Class: Chef::Knife::TarsnapKeyCreate

Inherits:
Chef::Knife show all
Includes:
Chef::Knife::Tarsnap::Core
Defined in:
lib/chef/knife/tarsnap_key_create.rb

Instance Method Summary collapse

Methods included from Chef::Knife::Tarsnap::Core

#canonicalize, #fetch_key, #fetch_node, included, #is_a_tarsnap_node?, #keygen_tool, #pending_nodes, #remove_pending_node, #tarsnap_data_bag, #tarsnap_nodes, #tarsnap_password, #tarsnap_tool, #tarsnap_username

Instance Method Details

#runObject 



27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
 
# File 'lib/chef/knife/tarsnap_key_create.rb', line 27

def run

  unless name_args.size == 1
    ui.fatal "You must provide a node name"
    exit 1
  end

  n = name_args.last

  match = fetch_node(n)
  unless match.is_a? Chef::Node
    ui.fatal "#{n} is not a node. Skipping..."
    exit 1
  end

  existing_key = fetch_key(n)
  if existing_key
    ui.warn "A key for #{n} already exists! Overwrite it with a new key?"
    ui.warn "The old key will be saved to #{ENV['HOME']}/tarsnap.#{n}.key.old"
    ui.confirm "Overwrite"
    IO.write("#{ENV['HOME']}/tarsnap.#{n}.key.old", existing_key)
  end

  begin
    keyfile = File.join('/tmp', "tarsnap-#{rand(36**8).to_s(36)}")
    keygen_cmd = "echo '#{tarsnap_password}' | #{keygen_tool} --keyfile #{keyfile} --user #{tarsnap_username} --machine #{n}"
    keygen_shell = Mixlib::ShellOut.new(keygen_cmd)
    keygen_shell.run_command
    unless keygen_shell.stderr.empty?
      raise StandardError, "tarsnap-keygen error: #{keygen_shell.stderr}"
    end

    ui.info "Creating data bag #{tarsnap_data_bag}/#{canonicalize(n)}"
    data = { "id" => canonicalize(n), "node" => n, "key" => IO.read(keyfile) }
    secret = Chef::EncryptedDataBagItem.load_secret(config[:secret_file])
    item = Chef::EncryptedDataBagItem.encrypt_data_bag_item(data, secret)
    data_bag = Chef::DataBagItem.new
    data_bag.data_bag(tarsnap_data_bag)
    data_bag.raw_data = item
    data_bag.save

    remove_pending_node(n)

    ui.info ui.color("Data bag created!", :green)
  rescue Exception => e
    ui.msg "Error: #{e}"
    ui.warn ui.color("Key creation failed!", :red)
    exit 1
  ensure
    File.unlink(keyfile) if File.exists?(keyfile)
  end

end