chef 12.0.0.alpha.1-x86-mingw32 → 12.0.0.alpha.2-x86-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/chef/application.rb +8 -1
- data/lib/chef/application/apply.rb +4 -0
- data/lib/chef/application/client.rb +7 -7
- data/lib/chef/application/solo.rb +21 -13
- data/lib/chef/chef_fs/chef_fs_data_store.rb +60 -6
- data/lib/chef/chef_fs/config.rb +78 -4
- data/lib/chef/chef_fs/data_handler/acl_data_handler.rb +2 -2
- data/lib/chef/chef_fs/data_handler/client_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/container_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/cookbook_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/data_bag_item_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/data_handler_base.rb +76 -2
- data/lib/chef/chef_fs/data_handler/environment_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/group_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/node_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/organization_data_handler.rb +30 -0
- data/lib/chef/chef_fs/data_handler/organization_invites_data_handler.rb +17 -0
- data/lib/chef/chef_fs/data_handler/organization_members_data_handler.rb +17 -0
- data/lib/chef/chef_fs/data_handler/role_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/user_data_handler.rb +2 -1
- data/lib/chef/chef_fs/file_system.rb +0 -1
- data/lib/chef/chef_fs/file_system/acl_entry.rb +1 -1
- data/lib/chef/chef_fs/file_system/chef_repository_file_system_cookbook_dir.rb +1 -1
- data/lib/chef/chef_fs/file_system/chef_repository_file_system_entry.rb +5 -1
- data/lib/chef/chef_fs/file_system/chef_repository_file_system_root_dir.rb +73 -13
- data/lib/chef/chef_fs/file_system/chef_server_root_dir.rb +44 -5
- data/lib/chef/chef_fs/file_system/cookbook_dir.rb +1 -1
- data/lib/chef/chef_fs/file_system/cookbooks_dir.rb +3 -3
- data/lib/chef/chef_fs/file_system/org_entry.rb +34 -0
- data/lib/chef/chef_fs/file_system/organization_invites_entry.rb +58 -0
- data/lib/chef/chef_fs/file_system/organization_members_entry.rb +57 -0
- data/lib/chef/chef_fs/file_system/rest_list_entry.rb +13 -4
- data/lib/chef/chef_fs/knife.rb +1 -1
- data/lib/chef/client.rb +8 -2
- data/lib/chef/config.rb +75 -57
- data/lib/chef/config_fetcher.rb +6 -21
- data/lib/chef/dsl/data_query.rb +48 -3
- data/lib/chef/dsl/platform_introspection.rb +42 -0
- data/lib/chef/dsl/reboot_pending.rb +6 -3
- data/lib/chef/encrypted_data_bag_item.rb +1 -1
- data/lib/chef/encrypted_data_bag_item/encryptor.rb +12 -0
- data/lib/chef/exceptions.rb +2 -0
- data/lib/chef/http/basic_client.rb +14 -0
- data/lib/chef/http/json_output.rb +7 -2
- data/lib/chef/knife.rb +36 -121
- data/lib/chef/knife/bootstrap.rb +68 -54
- data/lib/chef/knife/bootstrap/archlinux-gems.erb +6 -1
- data/lib/chef/knife/bootstrap/chef-aix.erb +5 -0
- data/lib/chef/knife/bootstrap/chef-full.erb +5 -1
- data/lib/chef/knife/core/bootstrap_context.rb +70 -29
- data/lib/chef/knife/search.rb +56 -12
- data/lib/chef/knife/serve.rb +1 -1
- data/lib/chef/local_mode.rb +10 -4
- data/lib/chef/mixin/deep_merge.rb +6 -3
- data/lib/chef/mixin/shell_out.rb +33 -17
- data/lib/chef/null_logger.rb +72 -0
- data/lib/chef/platform.rb +2 -1
- data/lib/chef/platform/provider_mapping.rb +1 -1
- data/lib/chef/platform/rebooter.rb +54 -0
- data/lib/chef/provider/ifconfig.rb +15 -16
- data/lib/chef/provider/link.rb +1 -1
- data/lib/chef/provider/mount/mount.rb +1 -1
- data/lib/chef/provider/mount/solaris.rb +102 -64
- data/lib/chef/provider/package/aix.rb +4 -12
- data/lib/chef/provider/package/ips.rb +8 -12
- data/lib/chef/provider/package/macports.rb +4 -12
- data/lib/chef/provider/package/pacman.rb +2 -6
- data/lib/chef/provider/package/portage.rb +2 -6
- data/lib/chef/provider/package/rpm.rb +4 -12
