chef 11.8.4.ohai7.0-x86-mingw32 → 11.10.0.alpha.1-x86-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/distro/common/html/chef-client.8.html +3 -3
- data/distro/common/html/chef-expander.8.html +3 -3
- data/distro/common/html/chef-expanderctl.8.html +3 -3
- data/distro/common/html/chef-server-webui.8.html +3 -3
- data/distro/common/html/chef-server.8.html +3 -3
- data/distro/common/html/chef-shell.1.html +3 -3
- data/distro/common/html/chef-solo.8.html +3 -3
- data/distro/common/html/chef-solr.8.html +4 -4
- data/distro/common/html/knife-bootstrap.1.html +3 -3
- data/distro/common/html/knife-client.1.html +3 -3
- data/distro/common/html/knife-configure.1.html +3 -3
- data/distro/common/html/knife-cookbook-site.1.html +3 -3
- data/distro/common/html/knife-cookbook.1.html +3 -3
- data/distro/common/html/knife-data-bag.1.html +3 -3
- data/distro/common/html/knife-environment.1.html +3 -3
- data/distro/common/html/knife-exec.1.html +3 -3
- data/distro/common/html/knife-index.1.html +3 -3
- data/distro/common/html/knife-node.1.html +3 -3
- data/distro/common/html/knife-role.1.html +3 -3
- data/distro/common/html/knife-search.1.html +3 -3
- data/distro/common/html/knife-ssh.1.html +3 -3
- data/distro/common/html/knife-status.1.html +3 -3
- data/distro/common/html/knife-tag.1.html +3 -3
- data/distro/common/html/knife.1.html +3 -3
- data/distro/common/man/man8/chef-client.8 +3 -3
- data/distro/common/man/man8/chef-solo.8 +5 -2
- data/lib/chef.rb +2 -0
- data/lib/chef/application.rb +7 -2
- data/lib/chef/application/apply.rb +6 -0
- data/lib/chef/application/client.rb +3 -1
- data/lib/chef/application/knife.rb +2 -0
- data/lib/chef/application/solo.rb +1 -1
- data/lib/chef/client.rb +14 -11
- data/lib/chef/config.rb +4 -1
- data/lib/chef/cookbook_uploader.rb +14 -7
- data/lib/chef/encrypted_data_bag_item.rb +6 -303
- data/lib/chef/encrypted_data_bag_item/decryption_failure.rb +22 -0
- data/lib/chef/encrypted_data_bag_item/decryptor.rb +201 -0
- data/lib/chef/encrypted_data_bag_item/encryptor.rb +142 -0
- data/lib/chef/encrypted_data_bag_item/unacceptable_encrypted_data_bag_item_format.rb +22 -0
- data/lib/chef/encrypted_data_bag_item/unsupported_cipher.rb +22 -0
- data/lib/chef/encrypted_data_bag_item/unsupported_encrypted_data_bag_item_format.rb +22 -0
- data/lib/chef/exceptions.rb +1 -0
- data/lib/chef/formatters/doc.rb +19 -3
- data/lib/chef/http/basic_client.rb +1 -1
- data/lib/chef/http/http_request.rb +7 -0
- data/lib/chef/knife.rb +8 -1
- data/lib/chef/knife/bootstrap.rb +1 -1
- data/lib/chef/knife/cookbook_site_share.rb +2 -2
- data/lib/chef/knife/cookbook_upload.rb +7 -1
- data/lib/chef/knife/core/subcommand_loader.rb +2 -2
- data/lib/chef/knife/data_bag_create.rb +7 -0
- data/lib/chef/knife/environment_compare.rb +127 -0
- data/lib/chef/mixin/command.rb +11 -12
- data/lib/chef/mixin/deep_merge.rb +4 -4
- data/lib/chef/monkey_patches/net_http.rb +34 -0
- data/lib/chef/monkey_patches/uri.rb +70 -0
- data/lib/chef/platform/provider_mapping.rb +1 -0
- data/lib/chef/provider/cookbook_file.rb +8 -0
- data/lib/chef/provider/cron.rb +1 -1
- data/lib/chef/provider/directory.rb +7 -0
- data/lib/chef/provider/file.rb +17 -4
- data/lib/chef/provider/git.rb +23 -5
- data/lib/chef/provider/group.rb +30 -11
- data/lib/chef/provider/group/dscl.rb +26 -4
- data/lib/chef/provider/group/gpasswd.rb +14 -19
- data/lib/chef/provider/group/groupadd.rb +41 -1
- data/lib/chef/provider/group/groupmod.rb +46 -36
- data/lib/chef/provider/group/pw.rb +59 -16
- data/lib/chef/provider/group/suse.rb +16 -13
- data/lib/chef/provider/group/usermod.rb +38 -15
- data/lib/chef/provider/group/windows.rb +13 -6
- data/lib/chef/provider/ohai.rb +5 -6
- data/lib/chef/provider/remote_file.rb +8 -0
- data/lib/chef/provider/template.rb +8 -0
- data/lib/chef/provider/user.rb +5 -1
- data/lib/chef/provider/user/useradd.rb +7 -0
- data/lib/chef/provider/whyrun_safe_ruby_block.rb +30 -0
- data/lib/chef/providers.rb +1 -0
- data/lib/chef/resource/deploy.rb +18 -0
- data/lib/chef/resource/group.rb +11 -0
- data/lib/chef/resource/scm.rb +18 -0
- data/lib/chef/resource/whyrun_safe_ruby_block.rb +31 -0
- data/lib/chef/resources.rb +1 -0
- data/lib/chef/run_context.rb +11 -0
- data/lib/chef/shell/ext.rb +1 -1
- data/lib/chef/util/windows/net_group.rb +5 -1
- data/lib/chef/version.rb +1 -1
- data/spec/functional/resource/base.rb +3 -1
- data/spec/functional/resource/deploy_revision_spec.rb +1 -1
- data/spec/functional/resource/git_spec.rb +1 -1
- data/spec/functional/resource/group_spec.rb +257 -118
- data/spec/integration/client/client_spec.rb +82 -8
- data/spec/integration/client/ipv6_spec.rb +133 -0
- data/spec/integration/knife/cookbook_api_ipv6_spec.rb +111 -0
- data/spec/scripts/ssl-serve.rb +52 -0
