private function removeNodeFromChefServer(DBServer $dbServer, $config, $nodeName)
{
$chefSettings = $dbServer->GetFarmRoleObject()->getChefSettings();
$chefServerInfo = $this->db->GetRow("SELECT * FROM services_chef_servers WHERE id=?", array($chefSettings[self::ROLE_CHEF_SERVER_ID]));
$chefServerInfo['auth_key'] = trim($this->getCrypto()->decrypt($chefServerInfo['auth_key'], $this->cryptoKey));
$chefClient = Scalr_Service_Chef_Client::getChef($config->serverUrl, $chefServerInfo['username'], trim($chefServerInfo['auth_key']));
try {
$status = $chefClient->removeNode($nodeName);
if ($status) {
Logger::getLogger(LOG_CATEGORY::FARM)->warn(new FarmLogMessage($dbServer->farmId, sprintf("Chef node '%s' removed from chef server", $nodeName)));
} else {
Logger::getLogger(LOG_CATEGORY::FARM)->error(new FarmLogMessage($dbServer->farmId, sprintf("Unable to remove chef node '%s' from chef server: %s", $nodeName, $status)));
}
} catch (Exception $e) {
Logger::getLogger(LOG_CATEGORY::FARM)->error(new FarmLogMessage($dbServer->farmId, sprintf("Unable to remove chef node '%s' from chef server: %s", $nodeName, $e->getMessage())));
}
try {
$status2 = $chefClient->removeClient($nodeName);
if ($status2) {
Logger::getLogger(LOG_CATEGORY::FARM)->warn(new FarmLogMessage($dbServer->farmId, sprintf("Chef client '%s' removed from chef server", $nodeName)));
} else {
Logger::getLogger(LOG_CATEGORY::FARM)->error(new FarmLogMessage($dbServer->farmId, sprintf("Unable to remove chef client '%s' from chef server: %s", $nodeName, $status2)));
}
} catch (Exception $e) {
Logger::getLogger(LOG_CATEGORY::FARM)->error(new FarmLogMessage($dbServer->farmId, sprintf("Unable to remove chef node '%s' from chef server: %s", $nodeName, $e->getMessage())));
}
}
public function onFarmSave(DBFarm $dbFarm, DBFarmRole $dbFarmRole)
{
try {
$account = Scalr_Account::init()->loadById($dbFarm->ClientID);
if (!$account->isFeatureEnabled(Scalr_Limits::FEATURE_CHEF)) {
$dbFarmRole->ClearSettings("chef.");
return false;
}
$db = Core::GetDBInstance();
$runListId = $dbFarmRole->GetSetting(self::ROLE_CHEF_RUNLIST_ID);
$attributes = $dbFarmRole->GetSetting(self::ROLE_CHEF_ATTRIBUTES);
$checksum = $dbFarmRole->GetSetting(self::ROLE_CHEF_CHECKSUM);
$chefRoleName = $dbFarmRole->GetSetting(self::ROLE_CHEF_ROLE_NAME);
$chefServerId = $dbFarmRole->GetSetting(self::ROLE_CHEF_SERVER_ID);
// Need to remove chef role if chef was disabled for current farmrole
if (!$runListId && $chefRoleName) {
$this->removeChefRole($chefServerId, $chefRoleName);
$dbFarmRole->ClearSettings("chef.");
return true;
}
if ($runListId) {
$runListInfo = $this->db->GetRow("SELECT chef_server_id, runlist FROM services_chef_runlists WHERE id=?", array($runListId));
$newChefServerId = $runListInfo['chef_server_id'];
if ($newChefServerId != $chefServerId && $chefServerId) {
// Remove role from old server
$this->removeChefRole($chefServerId, $chefRoleName);
$createNew = true;
}
if (!$chefServerId) {
$createNew = true;
}
$chefServerInfo = $this->db->GetRow("SELECT * FROM services_chef_servers WHERE id=?", array($runListInfo['chef_server_id']));
$chefServerInfo['auth_key'] = $this->getCrypto()->decrypt($chefServerInfo['auth_key'], $this->cryptoKey);
$chefClient = Scalr_Service_Chef_Client::getChef($chefServerInfo['url'], $chefServerInfo['username'], trim($chefServerInfo['auth_key']));
$roleName = "scalr-{$dbFarmRole->ID}";
$setSettings = false;
if ($createNew) {
$chefClient->createRole($roleName, $roleName, json_decode($runListInfo['runlist']), json_decode($attributes), $runListInfo['chef_environment']);
$setSettings = true;
} else {
if ($dbFarmRole->GetSetting(self::ROLE_CHEF_CHECKSUM) != md5("{$runListInfo['runlist']}.{$attributes}")) {
$chefClient->updateRole($roleName, $roleName, json_decode($runListInfo['runlist']), json_decode($attributes), $runListInfo['chef_environment']);