- data/lib/chef/provider/package/solaris.rb +4 -12
- data/lib/chef/provider/reboot.rb +69 -0
- data/lib/chef/provider/service/debian.rb +10 -10
- data/lib/chef/provider/service/freebsd.rb +89 -73
- data/lib/chef/provider/service/gentoo.rb +2 -2
- data/lib/chef/provider/service/init.rb +6 -4
- data/lib/chef/provider/service/insserv.rb +3 -3
- data/lib/chef/provider/service/macosx.rb +2 -2
- data/lib/chef/provider/service/simple.rb +6 -4
- data/lib/chef/provider/service/solaris.rb +1 -1
- data/lib/chef/provider/service/systemd.rb +9 -9
- data/lib/chef/provider/service/upstart.rb +6 -6
- data/lib/chef/provider/subversion.rb +6 -6
- data/lib/chef/provider/user/dscl.rb +32 -28
- data/lib/chef/provider/user/windows.rb +6 -6
- data/lib/chef/provider/whyrun_safe_ruby_block.rb +1 -1
- data/lib/chef/providers.rb +1 -0
- data/lib/chef/recipe.rb +0 -1
- data/lib/chef/resource.rb +3 -5
- data/lib/chef/resource/mount.rb +9 -0
- data/lib/chef/resource/reboot.rb +48 -0
- data/lib/chef/resources.rb +1 -0
- data/lib/chef/run_context.rb +25 -0
- data/lib/chef/search/query.rb +122 -14
- data/lib/chef/util/path_helper.rb +54 -6
- data/lib/chef/util/windows/net_user.rb +4 -1
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/api/file.rb +1 -5
- data/lib/chef/win32/api/net.rb +1 -0
- data/lib/chef/workstation_config_loader.rb +177 -0
- data/spec/functional/http/simple_spec.rb +57 -1
- data/spec/functional/mixin/shell_out_spec.rb +2 -2
- data/spec/functional/provider/whyrun_safe_ruby_block_spec.rb +51 -0
- data/spec/functional/rebooter_spec.rb +105 -0
- data/spec/functional/resource/deploy_revision_spec.rb +0 -4
- data/spec/functional/resource/file_spec.rb +26 -3
- data/spec/functional/resource/group_spec.rb +5 -3
- data/spec/functional/resource/link_spec.rb +16 -16
- data/spec/functional/resource/reboot_spec.rb +103 -0
- data/spec/integration/client/client_spec.rb +4 -8
- data/spec/integration/client/ipv6_spec.rb +1 -1
- data/spec/integration/knife/cookbook_api_ipv6_spec.rb +3 -2
- data/spec/integration/knife/delete_spec.rb +39 -0
- data/spec/integration/knife/deps_spec.rb +30 -20
- data/spec/integration/knife/download_spec.rb +77 -1
- data/spec/integration/knife/list_spec.rb +221 -0
- data/spec/integration/knife/raw_spec.rb +1 -1
- data/spec/integration/knife/show_spec.rb +2 -2
- data/spec/integration/knife/upload_spec.rb +154 -1
- data/spec/support/pedant/run_pedant.rb +0 -1
- data/spec/support/shared/functional/http.rb +8 -1
- data/spec/support/shared/integration/integration_helper.rb +11 -19
- data/spec/support/shared/unit/platform_introspector.rb +22 -0
- data/spec/unit/application/apply.rb +11 -1
- data/spec/unit/application/solo_spec.rb +19 -3
- data/spec/unit/chef_fs/config_spec.rb +58 -0
- data/spec/unit/config_fetcher_spec.rb +1 -3
- data/spec/unit/config_spec.rb +247 -220
- data/spec/unit/dsl/data_query_spec.rb +165 -23
- data/spec/unit/dsl/reboot_pending_spec.rb +1 -7
- data/spec/unit/encrypted_data_bag_item_spec.rb +1 -1
- data/spec/unit/knife/bootstrap_spec.rb +354 -182
- data/spec/unit/knife/core/bootstrap_context_spec.rb +67 -30
- data/spec/unit/knife_spec.rb +3 -30
- data/spec/unit/mixin/deep_merge_spec.rb +14 -0
- data/spec/unit/mixin/shell_out_spec.rb +134 -64
- data/spec/unit/provider/ifconfig/debian_spec.rb +19 -9
- data/spec/unit/provider/ifconfig/redhat_spec.rb +16 -14
- data/spec/unit/provider/ifconfig_spec.rb +3 -3
- data/spec/unit/provider/link_spec.rb +5 -5
- data/spec/unit/provider/mount/mount_spec.rb +10 -1
- data/spec/unit/provider/mount/solaris_spec.rb +185 -11
- data/spec/unit/provider/package/aix_spec.rb +5 -17
- data/spec/unit/provider/package/ips_spec.rb +8 -21
- data/spec/unit/provider/package/macports_spec.rb +12 -12
- data/spec/unit/provider/package/pacman_spec.rb +4 -12
