diff --git a/Makefile b/Makefile index ebabb443b..f199d3a8a 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ NONVENDOR = ${shell find . -name '*.go' | grep -v vendor} BENCHDIRS= $(shell find . -name '*_test.go' | grep -v vendor | xargs grep '*testing.B' | cut -d: -f1 | xargs dirname | uniq) BENCH = . -converge: $(shell find . -name '*.go') +converge: $(shell find . -name '*.go') rpc/pb/root.pb.go rpc/pb/root.pb.gw.go go build -ldflags="-s -w" . test: converge gotest samples/*.hcl samples/errors/*.hcl blackbox/*.sh @@ -69,13 +69,16 @@ lint: vendor: ${NONVENDOR} glide install --strip-vcs --strip-vendor --update-vendored - find vendor -not -name '*.go' -not -name '*.s' -not -name '*.pl' -not -name '*.c' -not -name LICENSE -type f -delete + make vendor-clean vendor-update: ${NOVENDOR} glide update --strip-vcs --strip-vendor --update-vendored - find vendor -not -name '*.go' -not -name '*.s' -not -name '*.pl' -not -name '*.c' -not -name LICENSE -type f -delete + make vendor-clean -xcompile: test +vendor-clean: ${NOVENDOR} + find vendor -not -name '*.go' -not -name '*.s' -not -name '*.pl' -not -name '*.c' -not -name LICENSE -not -name '*.proto' -type f -delete + +xcompile: rpc/pb/root.pb.go rpc/pb/root.pb.gw.go test @rm -rf build/ @mkdir -p build/ gox \ @@ -94,9 +97,27 @@ package: xcompile echo $$f; \ done +rpc/pb/root.pb.go: rpc/pb/root.proto + protoc -I rpc/pb \ + -I vendor/github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis \ + --go_out=Mgoogle/api/annotations.proto=github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis/google/api,plugins=grpc:rpc/pb \ + rpc/pb/root.proto + +rpc/pb/root.pb.gw.go: rpc/pb/root.proto + protoc -I rpc/pb \ + -I vendor/github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis \ + --grpc-gateway_out=logtostderr=true:rpc/pb \ + rpc/pb/root.proto + +rpc/pb/root.swagger.json: rpc/pb/root.proto + protoc -I rpc/pb \ + -I vendor/github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis \ + --swagger_out=logtostderr=true:rpc/pb \ + rpc/pb/root.proto + docs: docs_source/**/* rm -rf docs || true cd docs_source; make mv docs_source/public docs -.PHONY: test gotest vendor-update xcompile package samples/errors/*.hcl blackbox/*.sh lint bench license-check +.PHONY: test gotest vendor-update vendor-clean xcompile package samples/errors/*.hcl blackbox/*.sh lint bench license-check diff --git a/README.md b/README.md index fe8574579..c06ce7587 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,9 @@ Converge is a configuration management tool. - [Server](#server) - [Module Hosting](#module-hosting) - [Binary Hosting](#binary-hosting) + - [Development](#development) + - [Tools](#tools) + - [RPC](#rpc) - [License](#license) @@ -185,6 +188,32 @@ bootstrap a new system without downloading the relevant version of converge over an external connection. It will be available at `http://your.host:8080/bootstrap/binary`. +## Development + +### Tools + +For linting, you'll need: + +| tool | `go get` | +| ==== | ======== | +| `golint` | github.com/golang/lint/golint | +| `go tool vet` | (built in) | +| `gosimple` | honnef.co/go/simple/cmd/gosimple | +| `unconvert` | github.com/mdempsky/unconvert | +| `structcheck` | github.com/opennota/check/cmd/structcheck | +| `varcheck` | github.com/opennota/check/cmd/varcheck | +| `aligncheck` | github.com/opennota/check/cmd/aligncheck | +| `gas` | github.com/HewlettPackard/gas | + +### RPC + +You'll need: + +- [Google's protobuf compiler](https://github.com/google/protobuf/releases), 3.0 + or above. +- The go protoc plugin: `go get -a github.com/golang/protobuf/protoc-gen-go` +- The grpc gateway plugin(s): `go get -u github.com/grpc-ecosystem/grpc-gateway/protoc-gen-grpc-gateway github.com/grpc-ecosystem/grpc-gateway/protoc-gen-swagger` + ## License Converge is licensed under the Apache 2.0 license. See [LICENSE](LICENSE) for diff --git a/apply/apply.go b/apply/apply.go index 24574e6ae..60748831a 100644 --- a/apply/apply.go +++ b/apply/apply.go @@ -30,81 +30,89 @@ var ErrTreeContainsErrors = errors.New("apply had errors, check graph") // Apply the actions in a Graph of resource.Tasks func Apply(ctx context.Context, in *graph.Graph) (*graph.Graph, error) { - var hasErrors error + return WithNotify(ctx, in, nil) +} - out, err := in.Transform(ctx, func(id string, out *graph.Graph) error { - val := out.Get(id) - result, ok := val.(*plan.Result) - if !ok { - return fmt.Errorf("%s: could not get *plan.Result, was %T", id, val) - } +// WithNotify is Apply, but with notification functions +func WithNotify(ctx context.Context, in *graph.Graph, notify *graph.Notifier) (*graph.Graph, error) { + var hasErrors error - for _, depID := range graph.Targets(out.DownEdges(id)) { - dep, ok := out.Get(depID).(*Result) + out, err := in.Transform( + ctx, + notify.Transform(func(id string, out *graph.Graph) error { + val := out.Get(id) + result, ok := val.(*plan.Result) if !ok { - return fmt.Errorf("graph walked out of order: %q before dependency %q", id, depID) + return fmt.Errorf("%s: could not get *plan.Result, was %T", id, val) } - if err := dep.Error(); err != nil { - out.Add( - id, - &Result{ - Ran: false, - Status: &resource.Status{}, - Plan: result, - Err: fmt.Errorf("error in dependency %q", depID), - }, - ) - // early return here after we set the signal error - hasErrors = ErrTreeContainsErrors - return nil + for _, depID := range graph.Targets(out.DownEdges(id)) { + dep, ok := out.Get(depID).(*Result) + if !ok { + return fmt.Errorf("graph walked out of order: %q before dependency %q", id, depID) + } + + if err := dep.Error(); err != nil { + out.Add( + id, + &Result{ + Ran: false, + Status: &resource.Status{}, + Plan: result, + Err: fmt.Errorf("error in dependency %q", depID), + }, + ) + // early return here after we set the signal error + hasErrors = ErrTreeContainsErrors + return nil + } } - } - var newResult *Result + var newResult *Result - if result.Status.HasChanges() { - log.Printf("[DEBUG] applying %q\n", id) + if result.Status.HasChanges() { + log.Printf("[DEBUG] applying %q\n", id) - err := result.Task.Apply() - if err != nil { - err = errors.Wrapf(err, "error applying %s", id) - } + err := result.Task.Apply() + if err != nil { + err = errors.Wrapf(err, "error applying %s", id) + } - var status resource.TaskStatus + var status resource.TaskStatus - if err == nil { - status, err = result.Task.Check() - if err != nil { - err = errors.Wrapf(err, "error checking %s", id) - } else if status.HasChanges() { - err = fmt.Errorf("%s