$setSettings = true;
}
}
if ($setSettings) {
$dbFarmRole->SetSetting(self::ROLE_CHEF_ROLE_NAME, $roleName);
$dbFarmRole->SetSetting(self::ROLE_CHEF_SERVER_ID, $runListInfo['chef_server_id']);
$dbFarmRole->SetSetting(self::ROLE_CHEF_CHECKSUM, md5("{$runListInfo['runlist']}.{$attributes}"));
}
}
} catch (Exception $e) {
throw new Exception("Chef settings error: {$e->getMessage()} ({$e->getTraceAsString()})");
}
}
public function xSaveServerAction()
{
$chef = Scalr_Service_Chef_Client::getChef($this->getParam('url'), $this->getParam('userName'), $this->getParam('authKey'));
$response = $chef->listCookbooks();
$chef = Scalr_Service_Chef_Client::getChef($this->getParam('url'), $this->getParam('userVName'), $this->getParam('authVKey'));
$response = $chef->getClient($this->getParam('userVName'));
if ($this->getParam('servId')) {
$this->db->Execute('UPDATE services_chef_servers SET `url` = ?, `username` = ?, `auth_key` = ?, `v_username` = ?, `v_auth_key` = ? WHERE `id` = ?', array($this->getParam('url'), $this->getParam('userName'), $this->getCrypto()->encrypt($this->getParam('authKey'), $this->cryptoKey), $this->getParam('userVName'), $this->getCrypto()->encrypt($this->getParam('authVKey'), $this->cryptoKey), $this->getParam('servId')));
$this->response->success('Server successfully updated');
} else {
$this->db->Execute('INSERT INTO services_chef_servers (`env_id`, `url`, `username`, `auth_key`, `v_username`, `v_auth_key`) VALUES (?, ?, ?, ?, ?, ?)', array($this->getEnvironmentId(), $this->getParam('url'), $this->getParam('userName'), $this->getCrypto()->encrypt($this->getParam('authKey'), $this->cryptoKey), $this->getParam('userVName'), $this->getCrypto()->encrypt($this->getParam('authVKey'), $this->cryptoKey)));
$this->response->success('Server successfully added');
}
}
public function xListRolesAction()
{
$servParams = $this->db->GetRow('SELECT url, username, auth_key FROM services_chef_servers WHERE id = ?', array($this->getParam('servId')));
$chef = Scalr_Service_Chef_Client::getChef($servParams['url'], $servParams['username'], $this->getCrypto()->decrypt($servParams['auth_key'], $this->cryptoKey));
$response = $chef->listRoles();
if ($response instanceof stdClass) {
$response = (array) $response;
}
$roles = array();
foreach ($response as $key => $value) {
$role = $chef->getRole($key);
$roles[] = array('name' => $role->name, 'chef_type' => $role->chef_type);
}
sort($roles);
$this->response->data(array('data' => $roles));
}
/**
* @param int $servId
* @param string $chefEnv
*/
private function getChefClient($servId)
{
$criteria[] = ['id' => $servId];
if ($this->user->isAdmin()) {
$criteria[] = ['accountId' => null];
$criteria[] = ['envId' => null];
$criteria[] = ['level' => ChefServer::LEVEL_SCALR];
} else {
$criteria[] = ['$or' => [['$and' => [['accountId' => $this->user->getAccountId()], ['envId' => $this->getEnvironmentId(true)], ['level' => ChefServer::LEVEL_ENVIRONMENT]]], ['$and' => [['accountId' => $this->user->getAccountId()], ['envId' => null], ['level' => ChefServer::LEVEL_ACCOUNT]]], ['$and' => [['accountId' => null], ['envId' => null], ['level' => ChefServer::LEVEL_SCALR]]]]];
}
$server = ChefServer::findOne($criteria);
if (!$server) {
throw new Scalr_Exception_InsufficientPermissions();
}
return Scalr_Service_Chef_Client::getChef($server->url, $server->username, $this->getCrypto()->decrypt($server->authKey));
}
public function xSaveRunListAction()
{
$this->request->restrictAccess(Acl::RESOURCE_SERVICES_CHEF);
$this->request->defineParams(array('runList' => array('type' => 'json'), 'runListAttrib' => array('type' => 'json')));
$servParams = $this->db->GetRow('SELECT url, username, auth_key FROM services_chef_servers WHERE id = ?', array($this->getParam('chefServer')));
