Rebases from upstream

.ruby-version

@@ -1 +1 @@
-2.2.3
+2.4.1

CHANGELOG.md

@@ -1,5 +1,39 @@
 # Change Log
 
+## [v0.7.2](https://github.com/compozed/ops_manager_cli/tree/v0.7.2) (2017-11-03)
+[Full Changelog](https://github.com/compozed/ops_manager_cli/compare/v0.7.1...v0.7.2)
+
+## [v0.7.1](https://github.com/compozed/ops_manager_cli/tree/v0.7.1) (2017-10-25)
+[Full Changelog](https://github.com/compozed/ops_manager_cli/compare/v0.7.0...v0.7.1)
+
+## [v0.7.0](https://github.com/compozed/ops_manager_cli/tree/v0.7.0) (2017-10-20)
+[Full Changelog](https://github.com/compozed/ops_manager_cli/compare/v0.5.4...v0.7.0)
+
+**Closed issues:**
+
+- OpsMAnagerCli should support new errands endpoint in versions \>= 1.10 [\#32](https://github.com/compozed/ops_manager_cli/issues/32)
+
+**Merged pull requests:**
+
+- Added support for ops\_manager\_cli to deploy via AWS [\#34](https://github.com/compozed/ops_manager_cli/pull/34) ([geofffranks](https://github.com/geofffranks))
+- Add pending-changes CLI command [\#26](https://github.com/compozed/ops_manager_cli/pull/26) ([RMeharg](https://github.com/RMeharg))
+
+## [v0.5.4](https://github.com/compozed/ops_manager_cli/tree/v0.5.4) (2017-06-27)
+[Full Changelog](https://github.com/compozed/ops_manager_cli/compare/v0.5.3...v0.5.4)
+
+## [v0.5.3](https://github.com/compozed/ops_manager_cli/tree/v0.5.3) (2017-06-27)
+[Full Changelog](https://github.com/compozed/ops_manager_cli/compare/v0.5.2...v0.5.3)
+
+## [v0.5.2](https://github.com/compozed/ops_manager_cli/tree/v0.5.2) (2017-06-27)
+[Full Changelog](https://github.com/compozed/ops_manager_cli/compare/v0.5.1...v0.5.2)
+
+**Closed issues:**
+
+- CLI should check that UAA is available after Ops Manager upgrades [\#29](https://github.com/compozed/ops_manager_cli/issues/29)
+- When upgrading opsman the token does not reset [\#27](https://github.com/compozed/ops_manager_cli/issues/27)
+- Support refresh tokens for re-authentication with UAA [\#24](https://github.com/compozed/ops_manager_cli/issues/24)
+- Allow toggling ops\_manager.log [\#21](https://github.com/compozed/ops_manager_cli/issues/21)
+
 ## [v0.5.1](https://github.com/compozed/ops_manager_cli/tree/v0.5.1) (2017-01-25)
 [Full Changelog](https://github.com/compozed/ops_manager_cli/compare/v0.5.0...v0.5.1)
 

Dockerfile

@@ -1,29 +1,31 @@
-FROM ruby:2.3.0
+FROM ruby:2.4.1
 
 ENV GEM_NAME ops_manager_cli
-ENV GEM_VERSION 0.5.2
+ENV GEM_VERSION 0.7.5
 ENV OVFTOOL_VERSION 4.1.0-2459827
 ENV OVFTOOL_INSTALLER VMware-ovftool-${OVFTOOL_VERSION}-lin.x86_64.bundle
 ARG DOWNLOAD_URL
 
+# ================== Installs sshpass ===============
+RUN echo "deb http://httpredir.debian.org/debian jessie utils" >> sources.list
+RUN apt-get update
+RUN apt-get install -y sshpass unzip
+
 # ================== Installs OVF tools ==============
 RUN echo $DOWNLOAD_URL
 RUN wget -v ${DOWNLOAD_URL} \
   && sh ${OVFTOOL_INSTALLER} -p /usr/local --eulas-agreed --required \
   && rm -f ${OVFTOOL_INSTALLER}*
 
 # ================== Installs Spruce ==============
-RUN wget -v --no-check-certificate https://github.com/geofffranks/spruce/releases/download/v1.0.1/spruce_1.0.1_linux_amd64.tar.gz \
-    && tar -xvf spruce_1.0.1_linux_amd64.tar.gz \
-    && chmod +x /spruce_1.0.1_linux_amd64/spruce \
-    && ln -s /spruce_1.0.1_linux_amd64/spruce /usr/bin/.
+RUN wget -v --no-check-certificate https://github.com/geofffranks/spruce/releases/download/v1.13.1/spruce-linux-amd64 \
+    && chmod +x spruce-linux-amd64 \
+    && ln -s /spruce-linux-amd64 /usr/bin/spruce
 
 # ================== Installs JQ ==============
 RUN wget -v -O /usr/local/bin/jq --no-check-certificate https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64
 RUN chmod +x /usr/local/bin/jq
 