still needs to be changed after application", id) + if err == nil { + status, err = result.Task.Check() + if err != nil { + err = errors.Wrapf(err, "error checking %s", id) + } else if status.HasChanges() { + err = fmt.Errorf("%s still needs to be changed after application", id) + } } - } - if err != nil { - hasErrors = ErrTreeContainsErrors - } + if err != nil { + hasErrors = ErrTreeContainsErrors + } - newResult = &Result{ - Ran: true, - Status: status, - Plan: result, - Err: err, - } - } else { - newResult = &Result{ - Ran: false, - Status: result.Status, - Plan: result, - Err: nil, + newResult = &Result{ + Ran: true, + Status: status, + Plan: result, + Err: err, + } + } else { + newResult = &Result{ + Ran: false, + Status: result.Status, + Plan: result, + Err: nil, + } } - } - out.Add(id, newResult) + out.Add(id, newResult) - return nil - }) + return nil + }), + ) if err != nil { return out, err diff --git a/blackbox/test_apply.sh b/blackbox/test_apply.sh index 63e047384..15dfbf91f 100755 --- a/blackbox/test_apply.sh +++ b/blackbox/test_apply.sh @@ -12,7 +12,7 @@ trap finish EXIT pushd $TMP -$ROOT/converge apply -p filename=test.txt -p "message=x" $SOURCE +$ROOT/converge apply --local -p filename=test.txt -p "message=x" $SOURCE if [ ! -f test.txt ]; then echo "test.txt doesn't exist" diff --git a/blackbox/test_apply_remote.sh b/blackbox/test_apply_remote.sh index 75cede050..9583e896d 100755 --- a/blackbox/test_apply_remote.sh +++ b/blackbox/test_apply_remote.sh @@ -2,13 +2,15 @@ set -eo pipefail ROOT=$(pwd) -SOURCE=${1:-http://localhost:8080/modules/basic.hcl} +SOURCE=${1:-http://localhost:2694/api/v1/resources/modules/basic.hcl} -$ROOT/converge server --root $ROOT/samples & +$ROOT/converge server --no-token --root $ROOT/samples & PID=$! function finish { kill -2 $PID } trap finish EXIT +sleep 0.5 + $ROOT/blackbox/test_apply.sh $SOURCE diff --git a/blackbox/test_apply_sourcefile.sh b/blackbox/test_apply_sourcefile.sh index 7aae2830d..8c2197500 100755 --- a/blackbox/test_apply_sourcefile.sh +++ b/blackbox/test_apply_sourcefile.sh @@ -12,7 +12,7 @@ trap finish EXIT pushd $TMP -$ROOT/converge apply -p "message=x" $SOURCE +$ROOT/converge apply --local --rpc-addr=:8002 -p "message=x" $SOURCE if [ ! -f test.txt ]; then echo "test.txt doesn't exist" diff --git a/blackbox/test_apply_sourcefile_remote.sh b/blackbox/test_apply_sourcefile_remote.sh index 2166f1cad..ef15ee8b9 100755 --- a/blackbox/test_apply_sourcefile_remote.sh +++ b/blackbox/test_apply_sourcefile_remote.sh @@ -2,13 +2,15 @@ set -eo pipefail ROOT=$(pwd) -SOURCE=${1:-http://localhost:8080/modules/sourceFile.hcl} +SOURCE=${1:-http://localhost:2694/api/v1/resources/modules/sourceFile.hcl} -$ROOT/converge server --root $ROOT/samples & +$ROOT/converge server --no-token --root $ROOT/samples & PID=$! function finish { kill -2 $PID } trap finish EXIT +sleep 0.5 + $ROOT/blackbox/test_apply.sh $SOURCE diff --git a/blackbox/test_required_param.sh b/blackbox/test_required_param.sh index fe3bf88a3..94a622ebb 100755 --- a/blackbox/test_required_param.sh +++ b/blackbox/test_required_param.sh @@ -13,7 +13,7 @@ pushd $TMP echo 'param "test" {}' > required_param.hcl -if $ROOT/converge apply required_param.hcl; then +if $ROOT/converge apply --local required_param.hcl; then echo "failed: apply without required param succeeded" exit 1 else diff --git a/blackbox/test_self_serve.sh b/blackbox/test_self_serve.sh index 2c802ad00..d0a96de72 100755 --- a/blackbox/test_self_serve.sh +++ b/blackbox/test_self_serve.sh @@ -3,7 +3,7 @@ set -eo pipefail ROOT=$(pwd) -$ROOT/converge server --root $ROOT/samples --self-serve & +$ROOT/converge server --root $ROOT/samples --self-serve --no-token & PID=$! function finish { kill -2 $PID @@ -12,7 +12,7 @@ trap finish EXIT sleep 0.5 -REMOTE_SUM=$(curl http://localhost:8080/bootstrap/binary | shasum | awk '{ print $1 }') +REMOTE_SUM=$(curl http://localhost:2694/api/v1/resources/binary -H "Accept: text/plain" | shasum | awk '{ print $1 }') LOCAL_SUM=$(shasum $ROOT/converge | awk '{ print $1 }') if [[ "$REMOTE_SUM" == "$LOCAL_SUM" ]]; then diff --git a/cmd/addrs.go b/cmd/addrs.go new file mode 100644 index 000000000..c7588827d --- /dev/null +++ b/cmd/addrs.go @@ -0,0 +1,21 @@ +// Copyright © 2016 Asteris, LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +const ( + addrServer = ":2693" + addrServerHTTP = ":2694" + addrServerLocal = ":26930" +) diff --git a/cmd/apply.go b/cmd/apply.go index 9b2778e12..374889326 100644 --- a/cmd/apply.go +++ b/cmd/apply.go @@ -19,13 +19,10 @@ import ( "errors" "fmt" "log" - "os" - "github.com/asteris-llc/converge/apply" "github.com/asteris-llc/converge/graph" - "github.com/asteris-llc/converge/load" - "github.com/asteris-llc/converge/plan" - "github.com/asteris-llc/converge/render" + "github.com/asteris-llc/converge/rpc" + "github.com/asteris-llc/converge/rpc/pb" "github.com/spf13/cobra" ) @@ -42,66 +39,92 @@ real happens.`, return nil }, Run: func(cmd *cobra.Command, args []string) { - params := getParams(cmd) - // set up execution context ctx, cancel := context.WithCancel(context.Background()) + defer cancel() GracefulExit(cancel) - // iterate over modules + maybeSetToken() + + ssl, err := getSSLConfig(getServerName()) + if err != nil { + log.Fatalf("[FATAL] could not get SSL config: %v", err) + } + + if err := maybeStartSelfHostedRPC(ctx, ssl); err != nil { + log.Fatalf("[FATAL] %s\n", err) + } + + client, err := getRPCExecutorClient( + ctx, + &rpc.ClientOpts{ + Token: getToken(), + SSL: ssl, + }, + ) + if err != nil { + log.Fatalf("[FATAL] %s\n", err) + } + + rpcParams := getParamsRPC(cmd) + + // execute files for _, fname := range args { log.Printf("[INFO] applying %s\n", fname) - loaded, err := load.Load(ctx, fname) + stream, err := client.Apply( + ctx, + &pb.ExecRequest{ + Location: fname, + Parameters: rpcParams, + }, + ) if err != nil { - log.Fatalf("[FATAL] %s: could not parse file: %s\n", fname, err) + log.Fatalf("[FATAL] %s: error getting RPC stream: %s\n", fname, err) } - rendered, err := render.Render(ctx, loaded, params) - if err != nil { - log.Fatalf("[FATAL] %s: could not render: %s\n", fname, err) - } + g := graph.New() - merged, err := graph.MergeDuplicates(ctx, rendered, graph.SkipModuleAndParams) + // get edges + edges, err := getMeta(stream) if err != nil { - log.Fatalf("[FATAL] %s: could not merge duplicates: %s\n", fname, err) + log.Fatalf("[FATAL] %s: %s\n", fname, err) + } + for _, edge := range edges { + g.Connect(edge.Source, edge.Dest) } - // prep done! Time