Support ENC classification

ccaum · Sep 24, 2012 · c9197ec · c9197ec
1 parent 84dd4d7
commit c9197ec
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 14 deletions.
diff --git a/files/autoami.erb b/files/autoami.erb
@@ -7,10 +7,14 @@
 
   if grep certname $CONFDIR/puppet.conf
   then
-    sed  '/^.*certname.*=.*$/c  certname = <%= options[:puppetagent_certname] %>' $CONFDIR/puppet.conf
+    sed  '/^.*certname.*=.*$/c  certname = <%= options[:puppetagent_certname] %>' $CONFDIR/puppet.conf > /tmp/puppet.conf
+    mv /tmp/puppet.conf $CONFDIR/puppet.conf
   else
-    echo "  certname = <% options[:puppetagnt_certname] %>" >> $CONFDIR/puppet.conf
+    echo "  certname = <% options[:puppetagent_certname] %>" >> $CONFDIR/puppet.conf
   fi
 <% end %>
 
-puppet agent -t&
+puppet agent -t
+
+# The agent will exit 1, so we need to ensure we exit cleanly
+exit 0
diff --git a/files/autoami.sql b/files/autoami.sql
@@ -26,6 +26,10 @@ CREATE TABLE `groups` (
   `keyfile` varchar(255) NOT NULL,
   `login` varchar(255) NOT NULL,
   `server` varchar(255) NOT NULL,
+  `enc_server` varchar(255) NOT NULL,
+  `enc_user` varchar(255) NOT NULL,
+  `enc_pass` varchar(255) NOT NULL,
+  `enc_port` varchar(255) NOT NULL,
   `node_group` varchar(255) NOT NULL,
   `region` varchar(255) NOT NULL
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;

diff --git a/lib/puppet/cloudscale.rb b/lib/puppet/cloudscale.rb
@@ -23,6 +23,26 @@ def add_new_group_options(action)
         required
       end
 
+      action.option '--enc-user=' do
+        summary 'The ENC user to authenticate as for classification'
+        required
+      end
+
+      action.option '--enc-pass=' do
+        summary 'The ENC user password to authenticate as for classification'
+        required
+      end
+
+      action.option '--enc-port=' do
+        summary 'The port to access the ENC on for classification'
+
+        default_to { '443' }
+      end
+
+      action.option '--enc-server=' do
+        summary 'The location of the ENC for classification'
+      end
+
       action.option '--keyname=' do
         summary 'The public keypair name to use'
         required
@@ -85,6 +105,11 @@ def load_ami_groups
                                :keyfile => group['keyfile'],
                                :login   => group['login'],
                                :server  => group['server'],
+                               :node_group => group['node_group'],
+                               :enc_server => group['enc_server'],
+                               :enc_user   => group['enc_user'],
+                               :enc_pass   => group['enc_pass'],
+                               :enc_port   => group['enc_port'],
                                :region  => group['region']
         }
       end
@@ -103,9 +128,18 @@ def load_ami_groups
           :server  => props[:server],
           :login   => props[:login],
           :install_script => 'autoami',
+          :enc_auth_user => props[:enc_user],
+          :enc_auth_passwd => props[:enc_pass],
+          :enc_port      => props[:enc_port],
+          :enc_server    => props[:enc_server],
+          :enc_ssl       => true,
           :puppetagent_certname => server,
           :node_group => props[:node_group] }
         )
+
+        Puppet.info 'Running puppet agent'
+        command_prefix = props[:login] == 'root' ? '' : 'sudo '
+        ssh_remote_execute(server, props[:login], "#{command_prefix} puppet agent -t", props[:keyfile])
       end
     end
 
@@ -119,6 +153,10 @@ def groups
                                :login   => group['login'],
                                :server  => group['server'],
                                :region  => group['region'],
+                               :enc_server => group['enc_server'],
+                               :enc_user   => group['enc_user'],
+                               :enc_pass   => group['enc_pass'],
+                               :enc_port   => group['enc_port'],
                                :node_group => group['node_group']
         }
       end
@@ -130,7 +168,9 @@ def delete_group(group)
     end
 
     def new_group(group, options)
-      dbh.query("INSERT INTO groups ( name, image, type, keyname, keyfile, login, server, region, node_group) VALUES ( '#{group}', '#{options[:image]}', '#{options[:type]}', '#{options[:keyname]}', '#{options[:keyfile]}', '#{options[:login]}', '#{options[:server]}', '#{options[:region]}', '#{options[:node_group]}')")
+      enc_server = options[:enc_server] || options[:server]
+
+      dbh.query("INSERT INTO groups ( name, image, type, keyname, keyfile, login, server, region, node_group, enc_server, enc_port, enc_user, enc_pass) VALUES ( '#{group}', '#{options[:image]}', '#{options[:type]}', '#{options[:keyname]}', '#{options[:keyfile]}', '#{options[:login]}', '#{options[:server]}', '#{options[:region]}', '#{options[:node_group]}', '#{enc_server}', '#{options[:enc_port]}', '#{options[:enc_user]}', '#{options[:enc_pass]}')")
     end
 
     def add_new_ami_options(action)

diff --git a/lib/puppet/reports/autoami.rb b/lib/puppet/reports/autoami.rb
@@ -1,6 +1,8 @@
 require 'puppet'
 require 'puppet/face'
 require 'uri'
+require 'mysql'
+require 'parseconfig'
 
 Puppet::Reports.register_report(:autoami) do
 
@@ -19,7 +21,7 @@ def process
 
     found = false
     ami_group = String.new
-    dbh.query("SELECT ('dns_name', 'ami_group') FROM nodes").each_hash do |node|
+    dbh.query("SELECT dns_name,ami_group FROM nodes").each_hash do |node|
       #This is much more efficient
       if node['dns_name'] == self.host
         ami_group = node['ami_group']
@@ -36,26 +38,29 @@ def process
       failed  = metrics['resources']['failed']
 
       if changed > 0 and failed == 0
-        #Generate the new AMI and terminate the instance
+        #Generate the new AMI
         new_image = node.new_ami self.host,
           :manifest_version => self.configuration_version,
-          :description => "#{group} Manifest version #{self.configuration_version}"
+          :description => "#{ami_group} Manifest version #{self.configuration_version}"
 
-        dbh.query("SELECT image FROM groups WHERE name=#{ami_group}").each_hash do |agroup|
+        dbh.query("SELECT image FROM groups WHERE name='#{ami_group}'").each_hash do |agroup|
           old_image = agroup['image']
         end
 
-        dbh.query("UPDATE groups SET image=#{new_image} WHERE name=#{ami_group}")
-
         #Wait until we have our image built
         loop {
-          break if Puppet::Face[:node_aws, :current].images.include? new_image
+          images = Puppet::Face[:node_aws, :current].images
+          if images.keys.include?(new_image) and images[new_image]['state'] == 'available'
+            dbh.query("UPDATE groups SET image='#{new_image}' WHERE name='#{ami_group}'")
+            break
+          end
           sleep 1
         }
-
-        dbh.query("DELETE FROM nodes WHERE dns_name='#{self.host}'")
-        node.terminate self.host
       end
+
+      #Delete the host
+      dbh.query("DELETE FROM nodes WHERE dns_name='#{self.host}'")
+      Puppet::Face[:node_aws, :current].terminate self.host
     end
   end
 end