search

chef-boneyard / chef-provisioning

A library for creating machines and infrastructures idempotently in Chef.
Apache License 2.0
524 stars 170 forks source link

machine_file enhancement(s) request #39

Closed irvingpop closed 10 years ago

irvingpop commented 10 years ago

As a chef-metal user, I want to upload files with security constraints to my machines. Currently the machine_file resource does not accept "mode", "owner", "group" so this is not possible.

Also it would be fantastic to have a "machine_directory" resource to match. Example use case, establishing SSH trusts:

  machine_directory '/root/.ssh' do
    owner 'root'
    group 'root'
    mode '0700'
    action :create
  end

  machine_file '/root/.ssh/authorized_keys' do
    content node['mycookbook']['root_ssh']['authorized_keys']
    machine vmname
    mode '0600'
    owner 'root'
    group 'root'
  end
jkeiser commented 10 years ago

There are already methods in "machine" to chmod/chown things, so this might not be hard :)

irvingpop commented 10 years ago

I have a patch almost working to add owner/group/mode using ChefMetal::Machine.set_attributes. I'm running into the same issue as https://github.com/opscode/chef-metal/issues/42, figuring out where "provider" is supposed to come from.

irvingpop commented 10 years ago

I also realized that machine_file brings up order-of-operations issues (sadpanda). 

  * machine_file[/root/authorized_keys] action upload[2014-03-31T11:47:23-07:00] INFO: Processing machine_file[/root/authorized_keys] action upload (ec-harness::private_chef_ha line 22)
[2014-03-31T11:47:24-07:00] INFO: Executing ls -d /root/authorized_keys on vagrant@127.0.0.1

================================================================================
Error executing action `upload` on resource 'machine_file[/root/authorized_keys]'
================================================================================

Errno::ECONNREFUSED
-------------------
Connection refused - connect(2)

Let's say your machine's recipes depend on a file, you would have to create the machine first with no recipes, then call your machine_file resources, then call the machine resources with recipes.

It would be very slick if you could define your machine_file resources inside of the machine resource (like this: https://github.com/poise/application_ruby#usage )

jkeiser commented 10 years ago

The order-of-operations issue can be solved thus:

machine 'x'

machine_file '/remote/path.txt'
  machine 'x'
  local_path '/local/path.txt'
end

machine 'x' do
  recipe 'blah' # Recipe depending on /remote/path.txt existing
end

I agree we need a cleaner way though, I'm not thrilled at all with that solution.