- data/spec/unit/provider/package/portage_spec.rb +5 -15
- data/spec/unit/provider/package/rpm_spec.rb +7 -22
- data/spec/unit/provider/package/solaris_spec.rb +5 -16
- data/spec/unit/provider/service/arch_service_spec.rb +8 -14
- data/spec/unit/provider/service/debian_service_spec.rb +1 -1
- data/spec/unit/provider/service/freebsd_service_spec.rb +457 -225
- data/spec/unit/provider/service/gentoo_service_spec.rb +2 -2
- data/spec/unit/provider/service/init_service_spec.rb +10 -10
- data/spec/unit/provider/service/insserv_service_spec.rb +3 -4
- data/spec/unit/provider/service/invokercd_service_spec.rb +8 -9
- data/spec/unit/provider/service/macosx_spec.rb +5 -5
- data/spec/unit/provider/service/simple_service_spec.rb +4 -6
- data/spec/unit/provider/service/solaris_smf_service_spec.rb +1 -3
- data/spec/unit/provider/service/systemd_service_spec.rb +20 -20
- data/spec/unit/provider/service/upstart_service_spec.rb +15 -17
- data/spec/unit/provider/subversion_spec.rb +5 -6
- data/spec/unit/provider/user/dscl_spec.rb +2 -1
- data/spec/unit/provider/user/windows_spec.rb +7 -0
- data/spec/unit/provider/whyrun_safe_ruby_block_spec.rb +2 -2
- data/spec/unit/resource/mount_spec.rb +9 -0
- data/spec/unit/resource_spec.rb +0 -4
- data/spec/unit/rest_spec.rb +1 -1
- data/spec/unit/run_context_spec.rb +15 -0
- data/spec/unit/search/query_spec.rb +196 -40
- data/spec/unit/util/path_helper_spec.rb +111 -28
- data/spec/unit/workstation_config_loader_spec.rb +283 -0
- metadata +36 -20
- data/lib/chef/knife/bootstrap/centos5-gems.erb +0 -62
- data/lib/chef/knife/bootstrap/fedora13-gems.erb +0 -44
- data/lib/chef/knife/bootstrap/ubuntu10.04-apt.erb +0 -53
- data/lib/chef/knife/bootstrap/ubuntu10.04-gems.erb +0 -48
- data/lib/chef/knife/bootstrap/ubuntu12.04-gems.erb +0 -46
- data/spec/support/shared/integration/chef_zero_support.rb +0 -130
- data/spec/unit/knife/config_file_selection_spec.rb +0 -135
data/lib/chef/knife/bootstrap.rb
CHANGED
@@ -94,11 +94,20 @@ class Chef
|
|
94
94
|
:description => "Do not proxy locations for the node being bootstrapped; this option is used internally by Opscode",
|
95
95
|
:proc => Proc.new { |np| Chef::Config[:knife][:bootstrap_no_proxy] = np }
|
96
96
|
|
97
|
+
# DEPR: Remove this option in Chef 13
|
97
98
|
option :distro,
|
98
99
|
:short => "-d DISTRO",
|
99
100
|
:long => "--distro DISTRO",
|
100
|
-
:description => "Bootstrap a distro using a template",
|
101
|
-
:
|
101
|
+
:description => "Bootstrap a distro using a template. [DEPRECATED] Use -t / --bootstrap-template option instead.",
|
102
|
+
:proc => Proc.new { |v|
|
103
|
+
Chef::Log.warn("[DEPRECATED] -d / --distro option is deprecated. Use -t / --bootstrap-template option instead.")
|
104
|
+
v
|
105
|
+
}
|
106
|
+
|
107
|
+
option :bootstrap_template,
|
108
|
+
:short => "-t TEMPLATE",
|
109
|
+
:long => "--bootstrap-template TEMPLATE",
|
110
|
+
:description => "Bootstrap Chef using a built-in or custom template. Set to the full path of an erb template or use one of the built-in templates."
|
102
111
|
|
103
112
|
option :use_sudo,
|
104
113
|
:long => "--sudo",
|
@@ -110,10 +119,14 @@ class Chef
|
|
110
119
|
:description => "Execute the bootstrap via sudo with password",
|
111
120
|
:boolean => false
|
112
121
|
|
122
|
+
# DEPR: Remove this option in Chef 13
|
113
123
|
option :template_file,
|
114
124
|
:long => "--template-file TEMPLATE",
|
115
|
-
:description => "Full path to location of template to use",
|
116
|
-
:
|
125
|
+
:description => "Full path to location of template to use. [DEPRECATED] Use -t / --bootstrap-template option instead.",
|
126
|
+
:proc => Proc.new { |v|
|
127
|
+
Chef::Log.warn("[DEPRECATED] --template-file option is deprecated. Use -t / --bootstrap-template option instead.")