- data/spec/spec_helper.rb +7 -6
- data/spec/support/platform_helpers.rb +21 -0
- data/spec/support/shared/functional/windows_script.rb +2 -1
- data/spec/support/shared/unit/provider/file.rb +181 -43
- data/spec/support/shared/unit/provider/useradd_based_user_provider.rb +18 -0
- data/spec/unit/application/client_spec.rb +1 -0
- data/spec/unit/client_spec.rb +14 -1
- data/spec/unit/config_spec.rb +20 -0
- data/spec/unit/encrypted_data_bag_item_spec.rb +32 -18
- data/spec/unit/knife/cookbook_upload_spec.rb +14 -0
- data/spec/unit/knife/core/subcommand_loader_spec.rb +2 -2
- data/spec/unit/knife/data_bag_create_spec.rb +7 -0
- data/spec/unit/knife/environment_compare_spec.rb +112 -0
- data/spec/unit/knife_spec.rb +6 -1
- data/spec/unit/monkey_patches/uri_spec.rb +34 -0
- data/spec/unit/provider/cookbook_file_spec.rb +2 -1
- data/spec/unit/provider/cron_spec.rb +6 -0
- data/spec/unit/provider/file_spec.rb +3 -1
- data/spec/unit/provider/git_spec.rb +28 -4
- data/spec/unit/provider/group/dscl_spec.rb +1 -0
- data/spec/unit/provider/group/gpasswd_spec.rb +16 -9
- data/spec/unit/provider/group/groupadd_spec.rb +3 -4
- data/spec/unit/provider/group/groupmod_spec.rb +0 -1
- data/spec/unit/provider/group/pw_spec.rb +11 -14
- data/spec/unit/provider/group/usermod_spec.rb +19 -4
- data/spec/unit/provider/group/windows_spec.rb +0 -8
- data/spec/unit/provider/group_spec.rb +26 -4
- data/spec/unit/provider/ohai_spec.rb +1 -0
- data/spec/unit/provider/remote_file_spec.rb +4 -3
- data/spec/unit/provider/template_spec.rb +5 -3
- data/spec/unit/provider/user_spec.rb +6 -0
- data/spec/unit/provider/whyrun_safe_ruby_block_spec.rb +47 -0
- data/spec/unit/resource/scm_spec.rb +10 -0
- data/spec/unit/rest/auth_credentials_spec.rb +4 -1
- data/spec/unit/rest_spec.rb +12 -3
- metadata +69 -121
- data/spec/functional/resource/ohai_spec.rb +0 -65
@@ -265,11 +265,11 @@ www.example.com:</p>
|
|
265
265
|
|
266
266
|
<h2 id="AUTHOR">AUTHOR</h2>
|
267
267
|
|
268
|
-
<p> Chef was written by Adam Jacob <a href="&#
|
268
|
+
<p> Chef was written by Adam Jacob <a href="mailto:adam@opscode.com" data-bare-link="true">adam@opscode.com</a> with many contributions from the community.</p>
|
269
269
|
|
270
270
|
<h2 id="DOCUMENTATION">DOCUMENTATION</h2>
|
271
271
|
|
272
|
-
<p> This manual page was written by Joshua Timberman <a href="m&#
|
272
|
+
<p> This manual page was written by Joshua Timberman <a href="mailto:joshua@opscode.com" data-bare-link="true">joshua@opscode.com</a>.
|
273
273
|
Permission is granted to copy, distribute and / or modify this document under the terms of the Apache 2.0 License.</p>
|
274
274
|
|
275
275
|
<h2 id="CHEF">CHEF</h2>
|
@@ -278,7 +278,7 @@ www.example.com:</p>
|
|
278
278
|
|
279
279
|
|
280
280
|
<ol class='man-decor man-foot man foot'>
|
281
|
-
<li class='tl'>Chef 11.
|
281
|
+
<li class='tl'>Chef 11.10.0.alpha.1</li>
|
282
282
|
<li class='tc'>December 2013</li>
|
283
283
|
<li class='tr'>knife-search(1)</li>
|
284
284
|
</ol>
|
@@ -133,11 +133,11 @@ option.</dd>
|
|
133
133
|
|
134
134
|
<h2 id="AUTHOR">AUTHOR</h2>
|
135
135
|
|
136
|
-
<p> Chef was written by Adam Jacob <a href="&#
|
136
|
+
<p> Chef was written by Adam Jacob <a href="mailto:adam@opscode.com" data-bare-link="true">adam@opscode.com</a> with many contributions from the community.</p>
|
137
137
|
|
138
138
|
<h2 id="DOCUMENTATION">DOCUMENTATION</h2>
|
139
139
|
|
140
|
-
<p> This manual page was written by Joshua Timberman <a href="ma&#
|
140
|
+
<p> This manual page was written by Joshua Timberman <a href="mailto:joshua@opscode.com" data-bare-link="true">joshua@opscode.com</a>.
|
141
141
|
Permission is granted to copy, distribute and / or modify this document under the terms of the Apache 2.0 License.</p>
|
142
142
|
|
143
143
|
<h2 id="CHEF">CHEF</h2>
|
@@ -146,7 +146,7 @@ option.</dd>
|
|
146
146
|
|
147
147
|
|
148
148
|
<ol class='man-decor man-foot man foot'>
|
149
|
-
<li class='tl'>Chef 11.
|
149
|
+
<li class='tl'>Chef 11.10.0.alpha.1</li>
|
150
150
|
<li class='tc'>December 2013</li>
|
151
151
|
<li class='tr'>knife-ssh(1)</li>
|
152
152
|
</ol>
|
@@ -105,11 +105,11 @@ may not be publicly reachable.</p>
|
|
105
105
|
|
106
106
|
<h2 id="AUTHOR">AUTHOR</h2>
|
107
107
|
|
108
|
-
<p> Chef was written by Adam Jacob <a href="&#
|
108
|
+
<p> Chef was written by Adam Jacob <a href="mailto:adam@opscode.com" data-bare-link="true">adam@opscode.com</a> with many contributions from the community.</p>
|
109
109
|
|
110
110
|
<h2 id="DOCUMENTATION">DOCUMENTATION</h2>
|
111
111
|
|
112
|
-
<p> This manual page was written by Joshua Timberman <a href="ma&#
|
112
|
+
<p> This manual page was written by Joshua Timberman <a href="mailto:joshua@opscode.com" data-bare-link="true">joshua@opscode.com</a>.
