Chef Push 2.0 alpha is available

Push 2.0 alpha is out

This has all of the major features planned for 2.0, including:

  • Encryption
  • Output capture
  • Environment control
  • Server Sent Event (SSE) feeds

This is an alpha release, so there will be bugs. Please file issues as you find them against Chef Push Issues.

Push 2.0 client and server are not backward compatible with 1.x versions. We are investigating what it would take to make the 2.0 client able to work with the 1.x server, but that isn’t there yet.

Current known issues in the alpha-3 release which will be fixed before 2.0 final include:

  • The windows client is broken; it apparently is having trouble with the zeromq library.
  • Renaming; push has had a lot of names over the years and that’s being cleaned up.
  • knife push client is incomplete; SSE feeds aren’t used by the knife command.
  • RHEL7 support for client/server
  • Documentation of the APIs and features
  • Testing of server and client upgrades from the 1.x series.

Some of these changes may be breaking changes; the renaming in particular may make it difficult to upgrade directly from one alpha to the next.

Brief outline of the new features:

Encryption

All communications take place over SSL or CurveZMQ. CurveZMQ is based on the
CurveCP protocol. The one exception to this is the server heartbeat, which is broadcast in the
clear (but is still signed with the server key for integrity).

Command Output Capture

The knife-push library now provides options to direct the client to
capture the job output and return it to the server for inspection:

% knife job start "echo foobar" test --capture
 Started. Job ID: 26e98ba162fa7ba6fb2793125553c7ae
 .Complete.
 % knife job output 26e98ba162fa7ba6fb2793125553c7ae test --channel stdout
 foobar

Environment Control

The user has a lot more control over the execution environment of the
remote command.

This includes:

  • Environment variables (‘–with-env’)
  • The execution directory (‘–in-dir’)
  • A data file sent from the user to the push client (‘–file’)
% knife job start "print\_execution\_environment" test
--file .chef/knife.rb --capture --with-env '{"test": "foo"}'
--in-dir "/tmp" --as-user daemon
 Started. Job ID: 26e98ba162fac37787292637362808cb
 ...
 % knife job output 26e98ba162fac37787292637362808cb test --channel stdout
 {"HOME"=>"/home/vagrant",
 ...
 "CHEF\_PUSH\_JOB\_FILE"=>"/tmp/pushy/pushy_file20150813-14250-125xv4u",
 "CHEF\_PUSH\_JOB\_ID"=>"26e98ba162fac37787292637362808cb",
 "CHEF\_PUSH\_NODE\_NAME"=>"test",
 "PWD"=>"/srv/piab/mounts/opscode-pushy-client",
 "SHELL"=>"/bin/bash",
 "test"=>"foo"}

Note that there are some new special environment variables:

  • CHEF\_PUSH\_JOB\_FILE: The path to the file sent from the server
  • CHEF\_PUSH\_JOB\_ID: The id of the push job being executed
  • CHEF\_PUSH\_JOB\_NODE\_NAME: The node name that the job is being executed on

Server Sent Event Feeds

There are two new endpoints that provide feeds for the state of jobs
on the server. There’s a per-org-feed, that provides high level job
start/completion information, and a per job feed that provides node
level state changes for a particular job.

The event feed for a job might look like:

id: 1
 event: start
 data: {"command": "chef-client", "run\_timeout": 60, ...}
 id: 2
 event: quorum\_vote
 data: {"node": "moe", "status": "success"}
 id: 3
 event: quorum\_succeeded
 data:
 id: 4
 event:run\_start
 data:
 id: 5
 event: run\_complete
 data: {"node": "moe", "status": "success"}
 id: 6
 event: job\_complete
 data: {"status": "complete"}

The knife-push plugin will support SSE feeds in a later release.

Getting started

You’ll need to download the latest knife-push plugin (0.9 or later) (github for now, rubygems soon) as well as the latest client and server from packagecloud current

At the time of writing those are push-jobs-client-2.0.0~alpha.3-1 and opscode-push-jobs-server-2.0.0-alpha-3.1.