|
128
|
+
v
|
129
|
+
}
|
117
130
|
|
118
131
|
option :run_list,
|
119
132
|
:short => "-r RUN_LIST",
|
@@ -141,7 +154,8 @@ class Chef
|
|
141
154
|
:proc => Proc.new { |h|
|
142
155
|
Chef::Config[:knife][:hints] ||= Hash.new
|
143
156
|
name, path = h.split("=")
|
144
|
-
Chef::Config[:knife][:hints][name] = path ? Chef::JSONCompat.parse(::File.read(path)) : Hash.new
|
157
|
+
Chef::Config[:knife][:hints][name] = path ? Chef::JSONCompat.parse(::File.read(path)) : Hash.new
|
158
|
+
}
|
145
159
|
|
146
160
|
option :secret,
|
147
161
|
:short => "-s SECRET",
|
@@ -174,53 +188,75 @@ class Chef
|
|
174
188
|
:description => "Add options to curl when install chef-client",
|
175
189
|
:proc => Proc.new { |co| Chef::Config[:knife][:bootstrap_curl_options] = co }
|
176
190
|
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
191
|
+
option :node_ssl_verify_mode,
|
192
|
+
:long => "--node-ssl-verify-mode [peer|none]",
|
193
|
+
:description => "Whether or not to verify the SSL cert for all HTTPS requests.",
|
194
|
+
:proc => Proc.new { |v|
|
195
|
+
valid_values = ["none", "peer"]
|
196
|
+
unless valid_values.include?(v)
|
197
|
+
raise "Invalid value '#{v}' for --node-ssl-verify-mode. Valid values are: #{valid_values.join(", ")}"
|
198
|
+
end
|
199
|
+
}
|
200
|
+
|
201
|
+
option :node_verify_api_cert,
|
202
|
+
:long => "--[no-]node-verify-api-cert",
|
203
|
+
:description => "Verify the SSL cert for HTTPS requests to the Chef server API.",
|
204
|
+
:boolean => true
|
205
|
+
|
206
|
+
def bootstrap_template
|
207
|
+
# For some reason knife.merge_configs doesn't pick up the default values from
|
208
|
+
# Chef::Config[:knife][:bootstrap_template] unless Chef::Config[:knife][:bootstrap_template]
|
209
|
+
# is forced to pick up the values before calling merge_configs.
|
210
|
+
# We therefore have Chef::Config[:knife][:bootstrap_template] to pick up the defaults
|
211
|
+
# if no option is specified.
|
212
|
+
config[:bootstrap_template] || config[:distro] || config[:template_file] || Chef::Config[:knife][:bootstrap_template]
|
213
|
+
end
|
214
|
+
|
215
|
+
def find_template
|
216
|
+
template = bootstrap_template
|
217
|
+
|
218
|
+
# Use the template directly if it's a path to an actual file
|
219
|
+
if File.exists?(template)
|
220
|
+
Chef::Log.debug("Using the specified bootstrap template: #{File.dirname(template)}")
|
221
|
+
return template
|
222
|
+
|
188
223
|
end
|
189
224
|
|
190
|
-
template
|
225
|
+
# Otherwise search the template directories until we find the right one
|
226
|
+
bootstrap_files = []
|
227
|
+
bootstrap_files << File.join(File.dirname(__FILE__), 'bootstrap', "#{template}.erb")
|
228
|
+
bootstrap_files << File.join(Knife.chef_config_dir, "bootstrap", "#{template}.erb") if Chef::Knife.chef_config_dir
|
229
|
+
bootstrap_files << File.join(ENV['HOME'], '.chef', 'bootstrap', "#{template}.erb") if ENV['HOME']
|
230
|
+
bootstrap_files << Gem.find_files(File.join("chef","knife","bootstrap","#{template}.erb"))
|
231
|
+
bootstrap_files.flatten!