|
113
113
|
Permission is granted to copy, distribute and / or modify this document under the terms of the Apache 2.0 License.</p>
|
114
114
|
|
115
115
|
<h2 id="CHEF">CHEF</h2>
|
@@ -118,7 +118,7 @@ may not be publicly reachable.</p>
|
|
118
118
|
|
119
119
|
|
120
120
|
<ol class='man-decor man-foot man foot'>
|
121
|
-
<li class='tl'>Chef 11.
|
121
|
+
<li class='tl'>Chef 11.10.0.alpha.1</li>
|
122
122
|
<li class='tc'>December 2013</li>
|
123
123
|
<li class='tr'>knife-status(1)</li>
|
124
124
|
</ol>
|
@@ -114,11 +114,11 @@
|
|
114
114
|
|
115
115
|
<h2 id="AUTHOR">AUTHOR</h2>
|
116
116
|
|
117
|
-
<p> Chef was written by Adam Jacob <a href="&#
|
117
|
+
<p> Chef was written by Adam Jacob <a href="mailto:adam@opscode.com" data-bare-link="true">adam@opscode.com</a> with many contributions from the community.</p>
|
118
118
|
|
119
119
|
<h2 id="DOCUMENTATION">DOCUMENTATION</h2>
|
120
120
|
|
121
|
-
<p> This manual page was written by Daniel DeLeo <a href="ma&#
|
121
|
+
<p> This manual page was written by Daniel DeLeo <a href="mailto:dan@opscode.com" data-bare-link="true">dan@opscode.com</a>.
|
122
122
|
Permission is granted to copy, distribute and / or modify this document under the terms of the Apache 2.0 License.</p>
|
123
123
|
|
124
124
|
<h2 id="CHEF">CHEF</h2>
|
@@ -127,7 +127,7 @@
|
|
127
127
|
|
128
128
|
|
129
129
|
<ol class='man-decor man-foot man foot'>
|
130
|
-
<li class='tl'>Chef 11.
|
130
|
+
<li class='tl'>Chef 11.10.0.alpha.1</li>
|
131
131
|
<li class='tc'>December 2013</li>
|
132
132
|
<li class='tr'>knife-tag(1)</li>
|
133
133
|
</ol>
|
@@ -286,12 +286,12 @@ data editing entirely.</dd>
|
|
286
286
|
|
287
287
|
<h2 id="AUTHOR">AUTHOR</h2>
|
288
288
|
|
289
|
-
<p> Chef was written by Adam Jacob <a href="&#
|
289
|
+
<p> Chef was written by Adam Jacob <a href="mailto:adam@opscode.com" data-bare-link="true">adam@opscode.com</a> of Opscode
|
290
290
|
(<a href="http://www.opscode.com" data-bare-link="true">http://www.opscode.com</a>), with contributions from the community.</p>
|
291
291
|
|
292
292
|
<h2 id="DOCUMENTATION">DOCUMENTATION</h2>
|
293
293
|
|
294
|
-
<p> This manual page was written by Joshua Timberman <a href="ma&#
|
294
|
+
<p> This manual page was written by Joshua Timberman <a href="mailto:joshua@opscode.com" data-bare-link="true">joshua@opscode.com</a>.</p>
|
295
295
|
|
296
296
|
<h2 id="LICENSE">LICENSE</h2>
|
297
297
|
|
@@ -305,7 +305,7 @@ data editing entirely.</dd>
|
|
305
305
|
|
306
306
|
|
307
307
|
<ol class='man-decor man-foot man foot'>
|
308
|
-
<li class='tl'>Chef 11.
|
308
|
+
<li class='tl'>Chef 11.10.0.alpha.1</li>
|
309
309
|
<li class='tc'>December 2013</li>
|
310
310
|
<li class='tr'>knife(1)</li>
|
311
311
|
</ol>
|
@@ -49,7 +49,7 @@ Looking for exceptions and notifications, handling each as required
|
|
49
49
|
.sp
|
50
50
|
The chef\-client executable can be run as a command\-line tool.
|
51
51
|
.IP Note
|
52
|
-
A client.rb file is used to specify the configuration details for the chef\-client. This file is the default configuration file and is loaded every time the chef\-client executable is run. The chef\-client executable can be run as a daemon. On UNIX\- and Linux\-based machines, the configuration file is located at: /etc/chef/client.rb. On Microsoft Windows machines, the configuration file is located at
|
52
|
+
A client.rb file is used to specify the configuration details for the chef\-client. This file is the default configuration file and is loaded every time the chef\-client executable is run. The chef\-client executable can be run as a daemon. On UNIX\- and Linux\-based machines, the configuration file is located at: \fB/etc/chef/client.rb\fP. On Microsoft Windows machines, the configuration file is located at \fBC:\echef\eclient.rb\fP.
|
53
53
|
.RE
|
54
54
|
.SH OPTIONS
|
55
55
|
.sp
|
@@ -80,7 +80,7 @@ The name of the environment.
|
|
80
80
|
Indicates that a chef\-client run will be contained in a secondary process with dedicated RAM. When the chef\-client run is complete the RAM will be returned to the master process. This option helps ensure that a chef\-client will use a steady amount of RAM over time because the master process will not run recipes. This option will also help prevent memory leaks (such as those that can be introduced by the code contained within a poorly designed cookbook). Use \fB\-\-no\-fork\fP to disable running the chef\-client in fork node. Default value: \fB\-\-fork\fP.
|
81
81
|
.TP
|
82
82
|
.B \fB\-F FORMAT\fP, \fB\-\-format FORMAT\fP
|
83
|
-
The output format: \
|
83
|
+
The output format: \fBdoc\fP (default) or \fBmin\fP. Other formatting options are available by using 3rd party formatters.
|
84
84
|
.TP
|
85
85
|
.B \fB\-\-force\-formatter\fP
|
86
86
|
Indicates that formatter output will be used instead of logger output.