 # ================== Installs ops_manager_cli gem ==============
 COPY pkg/${GEM_NAME}-${GEM_VERSION}.gem /tmp/
-
 RUN gem install /tmp/${GEM_NAME}-${GEM_VERSION}.gem
-

lib/ops_manager.rb

@@ -83,9 +83,10 @@ def password
 
 require "ops_manager/version"
 require "ops_manager/semver"
-require "ops_manager/deployments/vsphere"
-require 'ops_manager/configs/product_deployment'
-require 'ops_manager/configs/opsman_deployment'
+require "ops_manager/appliance/vsphere"
+require "ops_manager/appliance/aws"
+require 'ops_manager/config/product_deployment'
+require 'ops_manager/config/opsman_deployment'
 require "ops_manager/cli"
 require "ops_manager/errors"
 require "net/https"

lib/ops_manager/api/base.rb

@@ -153,7 +153,10 @@ def http_for(uri)
         Net::HTTP.new(uri.host, uri.port).tap do |http|
           http.use_ssl = true
           http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-          http.read_timeout = 1200
+          http.read_timeout = 1800
+
+          ctx = OpenSSL::SSL::SSLContext.new
+          ctx.ssl_version = :TLSv1_2
         end
       end
 

lib/ops_manager/api/opsman.rb

@@ -25,6 +25,10 @@ def get_staged_products(opts = {})
         authenticated_get("/api/v0/staged/products", opts)
       end
 
+      def get_pending_changes(opts = {})
+        authenticated_get("/api/v0/staged/pending_changes", opts)
+      end
+
       def get_installation_settings(opts = {})
         print_green '====> Downloading installation settings ...'
         res = authenticated_get("/api/installation_settings", opts)
@@ -43,7 +47,7 @@ def upload_installation_assets
 
       def get_installation_assets
         opts = { write_to: "installation_assets.zip" }
-        say_green '====> Download installation assets ...'
+        print_green '====> Download installation assets ...'
         res = authenticated_get("/api/v0/installation_asset_collection", opts)
         say_green 'done'
         res
@@ -103,12 +107,16 @@ def upgrade_product_installation(guid, product_version)
       end
 
       def upload_product(filepath)
-        file = "#{filepath}"
-        cmd = "curl -s -k \"https://#{target}/api/v0/available_products\" -F 'product[file]=@#{file}' -X POST -H 'Authorization: Bearer #{access_token}'"
-        logger.info "running cmd: #{cmd}"
-        body = `#{cmd}`
-        logger.info "Upload product response: #{body}"
-        raise OpsManager::ProductUploadError if body.include? "error"
+        return unless filepath
+        tar = UploadIO.new(filepath, 'multipart/form-data')
+        print_green "====> Uploading product: #{filepath} ..."
+      #print "====> Uploading product ...".green
+        opts = { "product[file]" => tar }
+        res = authenticated_multipart_post("/api/v0/available_products" , opts)
+
+        raise OpsManager::ProductUploadError.new(res.body) unless res.code == '200'
+        say_green 'done'
+        res
       end
 
       def get_available_products
@@ -117,7 +125,7 @@ def get_available_products
 
       def get_diagnostic_report
         authenticated_get("/api/v0/diagnostic_report")
-      rescue Errno::ETIMEDOUT , Errno::EHOSTUNREACH, Net::HTTPFatalError, Net::OpenTimeout, CF::UAA::BadTarget, SocketError
+      rescue Errno::ETIMEDOUT , Errno::EHOSTUNREACH, Net::HTTPFatalError, Net::OpenTimeout, HTTPClient::ConnectTimeoutError, CF::UAA::BadTarget, SocketError
         nil
       end
 
@@ -153,6 +161,35 @@ def import_stemcell(filepath)
         res
       end
 
+      def get_ensure_availability
+        get("/login/ensure_availability")
+      end
+
+      def get_token
+        token_issuer.owner_password_grant(username, password, 'opsman.admin').tap do |token|
+          logger.info "UAA Token: #{token.inspect}"
+        end
+      rescue  CF::UAA::TargetError
+        nil
+      end
+
+      def pending_changes(opts = {})
+        print_green '====> Getting pending changes ...'
+        res = authenticated_get('/api/v0/staged/pending_changes')
+        pendingChanges = JSON.parse(res.body)
+
+        if pendingChanges['product_changes'].count == 0
+          puts "\nNo pending changes"
+        else
+          pendingChanges['product_changes'].each do |product|
+            puts "\n#{product['guid']}"
+          end
+        end
+
+        say_green 'done'
+        res
+      end
+
       def username
         @username ||= OpsManager.get_conf(:username)
       end
@@ -165,26 +202,36 @@ def target
         @target = OpsManager.get_conf(:target)
       end
 