|
232
|
+
|
233
|
+
template_file = Array(bootstrap_files).find do |bootstrap_template|
|
191
234
|
Chef::Log.debug("Looking for bootstrap template in #{File.dirname(bootstrap_template)}")
|
192
235
|
File.exists?(bootstrap_template)
|
193
236
|
end
|
194
237
|
|
195
|
-
unless
|
196
|
-
ui.info("Can not find bootstrap definition for #{
|
238
|
+
unless template_file
|
239
|
+
ui.info("Can not find bootstrap definition for #{template}")
|
197
240
|
raise Errno::ENOENT
|
198
241
|
end
|
199
242
|
|
200
|
-
Chef::Log.debug("Found bootstrap template in #{File.dirname(
|
243
|
+
Chef::Log.debug("Found bootstrap template in #{File.dirname(template_file)}")
|
201
244
|
|
202
|
-
|
245
|
+
template_file
|
203
246
|
end
|
204
247
|
|
205
|
-
def render_template
|
248
|
+
def render_template
|
249
|
+
template_file = find_template
|
250
|
+
template = IO.read(template_file).chomp
|
206
251
|
context = Knife::Core::BootstrapContext.new(config, config[:run_list], Chef::Config)
|
207
252
|
Erubis::Eruby.new(template).evaluate(context)
|
208
253
|
end
|
209
254
|
|
210
|
-
def read_template
|
211
|
-
IO.read(@template_file).chomp
|
212
|
-
end
|
213
|
-
|
214
255
|
def run
|
215
256
|
validate_name_args!
|
216
|
-
warn_chef_config_secret_key
|
217
|
-
@template_file = find_template(config[:bootstrap_template])
|
218
257
|
@node_name = Array(@name_args).first
|
219
|
-
# back compat--templates may use this setting:
|
220
|
-
config[:server_name] = @node_name
|
221
258
|
|
222
259
|
$stdout.sync = true
|
223
|
-
|
224
260
|
ui.info("Connecting to #{ui.color(@node_name, :bold)}")
|
225
261
|
|
226
262
|
begin
|
@@ -272,7 +308,7 @@ class Chef
|
|
272
308
|
end
|
273
309
|
|
274
310
|
def ssh_command
|
275
|
-
command = render_template
|
311
|
+
command = render_template
|
276
312
|
|
277
313
|
if config[:use_sudo]
|
278
314
|
command = config[:use_sudo_password] ? "echo '#{config[:ssh_password]}' | sudo -S #{command}" : "sudo #{command}"
|
@@ -281,28 +317,6 @@ class Chef
|
|
281
317
|
command
|
282
318
|
end
|
283
319
|
|
284
|
-
def warn_chef_config_secret_key
|
285
|
-
unless Chef::Config[:encrypted_data_bag_secret].nil?
|
286
|
-
ui.warn "* " * 40
|
287
|
-
ui.warn(<<-WARNING)
|
288
|
-
Specifying the encrypted data bag secret key using an 'encrypted_data_bag_secret'
|
289
|
-
entry in 'knife.rb' is deprecated. Please see CHEF-4011 for more details. You
|
290
|
-
can supress this warning and still distribute the secret key to all bootstrapped
|
291
|
-
machines by adding the following to your 'knife.rb' file:
|
292
|
-
|
293
|
-
knife[:secret_file] = "/path/to/your/secret"
|
294
|
-
|
295
|
-
If you would like to selectively distribute a secret key during bootstrap
|
296
|
-
please use the '--secret' or '--secret-file' options of this command instead.
|
297
|
-
|
298
|
-
#{ui.color('IMPORTANT:', :red, :bold)} In a future version of Chef, this
|
299
|
-
behavior will be removed and any 'encrypted_data_bag_secret' entries in
|
300
|
-
'knife.rb' will be ignored completely.
|
301
|
-
WARNING
|
302
|
-
ui.warn "* " * 40
|
303
|
-
end
|
304
|
-
end
|
305
|
-
|
306
320
|
end
|
307
321
|
end
|
308
322
|
end
|
@@ -6,7 +6,7 @@ if [ ! -f /usr/bin/chef-client ]; then
|
|
6
6
|
pacman -S --noconfirm ruby ntp base-devel
|
7
7
|
ntpdate -u pool.ntp.org
|
8
8
|
gem install ohai --no-user-install --no-document --verbose
|
9
|
-
gem install chef --no-user-install --no-document --verbose <%=
|
9
|
+
gem install chef --no-user-install --no-document --verbose <%= Chef::VERSION %>
|
10
10
|
fi
|
11
11
|
|
12
12
|
mkdir -p /etc/chef
|
@@ -23,6 +23,11 @@ EOP
|
|
23
23
|
chmod 0600 /etc/chef/encrypted_data_bag_secret
|
24
24
|
<% end -%>
|
25
25
|
|
26
|
+
<% unless trusted_certs.empty? -%>
|
27
|
+
mkdir -p /etc/chef/trusted_certs
|
28
|
+
<%= trusted_certs %>
|
29
|
+
<% end -%>
|
30
|
+
|
26
31
|
<%# Generate Ohai Hints -%>
|
27
32
|
<% unless @chef_config[:knife][:hints].nil? || @chef_config[:knife][:hints].empty? -%>
|
28
33
|
mkdir -p /etc/chef/ohai/hints
|
@@ -36,6 +36,11 @@ EOP
|
|
36
36
|
chmod 0600 /etc/chef/encrypted_data_bag_secret
|
37
37
|
<% end -%>
|
38
38
|
|
39
|
+
<% unless trusted_certs.empty? -%>
|
40
|
+
mkdir -p /etc/chef/trusted_certs
|
41
|
+
<%= trusted_certs %>
|
42
|
+
<% end -%>
|
43
|
+
|
39
44
|
<%# Generate Ohai Hints -%>
|
40
45
|
<% unless @chef_config[:knife][:hints].nil? || @chef_config[:knife][:hints].empty? -%>
|
41
46
|
mkdir -p /etc/chef/ohai/hints
|
@@ -23,7 +23,6 @@ exists() {
|
|
23
23
|
<%= knife_config[:bootstrap_install_command] %>
|
24
24
|
<% else %>
|
25
25
|
install_sh="<%= knife_config[:bootstrap_url] ? knife_config[:bootstrap_url] : "https://www.opscode.com/chef/install.sh" %>"
|
26
|
-
version_string="-v <%= chef_version %>"
|
27
26
|
if ! exists /usr/bin/chef-client; then
|
28
27
|
echo "Installing Chef Client..."