|
@@ -95,7 +95,7 @@ The name of the group that owns a process. This is required when starting any ex
|
|
95
95
|
Shows help for the command.
|
96
96
|
.TP
|
97
97
|
.B \fB\-i SECONDS\fP, \fB\-\-interval SECONDS\fP
|
98
|
-
The frequency (in seconds) at which the chef\-client runs.
|
98
|
+
The frequency (in seconds) at which the chef\-client runs. Default value: \fB1800\fP.
|
99
99
|
.TP
|
100
100
|
.B \fB\-j PATH\fP, \fB\-\-json\-attributes PATH\fP
|
101
101
|
The path to a file that contains JSON data. Use this option to override attributes that are set from other locations, such as from within a cookbook or by a role.
|
@@ -67,11 +67,14 @@ The configuration file to use.
|
|
67
67
|
.B \fB\-d\fP, \fB\-\-daemonize\fP
|
68
68
|
Indicates that the executable will be run as a daemon. This option is only available on machines that run in UNIX or Linux environments. For machines that are running Microsoft Windows that require similar functionality, use the \fBchef\-client::service\fP recipe in the \fBchef\-client\fP cookbook: \fI\%http://community.opscode.com/cookbooks/chef-client\fP. This will install a chef\-client service under Microsoft Windows using the Windows Service Wrapper.
|
69
69
|
.TP
|
70
|
+
.B \fB\-E ENVIRONMENT_NAME\fP, \fB\-\-environment ENVIRONMENT_NAME\fP
|
71
|
+
The name of the environment.
|
72
|
+
.TP
|
70
73
|
.B \fB\-f\fP, \fB\-\-[no\-]fork\fP
|
71
74
|
Indicates that a chef\-client run will be contained in a secondary process with dedicated RAM. When the chef\-client run is complete the RAM will be returned to the master process. This option helps ensure that a chef\-client will use a steady amount of RAM over time because the master process will not run recipes. This option will also help prevent memory leaks (such as those that can be introduced by the code contained within a poorly designed cookbook). Use \fB\-\-no\-fork\fP to disable running the chef\-client in fork node. Default value: \fB\-\-fork\fP.
|
72
75
|
.TP
|
73
76
|
.B \fB\-F FORMAT\fP, \fB\-\-format FORMAT\fP
|
74
|
-
The output format: \
|
77
|
+
The output format: \fBdoc\fP (default) or \fBmin\fP. Other formatting options are available by using 3rd party formatters.
|
75
78
|
.TP
|
76
79
|
.B \fB\-\-force\-formatter\fP
|
77
80
|
Indicates that formatter output will be used instead of logger output.
|
@@ -86,7 +89,7 @@ The name of the group that owns a process. This is required when starting any ex
|
|
86
89
|
Shows help for the command.
|
87
90
|
.TP
|
88
91
|
.B \fB\-i SECONDS\fP, \fB\-\-interval SECONDS\fP
|
89
|
-
The frequency (in seconds) at which the chef\-client runs.
|
92
|
+
The frequency (in seconds) at which the chef\-client runs.
|
90
93
|
.TP
|
91
94
|
.B \fB\-j PATH\fP, \fB\-\-json\-attributes PATH\fP
|
92
95
|
The path to a file that contains JSON data. Use this option to override attributes that are set from other locations, such as from within a cookbook or by a role.
|
data/lib/chef.rb
CHANGED
data/lib/chef/application.rb
CHANGED
@@ -196,12 +196,17 @@ class Chef::Application
|
|
196
196
|
end
|
197
197
|
|
198
198
|
# Initializes Chef::Client instance and runs it
|
199
|
-
def run_chef_client
|
199
|
+
def run_chef_client(specific_recipes = [])
|
200
200
|
Chef::Application.setup_server_connectivity
|
201
201
|
|
202
|
+
override_runlist = config[:override_runlist]
|
203
|
+
if specific_recipes.size > 0
|
204
|
+
override_runlist ||= []
|
205
|
+
end
|
202
206
|
@chef_client = Chef::Client.new(
|
203
207
|
@chef_client_json,
|
204
|
-
:override_runlist => config[:override_runlist]
|
208
|
+
:override_runlist => config[:override_runlist],
|
209
|
+
:specific_recipes => specific_recipes
|
205
210
|
)
|
206
211
|
@chef_client_json = nil
|
207
212
|
|
@@ -74,6 +74,12 @@ class Chef::Application::Apply < Chef::Application
|
|
74
74
|
:description => 'Enable whyrun mode',
|
75
75
|
:boolean => true
|
76
76
|
|
77
|
+
option :color,
|
78
|
+
:long => '--[no-]color',
|
79
|
+
:boolean => true,
|
80
|
+
:default => !Chef::Platform.windows?,
|
81
|
+
:description => "Use colored output, defaults to enabled"
|
82
|
+
|
77
83
|
def initialize
|
78
84
|
super
|
79
85
|
end
|
@@ -230,6 +230,8 @@ class Chef::Application::Client < Chef::Application
|
|
230
230
|
def reconfigure
|
231
231
|
super
|
232
232
|
|
233
|
+
Chef::Config[:specific_recipes] = cli_arguments.map { |file| File.expand_path(file) }
|
234
|
+
|
233
235
|
Chef::Config[:chef_server_url] = config[:chef_server_url] if config.has_key? :chef_server_url
|
234
236
|
|
235
237
|
Chef::Config.local_mode = config[:local_mode] if config.has_key?(:local_mode)
|
@@ -309,7 +311,7 @@ class Chef::Application::Client < Chef::Application
|
|
309
311
|
Chef::Log.debug("Splay sleep #{splay} seconds")
|
310
312
|
sleep splay
|
311
313
|
end
|
312
|
-
run_chef_client
|
314
|
+
run_chef_client(Chef::Config[:specific_recipes])
|
313
315
|
if Chef::Config[:interval]
|
314
316
|
Chef::Log.debug("Sleeping for #{Chef::Config[:interval]} seconds")
|
315
317
|
unless SELF_PIPE.empty?
