :on_no_matching_servers => :continue do + chef.client.stop + find_servers_for_task(current_task).each do |server| + logger.info("#" * 80) + logger.info("# CHEF-CLIENT BOOT: #{server}") + logger.info("#" * 80) + + sudo("bash -c '([[ -f /opt/chef/bin/chef-client ]] && /opt/chef/bin/chef-client) || echo \"NOOP\"'", :hosts => server) + sudo("bash -c '([[ -f /etc/chef/client.pem ]] && chmod -v 0400 /etc/chef/client.pem) || echo \"NOOP\"'", :hosts => server) + sudo("chown -Rv root:root /etc/chef", :hosts => server) + end + chef.client.start + end + end end From 0b7ca72df16729de335cd97e2488ad7a6e06db24 Mon Sep 17 00:00:00 2001 From: zpatten Date: Thu, 10 Jan 2013 12:48:27 -0800 Subject: [PATCH 10/10] display a console header for the chef:client:tail task --- lib/cap_recipes/tasks/chef_client/manage.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/cap_recipes/tasks/chef_client/manage.rb b/lib/cap_recipes/tasks/chef_client/manage.rb index bcb8d76..e36381b 100644 --- a/lib/cap_recipes/tasks/chef_client/manage.rb +++ b/lib/cap_recipes/tasks/chef_client/manage.rb @@ -100,6 +100,9 @@ def with_report(servers, headers, &block) desc "watch chef-client logs" task :tail, :roles => [:chef_client] do + logger.info("#" * 80) + logger.info("# CHEF-CLIENT TAIL") + logger.info("#" * 80) stream("#{sudo} tail -f /var/log/chef/client.log") end