|
29
28
|
if exists wget; then
|
@@ -51,6 +50,11 @@ EOP
|
|
51
50
|
chmod 0600 /etc/chef/encrypted_data_bag_secret
|
52
51
|
<% end -%>
|
53
52
|
|
53
|
+
<% unless trusted_certs.empty? -%>
|
54
|
+
mkdir -p /etc/chef/trusted_certs
|
55
|
+
<%= trusted_certs %>
|
56
|
+
<% end -%>
|
57
|
+
|
54
58
|
<%# Generate Ohai Hints -%>
|
55
59
|
<% unless @chef_config[:knife][:hints].nil? || @chef_config[:knife][:hints].empty? -%>
|
56
60
|
mkdir -p /etc/chef/ohai/hints
|
@@ -34,14 +34,6 @@ class Chef
|
|
34
34
|
@chef_config = chef_config
|
35
35
|
end
|
36
36
|
|
37
|
-
def bootstrap_version_string
|
38
|
-
if @config[:prerelease]
|
39
|
-
"--prerelease"
|
40
|
-
else
|
41
|
-
"--version #{chef_version}"
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
37
|
def bootstrap_environment
|
46
38
|
@chef_config[:environment] || '_default'
|
47
39
|
end
|
@@ -52,14 +44,20 @@ class Chef
|
|
52
44
|
|
53
45
|
def encrypted_data_bag_secret
|
54
46
|
knife_config[:secret] || begin
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
IO.read(
|
47
|
+
secret_file_path = knife_config[:secret_file]
|
48
|
+
expanded_secret_file_path = File.expand_path(secret_file_path.to_s)
|
49
|
+
if secret_file_path && File.exist?(expanded_secret_file_path)
|
50
|
+
IO.read(expanded_secret_file_path)
|
51
|
+
else
|
52
|
+
nil
|
59
53
|
end
|
60
54
|
end
|
61
55
|
end
|
62
56
|
|
57
|
+
def trusted_certs
|
58
|
+
@trusted_certs ||= trusted_certs_content
|
59
|
+
end
|
60
|
+
|
63
61
|
def config_content
|
64
62
|
client_rb = <<-CONFIG
|
65
63
|
log_location STDOUT
|
@@ -72,6 +70,36 @@ CONFIG
|
|
72
70
|
client_rb << "# Using default node name (fqdn)\n"
|
73
71
|
end
|
74
72
|
|
73
|
+
# We configure :verify_api_cert only when it's overridden on the CLI
|
74
|
+
# or when specified in the knife config.
|
75
|
+
if !@config[:node_verify_api_cert].nil? || knife_config.has_key?(:verify_api_cert)
|
76
|
+
value = @config[:node_verify_api_cert].nil? ? knife_config[:verify_api_cert] : @config[:node_verify_api_cert]