|
@@ -55,7 +55,7 @@ class Chef::Application::Solo < Chef::Application
|
|
55
55
|
option :color,
|
56
56
|
:long => '--[no-]color',
|
57
57
|
:boolean => true,
|
58
|
-
:default =>
|
58
|
+
:default => !Chef::Platform.windows?,
|
59
59
|
:description => "Use colored output, defaults to enabled"
|
60
60
|
|
61
61
|
option :log_level,
|
data/lib/chef/client.rb
CHANGED
@@ -146,6 +146,7 @@ class Chef
|
|
146
146
|
|
147
147
|
@events = EventDispatch::Dispatcher.new(*event_handlers)
|
148
148
|
@override_runlist = args.delete(:override_runlist)
|
149
|
+
@specific_recipes = args.delete(:specific_recipes)
|
149
150
|
runlist_override_sanity_check!
|
150
151
|
end
|
151
152
|
|
@@ -248,6 +249,11 @@ class Chef
|
|
248
249
|
run_status.run_context = run_context
|
249
250
|
|
250
251
|
run_context.load(@run_list_expansion)
|
252
|
+
if @specific_recipes
|
253
|
+
@specific_recipes.each do |recipe_file|
|
254
|
+
run_context.load_recipe_file(recipe_file)
|
255
|
+
end
|
256
|
+
end
|
251
257
|
assert_cookbook_path_not_empty(run_context)
|
252
258
|
run_context
|
253
259
|
end
|
@@ -543,8 +549,8 @@ class Chef
|
|
543
549
|
end
|
544
550
|
end
|
545
551
|
|
546
|
-
def
|
547
|
-
File.exists?(path)
|
552
|
+
def empty_directory?(path)
|
553
|
+
!File.exists?(path) || (Dir.entries(path).size <= 2)
|
548
554
|
end
|
549
555
|
|
550
556
|
def is_last_element?(index, object)
|
@@ -556,15 +562,12 @@ class Chef
|
|
556
562
|
# Check for cookbooks in the path given
|
557
563
|
# Chef::Config[:cookbook_path] can be a string or an array
|
558
564
|
# if it's an array, go through it and check each one, raise error at the last one if no files are found
|
559
|
-
|
560
|
-
|
561
|
-
|
562
|
-
|
563
|
-
|
564
|
-
|
565
|
-
Chef::Log.fatal(msg)
|
566
|
-
raise Chef::Exceptions::CookbookNotFound, msg if is_last_element?(index, Chef::Config[:cookbook_path])
|
567
|
-
end
|
565
|
+
cookbook_paths = Array(Chef::Config[:cookbook_path])
|
566
|
+
Chef::Log.debug "Loading from cookbook_path: #{cookbook_paths.map { |path| File.expand_path(path) }.join(', ')}"
|
567
|
+
if cookbook_paths.all? {|path| empty_directory?(path) }
|
568
|
+
msg = "None of the cookbook paths set in Chef::Config[:cookbook_path], #{cookbook_paths.inspect}, contain any cookbooks"
|
569
|
+
Chef::Log.fatal(msg)
|
570
|
+
raise Chef::Exceptions::CookbookNotFound, msg
|
568
571
|
end
|
569
572
|
else
|
570
573
|
Chef::Log.warn("Node #{node_name} has an empty run list.") if run_context.node.run_list.empty?
|
data/lib/chef/config.rb
CHANGED
@@ -449,6 +449,9 @@ class Chef
|
|
449
449
|
# Report Handlers
|
450
450
|
default :report_handlers, []
|
451
451
|
|
452
|
+
# Event Handlers
|
453
|
+
default :event_handlers, []
|
454
|
+
|
452
455
|
# Exception Handlers
|
453
456
|
default :exception_handlers, []
|
454
457
|
|
@@ -494,7 +497,7 @@ class Chef
|
|
494
497
|
|
495
498
|
default :fatal_windows_admin_check, false
|
496
499
|
else
|
497
|
-
default :user_valid_regex, [ /^([-a-zA-Z0-9_.]+[\\@]?[-a-zA-Z0-9_.]
|
500
|
+
default :user_valid_regex, [ /^([-a-zA-Z0-9_.]+[\\@]?[-a-zA-Z0-9_.]*)$/, /^\d+$/ ]
|
498
501
|
default :group_valid_regex, [ /^([-a-zA-Z0-9_.\\@^ ]+)$/, /^\d+$/ ]
|
499
502
|
end
|
500
503
|
|
@@ -8,6 +8,7 @@ require 'chef/cookbook_version'
|
|
8
8
|
require 'chef/cookbook/syntax_check'
|
9
9
|
require 'chef/cookbook/file_system_file_vendor'
|
10
10
|
require 'chef/sandbox'
|
11
|
+
require 'thread'
|
11
12
|
|
12
13
|
class Chef
|
13
14
|
class CookbookUploader
|
@@ -16,10 +17,10 @@ class Chef
|
|
16
17
|
@work_queue ||= Queue.new
|
17
18
|
end
|
18
19
|
|
19
|
-
def self.setup_worker_threads
|
20
|
+
def self.setup_worker_threads(concurrency=10)
|
20
21
|
@worker_threads ||= begin
|
21
22
|
work_queue
|
22
|
-
(1...