to run some commands! - printer := getPrinter() - - planned, err := plan.Plan(ctx, merged) - if err != nil { - if err == plan.ErrTreeContainsErrors { - out, perr := printer.Show(ctx, planned) - if perr != nil { - log.Printf("[ERROR] %s: printing failed plan failed: %s\n", fname, perr) - } else { - fmt.Print("\n") - fmt.Print(out) + // get vertices + err = iterateOverStream( + stream, + func(resp *pb.StatusResponse) { + log.Printf("[INFO] %s: %s %s %s\n", fname, resp.Stage, resp.Id, resp.Run) + + if resp.Stage == pb.StatusResponse_APPLY && resp.Run == pb.StatusResponse_FINISHED { + details := resp.GetDetails() + if details != nil { + g.Add(resp.Id, details.ToPrintable()) + } } - log.Fatalf("[FATAL] %s: planning failed: check output\n", fname) - } - - log.Fatalf("[FATAL] %s: planning failed: %s\n", fname, err) + }, + ) + if err != nil { + log.Fatalf("[FATAL] %s: %s\n", fname, err) } - results, err := apply.Apply(ctx, planned) - if err != nil && err != apply.ErrTreeContainsErrors { - log.Fatalf("[FATAL] %s: applying failed: %s\n", fname, err) + // validate resulting graph + if err := g.Validate(); err != nil { + log.Printf("[WARNING] %s: graph is not valid: %s\n", fname, err) } // print results - out, perr := printer.Show(ctx, results) - if perr != nil { - log.Fatalf("[FATAL] %s: failed printing results: %s\n", fname, perr) + out, err := getPrinter().Show(ctx, g) + if err != nil { + log.Fatalf("[FATAL] %s: failed printing results: %s\n", fname, err) } fmt.Print("\n") fmt.Print(out) - if err != nil { - os.Exit(1) - } } }, } @@ -109,8 +132,10 @@ real happens.`, func init() { applyCmd.Flags().Bool("show-meta", false, "show metadata (params and modules)") applyCmd.Flags().Bool("only-show-changes", false, "only show changes") - addParamsArguments(applyCmd.PersistentFlags()) - viperBindPFlags(applyCmd.Flags()) + registerRPCFlags(applyCmd.Flags()) + registerLocalRPCFlags(applyCmd.Flags()) + registerSSLFlags(applyCmd.Flags()) + registerParamsFlags(applyCmd.Flags()) RootCmd.AddCommand(applyCmd) } diff --git a/cmd/fmt.go b/cmd/fmt.go index 578d1a397..65a6e996e 100644 --- a/cmd/fmt.go +++ b/cmd/fmt.go @@ -69,7 +69,6 @@ var fmtCmd = &cobra.Command{ func init() { fmtCmd.Flags().Bool("check", false, "only check, no writing") - viperBindPFlags(fmtCmd.Flags()) RootCmd.AddCommand(fmtCmd) } diff --git a/cmd/graceful_exit.go b/cmd/graceful_exit.go index b8760a8e5..22829107a 100644 --- a/cmd/graceful_exit.go +++ b/cmd/graceful_exit.go @@ -23,22 +23,26 @@ import ( // GracefulExit traps interrupt signals for a graceful exit func GracefulExit(cancel context.CancelFunc) { + go GracefulExitBlocking(cancel) +} + +// GracefulExitBlocking handles graceful exits, and blocks until exit +func GracefulExitBlocking(cancel context.CancelFunc) { c := make(chan os.Signal, 1) signal.Notify(c, os.Interrupt) - go func() { - interruptCount := 0 - for range c { - interruptCount++ + interruptCount := 0 + + for range c { + interruptCount++ - switch interruptCount { - case 1: - log.Println("[INFO] gracefully shutting down (interrupt again to halt)") - cancel() - case 2: - log.Println("[WARN] hard stop! System may be left in an incomplete state") - os.Exit(2) - } + switch interruptCount { + case 1: + log.Println("[INFO] gracefully shutting down (interrupt again to halt)") + cancel() + case 2: + log.Println("[WARN] hard stop! System may be left in an incomplete state") + os.Exit(2) } - }() + } } diff --git a/cmd/graph.go b/cmd/graph.go index b8d7684f8..d0c59ebef 100644 --- a/cmd/graph.go +++ b/cmd/graph.go @@ -98,8 +98,7 @@ You can pipe the output directly to the 'dot' command, for example: func init() { graphCmd.Flags().Bool("show-params", false, "also graph param dependencies") graphCmd.Flags().Bool("merge-duplicates", false, "merge duplicates before rendering") - addParamsArguments(graphCmd.PersistentFlags()) - viperBindPFlags(graphCmd.Flags()) + registerParamsFlags(graphCmd.Flags()) RootCmd.AddCommand(graphCmd) } diff --git a/cmd/healthcheck.go b/cmd/healthcheck.go index aae112654..fe76a2b1c 100644 --- a/cmd/healthcheck.go +++ b/cmd/healthcheck.go @@ -97,7 +97,7 @@ not display healthy checks.`, func init() { healthcheckCmd.Flags().Bool("quiet", false, "show only a short summary of the status") - addParamsArguments(healthcheckCmd.PersistentFlags()) - viperBindPFlags(healthcheckCmd.Flags()) + registerParamsFlags(healthcheckCmd.Flags()) + RootCmd.AddCommand(healthcheckCmd) } diff --git a/cmd/params.go b/cmd/params.go index 99613ee17..d40403575 100644 --- a/cmd/params.go +++ b/cmd/params.go @@ -21,6 +21,7 @@ import ( "strings" "github.com/asteris-llc/converge/render" + "github.com/spf13/cobra" "github.com/spf13/pflag" ) @@ -28,7 +29,7 @@ import ( var paramsJSON string var params []string -func addParamsArguments(flags *pflag.FlagSet) { +func registerParamsFlags(flags *pflag.FlagSet) { flags.StringVar(¶msJSON, "paramsJSON", "{}", "parameters for the top-level module, in JSON format") flags.StringSliceVarP(¶ms, "params", "p", []string{}, "parameters for the top-level module in key=value format") } @@ -95,3 +96,28 @@ func getParamsFromFlags(flags *pflag.FlagSet) (vals render.Values, errors []erro return vals, errors } + +// getParams wraps getParamsFromFlags, logging and exiting upon error +func getParams(cmd *cobra.Command) render.Values { + params, errors := getParamsFromFlags(cmd.Flags()) + for i, err := range errors { + log.Printf("[ERROR] error while parsing parameters: %s\n", err) + + // after the last error is printed, exit + if i == len(errors)-1 { + log.Fatalf("[FATAL] errors while parsing parameters, see log above") + } + } + return params +} + +func getParamsRPC(cmd *cobra.Command) map[string]string { + params := getParams(cmd) + + clientParams := map[string]string{} + for k, v := range params { + clientParams[k] = fmt.Sprintf("%v", v) + } + + return clientParams +} diff --git a/cmd/params_test.go b/cmd/params_test.go index 35971d131..f4413f799 100644 --- a/cmd/params_test.go +++ b/cmd/params_test.go @@ -25,7 +25,7 @@ import ( // set up a FlagSet for testing func setupFlags(params, paramsJSON string) *pflag.FlagSet { flagSet := pflag.NewFlagSet("TestGetParamsFromFlags", pflag.PanicOnError) - addParamsArguments(flagSet) + registerParamsFlags(flagSet) // mirror actual usage by using Parse rather than Set cmdline := []string{"apply"} if params != "" { @@ -42,9 +42,9 @@ func setupFlags(params, paramsJSON string) *pflag.FlagSet { return flagSet } -func TestAddParamsArguments(t *testing.T) { +func TestRegisterParamsFlags(t *testing.T) { flagSet := pflag.NewFlagSet("", pflag.PanicOnError) - addParamsArguments(flagSet) + registerParamsFlags(flagSet) assert.True(t, flagSet.HasAvailableFlags()) } @@ -110,7 +110,7 @@ func TestDuplicateParameters(t *testing.T) { // test that defining -p multiple times results in multiple parameters func TestMultipleArgs(t *testing.T) { flagSet := pflag.NewFlagSet("", pflag.PanicOnError) - addParamsArguments(flagSet) + registerParamsFlags(flagSet) assert.NoError(t, flagSet.Parse([]string{"-p", "key1=1", "-p", "key2=2"})) values, errors := getParamsFromFlags(flagSet) assert.Len(t, values, 2) diff --git a/cmd/plan.go b/cmd/plan.go index e26e8a1f4..ce651d729 100644 --- a/cmd/plan.go +++ b/cmd/plan.go @@ -19,12 +19,10 @@ import ( "errors" "fmt" "log" - "os" "github.com/asteris-llc/converge/graph" - "github.com/asteris-llc/converge/load" - "github.com/asteris-llc/converge/plan" - "github.com/asteris-llc/converge/render" + "github.com/asteris-llc/converge/rpc" + "github.com/asteris-llc/converge/rpc/pb" "github.com/spf13/cobra" ) @@ -43,48 +41,90 @@ can be done separately to see what needs to be changed before execution.`, Run: func(cmd *cobra.Command, args []string) { // set up execution context ctx, cancel := context.WithCancel(context.Background()) + defer cancel() GracefulExit(cancel) - // params - params, err := getParamsFromFlags(cmd.Flags()) + maybeSetToken() + + ssl, err := getSSLConfig(getServerName()) if err != nil { - log.Fatalf("[FATAL] could not read params: %s\n", err) + log.Fatalf("[FATAL] could not get SSL config: %v", err) + } + + if err := maybeStartSelfHostedRPC(ctx, ssl); err != nil { + log.Fatalf("[FATAL] %s\n", err) } + client, err := getRPCExecutorClient( + ctx, + &rpc.ClientOpts{ + Token: getToken(), + SSL: ssl, + }, + ) + if err != nil { + log.Fatalf("[FATAL] %s\n", err) + } + + rpcParams := getParamsRPC(cmd) + + // execute files for _, fname := range args { log.Printf("[INFO] planning %s\n", fname) - loaded, err := load.Load(ctx, fname) + stream, err := client.Plan( + ctx, + &pb.ExecRequest{ + Location: fname, + Parameters: rpcParams, + }, + ) if err != nil { - log.Fatalf("[FATAL] %s: could not parse file: %s\n", fname, err) + log.Fatalf("[FATAL] %s: error getting RPC stream: %s\n", fname, err) } - rendered, err := render.Render(ctx, loaded, params) + g := graph.New() + + // get edges + edges, err := getMeta(stream) if err != nil { - log.Fatalf("[FATAL] %s: could not render: %s\n", fname, err) + log.Fatalf("[FATAL] %s: %s\n", fname, err) + } + for _, edge := range edges { + g.Connect(edge.Source, edge.Dest) } - merged, err := graph.MergeDuplicates(ctx, rendered, graph.SkipModuleAndParams) + // get vertices + err = iterateOverStream( + stream, + func(resp *pb.StatusResponse) { + log.Printf("[INFO] %s: %s %s %s\n", fname, resp.Stage, resp.Id, resp.Run) + + if resp.Run == pb.StatusResponse_FINISHED { + details := resp.GetDetails() + if details != nil { + g.Add(resp.Id, details.ToPrintable()) + } + } + }, + ) if err != nil { - log.Fatalf("[FATAL] %s: could not merge duplicates: %s\n", fname, err) + log.Fatalf("[FATAL] %s: %s\n", fname, err) } - results, err := plan.Plan(ctx, merged) - if err != nil && err != plan.ErrTreeContainsErrors { - log.Fatalf("[FATAL] %s: planning failed: %s\n", fname, err) + // validate resulting graph + if err := g.Validate(); err != nil { + log.Printf("[WARNING] %s: graph is not valid: %s\n", fname, err) } // print results - out, perr := getPrinter().Show(ctx, results) - if perr != nil { - log.Fatalf("[FATAL] %s: failed printing results: %s\n", fname, perr) + out, err := getPrinter().Show(ctx, g) + if err != nil { + log.Fatalf("[FATAL] %s: failed printing results: %s\n", fname, err) } fmt.Print("\n") fmt.Print(out) - if err != nil { - os.Exit(1) - } } }, } @@ -92,6 +132,10 @@ can be done separately to see what needs to be changed before execution.`, func init() { planCmd.Flags().Bool("show-meta", false, "show metadata (params and modules)") planCmd.Flags().Bool("only-show-changes", false, "only show changes") - addParamsArguments(planCmd.PersistentFlags()) + registerRPCFlags(planCmd.Flags()) + registerLocalRPCFlags(planCmd.Flags()) + registerSSLFlags(planCmd.Flags()) + registerParamsFlags(planCmd.Flags()) + RootCmd.AddCommand(planCmd) } diff --git a/cmd/root.go b/cmd/root.go index d32f67dfc..231aa1659 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -16,8 +16,11 @@ package cmd import ( "fmt" + "log" "os" + "strings" + "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/spf13/viper" ) @@ -43,13 +46,45 @@ The workflow generally looks like this: You can also visualize the execution graph with "converge graph yourfile.hcl" - see "converge graph --help" for more details.`, - PersistentPreRunE: func(cmd *cobra.Command, _ []string) error { + PersistentPreRunE: func(cmd *cobra.Command, args []string) error { + // set log level level, err := cmd.Flags().GetString("log-level") if err != nil { return err } - return SetLogLevel(level) + if err := SetLogLevel(level); err != nil { + return err + } + + // bind pflags for active commands + sub := cmd + subFlags := args + + for { + log.Printf("[TRACE] registering flags for %s\n", sub.Name()) + + if err := viper.BindPFlags(sub.Flags()); err != nil { + return errors.Wrapf(err, "failed to bind flags for %s", sub.Name()) + } + if err := viper.BindPFlags(sub.PersistentFlags()); err != nil { + return errors.Wrapf(err, "failed to bind persistent flags for %s", sub.Name()) + } + + potentialSub, potentialSubFlags, err := sub.Find(subFlags) + if err != nil { + return errors.Wrapf(err, "failed to get child for %s", sub.Name()) + } + + if sub == potentialSub { + break + } + + sub = potentialSub + subFlags = potentialSubFlags + } + + return nil }, } @@ -65,11 +100,9 @@ func Execute() { func init() { cobra.OnInitialize(initConfig) - RootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.converge.yaml)") + RootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is /etc/converge/config.yaml)") RootCmd.PersistentFlags().BoolP("nocolor", "n", false, "force colorless output") RootCmd.PersistentFlags().StringP("log-level", "l", "INFO", fmt.Sprintf("log level, one of %v", levels)) - - viperBindPFlags(RootCmd.PersistentFlags()) } // initConfig reads in config file and ENV variables if set. @@ -78,9 +111,12 @@ func initConfig() { viper.SetConfigFile(cfgFile) } - viper.SetConfigName(".converge") // name of config file (without extension) - viper.AddConfigPath("$HOME") // adding home directory as first search path - viper.AutomaticEnv() // read in environment variables that match + viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_")) + + viper.SetConfigName("config") // name of config file (without extension) + viper.AddConfigPath("/etc/converge") // adding home directory as first search path + viper.SetEnvPrefix("CONVERGE") // so our environment variables are unambiguous + viper.AutomaticEnv() // read in environment variables that match // If a config file is found, read it in. if err := viper.ReadInConfig(); err == nil { diff --git a/cmd/rpc.go b/cmd/rpc.go new file mode 100644 index 000000000..4ef3e53f9 --- /dev/null +++ b/cmd/rpc.go @@ -0,0 +1,185 @@ +// Copyright © 2016 Asteris, LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "context" + "crypto/tls" + "encoding/json" + "io" + "log" + "net" + "strings" + + "google.golang.org/grpc/metadata" + + "github.com/asteris-llc/converge/graph" + "github.com/asteris-llc/converge/rpc" + "github.com/asteris-llc/converge/rpc/pb" + "github.com/fgrid/uuid" + "github.com/pkg/errors" + "github.com/spf13/pflag" + "github.com/spf13/viper" +) + +const ( + rpcNoTokenFlagName = "no-token" + rpcTokenFlagName = "rpc-token" + rpcAddrFlagName = "rpc-addr" + rpcLocalAddrName = "local-addr" + rpcEnableLocalName = "local" +) + +func registerRPCFlags(flags *pflag.FlagSet) { + flags.String(rpcTokenFlagName, "", "token for RPC") + flags.Bool(rpcNoTokenFlagName, false, "don't use or generate an RPC token") + + flags.String(rpcAddrFlagName, addrServer, "address for RPC connection") +} + +func registerLocalRPCFlags(flags *pflag.FlagSet) { + flags.String(rpcLocalAddrName, addrServerLocal, "address for local RPC connection") + flags.Bool(rpcEnableLocalName, false, "self host RPC") +} + +func maybeStartSelfHostedRPC(ctx context.Context, secure *tls.Config) error { + if viper.GetBool(rpcEnableLocalName) { + return startRPC(ctx, getLocalAddr(), secure, "", false) + } + + return nil +} + +func startRPC(ctx context.Context, addr string, secure *tls.Config, resourceRoot string, enableBinaryDownload bool) error { + lis, err := net.Listen("tcp", addr) + if err != nil { + return errors.Wrap(err, "could not open RPC listener connection") + } + + server, err := rpc.New(getToken(), secure, resourceRoot, enableBinaryDownload) + if err != nil { + return errors.Wrap(err, "could not create RPC server") + } + + go func() { + <-ctx.Done() + server.GracefulStop() + }() + + log.Printf("[INFO] serving RPC on %s\n", addr) + go func() { + if err := server.Serve(lis); err != nil { + log.Fatalf("[FATAL] RPC failed to serve: %v", err) + } + + log.Println("[INFO] halted RPC server") + }() + + return nil +} + +func getRPCExecutorClient(ctx context.Context, opts *rpc.ClientOpts) (pb.ExecutorClient, error) { + var addr string + if viper.GetBool(rpcEnableLocalName) { + addr = viper.GetString(rpcLocalAddrName) + } else { + addr = viper.GetString(rpcAddrFlagName) + } + + return rpc.NewExecutorClient(ctx, addr, opts) +} + +type recver interface { + Recv() (*pb.StatusResponse, error) +} + +func iterateOverStream(stream recver, cb func(*pb.StatusResponse)) error { + for { + resp, err := stream.Recv() + if err == io.EOF { + break + } + if err != nil { + return errors.Wrap(err, "error getting status response") + } + + cb(resp) + } + + return nil +} + +type headerer interface { + Header() (metadata.MD, error) +} + +func getMeta(stream headerer) ([]*graph.Edge, error) { + meta, err := stream.Header() + if err != nil { + return nil, errors.Wrap(err, "error getting RPC header") + } + + var edges []*graph.Edge + if blobs, ok := meta["edges"]; ok { + for _, blob := range blobs { + var out []*graph.Edge + err := json.Unmarshal([]byte(blob), &out) + if err != nil { + return nil, errors.Wrap(err, "could not deserialize edge metadata") + } + + edges = append(edges, out...) + } + } + + return edges, nil +} + +// Token + +func getToken() string { return viper.GetString(rpcTokenFlagName) } + +func maybeSetToken() { + if viper.GetBool(rpcNoTokenFlagName) { + log.Printf("[WARNING] no token set, server is unauthenticated. This should *only* be used for development.") + return + } + + if getToken() == "" { + viper.Set(rpcTokenFlagName, uuid.NewV4().String()) + log.Printf("[INFO] setting session-local token: %s", getToken()) + } +} + +// More getters + +func getLocal() bool { return viper.GetBool(rpcLocalAddrName) } +func getRPCAddr() string { return viper.GetString(rpcAddrFlagName) } +func getLocalAddr() string { return viper.GetString(rpcLocalAddrName) } + +func getServerName() string { + var addr string + if getLocal() { + addr = getLocalAddr() + } else { + addr = getRPCAddr() + } + + parts := strings.SplitN(addr, ":", 1) + if len(parts) < 2 || parts[0] == "" { + return "127.0.0.1" + } + return parts[0] +} diff --git a/cmd/server.go b/cmd/server.go index 985d1163d..f0a3be1af 100644 --- a/cmd/server.go +++ b/cmd/server.go @@ -19,8 +19,10 @@ import ( "errors" "log" "os" + "sync" + "time" - "github.com/asteris-llc/converge/server" + "github.com/asteris-llc/converge/rpc" "github.com/spf13/cobra" "github.com/spf13/viper" ) @@ -32,14 +34,8 @@ var serverCmd = &cobra.Command{ Aliases: []string{"serve"}, PreRunE: func(cmd *cobra.Command, args []string) error { // check HTTPS - if viper.GetBool("https") { - if viper.GetString("certFile") == "" { - return errors.New("certFile is required for HTTPS") - } - - if viper.GetString("keyFile") == "" { - return errors.New("keyFile is required for HTTPS") - } + if err := validateSSL(); err != nil { + return err } // check module serving @@ -57,41 +53,91 @@ var serverCmd = &cobra.Command{ ctx, cancel := context.WithCancel(context.Background()) GracefulExit(cancel) - var ( - err error - s = server.New( + var running sync.WaitGroup + running.Add(2) + + // set up our client and server security options + maybeSetToken() + + if !usingSSL() { + log.Println("[WARNING] no SSL config in use, server will accept HTTP connections") + } + + sslConfig, err := getSSLConfig(getServerName()) + if err != nil { + log.Fatalf("[FATAL] could not get SSL config: %s", err) + } + + clientOpts := &rpc.ClientOpts{ + Token: viper.GetString("auth-token"), + SSL: sslConfig, + } + + // start RPC server + go func() { + defer running.Done() + + err := startRPC( ctx, + getRPCAddr(), + sslConfig, viper.GetString("root"), viper.GetBool("self-serve"), ) - ) - log.Printf("[INFO] serving on %s\n", viper.GetString("addr")) - if viper.GetBool("https") { - err = s.ListenAndServeTLS(viper.GetString("addr"), viper.GetString("certFile"), viper.GetString("keyFile")) - } else { - err = s.ListenAndServe(viper.GetString("addr")) - } + if err != nil { + log.Fatalf("[FATAL] could not run RPC: %s", err) + } - if err != nil { - log.Fatalf("[FATAL] %s\n", err) - } + <-ctx.Done() + }() + + // sleep here to avoid a race condition. The REST gateway can't connect + // to the RPC server if the gateway starts first. + time.Sleep(100 * time.Millisecond) + + // start HTTP server + go func() { + defer running.Done() + + server, err := rpc.NewRESTGateway(ctx, getRPCAddr(), clientOpts) + if err != nil { + log.Fatalf("[FATAL] failed to create server: %v", err) + } + + if viper.GetBool("https") { + log.Printf("[INFO] serving HTTPS on %s\n", viper.GetString("api-addr")) + err = server.ListenAndServeTLS( + viper.GetString("api-addr"), + getCertFileLoc(), + getKeyFileLoc(), + ) + } else { + log.Printf("[INFO] serving HTTP on %s\n", viper.GetString("api-addr")) + err = server.ListenAndServe( + viper.GetString("api-addr"), + ) + } + + if err != nil { + log.Fatalf("[FATAL] %s\n", err) + } + + log.Println("[INFO] halted HTTP server") + }() + + running.Wait() }, } func init() { RootCmd.AddCommand(serverCmd) - // HTTP(S) - serverCmd.PersistentFlags().String("certFile", "", "certificate file for HTTPS") - serverCmd.PersistentFlags().String("keyFile", "", "key file for HTTPS") - serverCmd.PersistentFlags().Bool("https", false, "turn on HTTPS") - serverCmd.PersistentFlags().StringP("addr", "a", ":8080", "address to listen on") - - // module serving - serverCmd.PersistentFlags().String("root", ".", "location of modules to serve") - - // self serve - serverCmd.PersistentFlags().Bool("self-serve", false, "serve own binary for bootstrapping") + // common + registerSSLFlags(serverCmd.Flags()) + registerRPCFlags(serverCmd.Flags()) - viperBindPFlags(serverCmd.PersistentFlags()) + // API + serverCmd.Flags().String("api-addr", addrServerHTTP, "address to serve API") + serverCmd.Flags().String("root", ".", "location of modules to serve") + serverCmd.Flags().Bool("self-serve", false, "serve own binary for bootstrapping") } diff --git a/cmd/ssl.go b/cmd/ssl.go new file mode 100644 index 000000000..154fc3fc3 --- /dev/null +++ b/cmd/ssl.go @@ -0,0 +1,104 @@ +// Copyright © 2016 Asteris, LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "crypto/tls" + "crypto/x509" + "fmt" + "io/ioutil" + + "github.com/pkg/errors" + "github.com/spf13/pflag" + "github.com/spf13/viper" +) + +const ( + sslUseSSLFlagName = "use-ssl" + sslCertFileFlagName = "cert-file" + sslKeyFileFlagName = "key-file" + sslRootCAFlagName = "ca-file" +) + +func registerSSLFlags(flags *pflag.FlagSet) { + flags.Bool(sslUseSSLFlagName, false, "use SSL for connections") + flags.String(sslCertFileFlagName, "", "certificate file for SSL") + flags.String(sslKeyFileFlagName, "", "key file for SSL") + flags.String(sslRootCAFlagName, "", "CA certificate to trust") +} + +func getSSLConfig(serverName string) (*tls.Config, error) { + if !viper.GetBool(sslUseSSLFlagName) { + return nil, nil + } + + config := &tls.Config{ + ServerName: serverName, + } + + // add root certificates + if viper.GetString(sslRootCAFlagName) != "" { + pool, err := x509.SystemCertPool() + if err != nil { + return nil, errors.Wrap(err, "could not get system cert pool") + } + + pemBytes, err := ioutil.ReadFile(viper.GetString(sslRootCAFlagName)) + if err != nil { + return nil, errors.Wrap(err, "could not read specified root CA") + } + + if added := pool.AppendCertsFromPEM(pemBytes); !added { + return nil, errors.New("could not append root CA to system roots") + } + + config.RootCAs = pool + } + + // add server certificates + if viper.GetString(sslCertFileFlagName) != "" && viper.GetString(sslKeyFileFlagName) != "" { + cert, err := tls.LoadX509KeyPair( + viper.GetString(sslCertFileFlagName), + viper.GetString(sslKeyFileFlagName), + ) + if err != nil { + return nil, err + } + + config.Certificates = append(config.Certificates, cert) + } + + return config, nil +} + +func validateSSL() error { + if !usingSSL() { + return nil + } + + if getCertFileLoc() == "" { + return fmt.Errorf("%s is required for SSL usage", sslCertFileFlagName) + } + + if getKeyFileLoc() == "" { + return fmt.Errorf("%s is required for SSL usage", sslKeyFileFlagName) + } + + return nil +} + +func usingSSL() bool { return viper.GetBool(sslUseSSLFlagName) } +func getCertFileLoc() string { return viper.GetString(sslCertFileFlagName) } +func getKeyFileLoc() string { return viper.GetString(sslKeyFileFlagName) } diff --git a/cmd/util.go b/cmd/util.go index f3c831aa4..4e0a07288 100644 --- a/cmd/util.go +++ b/cmd/util.go @@ -15,28 +15,17 @@ package cmd import ( - "log" "os" "runtime" "github.com/asteris-llc/converge/prettyprinters" "github.com/asteris-llc/converge/prettyprinters/health" "github.com/asteris-llc/converge/prettyprinters/human" - "github.com/asteris-llc/converge/render" "github.com/asteris-llc/converge/resource" "github.com/mattn/go-isatty" - "github.com/spf13/cobra" - "github.com/spf13/pflag" "github.com/spf13/viper" ) -// bind a set of PFlags to Viper, failing and exiting on error -func viperBindPFlags(flags *pflag.FlagSet) { - if err := viper.BindPFlags(flags); err != nil { - log.Fatalf("[FATAL] could not bind flags: %s", err) - } -} - func humanProvider(filter human.FilterFunc) *human.Printer { if !viper.GetBool("show-meta") { filter = human.HideByKind("module", "param", "root") @@ -73,21 +62,3 @@ func UseColor() bool { isColorTerminal := isatty.IsTerminal(os.Stdout.Fd()) && (runtime.GOOS != "windows") return !viper.GetBool("nocolor") && isColorTerminal } - -// getParams wraps getParamsFromFlags, logging and exiting upon error -func getParams(cmd *cobra.Command) render.Values { - if !cmd.HasPersistentFlags() { - log.Fatalf("[FATAL] %s: can't get parameters, command doesn't have persistent flags\n", cmd.Name()) - } - - params, errors := getParamsFromFlags(cmd.PersistentFlags()) - for i, err := range errors { - log.Printf("[ERROR] error while parsing parameters: %s\n", err) - - // after the last error is printed, exit - if i == len(errors)-1 { - log.Fatalf("[FATAL] errors while parsing parameters, see log above") - } - } - return params -} diff --git a/docs/configuration/index.html b/docs/configuration/index.html new file mode 100644 index 000000000..d01107939 --- /dev/null +++ b/docs/configuration/index.html @@ -0,0 +1,592 @@ + + + + + + + + + + + + Configuration - Converge + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ + + + + +
+ +
+ +
+
+ + +
+ +
+
+