|
77
|
+
client_rb << %Q{verify_api_cert #{value}\n}
|
78
|
+
end
|
79
|
+
|
80
|
+
# We configure :ssl_verify_mode only when it's overridden on the CLI
|
81
|
+
# or when specified in the knife config.
|
82
|
+
if @config[:node_ssl_verify_mode] || knife_config.has_key?(:ssl_verify_mode)
|
83
|
+
value = case @config[:node_ssl_verify_mode]
|
84
|
+
when "peer"
|
85
|
+
:verify_peer
|
86
|
+
when "none"
|
87
|
+
:verify_none
|
88
|
+
when nil
|
89
|
+
knife_config[:ssl_verify_mode]
|
90
|
+
else
|
91
|
+
nil
|
92
|
+
end
|
93
|
+
|
94
|
+
if value
|
95
|
+
client_rb << %Q{ssl_verify_mode :#{value}\n}
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
if @config[:ssl_verify_mode]
|
100
|
+
client_rb << %Q{ssl_verify_mode :#{knife_config[:ssl_verify_mode]}\n}
|
101
|
+
end
|
102
|
+
|
75
103
|
if knife_config[:bootstrap_proxy]
|
76
104
|
client_rb << %Q{http_proxy "#{knife_config[:bootstrap_proxy]}"\n}
|
77
105
|
client_rb << %Q{https_proxy "#{knife_config[:bootstrap_proxy]}"\n}
|
@@ -85,6 +113,10 @@ CONFIG
|
|
85
113
|
client_rb << %Q{encrypted_data_bag_secret "/etc/chef/encrypted_data_bag_secret"\n}
|
86
114
|
end
|
87
115
|
|
116
|
+
unless trusted_certs.empty?
|
117
|
+
client_rb << %Q{trusted_certs_dir "/etc/chef/trusted_certs"\n}
|
118
|
+
end
|
119
|
+
|
88
120
|
client_rb
|
89
121
|
end
|
90
122
|
|
@@ -93,7 +125,7 @@ CONFIG
|
|
93
125
|
client_path = @chef_config[:chef_client_path] || 'chef-client'
|
94
126
|
s = "#{client_path} -j /etc/chef/first-boot.json"
|
95
127
|
s << ' -l debug' if @config[:verbosity] and @config[:verbosity] >= 2
|
96
|
-
s << " -E #{bootstrap_environment}"
|
128
|
+
s << " -E #{bootstrap_environment}"
|
97
129
|
s
|
98
130
|
end
|
99
131
|
|
@@ -101,30 +133,27 @@ CONFIG
|
|
101
133
|
@chef_config.key?(:knife) ? @chef_config[:knife] : {}
|
102
134
|
end
|
103
135
|
|
104
|
-
#
|
105
|
-
# This function is used by older bootstrap templates other than chef-full
|
106
|
-
# and potentially by custom templates as well hence it's logic needs to be
|
107
|
-
# preserved for backwards compatibility reasons until we hit Chef 12.
|
108
|
-
def chef_version
|
109
|
-
knife_config[:bootstrap_version] || Chef::VERSION
|
110
|
-
end
|
111
|
-
|
112
136
|
#
|
113
137
|
# chef version string to fetch the latest current version from omnitruck
|
114
138
|
# If user is on X.Y.Z bootstrap will use the latest X release
|
115
139
|
# X here can be 10 or 11
|
116
140
|
def latest_current_chef_version_string
|
117
|
-
|
118
|
-
|
141
|
+
installer_version_string = nil
|
142
|
+
if @config[:prerelease]
|
143
|
+
installer_version_string = "-p"
|
119
144
|
else
|
120
|
-
|
121
|
-
|
145
|
+
chef_version_string = if knife_config[:bootstrap_version]
|
146
|
+
knife_config[:bootstrap_version]
|
147
|
+
else
|
148
|
+
Chef::VERSION.split(".").first
|
149
|
+
end
|
122
150
|
|
123
|
-
|
151
|
+
installer_version_string = ["-v", chef_version_string]
|
124
152
|
|
125
|
-
|
126
|
-
|
127
|
-
|
153
|
+
# If bootstrapping a pre-release version add -p to the installer string
|
154
|
+
if chef_version_string.split(".").length > 3
|
155
|
+
installer_version_string << "-p"
|
156
|
+
end
|
128
157
|
end
|
129
158
|
|
130
159
|
installer_version_string.join(" ")
|
@@ -134,6 +163,18 @@ CONFIG
|
|
134
163
|
(@config[:first_boot_attributes] || {}).merge(:run_list => @run_list)
|
135
164
|
end
|
136
165
|
|
166
|
+
private
|
167
|
+
def trusted_certs_content
|
168
|
+
content = ""
|
169
|
+
if @chef_config[:trusted_certs_dir]
|
170
|
+
Dir.glob(File.join(@chef_config[:trusted_certs_dir], "*.{crt,pem}")).each do |cert|
|
171
|
+
content << "cat > /etc/chef/trusted_certs/#{File.basename(cert)} <<'EOP'\n" +
|
172
|
+
IO.read(File.expand_path(cert)) + "\nEOP\n"
|
173
|
+
end
|
174
|