|
23
|
+
(1...concurrency).map do
|
23
24
|
Thread.new do
|
24
25
|
loop do
|
25
26
|
work_queue.pop.call
|
@@ -33,6 +34,7 @@ class Chef
|
|
33
34
|
attr_reader :path
|
34
35
|
attr_reader :opts
|
35
36
|
attr_reader :rest
|
37
|
+
attr_reader :concurrency
|
36
38
|
|
37
39
|
# Creates a new CookbookUploader.
|
38
40
|
# ===Arguments:
|
@@ -49,10 +51,13 @@ class Chef
|
|
49
51
|
# * :rest A Chef::REST object that you have configured the way you like it.
|
50
52
|
# If you don't provide this, one will be created using the values
|
51
53
|
# in Chef::Config.
|
54
|
+
# * :concurrency An integer that decided how many threads will be used to
|
55
|
+
# perform concurrent uploads
|
52
56
|
def initialize(cookbooks, path, opts={})
|
53
57
|
@path, @opts = path, opts
|
54
58
|
@cookbooks = Array(cookbooks)
|
55
59
|
@rest = opts[:rest] || Chef::REST.new(Chef::Config[:chef_server_url])
|
60
|
+
@concurrency = opts[:concurrency] || 10
|
56
61
|
end
|
57
62
|
|
58
63
|
def upload_cookbooks
|
@@ -72,7 +77,7 @@ class Chef
|
|
72
77
|
|
73
78
|
Chef::Log.info("Uploading files")
|
74
79
|
|
75
|
-
self.class.setup_worker_threads
|
80
|
+
self.class.setup_worker_threads(concurrency)
|
76
81
|
|
77
82
|
checksums_to_upload = Set.new
|
78
83
|
|
@@ -137,7 +142,7 @@ class Chef
|
|
137
142
|
timestamp = Time.now.utc.iso8601
|
138
143
|
file_contents = File.open(file, "rb") {|f| f.read}
|
139
144
|
# TODO - 5/28/2010, cw: make signing and sending the request streaming
|
140
|
-
headers = { 'content-type' => 'application/x-binary', 'content-md5' => checksum64,
|
145
|
+
headers = { 'content-type' => 'application/x-binary', 'content-md5' => checksum64, "accept" => 'application/json' }
|
141
146
|
if rest.signing_key
|
142
147
|
sign_obj = Mixlib::Authentication::SignedHeaderAuth.signing_object(
|
143
148
|
:http_method => :put,
|
@@ -150,10 +155,12 @@ class Chef
|
|
150
155
|
end
|
151
156
|
|
152
157
|
begin
|
153
|
-
|
158
|
+
Chef::HTTP::Simple.new(url, :headers=>headers).put(url, file_contents)
|
154
159
|
checksums_to_upload.delete(checksum)
|
155
|
-
rescue
|
156
|
-
|
160
|
+
rescue Net::HTTPServerException, Net::HTTPFatalError, Errno::ECONNREFUSED, Timeout::Error, Errno::ETIMEDOUT, SocketError => e
|
161
|
+
error_message = "Failed to upload #{file} (#{checksum}) to #{url} : #{e.message}"
|
162
|
+
error_message << "\n#{e.response.body}" if e.respond_to?(:response)
|
163
|
+
Chef::Knife.ui.error(error_message)
|
157
164
|
raise
|
158
165
|
end
|
159
166
|
end
|
@@ -16,11 +16,10 @@
|
|
16
16
|
# limitations under the License.
|
17
17
|
#
|
18
18
|
|
19
|
-
require '
|
20
|
-
require 'openssl'
|
19
|
+
require 'chef/config'
|
21
20
|
require 'chef/data_bag_item'
|
22
|
-
require '
|
23
|
-
require '
|
21
|
+
require 'chef/encrypted_data_bag_item/decryptor'
|
22
|
+
require 'chef/encrypted_data_bag_item/encryptor'
|
24
23
|
require 'open-uri'
|
25
24
|
|
26
25
|
# An EncryptedDataBagItem represents a read-only data bag item where
|
@@ -50,305 +49,6 @@ require 'open-uri'
|
|
50
49
|
class Chef::EncryptedDataBagItem
|
51
50
|
ALGORITHM = 'aes-256-cbc'
|
52
51
|
|
53
|
-
class UnacceptableEncryptedDataBagItemFormat < StandardError
|
54
|
-
end
|
55
|
-
|
56
|
-
class UnsupportedEncryptedDataBagItemFormat < StandardError
|
57
|
-
end
|
58
|
-
|
59
|
-
class DecryptionFailure < StandardError
|
60
|
-
end
|
61
|
-
|
62
|
-
class UnsupportedCipher < StandardError
|
63
|
-
end
|
64
|
-
|
65
|
-
# Implementation class for converting plaintext data bag item values to an
|
66
|
-
# encrypted value, including any necessary wrappers and metadata.
|
67
|
-
module Encryptor
|
68
|
-
|
69
|
-
# "factory" method that creates an encryptor object with the proper class
|
70
|
-
# for the desired encrypted data bag format version.
|
71
|
-
#
|
72
|
-
# +Chef::Config[:data_bag_encrypt_version]+ determines which version is used.
|
73
|
-
def self.new(value, secret, iv=nil)
|
74
|
-
format_version = Chef::Config[:data_bag_encrypt_version]
|
75
|
-
case format_version
|
76
|
-
when 1
|
77
|
-
Version1Encryptor.new(value, secret, iv)
|
78
|
-
when 2
|
79
|
-
Version2Encryptor.new(value, secret, iv)
|
80
|
-
else
|
81
|
-
raise UnsupportedEncryptedDataBagItemFormat,
|
82
|
-
"Invalid encrypted data bag format version `#{format_version}'. Supported versions are '1', '2'"
|
83
|
-
end
|
84
|
-
end
|
85
|
-
|
86
|
-
class Version1Encryptor
|
87
|
-
attr_reader :key
|
88
|
-
attr_reader :plaintext_data
|
89
|
-
|
90
|
-
# Create a new Encryptor for +data+, which will be encrypted with the given
|
91
|
-
# +key+.
|
92
|
-
#
|
93
|
-
# === Arguments:
|
94
|
-
# * data: An object of any type that can be serialized to json
|
95
|
-
# * key: A String representing the desired passphrase
|
96
|
-
# * iv: The optional +iv+ parameter is intended for testing use only. When
|
97
|
-
# *not* supplied, Encryptor will use OpenSSL to generate a secure random
|
98
|
-
# IV, which is what you want.
|
99
|
-
def initialize(plaintext_data, key, iv=nil)
|
100
|
-
@plaintext_data = plaintext_data
|
101
|
-
@key = key
|
102
|
-
@iv = iv && Base64.decode64(iv)
|
103
|
-
end
|
104
|
-
|
105
|
-
# Returns a wrapped and encrypted version of +plaintext_data+ suitable for
|
106
|
-
# using as the value in an encrypted data bag item.
|
107
|
-
def for_encrypted_item
|
108
|
-
{
|
109
|
-
"encrypted_data" => encrypted_data,
|
110
|
-
"iv" => Base64.encode64(iv),
|
111
|
-
"version" => 1,
|
112
|
-
"cipher" => ALGORITHM
|
113
|
-
}
|
114
|
-
end
|
115
|
-
|
116
|
-
# Generates or returns the IV.
|
117
|
-
def iv
|
118
|
-
# Generated IV comes from OpenSSL::Cipher::Cipher#random_iv
|
119
|
-
# This gets generated when +openssl_encryptor+ gets created.
|
120
|
-
openssl_encryptor if @iv.nil?