$chef = Scalr_Service_Chef_Client::getChef($servParams['url'], $servParams['username'], $this->getCrypto()->decrypt($servParams['auth_key'], $this->cryptoKey));
$attrib = array();
foreach ($this->getParam('runListAttrib') as $value) {
$attrib[$value['name']] = $value['value'];
}
$envRunlist = array();
$runList = $this->getParam('runList');
if ($this->getParam('chefEnv') && $this->getParam('chefEnv') != '_default') {
if ($this->getParam('runlistId')) {
$roleRes = $chef->getRole($this->getParam('runListName'));
if ($roleRes instanceof stdClass) {
$roleRes = (array) $roleRes;
}
$runList = $roleRes['run_list'];
$envRunlist = (array) $roleRes['env_run_lists'];
}
$envRunlist[$this->getParam('chefEnv')] = $this->getParam('runList');
}
if ($this->getParam('runlistId')) {
$response = $chef->updateRole($this->getParam('runListName'), $this->getParam('runListDescription'), $runList, $attrib, $envRunlist);
if ($response instanceof stdClass) {
if ($this->db->getRow('SELECT * FROM services_chef_runlists WHERE name = ? AND `chef_environment` = ? AND env_id = ? LIMIT 1', array($this->getParam('runListName'), $this->getParam('chefEnv'), $this->getEnvironmentId()))) {
$this->db->Execute("UPDATE services_chef_runlists SET chef_server_id = ?, name = ?, description = ?, runlist = ?, attributes = ?, `chef_environment` = ? WHERE id = ?", array($this->getParam('chefServer'), $this->getParam('runListName'), $this->getParam('runListDescription'), json_encode($this->getParam('runList')), json_encode($this->getParam('runListAttrib')), $this->getParam('chefEnv'), $this->getParam('runlistId')));
} else {
$this->db->Execute('INSERT INTO services_chef_runlists (`env_id`, `chef_server_id`, `name`, `description`, `runlist`, `attributes`, `chef_environment`) VALUES (?, ?, ?, ?, ?, ?, ?)', array($this->getEnvironmentId(), $this->getParam('chefServer'), $this->getParam('runListName'), $this->getParam('runListDescription'), json_encode($this->getParam('runList')), json_encode($this->getParam('runListAttrib')), $this->getParam('chefEnv')));
}
$runListId = $this->getParam('runlistId');
$this->response->success('RunList was succesfully updated');
}
} else {
$response = $chef->createRole($this->getParam('runListName'), $this->getParam('runListDescription'), $runList, $attrib, $envRunlist);
$this->response->data(array('data' => json_decode($response)));
if ($response instanceof stdClass) {
$this->db->Execute('INSERT INTO services_chef_runlists (`env_id`, `chef_server_id`, `name`, `description`, `runlist`, `attributes`, `chef_environment`) VALUES (?, ?, ?, ?, ?, ?, ?)', array($this->getEnvironmentId(), $this->getParam('chefServer'), $this->getParam('runListName'), $this->getParam('runListDescription'), json_encode($this->getParam('runList')), json_encode($this->getParam('runListAttrib')), $this->getParam('chefEnv')));
$runListId = $this->db->Insert_ID();
$this->response->success('RunList was succesfully created');
}
}
if ($response instanceof stdClass) {
$this->response->data(array('runlistParams' => array('id' => $runListId, 'name' => $this->getParam('runListName'), 'description' => $this->getParam('runListDescription'), 'attributes' => $this->getParam('runListAttrib'), 'chefEnv' => $this->getParam('chefEnv'))));
}
}
public function xSaveServerAction()
{
$this->request->restrictAccess(Acl::RESOURCE_SERVICES_CHEF);
$servId = $this->getParam('servId');
$key = str_replace("\r\n", "\n", $this->getParam('authKey'));
$vKey = str_replace("\r\n", "\n", $this->getParam('authVKey'));
$chef = Scalr_Service_Chef_Client::getChef($this->getParam('url'), $this->getParam('userName'), $key);
$response = $chef->listCookbooks();
$chef = Scalr_Service_Chef_Client::getChef($this->getParam('url'), $this->getParam('userVName'), $vKey);
$response = $chef->getClient($this->getParam('userVName'));
if ($servId) {