+
end
|
175
|
+
content
|
176
|
+
end
|
177
|
+
|
137
178
|
end
|
138
179
|
end
|
139
180
|
end
|
data/lib/chef/knife/search.rb
CHANGED
@@ -71,6 +71,11 @@ class Chef
|
|
71
71
|
:long => "--query QUERY",
|
72
72
|
:description => "The search query; useful to protect queries starting with -"
|
73
73
|
|
74
|
+
option :filter_result,
|
75
|
+
:short => "-f FILTER",
|
76
|
+
:long => "--filter-result FILTER",
|
77
|
+
:description => "Only bring back specific attributes of the matching objects; for example: \"ServerName=name, Kernel=kernel.version\""
|
78
|
+
|
74
79
|
def run
|
75
80
|
read_cli_args
|
76
81
|
fuzzify_query
|
@@ -79,7 +84,6 @@ class Chef
|
|
79
84
|
ui.use_presenter Knife::Core::NodePresenter
|
80
85
|
end
|
81
86
|
|
82
|
-
|
83
87
|
q = Chef::Search::Query.new
|
84
88
|
escaped_query = URI.escape(@query,
|
85
89
|
Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
|
@@ -87,14 +91,26 @@ class Chef
|
|
87
91
|
result_items = []
|
88
92
|
result_count = 0
|
89
93
|
|
90
|
-
|
91
|
-
|
94
|
+
search_args = Hash.new
|
95
|
+
search_args[:sort] = config[:sort]
|
96
|
+
search_args[:start] = config[:start]
|
97
|
+
search_args[:rows] = config[:rows]
|
98
|
+
if config[:filter_result]
|
99
|
+
search_args[:filter_result] = create_result_filter(config[:filter_result])
|
100
|
+
elsif (not ui.config[:attribute].nil?) && (not ui.config[:attribute].empty?)
|
101
|
+
search_args[:filter_result] = create_result_filter_from_attributes(ui.config[:attribute])
|
102
|
+
end
|
103
|
+
|
92
104
|
begin
|
93
|
-
q.search(@type, escaped_query,
|
94
|
-
formatted_item =
|
95
|
-
|
96
|
-
|
97
|
-
|
105
|
+
q.search(@type, escaped_query, search_args) do |item|
|
106
|
+
formatted_item = Hash.new
|
107
|
+
if item.is_a?(Hash)
|
108
|
+
# doing a little magic here to set the correct name
|
109
|
+
formatted_item[item["data"]["__display_name"]] = item["data"]
|
110
|
+
formatted_item[item["data"]["__display_name"]].delete("__display_name")
|
111
|
+
else
|
112
|
+
formatted_item = format_for_display(item)
|
113
|
+
end
|
98
114
|
result_items << formatted_item
|
99
115
|
result_count += 1
|
100
116
|
end
|
@@ -149,10 +165,38 @@ class Chef
|
|
149
165
|
end
|
150
166
|
end
|
151
167
|
|
168
|
+
# This method turns a set of key value pairs in a string into the appropriate data structure that the
|
169
|
+
# chef-server search api is expecting.
|
170
|
+
# expected input is in the form of:
|
171
|
+
# -f "return_var1=path.to.attribute, return_var2=shorter.path"
|
172
|
+
#
|
173
|
+
# a more concrete example might be:
|
174
|
+
# -f "env=chef_environment, ruby_platform=languages.ruby.platform"
|
175
|
+
#
|
176
|
+
# The end result is a hash where the key is a symbol in the hash (the return variable)
|
177
|
+
# and the path is an array with the path elements as strings (in order)
|
178
|
+
# See lib/chef/search/query.rb for more examples of this.
|
179
|
+
def create_result_filter(filter_string)
|
180
|
+
final_filter = Hash.new
|
181
|
+
filter_string.gsub!(" ", "")
|
182
|
+
filters = filter_string.split(",")
|
183
|
+
filters.each do |f|
|
184
|
+
return_id, attr_path = f.split("=")
|
185
|
+
final_filter[return_id.to_sym] = attr_path.split(".")
|
186
|
+
end
|
187
|
+
return final_filter
|
188
|
+
end
|
189
|
+
|
190
|
+
def create_result_filter_from_attributes(filter_array)
|
191
|
+
final_filter = Hash.new
|
192
|
+
filter_array.each do |f|
|
193
|
+
final_filter[f] = f.split(".")
|
194
|
+
end
|
195
|
+
# adding magic filter so we can actually pull the name as before
|
196
|
+
final_filter["__display_name"] = [ "name" ]
|
197
|
+
return final_filter
|
198
|
+
end
|
199
|
+
|
152
200
|
end
|
153
201
|
end
|
154
202
|
end
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|