Class: Chef::ApiClient::Registration

Inherits:

Object

• Object
• Chef::ApiClient::Registration

Defined in:

lib/chef/api_client/registration.rb

Overview

Chef::ApiClient::Registration

Manages the process of creating or updating a Chef::ApiClient on the server and writing the resulting private key to disk. Registration uses the validator credentials for its API calls. This allows it to bootstrap a new client/node identity by borrowing the validator client identity when creating a new client.

Instance Attribute Summary

• #destination ⇒ Object readonly

  Returns the value of attribute destination.

• #name ⇒ Object readonly

  Returns the value of attribute name.

Instance Method Summary

• #assert_destination_writable! ⇒ Object
• #create ⇒ Object
• #create_or_update ⇒ Object
• #file_flags ⇒ Object
• #generated_private_key ⇒ Object
• #generated_public_key ⇒ Object
• #http_api ⇒ Object
• #initialize(name, destination, http_api: nil) ⇒ Registration constructor

  A new instance of Registration.

• #post_data ⇒ Object
• #private_key ⇒ Object
• #put_data ⇒ Object
• #run ⇒ Object

  Runs the client registration process, including creating the client on the chef-server and writing its private key to disk.

• #self_generate_keys? ⇒ Boolean

  Whether or not to generate keys locally and post the public key to the server.

• #update ⇒ Object
• #write_key ⇒ Object

Constructor Details

#initialize(name, destination, http_api: nil) ⇒ Registration

Returns a new instance of Registration.

# File 'lib/chef/api_client/registration.rb', line 36

def initialize(name, destination, http_api: nil)
  @name                         = name
  @destination                  = destination
  @http_api                     = http_api
  @server_generated_private_key = nil
end

Instance Attribute Details

#destination ⇒ Object (readonly)

Returns the value of attribute destination.

# File 'lib/chef/api_client/registration.rb', line 33

def destination
  @destination
end

#name ⇒ Object (readonly)

Returns the value of attribute name.

# File 'lib/chef/api_client/registration.rb', line 34

def name
  @name
end

Instance Method Details

#assert_destination_writable! ⇒ Object

# File 'lib/chef/api_client/registration.rb', line 69

def assert_destination_writable!
  if (File.exists?(destination) && !File.writable?(destination)) or !File.writable?(File.dirname(destination))
    raise Chef::Exceptions::CannotWritePrivateKey, "I cannot write your private key to #{destination} - check permissions?"
  end
end

#create ⇒ Object

# File 'lib/chef/api_client/registration.rb', line 92

def create
  response = http_api.post("clients", post_data)
  @server_generated_private_key = response["private_key"]
  response
end

#create_or_update ⇒ Object

# File 'lib/chef/api_client/registration.rb', line 83

def create_or_update
  create
rescue Net::HTTPServerException => e
  # If create fails because the client exists, attempt to update. This
  # requires admin privileges.
  raise unless e.response.code == "409"
  update
end

#file_flags ⇒ Object

# File 'lib/chef/api_client/registration.rb', line 153

def file_flags
  base_flags = File::CREAT|File::TRUNC|File::RDWR
  # Windows doesn't have symlinks, so it doesn't have NOFOLLOW
  if defined?(File::NOFOLLOW) && !Chef::Config[:follow_client_key_symlink]
    base_flags |= File::NOFOLLOW
  end
  base_flags
end

#generated_private_key ⇒ Object

# File 'lib/chef/api_client/registration.rb', line 145

def generated_private_key
  @generated_key ||= OpenSSL::PKey::RSA.generate(2048)
end

#generated_public_key ⇒ Object

# File 'lib/chef/api_client/registration.rb', line 149

def generated_public_key
  generated_private_key.public_key.to_pem
end

#http_api ⇒ Object

# File 'lib/chef/api_client/registration.rb', line 124

def http_api
  @http_api ||= Chef::REST.new(Chef::Config[:chef_server_url],
                               Chef::Config[:validation_client_name],
                               Chef::Config[:validation_key])
end

#post_data ⇒ Object

# File 'lib/chef/api_client/registration.rb', line 118

def post_data
  post_data = { :name => name, :admin => false }
  post_data[:public_key] = generated_public_key if self_generate_keys?
  post_data
end

#private_key ⇒ Object

# File 'lib/chef/api_client/registration.rb', line 137

def private_key
  if self_generate_keys?
    generated_private_key.to_pem
  else
    @server_generated_private_key
  end
end

#put_data ⇒ Object

# File 'lib/chef/api_client/registration.rb', line 108

def put_data
  base_put_data = { :name => name, :admin => false }
  if self_generate_keys?
    base_put_data[:public_key] = generated_public_key
  else
    base_put_data[:private_key] = true
  end
  base_put_data
end

#run ⇒ Object

Runs the client registration process, including creating the client on the chef-server and writing its private key to disk. – If client creation fails with a 5xx, it is retried up to 5 times. These retries are on top of the retries with randomized exponential backoff built in to Chef::REST. The retries here are a workaround for failures caused by resource contention in Hosted Chef when creating a very large number of clients simultaneously, (e.g., spinning up 100s of ec2 nodes at once). Future improvements to the affected component should make these retries unnecessary.

# File 'lib/chef/api_client/registration.rb', line 53

def run
  assert_destination_writable!
  retries = Config[:client_registration_retries] || 5
  begin
    create_or_update
  rescue Net::HTTPFatalError => e
    # HTTPFatalError implies 5xx.
    raise if retries <= 0
    retries -= 1
    Chef::Log.warn("Failed to register new client, #{retries} tries remaining")
    Chef::Log.warn("Response: HTTP #{e.response.code} - #{e}")
    retry
  end
  write_key
end

#self_generate_keys? ⇒ Boolean

Whether or not to generate keys locally and post the public key to the server. Delegates to ‘Chef::Config.local_key_generation`. Servers before 11.0 do not support this feature.

Returns:

• (Boolean)

# File 'lib/chef/api_client/registration.rb', line 133

def self_generate_keys?
  Chef::Config.local_key_generation
end

#update ⇒ Object

# File 'lib/chef/api_client/registration.rb', line 98

def update
  response = http_api.put("clients/#{name}", put_data)
  if response.respond_to?(:private_key) # Chef 11
    @server_generated_private_key = response.private_key
  else # Chef 10
    @server_generated_private_key = response["private_key"]
  end
  response
end

#write_key ⇒ Object

# File 'lib/chef/api_client/registration.rb', line 75

def write_key
  ::File.open(destination, file_flags, 0600) do |f|
    f.print(private_key)
  end
rescue IOError => e
  raise Chef::Exceptions::CannotWritePrivateKey, "Error writing private key to #{destination}: #{e}"
end