$this->db->Execute('UPDATE services_chef_servers SET `url` = ?, `username` = ?, `auth_key` = ?, `v_username` = ?, `v_auth_key` = ? WHERE `id` = ? AND env_id = ?', array($this->getParam('url'), $this->getParam('userName'), $this->getCrypto()->encrypt($key, $this->cryptoKey), $this->getParam('userVName'), $this->getCrypto()->encrypt($vKey, $this->cryptoKey), $servId, $this->getEnvironmentId()));
} else {
$this->db->Execute('INSERT INTO services_chef_servers (`env_id`, `url`, `username`, `auth_key`, `v_username`, `v_auth_key`) VALUES (?, ?, ?, ?, ?, ?)', array($this->getEnvironmentId(), $this->getParam('url'), $this->getParam('userName'), $this->getCrypto()->encrypt($key, $this->cryptoKey), $this->getParam('userVName'), $this->getCrypto()->encrypt($vKey, $this->cryptoKey)));
$servId = $this->db->Insert_ID();
}
$this->response->data(array('server' => array('id' => (string) $servId, 'url' => $this->getParam('url'))));
$this->response->success('Server successfully saved');
}
/**
* @param int $id
* @param string $url
* @param string $username
* @param string $authKey
* @param string $vUsername
* @param string $vAuthKey
* @throws Exception
*/
public function xSaveAction($id, $url, $username, $authKey, $vUsername, $vAuthKey)
{
if (!$this->canManageServers()) {
throw new Scalr_Exception_InsufficientPermissions();
}
if (!$id) {
$server = new ChefServer();
$server->setScope($this->request->getScope(), $this->user->getAccountId(), $this->getEnvironmentId(true));
} else {
$server = ChefServer::findPk($id);
if (!$this->canEditServer($server)) {
throw new Scalr_Exception_Core('Insufficient permissions to edit chef server at this scope');
}
}
$validator = new Validator();
$validator->validate($url, 'url', Validator::NOEMPTY);
//check url unique within current scope
$criteria = [];
$criteria[] = ['url' => $url];
if ($server->id) {
$criteria[] = ['id' => ['$ne' => $server->id]];
}
switch ($this->request->getScope()) {
case ChefServer::SCOPE_ENVIRONMENT:
$criteria[] = ['level' => ChefServer::LEVEL_ENVIRONMENT];
$criteria[] = ['envId' => $server->envId];
$criteria[] = ['accountId' => $server->accountId];
break;
case ChefServer::SCOPE_ACCOUNT:
$criteria[] = ['level' => ChefServer::LEVEL_ACCOUNT];
$criteria[] = ['envId' => null];
$criteria[] = ['accountId' => $server->accountId];
break;
case ChefServer::SCOPE_SCALR:
$criteria[] = ['level' => ChefServer::LEVEL_SCALR];
$criteria[] = ['envId' => null];
$criteria[] = ['accountId' => null];
break;
}
if (ChefServer::findOne($criteria)) {
$validator->addError('url', 'Url must be unique within current scope');
}
if (!$validator->isValid($this->response)) {
return;
}
$authKey = str_replace("\r\n", "\n", $authKey);
$vAuthKey = str_replace("\r\n", "\n", $vAuthKey);
$server->url = $url;
$server->username = $username;
$server->vUsername = $vUsername;
$server->authKey = $this->getCrypto()->encrypt($authKey);
$server->vAuthKey = $this->getCrypto()->encrypt($vAuthKey);
$chef = Scalr_Service_Chef_Client::getChef($server->url, $server->username, $authKey);
$response = $chef->listCookbooks();
$chef2 = Scalr_Service_Chef_Client::getChef($server->url, $server->vUsername, $vAuthKey);
$clientName = 'scalr-temp-client-' . rand(10000, 99999);
$response = $chef2->createClient($clientName);
$response2 = $chef->removeClient($clientName);
$server->save();
$this->response->data(array('server' => $this->getServerData($server)));
$this->response->success('Chef server successfully saved');
}
private function getChefClient($chefServerId)
{
$server = $this->db->GetRow('SELECT url, username, auth_key FROM services_chef_servers WHERE id = ?', array($chefServerId));
return Scalr_Service_Chef_Client::getChef($server['url'], $server['username'], $this->getCrypto()->decrypt($server['auth_key'], $this->cryptoKey));
}
public static function getChef($url, $username, $privateKey)
{
self::$Chef = new Scalr_Service_Chef_Client($url, $username, $privateKey);
return self::$Chef;
}