Configuration

+ + + +

Converge sources configuration from a number of different places:

+ +

Command-Line Flags

+ +

Command-line flags will always be considered over any other source. To view +them, send --help to any command. In addition, all commands have these flags:

+ +
    +
  • --config: set the config file (see below for more info on this file)
    • +
  • --log-level: log level, one of TRACE, DEBUG, INFO, WARN, ERROR, or +FATAL (INFO is used by default)
    • +
  • --nocolor: set to force colorless output
    • +
+ +

Environment

+ +

Environment variables are the same names as command-line flags, but prefixed by +CONVERGE_ and with dashes replaced with underscores. For example, the +--log-level flag can be set by setting the CONVERGE_LOG_LEVEL environment +variable.

+ +

Config Files

+ +

Converge will source a single config file as a fallback. This config file can +JSON, TOML, YAML, HCL, or a Java properties file (this is detected by file +extension.) The keys of this file are the same as the command-line flags. +Converge looks in /etc/converge/config.{ext} by default, but you can change +this with the global --config flag.

+ + + + + +
+
+ +
+
+
+
+
+
+
+
+
+ + + + + + + + + + + + + + diff --git a/docs/dependencies/index.html b/docs/dependencies/index.html index 8b7ba29a0..c5b4f94fd 100644 --- a/docs/dependencies/index.html +++ b/docs/dependencies/index.html @@ -248,6 +248,32 @@ + + + + + + + + Server + + + + + + + + + + + + + Configuration + + + + + diff --git a/docs/getting-started/index.html b/docs/getting-started/index.html index 3d2958c8d..b0fa0d2e9 100644 --- a/docs/getting-started/index.html +++ b/docs/getting-started/index.html @@ -248,6 +248,32 @@ + + + + + + + + Server + + + + + + + + + + + + + Configuration + + + + + diff --git a/docs/index.html b/docs/index.html index d657d6fae..f1b82b228 100644 --- a/docs/index.html +++ b/docs/index.html @@ -248,6 +248,32 @@ + + + + + + + + Server + + + + + + + + + + + + + Configuration + + + + + diff --git a/docs/index.xml b/docs/index.xml index 2983780ef..d86cc9bc8 100644 --- a/docs/index.xml +++ b/docs/index.xml @@ -6,13 +6,13 @@ Recent content on Converge Hugo -- gohugo.io en-us - Thu, 25 Aug 2016 12:19:27 -0400 + Tue, 30 Aug 2016 15:12:06 -0500 docker.image http://converge.aster.is/resources/docker-image/ - Thu, 25 Aug 2016 12:19:27 -0400 + Tue, 30 Aug 2016 15:12:06 -0500 http://converge.aster.is/resources/docker-image/ @@ -56,10 +56,170 @@ Valid time units are &ldquo;ns&rdquo;, &ldquo;us&rdquo; (or & + + file.content + http://converge.aster.is/resources/file-content/ + Tue, 30 Aug 2016 15:12:06 -0500 + + http://converge.aster.is/resources/file-content/ + + +<p>Content renders content to disk</p> + +<h2 id="example">Example</h2> + +<pre><code class="language-hcl">param &quot;message&quot; { + default = &quot;Hello, World&quot; +} + +param &quot;filename&quot; { + default = &quot;test.txt&quot; +} + +file.content &quot;render&quot; { + destination = &quot;{{param `filename`}}&quot; + content = &quot;{{param `message`}}&quot; +} + +</code></pre> + +<h2 id="parameters">Parameters</h2> + +<ul> +<li><code>content</code> (string)</li> +</ul> + +<p>Content is the file content. This will be rendered as a template.</p> + +<ul> +<li><code>destination</code> (string)</li> +</ul> + +<p>Destination is the location on disk where the content will be rendered.</p> + + + + + file.mode + http://converge.aster.is/resources/file-mode/ + Tue, 30 Aug 2016 15:12:06 -0500 + + http://converge.aster.is/resources/file-mode/ + + +<p>Mode monitors the mode of a file</p> + +<h2 id="example">Example</h2> + +<pre><code class="language-hcl">param &quot;filename&quot; { + default = &quot;test.txt&quot; +} + +file.mode &quot;render&quot; { + destination = &quot;{{param `filename`}}&quot; + mode = 0777 +} + +</code></pre> + +<h2 id="parameters">Parameters</h2> + +<ul> +<li><code>destination</code> (string)</li> +</ul> + +<p>Destination specifies which file will be modified by this resource. The +file must exist on the system (for example, having been created with +<code>file.content</code>.)</p> + +<ul> +<li><code>mode</code> (octal string)</li> +</ul> + +<p>Mode is the mode of the file, specified in octal.</p> + + + + + module + http://converge.aster.is/resources/module/ + Tue, 30 Aug 2016 15:12:06 -0500 + + http://converge.aster.is/resources/module/ + + +<p>Module remotely sources other modules and adds them to the tree</p> + +<h2 id="example">Example</h2> + +<pre><code class="language-hcl">param &quot;message&quot; { + default = &quot;Hello from another module!&quot; +} + +module &quot;basic.hcl&quot; &quot;basic&quot; { + params = { + message = &quot;{{param `message`}}&quot; + } +} + +</code></pre> + +<h2 id="parameters">Parameters</h2> + +<ul> +<li><code>params</code> (map of string to anything)</li> +</ul> + +<p>Params is a map of strings to anything you&rsquo;d like. It will be passed to +the called module as the default values for the <code>param</code>s there.</p> + + + + + param + http://converge.aster.is/resources/param/ + Tue, 30 Aug 2016 15:12:06 -0500 + + http://converge.aster.is/resources/param/ + + +<p>Param controls the flow of values through <code>module</code> calls. You can use the +<code>{{param &quot;name&quot;}}</code> template call anywhere you need the value of a param +inside the current module.</p> + +<h2 id="example">Example</h2> + +<pre><code class="language-hcl">param &quot;message&quot; { + default = &quot;Hello, World!&quot; +} + +param &quot;filename&quot; { + default = &quot;test.txt&quot; +} + +task &quot;render&quot; { + check = &quot;cat {{param `filename`}} | tee /dev/stderr | grep -q '{{param `message`}}'&quot; + apply = &quot;echo '{{param `message`}}' &gt; {{param `filename`}}&quot; +} + +</code></pre> + +<h2 id="parameters">Parameters</h2> + +<ul> +<li><code>default</code> (optional string)</li> +</ul> + +<p>Default is an optional field that provides a default value if none is +provided to this parameter. If this field is not set, this param will be +treated as required.</p> + + + task http://converge.aster.is/resources/task/ - Thu, 25 Aug 2016 10:03:34 -0500 + Tue, 30 Aug 2016 15:12:06 -0500 http://converge.aster.is/resources/task/ @@ -146,6 +306,150 @@ suffix, such as &ldquo;300ms&rdquo;, &ldquo;-1.5h&rdquo; or & + + Configuration + http://converge.aster.is/configuration/ + Mon, 29 Aug 2016 16:51:52 -0500 + + http://converge.aster.is/configuration/ + + +<p>Converge sources configuration from a number of different places:</p> + +<h2 id="command-line-flags">Command-Line Flags</h2> + +<p>Command-line flags will always be considered over any other source. To view +them, send <code>--help</code> to any command. In addition, all commands have these flags:</p> + +<ul> +<li><code>--config</code>: set the config file (see below for more info on this file)</li> +<li><code>--log-level</code>: log level, one of <code>TRACE</code>, <code>DEBUG</code>, <code>INFO</code>, <code>WARN</code>, <code>ERROR</code>, or +<code>FATAL</code> (<code>INFO</code> is used by default)</li> +<li><code>--nocolor</code>: set to force colorless output</li> +</ul> + +<h2 id="environment">Environment</h2> + +<p>Environment variables are the same names as command-line flags, but prefixed by +<code>CONVERGE_</code> and with dashes replaced with underscores. For example, the +<code>--log-level</code> flag can be set by setting the <code>CONVERGE_LOG_LEVEL</code> environment +variable.</p> + +<h2 id="config-files">Config Files</h2> + +<p>Converge will source a single config file as a fallback. This config file can +JSON, TOML, YAML, HCL, or a Java properties file (this is detected by file +extension.) The keys of this file are the same as the command-line flags. +Converge looks in <code>/etc/converge/config.{ext}</code> by default, but you can change +this with the global <code>--config</code> flag.