cloud-init

Merge lp:~mmoulton/cloud-init/chef into lp:~cloud-init-dev/cloud-init/trunk

  1. chef
  2. Merge into trunk
Proposed by Mike Moulton
Status: Merged
Merged at revision: 446
Proposed branch: lp:~mmoulton/cloud-init/chef
Merge into: lp:~cloud-init-dev/cloud-init/trunk
Diff against target: 221 lines (+92/-68)
3 files modified
cloudinit/CloudConfig/cc_chef.py (+59/-44)
doc/examples/cloud-config-chef.txt (+22/-16)
templates/chef_client.rb.tmpl (+11/-8)
To merge this branch: bzr merge lp:~mmoulton/cloud-init/chef
Reviewer Review Type Date Requested Status
Scott Moser Pending
Review via email: mp+74900@code.launchpad.net

Description of the change

This branch is based on lp:~avishai-ish-shalom/cloud-init/chef with several bug fixes to support both 'gems' and 'packages' install types.

This branch has been fully tested with the Beta 1 release of Oneiric.

In addition to bug fixes, this branch introduces support for setting the Chef 'node_name' and 'environment' properties.

To post a comment you must log in.
Revision history for this message
Scott Moser (smoser) wrote :

A couple things I'd like to see fixed
- you added 'environment' and 'node_name' configuration variables, but did not add defaults. That means a cloud-config that would previously have worked will now fail in the rendering of that template. (I think). Please supply default values for those.
- please try to keep lines to less than 80 chars. Some of the lines added are well over that.
- you've changed 'validation_cert' to 'validation_key', and the example even suggest different formatting going into the same file (/etc/chef/validation.pem). Why is that?

lp:~mmoulton/cloud-init/chef updated
447. By Mike Moulton

Set sane defaults for 'node_name' and 'environment'
Support both 'validation_cert' and 'validation_key' for backwards compatibility
Cleaned up line length

Revision history for this message
Mike Moulton (mmoulton) wrote :

> A couple things I'd like to see fixed
> - you added 'environment' and 'node_name' configuration variables, but did not
> add defaults. That means a cloud-config that would previously have worked
> will now fail in the rendering of that template. (I think). Please supply
> default values for those.

I have updated the branch to include sane defaults for both node_name and environment.

> - please try to keep lines to less than 80 chars. Some of the lines added are
> well over that.

I've cleaned this up.

> - you've changed 'validation_cert' to 'validation_key', and the example even
> suggest different formatting going into the same file
> (/etc/chef/validation.pem). Why is that?

In Chef, the client uses a key pair to validate it's request with the server. The key supplied in the 'validation_key' attribute is the private key for this pair. The naming originally implied and showed this value should have been a certificate, leading to confusion.

I have updated the branch to support the original 'validation_cert' and the new 'validation_key' param where 'validation_key' has precidence.

Revision history for this message
Scott Moser (smoser) wrote :

The changes seem fine. avishai can you test this ?

The one I see that avishai's branch ([1], specifically [2]) has that this one does not have is 'initial_attributes' . The other thing there is that avishai is using the json module to write json to first_boot.json, which is probably safer.

[1] lp:~avishai-ish-shalom/cloud-init/chef
[2] http://bazaar.launchpad.net/~avishai-ish-shalom/cloud-init/chef/revision/400

lp:~mmoulton/cloud-init/chef updated
448. By Mike Moulton

Bringing in proper json support for firstboot.json from lp:~avishai-ish-shalom/cloud-init/chef
Bringing in 'initial_properties' support from lp:~avishai-ish-shalom/cloud-init/chef

Revision history for this message
Mike Moulton (mmoulton) wrote :

This branch now models Avishai's branch [1] for both initial_attributes and using json to write the file.

I also fixed a bug where the initial_properties would not be written if the run_list was not specified. This is important as you can push run lists to a node after the fact via the Chef server.