|
121
|
-
@iv
|
122
|
-
end
|
123
|
-
|
124
|
-
# Generates (and memoizes) an OpenSSL::Cipher::Cipher object and configures
|
125
|
-
# it for the specified iv and encryption key.
|
126
|
-
def openssl_encryptor
|
127
|
-
@openssl_encryptor ||= begin
|
128
|
-
encryptor = OpenSSL::Cipher::Cipher.new(ALGORITHM)
|
129
|
-
encryptor.encrypt
|
130
|
-
@iv ||= encryptor.random_iv
|
131
|
-
encryptor.iv = @iv
|
132
|
-
encryptor.key = Digest::SHA256.digest(key)
|
133
|
-
encryptor
|
134
|
-
end
|
135
|
-
end
|
136
|
-
|
137
|
-
# Encrypts and Base64 encodes +serialized_data+
|
138
|
-
def encrypted_data
|
139
|
-
@encrypted_data ||= begin
|
140
|
-
enc_data = openssl_encryptor.update(serialized_data)
|
141
|
-
enc_data << openssl_encryptor.final
|
142
|
-
Base64.encode64(enc_data)
|
143
|
-
end
|
144
|
-
end
|
145
|
-
|
146
|
-
# Wraps the data in a single key Hash (JSON Object) and converts to JSON.
|
147
|
-
# The wrapper is required because we accept values (such as Integers or
|
148
|
-
# Strings) that do not produce valid JSON when serialized without the
|
149
|
-
# wrapper.
|
150
|
-
def serialized_data
|
151
|
-
Yajl::Encoder.encode(:json_wrapper => plaintext_data)
|
152
|
-
end
|
153
|
-
end
|
154
|
-
|
155
|
-
class Version2Encryptor < Version1Encryptor
|
156
|
-
|
157
|
-
# Returns a wrapped and encrypted version of +plaintext_data+ suitable for
|
158
|
-
# using as the value in an encrypted data bag item.
|
159
|
-
def for_encrypted_item
|
160
|
-
{
|
161
|
-
"encrypted_data" => encrypted_data,
|
162
|
-
"hmac" => hmac,
|
163
|
-
"iv" => Base64.encode64(iv),
|
164
|
-
"version" => 2,
|
165
|
-
"cipher" => ALGORITHM
|
166
|
-
}
|
167
|
-
end
|
168
|
-
|
169
|
-
# Generates an HMAC-SHA2-256 of the encrypted data (encrypt-then-mac)
|
170
|
-
def hmac
|
171
|
-
@hmac ||= begin
|
172
|
-
digest = OpenSSL::Digest::Digest.new("sha256")
|
173
|
-
raw_hmac = OpenSSL::HMAC.digest(digest, key, encrypted_data)
|
174
|
-
Base64.encode64(raw_hmac)
|
175
|
-
end
|
176
|
-
end
|
177
|
-
|
178
|
-
end
|
179
|
-
end
|
180
|
-
|
181
|
-
#=== Decryptor
|
182
|
-
# For backwards compatibility, Chef implements decryption/deserialization for
|
183
|
-
# older encrypted data bag item formats in addition to the current version.
|
184
|
-
# Each decryption/deserialization strategy is implemented as a class in this
|
185
|
-
# namespace. For convenience the factory method +Decryptor.for()+ can be used
|
186
|
-
# to create an instance of the appropriate strategy for the given encrypted
|
187
|
-
# data bag value.
|
188
|
-
module Decryptor
|
189
|
-
|
190
|
-
# Detects the encrypted data bag item format version and instantiates a
|
191
|
-
# decryptor object for that version. Call #for_decrypted_item on the
|
192
|
-
# resulting object to decrypt and deserialize it.
|
193
|
-
def self.for(encrypted_value, key)
|
194
|
-
format_version = format_version_of(encrypted_value)
|
195
|
-
assert_format_version_acceptable!(format_version)
|
196
|
-
case format_version
|
197
|
-
when 2
|
198
|
-
Version2Decryptor.new(encrypted_value, key)
|
199
|
-
when 1
|
200
|
-
Version1Decryptor.new(encrypted_value, key)
|
201
|
-
when 0
|
202
|
-
Version0Decryptor.new(encrypted_value, key)
|
203
|
-
else
|
204
|
-
raise UnsupportedEncryptedDataBagItemFormat,
|
205
|
-
"This version of chef does not support encrypted data bag item format version '#{format_version}'"
|
206
|
-
end
|
207
|
-
end
|
208
|
-
|
209
|
-
def self.format_version_of(encrypted_value)
|
210
|
-
if encrypted_value.respond_to?(:key?)
|
211
|
-
encrypted_value["version"]
|
212
|
-
else
|
213
|
-
0
|
214
|
-
end
|
215
|
-
end
|
216
|
-
|
217
|
-
def self.assert_format_version_acceptable!(format_version)
|
218
|
-
unless format_version.kind_of?(Integer) and format_version >= Chef::Config[:data_bag_decrypt_minimum_version]
|
219
|
-
raise UnacceptableEncryptedDataBagItemFormat,
|
220
|
-
"The encrypted data bag item has format version `#{format_version}', " +
|
221
|
-
"but the config setting 'data_bag_decrypt_minimum_version' requires version `#{Chef::Config[:data_bag_decrypt_minimum_version]}'"
|
222
|
-
end
|
223
|
-
end
|
224
|
-
|
225
|
-
class Version1Decryptor
|
226
|
-
|
227
|
-
attr_reader :encrypted_data
|
228
|
-
attr_reader :key
|
229
|
-
|
230
|
-
def initialize(encrypted_data, key)
|
231
|
-
@encrypted_data = encrypted_data
|
232
|
-
@key = key
|
233
|
-
end
|
234
|
-
|
235
|
-
def for_decrypted_item
|
236
|
-
Yajl::Parser.parse(decrypted_data)["json_wrapper"]
