51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
|
# File 'lib/chef/knife/ec_restore.rb', line 51
def run
if name_args.length <= 0
ui.error("Must specify backup directory as an argument.")
exit 1
end
dest_dir = name_args[0]
node_name = Chef::Config.node_name
client_key = Chef::Config.client_key
if node_name != "pivotal"
if !File.exist?("/etc/opscode/pivotal.pem")
ui.error("Username not configured as pivotal and /etc/opscode/pivotal.pem does not exist. It is recommended that you run this plugin from your Chef server.")
exit 1
end
node_name = 'pivotal'
client_key = '/etc/opscode/pivotal.pem'
end
if config[:webui_key] == nil
if !File.exist?("/etc/opscode/webui_priv.pem")
ui.error("WebUI not specified and /etc/opscode/webui_priv.pem does not exist. It is recommended that you run this plugin from your Chef server.")
exit 1
end
ui.warn("WebUI not specified. Using /etc/opscode/webui_priv.pem")
webui_key = '/etc/opscode/webui_priv.pem'
else
webui_key = config[:webui_key]
end
server_root = Chef::Config.chef_server_root
if server_root == nil
server_root = Chef::Config.chef_server_url.gsub(/\/organizations\/+[^\/]+\/*$/, '')
ui.warn("chef_server_root not found in knife configuration. Setting root to: #{server_root}")
Chef::Config.chef_server_root = server_root
end
if config[:skip_version] && config[:skip_useracl]
ui.warn("Skipping the Chef Server version check. This will also skip any auto-configured options")
user_acl_rest = nil
elsif config[:skip_version] && !config[:skip_useracl]
ui.warn("Skipping the Chef Server version check. This will also skip any auto-configured options")
user_acl_rest = rest
else uri = URI.parse("#{Chef::Config.chef_server_root}/version")
server_version = open(uri, {ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE}).each_line.first.split(' ').last
server_version_parts = server_version.split('.')
if server_version_parts.count == 3
puts "Detected Enterprise Chef Server version: #{server_version}"
if server_version_parts[0].to_i < 11 || (server_version_parts[0].to_i == 11 && server_version_parts[1].to_i == 0)
ui.warn("Your version of Enterprise Chef Server does not support the updating of User ACLs. Setting skip-useracl to TRUE")
config[:skip_useracl] = true
user_acl_rest = nil
else
user_acl_rest = rest
end
else
ui.warn("Unable to detect Chef Server version.")
end
end
puts "Restoring users ..."
rest = Chef::REST.new(Chef::Config.chef_server_root)
Dir.foreach("#{dest_dir}/users") do |filename|
next if filename !~ /(.+)\.json/
name = $1
if name == 'pivotal' && !config[:overwrite_pivotal]
ui.warn("Skipping pivotal update. To overwrite pivotal, pass --overwrite-pivotal.")
next
end
user = JSONCompat.from_json(IO.read("#{dest_dir}/users/#{name}.json"))
begin
user_with_password = user.dup
user_with_password['password'] = SecureRandom.hex
rest.post_rest('users', user_with_password)
rescue Net::HTTPServerException => e
if e.response.code == "409"
rest.put_rest("users/#{name}", user)
else
raise
end
end
end
Dir.foreach("#{dest_dir}/organizations") do |name|
next if name == '..' || name == '.' || !File.directory?("#{dest_dir}/organizations/#{name}")
puts "Restoring org #{name} ..."
org = JSONCompat.from_json(IO.read("#{dest_dir}/organizations/#{name}/org.json"))
begin
rest.post_rest('organizations', org)
rescue Net::HTTPServerException => e
if e.response.code == "409"
rest.put_rest("organizations/#{name}", org)
else
raise
end
end
invitations = JSONCompat.from_json(IO.read("#{dest_dir}/organizations/#{name}/invitations.json"))
invitations.each do |invitation|
begin
rest.post_rest("organizations/#{name}/association_requests", { 'user' => invitation['username'] })
rescue Net::HTTPServerException => e
if e.response.code != "409"
raise
end
end
end
members = JSONCompat.from_json(IO.read("#{dest_dir}/organizations/#{name}/members.json"))
members.each do |member|
username = member['user']['username']
begin
response = rest.post_rest("organizations/#{name}/association_requests", { 'user' => username })
association_id = response["uri"].split("/").last
rest.put_rest("users/#{username}/association_requests/#{association_id}", { 'response' => 'accept' })
rescue Net::HTTPServerException => e
if e.response.code != "409"
raise
end
end
end
upload_org(dest_dir, webui_key, name)
end
puts "Restoring user ACLs ..."
Dir.foreach("#{dest_dir}/users") do |filename|
next if filename !~ /(.+)\.json/
name = $1
if config[:skip_useracl]
ui.warn("Skipping user ACL update for #{name}. To update this ACL, remove --skip-useracl or upgrade your Enterprise Chef Server.")
next
end
if name == 'pivotal' && !config[:overwrite_pivotal]
ui.warn("Skipping pivotal update. To overwrite pivotal, pass --overwrite-pivotal.")
next
end
user_acl = JSONCompat.from_json(IO.read("#{dest_dir}/user_acls/#{name}.json"))
put_acl(rest, "users/#{name}/_acl", user_acl)
end
if @error
exit 1
end
end
|