-      def get_token
-        token_issuer.owner_password_grant(username, password, 'opsman.admin').tap do |token|
-          logger.info "UAA Token: #{token.inspect}"
-        end
-      rescue  CF::UAA::TargetError, CF::UAA::BadTarget
-        nil
+      def reset_access_token
+        @access_token = nil
+      end
+
+      def access_token
+        @access_token ||= get_token.info['access_token']
       end
 
+      def wait_for_https_alive(limit)
+        @retry_counter = 0
+        res = nil
+        until(@retry_counter >= limit or (res = check_alive).code.to_i < 400) do
+          sleep 1
+          @retry_counter += 1
+        end
+        res
+      end
 
       private
+      def check_alive
+        get("/")
+      rescue Net::OpenTimeout, Net::HTTPError, Net::HTTPFatalError, Errno::ETIMEDOUT, Errno::ECONNREFUSED, Errno::ECONNRESET => e
+        Net::HTTPInternalServerError.new(1.0, 500, e.inspect)
+      end
+
       def token_issuer
         @token_issuer ||= CF::UAA::TokenIssuer.new(
           "https://#{target}/uaa", 'opsman', nil, skip_ssl_validation: true )
       end
 
-      def access_token
-        token = get_token
-        @access_token = token ? token.info['access_token'] : nil
-      end
-
       def authorization_header
         "Bearer #{access_token}"
       end

lib/ops_manager/appliance/aws.rb

@@ -0,0 +1,89 @@
+require 'fog/aws'
+require 'ops_manager/appliance/base'
+
+class OpsManager
+  module Appliance
+    class AWS < Base
+
+      def deploy_vm
+        image_id = ::YAML.load_file(ami_mapping_file)[config[:opts][:region]]
+
+        server = connection.servers.create(
+          block_device_mapping: [{
+            'DeviceName'     => '/dev/xvda',
+            'Ebs.VolumeSize' => config[:opts][:disk_size_in_gb],
+          }],
+          key_name: config[:opts][:ssh_keypair_name],
+          flavor_id: config[:opts][:instance_type],
+          subnet_id: config[:opts][:subnet_id],
+          image_id: image_id,
+          private_ip_address: config[:ip],
+          security_group_ids: security_group_ids,
+          availability_zone: config[:opts][:availability_zone],
+          iam_instance_profile_name: config[:opts][:instance_profile_name],
+          tags: {
+            'Name' => vm_name,
+          }
+        )
+        server.wait_for { ready? }
+        return server
+      end
+
+      def stop_current_vm(name)
+        server = connection.servers.all("private-ip-address" => config[:ip], "tag:Name" => name).first
+        if ! server
+          fail "VM not found matching IP '#{config[:ip]}', named '#{name}'"
+        end
+        server.stop
+        server.wait_for { server.state == "stopped" }
+
+        # Create ami of stopped server
+        response = connection.create_image(server.id, "#{name}-backup", "Backup of #{name}")
+        image = connection.images.get( response.data[:body]['imageId'])
+        image.wait_for 36000 { image.state == "available" }
+        if image.state != "available"
+          fail "Error creating backup AMI, bailing out before destroying the VM"
+        end
+
+        puts "Saved #{name} to AMI #{image.id} (#{name}-backup) for safe-keeping"
+
+        server.destroy
+        if !Fog.mocking?
+          server.wait_for { server.state == 'terminated' }
+        else
+          # Fog's mock doesn't support transitioning state from terminating -> terminated
+          # so we have to hack this here
+          server.wait_for { server.state == 'terminating' }
+        end
+      end
+
+      private
+      def ami_mapping_file
+        Dir.glob(config[:opts][:ami_mapping_file]).first
+      end
+
+      def security_group_ids
+        config[:opts][:security_groups].collect do |sg|
+          connection.security_groups.get(sg).group_id
+        end
+      end
+
+      def connection
+        if config[:opts][:use_iam_profile]
+          @connection ||= Fog::Compute.new({
+            provider: config[:provider],
+            use_iam_profile: config[:opts][:use_iam_profile],
+            aws_access_key_id: "",
+            aws_secret_access_key: "",
+          })
+        else
+          @connection ||= Fog::Compute.new({
+            provider: config[:provider],
+            aws_access_key_id: config[:opts][:access_key],
+            aws_secret_access_key: config[:opts][:secret_key],
+          })
+        end
+      end
+    end
+  end
+end

lib/ops_manager/appliance/base.rb

@@ -0,0 +1,23 @@
+
+class OpsManager
+  module Appliance
+    class Base
+      attr_reader :config
+
+      def initialize(config)
+        @config = config
+      end
+      def deploy_vm
+        raise NotImplementedError.new("You must implement deploy_vm.")
+      end
+      def stop_current_vm(name)
+        raise NotImplementedError.new("You must implement stop_current_vm.")
+      end
+
+      private
+      def vm_name
+        @vm_name ||= "#{config[:name]}-#{config[:desired_version]}"
+      end
+    end
+  end
+end