</p> + + + + + Server + http://converge.aster.is/server/ + Mon, 29 Aug 2016 16:49:53 -0500 + + http://converge.aster.is/server/ + + +<p>Converge comes with a server that can:</p> + +<ul> +<li>run <code>plan</code> and <code>apply</code> and stream the results (using +<a href="http://www.grpc.io/">gRPC</a>)</li> +<li>serve modules from a given root</li> +<li>serve the Converge binary itself, for bootstrapping new systems inside your +network</li> +</ul> + +<h2 id="https">HTTPS</h2> + +<p>You can run the server over HTTPS. If you don&rsquo;t have your own certificates, you +can use <a href="https://github.com/square/certstrap">certstrap</a> to get some with the +following commands:</p> + +<pre><code class="language-shell">$ certstrap init --common-name your-company +$ certstrap request-cert --ip 127.0.0.1 +$ certstrap sign 127.0.0.1 --CA your-company +</code></pre> + +<p>Of course, replace <code>your-company</code> and <code>127.0.0.1</code> with your company&rsquo;s name and +the your server&rsquo;s IP address, respectively (but those defaults will work fine +for trying it out locally.) The certificates will be placed in <code>out</code> in the +directory you run the command from.</p> + +<p>Afterwards, reference these files like so:</p> + +<pre><code class="language-shell">converge server --cert-file out/127.0.0.1.crt \ + --key-file out/127.0.0.1.crt \ + --ca-file out/your-company.crt \ + --use-ssl \ + --rpc-token your-token +</code></pre> + +<p>You&rsquo;ll also need to pass the <code>--ca-file</code> flag to commands like <code>plan</code> and +<code>apply</code>, in order to trust your new CA (or put it in the system roots.)</p> + +<h2 id="apis">APIs</h2> + +<p>Using the Converge command-line interface is good enough for most cases. If you +want to integrate Converge into your system in novel ways, however, an API is +available.</p> + +<h3 id="authentication">Authentication</h3> + +<p>Authentication happens with <a href="https://jwt.io/">JSON Web Tokens</a>. The only +currently supported algorithm is HS512, and issued tokens must have a 30 second +expiration. Tokens are set using the <code>--rpc-token</code> <a href="http://converge.aster.is/configuration/">configuration flag</a> to all subcommands that use the API.</p> + +<h3 id="http-2-0-and-grpc">HTTP/2.0 And gRPC</h3> + +<p>If you want to create your own client for Converge, you&rsquo;ll probably want to use +gRPC. You can get instructions for your chosen langauge in +<a href="http://www.grpc.io/docs/">the gRPC docs</a>, and the protobuf file is +<code>rpc/pb/root.proto</code> in the Converge source. If you&rsquo;re using Go, the client +implementations in <code>rpc/client.go</code> are your friends.</p> + +<p>When using the RPC interface, the JWT token should be sent in the request +metadata&rsquo;s <code>authorization</code> field with the prefix <code>BEARER</code>.</p> + +<h3 id="http-1-1-and-json">HTTP/1.1 And JSON</h3> + +<p>A pseudo-RESTful interface is available to do the same things the gRPC interface +can do. See the protobuf file for the most up-to-date endpoints and payload +information.</p> + +<p>When using the HTTP/1.1 interface, the JWT token should be sent in the +<code>Authorization</code> header with the prefix <code>BEARER</code>. You can also set the <code>jwt</code> +querystring var, or send it in the <code>jwt</code> cookie.</p> + +<h2 id="standalone-server-for-the-command-line">Standalone Server For The Command-Line</h2> + +<p>The main Converge commands (like <code>plan</code> and <code>apply</code>) will take a <code>--local</code> +argument (or set <code>CONVERGE_LOCAL=1</code>.) This will:</p> + +<ol> +<li>Start a local RPC server</li> +<li>Perform the requested action against the RPC server</li> +<li>Shut down the RPC server</li> +</ol> + +<p>During this process, a port (<code>localhost:26930</code>) will be opened and RPC will be +running on it. This interface will be protected with an randomly-generated +token, unless you specify <code>--no-token</code></p> + +<div class="admonition warning"> +<p class="admonition-title">Don&#39;t Disable Tokens</p> +<p>Please don&rsquo;t disable token generation with <code>--no-token</code>. I know we just said you +can, but don&rsquo;t do it. This will open up remote execution of arbitrary +instructions to whoever can reach that port. You can make this process <em>more</em> +secure by specifying <code>--cert-file</code>, <code>--key-file</code>, and optionally <code>--ca-file</code> to +connect over HTTPS.</p> +</div> + + + Module Organization http://converge.aster.is/organization/ @@ -563,166 +867,6 @@ could - - param - http://converge.aster.is/resources/param/ - Wed, 24 Aug 2016 23:45:18 -0500 - - http://converge.aster.is/resources/param/ - - -<p>Param controls the flow of values through <code>module</code> calls. You can use the -<code>{{param &quot;name&quot;}}</code> template call anywhere you need the value of a param -inside the current module.</p> - -<h2 id="example">Example</h2> - -<pre><code class="language-hcl">param &quot;message&quot; { - default = &quot;Hello, World!&quot; -} - -param &quot;filename&quot; { - default = &quot;test.txt&quot; -} - -task &quot;render&quot; { - check = &quot;cat {{param `filename`}} | tee /dev/stderr | grep -q '{{param `message`}}'&quot; - apply = &quot;echo '{{param `message`}}' &gt; {{param `filename`}}&quot; -} - -</code></pre> - -<h2 id="parameters">Parameters</h2> - -<ul> -<li><code>default</code> (optional string)</li> -</ul> - -<p>Default is an optional field that provides a default value if none is -provided to this parameter. If this field is not set, this param will be -treated as required.</p> - - - - - file.content - http://converge.aster.is/resources/file-content/ - Wed, 24 Aug 2016 23:41:00 -0500 - - http://converge.aster.is/resources/file-content/ - - -<p>Content renders content to disk</p> - -<h2 id="example">Example</h2> - -<pre><code class="language-hcl">param &quot;message&quot; { - default = &quot;Hello, World&quot; -} - -param &quot;filename&quot; { - default = &quot;test.txt&quot; -} - -file.content &quot;render&quot; { - destination = &quot;{{param `filename`}}&quot; - content = &quot;{{param `message`}}&quot; -} - -</code></pre> - -<h2 id="parameters">Parameters</h2> - -<ul> -<li><code>content</code> (string)</li> -</ul> - -<p>Content is the file content. This will be rendered as a template.</p> - -<ul> -<li><code>destination</code> (string)</li> -</ul> - -<p>Destination is the location on disk where the content will be rendered.</p> - - - - - module - http://converge.aster.is/resources/module/ - Wed, 24 Aug 2016 23:41:00 -0500 - - http://converge.aster.is/resources/module/ - - -<p>Module remotely sources other modules and adds them to the tree</p> - -<h2 id="example">Example</h2> - -<pre><code class="language-hcl">param &quot;message&quot; { - default = &quot;Hello from another module!&quot; -} - -module &quot;basic.hcl&quot; &quot;basic&quot; { - params = { - message = &quot;{{param `message`}}&quot; - } -} - -</code></pre> - -<h2 id="parameters">Parameters</h2> - -<ul> -<li><code>params</code> (map of string to anything)</li> -</ul> - -<p>Params is a map of strings to anything you&rsquo;d like. It will be passed to -the called module as the default values for the <code>param</code>s there.</p> - - - - - file.mode - http://converge.aster.is/resources/file-mode/ - Wed, 24 Aug 2016 23:29:09 -0500 - - http://converge.aster.is/resources/file-mode/ - - -<p>Mode monitors the mode of a file</p> - -<h2 id="example">Example</h2> - -<pre><code class="language-hcl">param &quot;filename&quot; { - default = &quot;test.txt&quot; -} - -file.mode &quot;render&quot; { - destination = &quot;{{param `filename`}}&quot; - mode = 0777 -} - -</code></pre> - -<h2 id="parameters">Parameters</h2> - -<ul> -<li><code>destination</code> (string)</li> -</ul> - -<p>Destination specifies which file will be modified by this resource. The -file must exist on the system (for example, having been created with -<code>file.content</code>.)</p> - -<ul> -<li><code>mode</code> (octal string)</li> -</ul> - -<p>Mode is the mode of the file, specified in octal.</p> - - - License http://converge.aster.is/license/ diff --git a/docs/install/index.html b/docs/install/index.html index 978e1f463..54a935295 100644 --- a/docs/install/index.html +++ b/docs/install/index.html @@ -248,6 +248,32 @@ + + + + + + + + Server + + + + + + + + + + + + + Configuration + + + + + @@ -444,14 +470,14 @@

Install