[1] http://bazaar.launchpad.net/~avishai-ish-shalom/cloud-init/chef/revision/400

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'cloudinit/CloudConfig/cc_chef.py'
--- cloudinit/CloudConfig/cc_chef.py 2011-09-08 23:10:17 +0000
+++ cloudinit/CloudConfig/cc_chef.py 2011-09-13 00:43:10 +0000
@@ -1,6 +1,7 @@
1# vi: ts=4 expandtab1# vi: ts=4 expandtab
2#2#
3# Author: Avishai Ish-Shalom <avishai@fewbytes.com>3# Author: Avishai Ish-Shalom <avishai@fewbytes.com>
4# Author: Mike Moulton <mike@meltmedia.com>
4#5#
5# This program is free software: you can redistribute it and/or modify6# This program is free software: you can redistribute it and/or modify
6# it under the terms of the GNU General Public License version 3, as7# it under the terms of the GNU General Public License version 3, as
@@ -17,6 +18,7 @@
17import pwd18import pwd
18import socket19import socket
19import subprocess20import subprocess
21import json
20import StringIO22import StringIO
21import ConfigParser23import ConfigParser
22import cloudinit.CloudConfig as cc24import cloudinit.CloudConfig as cc
@@ -31,60 +33,73 @@
31 if not cfg.has_key('chef'): return33 if not cfg.has_key('chef'): return
32 chef_cfg = cfg['chef']34 chef_cfg = cfg['chef']
3335
34 # Install chef packages from selected source36 # ensure the chef directories we use exist
35 install_type = util.get_cfg_option_str(chef_cfg, "install_type", "packages")37 mkdirs(['/etc/chef', '/var/log/chef', '/var/lib/chef',
36 if not os.path.isfile('/usr/bin/chef-client'):38 '/var/cache/chef', '/var/backups/chef', '/var/run/chef'])
37 if install_type == "gems":
38 if chef_cfg.has_key('version'):
39 chef_version = chef_cfg['version']
40 else:
41 chef_version = None
42 install_chef_from_gems(
43 util.get_cfg_option_str(chef_cfg, 'ruby_version', '1.8'),
44 chef_version)
45 else:
46 cc.install_packages(('chef',))
4739
48 # set the validation cert40 # set the validation key based on the presence of either 'validation_key'
49 if chef_cfg.has_key('validation_cert'):41 # or 'validation_cert'. In the case where both exist, 'validation_key'
50 with open('/etc/chef/validation.pem', 'w') as validation_cert_fh:42 # takes precedence
51 validation_cert_fh.write(chef_cfg['validation_cert'])43 if chef_cfg.has_key('validation_key') or chef_cfg.has_key('validation_cert'):
44 validation_key = util.get_cfg_option_str(chef_cfg, 'validation_key',
45 chef_cfg['validation_cert'])
46 with open('/etc/chef/validation.pem', 'w') as validation_key_fh:
47 validation_key_fh.write(validation_key)
5248
53 validation_name = chef_cfg.get('validation_name','chef-validator')49 validation_name = chef_cfg.get('validation_name','chef-validator')
54 # create the chef config from template50 # create the chef config from template
55 util.render_to_file('chef_client.rb', '/etc/chef/client.rb',51 util.render_to_file('chef_client.rb', '/etc/chef/client.rb',
56 {'server_url': chef_cfg['server_url'], 52 {'server_url': chef_cfg['server_url'],
53 'node_name': util.get_cfg_option_str(chef_cfg, 'node_name',
54 cloud.datasource.get_instance_id()),
55 'environment': util.get_cfg_option_str(chef_cfg, 'environment',
56 '_default'),
57 'validation_name': chef_cfg['validation_name']})57 'validation_name': chef_cfg['validation_name']})
5858
59 chef_args = ['-d']
60 # set the firstboot json59 # set the firstboot json