|
237
|
-
rescue Yajl::ParseError
|
238
|
-
# convert to a DecryptionFailure error because the most likely scenario
|
239
|
-
# here is that the decryption step was unsuccessful but returned bad
|
240
|
-
# data rather than raising an error.
|
241
|
-
raise DecryptionFailure, "Error decrypting data bag value. Most likely the provided key is incorrect"
|
242
|
-
end
|
243
|
-
|
244
|
-
def encrypted_bytes
|
245
|
-
Base64.decode64(@encrypted_data["encrypted_data"])
|
246
|
-
end
|
247
|
-
|
248
|
-
def iv
|
249
|
-
Base64.decode64(@encrypted_data["iv"])
|
250
|
-
end
|
251
|
-
|
252
|
-
def decrypted_data
|
253
|
-
@decrypted_data ||= begin
|
254
|
-
plaintext = openssl_decryptor.update(encrypted_bytes)
|
255
|
-
plaintext << openssl_decryptor.final
|
256
|
-
rescue OpenSSL::Cipher::CipherError => e
|
257
|
-
raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect"
|
258
|
-
end
|
259
|
-
end
|
260
|
-
|
261
|
-
def openssl_decryptor
|
262
|
-
@openssl_decryptor ||= begin
|
263
|
-
assert_valid_cipher!
|
264
|
-
d = OpenSSL::Cipher::Cipher.new(ALGORITHM)
|
265
|
-
d.decrypt
|
266
|
-
d.key = Digest::SHA256.digest(key)
|
267
|
-
d.iv = iv
|
268
|
-
d
|
269
|
-
end
|
270
|
-
end
|
271
|
-
|
272
|
-
def assert_valid_cipher!
|
273
|
-
# In the future, chef may support configurable ciphers. For now, only
|
274
|
-
# aes-256-cbc is supported.
|
275
|
-
requested_cipher = @encrypted_data["cipher"]
|
276
|
-
unless requested_cipher == ALGORITHM
|
277
|
-
raise UnsupportedCipher,
|
278
|
-
"Cipher '#{requested_cipher}' is not supported by this version of Chef. Available ciphers: ['#{ALGORITHM}']"
|
279
|
-
end
|
280
|
-
end
|
281
|
-
|
282
|
-
end
|
283
|
-
|
284
|
-
class Version2Decryptor < Version1Decryptor
|
285
|
-
|
286
|
-
def decrypted_data
|
287
|
-
validate_hmac! unless @decrypted_data
|
288
|
-
super
|
289
|
-
end
|
290
|
-
|
291
|
-
def validate_hmac!
|
292
|
-
digest = OpenSSL::Digest::Digest.new("sha256")
|
293
|
-
raw_hmac = OpenSSL::HMAC.digest(digest, key, @encrypted_data["encrypted_data"])
|
294
|
-
|
295
|
-
if candidate_hmac_matches?(raw_hmac)
|
296
|
-
true
|
297
|
-
else
|
298
|
-
raise DecryptionFailure, "Error decrypting data bag value: invalid hmac. Most likely the provided key is incorrect"
|
299
|
-
end
|
300
|
-
end
|
301
|
-
|
302
|
-
private
|
303
|
-
|
304
|
-
def candidate_hmac_matches?(expected_hmac)
|
305
|
-
return false unless @encrypted_data["hmac"]
|
306
|
-
expected_bytes = expected_hmac.bytes.to_a
|
307
|
-
candidate_hmac_bytes = Base64.decode64(@encrypted_data["hmac"]).bytes.to_a
|
308
|
-
valid = expected_bytes.size ^ candidate_hmac_bytes.size
|
309
|
-
expected_bytes.zip(candidate_hmac_bytes) { |x, y| valid |= x ^ y.to_i }
|
310
|
-
valid == 0
|
311
|
-
end
|
312
|
-
end
|
313
|
-
|
314
|
-
class Version0Decryptor
|
315
|
-
|
316
|
-
attr_reader :encrypted_data
|
317
|
-
attr_reader :key
|
318
|
-
|
319
|
-
def initialize(encrypted_data, key)
|
320
|
-
@encrypted_data = encrypted_data
|
321
|
-
@key = key
|
322
|
-
end
|
323
|
-
|
324
|
-
def for_decrypted_item
|
325
|
-
YAML.load(decrypted_data)
|
326
|
-
end
|
327
|
-
|
328
|
-
def decrypted_data
|
329
|
-
@decrypted_data ||= begin
|
330
|
-
plaintext = openssl_decryptor.update(encrypted_bytes)
|
331
|
-
plaintext << openssl_decryptor.final
|
332
|
-
rescue OpenSSL::Cipher::CipherError => e
|
333
|
-
raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect"
|
334
|
-
end
|
335
|
-
end
|
336
|
-
|
337
|
-
def encrypted_bytes
|
338
|
-
Base64.decode64(@encrypted_data)
|
339
|
-
end
|
340
|
-
|
341
|
-
def openssl_decryptor
|
342
|
-
@openssl_decryptor ||= begin
|
343
|
-
d = OpenSSL::Cipher::Cipher.new(ALGORITHM)
|
344
|
-
d.decrypt
|
345
|
-
d.pkcs5_keyivgen(key)
|
346
|
-
d
|
347
|
-
end
|
348
|
-
end
|
349
|
-
end
|
350
|
-
end
|
351
|
-
|
352
52
|
def initialize(enc_hash, secret)
|
353
53
|
@enc_hash = enc_hash
|
354
54
|
@secret = secret
|
@@ -390,6 +90,9 @@ class Chef::EncryptedDataBagItem
|
|
390
90
|
|
391
91
|
def self.load_secret(path=nil)
|
392
92
|
path ||= Chef::Config[:encrypted_data_bag_secret]
|
93
|
+
if !path
|
94
|
+
raise ArgumentError, "No secret specified to load_secret and no secret found at #{Chef::Config.platform_specific_path('/etc/chef/encrypted_data_bag_secret')}"
|
95
|
+
end
|
393
96
|
secret = case path
|
394
97
|
when /^\w+:\/\//
|
395
98
|
# We have a remote key
|