search

igal / pocketknife

pocketknife is a devops tool for managing computers running chef-solo, powered by Opscode Chef.
Other
32 stars 8 forks source link

Review network graph and merge #6

Open igal opened 12 years ago

igal commented 12 years ago

Apparently a number of people have forked the project, rather than file issues or pull requests. I'd like to review what they've been up to and merge whatever changes are appropriate.

matlux commented 12 years ago

Hi Igal,

This is a brief description of what feature I needed and added to my fork. I'm in favor of having these features available in the mainstream version (yours).

On my fork I have added the following options: -A, --action ACTION -U, --user USER -s, --sudo USER -p, --password PASSWORD_FILE

1) I think --action can be emulated with your new run-list role injection feature that you've added. So let's consider this one done.

2) -U, --user USER In some big organisation application deployment can be effectively improved with Chef on their internal infrastructure. You don't need the cloud to make good use of Chef. However in those organisations it is rare to have a root access to deploy applications. So it would be useful to use pocketknife and Chef just with a standard unix user.

This option is to use Pocketknife and Chef when root access is not available on a machine or when the ssh connection onto a machine needs to pass via a user and then sudo into another user or root (see --sudo).

In this case the tar file is expended inside the home directory or tmp. $HOME/.chefwork or /tmp/.chefwork if --sudo no-root-user is used

3) -s, --sudo USER this is the user that chef-solo will execute with. It will do that by using the following pattern: Say the command is "tar xvfz tmp.tar.gz" it will execute: echo 'tar xvfz tmp.tar.gz' | sudo su -

It is because in some cases that is the only way to access a service account and to make it execute chef-solo.

Note that you could have other sudo patterns as well but I did not generalize this aspect. I have focused on getting the pattern that I needed to work i.e. "sudo su - ". Ultimately it is only a matter of wrapping the command with a prefix and a post fix command (" echo ' " and " ' | sudo su - " in this example,. It is clearer when you see the code).

4) -p, --password PASSWORD_FILE Sometimes using is not an options within some organisation. Instead using a local password file is politically easier to use.

This file contains a lookup of a user to password: user1: password1 user2: password2

Pocketknife should look up for a match and use it with Rye.

You can have a look at how I have implemented it all of the above on my experimental branch. I'm currently using it in a large organisation and successfully deploy a complex app to 70 machines. It would be nice if the features would merge back onto the main fork so I could use the mainstream version of Pocketknife instead.

Does this make sense?

patcon commented 12 years ago

Just a heads up matschaffer/knife-solo#100 :)