61 if chef_cfg.has_key('run_list'):60 with open('/etc/chef/firstboot.json', 'w') as firstboot_json_fh:
62 with open('/etc/chef/firstboot.json', 'w') as firstboot_json_fh:61 initial_json = {}
63 firstboot_json_fh.write("{\n\"run_list\":\n[\n")62 if chef_cfg.has_key('run_list'):
64 firstboot_json_fh.write(63 initial_json['run_list'] = chef_cfg['run_list']
65 ",\n".join(["\"%s\"" % runlist_item for runlist_item in chef_cfg['run_list']])64 if chef_cfg.has_key('initial_attributes'):
66 )65 initial_attributes = chef_cfg['initial_attributes']
67 firstboot_json_fh.write("]\n\}")66 for k in initial_attributes.keys(): initial_json[k] = initial_attributes[k]
68 chef_args.append('-j /etc/chef/firstboot.json')67 firstboot_json_fh.write(json.dumps(initial_json))
6968
70 # and finally, run chef69 # If chef is not installed, we install chef based on 'install_type'
71 log.debug("running chef-client %s" % chef_args)70 if not os.path.isfile('/usr/bin/chef-client'):
72 subprocess.check_call(['/usr/bin/chef-client'] + chef_args)71 install_type = util.get_cfg_option_str(chef_cfg, 'install_type', 'packages')
72 if install_type == "gems":
73 # this will install and run the chef-client from gems
74 chef_version = util.get_cfg_option_str(chef_cfg, 'version', None)
75 ruby_version = util.get_cfg_option_str(chef_cfg, 'ruby_version', '1.8')
76 install_chef_from_gems(ruby_version, chef_version)
77 # and finally, run chef-client
78 log.debug('running chef-client')
79 subprocess.check_call(['/usr/bin/chef-client', '-d', '-i', '1800', '-s', '20'])
80 else:
81 # this will install and run the chef-client from packages
82 cc.install_packages(('chef',))
7383
74def install_chef_from_gems(ruby_version, chef_version = None):84def install_chef_from_gems(ruby_version, chef_version = None):
75 cc.install_packages(ruby_packages[ruby_version])85 cc.install_packages(ruby_packages[ruby_version])
76 gem_bin = get_gem_bin()86 if not os.path.exists('/usr/bin/gem'):
77 if not os.path.exists('/usr/bin/gem'): os.symlink(gem_bin, '/usr/bin/gem')87 os.symlink('/usr/bin/gem%s' % ruby_version, '/usr/bin/gem')
78 chef_version_arg = ""88 if not os.path.exists('/usr/bin/ruby'):
79 if chef_version: chef_version_arg = "-v %s" % chef_version89 os.symlink('/usr/bin/ruby%s' % ruby_version, '/usr/bin/ruby')
80 subprocess.check_call([gem_bin,'install','chef',chef_version_arg, '--no-ri','--no-rdoc','--no-test','-q'])90 if chef_version:
81 os.mkdirs('/etc/chef', '/var/log/chef', '/var/lib/chef', '/var/cache/chef', '/var/backups/chef', '/var/run/chef')91 subprocess.check_call(['/usr/bin/gem','install','chef',
82 os.symlink('/var/lib/gem/%s/bin/chef-client' % ruby_version, '/usr/bin/chef-client')92 '-v %s' % chef_version, '--no-ri',
83 # Ohai ruby plugin breaks if there is no ruby or gem binaries at /usr/bin, so93 '--no-rdoc','--bindir','/usr/bin','-q'])
84 try: os.symlink('/usr/bin/gem%s' % ruby_version, '/usr/bin/gem')94 else:
85 except: pass95 subprocess.check_call(['/usr/bin/gem','install','chef',
86 try: os.symlink('/usr/bin/ruby%s' % ruby_version, '/usr/bin/ruby')96 '--no-ri','--no-rdoc','--bindir',
87 except: pass97 '/usr/bin','-q'])
8898
89def get_gem_bin():99def ensure_dir(d):
90 return '/usr/bin/gem%s' % util.get_cfg_option_str(chef_cfg, 'ruby_version', '1.8')100 if not os.path.exists(d):
101 os.makedirs(d)
102
103def mkdirs(dirs):
104 for d in dirs:
105 ensure_dir(d)
91106
=== modified file 'doc/examples/cloud-config-chef.txt'
--- doc/examples/cloud-config-chef.txt 2011-04-21 14:57:54 +0000
+++ doc/examples/cloud-config-chef.txt 2011-09-13 00:43:10 +0000
@@ -9,30 +9,36 @@
9apt_mirror: http://apt.opscode.com/9apt_mirror: http://apt.opscode.com/
1010
11chef:11chef:
12 # If you want to install from rubygems:12
13 # Valid values are 'gems' and 'packages'
13 install_type: "gems"14 install_type: "gems"
1415
15 # Chef settings16 # Chef settings
16 server_url: "https://chef.yourorg.com:4000"17 server_url: "https://chef.yourorg.com:4000"
1718
19 # Node Name
20 # Defaults to the instance-id if not present
21 node_name: "your-node-name"
22
23 # Environment
24 # Defaults to '_default' if not present
25 environment: "production"
26
18 # Default validation name is chef-validator27 # Default validation name is chef-validator
19 validation_name: "yourorg-validator"28 validation_name: "yourorg-validator"
20 validation_cert: |29 validation_key: |
21 -----BEGIN CERTIFICATE-----30 -----BEGIN RSA PRIVATE KEY-----
22 MIICCTCCAXKgAwIBAgIBATANBgkqhkiG9w0BAQUFADANMQswCQYDVQQDDAJjYTAe31 YOUR-ORGS-VALIDATION-KEY-HERE
23 Fw0xMDAyMTUxNzI5MjFaFw0xNTAyMTQxNzI5MjFaMA0xCzAJBgNVBAMMAmNhMIGf32 -----END RSA PRIVATE KEY-----
24 MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCu7Q40sm47/E1Pf+r8AYb/V/FWGPgc33
25 b014OmNoX7dgCxTDvps/h8Vw555PdAFsW5+QhsGr31IJNI3kSYprFQcYf7A8tNWu
26 1MASW2CfaEiOEi9F1R3R4Qlz4ix+iNoHiUDTjazw/tZwEdxaQXQVLwgTGRwVa+aA
27 qbutJKi93MILLwIDAQABo3kwdzA4BglghkgBhvhCAQ0EKxYpUHVwcGV0IFJ1Ynkv
28 T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwDwYDVR0TAQH/BAUwAwEB/zAd
29 BgNVHQ4EFgQUu4+jHB+GYE5Vxo+ol1OAhevspjAwCwYDVR0PBAQDAgEGMA0GCSqG
30 SIb3DQEBBQUAA4GBAH/rxlUIjwNb3n7TXJcDJ6MMHUlwjr03BDJXKb34Ulndkpaf
31 +GAlzPXWa7bO908M9I8RnPfvtKnteLbvgTK+h+zX1XCty+S2EQWk29i2AdoqOTxb
32 hppiGMp0tT5Havu4aceCXiy2crVcudj3NFciy8X66SoECemW9UYDCb9T5D0d
33 -----END CERTIFICATE-----
34
35 # A run list for a first boot json34 # A run list for a first boot json
36 run_list:35 run_list:
37 - "recipe[apache2]"36 - "recipe[apache2]"
38 - "role[db]"37 - "role[db]"
38
39 # Specify a list of initial attributes used by the cookbooks
40 initial_attributes:
41 apache:
42 prefork:
43 maxclients: 100
44 keepalive: "off"
3945
=== modified file 'templates/chef_client.rb.tmpl'
--- templates/chef_client.rb.tmpl 2011-04-21 14:57:54 +0000
+++ templates/chef_client.rb.tmpl 2011-09-13 00:43:10 +0000
@@ -1,12 +1,15 @@
1log_level :info1log_level :info
2log_location "/var/log/chef/client.log"2log_location "/var/log/chef/client.log"
3ssl_verify_mode :verify_none3ssl_verify_mode :verify_none
4validation_client_name "$validation_name"4validation_client_name "$validation_name"
5validation_key "/etc/chef/validation.pem"5validation_key "/etc/chef/validation.pem"
6client_key "/etc/chef/client.pem"6client_key "/etc/chef/client.pem"
7chef_server_url "$server_url"7chef_server_url "$server_url"
8file_cache_path "/var/cache/chef"8environment "$environment"
9file_backup_path "/var/backups/chef"9node_name "$node_name"
10pid_file "/var/run/chef/client.pid"10json_attribs "/etc/chef/firstboot.json"
11file_cache_path "/var/cache/chef"
12file_backup_path "/var/backups/chef"
13pid_file "/var/run/chef/client.pid"
11Chef::Log::Formatter.show_time = true14Chef::Log::Formatter.show_time = true
1215